Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Cisco 2911 with SLA controlling the default route between a primary ISP A interface and a failover secondary ISP B interface. I wish to allow PPTP VPN connections to the router on either interface, but the local router traffic responding to attempts...
Following the many samples to be found online for setting up Site-to-Site ISAKMP-IPSEC over VTI I can perform a show crypto ipsec sa and get the output below. My question is why the second unused entry appears for the local/remote idents 0.0.0.0 ? ...
You cannot create an ACL but you can create a policy map that drop packets from a targeted source mac address. class-map match-any ForbiddenMacList
match source-address mac AAAA.BBBB.CCCC
match source-address mac DDDD.EEEE.FFFF
policy-map Fo...
Without knowing the exact setup, it would be difficult to actually give you a configuration you could implement.
Generally you define class-maps to identify and classify traffic and define policy-maps that act on these classifications to alter the...
Thanks for the interest.
If I put a static route back to the PPTP client and force it over the secondary interface I can get it working. But this is an unreasonable solution.
In a separate conversation somebody suggested I should not need the stati...
I think I just had an idea. Maybe I can NAT the traffic coming in on B to a known pool of addresses and then use a route-map to set responses to these addresses to go out interface B.
The NATing of VPN tunnels probably has issues to overcome though.
...
