Cisco routing with redudancy

Toggle sidebar Toggle sidebar
D

Danimal1209

Senior member
Nov 9, 2011
355
0
0
Take a look at this beautiful network topology I have laid out here. Question is at the end.



I need a way for R1 and R2 to route to the internet through ASA1 normally,
and through ASA2 if ASA1 fails.

Would it be ok to have ASA1 and ASA2 both advertise 0.0.0.0 and just forward to the gateway? So, lets say under normal circumstances, R1 routes to ASA1 to get to the internet. Then if ASA1 fails, the routers are updated with the link no longer being active and then will accordingly route to ASA2. Is this the correct way to do this?
 
Last edited:
C

Cooky

Golden Member
Apr 2, 2002
1,408
0
76
Are ASA1 & ASA2 in active/standby cluster?
If so, routing redundancy is achieved as part of the normal ASA fail-over process.
As long as the routers & ASA's peer w/ each other, you shouldn't need to do anything extra to achieve redundancy.
 
D

Danimal1209

Senior member
Nov 9, 2011
355
0
0
I'm not sure what that means.

Actually, ASA1 and ASA2 are in different AS's. ASA1 is running ospf with its routers and ASA2 is running RIP with its routers. Both AS's are conncted via BGP with redistributed routes.
 
m1ldslide1

m1ldslide1

Platinum Member
Feb 20, 2006
2,321
0
0
Before we talk default routing: The problem with two standalone ASA's is that they do not exchange state information. So if one ASA or its Internet link fails, the other ASA will drop return traffic since the sessions were not established through it initially. This will resolve itself eventually, but will cause significant user impact.

In my opinion you are better off running OSPF throughout, setting up the ASA's as active/standby (preferably in transparent mode), and then redistributing a default route from BGP into OSPF on both border routers. Is this possible? Why RIP? Why have the ASA's running a routing protocol at all? Why are the ASA's set up independently from each other?
 
D

Danimal1209

Senior member
Nov 9, 2011
355
0
0
This is for class.

In this scenario, the two networks are supposed to be a corporate office and a remote office. If one of the ASA's goes down then an office is supposed to route its traffic through to the other office. When I am doing this in class, both of the ASA's are connected in to the same switch.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom