Hello, just wondering if anyone has done this and might have some tips, please ?
Due to an ftp (sftp) server migration a developer has asked me if:
For outgoing connections, the new server and the old server, say ip's = S1 and S2, can use the same existing public ip that S1 currently uses, say ip = P1. (He doesn't want the external suppliers to have change their firewall rules - he says there are only about 6 external suppliers)
For incoming unsolicited connections, the servers can also share this same ip P1 (using the same port = tcp 22).
The existing server has an existing simple static auto nat such that for both o/g and i/c connections, S1<=>P1.
e.g. (using S1 and P1 for the host ip addresses)
object network obj-S1
host S1 nat (dmz1,outside) static P1
My initial thought was 'no' but out of curiosity I'm wondering if the following would work:
a. Remove the existing nat
b. Add new twice nats so that each external supplier, say X1 to X6 can be migrated in turn such that we'd have as a first step
X1 is routed via P1 to S2
X2 to X6 are routed via P1 to S1 (as existing).
object network obj-S1
object network obj-S2
object network obj-P1
object network obj-X1
host X1 - (might be a range but using single hosts for simplicity)
Managed to get hold of a spare small ASA (5506) and tried this - worked OK. Didn't need to remove the existing object auto NAT as the new manual twice NATs take precedence. We're not translating the external ip but need to match on it. So suppliers can be migrated one by one if needed.
IntroductionComponentsISE ConfigurationEnd user perspective and Validation
Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. ISE supports external MDM ...
This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.
This is live on the portal:https://video.cisco.com/video/6159336218001
And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
This AMA will serve as the Q&A for the Cisco Live Digital breakout DGTL-BRKSEC-1011 - "A Challenger Appears: Defending Mailboxes in the Cloud" which covers a brand new product which will be announced during the event: Cloud Mailbox Defense.