cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
767
Views
0
Helpful
10
Replies

Traffic flow

Ibrahim Jamil
Level 6
Level 6

Hello Guys

pls find attachment

when the L2 Link Between  3750-X-1 and ASA-1 failed  , after that  traffic from/to hosts sits in ESXi will be blackholed as ASA-1 still Active node while ASA-2 in standby ( cant forward the traffic up and down , until the active one fail)

Adding 2 link from DMZ switches to each ASAs as a cross link seems properer design


pls Advise on the most proper design

 

 

 

Thanks all

10 Replies 10

nazimkha
Level 4
Level 4
Many possible design options :

1. From switch perspective, if you are using HSRP on 3750 switches you can change the HSRP state when the link is down using object tracking.
2.You can configure object-tracking/ IP SLA on the ASA to failover
3. You can add cross links but since the 3750 are not VSS or vPC capable you will not be able to port-channel them and use the aggregate bandwidth

Hi

 

For option 1 . the 3750 are just L2 switch , the GW for DMZ hosts is the ASA

 

For Option 2 , this is the DMZ interface down to L2 Switches

 

 

THANKS

In that case option 2 may be more suitable and you can monitor the interfaces. I am not an expert in ASA and cannot suggest the exact configuration. Probably moving this thread to the Security section will get better responses

balaji.bandi
Hall of Fame
Hall of Fame

Why not consider ASA as cluster design.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_cluster.html

 

3750X is located in different location ? or same location, if same location why not stack them.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

yep

 

3750-X are  DMZ Switches , where the the DMZ Servers are connected

Is there any reason you are not considering Stacking them ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi

 

Does these 2 3750-X acts as 1 unit if i stack them , i mean do they becomes like similar to VSS

yes, they become 1 switch.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

 

Do you mean , 2 X Control plane and 2 x Data Plane

 

 

 

Switches in Stack, you will have 1 control plane.

 

suggest to understand Stacking concept, below information help you:

 

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-series-switches/71925-cat3750-create-switch-stks.html

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: