Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,I've an issue packet reordering of packets with our 6509 sub720 and nat incombination with our asa and/or pix.Basically: when closing an (http) tcp session, quite often 2 packets arereordered (only) in de closing state. The client/server are p...
Hello all,Currently we use policy routing and ip nat inside/outside on the sub720/msfcin our 6509.In the lab i tried with our test-6509 to separate the policy routing and natby using a Loopback interface.That concept/test functional works, but doesn'...
Hello all,I have a lan2lan vpn on an ASA 5520 and am trying to limit the bandwidth of this tunnel going outside.I have created the following configuration, but it is not working:class-map 1.1.1.1_CM match tunnel-group 1.1.1.1 match flow ip destinatio...
Hello,I've found, what i think is a bug, in our CSM and want to share, and hopefully you've something to add (or solve?)cisco CSM software 4.2.11 on a 6509 chassis, software 12.2.18 SXF15aWhen configured a VIP with either ssl stickiness or regular st...
Hello,I'm testing an ACE module in a 6509 chassis. I am using ACE firmware c6ace-t1k9-mz.A2_2_0.bin. I use a script which replaces the variables of the following config with something unique to insert vips.Config:class-map match-all TEST_CLASS_%NUMBE...
Hi Ivan,I thought we were differentiating between traffic going through the tunnel and the encrypted packets (ipsec/ike) going to the internet (peer). Not traffic that is not going through the vpn tunnel.So what I really am trying to do, is limiting ...
Hi Ivan,By outside I mean indeed traffic to the internet.I think I have configured traffic through the tunnel at the moment.What I really would like to know, is what my faulty configuration should do and why it doesn't work...Regards,Tom
Hello, Thanks for your reaction and questions.I took only some "random samples" and noticed the difference (finally after "some hours" that:-Sticki configured VIP/serverfarm, accessed on the VIP will strip all tcp options.-accessing the real servers ...
Hello,I am using firmware c6ace-t1k9-mz.A2_2_0.bin. So I'm already having that and that is not the problem then... Still haven't found a reason why it takes so long...
Thank you. I did find the attribute map option, but the manuals and explanations that describe this feature all refer to group-settings (ACLs etc) that are _already configured_ on the ASA. They refer to a groupname or ACL-name that is "known" in the ...
