Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hope someone can provide some advice.What is the best design for a redundant infrastructure?The components are:2 x 3750G switches (stacked)2 x ASA5520 Firewalls - Active/Passive2 x F5 load balancersFirewalls are up front and load balancers are in the...
Hope someone can make a recommendation:What is the best practice for the upstream connection at an Internet datacenter colo?The connection from the ISP is an ethernet cable.One option is to use a catalyst switch with a routed port. Traffic would then...
Cisco ASA does not allow an interface to be contacted by hosts attached to another interface. Meaning: if I am on an internal interface, I cannot reach the external interface IP.This is so irksome. Because it means that internal hosts cannot VPN to t...
Does anyone know how to or if it's even possible to use a different split tunnel ACL for one single VPN profile depending on which interface is being used as the VPN end point?
Thanks for the reply.So you are suggesting that the firewall be chosen as the edge device to the upstream provider.Putting the interfaces in the same vlan or directly connecting them are essentially the same thing from an architecture perspective.I t...
Thanks for the reply.I think I've solved the issue by using DNS rewriting.Consider an internal and external network.A user with a laptop has a vpn profile that points to vpn.company.com- an external ip.The user can use the vpn profile when on the Int...
Here is the solution to the problem.So if you want to be able to use 1 profile in the Cisco IPsec client, or to use one standard URL to establish SSL VPN connections, REGARDLESS of the ASA interface involved, here is what you do:A service policy can ...
Thanks for reply.So does that mean that SFP cables can be used to directly connect SFP ports on 2 different catalyst switches?I'm trying to avoid having to buy SFP modules, which then sticks out of the port and is probably more expensive also.Thanks ...
