Dynamic Update of Network Object Groups between ASA's

Answered Question

Hello,


Is anyone familiar with network object group synchronization between two asa's that are separate (not a failover pair)?  I understand that this might be possible with a script but what I want to do is to have the changes to one network object group replicate the changes to the similarly named network object between two remote ASAs.  The remote ASAs have internet failover via BGP and the public IP's are the same.


Suggestions?


Thank you,


-Ben

Correct Answer by Panos Kampanakis about 6 years 8 months ago

Hi


Of course there is the manual or script option that you mentioned.


There is also the option of the "write net" command to pull the config from a central site.

And also AUS server option where changes are pushed to the ASAs together from a central AUS server.


I hope it helps.


PK

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Panos Kampanakis Mon, 09/20/2010 - 11:47
User Badges:
  • Cisco Employee,

Hi


Of course there is the manual or script option that you mentioned.


There is also the option of the "write net" command to pull the config from a central site.

And also AUS server option where changes are pushed to the ASAs together from a central AUS server.


I hope it helps.


PK

Panos Kampanakis Tue, 09/21/2010 - 08:13
User Badges:
  • Cisco Employee,

IT is not very common to use write net or AUS There are people that use AUS but not too many percentagewise.


If you are using CSM you can also use a shared policy so the ACL can be used in more than one devices.


PK

Actions

This Discussion