We have this kind of setup:
Customer connects to our network at two different cities, and we have BGP peering with them. Then we have static routes towards one of the customer's virtual FWs let's say to number 1 in this case. We point default route statically to FW transit network, and in that network we have static routers towards the different server firewalls to get to the servers.
Static routes being quite troublesome and as we have to choose which customer FW we use, I'd like to move this to a fully BGP routed network.
How would you configure it so that there wouldn't asymmetric routing that breaks the firewall's session tracking? Or how would you configure AS numbers in that network? We're currently using same AS in the FW transit and in the routers below, as the routers below are physically the same devices doing the transit network too.
Thanks!
No comments:
Post a Comment