10-17-2012 06:09 PM
Hello Guys,
I found an interesting vPath behavior in VSG with ASA 1000v deployement on ESXi cluster.
ASA 1000v have 2 interfaces only for data (Inside and Outside).
When you want to enable the vPath for the ASA, you should apply vservice node type asa on the port-profile of your virtual machines, when you do this step, you lose the VSG policy for those virtual machines.
I decided to create 3 port-profiles, 2 for virtual machines (to send some to VSG and some for ASA 1000v), and 1 port-profile for ASA inside interface, when I apply the vservice command under ASA inside port-profile, the ASA doesn't permit the traffic proprly with the defined policies (although the ASA is able to ping and receive icmp from the VMs).
I appreciate if someone can clarify this point or have some insight on this subject.
Kind Regards
Mohammed Khair
Solved! Go to Solution.
10-17-2012 08:21 PM
You need to use vpath service chaining if you want to use VSG/ASA together. Below link has information about the service chaining:
Thanks,
Vinod
10-17-2012 08:21 PM
You need to use vpath service chaining if you want to use VSG/ASA together. Below link has information about the service chaining:
Thanks,
Vinod
10-17-2012 08:58 PM
Thank you very much Vinod, that is exactly what I looking for
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide