While we are on this...
Is OTV still Cisco Proprietary? And still ASR1K and Nexus 7K support from
Cisco side?
Wouldn't it better to use L2TPv3 - and MACSEC if need to?
On Thu, Sep 24, 2015 at 2:40 PM, Luis Anzola wrote:
> Find below a very handy guide for the CSR1Kv and OTV:
>
>
> http://www.cis
---
> From: Roland Dobbins
> To: cisco-nsp@puck.nether.net
> Cc:
> Date: Tue, 18 Aug 2015 01:37:48 +0700
> Subject: Re: [c-nsp] Cisco IOS XRv (Virtual ASR9k)
> On 18 Aug 2015, at 1:36, Luan Nguyen wrote:
>
> > Thanks Harold...but from the link that Roland sent...there'
>
>
> Le 2015-08-17 14:08, « cisco-nsp on behalf of Luan Nguyen »
> a
> écrit :
>
> >Nice...thanks 5.3.1 is nice.
> >though i don't think people will have access to the file exchange? the
> >public link only has 5.1.2
> >
> >On Mon, A
Nice...thanks 5.3.1 is nice.
though i don't think people will have access to the file exchange? the
public link only has 5.1.2
On Mon, Aug 17, 2015 at 2:00 PM, Tim Densmore <
tdensm...@tarpit.cybermesa.com> wrote:
>
> https://upload.cisco.com/cgi-bin/swc/fileexg/main.cgi?CONTYPES=Cisco-IOS-XRv
>
In the Washington DC area, there's the HOV slug-lines where you can pick up
people for HOV, is there one for CCIE Party? :)
We have a big team going this year and not enough CCIEs to get all
in...anyone going solo, kindly drop me an email offlist? :)
Thanks.
Regards,
-lmn
_
Hello,
anyone use the loopback interface on the ASR 1000v to terminate VPN/DMVPN
tunnel? How does the loopback interface on the ASR1000v related to the
VMWare resources? say if i already have the max 10 vnics mapped to 10
gigethernet interfaces on the asr1000v, how does the loopback interface
come
If you're lucky to have a provider like NTT, who supports 5000 MTU within
their backbone, for site to site vpn, you could just jack up your MTU
setting on all tunnel-related interfaces to say 5000 MTU and avoid
fragmentation altogether.
On Thu, Feb 12, 2015 at 2:15 PM, Roland Dobbins wrote:
> On
Best place to be:
https://supportforums.cisco.com/community/5996/xr-os-and-platforms
Document tab as well as Blog tab will get you expert at IOS-XR in no time.
On Tue, Dec 16, 2014 at 10:49 AM, Scott Granados
wrote:
>
> Good morning,
>
> I have recently been exposed to some of the ASR hardware fo
Hi folks,
Anyone from the northern VA area has a couple extra of these? I'd like to
borrow for a couple days to see if they work in other vendors' equipment?
Believe it or not, Cisco' s one is much cheaper.
Thanks!
rg/lmn
___
cisco-nsp mailing list ci
Hi folks,
Can you use Cisco Learning Credits for ccie lab payment? seems like you
can't but not sure if your Cisco Account Manager can do something about
that?
Also, where do people get exam voucher from? Is that something your Cisco
Account team can provide?
We have some Cisco Learning Credits, a
Hi folks,
With the newest advisory for the ASA:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
We are thinking of going uniform with Cisco ASA 8.4.7. Looking at the
Resolved Caveats, lots of them got fixed:
http://www.cisco.com/en/US/docs/security/asa/a
People do this all the time: GRE/IPSEC back up to MPLS VPN.
Lots of service providers have managed service that does this for you.
With modern hardware, fragmentation shouldn't be a big deal. Most providers
have end to end jumbo frame so just need to be mindful of who does and who
don't.
Good luck.
Seriously doubt that it would be free.
On Thu, Oct 3, 2013 at 11:02 AM, Jason Lixfeld wrote:
> This should be free.
>
> On 2013-10-03, at 10:55 AM, Oliver Garraux wrote:
>
> > I will be really really interested to see what they do pricing wise on
> > VIRL. Hope its nothing crazy, I would love
Did someone get a chance to download whatever under XRv? it's "page not
available" currently.
If i remember correctly, my SE said you have to pay for it.
Beta is going right now and the list is long i was told. You have a better
chance of getting it from being leaked out then get on the beta.
Was
Do you know if you can do IPSEC with that as well? Or you would need
additional $10K IPSEC license?
Can it also do limited NAT? If so, what is the number before you add the 2M
license?
Can you run 1 RP2 with XE while the other IOS? Assuming they do have IOS
for ASR and features compatible (bug cras
Hi folks,
I have a couple of ASA 5540s that I couldn't console into: the cursor just
blinks. I tried all the baud rates listed but still no joy. These, I won't
be able to RMA them.
Any tricks to get the console to work?
Thanks in advance.
Regards,
-lmn
__
gt; From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> Luan Nguyen
> Sent: Sunday, April 21, 2013 10:04 AM
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] Sup2T rate limit
>
> Hi folks,
>
> From what I've been reading, I could do the followi
Hi folks,
>From what I've been reading, I could do the following to rate limit a vlan
to 100M
class-map match-all rate match any policy-map rate class rate police
1 3200 conform transmit exceed drop int vlan99
service-policy input rate
But show policy-map interface vlan99 detail doesn't
People run all sorts of routing protocols over the IPSEC/GRE tunnel
successfully (yeah, IPSEC to be more secure)...must be some configuration
errors then...
r/g
-lmn
On Thu, Dec 6, 2012 at 12:46 PM, Chris Lane wrote:
> We are working on setting up a test where we run a GRE tunnel across the
>
On Thu, Oct 28, 2010 at 3:19 PM, Justin M. Streiner wrote:
> On Thu, 28 Oct 2010, Luan Nguyen wrote:
>
> I guess I have to look into buying a 7200 as well.
>>
>
> Not knowing your situation or needs, would it make more sense to replace
> the FDDI gear with something t
Thanks guys.
I guess I have to look into buying a 7200 as well.
Regards,
-Luan
On Thu, Oct 28, 2010 at 2:25 PM, Mikael Abrahamsson wrote:
> On Thu, 28 Oct 2010, Luan Nguyen wrote:
>
> Hi folks,
>>
>> Anyone has a FDDI PA VIP2 card for the 7200VXR series router that I ca
Hi folks,
Anyone has a FDDI PA VIP2 card for the 7200VXR series router that I can
buy?
Thanks.
-Luan
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/c
If money is not an issue, then I would suggest OPNET NetMapper. We had them
come in and did a demo. We like it.
Regards,
-lmn
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of John Neiberger
Sent: Thursday, August 12, 2010
I have those ISR2 (M1) as well as ASR1002 running DMVPN and don't have those
ghost tunnels. Must be for some other services such as multicast.
Try to remove them with no interface tunnel 0, and I think the router will
tell you why you couldn't.
Regards,
-Luan
-Original Message-
From: ci
Maybe class-default only allow traffic initiate from the zone and not return
traffic? Check your log again...
Try your "Or", and try upgrade to T3 see if that makes a different.
--
Luan Nguyen
Chesapeake NetCraf
EIGRP configuration to see if you have thing like eigrp stub
connected :)
-
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
-
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Beha
ezp.ods.org]
Sent: Wednesday, April 21, 2010 2:04 PM
To: Luan Nguyen; 'Engelhard'; rod...@cisco.com; Erik Witkop
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] DMVPN scalability question on the 28XX ISR's
On Wed, 21 Apr 2010 06:35:37 -0700, Luan Nguyen
wrote:
> In this case, a
Like someone else said, if you don't have to run dynamic routing protocol,
then ODR or static would do wonder. In this case, a dual hub
(loadshare/backup) for 1000+ spokes would be just fine.
With EIGRP, you could safely do 500+ spokes per ASR. A few years back,
either Cisco did some tests and fo
oud.
30 CPEs DMVPN shouldn't be a concern provisioning/managing wise.
-------
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
-
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net]
Try using the offset list command.
Regards,
-
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Pan
This link should provide some guidance regarding HULC running process.
http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note091
86a00807213f5.shtml
-Luan
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf O
/IPSEC with ~90%CPU
The VSA has much better performance BTW.
Regards,
-
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
-
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf
t net file.
-
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
[Web] http://www.netcraftsmen.net
[AIM/YIM/GTalk] luancnc
-
-Original Message-
From: Jason LeBlanc [mailto:jasonlebl...@gmail.com]
Sent: Tuesday, January 26, 2010 7:48 PM
To: Luan Nguyen
.etc.
With GNS3/Dynagen, you could probably test this whole thing out in your
labtop.
-------
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
[Web] http://www.netcraftsmen.net
---
-Original Message-
From: cisco-nsp-boun...@
I would suggest opening a TAC case.
Also, for NAC related problem, the cleanacc...@listserv.muohio.edu would be
a better place to ask questions.
