Jorge Diaz

<div>
it's a 5516-x, <br />
<br />
so same cert on both interfaces or i'd need a new cert?<br />
<br />
thanks
</div>


it's a 5516-x,

so same cert on both interfaces or i'd need a new cert?

thanks

<div>
Spot on!<br />
<br />
You simply enable the same certificate for the new ISP interface :)<br />
<br />
Pete
</div>


Spot on!

You simply enable the same certificate for the new ISP interface :)

Pete

<div>
<div class="content wysiwyg-content">
Hi there,<br />
<br />
so i'm looking to bring another isp line for backup purposes. because of budget constraints we're thinking about configuring another firewall's interface for with new new circuit settings and configure the fw for failover in the event the main connection goes down.<br />
<br />
Our network has gotten a little bit more technical over the years and now we have a lot of users connecting to the vpn using cisco anyconnect, some users access office resources (with split tunnel) &nbsp;and others to access cloud resources that white list our ip address (they use tunnel all). <br />
<br />
I know outbound traffic will work seamlessly if the even of fail over but i'm thinking in terms of incoming traffict:<br />
<br />
There are few items i still don't wrapt my head around, such as vpn access -- i assume we'd need to configure another dns A record with the new IP and add a different weight.<br />
what about the certificate? do i need to generate a new certificate to reflects both ip address to the same dns name?<br />
<br />
is there anything else i'm missing here?<br />
<br />
thanks for your help.
</div>
</div>


Hi there,

so i'm looking to bring another isp line for backup purposes. because of budget constraints we're thinking about configuring another firewall's interface for with new new circuit settings and configure the fw for failover in the event the main connection goes down.

Our network has gotten a little bit more technical over the years and now we have a lot of users connecting to the vpn using cisco anyconnect, some users access office resources (with split tunnel)  and others to access cloud resources that white list our ip address (they use tunnel all). 

I know outbound traffic will work seamlessly if the even of fail over but i'm thinking in terms of incoming traffict:

There are few items i still don't wrapt my head around, such as vpn access -- i assume we'd need to configure another dns A record with the new IP and add a different weight.
what about the certificate? do i need to generate a new certificate to reflects both ip address to the same dns name?

is there anything else i'm missing here?

thanks for your help.

Second ISP line question--

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

Networking

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.