Re: OT - vrf through asa

Hi Joe

Thanks as many of you experts have mentioned this I will go back to our
architect and try to understand why it is required to be routed

For example can I run an IPS module with DPI in transparent mode?

What are the main drawbacks with either mode

Thanks

Tony

On 21 February 2013 15:47, Joseph L. Brunner <joe_at_affirmedsystems.com>wrote:

> I would agree with transparent mode as mentioned earlier as best way to do
> this...
>
> The ASA's level of routing doesn't get you much here.
>
> If anything it's a silent "bump in the wire" with stateful inspection and
> acl's so the routers can just "route".
>
> thanks
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Tony Singh
> Sent: Thursday, February 21, 2013 7:03 AM
> To: Cisco certification
> Subject: OT - vrf through asa
>
> Hi
>
> I know ASA's are not vrf aware unless latest code supports this...
>
> I have customer routing tables separated by vrf's CE to PE is MPBGP, and
> IGP is OSPF vrf-lite on CE's
>
> Is there anyway to get the customer traffic through the ASA's dynamically,
> max OSPF processes the ASA's support is 2
>
> Is their any benefit in passing this traffic through the ASA's
>
> what would you guys do?
>
> Topology
>
> Site 1 PE > CE > ASA > Switch > trunk > trunk > Switch > ASA > CE > PE Site
> 2
>
> Thanks in advance
>
> Tony
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Feb 21 2013 - 17:04:21 ART