cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1016
Views
5
Helpful
1
Replies
Beginner

ACI To ASA Active Standby L3Out Connectivity

Hi,

I have a requirement to create a L3Out to an Active/Standby pair of ASA Next Gen firewalls.

The Firewalls will be connected to 2 x Leaf Nodes. I am looking for clarification on the vPC configuration within the ACI Fabric.

L101-L102 - E1/1 vPC 1 to Active ASA

L101-L102 - E1/2 vPC 2 to Standby ASA

Maybe I should be configuring 1 x vPC for all connectivity:

L102-L102 - E1/1-2 vPC to Active and Standby ASA's

The L3Out will be configured as an SVI with Primary and Seconday IP addressing on both L102 & L102 leaf nodes.

Any suggestions would be appreciated.

thanks

Ian

1 REPLY 1
Participant

Hi Ian

Hi Ian

You will need two vPCs in this case, so this version is correct:

L101-L102 - E1/1 vPC 1 to Active ASA

L101-L102 - E1/2 vPC 2 to Standby ASA

However, even if it's supported I would still not recommend to do routing over vPC (mo matter if it's static or dynamic) - I would recommend you attach the active ASA to L101 and the standby to L102 with local port-channels. 

HTH

Marcel

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards