One of my clients have a GSS4900 pair for some services inside their network. Now they would ike also to use the GSS for Internet related services. The GSS pair is on the inside of the firewall and we are of course reluctant to open for DNS traffic from internet to the inside even though it's just to the GSS.
Can we use keep Ethernet 0 on the inside and config Ethernet 1 to be located on for example a DMZ if just set up proper routing in it?
my idea was something like this
interface ethernet 0
ip address 10.16.0.15 255.255.255.0
interface ethernet 1
ip address 18.104.22.168 255.255.255.0
ip route 10.0.0.0 255.0.0.0 10.16.0.1
ip route 0.0.0.0 0.0.0.0 22.214.171.124
The idea being that this would keep the gss inter-communication and dns service for inside on ethernet0 and ethernet1 would just answer dns requests.
I haven't tried it but i think logically it should work. You can designate different interfaces for gss communication and different for keepalives and that i have seen working fine. But as far as your requirement goes i don't think there should be any problem.
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...