Ok i have attached two images to this message, First i would like u to check that out to get a brief idea.
As you can see from the image named "before" i have a cisco 6500 Switch, a ASA 5510, and a link load balancer for load balancing between two links configured as Active/standby with VRRP.
1. I have a default route configured on the Cisco 6500 routing all traffic to the firewall inside interface through an L3 interface configured on the Switch.
2. Default route on the ASA routing all traffic to the Radware.
So now comes the actual Scenario.
Checkout the Image named " After"
Yes, I am planning to configure Active/Active failover. I know all the disadvantages and i am happy i dont require any of the "can't do's" mentioned
Now in the Active/active failover i have seen something like VLANS configured on the ASA.
- My main doubt is where will i route all the traffic on the switch to, I'll now have 2 gateway addresses for two different groups configured on the ASA.
And should i trunk between the Firewall and the l2 switches used in between.
2nd thing what about the outside part, what will the reverse route on the radware be , will it be reverse route to 2 different Ip's for the same inside network
And also do i need trunking on the ASA outside as well, Im not sure the radware supports Sub-interfaces and VLAn tags, I am sure that i can use 2 ip addresses on a single interface of the radware though.
thats not required probably
After this lengthy story, if someone understood something please try to clarify my big and almost stupid doubts.
And i am keen on the Active/active config, please dont try to convince me suggesting Active/standby unless all the above mentioned is completely impossible.
Let me try to explain what active/active means. Basically, you have two devices passing completely different traffic (as it works only with multiple context). So if you have two distinct traffic flows that you don't want to mix, you use active/active. For each flow there will be an active/standby failover, but since there are two flows in the same time, Cisco calls it active/active.
If the above stuff is understood, and you still want to go with multiple context on the ASAs, you need to start thinking of a rule to split the traffic flows in two, most likely you will want one ASA context on ISP1 and one ASA context on ISP2.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...