Cisco VSG and ASA 1000v integration/design

Answered Question
Oct 17th, 2012

Hello Guys,

I found an interesting vPath behavior in VSG with ASA 1000v deployement on ESXi cluster.

ASA 1000v have 2 interfaces only for data (Inside and Outside).

When you want to enable the vPath for the ASA, you should apply vservice node type asa on the port-profile of your virtual machines, when you do this step, you lose the VSG policy for those virtual machines.

I decided to create 3 port-profiles, 2 for virtual machines (to send some to VSG and some for ASA 1000v), and 1 port-profile for ASA inside interface, when I apply the vservice command under ASA inside port-profile, the ASA doesn't permit the traffic proprly with the defined policies (although the ASA is able to ping and receive icmp from the VMs).

I appreciate if someone can clarify this point or have some insight on this subject.

Kind Regards

Mohammed Khair

I have this problem too.
0 votes
Correct Answer by katariav about 1 year 6 months ago

You need to use vpath service chaining if you want to use VSG/ASA together. Below link has information about the service chaining:

http://www.cisco.com/en/US/docs/switches/datacenter/vsg/sw/4_2_1_VSG_1_4_1/video/cisco_vsg_service_chaining_part01.html

Thanks,

Vinod

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)

Actions

Login or Register to take actions

This Discussion

Posted October 17, 2012 at 6:09 PM
Stats:
Replies:2 Avg. Rating:5
Views:512 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard