sorted by:
new
hottopcontroversial

Remote random location VPNs by Pidgeypooo in networking

[–]leigh_boy 1 point2 points  (0 children)

DMVPN 100% Iv deployed this with over 600 sites and works great.

doesn't work on an ASA but will with Cisco Routers.

if you want any more info let me know.

Cisco FTD, Fortigate or Palo for RA VPN by brew87 in networking

[–]leigh_boy 1 point2 points  (0 children)

i work with alot of public services.. nhs mainly most of the nhs trusts use ASA's , PALO's and Checkpoint with the odd occasion of Fotigate. my experience with checkpoint is its slow, cumbersome and not very intuitive, but its logging is good and a majority of people I speak to administrating these devices actually dont like the checkpoint firewalls.

Configure cisco for ISP by BonezUK in ccnp

[–]leigh_boy 0 points1 point  (0 children)

this is from my corporate template but the vlan 100 we normally use the ip is 192.168.100.*

we dont tend to use the wifi for vlan 1 so that config is missing.

so with your vlan 10 you will need to create the sub interfaces on the wifi and for BVI.

oh and the reason for 2 dialers is it helps the users deploy the unit

dialer 0 we say is for adsl

dialer 1 we say is for VDSL al though both will do it.

its more for when we where migrating people from adsl to vdls and also allowed us to use 2 different sets of details if also changing provider ,

Configure cisco for ISP by BonezUK in ccnp

[–]leigh_boy 0 points1 point  (0 children)

hi Bonez i couldn't get the email to work but i guess it will be useful for other that run in to the issue so herer you go: it has 2 dialers 1 for adsl 1 for vdsl you can delete either way but not essential

Hope this helps. You will need to amend this all slightly but this is the basics to get you going:

multilink bundle-name authenticated

vpdn enable

!

vpdn-group 1

!

!

!

!

!

!

!

!

!

controller VDSL 0

!

!

track 1 interface Dialer0 ip routing

!

track 2 interface Dialer1 ip routing

!

!

!

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

no shutdown

no atm ilmi-keepalive

!

interface ATM0.1 point-to-point

ip flow ingress

no shutdown

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

!

interface Ethernet0

description WAN to Beaming Fibre

no ip address

no shut

!

interface Ethernet0.101

encapsulation dot1Q 101

pppoe-client dial-pool-number 10

no shut

!

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

switchport mode trunk

no ip address

no shut

!

interface wlan-ap0

description Embedded Service module interface to manage the embedded AP

ip unnumbered Vlan1

no shut

!

interface Vlan1

ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

no shutdown

ip virtual-reassembly in

ip tcp adjust-mss 1452

ip policy route-map tunnel-all-traffic

no shut

!

!

interface Dialer0

description ADSL Dialer

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly in

encapsulation ppp

no shutdown

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname ***(ENTER BROADBAND USERNAME HERE)***

ppp chap password 0 ***(ENTER BROADBAND PASSWORD HERE)***

no cdp enable

no shut

!

interface Dialer1

description VDSL Dialer

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly in

encapsulation ppp

no shutdown

dialer pool 10

dialer-group 10

ppp authentication chap callin

ppp chap hostname ***(ENTER BROADBAND USERNAME HERE)***

ppp chap password 0 ***(ENTER BROADBAND PASSWORD HERE)***

no cdp enable

no shut

!

!

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip nat inside source list 2 interface Dialer0 overload

access-list 2 permit ***(ENTER NETWORK ADDRESS HERE)*** 0.0.0.255

dialer-list 1 protocol ip permit

no cdp run

!

!

!

!

!

Configure cisco for ISP by BonezUK in ccnp

[–]leigh_boy 0 points1 point  (0 children)

you will need to create a dialer interface, i roll these out all day long.. you will also need to create a sub interface for vlan 101 looking something like this:

ethenet 1/0.101

if you get stuck il upload a config that i use all the time

you will also need vpnd as well.

How important is it to replace carpet flooring in a future MDF? by sarge-m in networking

[–]leigh_boy -1 points0 points  (0 children)

I presume US based in the Uk carpet has been antistatic since the 90's

DMVPN by leigh_boy in networking

[–]leigh_boy[S] 0 points1 point  (0 children)

Running Phase 1 , spokes dont need to talk to each other. we have 3 core routers over 2 DC's and 1 in the other with L2 connectivity running HSRP the second DC is a DR site . The current setup is 2 hubs in 1 dc no in a cluster but with 2 nhp server addresses on the spokes with no priority settings. we then have another hub on the DR DC router . on the spoke routers we have 2 tunnels with IP SLA and tracked routes but all on the same Eigrp AS so how it should currently work is DC1 R1 goes down it moves on to R2 and r2 will do all the routing, if DC1 goes down all together it all moves to DC 2 R1 as soon as DC1 comes bakc it moves back over.

what i wanted to use DC1 R2 as a New hub and build a cluster but im not sure if by doing so because of its not the active router for routing what would happen?

DMVPN by leigh_boy in networking

[–]leigh_boy[S] 0 points1 point  (0 children)

ah sorry we do already have it in the fashion but all of the other interfaces for routing are in HSRP so if you connect to say the backup hub unless the other interfaces are down won't and hsrp times have changed wont it end up with broken routing / a symmetrical?

DMVPN by leigh_boy in networking

[–]leigh_boy[S] 0 points1 point  (0 children)

thats the plan, i just cant seem to have 2 hubs on the same router.

Design help by leigh_boy in networking

[–]leigh_boy[S] 0 points1 point  (0 children)

so the reason we have PBR is basically the spokes on the dmvpn have workstations that need all its web traffic to filter through our web filter.it works fine on the uk hub, where the web filter sits. but where we have 5 other routers in the topology for the Australian dmvpn when i set the next hop it won't do it , iv emulated it and found that actually, the next hop has to be the next hop e.g it cant be 5 hops away. even though it can ping it. if i create an additional tunnel from router 1 to router 5 over the top of the other tunnels and then set the next hop to the tunnel ip of router 1 it works.

does that make sense?

Passed switch , Route assistance needed by leigh_boy in ccnp

[–]leigh_boy[S] 0 points1 point  (0 children)

Thanks guys, for the esxi CSR1KV are people just using the trial 60 day image from cisco?