I am trying to connect 2 VMWARE servers directly to my 5515-X firewall.
And this is the configuration I am looking for:
Gi0/0 - outside (already configured and working)
Gi0/1 - inside (already configured and working)
Gi0/2 - trunk with VLAN 1 + 2 + 3 + 4 + 5 for VMWARE server1
Gi0/3 - trunk with VLAN 1 + 2 + 3 + 4 + 5 for VMWARE server2
Gi0/4 not used
Gi0/5 not used
ASDM will not let me assign the same VLAN to both Gi0/2 and Gi0/3. I dont want to connect my VMWARE servers to a switch first (that just adds one more component that can fail)
I really hope this simple configuration is possible
Thanks in advance
I think this was only possible in the ASA5505 model which has the built in switch module.
I wonder if configuring a Gigabit Etherchannel using the Gi0/2 and Gi0/3 would be possible? I am not that familiar with the server side.
I think the basic configuration format on the ASA side would be
channel-group 1 mode active
channel-group 1 mode active
description Vlan 10
ip add 10.10.10.1 255.255.255.0
description Vlan 20
ip add 10.10.20.1 255.255.255.0
Doesn't an etherchannel require a single device on the other side, e.g. that pesky switch again?
I don't think you can make an ethernet channel with two participants going to two separate unrelated devices. Even with LACP for the bundle negotiations (e.g. "channel-group N mode active") the most separation you can get is two different member switches in a single unified stackwise group.
Also, you'd need recent ASA firmware, like 9.0(2), as 8.6 on the ASA didn't have etherchannel.
I've been keeping the ASA etherchannel ploy in mind for my pending 5525-X upgrade, as depending on traffic levels, I might want it on what is currently an ordinary singleton trunk port interface (replacing an 5520 running 8.2 firmware). I'll have to add this item to my test lab R&D queue.
-- Jim Leinweber, WI State Lab of Hygiene
I have updated to latest ASDM and firmware, so I do have etherchannel, but I unsure if that will work ... and I might add one more VMWARE server later
I'm going to purchase Cisco ASA 5506-X-K9 Sec Plus device. I have plans to build the following schema:
As you can see here are two VMWare ESXi servers connected to ASA5506-X firewall. vSwitch of each server has two vlans (vlan3 - inside area, vlan4 - DMZ). So I want to configure vlan trunks between ASA and VMWare. I need vlan trunks to save more ports of my VMWare server for another needs (SAN, redundacy links, additional servers interlinks and etc.).
Can anybody tell me is it possible on Cisco ASA5506-X?
The ASA supports 802.1q trunks and can be configured with the subinterfaces necessary to act as a gateway for the resepctive subnets.
That's slightly different than the VLAN (layer 2) support you asked about but I believe it satisfies the requirement as I understand it.