Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi everybody,
I have one crypto map with multiple peers and one peer set as default. The customer initiates traffic and so brings the VPN up. When the default peer dies and the secondary peer starts sending traffic, will my router automatically bri...
I would like to start using RADIUS to authenticate users trying to access network equipment through VPNs. Since we will need to access the equipment in the event of a VPN failing, I need to know if the credentials can be cached on the device.
I want to have everyone sign into devices using their company usernames that are stored in Active Directory. RADIUS doesn't help because the credentials are sent unencrypted. What are some options for encrypting credentials traveling from a router to...
Is it possible to do this on an ASA? I can't understand how a router can do a better job with asymmetrical flow control than an ASA.crypto map VPN 168 ipsec-isakmp description CUST-CareOne-LongRidge Site-to-Site set peer 108.170.125.242 set ip access...
I would like to use precedence values as a way to prioritize traffic. My idea is to have all RDP traffic at precedence 2, traffic from/to VLAN 1 at precedence 1 and all other traffic at precedence 0. Is this a good idea and do I have the correct conf...
So if the customer peers use DPD then the failover is based on those timers? My side does not initiate traffic so I'm wondering how failover works. Customer router A is sending traffic and then internet goes down. Customer router B starts sending tra...
We don't want to spend the money for TACACS so we are stuck using authentication technology that doesn't natively encrypt which is the reason for the VPN being needed.
Jatin - Correct, the devices can only be accessed with RADIUS credentials if the VPN is up. If the VPN goes down, we would need to access them via the WAN of the router without RADIUS access.
Marvin - My only option is to have local credentials in t...
