If all devices must connect to ACI you'd probably want to use a dedicated "transit" VRF with a transit BD that the WAN interface and firewall outside interface sits it.
However, I personally will do anything I can to not use ACI as a transit network. It's a good practice in modular network design to keep your DC fabric a separate island. I always recommend a "dc core" or "campus core" to all my customers to aggregate services.
So what I'd try to do is use the firewall inside interface as your ACI L3Out, then connect the WAN routers directly to the firewall.
I hate using ACI as a transit network so much, I'd even consider hanging the internet firewall off the WAN router, using the WAN router as a sort of dc/campus core.
※この はじめての Intersight Workload Optimizer / How To "Community" サイトで公開させていただいている情報は、Intersight Workload Optimizer に関わるナレッジを共有させて頂くことを目的としております。なるべく情報の正確性には努めてはおりますが、本 Community サイトで公開させて頂いている情報に基づいておこなわれた構成その他あらゆる設定に関してシスコとして一切の責任を持つことはできませんので、必ず公式なドキュメント、ガ...
The 2021 IT Blog Awards, hosted by Cisco, is now open for submissions. Submit your blog, vlog or podcast by Friday, December 3.
To learn what's new in this year's competition or to gain insights into the judging considerations, check out ...
Data Center and Cloud Networking News
Cisco Nexus Dashboard Open Ecosystem with Splunk
End-to-End Flow State Validation with Nexus Dashboard Insights Connectivity Analysis
Cisco Q1 NPI Announcements for Data Center and Cloud Networking
We delivered a partner enablement training session in September 2021 to share the ACI upgrade Best Practices.
The slide deck is enclosed here for wider audience in the community, it provides more details in terms of the best practices, tools and co...