FWSM/ASA in Transparent passing Lacp ? [ for LB purposes ]

Unanswered Question
Oct 18th, 2011
User Badges:

Hi !

i would like to see if this is currently possible :

i have two firewalls, fwsms and/or asa .

i would like to have the following configuration :

fwsm/asa/other are in transparent mode [assuming that in that way they can pass Lacp]

if they can pass lacp transparently , it means i can use the native Portchannel load balance with it to trafficshare between them, or do i need something more ?

if this is possible i would be able to add firewalls "on the go" not ?

ScreenHunter_18 Oct. 18 15.56.jpg

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Rick Arps Tue, 10/18/2011 - 10:45
User Badges:
  • Bronze, 100 points or more

I think you're asking for trouble with this scenario. 

Here's something to consider.  Lacp should send one specific flow over a given interface, so you'd think you would be ok.  However, since the return flow gets balanced by a differnet switch, it won't necessarily end up on the same trunk.  At that point, the other firewall wouldn't know about the flow, and would drop the traffic.

Now that asa supports terminating lacp, you're much better off spending a bit more and getting a bigger firewall in the first place.




This Discussion

Related Content