Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Nexus 5k and ASA clustering

Dear all,  Is there a specific design guide when using ASA clustering with Nexus vPC? Basically I have two ASA which will be deployed in a clustering manner. The two ASA will then connect to two Nexus 5K in vPC mode. The security team wants to connect the ASA cluster control link via Nexus 5K also instead of back to back because in future they might add a third ASA in the cluster which they can then connect to N5K. Now is my question is:  1) How should i physically connect the two ASA with the two Nexus cluster control link? Do i put one link from each ASA to each N5K (option1) or do i do a cross connection which is from each ASA to both N5K (option2).  Option 1:  ASA 1                 ASA 2 |                             | |                             | |                             | |                             | N5K1------vPc---------N5k2  The problem i see here is that both the ASA are no interconnected and there is a lot of traffic that goes on the cluster control link to maintain the cluster. Here when ASA 1 send any cluster keepalive to ASA 2 it will reach not ASA 2 because vPC will not allow traffic that was RECEIVED over a VPC peer-link to be sent out a vPC member port, which means N5K2 will not forward that traffic to ASA 2 coming ASA 1, am i right in this? ofcourse since both ASA are cluster i will put both its interface in LACP and same in both N5K also.  Thanks, Aamir

CreatePlease to create content