mhhhh guys, i really appreciate your recommendation, but we are talking here about 2 distinct data centers, where the 2 ASA chassis will be separated by a L2 dwdm link. so i can't use a cable for failover, but only a vlan carrying traffic destined to a subinterface into the default context. in any case, if some problems will affect the dwdm link and as a consequence the faiolver vlan is down, the split brain on the firewalls will be our last concern.
2011/4/6 <robbie.ja...@regions.com>: > strong recommendation on the direct cable for failover; you may risk a > split-brain scenario otherwise. > -- > robbie > > > > > > Ryan West > <rw...@zyedge.com > > To > Sent by: Federico Cossu > cisco-nsp-bounces <federico.co...@gmail.com>, > @puck.nether.net cisco-nsp > <cisco-nsp@puck.nether.net> > cc > 04/05/2011 01:43 > PM Subject > Re: [c-nsp] asa 8.4 + etherchannel > + nexus7k > > > > > > > > > > > On Tue, Apr 05, 2011 at 14:27:18, Federico Cossu wrote: >> Subject: [c-nsp] asa 8.4 + etherchannel + nexus7k >> >> hi all, >> i can't find any useful information about connecting ASA 8.4 >> etherchannels to >> 2 different nexus7K, where the 2 nexus devices are aggregating >> channels with vPC. >> the idea is to trunk inside, outside and failover vlan to ASA and let >> it manage routing between them. >> > 8.4 supports LACP, so you should be fine to configure in this manner. > Might want to consider a direct cable for the failover though. > >> no L3 dynamic routing between asa <---> nexus, my concern is that the >> nexus are also the L2/L3 boundary for the servers vlan, server have >> their default gateway on the nexus (hsrp). >> >> configuration guide cites only vss, not vpc unfortunately. >> http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide >> / >> interface_start.html#wp1329030 >> >> thank you all for any shared information or experience. >> bye > > -ryan > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > -- Lo hai detto hermano. No se escherza con Jesus! (Jesus Quintana) _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/