Re: OT - vrf through asa

Hi Brian

I asked our senior security architect it is policy

--
BR
Tony
Sent from my iPhone on 3
On 21 Feb 2013, at 16:33, Brian McGahan <bmcgahan_at_ine.com> wrote:
> Why does it need to be routed?
> 
> 
> Brian McGahan, CCIE #8593 (R&S/SP/Security), CCDE 2013::13
> bmcgahan_at_INE.com
> 
> Internetwork Expert, Inc.
> http://www.INE.com
> 
> On Feb 21, 2013, at 7:59 AM, "Tony Singh" <mothafungla_at_gmail.com> wrote:
> 
>> Gilles
>> 
>> Thought so cheers will check it out...
>> 
>> If we do have contexts still the ASA has only max 2 ospf processes, not
>> scalable in that regard...?
>> 
>> Ryan - need to have it routed bro
>> 
>> 
>> On 21 February 2013 13:40, Gilles Fabre <fabre.gilles_at_voila.fr> wrote:
>> 
>>> 
>>> If I remember well, dynamic rouiting support in multi-context was one
>>> major enhancement of 9.0 version
>>> ASA.8.x supported only static routing when configured with contexts
>>> 
>>> RD/RT won't be transmitted except you use MP-BGP
>>> Contexts only allow segmentation of security domlains in relation with VRF
>>> routing domains (more to be used with VRF-lite setups in my mind)
>>> 
>>> 
>>> 
>>> 
>>>> Message du 21/02/13 ` 14h31
>>>> De : "Tony Singh"
>>>> A : "Carlos G Mendioroz"
>>>> Copie ` : "Cisco certification"
>>>> Objet : Re: OT - vrf through asa
>>>> 
>>>> Hi Carlos
>>>> 
>>>> The thought did cross my mind, im sure I did see something about dynamic
>>>> routing being supported in multi-context mode, I may have been dreaming
>>>> however as can't find nothing on this...
>>>> 
>>>> It might not be required depending on the way you set the context's up,
>>>> will check Brian's video again..
>>>> 
>>>> Question in vrf-lite how does the RD/RT get exported? is it within the
>>> ospf
>>>> multicast dbd? I know with MPBGP it is transported in the extended
>>>> communities value packet, confused on this bit..and would the ASA ignore
>>>> the RD/RT but look at the source/dest ipv4 addr
>>>> 
>>>> Thanks bro!
>>>> 
>>>> Tony
>>>> 
>>>> 
>>>> On 21 February 2013 12:34, Carlos G Mendioroz  wrote:
>>>> 
>>>>> You may try 2 contexts, and have different routing domains
>>>>> (inbound/outbound) in each ?
>>>>> -Carlos
>>>>> 
>>>>> Tony Singh @ 21/02/2013 09:29 -0300 dixit:
>>>>> 
>>>>>> can get this working from PE > CE > Switch > trunk > trunk > Switch >
>>> CE >
>>>>>> PE
>>>>>> 
>>>>>> any solution available going through ASA say if I wanted to do IPS
>>> DPI and
>>>>>> other
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> On 21 February 2013 12:02, Tony Singh  wrote:
>>>>>> 
>>>>>> 
>>>>>>> Hi
>>>>>>> 
>>>>>>> I know ASA's are not vrf aware unless latest code supports this...
>>>>>>> 
>>>>>>> I have customer routing tables separated by vrf's CE to PE is MPBGP,
>>> and
>>>>>>> IGP is OSPF vrf-lite on CE's
>>>>>>> 
>>>>>>> Is there anyway to get the customer traffic through the ASA's
>>>>>>> dynamically,
>>>>>>> max OSPF processes the ASA's support is 2
>>>>>>> 
>>>>>>> Is their any benefit in passing this traffic through the ASA's
>>>>>>> 
>>>>>>> what would you guys do?
>>>>>>> 
>>>>>>> Topology
>>>>>>> 
>>>>>>> Site 1 PE > CE > ASA > Switch > trunk > trunk > Switch > ASA > CE >
>>> PE
>>>>>>> Site 2
>>>>>>> 
>>>>>>> Thanks in advance
>>>>>>> 
>>>>>>> Tony
>>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>> 
>>>>>> ______________________________**______________________________**
>>>>>> ___________
>>>>>> Subscription information may be found at:
>>>>>> http://www.groupstudy.com/**list/CCIELab.html
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>> --
>>>>> Carlos G Mendioroz  LW7 EQI Argentina
>>>> 
>>>> 
>>>> Blogs and organic groups at http://www.ccie.net
>>>> 
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>> 
>>> ___________________________________________________________
>>> Qu'y a-t-il ce soir ` la tili ? D'un coup d'il, visualisez le programme
>>> sur Voila.fr http://tv.voila.fr/programmes/chaines-tnt/ce-soir.html
>> 
>> 
>> Blogs and organic groups at http://www.ccie.net
>> 
>> _______________________________________________________________________
>> Subscription information may be found at: 
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net