Our two cisco firewalls (Cisco ASA on firepower, active/standby) are currently connected to two Catalyst 6509s.

We want to move these firewalls to Nexus 9500s.

When we connected ASA ports to Nexus, the ports on nexus showed "connected" but the ports on the firewall appeared down.  Bouncing ports on either side did not help.  Taking ports out of port-channels and bouncing them did not help either.  Rebooted the standby firewall to see if its ports connect, but it did not work.

Opened a case with Cisco.  They checked the nexus side and the firewall side, but did not find any misconfigurations or issues.

Here is a list of troubleshooting steps I completed today, but nothing worked.

1. set the Nexus side to the Port-channel configuration. Reboot the firewall. 
2. Remove vlan configuration from two ports on N9Ks.  Bounce ports on both sides (Nexus and FW). 
3. remove the port-channel config nexus Remove FW ports from port-channel and assign them to a logical device.  Bounce ports 
4. reboot 
5. shut ports on both sides. Apply lacp graceful-convergence on nexus side.  Enable Nexus ports.  Enable FW.  Lacp ports become suspended.  FW ports are still down. 

Error on nexus side:

lacp: fu_fsm_execute_all: done processing event LACP_EV_PERIODIC_TRANSMIT_TIMER_EXPIRED

I attached a diagram example of one firewall and it's two ports being connected to both nexuses.  I am currently working on troubleshooting connectivity of two firewall ports (standby firewall) to two nexuses.

any ideas?

thanks

Tanya