[177817] in North American Network Operators' Group
Re: Dynamic routing on firewalls.
daemon@ATHENA.MIT.EDU (Joe Hamelin)
Thu Feb 5 20:02:44 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <E3C7ABA8-430C-470B-97F9-5C7573C93582@delong.com>
From: Joe Hamelin <joe@nethead.com>
Date: Thu, 5 Feb 2015 17:02:16 -0800
To: Owen DeLong <owen@delong.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> On Feb 5, 2015, at 2:49 PM, Ralph J.Mayer <rmayer@nerd-residenz.de> wrote:
> a router is a router and a firewall is a firewall.
> Especially a Cisco ASA is no router, period.
Man-o-man did I find that out when we had to renumber our network after we
got bought by the French.
Oh, I'll just pop on a secondary address on this interface... What?
Needed to go through fits just to get a hairpin route in the thing.
The ASA series is good at what it does, just don't plan on it acting like
router IOS.
--
Joe Hamelin, W7COM, Tulalip, WA, 360-474-7474
