Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I've been trying to be selective in the static routes I want to redistribute from static into my OSPF area. It looks like the route-map I've created is being ignored by OSPF during the redistribution process. Anybody out there know if it's possible...
We have had trouble in the past with users launching SCP and taking up the queues designated for SSH flows. I understand the NBAR has some capabilities higher up the protocol stack to classify traffic. Can NBAR classify TCP 22 SSH and SCP different...
We have a disaster recovery location that we are installing a 100Mb metro E connection to our MPLS environment. We don't do anything with MPLS labels, just peer BGP with our provider. The routing table has about 2500 routes. Only other service tur...
We are exploring the option of using WWAN via the HWIC-3G cards for a backup to our T1 MPLS circuits. I would like some feedback on how the cards and the WWAN 3G service is working for others. Is anybody seeing decent response times in the 150-100m...
My commrades and I are looking to upgrade both our VPN concentrators (2- 3060s, 2- 3030s, 1- 3005) and VPN clients. Currently we are running version 3.5.2 on the concentrators and 3.6.6a on the clients. We have about 2000 VPN users so we want to ch...
We figured out a way to turn off Directed Mode when running through Palo Alto firewalls. On the PANs we were able to create a Zone Protection Profile and in the Packet Based Attack Protection tab / TCP drop tab / change the Assymetric Path field to ...
We are currently facing this challenge. Does anybody have experience in a deployment of WAAS through Palo Alto firewalls. Directed Mode is working fine for us but like the post from 07-11-2017 states we are missing valuable netflow data and QoS. A...
Hi Rolf - I found this link while searching for a solution for my ospf stub area issue with vrf-lite. The command "capability vrf-lite" fixed my issue. Thanks!!!
Hi Reza - Thanks for confirming this will indeed work. I just tested the config on a third router (ISR G2 2911 running ver 15.1(4)M4) and it works fine. I think I was hitting a bug on both test routers (ISR G1 2821) since they were running 12.4(15...
Thanks for the suggestions all. I did some digging and found that one way around this is to assign a high port number to SSH. Then add this port into a protected class. Then publish this port to your user community to be used only by interactive S...
