Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About JAlmeida
Community Record
8
Posts
6
Kudos
0
Solutions
Badges
yesterday
I really appreciate the feedback. My drawing and addressing was wrong, but I still appreciate the interpretation and guidance. I'm really doing that. I have the following traffic between the devices: Site A - Traffic = 192.168.118.x Site A LAN that should go through Meraki, with ASA as Gateway = 192.168.140.x/24 Site B - Traffic = 192.168.150.x Site B LAN that should go through Meraki, with FTD as Gateway = 192.168.201.x/24 I configured the routing and rules on both FTD and ASA, and I saw that for some reason the ping did not return on Meraki (I think it was a rule). We tested it with tcp 445 and it returned, but I cannot make a machine on site A ping a machine on site B. I am still stuck on this problem.
... View more
Monday
Hello @KarstenI and @GreenMan My topology is as follows: The network gateway is my ASA at Site A and FTD at Site B. Meraki would be another DMZ, which would handle communication between the sites. Today I can ping the transit addresses between the FTD (192.168.150.3) x ASA (192.168.140.3). However, I cannot ping the subnets that I am advertising. I did not create ipsec, my configuration consists only of the HUB and SPOKE configuration. Could this be the error?
... View more
Sunday
Dear all I configured a normal VPN, using the Hub and Spoke concept. I configured the routes and they are published normally, however, I need to validate the LAN network connection between Meraki and FTD. I have already configured the routing, and even so the tests are not working. My Topology: Site A: ISP >> SW Operators >> FTD >> Transit between FTD x SW x Meraki. I can connect between the transit addresses and Meraki can see them, but I have no connectivity on the LAN. Site B: ISP >> SW Operators >> ASA >> Transit between FTD x SW x Meraki. Routing configured and it does not work. I would like to validate this test with static routes and then configure BGP on Meraki and firewalls. Any tips? IP 192.168.150.3 is the transit address of FTD Site B (Spoke); IP 192.168.150.1 is the transit address of MX Site B (Spoke); IP 192.168.150.2 is the transit address of SW Site B (Spoke); IP 192.168.140.1 is the transit address of MX Site A Hub; HUB: Routing Table HUB: SPOKE: SPOKE: Static route No IPsec No dynamic protocol I can ping both Meraki, but from FTD I can't, for example, ping LAN 192.168.140.1 from site B, which is the network of site A. Where am I going wrong?
... View more
Labels:
- Labels:
-
Firewall
Sep 11 2024
7:47 AM
2 Kudos
Yes! Thank you for the clarification. The project included 2 MXs and 2 FRPs and some Catalist 9300s. However, only the FRPs arrived from one unit. Currently my network is 1x1 (1 ASA and 1 4431) in each unit. I think I will propose this type of migration a priori. Placing an MX in each branch, creating the VPN, connecting the LANs and then proceeding with the network configurations.
... View more
Sep 11 2024
6:48 AM
2 Kudos
Perfect! I'll analyze the settings and do that. MX only for communication between Branches and internal networks Perfect, the dmvpn configuration doesn't seem complex in MX, I'll look into it here. FPR1150 for the VPN with the client and with our external network. By the way, MX for P2P needs a dedicated link in each MX, right? Thanks for the support.
... View more
Sep 11 2024
5:55 AM
2 Kudos
Hey, I just joined the project, and the MX will replace the Router 4431 that has this function: LAN-to-LAN VPN for connectivity between both branches. Its function will be this. Connectivity between the RJ x SP branches
... View more
Sep 10 2024
12:42 PM
Thank you for your quick response. In the topology drawing, they are: 2 MX in each location 2 FRP in each location. But observing, in fact, the MX would only be for P2P with dmvpn.
... View more
Sep 10 2024
10:25 AM
I need help designing a migration topology. We currently have two sites here at the company, one in Rio de Janeiro and the other in São Paulo. We have an ISR4431 receiving the ISP links. There is an L2L tunnel between the RJ and SP ISRs for our internal communication. In front of the ISR we have an ASA5555 with the Outside coming from the 4431 and the Inside for the internal networks. Now my company has purchased an MX105 and a Firepower 1150. I would like to know if this type of configuration is possible and if it is a good practice with: Link >> MX105 >> FRP1150 >> 9300 The idea would be for the MX105 RJ to receive the ISP links, establish the Site-to-Site VPN with the MX105 SP, and be the Firepower gateway/outside. Is there any document that can help me corroborate this architecture?
... View more
Labels:
- Labels:
-
3rd Party VPN
-
Firewall
My Top Kudoed Posts
© 2024 Cisco Systems, Inc.
