1. The document describes configuring high availability routing between two firewalls (ASA1 and ASA2) using failover, and between two routers (MLS3 and R2) using HSRP. 2. It provides configuration examples for failover on the ASAs, HSRP on MLS3 and R2, PAT on the ASA and R2, and EIGRP routing between the ASA and MLS3. 3. It also specifies default gateways for different PCs to reach R1 via the active HSRP router.

1. Lab 25: HSRP with Failover
Task
1. Configure IP Address as per given in topology.
2. Configure Failover on ASA1 and ASA2. Make Sure Use IP address 200.200.200.0/24 for failover.
3. Configure HSRP between MLS3 and R2. Make sure R2 is active for group 1 and MLS3 is active for
group 2. HSRP Authentication is Netwaxlab.
4. Configure PAT on ASA and R2.
5. Configure EIGRP between ASA and MLS3.
6. PC1 to PC4 Reach R1 via R2 and PC5 & PC6 reach R1 via MLS3.
Figure 1 Topology

2. Lab 25: HSRP with Failover
Solution
 Task 2: Configure Failover on ASA1 and ASA2. Make Sure Use IP address 200.200.200.0/24 for
failover.
ASA1
failover lan unit primary
failover lan interface fover e0/5
failover link fover e0/5
failover interface ip fover 200.200.200.1 255.255.255.0 standby 200.200.200.2
failover replication http
int e0/0
ip add 124.55.221.2 255.255.255.0 standby 124.55.221.3
no shut
exit
int e0/1
nameif inside
ip add 192.168.2.1 255.255.255.0 standby 192.168.2.2
no shut
exit
ASA2
failover lan unit secondary
failover lan interface fover e0/5
failover link fover e0/5
failover interface ip fover 200.200.200.1 255.255.255.0 standby 200.200.200.2
 Task 3: Configure HSRP between MLS3 and R2. Make sure R2 is active for group 1 and MLS3 is
active for group 2. HSRP Authentication is Netwaxlab.
MLS3
int f1/2
standby 1 ip 110.0.0.254
standby 1 priority 99
standby 1 authentication md5 key-string Netwaxlab
standby 1 preempt

3. Lab 25: HSRP with Failover
standby 2 ip 110.0.0.253
standby 2 priority 101
standby 2 authentication md5 key-string Netwaxlab
standby 2 preempt
R2
int f0/1
standby 1 ip 110.0.0.254
standby 1 preempt
standby 1 priority 101
standby 1 authentication md5 key-string Netwaxlab
standby 2 ip 110.0.0.253
standby 2 priority 99
standby 2 authentication md5 key-string Netwaxlab
standby 2 preempt
 Task 4: Configure PAT on ASA and R2.
ASA1
access-list OUT permit icmp any any
access-group OUT in interface outsie
access-list NAT permit ip 192.168.2.0 255.255.255.0 any
access-list NAT permit ip 110.0.0.0 255.255.255.0 any
nat (inside) 1 access-list NAT
global (outside) 1 interface
route outside 0 0 124.55.221.1
R2
ip access-list extended NAT
permit ip 110.0.0.0 0.0.0.255 any
exit
ip nat inside source list NAT interface f0/0 overload

4. Lab 25: HSRP with Failover
 Task 5: Configure EIGRP between ASA and MLS3
ASA1
router eigrp 100
network 192.168.2.0 255.255.255.0
no auto-summary
redistribute static
exit
MLS3
router eigrp 100
network 192.168.2.0 0.0.0.255
network 110.0.0.0 0.0.0.255
no auto-summary
exit
 Task 6: PC1 to PC4 Reach R1 via R2 and PC5 & PC6 reach R1 via MLS3.
On PC1 to PC4
Configure Default gateway as 110.0.0.254
On PC5 and PC6
Configure default gateway as 110.0.0.253