Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I am having an issue authenticating users via 802.1x/EAP-TLS across an IPSec tunnel. I am using route-based VPN with SVTI configuration on a 2921 and 1941. I have the following settings defined:- Under the tunnel interfaces:- MTU 1390- MSS 1350- PMTU...
%ASA-4-313005: No matching connection for ICMP error message: icmp src outside:192.168.0.72 dst PCNDMZ:192.168.3.10 (type 3, code 3) on outside interface. Original IP payload: udp src 192.168.3.10/53 dst 192.168.0.72/58129How do I permit these throu...
Hey all, I was wondering if you could critique my QoS config?? MY topology is three sites connected via MPLS. Each connection is only a T1. Each site has its own separate gateway for Internet access so only traffic destined between each site is passe...
Can you guys take a look over my qos config?? It is mostly pseudocode so if commands are not exact that is why. We have Silver-Peak WAN Optimization devices placed inline at each location. We will be peering with the PE router via eBGP. All traffic w...
I am doing a lab in dynamips trying to get an EasyVPN config working to a 3640. The lab requires me to use SDM to get everything setup. On my laptop I have Cisco VPN Client 5.0.05.0290 installed. I am able to connect to the EasyVPN server (HQ in the ...
I figured I would post back with my results. I ended up removing my mtu value from the tunnel interfaces and then fired up wireshark again. This time I found a crap load of ICMP time-exceeded messages which told me that PMTUD is not working properly...
Hi Mani,Thanks so much for responding. I have a followup question in regards to this:"If it is going to be IBGP, we just need ip conenctivity to the peer address and port 179 needs to be open through the FW."What would this look like with NAT involve...
Hi Mani,Prefix length aside, is there any way that I can do BGP multi-homing with this topology??My concern is forming the iBGP peering relationship between the CE router in HQ and the CE router in Colo with NAT involved. I'm using RFC1918 addresses ...
kusankar,Thank you for your response. Yes, i am 100% positive that the DC is accepting DNS queries. All hosts on the SCADA network use that DC for authentication as well as name resolution within the local segment as well as for reaching servers in t...
