Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,We're getting the error below (about 3000 per day) on an ASA5520 (7.2.2) when it receives L2L VPN traffic from a PIX-525 (6.3(5)140):%ASA-4-402120: IPSEC: Received an ESP packet (SPI= 0xB8EE870D, sequence number= 0x534B0) from 10.10.50.4 (user= 10...
We're attempting to implement a pair of CSS's using redundant ASR and GSLB where the CSS's act as DNS servers. But I'm not sure if the 2 features are compatible. The CSS's answer DNS queries to their direct interface but not the redundant interface...
Hi all:Pretty basic question here. This Cisco doc (http://cisco.com/en/US/products/hw/contnetw/ps792/prod_bulletin09186a008007ca4c.html#wp41419) suggests the following CSS topology for ASR: "two links are used for redundant interswitch communication...
Is it possible to NAT to 1 of 2 different inside destination IP's based solely on the external source IP address?There is something similar described but it doesn't work:access-list WEB permit tcp host 10.1.2.1 209.165.201.11 255.255.255.255 eq 80acc...
We're doing a PIX to PIX VPN using 2 525s. The VPN is working, but we're seeing poor performance (only 2.4mbps) and what I believe are a significant number of errors. Also, I think that there may be a packet size problem as the largest packet that ...
This is exactly it. 7.20 documentation (http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.20/configuration/advanced/guide/VIPRedun.html#wp1067528) shows "dns-server" variable at the end of "ip redundant-int...
We are using rule-based GSLB. If I direct DNS queries to the VLAN ip address, I receive an answer. But if I query the VRRP ip (redundant-interface IP), then I get no response. The documentation for "show redundant-interfaces" mentions that I should...
Posting a follow-up answer to my question. I believe that redundant links per chassis is not the optimum design because you would need to running spanning-tree. In fact, it's recommended to configure port-fast on the Catalyst port and disable bridg...
Hi David:Sorry, I think I still wasn't clear on my scenario. I want to redirect to one of two different inside servers but based on which source IP.Two outside source IPs: 10.1.1.1 and 10.1.1.2Both connecting to 172.16.0.1 on port 80If 10.1.1.1 conn...
