Solved: Dynamic Update of Network Object Groups between ASA's

ben.biley · ‎09-18-2010

Hello,

Is anyone familiar with network object group synchronization between two asa's that are separate (not a failover pair)? I understand that this might be possible with a script but what I want to do is to have the changes to one network object group replicate the changes to the similarly named network object between two remote ASAs. The remote ASAs have internet failover via BGP and the public IP's are the same.

Suggestions?

Thank you,

-Ben

Panos Kampanakis · ‎09-20-2010

Hi

Of course there is the manual or script option that you mentioned.

There is also the option of the "write net" command to pull the config from a central site.

And also AUS server option where changes are pushed to the ASAs together from a central AUS server.

I hope it helps.

PK

View solution in original post

Panos Kampanakis · ‎09-20-2010

Hi

Of course there is the manual or script option that you mentioned.

There is also the option of the "write net" command to pull the config from a central site.

And also AUS server option where changes are pushed to the ASAs together from a central AUS server.

I hope it helps.

PK

ben.biley · ‎09-21-2010

PK,

Thank you for your insight. I will research the issue. Is this a common configuration for this type of ASA setup?

-Ben

Panos Kampanakis · ‎09-21-2010

IT is not very common to use write net or AUS There are people that use AUS but not too many percentagewise.

If you are using CSM you can also use a shared policy so the ACL can be used in more than one devices.

PK