Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi all,
I'm looking at an AnyConnect solution that utilises certs to authenticate the user and machine. The aim is that there is no user interaction with AnyConnect once logged into Windows using AD credentials and that AnyConnect auto connects with...
Hi,I'm looking at a topology where a number of collapsed PE/P nodes (50>100) access a L2 cloud in a full-mesh topology. The underlying cloud architecture could be something like VPLS from an external provider with the MPLS domain mapped on top. The...
Hi there,Let’s assume this unrealistic scenario in a totally private network. I have two eBGP peer connections coming into my private network, one for Customer A and one for Customer B. Both Customer A and Customer B have identical subnet ranges, fo...
Hi there, I have a stackwise pair of the 3750's running IP Services, one master and one member. The stack is running OSPF and I have one OSPF L3 P2P on one switch and the same on the other, both equal cost. If I fail the stack master by powering i...
Hi,I'm designing a security system that involves:2 x inside firewalls (ASA5520)2 x switches connected together (for failover)2 x IPS (4240IPS)2 x switches connected together (for failover)2 x outside firewalls (Juniper SSG)I'm at looking at active/st...
Jon,Just looked over it again and the NAT'ing of the internal ranges is fine. No need to set peers up over a NAT boundary as I first thought. Thanks for your help.Wayne
Jon,I guess firstly can you establish a BGP session from a BGP NAT'd peer address? Secondly, would I need a transit network behind the customer BGP router to perform the NAT then advertise the NAT ranges into BGP?Thanks,Wayne
Hi,I want to avoid if possible using OSPF within IPSec as it needs to maintain Area 0 connectivity. I dont want to terminate the VPN on a backbone router and re-establish a new one either to get me to the OSPF area I need as this VPN will be point-t...
