adding ASA for only VPN routes

Started by scottsee, February 15, 2015, 09:58:38 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions

deanwebb

#15
February 20, 2015, 09:04:43 AM
Noice. Thanks for the link, javentre.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

scottsee

#16
March 03, 2015, 10:12:12 PM
I pulled the trigger today and bought 2 x ASA 5525-X to put into Active/Active ... Should get them tomorrow..  :eek:
scott see

wintermute000

#17
March 05, 2015, 05:12:16 AM Last Edit: March 05, 2015, 05:13:56 AM by wintermute000
I hate to tell you this but you can't route over an ASA IPSEC VPN because for some retarded reason Cisco decided that GRE is no good on an ASA.

Hence no encapsulation hence no VTIs hence no routing protocols over your VPNs.

Throughput will beat the pants off a router but for routing failover purposes you're going to have to find another way e.g. IP SLA and/or duct tape aka route-maps somewhere else.
Whereas if you ran IPSEC tunnels from VTI interfaces or DMVPN on an ISR you could have run any IGP or BGP over the top.


Dean or another guru may come in and stomp me with new knowledge but that was the case when I was heavily ASA-ing a couple of years back and I haven't seen anything new in this regard

Netwörkheäd

#18
March 05, 2015, 06:46:01 AM
This is why we're looking at Juniper and Checkpoint as VPN solutions.
Let's not argue. Let's network!
Print
Go Up Pages 1 2
User actions