About royalle01

royalle01 · 11-06-2012

The remote (client) side is behind the PIX 6.3(5). And the head end (server) side is 2911 IOS on 15.0.The IPSec tunnel comes up just fine and traffic passes. However, there is one server that cannot be fully accessed. Note, this is mainly web traffic...

royalle01 · 10-22-2012

Can someone review my configuration and let me know what I'm missing? I do not control the ASA side of the VPN. Logs show the following on the ASA -- IPSEC(sa_initiate): invalid parameters IOS:crypto isakmp policy 1encr 3desauthentication pre-share...

royalle01 · 06-05-2012

I'm faced with the challenge of rolling out AnyConnect to our clients (which I've done before at another job) but in this case we want to 'NAC' vpn clients... We're still in discussion around the security policy and those details, but I wanted to see...

royalle01 · 04-12-2012

So I have a setup like the one in the image... But I want to make these connections to each FEX bonded from the server side so that their active/active... I see the obvious message in my N7K:command failed: port not compatible [Members in multiple FE...

royalle01 · 11-04-2011

I'm in the process of purchasing a Nexus 7K and I will have UCS (w/ 6120 FIs) linking directly up to it. I may also have some IBM BCs that have uplinks via a 4K switch. I was under the impression that either of these switch interconnects required an ...

royalle01 · 11-07-2012

Hi Marcin and thanks for your answers.The fix was to enable 'look ahead fragementation' on the head end router. Then I also matched the TCPMSS size on the far end PIX to be 1452, matching the inside interface that faces the servers being accessed.So ...

royalle01 · 11-06-2012

So let me know if I have this straight.I'll move the MSS to my tunnel interface on the router instead of the physical interface where the servers reside.Then manually set the MSS on the PIX to 1360. Should I leave MTU on the PIX default at 1500 for i...

royalle01 · 10-22-2012

I'm not as familiar with PIX... When I enable those debugs I don't see anything. However, it seems like monitor logging is on and the following message keeps popping up within my session. I'm not sure how best to set up the logging.PEER_REAPER_TIMERI...

royalle01 · 10-22-2012

I actually have access to the remote side right now... And I don't see anywhere within the config that references FQDN... Here are the complete two updated configs.Head End Router:vn-edge#ovn-edge#ovn-edge#ovn-edge#ovn-edge#ovn-edge#ovn-edge#ovn-edge...

royalle01 · 10-22-2012

Thanks for your reply... Here's the debug info from the router side...*Oct 22 15:22:44.239: ISAKMP:(1173): sending packet to 85.93.125.201 my_port 500 peer_port 500 (I) MM_KEY_EXCH*Oct 22 15:22:44.239: ISAKMP:(1173):Sending an IKE IPv4 Packet.*Oct 22...

Member Since	‎02-10-2005 07:11 AM
Date Last Visited	‎08-18-2017 04:00 AM
Posts	21
Total Helpful Votes Received	5

User Statistics

User Activity

IPSec L2L VPN between IOS and PIX 6.3 - MTU issue?

site to site vpn between ios and asa

anyconnect and client certificates for dynamic access policies (dap)

nic teaming on a server, two FEXs (2248s) with uplinks to a single N7K?

UCS FI uplinks to a 7K... M132 required?

Re: IPSec L2L VPN between IOS and PIX 6.3 - MTU issue?

IPSec L2L VPN between IOS and PIX 6.3 - MTU issue?

Re: site to site vpn between ios and asa

Re: site to site vpn between ios and asa

site to site vpn between ios and asa