Hi guys,
So we have a corporate network (10.x.x.x/8) interconnected via DMVPN routers using EIGRP to advertise their participating subnets (10.x.x.x/16 networks depending on geo location).
In our HQ we have an ASA firewall that has EIGRP enabled and configured with the same AS as the DMVPN routers, it advertises our VPN clients subnets.
Now I have to create a site-to-site connection to Azure with the ASA, and the first thing that I have to do in Azure is to define an Azure Virtual Network.
My question is: can I define a 10.x.x.x/16 network for Azure VN, like we do for branch offices, and rely on the ASA for routing? Or am i missing something and would be better off using a total different subnet in another range (eg 172.16.0.0).
I am looking at that doc to get started (https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/214109-configure-asa-ipsec-vti-connection-to-az.html) and see 2 options for routing BGP peering or static routes, I am thinking of using static routes for simplicity sake, so in that case I guess I shouldnt advertise the network in EIGRP and just put a static route on the ASA.
For the moment we will litteraly run only server in Azure, but moving forward our utilization may increase but the max number of IPs I could imagine running there would be lower than a thousand even if we would migrate all of our workloads to Azure.
No comments:
Post a Comment