I want to deploy Cisco ASA firewall in my Data Center for Security/policing of Data Center subnets. I want to deploy these firewall in transparent mode between my Core VDC and DC VDC as active standby (HA). Both Core VDC ad DC VDC have their own vPC domains and at the moment connected with each other via 3 x 1G links through static routing. Now I want to insert transparent firewalls between these VDCs in vPC fashion. My question is that is it a valid approach? diagram is attached for your reference.
The design is correct just remember you need to use static route b/w DC VDC & Core VDC due to vPC is L2 technology and you will feel abnormal behavior if your run dynamic routing.
As per Cisco document new NXOS is supporting vPC over L3 links, still I recommend don't use any dynamic routing b/w DC VDC & Core VDC.
One question, how did you configured the portchannel from transparent firewall to core VDC, which mode of portchannel (on, active)? , because i have an issue with this configuration and the portchannel dont coming up
The design is correct just remember you need to use static route b/w DC VDC & Core VDC due to vPC is L2 technology and you will feel abnormal behavior if your run dynamic routing.
As per Cisco document new NXOS is supporting vPC over L3 links, still I recommend don't use any dynamic routing b/w DC VDC & Core VDC.
Thanks & Best regards;
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