Regards,
--
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
[Web] http://www.netcraftsmen.net
I think the problem is because your VRF Red doesn't have route to the LAN.
If [LAN] is switch, then you could try to create a route in VRF Red for the
LAN network with the next hop is the IP address of the switch.
Regards,
Luan Nguyen
Chesapeake NetCraftsmen
remote
site and the Internet, or as a push client receiving content from a central
site.
Hope that help.
Regards,
--
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
http://www.netcraftsmen.net
-
-Original Message-
From: cisco-nsp
You might want to check this link out:
http://wiki.nil.com/Multihomed_MPLS_VPN_sites_running_EIGRP
Regards,
---
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
http://www.netcraftsmen.net
--
-Original Message-
From: cisco-nsp-boun
So you are talking about NAT after GRE? You certainly could NAT and then
GRE-encapsulated the NATTED traffic?
Regards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
http://www.netcraftsmen.net
-Original Message-
From
No?
I remember doing overlapping RFC1918 sites for GRE/IPSEC VPN.
Regards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
http://www.netcraftsmen.net
---
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
,
---
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
http://www.netcraftsmen.net
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jay Nakamura
Sent: Thursday, July 30, 2009 1:55 PM
DMVPN/EIGRP. You could do direct
spoke-spoke communication as well.
Regards,
-
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
http://www.netcraftsmen.net
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
Very creative use of secondary addresses! :)
Regards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
http://www.netcraftsmen.net
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun
,
---
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
http://www.netcraftsmen.net
-
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Clue Store
Sent: Friday, July 17, 2009 12:47 PM
To: cisco-nsp
You could also use a GRE tunnel for the connection as well.
Jeff is right that this topic keeps coming up every so often. I wonder why
Cisco won't just make this easier for people.
--
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
300
ip route 0.0.0.0 0.0.0.0 y.y.y.y 250
!
HTH.
Regards,
-
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
[Web] http://www.netcraftsmen.net
You could put Fa0 into a VLAN and use that for the cable modem connection.
There's no option for "no switchport" and turn it into a layer 3 interface.
Regards,
-----
Luan Nguyen
Chesapeake NetCraft
There's a configuration guide here:
http://www.cisco.com/en/US/products/ps6496/products_configuration_example091
86a0080720346.shtml
According to, 877 should be supported.
Regards,
-
Luan Nguyen
Chesa
NPE-225 I think is the max you could go.
Regards,
-
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
[Web] http://www.netcraftsmen.net
f the customer already used GRE/IPSEC, then in my opinion, it's easier to
migrate into DMVPN than GET-VPN.
Regards,
-
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
[Web] http://www.netcraftsmen.net
[Blog]
gards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
[Web] http://www.netcraftsmen.net
[Blog] http://cnc-networksecurity.blogspot.com/
[Mobile] 703-953-9116
+
-Original Message-
From: cisco-nsp-boun...@puck.nethe
Hi folks,
Anyone tried the SSL-3 VPN encryption card on a 2800 series before?
Thanks.
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
[W] http://www.netcraftsmen.net <http://www.netcraftsmen.net/>
[M] l...@netcraftsmen.net
[Blog] http://cnc-networksecurity.blogsp
Going a bit further...how's about looking at those benchmarking RFCs
http://www.ietf.org/html.charters/bmwg-charter.html
In particular
http://www.ietf.org/rfc/rfc2544.txt
for the 1861 and
http://www.ietf.org/rfc/rfc3511.txt
for the ASA
Regards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
[W]
Things point to Cradlepoint don't they? I've used Digi ConnectPort with
lots of success.
Or go with the 3G-Wireless HWIC card or ask VzW for a static IP address.
The last thing would be to use object tracking in conjunction with EEM to
solve your problem.
Regards,
Luan Nguyen
Regards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
[W] http://www.netcraftsmen.net
[M] l...@netcraftsmen.net
[Blog] http://cnc-networksecurity.blogspot.com/
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mark Kent
Sent:
Uhm, that's split-tunneling.
If you want to use internet at the router site then follow this guide:
http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration
_example09186a008073b06b.shtml
Regards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
[W] http://www.netcraftsmen.net
Create ACL 101 permit 10.0.0.0 0.0.0.255 any
Then under the " crypto isakmp client configuration group SomeVPN"
Add "ACL 101"
Regards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
[W] http://www.netcraftsmen.net
[M] l...@netcraftsmen.net
[Blog] http://cnc-networks
, but it looks like any other serial
T1/E1 interfaces.
