Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
915
Views
0
Helpful
1
Replies

ASA Failover DMZ question

Mjokovic88
Level 1
Level 1

‎07-25-2019 04:44 AM

Hello,

I set lab environment I have two Firewalls in active/standby state and in DMZ area one DMZ switch (with DMZ servers connect on DMZ swicth ) that connect to active firewall When secondary Firewall became active dmz serves does not work I want set that DMZ servers works all time when standby became active do you have some solution for that?
Also if i want to connect on two firewalls active/standby two DMZ switches, one DMZ switch to connect to primary asa one to secondary asa and on both switches to connect DMZ servers redundantly , do you have some solution for that, some configuration ?

The reason for second question in real situation I will have two servers in dmz that have to works in same time and physically separate and I need that servers works all the time in dmz that connect to switches that connect to pair Farewell active/standby.

Labels:
0 Helpful
1 Reply 1

JORGE RODRIGUEZ
Level 10
Level 10

‎07-29-2019 06:51 PM

Hello there ,

 

It seems as though your lab setup could have a flaw , would you be able to share your physical cross connects lab diagram as well as your logical diagram vlans etc..  ? there could be many reasons your servers did not communicate correctly with the firewall when firewalls switched to the standby.

 

Below is a URL with a straight forward A/S deployment , go over this link, if you are introducing two switches in your design you need to keep in mind that if Active FW connects to one switch and the  Standby  to another switch both switches must be connected and they have to be able to be aware of  VLANs you have allocated for each of the firewall interfaces you have configured them with - proper cross connects and proper VLAN assignments in the switches is key to for proper fail-over events and systems to continue their communications 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91336-pix-activeactive-config.html

 

Additionally I have attached an basic site cross-connect diagram to help you with the physical aspect.  Again, if you do have configurations of your switches and firewall we could sanity check to see where is the flaw.

 

 

 

Jorge Rodriguez
Preview file
38 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card