01-11-2020 06:27 AM
Hi there,
I need to connect a pair of ASAs in failover mode to two pods. Then configure the firewalls as a L3Out using static routes. At each pod, each failover member will use a VPC in trunk mode.
The trunk will carry the ASA "outside" VLAN (100) used as a next-hop for ACI in the L3Out. In this sense, I will configure two different SVI interface profile for the L3Out (one per pod path) and match the outside ASA VLAN in the encapsulation (100).
My question is, in order to let the ASA outside interfaces see each other, the encapsulation scope should be set to VRF? Per my understanding, ACI should create kind of bridge domain between both interface profiles using the same encapsulation VLAN, right?
Thanks.
Solved! Go to Solution.
01-12-2020 10:21 PM
Encap Scope of Local will work if it is within the same L3Out.
You only need to use VRF scope if you want to have the L2 domain span between L3Outs. See here: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/L3_config/b_Cisco_APIC_Layer_3_Configuration_Guide/b_Cisco_APIC_Layer_3_Configuration_Guide_chapter_01010.html
01-12-2020 10:21 PM
Encap Scope of Local will work if it is within the same L3Out.
You only need to use VRF scope if you want to have the L2 domain span between L3Outs. See here: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/L3_config/b_Cisco_APIC_Layer_3_Configuration_Guide/b_Cisco_APIC_Layer_3_Configuration_Guide_chapter_01010.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide