Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASA Cluster with Dynamic routing to NEXUS

Unanswered Question
Aug 26th, 2014
User Badges:

I am trying to configure OSPF between an ASA cluster and a pair of Nexus Switches (3K).  I have followed the Cisco released powerpoint presentation on the subject which says that the deployment is supported and that is about it.  My setup has been deployed as the diagram below (from the PPT slides, I have attached the image as well in case it doesn't display properly):


I have HSRP running between the two Nexus switches and they are not running as a VPC as Cisco says that it is unsupported for dynamic routing.  From the Nexus on the left (A) I have full adjacencies to the other Nexus and to the ASA on the Left (A) but the adjacency to the Firewall on the right (B) is constantly sat in Exstart/DRother.  From the Nexus on the right (B) it is the exact opposite i.e. Full to FW B and Nexus A but Exstart/DRother to FW A.


In the Cisco documentation it doesn't say that my deployment is not supported but it dies say that convergence times are not optimal at the moment and I do see failover times of around one minute when I lose a FW.


My question is, has anyone else configured this setup and are my OSPF states as they should be for where Cisco is with the technology or have I got something completely wrong in my configuration?


Kind Regards




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
uglyed000 Wed, 09/16/2015 - 15:37
User Badges:

Hello eddig,


I am trying to do the exact same thing today, ASA cluster to Nexus 7k pair with OSPF between them.  Did you ever resolve this?



s.zink Mon, 11/23/2015 - 02:58
User Badges:

Is there anyone with a working solution for that?

I also need a routing protocol (ospf or eigrp) between a asa cluster and a nexus 7k peer (sup1).

Some designs I tryed are not realy full functional. There are many issues with the L3 peering. Specialy when I try to simulate some link down issues.


This Discussion