anybody out there running both VTI and policy base Ipsec tunnels on the ASA? how are you doing failover?We have two datacenter sites A&B. I need failure in VTI in siteA to failover to siteB. Same with my policy tunnels (RRI) need them to failover i...
can anyone provide some good URL's as to how to setup RRI with the ASA? I seem to keep getting old docs. I have some old 2016 articles from Petenetlive.com. looking for anything else out there newer than almost 10yrs ago. Has BGP finally been added t...
I have about 50 nats most are (inside,outside) object-group network1 object-group network1 dest remobject-group network1 object-group network1 I need to add at least 50 nats above these. I need to do a:nat (inside, outside) 1.1.1.1 2.2.2.1 dest r...
I have an existing 10.5.0.0/24 subnet with servers on them that vendors contact via Ipsec tunnel. their destination is to our server on the 10.5.0.x subnetWe need to change our internal IP's from 10.5.0.0/24 to 10.10.116.0/24 but not have the vendor...
What is the consensus here about using msft dhcp server to assign out IP's for anyconnect? Read several threads here that don't paint it in a super positive light and several issues. I have the need for 1 group of AD users to get their own subnet as...
key part was missing "THE ORDER" my (inside,outside)static 1.1.1.1 2.2.2.1, have to be first before processing the nats that contain object groups. nice to know if you paste in cli nats with line numbers, all other nats line numbers will be pushed d...
thanks for the link. We need to change IPs on servers that live on the 10.5.0.0/24 network to 10.10.116.0/24. these servers are already nated and being contacted to vendors on the other side of the ip tunnel.changing IP's would require a re-do of cr...
I already have nat statements that take groups of servers "no nat" them so they can go down the tunnel as 10.5.x.xvend on the other end should NOT get a 10.10.116.x ip, they should continue to get the old 10.5.x.x IP. I already have nat statements t...