On Fri, 23 May 2008, Jarrod Friedland wrote:
Can I run a 6509 with 1 x 1300W and 1 x 1800W (redundant)? Are the issues
with doing this we should be aware of? I have asked this question of cisco
integrators however all we get is The engineers have put their heads
together and say NO
I've
Hey Guys,
Is there a Cisco feature such as the feature navigator for the Cisco ASA
series appliances?
I am trying to determine the features that we are licensed for, in
particular the amount of VPN SSL connections that are allowed with our
current license.
Cheers,
Aaron.
Show Ver tells you
eg
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs: 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES :
Ahh of course Web VPN peers :)
Thanks mate.
Aaron.
-Original Message-
From: Alasdair Gow [mailto:[EMAIL PROTECTED]
Sent: Friday, May 23, 2008 3:21 PM
To: aaron
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASA SSL VPN License
Show Ver tells you
eg
Licensed features for this
On Thu, 22 May 2008, Eric Cables wrote:
The above, however, doesn't seem to work in some cases. Users as these
sites complain of intermittent connectivity problems, which seem to be
solved rather quickly by reducing the IP MTU, and configuring TCP
adjust-mss. I do have concern as to why
Hi,
I am trying to determine the features that we are licensed for, in
particular the amount of VPN SSL connections that are allowed with our
current license.
shouldnt the ASDM front page info for the device also tell you?
alan
___
cisco-nsp
Hi All
I have router A receiving network 80.0.0.0 from router 1 and router 2.
Router 2 weights its metric so that it is less favourable.
In router A's BGP table I can see both routes and the route from Router 1 is
placed in the global routing table. Fine.
When you turn off Router1, Router A
The only documentation I've been able to find is the following
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html
Useful for the product number for upgrading a base 5510 to sec plus :D
Down towards the bottom of the page.
Cheers,
Alasdair
aaron wrote:
Hey Guys,
Is there a Cisco feature such as the feature navigator for the Cisco ASA
series appliances?
show version will tell you what you already have.
A related question though: how do you find out which licenses add what?
I recently wanted an unrestricted DMZ (but not
It does but not immediately,
you need to click on license in the device dashboard.
Regards,
Alasdair
[EMAIL PROTECTED] wrote:
Hi,
I am trying to determine the features that we are licensed for, in
particular the amount of VPN SSL connections that are allowed with our
current license.
Hi,
On May 22, 2008, at 18:26, Jason Berenson wrote:
- We prioritize signaling because if one starts to lose OPTIONS
messages
for example the call will be torn down.
- How can I run that without an ACL?
- Nothing useful in the logs and nothing gets printed to console. We
need to have
Hi,
On May 22, 2008, at 21:04, Eric Cables wrote:
I've read all of the DMVPN documentation (design guide / best
practices) I
can find, along with the Resolve IP Fragmentation, MTU, MSS, and
PMTUD
Issues with GRE and IPSEC document on cisco.com, but I'm still
having some
trouble finding a
Hi,
We running different power supplies on one of our 6509 for years,
no problems with that configuration:
yes, you just need to be very careful that your blades dont
draw too much power for the one not in use. eg if you are currently
on a 2500W supply...and that fails , leaving you with
On Fri, May 23, 2008 at 11:51:50AM +1000, Jarrod Friedland wrote:
Hi All
We have a 6509 with 2 x 1300W power supplies? rephrase we had :) - anyway,
one of the power supplies has died, we are sourcing a replacement however,
in the meantime I have another 6509 sitting next to me however it has
Alexandre Snarskii wrote:
On Fri, May 23, 2008 at 11:51:50AM +1000, Jarrod Friedland wrote:
Hi All
We have a 6509 with 2 x 1300W power supplies? rephrase we had :) - anyway,
one of the power supplies has died, we are sourcing a replacement however,
in the meantime I have another 6509
On Fri, May 23, 2008 at 11:51:30AM +0100, [EMAIL PROTECTED] wrote:
Hi,
We running different power supplies on one of our 6509 for years,
no problems with that configuration:
yes, you just need to be very careful that your blades dont
draw too much power for the one not in use. eg if
On Fri, May 23, 2008 at 10:21 AM, Gary Roberton
[EMAIL PROTECTED] wrote:
Hi All
I have router A receiving network 80.0.0.0 from router 1 and router 2.
