Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,I am trying to create a DMVPN design with 2 hubs, 1 primary and 1 backup, and several spokes. I have been reading of the difficulty of terminating a DMVPN tunnel onto an HSRP address and indeed I have not been able to get this to work. I have,...
I have a 7206 router with multiple static site-to-site VPN tunnels to partner companies. Each of these companies needs their own secure encrypted traffic and using DMVPN is not an option. Currently, all tunnels are defined in one crypto map and the...
Hi,I was wondering if someone could help me determine the limitations of using a failover-only PIX in standalone mode. I was reading this page: http://www.cisco.com/en/US/docs/security/pix/pix61/configuration/guide/failover.html and in the Failover ...
While attempting a manual upgrade of the code on my css 11500 I (apparently successfully) copied a compressed adi file from an ftp server to the boot-image using the following command: copy ftp DEFAULT_FTP <filename> boot-image. The copy finishes su...
Thank you for your response.I tried configuring the DMVPN to terminate on the HSRP address but was not able to bring up the tunnel. I would see an active SA in the QM_IDLE state for exactly 1 minute, but even during this time I was not able to route...
Also, you should ensure that nat traversal is enabled, which it should be by default. It's one of those commands that does not show up in the config when it's enabled. To turn it on use: crypto isakmp nat-traversal. The 'no' form of the command w...
Hello John,The IP address you used is correct in my scenario. The public IP address, which is a static NAT on the FWSM, is the same address that the 2811 is pointing to, which is indeed redirected to the 7206. Sorry for not making that clear, and k...
Hi John,Thanks for your reply. Could you explain how interesting traffic is defined in your example?Also, the remote termination point may not be Cisco equipment. The tunnels are connected with other companies and we have no control over what kind ...
