About bauer.juergen

bauer.juergen · 11-20-2007

hi netpros,we are running a few GRE tunnels - so far without any problems.now we have the first issue with large packets getting dropped. we changed the mtu size on the tunnel interface:interface Tunnel41 ip address 192.168.a.b 255.255.255.252 ip mtu...

bauer.juergen · 11-05-2007

Hi Netpros,we have an ASA running OS version 7.2.3. All of a sudden it starts dropping packets with spoofing messages which should be allowed (and worked yesterday).106016 Deny IP spoof from (212.X.Y.Z) to 80.A.B.C on interface outsideNo changes were...

bauer.juergen · 09-15-2007

hi netpros,customer is using asa 5510 to connect to the internet via pppoe with one public ip on the outside interface (assigned through pppoe - static ip address).he now wants to publish his webserver through this ip adress. webserver is on a privat...

bauer.juergen · 09-09-2007

hi netpros,customer is running CSS in box2box redundancy and has messed around with the heartbeat link - so both became active.according to documentation there is only on ha link possible!is there any other option to get this link redundant?or should...

bauer.juergen · 09-09-2007

hi netpros,customer is running a pix behind some loadbalancing facility in ha mode which when failover occurs changes its mac address. no gratious arp is sent.so pix is not reachable for 4 hours becaude of standard arp time out of the pix.so my quest...

bauer.juergen · 11-28-2007

did you try the "redundancy standby-group-name stateful" command under your crypto ipsec profile?regards,juergen

Re: user accounts on cisco asa 5510 · 11-27-2007

service-type remote-access seems not to be available on 7.2. :-(another solution would be to add a vpn-filter to that user that prohibits access to the inside(?) interface.not nice but maybe it works.

bauer.juergen · 11-26-2007

56 byte for esp 20 byte extra for the outer ip headersmallest packet on ethernet(?): 64 byteso your overhead could be more than 100% of course you will have big packets on your net as well - for user data, file transfers etc.

bauer.juergen · 11-26-2007

just checked it on a test asa (5505).same config, basic nat firewall, nothing special:256 mb ram7.2.3: 24% mem util8.0.3: 47% mem utilciscoasa# sh versionCisco Adaptive Security Appliance Software Version 7.2(3)Device Manager Version 5.2(3)Compiled o...

bauer.juergen · 11-26-2007

it depends on the packet size, encryption used etc. if you have lots of small packets on that link, you will have a lot of overhead.on http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081e621.shtml#backinfo you have d...

Member Since	‎09-09-2007 10:35 AM
Date Last Visited	‎08-18-2017 03:56 AM
Posts	38
Total Helpful Votes Received	4

User Statistics

User Activity

MTU size on tunnel interface

ASA 7.2.3 suddenly drops packets (Spoofing)

asa static nat with only one public ip

CSS box-to-box redundancy heartbeat question

pix arp timeout

Re: Help with IPSec stateful (aka sso Inter Process Communicatio

Re: user accounts on cisco asa 5510

Re: Encryption Overheads

Re: 515E Memory utilization after 7.2(1) to 8.0(2) upgrade

Re: Encryption Overheads