Regards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Justin Shore
Sent: Friday, December 19, 2008
ork [tunnel interface ip network] area 0
!
router bgp 65535
address-family ipv4 vrf CUSTOMER1
redistribute ospf 1 vrf CUSTOMER1 route-map redis-ospf-to-bgp-vrf
Regards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-Original Message-
From: Tim Durack [mailto:t
destination x.x.x.x
If you have a lot of customers (a lot of VRFs), then maybe try DMVPN
configuration with the global being the hub and each spokes in their own
unique VRF...just a thought :)
Regards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-Original Message-
From
Maybe give storm-control with pps keyword a try.
http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/1
2.2_25_see/configuration/guide/swtrafc.html#wp1241484
Regards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-Original Message-
From: cisco-nsp
Here's an old post on this topic:
http://puck.nether.net/pipermail/cisco-nsp/2008-August/053334.html
Also, I heard it's going to be implemented beginning 12.5T
Regards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-Original Message-
From: cisc
you have a few customers and want to consolidate them into a single hub
router, then I would just add the tunnels into their own VRFs, the spokes
can be left alone. Depends on the routing protocol you use, and what access
you want to give, you need to route inter/intra VRFs accordingly at the hub.
/docs/solutions/Enterprise/Data_Center/DC_Infra2_5
/DCI_SRND.pdf
Which give lots of design guides on VSS.
Regards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pavel Skovajsa
Sent: M
Just change your A end to use dynamic map.
http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration
_example09186a0080094680.shtml
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
IPSEC tunnel mode without DMVPN as well, just make sure the other
side configured for dynamic crypto map.
Regards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thu
Neighbor allowas-in
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stephens, Jamie A
Sent: Thursday, November 06, 2008 9:18 AM
To: cisco-nsp
Subject: [c-nsp] BGP Question
Is there a
-aes 256 esp-sha-hmac
mode transport
!
crypto ipsec profile foo
set transform-set TEST
set pfs group5
!
Int tun202
No crypto map
tunnel protection ipsec profile foo
Then route over the tunnel accordingly...intstead of using ACL to match
traffic.
Regards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC
Maybe try using the global commands
no vpn-addr-assign local
no vpn-addr-assign aaa
vpn-addr-assign dhcp
And under tunnel-group COMPANY-TUNNEL-GROUP general-attributes
Add: default-group-policy COMPANY-REMOTE-ACCESS
Regards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
it's directly from the MPLS cloud, they still have to
route around and around in their networks since Internet and MPLS are from
Verizon Business.
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
ww.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00
800d6979.shtml#t3
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
(blog) http://ccie-security.blogspot.com/
(e) [EMAIL PROTECTED]
(aim/yahoo): luancnc
-Original Message-
From: [EMAIL PROTECTED]
http://www.cisco.com/en/US/products/hw/switches/ps628/products_password_reco
very09186a0080094184.shtml
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
(e) [EMAIL PROTECTED]
(aim/yahoo): luancnc
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
software/releas
e/12.2_37_se/release/notes/OL12616.html
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, October 16, 2008 8:38 PM
To: cisco-nsp@puck.nether.
-Original Message-
From: Ted Mittelstaedt [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 15, 2008 12:01 PM
To: Luan Nguyen; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] OK, what is a cheap and dirty hack to test a port
> -Original Message-
> From: Luan Nguyen [
they are cross connected by the
DACS at the central office. Verizon said they have to be in sync.
Something must have happen for them to be out of sync after all these years.
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-Original Message-
From: Paul G. Timmins [mailto:[
they
break in the circuit for testing.
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lamar Owen
Sent: Wednesday, October 15, 2008 10:37 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] OK,
It's on fiber. I asked if we could get network timing from them, but they
said no, not on this type of circuit.
Also, this circuit has been working for years with the same setting :)
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-Original Message-
From: [
out the
rate of your line.
They swapped one smart jack, but that didn't help, so they will swap the
other today. Hopefully that will do it.
Good information here about troubleshooting T1
http://www.informit.com/library/content.aspx?b=Troubleshooting_Remote_Access
&seqNum=61
Luan N
Yes you can. I used to do that with 2 VRF-Lites on 2 DMVPN tunnels.
Platform doesn't make any different.
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gary Roberton
Sent: Thu
s6537/ps6586/ps6635/ps7
180/product_data_sheet0900aecd80582067.html.
The CE-to-CE routing remains the same, with added security.
-
Luan Nguyen
Chesa
Perhaps set a static route for xx.xx.xx.xx (where you get your default
route) in your server?
