About Roman T

Roman T · 06-16-2020

Dear people, my post was deleted from Security/VPN, so I am hoping to find advice here. I have a single Cisco ASA 5508, configured ikev2 IPSEC tunnel into AWS using VTI (virtual tunnel interfaces). Both tunnels work and traffic can flow via both of t...

Roman T · 07-31-2017

Dear community I have been trying to understand the login in ACL however it is still unclear to me. My setup is security firewall which does not have internet access, all I need is explicitly allow minimum traffic, only what is needed needed. A samp...

Roman T · 06-17-2020

@Georg Pauwen wrote:the ASA does equal cost load balancing for up to eight static routes, so in theory, the below should be sufficient: route tunnel-vti-1 10.0.0.0 255.255.255.0 123.123.1.22route tunnel-vti-2 10.0.0.0 255.255.255.0 123.123.11.25Unfor...

Roman T · 08-01-2017

But what if for each zone I want to strictly control what can go in and out? For sensitive zone (100) I would allow only one service in, and one other service out. That would mean for another, less sensitive "sysadmin" zone (50) I allow implicitly an...

Member Since	‎07-31-2017 06:58 AM
Date Last Visited	‎06-24-2020 12:06 AM
Posts	5

User Statistics

User Activity

ASA 5508 Redundant routes via VPN VTI interface do not work with just different metrics, and cannot setup SLA for VTI

ACL duplicates in case of explicit deny

Re: ASA 5508 Redundant routes via VPN VTI interface do not work with just different metrics, and cannot setup SLA for VTI

But what if I want to