Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1771
Views
5
Helpful
1
Replies

ACI To ASA Active Standby L3Out Connectivity

iwearing
Level 1
Level 1

‎05-16-2017 10:53 AM - edited ‎03-01-2019 05:14 AM

Hi,

I have a requirement to create a L3Out to an Active/Standby pair of ASA Next Gen firewalls.

The Firewalls will be connected to 2 x Leaf Nodes. I am looking for clarification on the vPC configuration within the ACI Fabric.

L101-L102 - E1/1 vPC 1 to Active ASA

L101-L102 - E1/2 vPC 2 to Standby ASA

Maybe I should be configuring 1 x vPC for all connectivity:

L102-L102 - E1/1-2 vPC to Active and Standby ASA's

The L3Out will be configured as an SVI with Primary and Seconday IP addressing on both L102 & L102 leaf nodes.

Any suggestions would be appreciated.

thanks

Ian

Labels:
0 Helpful
1 Reply 1

Marcel Zehnder
Spotlight
Spotlight

‎05-19-2017 12:58 AM

Hi Ian

You will need two vPCs in this case, so this version is correct:

L101-L102 - E1/1 vPC 1 to Active ASA

L101-L102 - E1/2 vPC 2 to Standby ASA

However, even if it's supported I would still not recommend to do routing over vPC (mo matter if it's static or dynamic) - I would recommend you attach the active ASA to L101 and the standby to L102 with local port-channels. 

HTH

Marcel

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License