I'm exploring VXLANs for the first time and have found out that my ASA5555-X firewalls do support it. They're running 9.8(3) code.
My use case is better explained using diagrams. The first one is how things look now:
Today, the servers are in different subnets and are routed between 2 ASA firewalls so they can chat to each other.
What I want to do is get the servers in the same subnet and I think I can use VXLAN to achieve that. Here's what I want it to look like:
I'm not sure how to configure this. I *think* I need to create VTEP interfaces on the server ports, and both 0/0 and 1/0 on both ASA firewalls?
I'm sure this is really simple and basic but the Cisco articles don't have this as an example for me to use.
Any help appreciated :)
Sorry. In my experience very very few customers use VXLAN on their ASAs - I've never seen one outside a lab environment. Those who do typically are working directly with Cisco Advanced Services or have significant in house engineering resources and not hanging out on the general support community.
This looks interesting. I am actually going to lab this out to see how it works.
Thanks Alan Ng'ethe, that would be super helpful.
I love the fact that the VXLAN (VTEP) interface does not have to be a dedicated physical port, i.e. it can be shared with normal firewall services! See attached below: