2 x 2911 HSEC router 3 ADSL connections each Site ti Site VPN Load Balancing Failover

Hello,
My senario is as described in Title.
Site A Headquarters. The router is Cisco 2911HSEC with 3 ADSL connections
Site B Remote Office. The router is Cisco 2911HSEC with 3 ADSL connections and 10 Users.
All ADSL connections have static IPs and belong to same ISP.
Need - Site to Site VPN between the routers.
Client requests to load balance the traffic, due to poor ADSL speed and have a failover senarion in case an ADSL line goes down.
Any help will be appreciated.

I don't believe you will find a One solution for this.
An idea would be to have all three ADSLs paired with ADSL on the other side.
Have 3 VTI (or GRE) tunnels up all the time (VRF-lite anybody?) and advertise routes to the other side with same metric.
This will cause IOS to load balance natively.
Potential problem: return path might not be the same as forward path, but it should not matter much for most applications.
Potential cool thing you can do: All the "magical" things in routing world (Did I head PfR?). FlexVPN on top to make it more flexible.
Benefit: Rely on IKE to bring down connections which are going down. Little-to-no management once it's up and running.

Similar Messages

Connection string in listener log file for loading balance/failover

Hi Experts,
I have 4 node RAC for oracle 10g2 in rad hate 5.0
We creaed service dbsale ( sale1,2 as pr imary and sale3/4 as available) with loading balance/failover.
The remote user created a local TNS as
localmarket =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 155.206.xxx.xx)(PORT = 1521))
(LOAD_BALANCE = OFF)
(CONNECT_DATA = (SERVICE_NAME = dbsale))
From server side, I saw that user send two request connection string. one fail and another is OK.
It seems that fail connecting come from failover/loading balance from dbsale3?
Why do we get two connection string in listener log file?
Which difference is between two connection string?
Where does system change these connection string?
Thanks for your explaining.
Jim
==============listener.log message
[oracle@sale log]$ cat listener_sale.log|grep pmason
15-SEP-2009 13:52:24 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54326)) * establish * dbsale * 0
15-SEP-2009 13:52:25 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))(SERVER=dedicated)(INSTANCE_NAME=sale3)) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54327)) * establish * dbsale * 12520
15-SEP-2009 13:52:30 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54329)) * establish * dbsale* 0
15-SEP-2009 13:52:47 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54332)) * establish * dbsale * 0
15-SEP-2009 13:52:47 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))(SERVER=dedicated)(INSTANCE_NAME=sale3)) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54333)) * establish dbsale 12520
15-SEP-2009 13:52:49 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54334)) * establish * dbsale * 0
Edited by: user589812 on Sep 16, 2009 7:21 AM

Hi Jim,
I think the best way on this case is create one service with one instance as primary and another 3 as available.
Or use the connect string with two vip addresses, cause the service has two instances and the tnsnames.ora entry has only one.
Cheers,
Rodrigo Mufalani
http://mufalani.blogspot.com

Cisco 1921 Dual ADSL Load Balancing/Failover?

Hello,
We have purchased a Cisco 1921 with twin ADSL after advice from a Cisco sales rep. However I am having trouble working out the load balancing/fail over config for the device.
I would like traffic to balance over both ADSL lines and if one goes down not to interrupt connectivity.
I had a look at ppp multilink but I am unsure our ISP (BT) support this?
This is my current config which I think only one ADSL line is being used. Some input would be appreciated
Robbie
! Last configuration change at 13:18:34 UTC Tue Mar 29 2011
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname xxxxxx
boot-start-marker
boot-end-marker
no logging buffered
enable secret 5 xxxxx
enable password xxxx
no aaa new-model
no ipv6 cef
ip source-route
ip cef
ip name-server 194.74.65.68
ip name-server 194.72.0.114
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-xxxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxxxx0
revocation-check none
rsakeypair TP-self-signed-xxxxx!
crypto pki certificate chain TP-self-signed-xxxxxx
certificate self-signed 02 nvram:IOS-Self-Sig#4.cer
license udi pid CISCO1921/K9 xxxxx
username admin privilege 15 secret 5 xxxxxxxxxx/
interface GigabitEthernet0/0
description lan$ETH-LAN$
ip address 10.0.8.1 255.255.248.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
dsl operating-mode adsl2
interface ATM0/0/0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip flow ingress
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
dsl operating-mode adsl2
interface ATM0/1/0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip flow ingress
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer0
mtu 1483
ip address negotiated
ip access-group spalding in
ip access-group spalding out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxxx
ppp multilink
ppp multilink links minimum 2
ppp multilink fragment disable
ppp timeout multilink link add 2
no cdp enable
interface Dialer1
mtu 1483
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxxx
ppp link reorders
ppp multilink
ppp multilink links minimum 2
ppp multilink fragment disable
ppp timeout multilink link add 2
no cdp enable
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.0.15.201 3389 interface Dialer0 3389
ip nat outside source static tcp 195.194.75.218 3389 10.0.15.200 3389 extendable
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 1 remark INSIDE_IF=GigabitEthernet0/0
access-list 1 permit 10.0.0.0 0.254.255.255
dialer-list 1 protocol ip permit
control-plane
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
scheduler allocate 20000 1000
end

Hi,
Can anyone help me with this config? not very reliable.
Building configuration...
Current configuration : 17349 bytes
! Last configuration change at 06:08:06 UTC Sun Apr 5 2015 by Shawn
version 15.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname Router
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.154-3.M2.bin
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$sNeA$GB6.SMrcsxPf51tK2Eo9Z.
aaa new-model
aaa authentication login local_authen local
aaa authorization exec local_author local
aaa session-id common
no ip source-route
ip port-map user-protocol--8 port udp 3392
ip port-map user-protocol--9 port tcp 3397
ip port-map user-protocol--2 port udp 3391
ip port-map user-protocol--3 port tcp 14000
ip port-map user-protocol--1 port tcp 3391
ip port-map user-protocol--6 port udp 3394
ip port-map user-protocol--7 port tcp 3392
ip port-map user-protocol--4 port udp 14100
ip port-map user-protocol--5 port tcp 3394
ip port-map user-protocol--10 port udp 3397
ip dhcp excluded-address 192.168.1.1 192.168.1.49
ip dhcp excluded-address 192.168.10.1 192.168.10.49
ip dhcp pool DHCP_POOL1
import all
network 192.168.1.0 255.255.255.0
dns-server 139.130.4.4 203.50.2.71
default-router 192.168.1.1
lease infinite
ip dhcp pool ccp-pool1
import all
network 192.168.10.0 255.255.255.0
dns-server 139.130.4.4 203.50.2.71
default-router 192.168.10.1
lease infinite
no ip bootp server
ip host SHAWN-PC 192.168.1.10
ip host DIAG 192.168.1.5
ip host MSERV 192.168.1.13
ip name-server 139.130.4.4
ip name-server 203.50.2.71
ip cef
ip cef load-sharing algorithm include-ports source destination
no ipv6 cef
multilink bundle-name authenticated
cts logging verbose
crypto pki trustpoint TP-self-signed-1982477479
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1982477479
revocation-check none
rsakeypair TP-self-signed-1982477479
license udi pid
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
redundancy
controller VDSL 0/0/0
operating mode adsl2+
controller VDSL 0/1/0
operating mode adsl2+
no cdp run
track timer interface 5
track 1 interface Dialer0 ip routing
delay down 15 up 10
track 2 interface Dialer1 ip routing
delay down 15 up 10
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
class-map type inspect match-all sdm-nat-user-protocol--7-1
match access-group 104
match protocol user-protocol--7
match access-group 102
class-map type inspect match-all sdm-nat-user-protocol--4-2
match access-group 101
match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--6-1
match access-group 103
match protocol user-protocol--6
class-map type inspect match-all sdm-nat-user-protocol--5-1
match access-group 103
match protocol user-protocol--5
class-map type inspect match-all sdm-nat-user-protocol--4-1
match access-group 102
match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--7-2
match access-group 101
match protocol user-protocol--7
class-map type inspect match-all sdm-nat-user-protocol--3-1
match access-group 102
match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--2-1
match access-group 101
match protocol user-protocol--2
class-map type inspect match-all sdm-nat-user-protocol--1-2
match access-group 102
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 101
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-user-protocol--2-2
match access-group 102
match protocol user-protocol--2
class-map type inspect match-all sdm-nat-user-protocol--3-2
match access-group 101
match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--8-2
match access-group 101
match protocol user-protocol--8
class-map type inspect match-all sdm-nat-user-protocol--9-2
match access-group 104
match protocol user-protocol--9
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-all sdm-nat-user-protocol--9-1
match access-group 101
match protocol user-protocol--9
match access-group 104
class-map type inspect match-all sdm-nat-user-protocol--8-1
match access-group 104
match protocol user-protocol--8
match access-group 102
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-nat-user-protocol--10-2
match access-group 104
match protocol user-protocol--10
class-map type inspect match-all sdm-nat-user-protocol--10-1
match access-group 101
match protocol user-protocol--10
match access-group 104
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any ccp-cls-insp-traffic
match protocol pptp
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all SDM_GRE
match access-group name SDM_GRE
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all ccp-protocol-http
match protocol http
class-map type inspect match-any CCP_PPTP
match class-map SDM_GRE
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-user-protocol--1-1
inspect
class type inspect sdm-nat-user-protocol--2-1
inspect
class type inspect sdm-nat-user-protocol--3-1
inspect
class type inspect sdm-nat-user-protocol--4-1
inspect
class type inspect sdm-nat-user-protocol--5-1
inspect
class type inspect sdm-nat-user-protocol--6-1
inspect
class type inspect sdm-nat-user-protocol--7-1
inspect
class type inspect sdm-nat-user-protocol--8-1
inspect
class type inspect sdm-nat-user-protocol--9-1
inspect
class type inspect sdm-nat-user-protocol--10-1
inspect
class type inspect CCP_PPTP
pass
