6500 VSS + 2 x 5585X ASAs + 2 x 3945 Routers connectivity with full redundancy
I want to connect 2 x 6509 Switches in VSS mode with ASA 5585X firewalls in full redundancy way, (fibers straight and cross way). Then again from firewall outside interfaces, I need to connect those to 2 x 3945 Routers with which again straight and cross cables for full redundancy. There is no L2 switch is provided between the firewalls and the routers.
I have done Etherchannels between 6500 Core switches and Firewall inside interfaces (LACP). Also created L2 Etherchannels between Firewall outside interfaces as members to 3945 routers.
The customer requirement is ASAs must be in Active/Active redundancy mode and must be in transparent mode. Since A/A mode needs multi context mode, I have already enabled multi context mode and also transparent mode. On 3945 Routers side, customer need GLBP.
What is your best recommendation on this scenario as:
I want to provide IP addresses to enable GLBP on 3945 routers, but right now I run etherchannels on it and on ASA side, since it is in transparent side, I am running a L2 etherchannel and this will not allow me to provide ip addresses for GLBP on 3945 routers. There is an option is giving ip addresses to the bridge group, but what do you think, can we introduce it to this requirement?
I would appreciate if you could give me a recommended way.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...