Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We have a single ISP. We connect to that ISP via a 1G fibre ethernet connection into a private MPLS network. This uses BGP routing for the fibre ethernet.We are thinking of utilising a backup connection (using VRRP) to the same ISP into the same MPLS...
Hi, I need to reach a secondary router internal subnet which is at the end of an ASA ipsec tunnel (see attached)For clients on Router A (172.16.2.1/24) to reach clients on Router B (172.16.1.1/24), would it just be a case of entering a static route e...
I'm just implementing ZBF on a router and trying to secure the SELF zone.Our router peers to the ISP 's PE router on a /30.Should we just allow the PE router eg host 1.2.3.4 eq BGP or allow the the BGP subnet 1.2.3.0/24 eq bgp?
Hi, we have ZBF running on an IOS 15.4. It is logging dropped packets to a syslog server.We can't seem to log passed packets as there is some traffic we are interested in.We've tried auit-trail and alert on but still not seeing anything of interest.A...
I understand the difference between match-any and match-all but still have a few questions:in match-any - if an ACL is specified like so to a class-map:ip access-list extended LOCAL_TO_REMOTEpermit ip object-group LOCAL_LAN object-group REMOTE_LANcla...
Yes, two different network operators that connect into our ISP provided MPLS network. I don't think this would be an issue as long as the AD etc is set correctly at the ISP end so that it prefers the BGP route. Thank you for your input.
Sorry, typo there.Yes router A has a next hop address of Firewall A (192.168.2.1)Firewall A also has a route like so:ip route 172.16.2.0 255.255.255.0 192.168.2.2 (Router A) The IPsec tunnel on has a security association like so:192.168.2.0/30>1.1.1....
Thank you. I was thinking of two statements because I'm still not sure if inspect works on the self zone so was going to use the pass statement.Thanks for the help.