class type inspect sdm-nat-user-protocol--7-2
inspect
class type inspect sdm-nat-user-protocol--8-2
inspect
class type inspect sdm-nat-user-protocol--1-2
inspect
class type inspect sdm-nat-user-protocol--2-2
inspect
class type inspect sdm-nat-user-protocol--9-2
inspect
class type inspect sdm-nat-user-protocol--10-2
inspect
class type inspect sdm-nat-user-protocol--3-2
inspect
class type inspect sdm-nat-user-protocol--4-2
inspect
class class-default
drop log
policy-map type inspect ccp-permit
class class-default
drop
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
interface Null0
no ip unreachables
interface Embedded-Service-Engine0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
interface GigabitEthernet0/0
description $ETH-LAN$
ip address 192.168.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
no mop enabled
interface GigabitEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
no mop enabled
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
interface ATM0/0/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface ATM0/0/0.2 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
interface Ethernet0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no mop enabled
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
interface ATM0/1/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 2
interface Ethernet0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no mop enabled
interface GigabitEthernet0/3/0
no ip address
interface GigabitEthernet0/3/1
no ip address
interface GigabitEthernet0/3/2
no ip address
interface GigabitEthernet0/3/3
no ip address
interface GigabitEthernet0/3/4
no ip address
interface GigabitEthernet0/3/5
no ip address
interface GigabitEthernet0/3/6
no ip address
interface GigabitEthernet0/3/7
no ip address
interface Vlan1
description $FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 7 1444405858557A
ppp pap sent-username [email protected] password 7 135645415F5D54
ppp multilink
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 7 01475E540E5D55
ppp pap sent-username [email protected] password 7 055F5E5F741A1D
ppp multilink
router eigrp as#
router eigrp 10
network 192.168.1.1 0.0.0.0
router rip
version 2
network 192.168.1.0
no auto-summary
ip forward-protocol nd
ip http server
ip http access-class 3
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source static tcp 192.168.1.10 3392 interface Dialer1 3392
ip nat inside source static udp 192.168.1.10 3392 interface Dialer1 3392
ip nat inside source static tcp 192.168.1.35 3391 interface Dialer0 3391
ip nat inside source static udp 192.168.1.35 3391 interface Dialer0 3391
ip nat inside source static tcp 192.168.1.5 3394 interface Dialer0 3394
ip nat inside source static udp 192.168.1.5 3394 interface Dialer0 3394
ip nat inside source static tcp 192.168.1.17 3397 interface Dialer0 3397
ip nat inside source static udp 192.168.1.17 3397 interface Dialer0 3397
ip nat inside source static tcp 192.168.1.10 14000 interface Dialer0 14000
ip nat inside source static udp 192.168.1.10 14100 interface Dialer0 14100
ip nat inside source route-map ADSL0 interface Dialer0 overload
ip nat inside source route-map ADSL1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer0 track 1
ip route 0.0.0.0 0.0.0.0 Dialer1 track 2
ip access-list extended NAT
remark CCP_ACL Category=18
permit ip 192.0.0.0 0.255.255.255 any
ip access-list extended SDM_GRE
remark CCP_ACL Category=1
permit gre any any
remark CCP_ACL Category=1
ip access-list extended STATIC-NAT-SERVICES
permit ip host 192.168.1.35 any
permit ip host 192.168.1.5 any
permit ip host 192.168.1.10 any
permit ip host 192.168.1.17 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
route-map ADSL0 permit 10
match ip address NAT
match interface Dialer0
route-map ADSL1 permit 10
match ip address NAT
match interface Dialer1
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark CCP_ACL Category=1
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny any
access-list 2 remark HTTP Access-class list
access-list 2 remark CCP_ACL Category=1
access-list 3 remark HTTP Access-class list
access-list 3 remark CCP_ACL Category=1
access-list 3 permit 192.168.1.0 0.0.0.255
access-list 3 deny any
access-list 10 remark INSIDE_IF=NAT
access-list 10 remark CCP_ACL Category=2
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 139.130.227.0 0.0.0.255 any
access-list 100 permit ip 203.45.106.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.1.10
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.1.35
access-list 101 permit tcp any any eq www
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.1.35
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.1.10
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 192.168.1.5
access-list 104 remark CCP_ACL Category=0
access-list 104 permit ip any host 192.168.1.17
control-plane
banner login ^CCE-Rescue Systems^C
line con 0
login authentication local_authen
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
authorization exec local_author
login authentication local_authen
transport input telnet ssh
line vty 5 15
authorization exec local_author
login authentication local_authen
transport input telnet ssh
scheduler allocate 20000 1000
end
Thanks
Shawn

