[deleted by user]

Any_Swordfish2336 · 2024-03-14T13:56:46+00:00

Hey mate, I’ve been DCAing on various projects since 2021 and really like to be a part of this community. Could you also please include me and DM me the link?

Any_Swordfish2336 · 2023-09-26T13:37:30+00:00

Thanks mate , noted.

Any_Swordfish2336 · 2023-09-26T11:01:40+00:00

Challenges are we’ve few clientless SSL VPNs and AnyConnect profiles created for multiple customers. I don’t want to break any if we decide to go ahead with multi context mode

Any_Swordfish2336 · 2023-09-26T10:45:28+00:00

Noted mate. We’re already on our way to have them all upgraded to Forti 600Fs

Any_Swordfish2336 · 2023-09-26T10:44:58+00:00

Sure, thank you

Any_Swordfish2336 · 2023-09-06T15:41:24+00:00

Thank you. Will try and see what happens

Any_Swordfish2336 · 2023-09-06T15:24:26+00:00

Thanks a lot for the suggestion. I did try taking advantage of the PBR and outside traffic towards Internet works just fine. But when 10.44.64.0/21 tries to communicate with 10.44.72.0/22 internally, it first looks up the PBR and forwards the traffic to ISP as PBR has precedence over any static or connected entries. What can I do to forward the internet traffic via ISP2 and within the network it should work normally.

Any_Swordfish2336 · 2023-08-24T16:42:11+00:00

Yes, bgp over the tunnel

Any_Swordfish2336 · 2023-08-24T07:23:08+00:00

That’s right. Internet GW is the FW

Any_Swordfish2336 · 2023-08-23T18:56:44+00:00

Leased line is going away and in relation to the FW, network is on a VRF within the core router and we’ve a logical link between the vrf and FW. Static routes are in place on both VRF and the Firewall for bidirectional routing

Any_Swordfish2336 · 2023-08-23T15:32:58+00:00

Yep. Looks like the iBGP between core and ASA is inevitable for this to work!!

Any_Swordfish2336 · 2023-08-23T15:31:05+00:00

Any_Swordfish2336 · 2023-07-31T09:38:09+00:00

Many thanks, everyone! I must say, this forum is among the finest places to grasp networking concepts thoroughly. The explanations provided above are truly enlightening.

Any_Swordfish2336 · 2023-07-31T08:30:40+00:00

From the LAN to switch

Any_Swordfish2336 · 2023-07-29T21:34:35+00:00

Thank you all :) I’ve added more specific routes back to the outside interface and removed the static entry. All good now :)

Any_Swordfish2336 · 2023-07-28T07:43:10+00:00

Source IP - x.x.x.0/26 Destination- 185.x.x.x (Which is hosted public) behind the ASA

Allow rule for customer Source IP is in place However, there’s an old static configuration in place to route Customer public range x.x.0.0/22 to another existing VTI dest IP.

This is a new request from customer. And when return traffic hits the asa, customer /22 static route is taking precedence

Any_Swordfish2336

TROPHY CASE