Go Back   AnandTech Forums > Hardware and Technology > Networking

· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· AMD Video Cards
· Nvidia
· Displays
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Home and Garden
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals with Free Stuff/Contests
· Black Friday 2015
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions

Thread Tools
Old 10-31-2012, 05:15 PM   #1
Senior Member
Join Date: Nov 2011
Posts: 355
Default Cisco routing with redudancy

Take a look at this beautiful network topology I have laid out here. Question is at the end.

I need a way for R1 and R2 to route to the internet through ASA1 normally,
and through ASA2 if ASA1 fails.

Would it be ok to have ASA1 and ASA2 both advertise and just forward to the gateway? So, lets say under normal circumstances, R1 routes to ASA1 to get to the internet. Then if ASA1 fails, the routers are updated with the link no longer being active and then will accordingly route to ASA2. Is this the correct way to do this?

Last edited by Danimal1209; 10-31-2012 at 05:23 PM. Reason: Making a picture, brb
Danimal1209 is offline   Reply With Quote
Old 10-31-2012, 05:21 PM   #2
Golden Member
Join Date: Apr 2002
Posts: 1,406

Are ASA1 & ASA2 in active/standby cluster?
If so, routing redundancy is achieved as part of the normal ASA fail-over process.
As long as the routers & ASA's peer w/ each other, you shouldn't need to do anything extra to achieve redundancy.
Cooky is offline   Reply With Quote
Old 10-31-2012, 05:25 PM   #3
Senior Member
Join Date: Nov 2011
Posts: 355

I'm not sure what that means.

Actually, ASA1 and ASA2 are in different AS's. ASA1 is running ospf with its routers and ASA2 is running RIP with its routers. Both AS's are conncted via BGP with redistributed routes.
Danimal1209 is offline   Reply With Quote
Old 11-01-2012, 07:48 PM   #4
Platinum Member
m1ldslide1's Avatar
Join Date: Feb 2006
Location: PDX
Posts: 2,322

Before we talk default routing: The problem with two standalone ASA's is that they do not exchange state information. So if one ASA or its Internet link fails, the other ASA will drop return traffic since the sessions were not established through it initially. This will resolve itself eventually, but will cause significant user impact.

In my opinion you are better off running OSPF throughout, setting up the ASA's as active/standby (preferably in transparent mode), and then redistributing a default route from BGP into OSPF on both border routers. Is this possible? Why RIP? Why have the ASA's running a routing protocol at all? Why are the ASA's set up independently from each other?
One's mind, once stretched by a new idea, never regains its original dimensions.
--Oliver Wendell Holmes

Crunching for Team AnandTech!
m1ldslide1 is offline   Reply With Quote
Old 11-03-2012, 07:12 PM   #5
Senior Member
Join Date: Nov 2011
Posts: 355

This is for class.

In this scenario, the two networks are supposed to be a corporate office and a remote office. If one of the ASA's goes down then an office is supposed to route its traffic through to the other office. When I am doing this in class, both of the ASA's are connected in to the same switch.
Danimal1209 is offline   Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -5. The time now is 01:50 AM.

Powered by vBulletin® Version 3.8.8 Alpha 1
Copyright ©2000 - 2016, vBulletin Solutions, Inc.