I hope this is the right place to post this question....
I currently have an ASA5510 (software version 8.2.5) which I'm using as my firwall and vpn. I have an ipsec tunnel between my office and our HQ office. The ASA is also serving as client vpn termination point.
For routing internally at my office, all I have is a Catalyst 3560 doing static vlan routing, and the ASA's inside interface is the default gateweay for the 3560.
The next step is to add an MPLS circuit between the 2 offices.
The ipsec tunnel between the two offices is working fine, but once the MPLS is installed, we want to send all pertinent traffic over MPLS, and use the ipsec tunnel as a backup in case the MPLS goes down.
So all traffic leaving the branch office network would be handled by the ASA. The ASA would either send the traffic out the MPLS (or over the ipsec tunnel if the MPLS was down), or out to the internet if not destined for one of the HQ networks.
This type of solution with an ASA is quite difficult to set up, in my experience you would be far better to use a router with the firewall feature set, as you have better options for configuring the IPsec L2L tunnels. ASA's are great for remote access (Client) VPN's, but limited for L2L use.
Routers allow you to set up either VTI or DMVPN based tunnels, both of which support a dynamic routing protocol across the tunnel, so the tunnel looks like another P2P circuit to your core, and can have routing metrics or floating statics applied.
In EVPN A/A + IRB both PE in same EVI have BVI playing a default GW role. Its not supported to have BVI to be shutdown on one of PEs, In this case if if traffic hit this PE with DMAc equal to BVI Custom MAC, then it will drop this traffic du...
Crosswork Cloud - Crosswork Traffic Analysis - FAQ
Crosswork Cloud - Crosswork Traffic Analysis is a Cloud-hosted Software as a Service platform that provides Netflow based Traffic Analytics. The Crosswork Traffic Analysis platform Traffic Analysis, Peeri...
Cisco Champion Radio · S8|E9 Innovations to Achieve a Trustworthy Infrastructure
How do you know for certain that a router in your network has not been altered with since you deployed it? Wouldn’t it be great if you can cryptographically challenge your r...
IOS upgrade on asr9xx mandates rommon upgrades sometimes while they can be optional at other times. You may land up in unwanted situation if proper procedure is not followed during upgrades.
This article will include complete details about rommon ...
In some situation NCS560 RP become unresponsive after reload or powercycle.
In many NCS560 deployments are in remote location, deployment might be large and human intervention should be kept at minimum
Engineering team have been working on a str...