I need to migrate an active-active VPN to Azure from an ASR to an ASA ha pair.
This is a route based setup with vti's. On the current router we have 2 static routes to the azure subnets, one out of each relevant vti interface. The azure side is active-active.
Does this setup carry actions to an ASA? my only concern is the "statefulness" of a fw. If we have two static routes, with same metric, to same azure subnets, but via different vti interfaces, will that mess anything up?
We have no ACL's on the tunnel interfaces so I don't think that will be an issue. But I'm curious inf anyoje else has done the same and if they saw any unexpected behaviour.
What I want to happen is that ASA sends out of any vti, and received from either vti, and doesn't care!
No comments:
Post a Comment