02-19-2015 10:47 AM - edited 03-11-2019 10:31 PM
Hello Team,
I want to deploy two nexus 7K in a data center I want to utilize the VPC feature over my approach in current scenario I have two ASA 5540 in A/A , number of Inside vlans are 32 vlans. I have three questions as per the following:
1- How should I Connect the ASA into N7K through VPC feature ( Is it doable to make the ASA in between the core VDC and Aggregation VDC or to connect it as arm to the AGG VDC only)
2- Since I have 32 vlans, And ASA is limited to 8 bridge groups, which will not allow me to map more than 8 vlans into in each context. Should I go through the routed mode and make the ASA is a default gateway for all the internal servers.
3- Since I have only four gig ports per ASA physical device, Can I use the management port for Failover link ?
Please help me sorting this setup in any configuration example for both 7K and ASA with diagram of physical connections if possible. Thanking you in advance
Best Regards
Mohammad Eid
02-27-2015 11:29 AM
Please follow configuration example to make your ports on ASA as a trunk mode and ASA should be routed mode and if you require any dynamic nat or static-nat you can do so as well.
Please make sure, you have one separate vpc extending to primary ASA and another vpc extending to secondary ASA.
interface GigabitEthernet0/2
channel-group 1 mode active
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
channel-group 1 mode active
no nameif
no security-level
no ip address
interface Port-channel1
port-channel load-balance src-dst-ip-port
nameif inside
security-level 100
ip address 10.10.2.2 255.255.255.252
Now should you require a DMZ interface, then create a subnet interface from port-channel interface.
interface Port-channel1.50
description VLAN-50
vlan 50
nameif dmz
security-level 50
ip address 10.10.30.2 255.255.255.0
You would treat ASA connection to VPC on 7K, just like any other fabric extenders connection.
Hope that answer your question.
Thanks
Rizwan Rafeek
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide