About hrmilo

hrmilo · 05-17-2018

Cisco 2911 with SLA controlling the default route between a primary ISP A interface and a failover secondary ISP B interface. I wish to allow PPTP VPN connections to the router on either interface, but the local router traffic responding to attempts...

hrmilo · 05-04-2018

Following the many samples to be found online for setting up Site-to-Site ISAKMP-IPSEC over VTI I can perform a show crypto ipsec sa and get the output below. My question is why the second unused entry appears for the local/remote idents 0.0.0.0 ? ...

hrmilo · 09-06-2019

You cannot create an ACL but you can create a policy map that drop packets from a targeted source mac address. class-map match-any ForbiddenMacList match source-address mac AAAA.BBBB.CCCC match source-address mac DDDD.EEEE.FFFF policy-map Fo...

hrmilo · 05-21-2018

Without knowing the exact setup, it would be difficult to actually give you a configuration you could implement. Generally you define class-maps to identify and classify traffic and define policy-maps that act on these classifications to alter the...

hrmilo · 05-20-2018

Thanks for the interest. If I put a static route back to the PPTP client and force it over the secondary interface I can get it working. But this is an unreasonable solution. In a separate conversation somebody suggested I should not need the stati...

hrmilo · 05-17-2018

I think I just had an idea. Maybe I can NAT the traffic coming in on B to a known pool of addresses and then use a route-map to set responses to these addresses to go out interface B. The NATing of VPN tunnels probably has issues to overcome though. ...

Member Since	‎05-04-2018 07:52 AM
Date Last Visited	‎09-09-2019 01:34 AM
Posts	6
Total Helpful Votes Received	15

User Statistics

User Activity

VPN over secondary route interface

IPSec for idents 0.0.0.0 ?

Re: ACL for MAC Address

Re: QoS configuration for Application

Re: VPN over secondary route interface

Re: VPN over secondary route interface