cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1529
Views
10
Helpful
1
Replies

Connecting router and firewall to ACI

Pankaj_Agrawal
Level 1
Level 1

Hi,

 

Please look at the attached Visio and help me. I would like to connect firewall and router to ACI.

 

 

 
 
 

ACI.jpg

 

1 Reply 1

AJ Cruz
Level 3
Level 3

If all devices must connect to ACI you'd probably want to use a dedicated "transit" VRF with a transit BD that the WAN interface and firewall outside interface sits it.

 

However, I personally will do anything I can to not use ACI as a transit network. It's a good practice in modular network design to keep your DC fabric a separate island. I always recommend a "dc core" or "campus core" to all my customers to aggregate services.

So what I'd try to do is use the firewall inside interface as your ACI L3Out, then connect the WAN routers directly to the firewall.

I hate using ACI as a transit network so much, I'd even consider hanging the internet firewall off the WAN router, using the WAN router as a sort of dc/campus core.

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License