Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have an MSFC with 12.2(18)SXF6 and a VPNSM configured for radius authentication and authorization. In the attachment, I can see the filter-id sent, but when I connect, I can still ping addresses other than in 10.1.x.x, which the acl should disallo...
Can anyone tell me what version of the 12.2 SX train has support for nat-t with ipsec/isakmp? The software tools are no help, and I haven't gotten very far with TAC. I am running 12.2(17d)SXB10, and am having trouble getting a netscreen to connect ...
I have the need to handle site-site VPN tunnels as well as VPN clients through a single VPN SM in my chassis. The Xauth and mode config client requirements conflict with the tunnel settings, so that the tunnels break whenever I add client config. ...
My customer has a new CCM system, and they would like to extend it so that, when a customer calls in, they cn forward to the correct regional support/sales group based on ANI. I have tried searching for a 3rd-party app along these lines, so far with...
My customer has a Unity 4.0(3) in operation. They will be installing 4.0(4) and would like to re-use their template information in the new system. Is there any ability to selectively import/export items such as templates to avoid the work and possi...
The PCI spec does specifically mention stateful "firewalls". We were successful in presenting a 6509 with VLANs for layer 2 segmentation, with the firewall feature set on the MSFC providing stateful capability. It took a bit of discussion, though. ...
One interesting thing I note, is that if I set the filter id to clientacl.in, the connection fails, even though the radius debug indicates an access-accept back from the server. This indicates that the MSFC is doing something with the attribute, but...
I'm not sure that a DMVPN hub can be NAT'ed, statically or otherwise. Spokes can, but I haven't seen any examples supporting a NAT'ed hub. Logically, it should be possible to statically NAT a hub, bit that doesn't mean it actually works. There are...
Thanks for the pointer - I don't know if the customer would be willing to bite off on all the costs of IPCC, I think the SW alone came to about 16.5K list, without any customization, but it's worth a shot. The customer also wants a human operator t...
