currently i am working on Migration Project, where i need to migrate Juniper SRX to Cisco ASA.
I am stuck between middle of this project, while converting to IPSEC VPN.
Please find below details:
1. Juniper has configured route based and policy based vpn, route based vpn are based on tunnel interface and destination networks are pointing towards ST0 tunnel interface. VPN zone configured and used in Security policies.
2. I am facing problems mostly in policy based vpn, because clients has two links.
Three policy based vpn are configuration with interesting traffic, and vpn is applied on ISP1, but destination network are pointing to different interface. as per discussion with customer they have another mpls links, which traffic is going through. they have redundancy between mpls and vpn, when mpls link down traffic will go through vpn. two vpn are pointing towards 1 interface and third vpn are pointing towards second interface.
they have also configured RPM and ip monitoring where they are doing ICMP ping to peer ip,through ISP 1, when its down it will go through ISP 2.
security policies are present in juniper for both VPN and MPLS.
3. overall they have ISP redundancy for two VPN and Redundancy between MPLS and VPN also.. therefore they have configured policies for both.but specific routes (destination network) + interesting traffic for VPN next hop is router, where mpls link terminated.but vpn are applied on ISP 1.
1. I am not getting how to accommodate into Cisco ASA. because first thing about Route based VPN is I can not configure tunnel interface, I replaced next hop according to VPN is applied. how to identify interesting traffic for route based vpn?
2. How to configure ASA in that way where ISP redundancy should be applied and Configure Cisco ASA for MPLS and VPN Redundancy.
3. I can configure IP SLA for monitoring, but I am not getting which IP Should i track on which interface and backup routes with backup interface?
4. Is Policy based routing is supported in CIsco ASA 9.5, can pbr solve my problem?
5. How policy based VPN works, is it use default route for VPN Tunnel ?
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...
Cyberattacks are more sophisticated than ever and your online presence has never been more critical to the success of your business. Cisco, through its OEM partnership with Radware, can help secure your digital future by continuously monitoring...
We have a filter that blocks incoming messages with credit card numbers. But it won't pick up on messages with 4 digit blocks on separate lines. Example:1234567890123456 Any suggestion on how to detect this pattern?