Solved: ASA 5545 connection with Nexus 5000 devices over vPC

sameetha.maheshwaram · ‎11-18-2016

Hello All,

I read the following link for the vPC connection between Nexus 5k devices and ASA firewalls running on Active/Standby.

http://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

I got to know some information on vpc and asa Active/standby from pg 100 in the above link .I was not able to understand following configuration from pg: 105

ip route 100.100.100.0/24 Vlan200 200.200.200.1 name ASA

Could someone please help me out what is that referring to and why exactly we are using it

Thankyou,

Sameetha

Richard Burts · ‎11-18-2016

Sameetha

The route statements on the ASA create static routes and are fairly similar to static routes on IOS devices, though there are a few differences. Here is the explanation"

"ip route" is the command that will create a static route for the ASA

"100.100.100.0/24" identifies the network for which we are creating the route. On most IOS devices you configure the address and a mask, but on ASA you use the notation of /24 which corresponds to a mask of 255.255.255.0.

"Vlan200" is the identifier of the interface through which the static route will go. In IOS it is an option to specify the outbound interface but it is not required. For ASA it is required to specify the interface

"200.200.200.1" is the next hop of the static route. This is the same as IOS.

"name ASA" is optional on ASA and provides an identifier for the route.

So that is what the parts are, and the reason why we use this command is to create a static route for the ASA.

HTH

Rick

HTH

Rick

View solution in original post

Richard Burts · ‎11-18-2016

Sameetha

The route statements on the ASA create static routes and are fairly similar to static routes on IOS devices, though there are a few differences. Here is the explanation"

"ip route" is the command that will create a static route for the ASA

"100.100.100.0/24" identifies the network for which we are creating the route. On most IOS devices you configure the address and a mask, but on ASA you use the notation of /24 which corresponds to a mask of 255.255.255.0.

"Vlan200" is the identifier of the interface through which the static route will go. In IOS it is an option to specify the outbound interface but it is not required. For ASA it is required to specify the interface

"200.200.200.1" is the next hop of the static route. This is the same as IOS.

"name ASA" is optional on ASA and provides an identifier for the route.

So that is what the parts are, and the reason why we use this command is to create a static route for the ASA.

HTH

Rick

HTH

Rick

sameetha.maheshwaram · ‎11-19-2016

Thanks a lot Rick. I really appreciate your quick response.

I was not clear about why we were using "name ASA" and why we were using "vlan 200". Got clarified.

Regards,

Sameetha

Richard Burts · ‎11-20-2016

Sameetha

I am glad that my explanation was helpful. Thank you for using the rating system to mark this question as answered. This will help other readers in the forum to identify discussions which have helpful information. These forums are excellent places to learn about networking. I hope to see you continue to be active in the forums.

HTH

Rick

HTH

Rick