I am setting up two site to site vpn's. We have a ASA at our HQ, and the branches will have IOS routers -- one is a 1811 and the other 2621. Both are running the latest IOS versions, respectively. Both site to site VPN's are operational. I have an in...
Here's the scenario:I have two main sites with a route to a remote network (over point to point T1's) and I have two other branches that need to access that network. All four of these sites are connected over an MPLS network. Both main sites are adve...
I've been told that when you implement Cisco NAC and are using non-Cisco IP phones, the device will authenticate the phone but not the pc plugged into it. Is this true or was it true and if so, is there a fix or a workaround? Nortel has been using th...
Thanks, good to know for the future. In my case, once I realized the issue I just quickly modified the policy to include the new device profile type in addition to the old.
We just experienced something similar today, but it looks like the last feed update occurred at 1am UTC on 2/1 (our update is scheduled for 7pm local time nightly). All our older video codecs were re-profiled as "Cisco-Collaboration-Device", and sinc...
Looks like it's going to drop unencrypted traffic that matches the cryptomap even if it matches a permit statement on the inbound access list. I created the ACE to allow 10.x.x.x inbound on the outside interface, and then placed a PC with a 10.x.x.x ...
Yes, it does help, however... I'm running 12.3(26) mainline on that router, not a "T" release, and from what I can tell with that article, my router is already configured according to how they recommend with 12.3(8)T and later, the release which that...
Yes, if I add the HQ subnets to the ACL, then the traffic passes through without issue. I'm just not very comfortable leaving it this way, because it would either need to be a very long specific ACL, or one very broad ACE, like permitting 10.x.x.x. T...
