I have a ASA5500 that used to be the core router/firewall and I am in the process of moving the non internet facing routing/firewall away from it.
I have come across an issue with, what seems to be a asym routing problem
vlan67 is my WAN vlan - basically a bonded pair of ports on a switch to a L2 connection between site)
I am using OSPF and vlan67 192.168.67.0/24 is area 0.0.0.0 at the other end is pair of routers handling OSPF and routing in that DC
at my DC with the ASA I have
vlan 68 - this is my internal vlan 192.168.68.0/24 which is the interconnect with my main DC internal routers again with OSPF
ASA5500 -> 192.168.68.1 -> router A 192.168.68.2
router A is the DGW for network 192.168.69.0/24 and publishes this via 192.168.68.0/24 network
The 192.168.69.0/24 is a management network .. I have VMWare VC here and other managemen box and iLo, Dracs etc....
I also tried to place the management port of the ASA5500 on here so 192.168.69.254 (&192.168.69.253 ... its a cluster)
I have a tftp server on 192.168.69.7 when I am on console on the ASA5500 and run copy running tftp://192.168.69.7/<filename> it sometimes fails.
it seems like it wants to send via OSPF route... so it has 2 paths to 192.168.69.0/24 1 via the direct connect management 0/0 (I tried this as a vlan on off one of the 1G ports as well) and 1 via 192.168.68.2
That really should be a problem I did think, but I saw no errors in the log I saw no packets on the 192.168.69.0 network ! the tftp would fail ... or work with an empty file
The other annoying thing is that the VC 192.168.69.200 couldn't connect to any esxh hosts in the second data center. I believe the path was
(other DC) 192.168.17.2 -> 192.168.17.1 (ASA5500) 192.168.69.254 -> 192.168.69.200 the ASA knows about the directly connect path and i think its having issues with that. But again no error messages in the log !
So I am stuck ... I do have plans on bring the WAN interface over to router A, but I want to make sure its an issue with ASA5500 and I would like to understand what the issue is... Why did the tftp fail !
Re: Unable to SSHDiane, The difference you are seeing is that an ASA is a firewall first and a VPN product second. The VPN Concentrators just did VPN and didn't concern themselves with routing, switching, or firewalls. ...
Topic: Auto-Summarization in IGP (EIGRP and RIP)
I know you may know about Auto Summary, but there are very few documents about Auto Summary. I decided to describe it in simple words. I saw that many CCNA and CCNP students face diff...
The template editor is a standalone application that can be used to Build your Day-0 (PnP) or Day-N configurations.
•Day-0 (PnP) : Is your PnP/Onboarding Template . This is a one-time Template that used while you onboard your ...