NOTE: this IOS version is 15.0, but for the HSRP, IP SLA and tracking cmds, it’s functionally the same as 12.4.
This way, whenever the Data Center HSRP failover occurs, our HSRP failover would also occur, thus insuring our Hosts and Remote Routers would always be communicating over the same VPN Tunnels, and the same routes.īelow is a sample config snippet for the statements to make this happen on our Corporate Router 1.
Then, make the HSRP failover on our Corporate Routers occur whenever any of those interfaces went down. After having a lengthy chat with my good buddy Google, I choose this one: use IP SLA to track the availability of both the internal and external interfaces of the Data Center Routers. Like usual in Cisco-land, there are multiple solutions. Packets from the PC Host are forwarded to the Remote Router on the primary VPN Tunnel (which is down), but the only available return path from the Remote Router is the secondary VPN Tunnel. All, when we are using url-server command on asa, asa redirects all http traffic to websense server and websense filter the request based on http header. However, back in the Data Center, our PC Host is still trying to reach the Remote Router through the primary VPN tunnel, and Corporate Router 1 is still forwarding traffic through EIGRP route number one, having no knowledge of EIGRP route number two (on Corporate Router 2). When I disconnected the HSRP interface on Data Center Router 1 (1.1.1.2), the primary VPN tunnel went down, as well as the primary EIGRP route, and the Remote Router switched over to the secondary VPN tunnel, and EIGRP route number two. All three routers are running EIGRP, which gave the Remote Router two routes to the Corporate network. On the EIGRP/VPN side, we had two VPN tunnels setup on the Remote Router – one tunnel to each of our Corporate Routers.
Enter enable, followed by the enable password to put the security appliance into privileged EXEC mode. Access the security appliance from a console or from a remote terminal using telnet for access 2.
It took a while to figure out, but here’s what was happening. To configure your security appliance to send Internet requests to Websense software for filtering: 1. Then we lost ping completey to our remote site. From Part 1, connectivity in the lab setup was working fine during my tests until I disconnected the Data Centers HSRP interfaces.
USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.So, back to HSRP and EIGRP.
ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. Addresses, phone numbers, and fax numbers are listed on the Cisco website at Text Part Number: N/A, Cisco has more than 200 offices worldwide. Config > Firewall > URL Filtering servers also Config > Firewall > Filter rules ASDM to determine which IPs subnets sent to websense. You configure a rule in ASDM to check and log all usage to a websense server. Cisco ASA firewall (version 5505) is deployed as network gateway. This tutorial assumes the following network deployment scheme.