Aside from with VLAN trunking where you use sub-interfaces, has anyone ever implemented a router on a stick design where traffic is routed back through the port it entered the router on?
I have 2 x ASA's on my LAN and want to route traffic to different networks through different ASA's. My servers currently have static routes telling them which ASA to take to reach the network intended. Is it possible to add a router onto the LAN, make it the default gateway for the servers and then put static routes on the router identidying which ASA data should go through to reach a specific network? Is that bad design? Do I need to introduce a new network between the router and the ASA's??
Sorry, I think I may have described the problem poorly. I am not using dot1q trunking. I have a single network 192.168.123.0 with ASA No1 192.168.123.254 and ASA No2 192.168.123.253. I crurrently use ASA No1 as the default gateway for my web servers but they need to reach some networks via ASA No2 so I have added static routes onto the server e.g 172.16.11.0 via 192.168.123.253. I was hoping to add a router on to the network on 192.168.123.252, make this the default Gateway and put the static routes on the router rather than the servers. This router would only have one network cable plugged into it and traffic would hairpin back out the connection that it came in on. The ASA's, router and Servers would be connected via a single switch.
I have tried this before and the web servers were intermitantly available. Since making the ASA the default gateway things have been fine but I need to route to some places via the other ASA.
There are probably aspects of your environment which we do not know which might affect the answer. But based on what you have given us so far I do not see any need to introduce a new network. Probably the main issue that comes to mind is whether the amount of traffic through the interface might begin to overload the interface. Without knowing what the traffic levels are and what kind of router and what kind of interface then we are not in a good position to advise on this detail (but for most networks this would not be an issue).
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...