Hub with Redundancy connected to Spokes with Overlapping IP Addresses
I was just wondering what would be the best possible solution to configure a Hub/Spoke network topology using CISCO ASAs when the spoke networks have overlapping IP addresses attached to a Dual Hub design for redundancy. 2nd Hub will be located at a Disaster Recovery site.
Currently the set up has been configured with XLATED IP on both Hub/Spoke addresses to fix the overlapping IP address issue. 2 concurrent VPN tunnels (2 Hubs > Spoke) connected to achieve some sort of redundancy. This configuration works but I don't think it is very optimised.
Although we have no issue running 2 concurrent tunnels, it would be more efficient to only have 1 active tunnel and 1 as standby when the active goes down. Which also brings me to my next question, how would we automate it so that we can return traffic to the first hub when it comes back online?
Additionally, another issue is that we would like to send back SMTP emails from a device on the spoke, where only 1 email receiver/sender input is possible. What would be the best way to segregate traffic between the two Hubs to reestablish a VPN connection and send SMTP email to the either Hubs where only 1 input address is possible?
The purpose of this document is to demonstrate how ISE authenticate / authorize a user that uses a smart card (PIN + Certificate) and password mechanism to login their system. This document describes the components used for this setup, configuration of IS...
For all versions of the Email Security Appliance (ESA) and Security Management Appliance (SMA), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot b...
Automation and programmability for networking and security are increasingly important topics. Every release since ISE 1.2 has included new REST API capabilities to better automate and integrate ISE with the rest of your network, appli...
The latest iteration (v2.3.4) of the Cisco Secure Firewall Migration Tool adds public beta support for S2S VPN migrations from ASA:
Policy-based (crypto map) Pre-Shared key authentication type VPN configuration to Firepower Management Center
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.
We make improvement...