I have a customer that has an existing VPN connection between their ASA and their corporate AWS account. As you may or may not know, AWS shares a set of public IPs for VPN peering across many many customers. AWS splits customer traffic out on the back end. Example... Customer A sets up a VPN with AWS using the remote public peer ip of 18.104.22.168. Customer B comes along and wants to setup a VPN tunnel to AWS, they also use 22.214.171.124 as their remote VPN peer IP, and so forth and so on.
So this customer already has a VPN to AWS and now they need to connect to a different AWS account but guess what, the remote VPN peer IPs are the same as the ones they are currently using. So this presents a problem with the tunnel-group configuration on the ASA. They already have a tunnel-group that matches the remote AWS peer IP and that tunnel group already has a PSK configured on it. In a perfect world I would have two tunnel-groups with the same name (126.96.36.199 for example) but with different PSKs. I know this isn't possible so does anyone have any ideas here or is my customer just up a creek?
Oh and both VPN tunnels require the isakmp identity to be the address.
This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.
This is live on the portal:https://video.cisco.com/video/6159336218001
And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
This AMA will serve as the Q&A for the Cisco Live Digital breakout DGTL-BRKSEC-1011 - "A Challenger Appears: Defending Mailboxes in the Cloud" which covers a brand new product which will be announced during the event: Cloud Mailbox Defense.
I've fixed this before but now I'm running into a different type of an issue. My firewall isn't booting to the image so I have to keep reloading the image onto the ASA. Any help would be appreciated. Also my Config-Register is set to 0x1. As of right now,...
Join us live on Tuesday, May 19th at 10 am PT (and on demand after) as we officially bust the myths around SMBs and cybersecurity. Join our experts for a live Cisco Chat - we'll share some fascinating survey results, and outline key factors for a suc...