Multiprotocol Label Switching (MPLS) traffic over VRF-Aware Software Infrastructure (VASI) interfaces is not supported.
IPv4 and IPv6 multicast traffic is not supported.
VASI interfaces do not support the attachment of queue-based features. The following commands are not supported on Modular QoS CLI (MQC) policies that are attached to VASI interfaces:
bandwidth (policy-map class)
VASI 2000 pairs are not supported on Open Shortest Path First (OSPF).
When there is a need to apply services like FW, IPSec and NAT to traffic that flows across different VRF instances you need VASI. Essentially we are creating two HOPS within the router.
How VASI works
When an inter-VRF VASI is configured on the same device, the packet flow happens in the following order:
A packet enters the physical interface that belongs to VRF1 (Gigabit Ethernet 0/0/0).
Before forwarding the packet, a forwarding lookup is done in the VRF Green routing table. vasileft1 is chosen as the next hop, and the TTL value is decremented from the packet. The packet is sent to the egress path of vasileft1 and then automatically sent to the vasiright1 ingress path.
When the packet enters vasiright1, a forwarding lookup is done in the VRF Red routing table, and the TTL is decremented again (second time for this packet).
VRF Green forwards the packet to the physical interface, Gigabit Ethernet 0/0/2.
I have situation, that on the active device of FMMS the admin context is faulty and it has hell lot configuration missing, can not login to it. On the Secondary Device firewall Admin context is fine. --------------------------------The version is:On ...
For a customer I'm trying to come up with a dynamic solution to configure a fabric switchport with a static access VLAN in support of their Wake-on-LAN based desktop support processes. Specifically, DNAC v18.104.22.168 introduces support for Subnet Directe...
Hi Everybody,Maybe this subject was already discussed and a solution exist, but a could find it in any discussion.I setup a site to site VPN between 2 sites ( HQ_ASA <--- VPN ---> Site_ASA). the inside subnet for each site is nated before reaching t...
Hi community!Faced the issue with connecting into Standby node of FO ASA cluster. The problem description:- when I try to connect via SSH to the Standby node I always getting the message "Remote side unexpectedly closed network connection";- when I c...
Hello I have an issue where I am upgrading ASA5585-X Active/Standby pairs from 9.1.7 to 9.8.4(26). Several pairs have been upgraded, and in each case, the Standby device is reloaded first. However, when it reboots, it boots back into a Cold Standby s...