Hairpin Inet + Site to Site VPN + MPLS WAN + EIGRP scenario problem
I am trying to use our ASA pair at our main datacenter as the Internet hub for all our remote sites that hit it over our MPLS WAN as well as a site to site VPN hub hairpinning the Inet traffic. This is all dynamically routed using EIGRP and GRE tunnels.
For traffic destined for the Internet coming over the WAN to the datacenter it will go out the Internet link on the ASA. The ASA has a route on the inside interface for the remote sites /16 address. When that link fails though it still has the static route for the /16 on the inside interface so when our router sees the remote sites through the ASA with the site to site tunnel and not across the WAN the traffic will not route over that ASA.
I have tried to route the traffic on the ASA by having the identity NAT statement select the egress interface and then putting in another static for that same /16 on the outside interface with adminstrative distance of 2, but that is failing for me as well.
It seems that I am limited on the capabilities of the ASA. The only "solution" I can think of would be IP SLA on the ASA, but I'm hoping there's a more elegant way to do this.
These are few tips that will help you with your first deployment of ISE. For advanced tips, please visit: https://community.cisco.com/t5/security-documents/advanced-ise-tips-to-make-your-deployment-easier/ta-p/3850189
Enable full visibilit...
This guide helps in troubleshooting the IBM QRadar pxGrid App. It is assumed that the ISE pxGrid App has already been installed in QRadar. The official IBM QRadar pxGrid App How-to Guide can be downloaded from: https://exchange.xforce.ibmcloud.com/...
Join us live on Tuesday, July 16 at 10 am PT to learn how integration and automation are the key to successful security designs. We’ll answer questions about Threat Response and also do a quick demo of our browser plugin and our latest integration wi...
Hello and welcome to the repository for the Monthly Webinar Series put together by our Desert Plains Operation Security Architecture team.
Our sessions are NOT recorded -- however you'll find historical slide decks attached as well as futu...