Site to site VPN with windows server 2012

I am trying to connect our server to cisco site-to-site IPSec VPN with one of our partners servers, they asked us to implement the settings they gave us into our router, but actually we don't have access to the router, we are just connected directly with
our ISP. alternatively, we were informed that we can use software VPN instead, and yes we found a working one, tested and verified, but we have to pay for it to keep running.
Now my question is, having that we are running windows server 2012 R2, how can we establish this VPN connection directly from windows without the need to use third parties tools?
The only parameter that we have to connect are:
Gateway IP: xxx.xxx.xxx.xxx
Authentication Pre-shared Key: ######
Encryption: 3DES
Hash authentication: MD5
DH: Group1
No username or password is needed with this type of VPN.
Any help is appreciated.
Best regards, Abed

Hi,
You may try to configure the Windows Server 2012 (RRAS) as VPN router to connect to the 3rd party VPN server(compatible with Windows Server VPN).
Some samples just for your reference:
Checklist: Implementing a Site-to-Site Connection Design
https://technet.microsoft.com/en-us/library/ff687867(v=ws.10).aspx
TMG Configuring site-to-site VPN access
http://technet.microsoft.com/en-us/library/bb838949.aspx
More about how to deploy the RRAS on TMG please post in the TMG forum:
Forefront support forum
http://social.technet.microsoft.com/Forums/forefront/en-us/home?category=forefront
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Site-to-Site up but no ping for the local networks from both sides

