Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
186
Views
0
Helpful
1
Replies

Dual ASA firewall

David Ng
Level 1
Level 1

‎02-23-2016 03:57 AM - edited ‎03-12-2019 12:23 AM

I would like to setup ASA firewall for Web hosting

As there is requirement of resilience, it is necessary to have setup two ASA in two Datacenter. In order to provide redundant path in case one ASA down, I would like to setup ASA to use OSPF at both ASA's WAN sides to connect ISP.  For LAN side, it is assumed the Ethernet had extended between site1 and site2.  For internal LAN ASA does not support HSRP/VRRP, so it may also need to setup OSPF protocol. May I ask if this design is feasible or not ? Is there any recommend design.

Labels:
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-23-2016 06:28 PM

Assuming you have L2 extension between the two LANs and a backup for the circuit if it fails, I normally just configure the firewalls for active/standby failover with no state synchronisation.

You don't need HSRP then.  You don't need OSPF usually either.  Just put in a static route tot he ISP.  If you have dual ISP links, ask the provider to enabled HSRP and your default then goes via their HSRP address.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card