Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

6500 VSS + 2 x 5585X ASAs + 2 x 3945 Routers connectivity with full redundancy

Hello Guys,

I want to connect 2 x 6509 Switches in VSS mode with ASA 5585X firewalls in full redundancy way, (fibers straight and cross way). Then again from firewall outside interfaces, I  need to connect those to 2 x 3945 Routers with which again straight and cross cables for full redundancy. There is no L2 switch is provided between the firewalls and the routers.

I have done Etherchannels between 6500 Core switches and Firewall inside interfaces (LACP). Also created L2 Etherchannels  between Firewall outside interfaces as members to 3945 routers.

The customer requirement is ASAs must be in Active/Active redundancy mode and must be in transparent mode. Since A/A mode needs multi context mode, I have already enabled multi context mode and also transparent mode. On 3945 Routers side, customer need GLBP.

What is your best recommendation on this scenario as:

I want to provide IP addresses to enable GLBP on 3945 routers, but right now I run etherchannels on it and on ASA side, since it is in transparent side, I am running a L2 etherchannel and this will not allow me to provide ip addresses for GLBP on 3945 routers. There is an option is giving ip addresses to the bridge group, but what do you think, can we introduce it to this requirement?

I would appreciate if you could give me a recommended way.