-
Luan Nguyen
Senior Network Engineer
Mobile: 703-953
0% CPU :)
Luan
---------
Luan Nguyen
Senior Network Engineer
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-
-Original Message---
-
Luan Nguyen
Senior Network Engineer
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
.
-
Luan Nguyen
Senior Network Engineer
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
the ASA address and z.z.z.z is your router behind it.
-Luan
-
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
First try Cisco:
http://www.cisco.com/en/US/products/ps6128/tsd_products_support_series_home.
html
http://cisconac.blogspot.com/
One of my coworker's blog - he's excellent with NAC deployment.
http://cnc-networksecurity.blogspot.com/
Mailing list:
http://listserv.muohio.edu/scripts/wa.exe?A0=cl
You could try to configure 2 ISAKMP profiles: one use CA, one use
pre-shared. Then configure 2 IPSEC profiles accordingly.
-Luan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, September 10, 2008 10:07 AM
To: cisco-ns
Hello,
According to this document:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgna
t.html#wp1042725
If you NAT to a pool of address, then this pool of address will be advertise
to the upstream router automatically.
I have the set up: Router5---outside-ASA-in
Hello,
Anyone using an analog modem connected to an AUX port for dial backup? In
case your T1 primary link fails? The hard part is: Can you use that modem
for dialin to manage your router when not using the Dial backup?
Thanks.
Luan Nguyen
http
I have 7.2.2 and using your config along with
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805e8c80.shtml
everything is working fine for me.
-lmn
P.S It's nice to see Peter ventures down CPE lane :)
On Tue, Jun 3, 2008 at 6:49 AM, Sergey Alexanov
Enno Rey <[EMAIL PROTECTED]> wrote:
> Hi,
>
> On Tue, Jun 03, 2008 at 01:37:30PM -0400, Luan Nguyen wrote:
> > The problem is when someone contacted your protectedserver, you need to
> > allow the counter flow of that.
> > For example, you need to have: permit t
The problem is when someone contacted your protectedserver, you need to
allow the counter flow of that.
For example, you need to have: permit tcp host PROTECTEDSERVER eq 80 any gt
1024 so that the web counter flow will work (counter flow of this line:
permit tcp any host PROTECTEDSERVER eq 80)
-
You have to have EIGRP redistribute into BGP as well?
Once in the BGP table, local redistribute routes will have a weight of 32768
which will be prefered over the EBGP weight of 0. I remember reading over
at the Netpro forum and someone said that it's a racing condition: EIGRP
converge faster and
I would say you need to use CBWFQ for this.
Create an ACL match everything or whatever interested you out of your
network and assigned to a class-map, then create a policy map
policy-map out
class out
bandwidth 10M
shape peak 13M
interface WAN
service out out
-lmn
On Thu, Apr 24, 2008 at 6:48 PM,
Very interesting. I have a problem with having an ethernet in global doing
NAT over a VRF, and the vrf doesn't know how to get to the ethernet LAN
segment in the global.
I was thinking of just doing:" ip route vrf whatever 1.1.1.0 255.255.255.0
3.3.3.3 global, where 3.3.3.3 is just some bogus none
Don't think that 12.4.15T3 has VRF support for BFD.
Maybe try 12.2.33SRC (depends on what kind of routers you have)
I had a configuration like that and didn't work for me. Mine isn't a PE-CE
kind so didn't bother with SRC code.
-lmn
On Wed, Feb 27, 2008 at 11:34 PM, Stephen Fulton <[EMAIL PROTECT
My guess would be "private-vlan"
Can you do a "show vlan private-vlan" and see?
-lmn
On Thu, Feb 21, 2008 at 10:30 AM, Christian Bering <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> When a "show ip arp" shows the following:
>
> Protocol Address Age (min) Hardware Addr Type Interface
>
1800/2800 should have no problem handling T1 VPN. Use AIM-SSL1/SSL2
encryption cards for them. Tag on Zone-base FW and IOS IPS and your
customer should feel "safe" :)
-lmn
On Feb 20, 2008 11:48 AM, Adam Greene <[EMAIL PROTECTED]> wrote:
> Hi,
>
> A customer of ours has two sites, one with an 1
Hello,
Has anyone successfully used port-channel on a 3800 series router before? I
could configure it, and it seems to be okay. I haven't try to see if it
actually load-share traffics, but a simple ping test /shutdown one interface
works fine.
But according to Cisco, this is not supported?
htt
1 - 100 of 114 matches
Mail list logo
