FWSM/ASA in Transparent passing Lacp ? [ for LB purposes ]

Unanswered Question
Oct 18th, 2011

Hi !

i would like to see if this is currently possible :

i have two firewalls, fwsms and/or asa .

i would like to have the following configuration :

fwsm/asa/other are in transparent mode [assuming that in that way they can pass Lacp]

if they can pass lacp transparently , it means i can use the native Portchannel load balance with it to trafficshare between them, or do i need something more ?

if this is possible i would be able to add firewalls "on the go" not ?

ScreenHunter_18 Oct. 18 15.56.jpg

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Rick Arps Tue, 10/18/2011 - 10:45

I think you're asking for trouble with this scenario. 

Here's something to consider.  Lacp should send one specific flow over a given interface, so you'd think you would be ok.  However, since the return flow gets balanced by a differnet switch, it won't necessarily end up on the same trunk.  At that point, the other firewall wouldn't know about the flow, and would drop the traffic.

Now that asa supports terminating lacp, you're much better off spending a bit more and getting a bigger firewall in the first place.

hth,

Rick

Actions

Login or Register to take actions

This Discussion

Posted October 18, 2011 at 6:53 AM
Stats:
Replies:1 Avg. Rating:
Views:422 Votes:0
Shares:0
Tags: fwsm, cef, asa
+

Related Content

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446