ASA ECMP

zekebashi — Tue, 06 Apr 2021 21:29:43 GMT

Hello,

We have a pair of ASA5585 configured in HA and I am trying to understand if the ASA can do ECMP on a port that's configured with sub-interfaces. The Cisco document below describes that ECMP can only be done on the same port/interface. "Multiple static routes that utilize ECMP are available only on the same interface."

So, if I have a port-channel configured with two VLANs/sub-interfaces and have two default static routes each of which has a destination to a different next-hop IP address, would this configuration work?

Here's how I have the port-channels and static routes configured:

(IP addresses are fictitious)

interface Port-channel1.400

vlan 400

nameif outside

security-level 0

ip address 1.2.80.5 255.255.255.248 standby 1.2.80.6

interface Port-channel1.403

vlan 403

nameif outside

security-level 0

ip address 1.2.82.5 255.255.255.248 standby 1.2.82.6

!
!

interface GigabitEthernet0/0

description OUT

channel-group 1 mode active

no nameif

no security-level

no ip address

interface GigabitEthernet0/3

description OUT

channel-group 1 mode active

no nameif

no security-level

no ip address

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/115986-asa-eqm-products-configuration-example.html

Thanks in advance.

~zK

topic ASA ECMP in Network Security

ASA ECMP