Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
The multicast configuration guide for NXOS 9.2 on N9K switches says at the top of the PIM chapter:
"For PIM Bidir, you must configure the ACL TCAM region size using the hardware access-list tcam region mcast-bidir command"
I am configuring PIM Bi...
I note that the Configuration Guide for ACI v4 says
Forward Error Correction (FEC) is enabled for all 100G transceivers by default. Do not use QSFP-100G-LR4-S / QSFP-100G-LR4 transceivers for multipod configuration.
Since I intend to use QSFP-100...
In ACI v4, what is the default PC or VPC load balancing method on access interfaces? I've looked hard in the documentation and all I can see is references to changing to a symmetric hash. I guess the default is asymmetric, but based on what, exactl...
We have a scenario which requires us to deploy multiple CSR1000V appliances as IPSec headend devices inside an AWS VPC subnet that has no internet or NAT gateway route (by design), and its only external connection is to a private network accessible v...
I have worked my way through the CSR1000v Deployment Guide for AWS using a pair of CSR1000v routers running 16.05.01b, and this works fine using the post-16.3 syntax, i.e.
redundancy cloud provider aws 1 bfd peer aa.bb.cc.dd route-table rtb-xxxxxxxx...
Thanks for the response. I had noticed that, but it only applies if you set the symmetric load-balancing option. My question was what is it if you don't? On further reading, I see the default mechanisms are stated in the ACI Fundamentals guide und...
Hi jakrupa
Thanks for the heads-up on this. If we are also seeing it with 9.6(2) as well, is there any known version of ASA code that does work with a native IPSec client and PRF SHA2?
No - nothing at all as far as I can see. The only relevant logs I can find are attached. I have enabled some additional audit event logging options under group policies, but they add nothing of any value (e.g. IPSec main mode failure, IPSec quick m...
The signature and hash used on all the certificates involved are sha1RSA and sha1 respectively.All I get from the openssl command, even with verbose option requested is: $ openssl verify -verbose -purpose sslserver -CAfile CA.cer ASA-Identity.cerxxx....
and more...If I install AnyConnect on the Windows client, and set up an AnyConnect profile that maps t to the same group policy as the IKEv2 Connection Profile does, AnyConnect is completely happy with the configuration and allows the Windows client ...
