Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
hi netpros,we are running a few GRE tunnels - so far without any problems.now we have the first issue with large packets getting dropped. we changed the mtu size on the tunnel interface:interface Tunnel41 ip address 192.168.a.b 255.255.255.252 ip mtu...
Hi Netpros,we have an ASA running OS version 7.2.3. All of a sudden it starts dropping packets with spoofing messages which should be allowed (and worked yesterday).106016 Deny IP spoof from (212.X.Y.Z) to 80.A.B.C on interface outsideNo changes were...
hi netpros,customer is using asa 5510 to connect to the internet via pppoe with one public ip on the outside interface (assigned through pppoe - static ip address).he now wants to publish his webserver through this ip adress. webserver is on a privat...
hi netpros,customer is running CSS in box2box redundancy and has messed around with the heartbeat link - so both became active.according to documentation there is only on ha link possible!is there any other option to get this link redundant?or should...
hi netpros,customer is running a pix behind some loadbalancing facility in ha mode which when failover occurs changes its mac address. no gratious arp is sent.so pix is not reachable for 4 hours becaude of standard arp time out of the pix.so my quest...
service-type remote-access seems not to be available on 7.2. another solution would be to add a vpn-filter to that user that prohibits access to the inside(?) interface.not nice but maybe it works.
56 byte for esp 20 byte extra for the outer ip headersmallest packet on ethernet(?): 64 byteso your overhead could be more than 100% of course you will have big packets on your net as well - for user data, file transfers etc.
just checked it on a test asa (5505).same config, basic nat firewall, nothing special:256 mb ram7.2.3: 24% mem util8.0.3: 47% mem utilciscoasa# sh versionCisco Adaptive Security Appliance Software Version 7.2(3)Device Manager Version 5.2(3)Compiled o...
it depends on the packet size, encryption used etc. if you have lots of small packets on that link, you will have a lot of overhead.on http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081e621.shtml#backinfo you have d...
