Cisco Firewall Configuration for clustering

[topendharness]

Hey forum users, i was curious to know if anyone has ever dual connected a Cisco firewall e.g. ASA5510 to an ERS5500 series switch cluster?
We are toying with this configuration and have been at it for a few hours now using etherchannel on the ASA5510 (2 ports 0/0 and 0/1) as the inside interface to the core.

We have never had any problems with Avaya edge devices using 5520's so thought this might be a breeze but we cant seem to get the network between the core and the ASA to operate.
Is there some funky VLACP or LACP settings on both sides that we are missing?

Hoping someone has done this before or might put us in the right direction. Willing to send more configuration about our setup if need be.
Thanks   

[MatzeKS]

Hi topendharness,

I'd recommend you to setup your uplinks between ERS-Cluster and your Firewall (assumed there is one Firewall with NIC-Teaming/Bond) als SLT with same SLT-ID and same LACP-Key for both uplinks. The guidelines (Configuration Link_Aggregation) from Avaya describes with in detail. VLACP is an proprietary End-to-End-Control-Mechanism for NNI-Links between Avaya Nodes and will not help you in this case.

Good luck

[Michael McNamara]

You certainly can't be using VLACP... the Cisco ASA won't understand or reply to the VLACP frames so you need to disable VLACP and stick with LACP/MLT.

Cheers!

[topendharness]

Thanks Michael and MatzeKS.
We applied the LACP configuration recommendations to our cluster for the connected firewall and seen the cisco etherchannel port come up successfully. Comms are working very nicely now.

Appreciate the advice and support.

Wayne