07-14-2014 05:48 PM - edited 03-07-2019 08:03 PM
I have created a port channel on my ASA and I wanted to use a vPC between the two Nexus 6k switches but I have read conflicting information about using a vPC to route traffic out in this manner. Is this supported?
07-14-2014 06:00 PM
I believe the only time where it is not supported is when you are using a dynamic routing protocol like EIGRP or OSPF. I have a number of ASA working just fine with vPC's but we run static routes to them...
07-15-2014 04:37 AM
We are using static routes on our 6k switches. So to be clear if I, for example, setup the hsrp vip on vlan 1 with an IP of 10.10.10.1/24 and then trunk vlan 1 across the vPC and put 10.10.10.5/24 on the firewall vlan 1 interface I can create a static route for traffic destined for another network subnet from the 6ks to 10.10.10.5 and it will route through the firewall as long as no routing protocol is running on the Nexus switches and I add the new vlan to the vPC Peer-link? I'm new to Nexus and vPC so I just want to make sure I'm not missing something.
07-15-2014 06:15 AM
Yep I believe this should work. This sounds like exactly what we are doing in our environment.
07-14-2014 06:31 PM
One side note though... I did learn the hard way that if you have a add on module in your ASA (like a 4GE SSM)) it does not support port channels. There was a version of code that had a bug that would let you configure the port channel, but it does not work correctly. I think it is a hardware limitation due to the way the module is seen at a hardware level as a single port.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide