Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
675
Views
0
Helpful
0
Replies

Migrating to ACI simple test

csco10387876
Level 1
Level 1

‎04-14-2016 12:19 AM - edited ‎03-01-2019 04:56 AM

Good morning,

I am trying to create a simple topology that would look like something you do with classic devices :

The topology would look like this, an asr to get out of the data center, connected to a 7k doing routing for the firewall dmz's

In ACI, I guess I would have an epg for the dmz, an l3 out for peering with the asr and then create a contract with a service graph to steer the trafic to the firewall.

Looks simple enough but still, how shoud I configure the firewall :

option 1 should I use 2 distinct epg for in/out on the firewall and not connect it to the dmz, relying on ACI to steer the traffic over it.

option 2 push the dmz epg to the firewall and disable l3 on the fabric for it, add the firewall inside interface as a l3out and enable transit routing so that the routes defined to the firewall go out the ROW l3Out ?

When you have hundreds of dmz, what is the recommended way ?

Regards,

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License