We have anyconnect configured, with a login banner, but the banner shows up after authentication. You are required to select "Accept" to continue the connection. I have seen a login banner as soon as the client connects to the ASA before authentication, but I have been unable to find where to configure that. I am sure it is something simple I am missing, but can't find it anywhere. Anyone have any thoughts? ... View more

I have been looking for a high level overview of the relationship between the RMX 4000, VCS-C, VCS-E and endpoints bridging calls. I can't seem to find anything on how the call flow works. Is there anyone who could give me even a little info on this? What do each one of these do when it comes to bridging a video call between two endpoints that have routability to these devices? ... View more

My company has a 100Mbps Internet circuit with a 10Mbps SIP trunk provisioned with Internet. The person who ordered the circuit no longer is with the company, and no one seems to know a lot about it. It has been decided to go with a different carrier for the Internet. I have contacted the provider and they are saying the SIP trunk was provisioned separate from the Internet. But, I do not see how this is working: Is the SIP trunk using the route table in the router where it and the Internet are terminated? My understanding is that SIP is destined for a subnet we are advertising via Internet. When customers have a SIP call, are they routing to the IP Address advertised from the internet carrier, or do they have a direct link from the remote end to our end? Any input would be greatly appreciated. ... View more

We have a Cisco ASA 5585 HA pair in context mode (Version 9.1(7)4 <context>) being used for VPN tunnels. We have a customer who wants a primary (Their main site)and backup (their secondary site) VPN tunnel to peer with our ASA. Both tunnels will peer to us with the same IP Address, using the same crypto ACL (subnets the same on both ends for both tunnels). In the Cisco world this used to be a problem, and would cause conflicting SAs .Is this still a problem, or can I use Twice NAT and NAT the destination subnets on the secondary crypto map and have both tunnels up at the same time? ... View more

We have two ISPs, connected to two ASR routers. Our configuration is set up Primary/Secondary. We are using Level 3 as our primary ISP. Traffic outbound is controlled via HSRP and L3 has priority outbound. L3 is also the primary path inbound to our Data Center for our customers who reach us via Internet. We are adding another carrier who we want to be primary in/out to our Data Center. When talking with Level 3, I am not sure if it is me, or them who is not understanding what I am asking for. They are telling me to use the below community to prioritize, or reduce L3 as preferred route, but my understanding is that this will only set the local preference outbound for my AS route selection, and will have no affect on any upstream AS looking to get to my Data Center from Internet. I am thinking AS path prepending is what I need to do. I have gone back and forth numerous times on this and not getting anywhere. Am I wrong, and that by using a community they have provided, I can make L3 less desirable to my subnets being advertised to Internet? Local PrefFor Customers: 3356:70 - Sets the customer prefix to a local pref of 70 3356:80 - Sets the customer prefix to a local pref of 80 3356:89 - Sets the customer prefix to a local pref of 89 3356:90 - Sets the customer prefix to a local pref of 90 3356:100 - Explicitly sets the customer prefix to the default local pref of 100   ... View more

We have two ASR routers, with two different ISPs. Currently there is a Primary router inbound and outbound, the second router is backup to the Primary. The config is pretty much identical on the two routers. We have a Public address block we are advertising from both routers. They have HSRP configured, which the priority on that config, selects the Primary router for outbound traffic. What I don't see, is how the inbound path is always preferring the Primary router and ISP. There is nothing in the config to prioritize one ISP over the other, no metrics set, no AS path prepending. We are replacing the second ISP with a new carrier and much higher BW and I need to determine how the Primary ISP is always preferred. Is it possible the original engineer worked out something with the two ISPs? Anyone have any thoughts on this? ... View more

I know this is basic, but I am having some difficulty with this. I have two sites connected via MPLS and both sites have MPLS BGP routes distributed into their respective OSPF processes. The OSPF processes are note connected. There has been a layer 2 connection dropped between the two sites and the desire is to use the layer 2 connection as a primary link for specific subnets, and if the layer 2 link fails, revers back to the OSPF routes in each core. I have no object tracking available on one side. I am thinking for the connection between the two sites to create a point to point link with a 30 bit subnet mask: Site 1 interface 1/0/3 no switchport ip address 10.254.254.1/30  site 2 interface 1/4 no switchport 10.254.254.2/30 But, I am not sure how the routing will be handled between the different vlans when the point to point link goes down. One problem is on one side, there are currently only two devices connected via a layer 2 vlan, which have an OSPF process between them. In order to get routing across the point to point link, I will have to create an SVI in that vlan, but neither device will be using it for routing unless I point static routes to the VLAN SVI. That VLAN will not see if the point to point goes down. ... View more

I am trying to find out if object tracking is available with ASA in multiple context mode. The config doesn't seem to be available. A virtual appliance it is available, but not in context mode? I don't get that. ... View more