Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi everyone!I have a Cisco 2801 with a 4 port Layer2 switch card installed (HWIC-4ESW).How do I bridge Ethernet0/1 to the 4ESW so if you were to plug a computer into the 4ESW, it would be on the same network as Eth0/1? Please see my config below:int...
Hi Everyone,I have sort of a conundrum.I have two sites: Site 1 is the Corporate HQ and Site 2 is located nearby. The two sites are connected via a layer 2 wireless bridge and Site 2 has a backup cable internet connection in case the wifi bridge go...
Hi everyone,I'm planning a failover ASA deployment and I'm going by this guide: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtmlIn the diagram for "LAN-Based Active/Stanby Failover Configurat...
Hi Everyone,I'm trying to gather netflow data over an IPSEC VPN and through my research I've learned that I need to configure Flexible Netflow. However, I have a Cisco 2801 router with the latest ROMMON and IOS and the Flexible Netflow options aren'...
I'm trying to gather netflow data from a router at another site that's linked with an IPSEC VPN.Here's a quick network map:[Collector]------[HQ 2801 router]------[HQ ASA Firewall]-------VPN---------[Remote 2801 router]I'm able to collect netflow data...
Thanks for your response.Here's the SNAT that enables Site 1 to communicate with Site 2 via the failover VPN:nat (inside,outside) source static 20.1.1.0 255.255.0.0 destination static 30.1.1.0 255.255.0.020.1.1.0 = Site 1 (HQ)30.1.1.0 = Site 21. Is s...
I implemented the standby ASA this weekend according to the plan I outlined in my first post and everything worked. The failover isn't as seamless as I had hoped even with the state information being sync'd between the ASAs. Maybe I just need to tw...
Well, I'm going to have to use a head-end router since my ISP can't expand my current public subnet and so I'd have to get all new IPs which isn't really an option at this time.Bummer!
Also, I was just thinking about it some more and I don't really understand why the outside interface on the failover ASA needs to be on the same subnet as the Active ASA? You said it was for failover but I thought there were two ports on each ASA (o...
