Hi,

k.adath2015 · ‎11-14-2016

Hi,

I have two nexus switches for dmz . Asa firewall in active standby mode .

ASA 1 will be connected to DMZ SW1 and ASA2 will be DMZ SW2

Is it possible to enable vpc or it does not make sense?

How to acheive redundancy for the servers if asa 1 failed ?

Thanks

Richard Burts · ‎11-18-2016

I believe that it is possible and does make sense to use vpc for the connection.

HTH

Rick

HTH

Rick

k.adath2015 · ‎01-17-2017

Hi,

I heard that asa does not support vpc

Thanks

Richard Burts · ‎01-23-2017

It is probably true that ASA does not support vpc. But that does not mean that vpc on the Nexus can not be part of a solution to provide redundancy. I worked with a customer who has a pair of ASA operating in active/standby failover pair. The ASAs connect to a pair of Nexus switches. To provide effective redundancy we configure a trunk on both ASA and the trunk includes a vlan for DMZ. The ASAs connect to the Nexus switches. The Nexus switches use vpc so that ASA connected to switch 1 has access to resources on switch 2.

HTH

Rick

HTH

Rick

k.adath2015 · ‎01-28-2017

Hi,

It means on the ASA there will be trunk and on the nexus switch there will be vpc.

As I understood from one ASA there will be two physical link (to sw1 and sw2 ) and this will be vpc 100

and the from the second asa vpc 101

Am I correct ?.

And second thing in vpc both link are in forward how will be the traffic flow ? .

You said you are passing DMZ vlan also in the same trunk , meaning the DMZ and INSIDE vlan also going through the same trunk ?

Thanks

asa - nexus