nowday, We made a management ip at interface giga1 only, but the issue was occured like follows;
if the giga ingerface configured for management ssh, ssl goes to full due to process the ddos traffic, the giga interface can't communicate between detector and guard, the detector will syncronize to guard module when the policy activated, but guard module can't accept the activate through ssh,because of the giga interface was down due to ddos.
If I make a three management for each giga interface, Can I prevent above scenirio? if possible, How can I configure the ssh, ssl sync? Do I make a ssh, ssl sync from detector to guard on each management ip ?
If your Guard module currently operates with a maximum bandwidth of 1 Gbps, you can upgrade the bandwidth performance to 3 Gbps by installing the XG version of the software image and corresponding software license key. The XG software image activates all three interface ports between the Guard module and the supervisor engine to data traffic and inband management traffic. The 1-Gbps software image uses only one interface port for data traffic.
but normaly we make a one management interface to activate ssh, ssl between guard & detector. if the interface configured management can't response due to process ddos traffic, the detector can't activate management traffic , because of interface full,
like above environment, How can I make a redundant management interface? Can I activate ssh,ssl to two management interface on one guard?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...