ASA S2S transition to new cluster with dynamic NAT address advertisement
OK, so I think I know the answer (i.e. it's not possible). However, I feel that there has to be a way to do this gracefully.
Here's the scenario. We're moving from and existing topology with a HA pair. There's 100+ S2S tunnels in place currently. I'm trying to find a way to transition them to a new HA pair in a graceful fashion. Thing is, nearly all of the remote peers are currently being NAT'd to a locally routed IP. Obviously doing this transition one at a time is going to be a pain. However, it occurred to me that there could be a more intelligent way of doing this. Being more of an R&S guy than an ASA/Remote Access guy, I figured there has to be a way to dynamically advertise the tunnel networks as they come up... using the rule of more specific routes to determine the better path (i.e. 10.0.0.0/24 via the old, and 10.0.0.0/30 via the new).... however these pools are, for the most part NAT pools.
So, the question is... is there a way that anyone can think of to dynamically advertise the NAT address(es) of a given tunnel as it comes up, via BGP?
Cisco Champion Radio · S7|E37 Business Resiliency for your Workforce and Workplace
Today, organizations are facing changes so large, so fast, and so many—seeing acceleration of already established trends as well as unprecedented disruption—that’s making ...
Hello,i have a N5k-k5548up-af and i have a acl for trusted network which is attached to line vty and to my uplinks interface, and i have around 250 interface vlan and my interface vlans can reach bgp port or snmp port, is there nayway that tune copp to pe...
This event had place on Tuesday 22nd, Septemberat 10hrs PDT
Omar Santos is an active member of the cyber security community, where he leads several industry-wide initiatives and standards bodies. His active role help...
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.
We make improvement...
There has been a lot of grey area when one needs to get started with ISE or when one does not have any specific background.Could you please guide me to what are the thing that one needs to know inside out and what are the things which require only a minim...