Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4632
Views
9
Helpful
6
Replies

vPC between Nexus and Cisco ASA 5545-x

Go to solution
robert.vizitiu1
Level 1
Level 1

‎11-25-2015 04:28 AM - edited ‎03-01-2019 08:06 AM

Hello all,

I have some questions regarding the followin design maybe you guys can help me.

We have 4 cisco 2960 switches, 2 Nexus 5500 , 2 ASA 5545 and a router used for BGP.We would like to use vPC on the Nexus switches as in the image:

----------
Cisco 2960         
----------           -----------              --------
                     Nexus1 5548        ASA 5545
----------           -----------              --------
Cisco 2960
----------                                                                       ----------
                                                                                 Cisco 2921
----------                                                                        ----------
Cisco 2960
----------           -----------              --------
                     Nexus2 5548         ASA 5545
----------           -----------              --------
Cisco 2960
----------

We would like to deploy vPC between Cisco 2960 and Nexus and between Nexus and ASA firewalls.The 2 Asa will be configured in Transparent mode as cluster , and a portchannel will connect every ASA to the Nexus pair.

The 2 Nexus are using RIP as routing protocol but on the Cisco 2921 we are using only BGP and static routes.

My question is , will this scenario work even if we use RIP on the Nexus?

Thank you in advance,

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni
In response to robert.vizitiu1

‎12-04-2015 10:04 PM

Hello Robert,

Yes , These type of setup i have designed and implemented for one of the clients with multi tenent facility.

But ASA was in routed mode not in transparent.

You can have portchannel of two ports towrads Nexus end and trunk all vlan from nexus and assign sub interface with specifc zones for firewall policy.

and for out bound if it is only interface then you can go with L3 port and assign point to point network between router and ASA for routing purpose.

With the above you will have default towards router and internal LAN subnet towards Nexus end and rest segment will be connected with ASA.

Hope it Helps..

-GI

Rate if it Helpss

View solution in original post

6 Replies 6

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

‎11-29-2015 09:12 AM

Hello,

We have deployed ASA with portchannel and at Nexus with MEC with vPC domain.

Have a look on this link Quick Start Guide :: ASA Cluster on Nexus documents ASA cluster configuration with connections to vPC domains.

https://communities.cisco.com/docs/DOC-35904

Hope it Helps..

-GI

Rate if it Helpss.

Go to solution
robert.vizitiu1
Level 1
Level 1
In response to Ganesh Hariharan

‎12-04-2015 01:55 AM

Hi Ganesh,

Thank you for this document , is very useful.

My topology would look like the one at page 5 for transprent mode but I want to alter this topology so I would have : L3 Cloud (router) ===> Cluster ASA ====>Nexus

On the ASA cluster I will configure a port-channel to Nexus , configure subinterfaces on the port-channel and assign vlans on each subinterface.On the other side to L3 Cloud  will be the outside interface so I don't need any vlans as all traffic will be forwarded to the outside interface, right?

Do you think this topology will work  or should I stick to the one presented there?

Thank you,

0 Helpful

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni
In response to robert.vizitiu1

‎12-04-2015 10:04 PM

Hello Robert,

Yes , These type of setup i have designed and implemented for one of the clients with multi tenent facility.

But ASA was in routed mode not in transparent.

You can have portchannel of two ports towrads Nexus end and trunk all vlan from nexus and assign sub interface with specifc zones for firewall policy.

and for out bound if it is only interface then you can go with L3 port and assign point to point network between router and ASA for routing purpose.

With the above you will have default towards router and internal LAN subnet towards Nexus end and rest segment will be connected with ASA.

Hope it Helps..

-GI

Rate if it Helpss

Go to solution
robert.vizitiu1
Level 1
Level 1
In response to Ganesh Hariharan

‎12-06-2015 10:52 PM

Hello Ganesh,

Thanks a lot for your input, this was very helpful.

So basically this setup will work only if I use ASA in routed mode, is there any way to make it in transparent mode?

Thank you,

Robert

0 Helpful

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni
In response to robert.vizitiu1

‎12-09-2015 07:54 AM

Hello Robert,

To be honest, I never designed and deployed ASA in transparent mode. As none of my clients had ever asked..:)

I will do some research on transparent stuff, if i get any will defenitely revert to you.

Hopefully in the meantime some of my fellow netpro's can come and reply.

-GI

0 Helpful

Go to solution
robert.vizitiu1
Level 1
Level 1
In response to Ganesh Hariharan

‎12-09-2015 10:31 PM

Hello Ganesh,

We did some research and agreed with my colleagues to use Routed mode so we will do it that way.Thank you very much for your time and I will let you know how it worked :)

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card