Options
Cisco ASA redundancy
Hi!
I just wanted to ask, is there anywhere some good best practice guides for full ASA redundancy? I mean... cisco has this guide for example:
PIX/ASA Active/Standby Failover Configuration Example - Cisco Systems
but what good does it make me to have ASA redundancy, if i have 2 non-redundant switches (before and after firewalls) waiting to fail. What is the good way to design ASA redundancy so that those switches are also redundant and there is no non-redundant device.
thanks
I just wanted to ask, is there anywhere some good best practice guides for full ASA redundancy? I mean... cisco has this guide for example:
PIX/ASA Active/Standby Failover Configuration Example - Cisco Systems
but what good does it make me to have ASA redundancy, if i have 2 non-redundant switches (before and after firewalls) waiting to fail. What is the good way to design ASA redundancy so that those switches are also redundant and there is no non-redundant device.
thanks
Comments
-
Options
AlanJames
Member Posts: 230
There are lots of cisco design SRND that focus on the internet perimeter.
I've set up a few redundant ASA's now, and i've normally connected them to 2 x layer 2 internet switches.
So, as always avoid any single point of failure, also have the switches in pairs
-
Options
Bl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
We actually use 3750 redudant switches. 2960s would be good as well. -
Options
ColbyG
Member Posts: 1,264
Here's the SRND for Enterprise Internet Edge:
Enterprise Internet Edge Design Guide [Design Zone for Security] - Cisco Systems
As for switch redundancy, yes, you always want to avoid a single point of failure.