Router 2 weights its metric so that it is less favourable.
In router A's BGP table I can see both routes and the route from Router 1 is
Gary Roberton wrote:
I have router A receiving network 80.0.0.0 from router 1 and router 2.
Router 2 weights its metric so that it is less favourable.
Are routers 1 and 2 in your AS, or in another AS? Also, please clarify
'weights its metric' - do you mean it adjusts weight, it adjusts
On May 22, 2008, at 6:06 PM, Jason Berenson wrote:
7206 NPE-G1
PA-A3-OC3MM
c7200-is-mz.124-19.bin
Been down this path several times, so hopefully this helps.
Have you tried using a hierarchal QoS policy? Also you may want to
set your tx-ring-limit to the minimum, ie: 3 or you might have
Robert Blayzor wrote:
class-map match-any voip-sig
match ip dscp af31 cs5
class-map match-any voip-rtp
match ip dscp cs3 ef
!
policy-map max-voice
class voip-rtp
priority percent 70
class voip-sig
bandwidth percent 5
class class-default
fair-queue
All
The network in question is actually 90.0.0.0. All routers are in their own
separate AS. The route in question is a connected network not
redistributed.
To make it clearer;
Router X has network 90.0.0.0 connected
Router X advertises to both Router1 and Router2.
Router 1 sends it on to
On Fri, 23 May 2008, Jarrod Friedland wrote:
Can I run a 6509 with 1 x 1300W and 1 x 1800W (redundant)? Are the issues
with doing this we should be aware of? I have asked this question of cisco
integrators however all we get is The engineers have put their heads
together and say NO
I don't
John Kougoulos wrote:
On Thu, 22 May 2008, Eric Cables wrote:
The above, however, doesn't seem to work in some cases. Users as these
sites complain of intermittent connectivity problems, which seem to be
solved rather quickly by reducing the IP MTU, and configuring TCP
adjust-mss. I
On a somewhat related note... we have a 6509 that was somehow
originally wired for 110v, so we're only getting half the power rating
out of them. I have new 220v mains, plugs, and cables ready... can they
be bumped over one at a time hot, or does it have to be down cold?
Seems to be a similar
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note0918
6a008015bfa8.shtml
There is no such thing as an 1800W Power Supply. The 1300W is what is
delivered to power line cards. The 1800W is the total supply requirement.
The above url discusses both this as well as what happens
IME, something in the chain blocking icmp packet-too-big messages will
cause problems. I've tried to explain to some people we network with
that blocking all icmp is not a good idea, tcp/ip needs certain types
allowed to work properly. In this case for PMTUD (path MTU discovery)
to work.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On Fri, 23 May 2008 10:45:53 -0400
Jeff Kell [EMAIL PROTECTED] wrote:
Seems to be a similar issue -- you'll have two power supplies giving you
two different delivered power amounts in the same chassis.
we upgraded 3.000 W power supplys to
Setting the metric is not going to affect your BGP route selection.
On router A you can set the weight
Or on router 2 you can prepend an AS.(you could have used local preference if
the as was the same)
Check out
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094431.shtml
Jeff,
I've done this before but one of the power supplies was sufficient to
run the chassis
What you need to do
1 - set the power to combined mode ( since the PS units will not match )
2 - remove one of the power supplies 110V cable
3 - install the 'new' power supply cable
4 - power it up and
Gary Roberton wrote:
Router A BGP table entry is shown here;
* 90.0.0.0 http://90.0.0.0 10.40.1.6
http://10.40.1.6 50 0 64604 1000 i
* 10.40.1.2
http://10.40.1.2 0 64603 1000 i
Paths come from different
Jeff wrote;
On a somewhat related note... we have a 6509 that was somehow
originally wired for 110v, so we're only getting half the power rating
out of them. I have new 220v mains, plugs, and cables ready... can they
be bumped over one at a time hot, or does it have to be down cold?
I
Pete
To clarify - if I just adjust the local preference on the receiving router,
that should do it?
