Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8726
Views
0
Helpful
6
Replies

Cisco ESA - Cluster configuration

Julien LONGHI
Level 1
Level 1

‎04-05-2013 02:41 PM

Hello,

I would like to configure a cluster with 2 ESA C370 appliances that are running the 7.5 software version.

Data1 interfaces are connected to the DMZ (192.168.28.x/24) and the management interfaces are connected to a dedicated management network (172.16.0.x/24) that is standalone.

In this management network, I have no DNS server. The DNS server is present in the DMZ and is a public DNS. The private DNS is on the internal LAN.

To configure a cluster, both appliances and IP addresses in use must have an A and PTR record set up in the DNS.

Is it possible with my configuration to configure the cluster with the IP address of the management interface of each appliances or do I need to use the data1 interfaces to do this ?

For the moment, the A record of each esa in the DNS are configured with the public address and not the private DMZ address.

Both ESA are configured with external DNS (the DNS of my ISP).

I thonk to do a cluster I will have to modify the DNS configuration.

Thanks for your help.

Best Regards,

Julien.

Labels:
0 Helpful
6 Replies 6

Stephan Bayer
Cisco Employee
Cisco Employee

‎04-05-2013 08:05 PM

Julien,

Please review the following post on Centralized Management and clustering.

I hope you find the material helpful.

https://supportforums.cisco.com/community/netpro/security/email/blog/2011/02/17/the-mystery-of-centralized-management-aka-clustering#comment-6736

Regards,

Stephan

0 Helpful

pravhali
Level 1
Level 1
In response to Stephan Bayer

‎08-07-2018 07:51 AM

Getting below message

 

Page No Found

 

The page you are trying to access was not found. Please check your URL for typos and try again.

0 Helpful

dmccabej
Cisco Employee
Cisco Employee
In response to pravhali

‎08-07-2018 01:43 PM

Hello,

 

This is because we just recently moved to a new system for our forums, and it appears the links do not auto-forward.

 

Here's the new link : https://community.cisco.com/t5/security-blogs/the-mystery-of-centralized-management-a-k-a-clustering/ba-p/3101300

 

Thanks!

-Dennis M.

0 Helpful

Stephan Bayer
Cisco Employee
Cisco Employee

‎04-09-2013 05:32 AM

Hi Julien,

Did that help? if so, would you mark the question answered?

Thanks.

Stephan

0 Helpful

Julien LONGHI
Level 1
Level 1
In response to Stephan Bayer

‎04-11-2013 02:29 AM

Hi Stephan,

I modified the configuration of the DNS in the DMZ.

In this DNS, I configured a new zone with PTR records of the management IP adresses.

I modified the DNS config of the ESA appliances. The DNS in DMZ is now with a priority 0 and the external DNS with a priority 1.

With this new config, I did the clusterconfig and all was fine.

Thanks for your help.

Julien.

0 Helpful

Stephan Bayer
Cisco Employee
Cisco Employee
In response to Julien LONGHI

‎04-11-2013 05:39 AM

Thanks for the update! It was my pleasure.


Stephan

0 Helpful
Customers Also Viewed These Support Documents