[c-nsp] Fwd: Cisco ASA and visible groups

Try to remove the "tunnel-group-list enable": ASAv#conf t ASAv(config)# webvpn ASAv(config-webvpn)# no tunnel-group-list enable -Dan On Thu, Feb 25, 2016 at 7:12 AM, Jason 'XenoPhage' Frisvold < xenoph...@godshell.com> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Greetings, > >

Re: [c-nsp] PBA best practices

Hi, We (for a fixed line fibre/DSL customers) run the following settings: - block size - 1024 ports - up to 4 blocks per sub - address sharing ratio - used to be 30:1, now moving to about 15:1 - tcp initial timeout - 60 sec, UDP - 60 sec. kind regards Pshem On Fri, 26 Feb 2016 at 12:56 Adam

[c-nsp] PBA best practices

Hi folks, Would like to ask regarding PBA best practices. From the documentation it was obvious that from a performance point of view using smaller number of larger pools is better than using large number of smaller pools. But how do I strike the balance? In other words what is the average

Re: [c-nsp] transport path-mtu-discovery - ME3600....too unpredictable to use?

Your safest approach is: > Your transport providers need to guarantee you a specific MTU and you > need to configure your router L3 interfaces with that number. If you only set your router tcp mss, that will work fine for BGP sessions but will not fragment transport data packets properly. You

[c-nsp] Cisco pptp server

Hi, I have a very strange problem (well at least to me). I have a cisco 1921 which serves as PPTP server. On server I have two different ISP's connections, ISP1 and ISP2. I have a default route to ISP1 and default route to ISP2 with tracking and higher metric. I have configured local policy

Re: [c-nsp] transport path-mtu-discovery - ME3600....too unpredictable to use?

Thanks for all the replies - Given our circumstances, I think the "safest/sanest" approach would be to disable PMTUD, and enable "ip tcp mss xxx" (Maybe 1300 or 1400). Cheers From: Nick Hilliard Sent: Thursday, 25 February 2016 6:35

[c-nsp] Cisco ASA and visible groups

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings, Hopefully there's a quick and easy answer to this... We're currently using group policies to identify the ip ranges, routes, acls, etc. for a given user. However, this means that anyone viewing the login page (which is open to

Re: [c-nsp] SSH public key authentication

Thanks Phil. Sorted then I guess. On Thu, 25 Feb 2016, 12:15 Phil Mayers wrote: > On 25/02/16 11:11, Tom Storey wrote: > > Playing with public key authentication on a 1811, and it seems that > > when trying to paste in my public key, it wont accept more than 254 > >

Re: [c-nsp] SSH public key authentication

On 25/02/16 11:11, Tom Storey wrote: Playing with public key authentication on a 1811, and it seems that when trying to paste in my public key, it wont accept more than 254 characters. The public key is longer than 254 characters, however. Just enter the hash. How does one go about

[c-nsp] SSH public key authentication

Playing with public key authentication on a 1811, and it seems that when trying to paste in my public key, it wont accept more than 254 characters. The public key is longer than 254 characters, however. How does one go about entering more than 254 characters? Im sure Im missing something really

Re: [c-nsp] NCS-5001 - MPLS L3VPN Issue

On 2/Feb/16 14:47, Mikael Abrahamsson wrote: > > I am not aware of any product the past 10-15 years that didn't have > serious bugs at first customer shipment. If you want something that > works, wait 1-2 years after first customer shipment and try it, then > it usually works. Now, at that