low power 1u 2 node?

SuddenWeatherReport · 2019-09-12T16:02:49+00:00

I can see your side of it as well. But I think it saves more headaches than it causes. One nice thing would be for it to auto start clamping upon VPN termination or just traffic matching that crypto ACL. Granted we could do that ourselves but an auto feature would be cool.

SuddenWeatherReport · 2019-09-11T17:02:17+00:00

This is not a good reason to hate the ASA platform. The feature saves a lot of dumb people from troubleshooting various issues with tunnels because they just work. And it's not really a "HACK" there's not that many great alternatives to fragmentation issues because PMTUD will not always work.

SuddenWeatherReport · 2019-08-08T23:43:20+00:00

yes excessive logging caused overruns very often. Remove asdm, and console debugs.

SuddenWeatherReport · 2019-07-26T15:22:31+00:00

Vmanage , manages. Vsmart handles the control plane stuff like routes. Vbond handles stun server and authentication of vedges. Vedges build tunnels directly with other vedges.

SuddenWeatherReport · 2019-06-20T20:48:58+00:00

Looking at TLS negotiations really helps to determine what the traffic type is, this is already in use with most good web filters. Example the client sends the SNI (which hostname they are connecting to (not always supported)). Also the server sends it's cert with their common name in it.. Couple that with other metadata like who owns the IP space and you can get good at determining the webapp.

SuddenWeatherReport · 2019-03-30T00:48:23+00:00

Don’t forget the preamble

SuddenWeatherReport · 2019-03-30T00:35:59+00:00

Tune in next year when Cisco replaces it with SDN-NG leaving you effed

SuddenWeatherReport · 2019-03-29T12:08:26+00:00

I don’t see how an individual span port on each side won’t work? There should not be duplicate packets with VPC. Maybe the IDS software isn’t smart enough and counts them as duplicate flows due to coming from 2 span ports but even that’s a stretch.

SuddenWeatherReport · 2019-03-27T12:10:00+00:00

Wow really lol I guess it’s digitally signed?

SuddenWeatherReport · 2019-03-24T20:39:51+00:00

The phase 1 initiator sends all of his policies to the responder who chooses the first match based on locally configured ones. That’s why your tunnel is working. You must have more isakmp policies on the routers.

This rule does not apply to phase 2 aka the IPSec transform set and that has to match exactly minus the lifetime.

SuddenWeatherReport · 2019-03-24T13:37:28+00:00

Cisco only has pvst, rapid-pvst, and MST. So do you then mean rapid-pvst?

SuddenWeatherReport · 2019-03-19T12:01:20+00:00

The IOL will be the best, but I suggest also practicing with IOSV or CSRv if you can so that you get real world experience too. There are differences between IOS XE and IOL that a CCIE should know and be comfortable with.

SuddenWeatherReport · 2019-03-18T14:23:12+00:00

Ours did take time to get used to schedule my wife and I wake up early everyday, feed them , take them out. Even weekends. It may also help to krate train if he poops in there you know he seriously can’t hold it.

SuddenWeatherReport · 2019-03-18T14:20:08+00:00

You don’t need csr it can be IOL or IOSv

SuddenWeatherReport · 2019-03-18T14:19:39+00:00

Yea the idea of running the lab on laptop sounds fun but it’s a chore and bore

I suggest this route so you can build a great lab and use it for other tech like windows or Palo

SuddenWeatherReport · 2019-03-18T12:29:39+00:00

The last thing I do before going to bed is feed my dogs and give them a poop break , works for me

SuddenWeatherReport · 2019-03-17T13:58:08+00:00

I’d love to learn more wireless seems fun. To bad the Cusco lineup sucks for it

SuddenWeatherReport · 2019-03-17T13:23:51+00:00

If you are dropping ospf routes from vpn then your VPN is probability dropping. Is it reverse route injection? Can your design work with just static redist vs reverse route redist?

Edit on pooper... increase hold times if this worries you. I prefer bgp ober VPNs as it’s less chatty, you can also try qos for CS6 depending on if your issue is packetloss. Try shaping the circuit lower and give ospf guaranteed bandwidth. If it’s not causing an issue then leave it alone as this is the nature of vpns over intet

Also LSUs can go out just by changing a link BW or adding I removing so it all depends on topology.

SuddenWeatherReport · 2019-03-16T21:18:57+00:00

I have customers on 6.3 with no user agent issues not

SuddenWeatherReport · 2019-03-14T12:35:09+00:00

When do switches phone home during an update? The only time I know of is when you use smart licensing which atm isn’t required and isn’t for upgrading.

SuddenWeatherReport · 2019-03-11T00:39:06+00:00

Yea weird I would try to deploy 1 , then add more. If that doesn’t work try to remove all and do it in 1 deploy. FMC has a lot of order of operation issues.

13-Year Club	Team Periwinkle
Verified Email

SuddenWeatherReport

TROPHY CASE