Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
The remote (client) side is behind the PIX 6.3(5). And the head end (server) side is 2911 IOS on 15.0.The IPSec tunnel comes up just fine and traffic passes. However, there is one server that cannot be fully accessed. Note, this is mainly web traffic...
Can someone review my configuration and let me know what I'm missing? I do not control the ASA side of the VPN. Logs show the following on the ASA -- IPSEC(sa_initiate): invalid parameters IOS:crypto isakmp policy 1encr 3desauthentication pre-share...
I'm faced with the challenge of rolling out AnyConnect to our clients (which I've done before at another job) but in this case we want to 'NAC' vpn clients... We're still in discussion around the security policy and those details, but I wanted to see...
So I have a setup like the one in the image... But I want to make these connections to each FEX bonded from the server side so that their active/active... I see the obvious message in my N7K:command failed: port not compatible [Members in multiple FE...
I'm in the process of purchasing a Nexus 7K and I will have UCS (w/ 6120 FIs) linking directly up to it. I may also have some IBM BCs that have uplinks via a 4K switch. I was under the impression that either of these switch interconnects required an ...
Hi Marcin and thanks for your answers.The fix was to enable 'look ahead fragementation' on the head end router. Then I also matched the TCPMSS size on the far end PIX to be 1452, matching the inside interface that faces the servers being accessed.So ...
So let me know if I have this straight.I'll move the MSS to my tunnel interface on the router instead of the physical interface where the servers reside.Then manually set the MSS on the PIX to 1360. Should I leave MTU on the PIX default at 1500 for i...
I'm not as familiar with PIX... When I enable those debugs I don't see anything. However, it seems like monitor logging is on and the following message keeps popping up within my session. I'm not sure how best to set up the logging.PEER_REAPER_TIMERI...
I actually have access to the remote side right now... And I don't see anywhere within the config that references FQDN... Here are the complete two updated configs.Head End Router:vn-edge#ovn-edge#ovn-edge#ovn-edge#ovn-edge#ovn-edge#ovn-edge#ovn-edge...
Thanks for your reply... Here's the debug info from the router side...*Oct 22 15:22:44.239: ISAKMP:(1173): sending packet to 85.93.125.201 my_port 500 peer_port 500 (I) MM_KEY_EXCH*Oct 22 15:22:44.239: ISAKMP:(1173):Sending an IKE IPv4 Packet.*Oct 22...
