ASA/PIX, IDS, IPS, VPN, Cisco Secure ACS, AAA, ISE.
Beefieee
New Member
Posts:
1
Joined:
Thu Jun 23, 2016 8:04 am
Certs:
CCNA R/S, CCNP R/S

ASA active/active failover

Thu Jun 23, 2016 8:06 am

I'm a CCNP R/S that is new to ASAs. I need some help with configs for a active/active failover on the WAN between two ASA5512. The support Active/Active and have the correct licenses. So the current setup is



ASA1 has 2 ISP connections of 1.1.1.1/30 and 2.2.2.30/27. It has a inside connection of 10.1.1.0/24. 120ish users from 40 different customers.



ASA2 has a different ISP connection of 2.2.2.2/27 and a inside connection of 10.2.2.0/24. 80ish users from 10 different customers.



The both ASAs connect into SW1 that connects to the 2 ISP links



If you guys could help me create contexts and configure a active/active, that would be lovely.



Question Time:

1>I just started looking into this solution, but its clear that I need to create contexts. Will I need to subnet and vlan the inside groups?

2>Can the outside interface be shared over 2 contexts?

3>would it be best to get the isp to extend the 1.1.1.1/30 and toss a second ISP link on ASA2 or drop the second ISP link on ASA1? We only need one active/active failover pair.

'
Return to Cisco Security

Who is online

Users browsing this forum: DenRow, EvaRow and 62 guests