Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1241
Views
10
Helpful
1
Replies

Connecting router and firewall to ACI

Pankaj_Agrawal
Level 1
Level 1

‎09-23-2021 07:35 PM

Hi,

 

Please look at the attached Visio and help me. I would like to connect firewall and router to ACI.

 

 

 
 
 

ACI.jpg

 

Labels:
Preview file
236 KB
1 Reply 1

AJ Cruz
Level 3
Level 3

‎09-24-2021 08:44 AM - edited ‎09-24-2021 08:46 AM

If all devices must connect to ACI you'd probably want to use a dedicated "transit" VRF with a transit BD that the WAN interface and firewall outside interface sits it.

 

However, I personally will do anything I can to not use ACI as a transit network. It's a good practice in modular network design to keep your DC fabric a separate island. I always recommend a "dc core" or "campus core" to all my customers to aggregate services.

So what I'd try to do is use the firewall inside interface as your ACI L3Out, then connect the WAN routers directly to the firewall.

I hate using ACI as a transit network so much, I'd even consider hanging the internet firewall off the WAN router, using the WAN router as a sort of dc/campus core.

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License