On some recent IOS versions, it seems possible to configure algorithms and MACs on the SSH server as well:
... View more
I want to reach multiple VPNs that contain overlapping IPv4 addresses from a single device. Network diagram: Is this possible? What type of device might be needed? (ideal current candidates include a 650x switch (with Supervisor Engine 720), or a FWSM with a recent ASA version in a 650x switch) This seems like a nice candidate for stateless NAT64 (probably combined with VRFs), but I can't find documentation for specifying multiple prefixes. (The "nat64 prefix stateless" command seem to only allow a single prefix) (Or is is possible to apply it within a VRF?) So summary (based on diagram): Translation device has 3 subinterfaces, one for each VPN (with unique IPs for now) A unique /96 prefix is assigned to each VPN, so a IPv6 device that want to address the IPv4 device with IP 10.101.22.12 within VPN1, it adresses 2001:DB8:1:10.101.22.12. The device should then do NAT64 to map it to a source IP within the VPN range (Something like 198.51.100.5 for the example) (Multiple IPv6 servers should be supported) Is this possible with Cisco equipment? Can it be done with NAT64 (or which other mechanism if not)? What type of equipment would be necessary for the NAT and how would the configuration look? (Translation device is R1 in the diagram) This seems like a nice, clean efficient way to deal with providing common services to multiple VPNs that have overlapping IPs, but the configuration stll seems like it might be difficult, if at all possible currently... Another note: I don't care about DNS64 currently, so that is optional.
... View more