Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1543
Views
0
Helpful
2
Replies

Cisco VSG and ASA 1000v integration/design

Go to solution
Mohammed Khair Khomakho
Level 1
Level 1

‎10-17-2012 06:09 PM

Hello Guys,

I found an interesting vPath behavior in VSG with ASA 1000v deployement on ESXi cluster.

ASA 1000v have 2 interfaces only for data (Inside and Outside).

When you want to enable the vPath for the ASA, you should apply vservice node type asa on the port-profile of your virtual machines, when you do this step, you lose the VSG policy for those virtual machines.

I decided to create 3 port-profiles, 2 for virtual machines (to send some to VSG and some for ASA 1000v), and 1 port-profile for ASA inside interface, when I apply the vservice command under ASA inside port-profile, the ASA doesn't permit the traffic proprly with the defined policies (although the ASA is able to ping and receive icmp from the VMs).

I appreciate if someone can clarify this point or have some insight on this subject.

Kind Regards

Mohammed Khair

Mohammed Khair Khomakho CCIE Routing and Switching #26682
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vinod Kataria
Level 4
Level 4

‎10-17-2012 08:21 PM

You need to use vpath service chaining if you want to use VSG/ASA together. Below link has information about the service chaining:

http://www.cisco.com/en/US/docs/switches/datacenter/vsg/sw/4_2_1_VSG_1_4_1/video/cisco_vsg_service_chaining_part01.html

Thanks,

Vinod

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Vinod Kataria
Level 4
Level 4

‎10-17-2012 08:21 PM

You need to use vpath service chaining if you want to use VSG/ASA together. Below link has information about the service chaining:

http://www.cisco.com/en/US/docs/switches/datacenter/vsg/sw/4_2_1_VSG_1_4_1/video/cisco_vsg_service_chaining_part01.html

Thanks,

Vinod

0 Helpful

Go to solution
Mohammed Khair Khomakho
Level 1
Level 1
In response to Vinod Kataria

‎10-17-2012 08:58 PM

Thank you very much Vinod, that is exactly what I looking for

Mohammed Khair Khomakho CCIE Routing and Switching #26682
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents