Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi, I need a little help with WAN design. I already have an WAN infrastructure shown at picture (except L2VPN). AS65001 is branch location, and AS65000 is datacenter. Routers R3, R4 and R5 are communicating between themselves using L3VPN. Routers R3...
Hi,I have two L3 switches in collapsed core and I need to connect them to one router. I know I should run routing protocol between them, but I do not have support for OSPF/EIGRP.Can somebody give me some advice how to route between L3 switches and ro...
Is it possible to exclude single host from NAT 0 and from cyptomap?I have a pix with site-to-site configuration. All hosts can access tunnel only, and cannot go on internet directly. Lines from config:access-list ALL_Traffic extended permit ip 192.16...
Yes, I do have support for RIP, but I'm affraid that in this case failover will be slow.Do you have some other recommendation for faster failover?1. Can I successfuly implement this with static routes?2. Can I implement HSRP on L3 switches and connec...
You can set NAT like this.hostname(config)#static (inside,dmz) 10.1.1.2 10.1.1.2 netmask 255.255.255.0This way you will NAT complete inside network to dmz but with same address range. I have seen scenarios that work this way.
Do you have access-list on router outside interface?You should add to asacrypto isakmp nat-traversal 20After that you should start troubleshooting to see what is happening. That is maximum from my side without configs.
If you are concerned about domain controllers then you should look at microsoft site.If you have member server in dmz and dc in inside network then you have to enable traffic for following ports:• Kerberos ports (88/tcp, 88/udp) used to perform mut...
