@Dashrender said in Cisco ASA:

@Jimmy9008 said in Cisco ASA:

A and B can also RDP/ping devices sitting on C.

If this is true, it's just a matter of rules/route allowing C back to A/B or a route specifically for C -> A/B.

172.16.0.0 vlan… switch IP = 172.16.0.1, ASA = N/A, gateway on the vlan is 172.16.0.1 (the switch)

this is legacy. What appears to happen is that the switch has 0.0.0.0 set to 192.168.50.10 (the ASA) on a vlan2. So, traffic from 172.16.0.0 hits the switch IP at 172.16.0.1, then hope out 0.0.0.0
^ I think its this that's causing the issue.

This should be fine, this is what allows the C network to get to the internet

so, when on the 172.16.0.0 network, the request goes to the switch's IP (172.16.0.1) which forwards it to 192.168.50.10 (the ASA), The ASA then doesn't have a rule allowing traffic from 172.16.0.0 to talk to 10.x, so it just dumps the traffic.

At least that's what it looks like to me at this time.

“C” network really?

@scottalanmiller said in ISP Failover with Cisco ASA:

That's mostly true. But Cisco considers it real Cisco and it shows their view of themselves. And that, I always think, is important. Cisco doesn't seem themselves as an enterprise player. And I've been in sales meetings with Cisco and that definitely comes through when talking to them.

That's not what I got from my sales conversations with them. They were very explicit about real Cisco and the lesser sub-brands.

Having been at two huge banks that were burned by being willing to use UCS, Cisco and enterprise are two words I never put together. From networking to phones to servers, Cisco is consistently overpriced and underperforming.

I absolutely loved UCS, even wrote the original oVirt/RHV plugin for the VMFEX cards. They were ahead of their time with those boxes, but the cloud pretty much killed everything really cool and advanced about HW

@scottalanmiller said in Cisco: we're not competent.:

https://arstechnica.com/information-technology/2018/02/that-mega-vulnerability-cisco-dropped-is-now-under-exploit/

They can own all the ASAs!

@travisdh1 mmmmmmmmm....... piiiiiiiiie switches......

0_1517347038052_homer_simpson_drooling_by_dondrug-d6h081a.jpg

@eddiejennings said in Configuration naming conventions: ERL, ASA, etc:

For my Edge Router Lite, I'm considering whether or not I want to create address groups for single hosts. My reasoning for "yes" would be I'd configure an IP address in one place (the address group), and then multiple configuration aspects can reference that address group. If the IP address of the host in question changes, then I only have to update one thing.

I'm curious to know if you folks do the same for your devices. I know ASA's have objects, which function similarly to the idea of an address group.

Sonicwall are Address Objects and there are groups as well. So yeah I do that.

@jaredbusch said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost:

@nashbrydges said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost:

@jaredbusch said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost:

@nashbrydges said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost:

@brandon220 said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost:

I've been using an ERL at home for a while and have them deployed at several business. Zero complaints and I recommend them all the time.

I wish I could use it at home. I'm on Bell Canada ftth and they use a different vlan for iptv and internet. All of the online guides I've seen haven't been able to get me to use my ERL and Bell won't give up which VLANs they use.

No one hasd figured this information out yet?

Sadly not yet, at least not that my Google-fu has allowed me to find.

I am a bit amazed because it should only take a mirrored switch port and wireshark to find VLAN tags.

This was my thinking as I was reading the posts. This is /should be pretty easy to figure out.

@whoolly said in Switchvox phone issues:

Vendor insisted he has never had any VOIP issues with Sonicwall and didn't want to budge on that.

Even while it doesn't work. So you know that he'll say this to other customers now, even after this one. Chances are, he's had problems at all customers. SonicWall is culprit #1 for VoIP issues. I mean that literally. I get a call that someone has VoIP audio issues, my first question is always "Do you have a SonicWall?" Nine times out of ten, the answer is yes and nine times out of those ten, the SW was the issue. It's nearly a sure bet with audio issues.

Had you led this question purely with "I have these audio issues..." we'd have said "I bet you have a SonicWall."

Yes NTG can do that. We have a Cicso guy on staff.

Old post but just had to do this for an implementation we are rolling out. Thanks!

@JaredBusch said:

@NetworkNerd said:

Thanks to all who responded here. We're going to roll with PSX's idea.

I will also tell you I posted this somewhere else and did not receive as many responses as I did here.

What other device you going to use? If you buy the right thing you can shitcan the entire ASA

I already had a Cisco RV180 lying around and used it for the camera traffic. The only thing I do not have setup right now is static routes.