But if I didn't have an admin control of the receiving router I would do it
on the advertising router by requesting a community.
Just sanity checking...
On Fri, May 23, 2008 at 4:53 PM, Pete
Update - used local preference set on the receiving router and got the
behaviour I wanted. Thanks to all for help and suggestions. I did it using
set local-pref on a route map of the receiving router.
Cheers
Have a good weekend.
Gary
On Fri, May 23, 2008 at 4:58 PM, Gary Roberton [EMAIL
I use two different tweaks here to make sure stuff like this works as you
desire. One I use 'bgp bestpath compare-routerid' so I can pretty much tell
which way things are going, as if not it will stay as you say in the oldest
pathway even when things come back. By also adding this comparison
On Fri, May 23, 2008 at 2:31 PM, Robert Blayzor [EMAIL PROTECTED] wrote:
On May 22, 2008, at 6:06 PM, Jason Berenson wrote:
7206 NPE-G1
PA-A3-OC3MM
c7200-is-mz.124-19.bin
I usually use IOS-es with a j instead of i, but I hope any 12.4 has QoS...
Been down this path several times, so
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ Apologies to those of you who receive this note in multiple forums. ]
Hello all,
I wanted to drop a quick note to everyone and explain how/why things
took so long and I deeply apologize for the service interruption.
Apparently the machine hosting
Hi,
Hi,
Does anyone know of a good discussion list for the RADIUS protocol?
I've got a deep down protocol question I can't seem to find the answer to,
and of the resources I've tried I can't find the answer. (It has nothing to
do with a Cisco piece of gear, but I figured there
Tuc at T-B-O-H.NET wrote:
Hi,
Hi,
Does anyone know of a good discussion list for the RADIUS protocol?
You could try the freeradius list. You could also try the freeradius server.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Join the free-radius list. Alan Dekok, the principle author of the
FreeRADIUS suite knows RADIUS inside and out. He'd most certainly be
able to answer your question.
http://www.freeradius.org/list/index.html
On 23-May-08, at 5:18 PM, Tuc at T-B-O-H.NET wrote:
Hi,
Does anyone know
Why don't you just ask your question, and if anyone can help you or point
you in the right direction we will? I know you said it is not a Cisco
product question, but there have been enough emails already that initially
asking the question, but asking for direct replies instead of to the list
Hello All,
I have run into a baffling wall and after 4 days or tinkering and
reading online I am turning to you hoping that you might be of
assistance. I have a Cat6509 w/ SUP2/MSFC2 that I converted from Hybrid
mode to Native mode following these instructions to the letter:
Scenario:
IPSec LAN-to-LAN tunnel between two ASA appliances, both running 7.2(3).
Remote site has an E-1 connection and a backup via DSL, set up with
track commands for default routes. Tracking is working as verified by
Internet traffic switching successfully to backup link and back.
VPN
As far as I am aware (from years of working at ISP's), neither will a
RADIUS server send nor most NAS devices ever check the status of any
attribute post login (I don't even think they can, but it's been a
long time since I've read the RFC's). Meaning, if you change the
session timeout, it
Hi Justin,
Thanks, thats pretty much what I understood. I was hoping that
maybe while I was sending Accounting-Request packets with interim updates
to time and input/output octets, that I was reading the Accounting-Reply
wrong and potentially could get some sort of a notification that
\On May 23, 2008, at 10:47 PM, Tuc at T-B-O-H.NET wrote:
Hi,
What it boils down to is that when you auth, you have the potential
for a Session-Timeout reply. Lets say its 120 minutes. You get
back that
you are authorized with that attribute.
You send the accounting start
Hello,
I remember that one of the big features of the 7200VXR series was the
new TDM bus which would enable TDM switching between cards. I have
never needed to use it, but now it would come in handy. I have found
lots of marketing info on Cisco's website, but no cookbook configs.
Here is the
On Fri, 23 May 2008, Kaj Niemi wrote:
My experience has been that, instead of playing with interface/server MTUs,
simply setting ip tcp adjust-mss 1300 on any customer ingress interface
(very, very, very conservative) resolves any issues. Most issues in a typical
rollout seem to originate
47 matches
Mail list logo
