Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I was wondering if in a EWS circuit, does the MPLS PE Router learn the MAC-Address or is it dependent on the way the Circuit is configured i.e. Type-4 and Type-5 or Sub-interface based or SVI based. Is there any way this MAC-learning can be disabled....
Is it possible to connect 2 Routers Back to back using HSSI using CAB=HSI1 instead of CAB=HNUL. The Interface card on each router is a PA-H. Any body has any ideas ?
Hi I have a small query. When router sends a Radius request, does it send all the attributes ( all IETF attributes) ? If no , then can i force the router to send some attributes. The Problem is when i have a radius which will authenticate only with ...
Hi Few clarifications needed on DPDi) Diff btn IKE keepalives and Dead Peer Detection using crypto isakmp keepaliveii) Say i have an IPSec to a router and i isolate all the interfaces in the router would the keepalives work and bring the IPSec down. ...
HiHas anyone tried Reverse route injection on SUp720/MSFC3 on a 7604 Router. I have been trying to implement the same and either the router crashes when the IPSec is cleared or the injected reverse route is never removed. Has anyone ever faced such ...
Some useful commands on Cisco will besh crypto isakmp sash crypto ipsec sa detaildebug crypto isakmp debug crypto ipsecThere are lots of links in Cisco for troubleshooting IPSEC - You may find them using the search option and there are enough posts i...
PoojaThat is not true...AS long as you have IPSEC applied on the logical interface/GRE, it should suffice...I hope your crypto ACL is not encrypting the GRE traffic itself in which case what you are doing will be GRE over IPSEC and the crypto map nee...
James,It looks like a MTU issue. One of the options you could certainly try is to do a crypto map XXXX df-bit clear which will ensure that the IPSEC header is not fragmented.Another options is to modify the MSS of the packet using ip tcp adjust-mss o...
Another thing in the ACL you would change is deny traffic from IPSEC Source IP to IPSEC Destination IP so that the IKE negotiation happens else your IPSEC itself will not come up. If you want to run EIGRP over IPSEC, maybe you should explore Virtual ...
