i don't have any problem to

mansoorqa.w1 · ‎02-28-2016

HI

I have two cisco ASA 5545 that config as active-stnadby and there is two cisco 4510(with sup 7E) in downstream(inside zone of ASA) that config as active-standby(HSRP).

now I want config two ASA's as a cluster and two 4510 as VSS.

I read "BRKSEC-3032" Doc and I see a list of switch's that ASA cluster support them. since the cisco 4500 does not exist in this list, then i can't use these switch's in the ASA cluster?

if no, is there any solution for this scenario? and why can't we use cisco 4500 with ASA cluster?

thanks

Philip D'Ath · ‎02-28-2016

ASA's only require each interface (outside, inside, etc) can see the same interface on other ASA's in the cluster. You will be able to do this on a 4510.

mansoorqa.w1 · ‎02-28-2016

i don't have any problem to config 2*ASA's as a cluster and 2*4510R-E in VSS mode.

but my question: can i connect SpannedEtherchannel from ASA cluster(one link per chassis) to 4510 VSS(one link per chassis)?

according to below sentence in "BRKSEC-3032" Doc, really i can't use 4510 switches(VSS mode) in spanned etherchannel clustering?

"Limited switch chassis support for control and data interfaces
•Catalyst 3750-X, 6500 with Sup32, Sup720, or Sup720-1GE, and 6800 with Sup2T
•Nexus 5000, 6000, 7000, 9300, and 9500
•Catalyst 4500-X and ASR 9000 with ASA 9.5(1) inJuly 2015"

also this link: http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#pgfId-137822

ASA Clustering with 4500 Switch