I have set the tunnel up between ASA 5505 and ASA 5510, but I can't ping the local networks of both ASAs.
ASA 5505
ASA Version 8.2(5)
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 10.2.3.0 baghdad
name 195.112.215.16 CyberiaNetwork
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
switchport access vlan 3
interface Ethernet0/3
switchport access vlan 3
interface Ethernet0/4
switchport access vlan 3
interface Ethernet0/5
switchport access vlan 3
interface Ethernet0/6
switchport access vlan 3
interface Ethernet0/7
switchport access vlan 3
interface Vlan1
nameif inside
security-level 100
ip address 192.168.3.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 81.90.22.188 255.255.255.248
interface Vlan3
no forward interface Vlan1
nameif voice
security-level 100
ip address 192.168.1.1 255.255.255.0
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server 83.138.175.26
name-server 50.56.16.2
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service DM_INLINE_SERVICE_1
service-object ip
service-object tcp
service-object icmp echo-reply
service-object tcp eq h323
access-list outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.1.3.0 255.255.255.0
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 10.1.3.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside_access_in extended permit icmp any any echo-reply
access-list voice_access_in extended permit ip any any
access-list voice_access_in extended permit ip 10.1.3.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list voice_nat0_outbound extended permit ip any any
access-list voice_access_in_1 extended permit ip 10.1.3.0 255.255.255.0 any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu voice 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any voice
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 dns
nat (voice) 0 access-list voice_nat0_outbound
access-group outside_access_in in interface outside
access-group voice_access_in_1 in interface voice control-plane
access-group voice_access_in in interface voice
route outside 0.0.0.0 0.0.0.0 81.90.22.185 1
route outside 10.1.3.0 255.255.255.0 81.90.22.185 1
route outside CyberiaNetwork 255.255.255.240 81.90.22.185 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.3.0 255.255.255.0 inside
http CyberiaNetwork 255.255.255.240 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec security-association lifetime seconds 3600
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 20 match address outside_1_cryptomap
crypto map outside_map 20 set pfs
crypto map outside_map 20 set peer 195.112.215.19
crypto map outside_map 20 set transform-set ESP-DES-SHA
crypto map outside_map interface outside
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
    308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
    0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
    30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
    13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
    0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
    20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
    65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
    65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
    30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b
    30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
    496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
    74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420
    68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
    3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365
    63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7
    0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597
    a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
    9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc
    7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
    15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
    63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8
    18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
    4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
    81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201
    db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868
    7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101
    ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8
    45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777
    2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a
    1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
    03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973
    69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403
    02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969
    6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b
    c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
    69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
    1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603
    551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355
    1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609
    2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80
