Configuration Example: Firewall On A Stick; Itd Services; Asa Vlans - Cisco Nexus 9000 Series Configuration Manual

Nx-os intelligent traffic director configuration guide, release 9.x

Hide thumbs Also See for Nexus 9000 Series:

Configuration manual (562 pages)

Troubleshooting manual (126 pages)

Quick start configuration manual (6 pages)

Table Of Contents

Table of Contents

Configuration Example: Firewall on a Stick

switch(config)# itd service-B

switch(config-itd)# device-group dev-B

switch(config-itd)# ingress interface ethernet 7/45

switch(config-itd)# peer local service service-A

switch(config-itd)# no shutdown

switch(config-itd)# show itd

Name

-------------- ----- ---------- -------- -------

Service-B

Device Group

-------------------------------------------------- -------------

Dev-B

Route Map

------------------------------ ------------ ------ ---------

Service-B_itd_pool

Node

------------------------- ------------ ------ ----------

Node

------------------------- ------------ ------ ---------- --------- ---------

Configuration Example: Firewall on a Stick

ITD Services

An ITD service configuration defines the ITD traffic distribution for a particular direction of the traffic flow.

If both directions of a flow need to be redirected, two ITD services need to be configured, one for the forward

traffic flow and one for the return traffic flow. Because an ASA has different inside and outside interface IP

addresses, two different device groups also need to be configured to point to the corresponding inside and

outside IP addresses.

ASA VLANs

The ITD forward and return services are attached to the inside and outside VLAN SVIs on the Nexus switch.

Because a security application such as a firewall needs to examine all traffic, no traffic filtering is configured

on the services. As a result, any traffic that hits the SVI is redirected to the corresponding ASA interfaces.

If the ASA interfaces are configured on the same VLANs as that of the switch, the traffic going to the switch

from the firewall is redirected to the ASA due to the presence of an ITD service on another VLAN on the

Cisco Nexus 9000 Series NX-OS Intelligent Traffic Director Configuration Guide, Release 9.x

Probe LB Scheme

ICMP

src-ip

Interface

Eth7/45

Config-State Weight Status

14.14.14.9

Active

IP Access List

-----------------------------------------------------------------------

Service-B_itd_bucket_0

Config-State Weight Status

13.13.13.9

Active

IP Access List

-----------------------------------------------------------------------

Service-B_itd_bucket_1

Status

Buckets

ACTIVE

VRF-Name

Status Track_id

Probe Failed

Configuring ITD

Track_id

Sla_id

--------- ---------

10003

Track_id

Sla_id

10004

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Configuration Example: Firewall On A Stick; Itd Services; Asa Vlans - Cisco Nexus 9000 Series Configuration Manual

Configuration Example: Firewall on a Stick

ITD Services

ASA VLANs

Hide quick links:

Related Manuals for Cisco Nexus 9000 Series

Related Content for Cisco Nexus 9000 Series

Table of Contents