Yep I believe this should

John Malette · ‎07-14-2014

I have created a port channel on my ASA and I wanted to use a vPC between the two Nexus 6k switches but I have read conflicting information about using a vPC to route traffic out in this manner. Is this supported?

jgardner150 · ‎07-14-2014

I believe the only time where it is not supported is when you are using a dynamic routing protocol like EIGRP or OSPF. I have a number of ASA working just fine with vPC's but we run static routes to them...

John Malette · ‎07-15-2014

We are using static routes on our 6k switches. So to be clear if I, for example, setup the hsrp vip on vlan 1 with an IP of 10.10.10.1/24 and then trunk vlan 1 across the vPC and put 10.10.10.5/24 on the firewall vlan 1 interface I can create a static route for traffic destined for another network subnet from the 6ks to 10.10.10.5 and it will route through the firewall as long as no routing protocol is running on the Nexus switches and I add the new vlan to the vPC Peer-link? I'm new to Nexus and vPC so I just want to make sure I'm not missing something.

jgardner150 · ‎07-15-2014

Yep I believe this should work. This sounds like exactly what we are doing in our environment.

jgardner150 · ‎07-14-2014

One side note though... I did learn the hard way that if you have a add on module in your ASA (like a 4GE SSM)) it does not support port channels. There was a version of code that had a bug that would let you configure the port channel, but it does not work correctly. I think it is a hardware limitation due to the way the module is seen at a hardware level as a single port.

Can I connect two Nexus 6000 switches to one ASA port channel using vPC on the two Nexus switches?