11-14-2016 08:25 AM - edited 03-01-2019 08:25 AM
Hi,
I have two nexus switches for dmz . Asa firewall in active standby mode .
ASA 1 will be connected to DMZ SW1 and ASA2 will be DMZ SW2
Is it possible to enable vpc or it does not make sense?
How to acheive redundancy for the servers if asa 1 failed ?
Thanks
11-18-2016 05:16 PM
I believe that it is possible and does make sense to use vpc for the connection.
HTH
Rick
01-17-2017 11:33 AM
Hi,
I heard that asa does not support vpc
Thanks
01-23-2017 09:09 AM
It is probably true that ASA does not support vpc. But that does not mean that vpc on the Nexus can not be part of a solution to provide redundancy. I worked with a customer who has a pair of ASA operating in active/standby failover pair. The ASAs connect to a pair of Nexus switches. To provide effective redundancy we configure a trunk on both ASA and the trunk includes a vlan for DMZ. The ASAs connect to the Nexus switches. The Nexus switches use vpc so that ASA connected to switch 1 has access to resources on switch 2.
HTH
Rick
01-28-2017 08:09 AM
Hi,
It means on the ASA there will be trunk and on the nexus switch there will be vpc.
As I understood from one ASA there will be two physical link (to sw1 and sw2 ) and this will be vpc 100
and the from the second asa vpc 101
Am I correct ?.
And second thing in vpc both link are in forward how will be the traffic flow ? .
You said you are passing DMZ vlan also in the same trunk , meaning the DMZ and INSIDE vlan also going through the same trunk ?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide