Now this scenario depicts that two cisco firewalls are connected which each other. And want to connect both firewalls wih dual links. But problem is cisco asa 5505 supports VLAN concept. And only let you interact to its interface via vlan only. There is no way to access interface directly or convert interface to layer 3 mode. And cisco asa 5510+ doesn't support vlan concept directly on its interface. If you would configure cisco asa 5510+ interfaces can do directly. As there is no vlan concept hence there is no port membership and so there is no bridging between ports. So which feature is required to make this connectivity successful? No worries, implementation can be leveraged by powerful features provided in cisco firewall software
Redundant interface support. It is just like teaming of nics in server OS like windows , linux etc you can achieve virtual link spanning accross multiple physical links. And providing redundancy so that if one phyiscal link member of redundant interface goes down doesn't hampers communication going on between two devices. And if primary physical links goes down traffic switchover to secondary link is completely transparent. No connectivty loss happens.
Here is how you can make your scenario successful just by simply configuring cisco asa 5510+ using following commands:
Here is the excerpt of cisco asa 5510+ firewall:
!
interface Ethernet1
no nameif
no security-level
no ip address
!
interface Ethernet2
no nameif
no security-level
no ip address
!
interface Redundant1
member-interface Ethernet1
member-interface Ethernet2
nameif inside
security-level 100
ip address 10.10.10.1 255.255.255.252
!
Now you can also check which physical interface is primary which belongs to redundant interface:
hostname#
show interface redundant number
detail | grep Member
Now how to make one of the physical interface active here is how you can make it:
hostname#
redundant-interface redundant number
active-member physical_interface
No comments:
Post a Comment