I replace a linux firewall with a ASA5505-sec-bin-k9.
The customer have two remote sites conected in the following way:
The carrier deliver a LAN connection, a 10/100 wire. But I know the provider has two routers, one goes to a the first remote site and the other for the second remote site.
I plug this cable in a L2 switch and two ASA ports one port of the ASA have an ip and the other with another ip.
The perforamce of the ASA is bad with both interfaces conected simultaneosly to that L2 SW. Testing individually each interface alone, it work fine.
How can I preven that both interfaces are listening the same trafic ?.
With the two interfaces conected simultaneusly , one interface is denying the trafic that the other is forwarding and viceversa but the total efect is that is dropping packets in both interfaces. How can solve this issue.
be aware that is not possible righ now the carrier change the way that is offering the service.
Yes!, The only option that I had was a 2514 router. I try to use dot1q encapsulation to separate the incoming traffic, but the 2514 doesnt support that. Finally I just put the router between the one of the asa interface and the L2 SW. One traffic pass throug the router and the other goes directly to the other ASA interface.
It's working fine, but I will replace the 2514 by an 871 and try to use subinterface with encapsulation and build a trunk between the router and the ASA.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :