Hi p.dath,

So you mean to say that, I can combine all the interfaces of all nexus to make a single port-channel and there will be 2 ports channels in case of firewalls.

Please confirm if the diagram will look like the attached one ?

Thanks/Ashwin

Sorry for not making myself clearer.  Your original diagram was correct.

All 4 ports in FW-A can be in one port channel (such as 100), and all 4 ports in FW-B can be in another Etherchannel (such as 200).

Hi p.dath,

Sorry to confuse you. I shall re-frame my question once again.

In the set up attached, Nexus will act as gate way for all servers connecting benith it.

please suggest, if i can:
1. logically combine all 8 ports (4 from FW-A and 4 from FW-B) firewalls into a single port-channel group ? Firewalls acting as Active-Standby mode.
2. logically combine all 8 ports (4 from N5K-A and 4 from N5K-B) of Nexus into a single port-channel/vPC group ?

So as to create a logical single port-channel between Nexus and ASA. This port-channel will be L3 link between Nexus and ASA and i am planning to create multiple sub-interfaces on this port-channel (sub-interface IPs will be provided on the same).

Please find attached diagram for reference.

Thanks/Ashwin

1. No, you must use a separate port channel to each firewall.

And what about Nexus ? will all ports be under same port-channel ?

No.  You would have to have one port channel for the first ASA, and another port channel for the second ASA.

I think you are going to have to use a layer 2 port channel and an SVI to achieve what you would like - as you effectively need one layer 3 domain to span two port channels.