Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
449
Views
0
Helpful
0
Replies

OTV and secured networks behind ASA (DMZ)

stuart.baker
Level 1
Level 1

‎06-02-2016 10:28 AM - edited ‎03-01-2019 08:17 AM

Hello, 

We have configured OTV and believe we have it working between 2 DC's over a point to point routed WAN link. Each DC has a pair of Nexus 7004's using vPC for resilience for down linked equipment. A separate VDC has been created as per the Cisco guidance to isolate the OTV configuration and all appears to be working well.

We have a requirement to permit the VMotion of servers not only inside but also in the DMZ which is configured as an interface on an attached ASA5545-x. The DMZ is up and running at both locations along with associated failover routing, however I'm unable to see any routes for the VM hosts that are located in the DMZ when running the 'sh OTV route' command in the OTV context at either DC location.

I have seen one guide that shows the above configuration here (https://overlaid.net/2014/03/27/otv-for-secured-firewalled-networks-a-design-consideration/) and possible issues but I can't even get that far.

Does anyone have a secured network (behind a firewall) participating in OTV? and if so did you have to do anything to get the MAC/ARP addressing through the he firewall??

Kind Regards,

Stuart

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card