Consolidating PIXs , is "same-security-traffic" required?
We currently have our Central Office and 4 remote sites all with PIXs (515) connecting with a meshed LAN to LAN tunnels using a service provider network. All either 7.02 Central Office also has a second PIX 515 (v 6.34)that connects via wireless, two campus buildings, each with a 515, also with seperate LAN to LAN tunnels. One is running 7.04 the other not currently connected.
We have added a third interface in the Central Office PIX & would like to
eliminate the second Central Office "wireless" PIX.
Two questions (1) is "same-security-traffic" required to make this work (2) When communicating between the one endpoint of wireless network to the a PIX terminating on the Service provider side will the traffic encapsulate and decapsulate twice, or once?
Re: Consolidating PIXs , is "same-security-traffic" required?
The two units must have the exact same configuration and must run the same software version. This is easily accomplished, since configuration replication occurs over the failover cable, or from the LAN interface configured with failover lan interface interface_name command, from the active unit to the standby unit in these ways:
When the standby unit completes its initial boot-up, the active unit replicates its entire configuration to the standby unit. This occurs if you use a failover cable because you need the initial configuration on both the primary and secondary units in order to identify them as primary and secondary units. This feature has been introduced to overcome the serial cable length and speed.
As commands are entered on the active unit, they are sent across to the standby unit.
When you enter the write standby command on the active unit, you force the entire configuration to memory on the standby unit.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...