Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Dynamic Update of Network Object Groups between ASA's

Hello,

Is anyone familiar with network object group synchronization between two asa's that are separate (not a failover pair)?  I understand that this might be possible with a script but what I want to do is to have the changes to one network object group replicate the changes to the similarly named network object between two remote ASAs.  The remote ASAs have internet failover via BGP and the public IP's are the same.

Suggestions?

Thank you,

-Ben

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Dynamic Update of Network Object Groups between ASA's

Hi

Of course there is the manual or script option that you mentioned.

There is also the option of the "write net" command to pull the config from a central site.

And also AUS server option where changes are pushed to the ASAs together from a central AUS server.

I hope it helps.

PK

3 REPLIES
Cisco Employee

Re: Dynamic Update of Network Object Groups between ASA's

Hi

Of course there is the manual or script option that you mentioned.

There is also the option of the "write net" command to pull the config from a central site.

And also AUS server option where changes are pushed to the ASAs together from a central AUS server.

I hope it helps.

PK

New Member

Re: Dynamic Update of Network Object Groups between ASA's

PK,

Thank you for your insight.  I will research the issue.  Is this a common configuration for this type of ASA setup?

-Ben

Cisco Employee

Re: Dynamic Update of Network Object Groups between ASA's

IT is not very common to use write net or AUS There are people that use AUS but not too many percentagewise.

If you are using CSM you can also use a shared policy so the ACL can be used in more than one devices.

PK

233
Views
0
Helpful
3
Replies