    4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
    b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
    6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc
    481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
    b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
    5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
    6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
    6c2527b9 deb78458 c61f381e a4c4cb66
quit
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 5
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
management-access voice
dhcpd auto_config outside
dhcpd address 192.168.3.5-192.168.3.36 inside
dhcpd auto_config outside vpnclient-wins-override interface inside
dhcpd enable inside
dhcprelay timeout 60
vpnclient server 109.224.18.242
vpnclient mode network-extension-mode
vpnclient nem-st-autoconnect
vpnclient vpngroup MGvilla password *****
vpnclient username rami password *****
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy GroupPolicy2 internal
group-policy GroupPolicy2 attributes
vpn-tunnel-protocol IPSec
tunnel-group 195.112.215.19 type ipsec-l2l
tunnel-group 195.112.215.19 ipsec-attributes
pre-shared-key *****
isakmp keepalive disable
prompt hostname context
call-home reporting anonymous
Cryptochecksum:fde05056fe6d738c0b99552721973ac6
: end
ASA 5510
Result of the command: "sh run"
: Saved
ASA Version 8.2(1)
hostname ciscoasa
domain-name Luna
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 195.112.215.17 Cyberiaip
name 82.146.160.65 RouterCyberia
name 10.1.15.6 test
name 10.1.5.20 server
name 10.2.3.0 VILLA
dns-guard
interface Ethernet0/0
nameif Cyberia
security-level 0
ip address 195.112.215.19 255.255.255.240
interface Ethernet0/1
nameif ServerVpn
security-level 100
ip address 10.1.5.234 255.255.255.0
interface Ethernet0/2
nameif VPN
security-level 100
ip address 10.1.3.198 255.255.255.0
interface Ethernet0/3
nameif Inside2
security-level 100
ip address 192.168.0.1 255.255.255.0
interface Management0/0
nameif management
security-level 100
ip address 192.168.2.1 255.255.255.0
management-only
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 0:00 last Sun Oct 0:00
dns domain-lookup Cyberia
dns domain-lookup ServerVpn
dns domain-lookup Inside2
dns server-group Backup
name-server 8.8.8.8
dns server-group DefaultDNS
name-server 4.2.2.2
domain-name Luna
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service DM_INLINE_SERVICE_1
service-object ip
service-object icmp echo-reply
object-group service DM_INLINE_SERVICE_2
service-object tcp
service-object icmp
service-object tcp eq h323
service-object ip
service-object icmp echo-reply
object-group service DM_INLINE_SERVICE_3
service-object ip
service-object tcp
service-object icmp echo-reply
service-object tcp eq h323
object-group service DM_INLINE_SERVICE_4
service-object ip
service-object tcp
service-object icmp echo-reply
service-object tcp eq h323
object-group service DM_INLINE_SERVICE_5
service-object ip
service-object icmp
service-object tcp
service-object icmp echo-reply
service-object tcp eq h323
access-list MGVoice_splitTunnelAcl standard permit 10.1.3.0 255.255.255.0
access-list Cyberia_access_in extended permit object-group DM_INLINE_SERVICE_3 VILLA 255.255.255.0 10.1.3.0 255.255.255.0
access-list Cyberia_access_in extended permit object-group DM_INLINE_SERVICE_4 192.168.1.0 255.255.255.0 10.1.3.0 255.255.255.0
access-list server_splitTunnelAcl standard permit 10.1.5.0 255.255.255.0
access-list Guardia_access_in extended permit object-group DM_INLINE_SERVICE_1 any any
access-list Accounting_access_in extended permit icmp any any echo-reply
access-list Voice_nat0_outbound extended permit ip 10.1.3.0 255.255.255.0 10.1.3.192 255.255.255.192
access-list Voice_nat0_outbound extended permit ip 10.1.3.0 255.255.255.0 any
access-list Cyberia_1_cryptomap extended permit ip 10.1.3.0 255.255.255.0 VILLA 255.255.255.0
access-list VPN_nat0_outbound extended permit object-group DM_INLINE_SERVICE_5 any any
access-list VPN_nat0_outbound extended permit ip 10.1.3.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list VPN_nat0_outbound extended permit ip 10.1.3.0 255.255.255.0 VILLA 255.255.255.0
access-list VPN_nat0_outbound extended permit ip 10.1.3.0 255.255.255.0 10.1.3.192 255.255.255.192
access-list VPN_nat0_outbound extended permit ip 10.1.3.0 255.255.255.0 10.1.3.224 255.255.255.224
access-list Voice_splitTunnelAcl_5 standard permit 10.1.3.0 255.255.255.0
access-list MGserver_splitTunnelAcl standard permit 10.1.5.0 255.255.255.0
access-list ServerVpn_nat0_outbound extended permit ip 10.1.5.0 255.255.255.0 10.1.5.192 255.255.255.192
access-list ServerVpn_nat0_outbound extended permit ip any any
access-list ServerVpn_nat0_outbound extended permit ip 10.1.5.0 255.255.255.0 10.1.5.240 255.255.255.240
access-list test_splitTunnelAcl standard permit 10.1.5.0 255.255.255.0
access-list mgvoice_splitTunnelAcl standard permit 10.1.3.0 255.255.255.0
access-list VPN_access_in extended permit object-group DM_INLINE_SERVICE_2 any any
access-list VPN_nat0_outbound_1 extended permit ip 10.1.3.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list VPN_nat0_outbound_1 extended permit ip 10.1.3.0 255.255.255.0 VILLA 255.255.255.0
