ASA5515x MCEC to two 3750X and two 4500X
I have a design wherein two ASA5515Xs (ASA1 and ASA2) are configured as multicontext mode. ASA's Interface G0/1 and G0/3 respectively are conected to two 3750Xs for OUTSIDE traffic Po1. And ASA's Interface G0/0 and G0/2 respectively to two 4500X (configured as VSS) for INSIDE traffic Po2. These physical interfaces are configured as etherchannel.
Inside the two ASAs, are two contexts, CTX1 and CTX2. CTX1 is active on ASA1 and CTX2 is active on ASA2. On top of 3750x-SW1 I have a CE_ROUTER connected to G1/0/2 and below the 4500x-SW1-G1/1/2 is connected to InternalRTR.
Everything works fine, until I encounter a failover on the OUTSIDE interface of CTX1, so CTX1's outside interface had failover to ASA2. Then after the failover, the BGP communications between CE_ROUTER and InternalRTR was stopped (OpenSent/Active). I run a packet capture inside the CTX1 and there was no syn/ack ack from InternalRTR. Bi-drectional ping was successful but BGP was not able to establish. But If I move the InternalRTR to port G2/1/2 of 4500xSW2 the BGP connection was able to establish.
My assumption on this issue is the Multi-Chassis Etherchannel configuration of ASA to two 3750X and 4500X. Am I correct? My question here are the ff.
1. Is ASA supports MCEC?
2. It seems to me, that somewhere along the port channels, the bgp tcp packets was asymmetrically traversing the network. How do I mitigate this kind of issue?
3. What is the best practice design for two ASAs (ACTIVE/ACTIVE configuration) to leverage the technology of VSS in 4550x and stackwise technology in 3750X.
Please advise, thank you in advanced.