Firepower 2130 HA pair - Adding additional external IP's on external interface port channel
For my external interface on a 2130 pair in HA I have a port channel defined
On that external port channel, I have a sub-interface defined that has the main external IP which is part of a /23 public subnet on vlan 254
I am trying to add additional public ip addresses on the external interface but it doesnt seem possible
Port channel 18
Sub Port Channel 18.254 with public ip address X.X.X.1/23 on vlan 254
I want to add additional public ip addresses from the same vlan 254 which has the /23
Such as X.X.X.3, X.X.X.4, etc
My intent is to use the additional public ip addresses for a combination of target endpoints for anyconnect user vpn and for outgoing auto dynamic NAT/PAT so that certain internal subnets get NAT'd/PAT'd to specific external public IP's
However when I try to add additional sub-interfaces with public ip's inside the /23 i get multiple warnings saying I can't do it because there is another subinterface already on vlan 254 and there is overlap with the existing /23 in terms of the IP's.
Is there a way to do this? To have multiple IP's in the same vlan on the same external port channel?
I think I figured this out. The disconnect is thinking the IP's must be defined on the interface before they can be used in NAT/PAT or VPN endpoints. I was able to pencil in additional public IP's in the /23 in the NAT/PAT rules and I expect to be able to do the same for an AnyConnect VPN endpoint
May 2016Splunk is a powerful tool for analyzing information in your organization by collecting, storing, alerting, reporting, and analyzing machine data. With Cisco platform Exchange Grid (pxGrid) Splunk is able to proactively act on received network secu...
Happy to announce that we have an updated version of our Enabling AMP on Content Security Products - Best Practices (v3.0). Please feel free to review if you have questions regarding deployment of AMP (File Reputation and File Analysis).
Updated: July 2018
New: Updated format , Netflow configuration examples per platform (End of Table)
Note: Remember the table is scrollable horizontally to view other columns, not only vertically
IOS / IOS XE
The goal of this guide is to illustrate the main concepts of TrustSec which are:
Classification: Classifying endpoints and servers with a Scalable Group Tag (SGT)
Propagation: Communicating SGT information through the network