I have a PA-500 running as a web proxy, The connection from the inside is a ASA-5512 (required), except that I have 2 5512's running in active-standby failover mode. How do I connect both 5512's into the PA500 so that if a failover happens the traffic from the back 5512 is scanned?
Depending on the requirements on the network after your pa500, you could use v-wires for both asa's or connect them to two layer two interfaces and create a corresponting vlan interface.
In this case I think connecting the asa's to two layer 2 interfaces would be the best solution.and then between the pa500 and the router a layer3 interface. so then you could configure both layer two links in the same (trust)-zone and the untrust one for the external link to the router
Actually I was wrong the current ASA's go into a L2 switch which then connects to the Core router, so would I just create a second virtual wire and connect the standby asa and another connection to the L2 switch.
With a layer 2 switch there both possibilities would work. I would still reccommend to use the pa500 as layer 3 device between the asa's and the external network. But this is only my personal opinion because I like to have the control over the traffic flow by routing rather than traffic passing transparently (for the asa point of view) to the next router.
like this, yes. this way you can now create zone based firewallrules and they would be the same for both asa.
Now depending on if there is traffic needed between the interfaces of the asa (in order to make HA on them work), you also have to allow this traffic i think.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!