cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

340
Views
0
Helpful
1
Replies
Beginner

ASA 5585X Clustering

I have two ASA 5585X-SSP20 need to Cluster config. I am little confused about ASA to Core Switch and Server Firm Switch Connectivity. In cluster mode if we config master asa two 10G port as an ether-channel then others cluster member same port config as a same ether-channel.So four port in two asa work in single ether-channel. If this right then my diagram is correct or wrong. Plz  help me.  

 

 

 

1 REPLY 1

Hi,yes,technically you could

Hi,

yes,technically you could run two SSP20's with all 4 10g ports in the same spanned etherchannel as a "firewall on a stick". 

If you look in the cluster configuration guide you'll see that the CCL (Cluster Control Link) needs to be sized the same as the data links so if you don't add any extra modules to your SSP20 firewalls you'll end up with 1x 10g for data and 1x 10g for CCL on each physical firewall.

We currently have this setup in our environment; each SSP20 firewall is connected to a Nexus 7K switch where one 10G port is used for CCL and one 10G port is setup as a trunk for all inbound/outbound traffic to/from the firewall.

 

Hope this helps!

 

-Michel

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here