cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


310
Views
10
Helpful
6
Replies
Contributor

Connection Between Core and Firewall

Dears,

 

Please find the attached

 

Please suggest when 6509 are in VSS mode how the connection should be. The access switch is connected to both core with Multi chassis Ether channel, ,,, the user traffic is hash in default algorithm of the port channel, src dst ip

 

how the traffic flow will be when the connection are according to the Diagram A and how the flows will be when it is according to the Diagram B 

AND

 

 

Thanks

Everyone's tags (1)
6 REPLIES 6
VIP Advisor

Re: Connection Between Core and Firewall

Is the FW are in Cluster mode Active / Active  or Active / Standby?  2nd one give you more High availability in terms of failure scenarios.

 

 

 

BB
*** Rate All Helpful Responses ***
Contributor

Re: Connection Between Core and Firewall

firewalls are in active / standby mode

VIP Advisor

Re: Connection Between Core and Firewall

Look at good CVD document, for your reference.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/ha-cluster.pdf

BB
*** Rate All Helpful Responses ***
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: Connection Between Core and Firewall

Hi,
If the ASA's are active/standby then in either scenario (diagram A or B) traffic would not be routed via the FW-B, if it is still standby/secondary. So in diagram A if the traffic originated on Core 2 the traffic would cross the link to Core 1 and then to the FW-A. In Diagram B ideally you'd configure the ASA's to be members of a port-channel, traffic would then go directly from Core 1 to FW-A or from Core 2 to FW-A. Diagram B is the better design.

HTH
Contributor

Re: Connection Between Core and Firewall

Dears,

thanks to both of you and +5 to you both,

clustering is different concept than a active/standby or active/active.

thanks

Highlighted
Contributor

Re: Connection Between Core and Firewall

IMG_0327_Po.png