Re: OT - vrf through asa

For those of you who didn't get that like me

http://en.m.wikipedia.org/wiki/Layer_8

Nothing closure then the truth!

--
BR
Tony
Sent from my iPhone on 3
On 21 Feb 2013, at 19:26, Brian McGahan <bmcgahan_at_ine.com> wrote:
> Ah, layer 8 ;)
> 
> Brian McGahan, CCIE #8593 (R&S/SP/Security), CCDE 2013::13
> bmcgahan_at_INE.com
> 
> Internetwork Expert, Inc.
> http://www.INE.com
> 
> On Feb 21, 2013, at 10:39 AM, "Tony Singh" <mothafungla_at_gmail.com> wrote:
> 
>> Hi Brian
>> 
>> I asked our senior security architect it is policy
>> 
>> --
>> BR
>> 
>> Tony
>> 
>> Sent from my iPhone on 3
>> 
>> On 21 Feb 2013, at 16:33, Brian McGahan <bmcgahan_at_ine.com> wrote:
>> 
>>> Why does it need to be routed?
>>> 
>>> 
>>> Brian McGahan, CCIE #8593 (R&S/SP/Security), CCDE 2013::13
>>> bmcgahan_at_INE.com
>>> 
>>> Internetwork Expert, Inc.
>>> http://www.INE.com
>>> 
>>> On Feb 21, 2013, at 7:59 AM, "Tony Singh" <mothafungla_at_gmail.com> wrote:
>>> 
>>>> Gilles
>>>> 
>>>> Thought so cheers will check it out...
>>>> 
>>>> If we do have contexts still the ASA has only max 2 ospf processes, not
>>>> scalable in that regard...?
>>>> 
>>>> Ryan - need to have it routed bro
>>>> 
>>>> 
>>>> On 21 February 2013 13:40, Gilles Fabre <fabre.gilles_at_voila.fr> wrote:
>>>> 
>>>>> 
>>>>> If I remember well, dynamic rouiting support in multi-context was one
>>>>> major enhancement of 9.0 version
>>>>> ASA.8.x supported only static routing when configured with contexts
>>>>> 
>>>>> RD/RT won't be transmitted except you use MP-BGP
>>>>> Contexts only allow segmentation of security domlains in relation with VRF
>>>>> routing domains (more to be used with VRF-lite setups in my mind)
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>>> Message du 21/02/13 ` 14h31
>>>>>> De : "Tony Singh"
>>>>>> A : "Carlos G Mendioroz"
>>>>>> Copie ` : "Cisco certification"
>>>>>> Objet : Re: OT - vrf through asa
>>>>>> 
>>>>>> Hi Carlos
>>>>>> 
>>>>>> The thought did cross my mind, im sure I did see something about dynamic
>>>>>> routing being supported in multi-context mode, I may have been dreaming
>>>>>> however as can't find nothing on this...
>>>>>> 
>>>>>> It might not be required depending on the way you set the context's up,
>>>>>> will check Brian's video again..
>>>>>> 
>>>>>> Question in vrf-lite how does the RD/RT get exported? is it within the
>>>>> ospf
>>>>>> multicast dbd? I know with MPBGP it is transported in the extended
>>>>>> communities value packet, confused on this bit..and would the ASA ignore
>>>>>> the RD/RT but look at the source/dest ipv4 addr
>>>>>> 
>>>>>> Thanks bro!
>>>>>> 
>>>>>> Tony
>>>>>> 
>>>>>> 
>>>>>> On 21 February 2013 12:34, Carlos G Mendioroz  wrote:
>>>>>> 
>>>>>>> You may try 2 contexts, and have different routing domains
>>>>>>> (inbound/outbound) in each ?
>>>>>>> -Carlos
>>>>>>> 
>>>>>>> Tony Singh @ 21/02/2013 09:29 -0300 dixit:
>>>>>>> 
>>>>>>>> can get this working from PE > CE > Switch > trunk > trunk > Switch >
>>>>> CE >
>>>>>>>> PE
>>>>>>>> 
>>>>>>>> any solution available going through ASA say if I wanted to do IPS
>>>>> DPI and
>>>>>>>> other
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> On 21 February 2013 12:02, Tony Singh  wrote:
>>>>>>>> 
>>>>>>>> 
>>>>>>>>> Hi
>>>>>>>>> 
>>>>>>>>> I know ASA's are not vrf aware unless latest code supports this...
>>>>>>>>> 
>>>>>>>>> I have customer routing tables separated by vrf's CE to PE is MPBGP,
>>>>> and
>>>>>>>>> IGP is OSPF vrf-lite on CE's
>>>>>>>>> 
>>>>>>>>> Is there anyway to get the customer traffic through the ASA's
>>>>>>>>> dynamically,
>>>>>>>>> max OSPF processes the ASA's support is 2
>>>>>>>>> 
>>>>>>>>> Is their any benefit in passing this traffic through the ASA's
>>>>>>>>> 
>>>>>>>>> what would you guys do?
>>>>>>>>> 
>>>>>>>>> Topology
>>>>>>>>> 
>>>>>>>>> Site 1 PE > CE > ASA > Switch > trunk > trunk > Switch > ASA > CE >
>>>>> PE
>>>>>>>>> Site 2
>>>>>>>>> 
>>>>>>>>> Thanks in advance
>>>>>>>>> 
>>>>>>>>> Tony
>>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>> 
>>>>>>>> ______________________________**______________________________**
>>>>>>>> ___________
>>>>>>>> Subscription information may be found at:
>>>>>>>> http://www.groupstudy.com/**list/CCIELab.html
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>> --
>>>>>>> Carlos G Mendioroz  LW7 EQI Argentina
>>>>>> 
>>>>>> 
>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>> 
>>>>>> _______________________________________________________________________
>>>>>> Subscription information may be found at:
>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>> 
>>>>> ___________________________________________________________
>>>>> Qu'y a-t-il ce soir ` la tili ? D'un coup d'il, visualisez le programme
>>>>> sur Voila.fr http://tv.voila.fr/programmes/chaines-tnt/ce-soir.html
>>>> 
>>>> 
>>>> Blogs and organic groups at http://www.ccie.net
>>>> 
>>>> _______________________________________________________________________
>>>> Subscription information may be found at: 
>>>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net