[c-nsp] asa 8.4 + etherchannel + nexus7k

Federico Cossu federico.cossu at gmail.com
Wed Apr 6 12:12:27 EDT 2011 

mhhhh guys, i really appreciate your recommendation, but we are
talking here about 2 distinct data centers, where the 2 ASA chassis
will be separated by a L2 dwdm link. so i can't use a cable for
failover, but only a vlan carrying traffic destined to a subinterface
into the default context.
in any case, if some problems will affect the dwdm link and as a
consequence the faiolver vlan is down, the split brain on the
firewalls will be our last concern.


2011/4/6  <robbie.jacka at regions.com>:
> strong recommendation on the direct cable for failover; you may risk a
> split-brain scenario otherwise.
> --
> robbie
>
>
>
>
>
>             Ryan West
>             <rwest at zyedge.com
>             >                                                          To
>             Sent by:                  Federico Cossu
>             cisco-nsp-bounces         <federico.cossu at gmail.com>,
>             @puck.nether.net          cisco-nsp
>                                       <cisco-nsp at puck.nether.net>
>                                                                        cc
>             04/05/2011 01:43
>             PM                                                    Subject
>                                       Re: [c-nsp] asa 8.4 + etherchannel
>                                       + nexus7k
>
>
>
>
>
>
>
>
>
>
> On Tue, Apr 05, 2011 at 14:27:18, Federico Cossu wrote:
>> Subject: [c-nsp] asa 8.4 + etherchannel + nexus7k
>>
>> hi all,
>> i can't find any useful information about connecting ASA 8.4
>> etherchannels to
>> 2 different nexus7K, where the 2 nexus devices are aggregating
>> channels with vPC.
>> the idea is to trunk inside, outside and failover vlan to ASA and let
>> it manage routing between them.
>>
> 8.4 supports LACP, so you should be fine to configure in this manner.
> Might want to consider a direct cable for the failover though.
>
>> no L3 dynamic routing between asa <---> nexus, my concern is that the
>> nexus are also the L2/L3 boundary for the servers vlan, server have
>> their default gateway on the nexus (hsrp).
>>
>> configuration guide cites only vss, not vpc unfortunately.
>> http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide
>> /
>> interface_start.html#wp1329030
>>
>> thank you all for any shared information or experience.
>> bye
>
> -ryan
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>



-- 
Lo hai detto hermano. No se escherza con Jesus! (Jesus Quintana)

More information about the cisco-nsp mailing list