cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


241
Views
0
Helpful
4
Replies
Beginner

Cisco ASA as VXLAN bridge?

I'm exploring VXLANs for the first time and have found out that my ASA5555-X firewalls do support it. They're running 9.8(3) code.

My use case is better explained using diagrams. The first one is how things look now:

vxlanbefore.png

Today, the servers are in different subnets and are routed between 2 ASA firewalls so they can chat to each other.

What I want to do is get the servers in the same subnet and I think I can use VXLAN to achieve that. Here's what I want it to look like:

vxlanafter.png

I'm not sure how to configure this. I *think* I need to create VTEP interfaces on the server ports, and both 0/0 and 1/0 on both ASA firewalls?

I'm sure this is really simple and basic but the Cisco articles don't have this as an example for me to use.

Any help appreciated :)

4 REPLIES 4
Beginner

Re: Cisco ASA as VXLAN bridge?

Anyone?

Highlighted
Hall of Fame Master

Re: Cisco ASA as VXLAN bridge?

Sorry. In my experience very very few customers use VXLAN on their ASAs - I've never seen one outside a lab environment. Those who do typically are working directly with Cisco Advanced Services or have significant in house engineering resources and not hanging out on the general support community.

Participant

Re: Cisco ASA as VXLAN bridge?

This looks interesting. I am actually going to lab this out to see how it works.

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.
Beginner

Re: Cisco ASA as VXLAN bridge?

Thanks Alan Ng'ethe, that would be super helpful.

I love the fact that the VXLAN (VTEP) interface does not have to be a dedicated physical port, i.e. it can be shared with normal firewall services! See attached below:

vxlan-vtep.png