cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
154
Views
0
Helpful
1
Replies
Beginner

L3out - Multisite (FW active/standby)

Hello team! How are you? I've been trying to find information on how connect two l3outs in a multisite scenario.

He have site 1 and site 2. In site 1 we have the active FW and the site 2 has the passive fw. Until now, the dg are in the Checkpoint, so our vlans reach it by a l2outs. Also we have all vlans in streched BD across the sites.

So now we need to move those default gateways to ACI and create the l3outs(static routing) as i mentioned above. I don´t know if i can create two l3outs in each site with a extended external EPG across sites. Is it supported? i couldn´t find a explanation about it, except  with services nodes integration, that it says there is a limitation support.

 

Thanks!

Everyone's tags (1)
1 REPLY 1
Highlighted
Beginner

Re: L3out - Multisite (FW active/standby)

It looks like this is supported from 4.2.1 and later. It requires you to set up a separate L3Out in each site and use Inter-Site L3Out support which was introduce in 4.2.

 

See here, page 115 through to 139 : https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKACI-2125.pdf

 

I'm not sure on the encapsulation scope in the L3 Outs of each site so the firewalls see each other in the segment that they peer to ACI on. I'd try setting it from local to VRF, but I haven't seen anything stating that it will work across sites.

CreatePlease to create content