I have a question and a wish. What is your favorite debug level for ISAKMP on ASAs running heavy load? Not lab, or do anything you want boxes. But on ASAs that is running multi Gig traffic? Whenever I am in environments where you control ...
Couple of things:You may need a Nat entry - Static preferably for 10.4.86.199 otherwise the media connection address goes unNATed.Traffic from the 172 address takes the source static NAT defined hence gets to your endpoint. Having said that it se...
Hi Patrick,You are right but that's my point. Debug 254 is way too verbose for production ASA's cited above and it is almost a code trace routine. Way inefficient for field applicaiton.Sorry I did not have a better example. And indeed the initiat...
If you are using a layer2 vpls type service, your layer2 dot.1q encap with its IP payload, is their IP/MPLS payload so you have to take into account the layer2 overhead. Is that what you are seeing?
OSPF ignore mtu is specifically meant to bypass the mtu check and thus still establish neighbor relationship with a mismatched MTU. It is outragiously ridiculous to have to run BGP or any IGP just to achieve what you are doing. Run debug OSPF at v...
Run a packet tracer with the flow you need.Run a capture on the inside and outside interfaces with acls of expected source destinations, then generate traffic.Step back and look elsewhere. This last part is crucial sometimes and the problem maybe el...