Setting up two Cisco ASA 5510s - Active/Passive
Part of the project for doublepositive was to setup everything so that if one piece of hardware failed a backup would be in place and able to handle the failure. While spec’ing the requirements for this project I looked at the 5505 and the 5510s. Both are on the lower end of as far as capacity and throughput goes (Here is a link to their specs), but for the amount of traffic we are anticipating the 5510 would work well for the next 3-5 years. The 5510 also has stateful active/passive failover, the 5505 does not. Since most if not all of our applications require clients to use our web applications a stateful failover is very important.
The 5510 has 7 Ethernet ports. One for each of the following; management, console, aux and 4 for actually handling the traffic. The management port is nice since it has a built in DHCP server. I used this for the initial setup (no crossover cable needed). The console port is for the CLI interface. I normally use this for my day to day administration like access list changes, adding static maps or names. I have never used the aux port before, if anyone does use it and would like to share their experience with it, let me know. The 4 traffic ports can be setup in any way that you like. They are numbered from 0-3. I have the 0 port as my outside interface, port 1 as my inside, port 2 as my failover port and port 3 as my stateful failover port. Using a separate port for the stateful failover port is optional but since I will not have any other networks (just inside and outside) I chose to use the extra port. Here is a link to a photo of my setup. Once you come up with an IP scheme or given an IP address to use the set up is pretty straight forward.
More on this in the next part…
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
If you looking for a new a solid provider of an ethernet service you should have a look a interoute. The have a wonderful service ethernet reach.
You hit on a topic here that needs more documentation. You going to finish it? I’m curious to see how you did it. I’m struggling to accomplish the same thing with a pair of 5520’s. Post dome details please.