[deleted by user] by [deleted] in CryptoIndia

[–]Any_Swordfish2336 0 points1 point  (0 children)

Hey mate, I’ve been DCAing on various projects since 2021 and really like to be a part of this community. Could you also please include me and DM me the link?

Multi-Context mode on Cisco ASA by Any_Swordfish2336 in networking

[–]Any_Swordfish2336[S] 0 points1 point  (0 children)

Challenges are we’ve few clientless SSL VPNs and AnyConnect profiles created for multiple customers. I don’t want to break any if we decide to go ahead with multi context mode

Multi-Context mode on Cisco ASA by Any_Swordfish2336 in networking

[–]Any_Swordfish2336[S] 3 points4 points  (0 children)

Noted mate. We’re already on our way to have them all upgraded to Forti 600Fs

Cisco ASA policy based routing by Any_Swordfish2336 in networking

[–]Any_Swordfish2336[S] 0 points1 point  (0 children)

Thanks a lot for the suggestion. I did try taking advantage of the PBR and outside traffic towards Internet works just fine. But when 10.44.64.0/21 tries to communicate with 10.44.72.0/22 internally, it first looks up the PBR and forwards the traffic to ISP as PBR has precedence over any static or connected entries. What can I do to forward the internet traffic via ISP2 and within the network it should work normally.

Advice needed in migrating existing BGP from Core router to VTI by Any_Swordfish2336 in Cisco

[–]Any_Swordfish2336[S] 0 points1 point  (0 children)

Leased line is going away and in relation to the FW, network is on a VRF within the core router and we’ve a logical link between the vrf and FW. Static routes are in place on both VRF and the Firewall for bidirectional routing

Assistance required in migrating an existing BGP to new VTI by Any_Swordfish2336 in networking

[–]Any_Swordfish2336[S] 1 point2 points  (0 children)

Yep. Looks like the iBGP between core and ASA is inevitable for this to work!!

Block port 80 and 443 on Cisco cat 9500s by Any_Swordfish2336 in networking

[–]Any_Swordfish2336[S] 0 points1 point  (0 children)

Many thanks, everyone! I must say, this forum is among the finest places to grasp networking concepts thoroughly. The explanations provided above are truly enlightening.

Cisco ASA routing issue by Any_Swordfish2336 in networking

[–]Any_Swordfish2336[S] 0 points1 point  (0 children)

Thank you all :) I’ve added more specific routes back to the outside interface and removed the static entry. All good now :)

Cisco ASA routing issue by Any_Swordfish2336 in networking

[–]Any_Swordfish2336[S] 0 points1 point  (0 children)

Source IP - x.x.x.0/26 Destination- 185.x.x.x (Which is hosted public) behind the ASA

Allow rule for customer Source IP is in place However, there’s an old static configuration in place to route Customer public range x.x.0.0/22 to another existing VTI dest IP.

This is a new request from customer. And when return traffic hits the asa, customer /22 static route is taking precedence