05-03-2020 07:06 AM - edited 05-03-2020 10:52 PM
Hi everyone!
I have an interesting case. My topology is:
PA 3250 HA1------> Nexus 9000---------------VXLAN Overlay-------------------- Nexus 9000--------> PA 3250 HA1
vlan 2201 vlan 2201
vn-segment 102201 vn-segment 102201
int Eth1/31 int Eth1/31
switchport mode access switchport mode access
swithport access vlan 2201 swithport access vlan 2201
I need to install 2 firewalls 3250 on 2 different sites in Active / Standby mode. Between sites we use VXLAN technology.
If I make such a connection through a r L2 segment ( use trunk between sites without VXLAN), everything works fine.
Interfaces HА1 and HSCI see each other, HA works fine.
If I use VXLAN ( only like transport layer between sites) - then HA does not work.
On a Nexus inteface, where HA1 connected, i see MAC adresses from both sites ( MAC addr HA1 Palo Alto interfaces), but HA1 link does not work.
For HSCP inerfaces - i don't see mac addresses, I see only part of mac-address of Nexus Interface
If someone had a similar task, please share your experience
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
