cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
720
Views
0
Helpful
1
Replies

FWSM/ASA in Transparent passing Lacp ? [ for LB purposes ]

Hi !

i would like to see if this is currently possible :

i have two firewalls, fwsms and/or asa .

i would like to have the following configuration :

fwsm/asa/other are in transparent mode [assuming that in that way they can pass Lacp]

if they can pass lacp transparently , it means i can use the native Portchannel load balance with it to trafficshare between them, or do i need something more ?

if this is possible i would be able to add firewalls "on the go" not ?

ScreenHunter_18 Oct. 18 15.56.jpg

1 Reply 1

Rick Arps
Level 4
Level 4

I think you're asking for trouble with this scenario. 

Here's something to consider.  Lacp should send one specific flow over a given interface, so you'd think you would be ok.  However, since the return flow gets balanced by a differnet switch, it won't necessarily end up on the same trunk.  At that point, the other firewall wouldn't know about the flow, and would drop the traffic.

Now that asa supports terminating lacp, you're much better off spending a bit more and getting a bigger firewall in the first place.

hth,

Rick

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: