Nexus 7009 & Cisco ASA 5520

Tabish Mirza · ‎11-04-2013

Hi,

We have a pair of Nexus 7009 running image 6.2(2a) & Cisco ASA 5520 image 8.2 HA pair (Active/Standby) routed mode. I want to know that how I can connect both ASA with Nexus 7009? We are running static routes. Do I have to configure that ports where I will connect ASA as a Orphan Port ?.

Keep in mind that I have only one free port in each ASA & nexus 7009 I have only F2 card having 48 1000/10000 sfp ports with one copper transceiver

for each nexus 7009 to connect ASA's

Thanks

sagilshravana · ‎11-20-2013

1) Connect ASA-1 to N7k-1 and ASA-2 to N7K2(configure a trunk port to carry inside, outside & Other vlans as required)

2) It is best practice to keep the interface which is connecting to ASA as orphan port.

3) Create a trunk between N7K-1 & N7K-2 allowing all the required vlan(inside, outside Ect)

4) Assuming that you have a pair of wan routers to connect outside, Connect the WAN routers to the "outside" vlan in both N7K1 & N7K2, and run HSRP in both WAN routers for "Outside" zone/vlan.

5) Add a static/default route from ASA to HSRP ip of wan router.

6) Add route towards inside zones in WAN routers towards the "Inside" virtual ip of ASA.

Hope this helps.