Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1109
Views
0
Helpful
1
Replies

ASA 5585X Clustering

CSCO12361421
Level 1
Level 1

‎12-10-2014 09:00 AM - edited ‎02-21-2020 05:21 AM

I have two ASA 5585X-SSP20 need to Cluster config. I am little confused about ASA to Core Switch and Server Firm Switch Connectivity. In cluster mode if we config master asa two 10G port as an ether-channel then others cluster member same port config as a same ether-channel.So four port in two asa work in single ether-channel. If this right then my diagram is correct or wrong. Plz  help me.  

 

 

 

1 person had this problem
0 Helpful
1 Reply 1

Michel Pedersen
Level 1
Level 1

‎03-19-2015 04:28 AM

Hi,

yes,technically you could run two SSP20's with all 4 10g ports in the same spanned etherchannel as a "firewall on a stick". 

If you look in the cluster configuration guide you'll see that the CCL (Cluster Control Link) needs to be sized the same as the data links so if you don't add any extra modules to your SSP20 firewalls you'll end up with 1x 10g for data and 1x 10g for CCL on each physical firewall.

We currently have this setup in our environment; each SSP20 firewall is connected to a Nexus 7K switch where one 10G port is used for CCL and one 10G port is setup as a trunk for all inbound/outbound traffic to/from the firewall.

 

Hope this helps!

 

-Michel

0 Helpful
Review Cisco Networking for a $25 gift card
Top