Lessons Learned: Overriding routing in Cisco ASA

While at a client this week, I ran across a fundamental change in post 8.3 cisco ASA routing logic which blindsided me for a while. The scenario was that after changing some VPN tunnel endpoints and hence changing subnet locations, we started seeing errors in syslog along the lines of TCP session torn down, "no … Continue reading Lessons Learned: Overriding routing in Cisco ASA

Palo Alto firewall and BGP routing

Objective: This article will record the steps taken and scenarios simulated during BGP lab sessions involving the PA 5020. Scenario 1: A single ISP, with an eBGP peering between the PaloAlto and a CISCO ISP router.   The above network diagram shows the basic setup. The objective of this scenario is to advertise the “public” … Continue reading Palo Alto firewall and BGP routing