A/A ASA in data center

MOHAMMAD ALHAJ EID · ‎02-19-2015

Hello Team,

I want to deploy two nexus 7K in a data center I want to utilize the VPC feature over my approach in current scenario I have two ASA 5540 in A/A , number of Inside vlans are 32 vlans. I have three questions as per the following:

1- How should I Connect the ASA into N7K through VPC feature ( Is it doable to make the ASA in between the core VDC and Aggregation VDC or to connect it as arm to the AGG VDC only)

2- Since I have 32 vlans, And ASA is limited to 8 bridge groups, which will not allow me to map more than 8 vlans into in each context. Should I go through the routed mode and make the ASA is a default gateway for all the internal servers.

3- Since I have only four gig ports per ASA physical device, Can I use the management port for Failover link ?

Please help me sorting this setup in any configuration example for both 7K and ASA with diagram of physical connections if possible. Thanking you in advance

Best Regards

Mohammad Eid

rizwanr74 · ‎02-27-2015

Please follow configuration example to make your ports on ASA as a trunk mode and ASA should be routed mode and if you require any dynamic nat or static-nat you can do so as well.

Please make sure, you have one separate vpc extending to primary ASA and another vpc extending to secondary ASA.

interface GigabitEthernet0/2

channel-group 1 mode active
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
channel-group 1 mode active
no nameif
no security-level
no ip address

interface Port-channel1
port-channel load-balance src-dst-ip-port
nameif inside
security-level 100
ip address 10.10.2.2 255.255.255.252

Now should you require a DMZ interface, then create a subnet interface from port-channel interface.

interface Port-channel1.50
description VLAN-50
vlan 50
nameif dmz
security-level 50
ip address 10.10.30.2 255.255.255.0

You would treat ASA connection to VPC on 7K, just like any other fabric extenders connection.

Hope that answer your question.

Thanks

Rizwan Rafeek