About egl.davidfarrell

egl.davidfarrell · 10-02-2009

Hello everyone, I've come across a strange issue with a VPN running between 2 2600 routers. This affects only one of the two routers.Basically, there is an intermittant failure of ISKMP negotiation. An ACL is filtering the 'outside' interface, though...

egl.davidfarrell · 06-23-2009

Hi all,This is a topic that has come up for discussion within our team a couple of times during the last few months. I wondered what other people's thoughts were on this subject - whether to use seperate physical hardware or VLANs for the creation an...

egl.davidfarrell · 06-05-2009

Hi,I have a reverse proxy which is performing SSL offload and making backend connections to two web servers. Between the reverse proxy and the two webservers, a CSS is in place to load balance between the web servers. There is a requirement for sessi...

egl.davidfarrell · 06-03-2010

Hi there,You are not alone, we've been experiencing exact same problem since April on CSS11503. We have a few of these and associated this with the upgrade to 8.20.4.2. These had also been stable for years beforehand. We have a TAC case and have enab...

egl.davidfarrell · 04-16-2010

Hi,I suspect, though can't confirm (I have no packet captures) that the CSS was initially supporting window scaling when the connection is spoofed client to CSS but that this was not being replicated on the backend. As such, the server was sending a ...

egl.davidfarrell · 04-15-2010

Hi folks,We are also seeing issues after upgrade to 8.20.4.02 with window scaling where clients are attempting to use window scaling and the servers do not support window scaling. With the new feature being enabled by default we also saw the TCP wind...

egl.davidfarrell · 10-02-2009

Hi thanks for the response. The ACL is as follows;ip access-list extended OUTSIDE_ACL_IN permit ip host x.x.x.x host y.y.y.y permit esp host x.x.x.x host y.y.y.y permit udp host x.x.x.x eq isakmp host y.y.y.y eq isakmp permit udp host x.x.x.x eq non5...

egl.davidfarrell · 10-02-2009

No, this is all in software. The VPN is very low throughput. I should also add that this is using VRF-aware IPSec, and the ACL is applied inbound on the front-door interface which is in the global routing table. Thanks!

Member Since	‎06-04-2009 02:02 AM
Date Last Visited	‎08-18-2017 03:54 AM
Posts	12

User Statistics

User Activity

Intermittant Issue with ISAKMP and ACLs on 2600 routers

Physical or VLAN isolation for DMZ networks?

Arrowpoint Cookies, Reverse Proxy and Multiplexed Client Requests

Re: CSS 11503 primary cannot respond

Re: CSS arrowpoint cookies: TCP window abruptly reduced

Re: CSS arrowpoint cookies: TCP window abruptly reduced

Re: Intermittant Issue with ISAKMP and ACLs on 2600 routers

Re: Intermittant Issue with ISAKMP and ACLs on 2600 routers