Cisco ASA redundancy

Hi!

I just wanted to ask, is there anywhere some good best practice guides for full ASA redundancy? I mean... cisco has this guide for example:

PIX/ASA Active/Standby Failover Configuration Example - Cisco Systems

but what good does it make me to have ASA redundancy, if i have 2 non-redundant switches (before and after firewalls) waiting to fail. What is the good way to design ASA redundancy so that those switches are also redundant and there is no non-redundant device.

thanks

Find more posts tagged with

Comments

AlanJames

There are lots of cisco design SRND that focus on the internet perimeter.

I've set up a few redundant ASA's now, and i've normally connected them to 2 x layer 2 internet switches.

So, as always avoid any single point of failure, also have the switches in pairs

Bl8ckr0uter

We actually use 3750 redudant switches. 2960s would be good as well.

ColbyG

Here's the SRND for Enterprise Internet Edge:

Enterprise Internet Edge Design Guide [Design Zone for Security] - Cisco Systems

As for switch redundancy, yes, you always want to avoid a single point of failure.