access-list Cyberia_cryptomap_20 extended permit ip 10.1.3.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list Cyberia_access_in_1 extended permit ip 192.168.1.0 255.255.255.0 any
access-list Cyberia_access_in_1 extended permit ip VILLA 255.255.255.0 any
pager lines 24
logging enable
logging asdm informational
logging from-address [email protected]
logging rate-limit 50 15 level 4
mtu Cyberia 1500
mtu ServerVpn 1500
mtu VPN 1500
mtu Inside2 1500
mtu management 1500
ip local pool Vocie 10.1.3.235-10.1.3.245 mask 255.255.255.0
ip local pool test 10.1.5.241-10.1.5.254 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Cyberia
icmp permit any VPN
asdm history enable
arp timeout 14400
global (Cyberia) 1 interface
nat (VPN) 0 access-list VPN_nat0_outbound_1
access-group Cyberia_access_in_1 in interface Cyberia control-plane
access-group Cyberia_access_in in interface Cyberia
access-group VPN_access_in in interface VPN
router rip
route Cyberia 0.0.0.0 0.0.0.0 Cyberiaip 1
route VPN 0.0.0.0 0.0.0.0 10.1.3.2 2
route Cyberia 81.90.22.184 255.255.255.248 Cyberiaip 1
route Cyberia 192.168.1.0 255.255.255.0 Cyberiaip 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.2.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ASA-IPSEC esp-des esp-sha-hmac
crypto ipsec transform-set VILLA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set OFFICE esp-aes esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Cyberia_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Cyberia_map1 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Lunasat_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map MAP-OUTSIDE 1 match address Cyberia_1_cryptomap
crypto map MAP-OUTSIDE 1 set pfs
crypto map MAP-OUTSIDE 1 set peer 109.224.18.242
crypto map MAP-OUTSIDE 1 set transform-set VILLA
crypto map MAP-OUTSIDE 1 set security-association lifetime seconds 3600
crypto map MAP-OUTSIDE 20 match address Cyberia_cryptomap_20
crypto map MAP-OUTSIDE 20 set pfs
crypto map MAP-OUTSIDE 20 set peer 81.90.22.188
crypto map MAP-OUTSIDE 20 set transform-set VILLA
crypto map MAP-OUTSIDE 20 set security-association lifetime seconds 3600
crypto map MAP-OUTSIDE 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map MAP-OUTSIDE interface Cyberia
crypto ca server
shutdown
smtp from-address [email protected]
crypto isakmp identity address
crypto isakmp enable Cyberia
crypto isakmp policy 5
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
telnet timeout 5
ssh timeout 5
console timeout 0
management-access VPN
vpn load-balancing
interface lbpublic Cyberia
interface lbprivate ServerVpn
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable Cyberia
enable VPN
enable Inside2
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
group-policy server internal
group-policy server attributes
dns-server value 4.2.2.2 8.8.8.8
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value server_splitTunnelAcl
group-policy Voice internal
group-policy Voice attributes
dns-server value 4.2.2.2 8.8.8.8
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Voice_splitTunnelAcl_5
nem enable
client-firewall none
group-policy MGserver internal
group-policy MGserver attributes
dns-server value 4.2.2.2 8.2.2.2
vpn-tunnel-protocol IPSec l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value MGserver_splitTunnelAcl
group-policy MGVoice internal
group-policy MGVoice attributes
dns-server value 4.2.2.2 8.8.8.8
vpn-tunnel-protocol IPSec l2tp-ipsec svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value MGVoice_splitTunnelAcl
group-policy mgvoice internal
group-policy mgvoice attributes
dns-server value 4.2.2.2 8.8.8.8
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value mgvoice_splitTunnelAcl
username test password k83iXWPan0Gg1s04 encrypted privilege 0
username test attributes
vpn-group-policy Voice
username guardiairaq password espwxXvOvtn.9lWp encrypted privilege 0
username guardiairaq attributes
vpn-group-policy server
username George password Z/rrvuow9WD495rt encrypted privilege 0
username George attributes
vpn-group-policy Voice
username Mohammad password WeG4Vh8yUivCpxGJ encrypted privilege 0
username Mohammad attributes
vpn-group-policy Voice
username MohammadD password WeG4Vh8yUivCpxGJ encrypted privilege 0
username MohammadD attributes
vpn-group-policy server
username Rami password Ap6uwufXoaDJPqK5 encrypted privilege 0
username Rami attributes
vpn-group-policy Voice
username Ziad password JhgChsUSmHfac4nL encrypted privilege 0
username Ziad attributes
vpn-group-policy Voice
username Rabih password spWUrnXW1ECf5.vf encrypted privilege 0
username Rabih attributes
vpn-group-policy Voice
username Bassam password Us/9IhMANcKhz/ab encrypted privilege 0
username Bassam attributes
vpn-group-policy Voice
username Peter password DqbletTihLO7nNEm encrypted privilege 0
username Peter attributes
vpn-group-policy Voice
username server password vfxKzw279fclgSJI encrypted privilege 0
username server attributes
vpn-group-policy server
username Walid password APoN6.aEe2870Ndh encrypted privilege 0
username Walid attributes
vpn-group-policy Voice
username Walidserver password APoN6.aEe2870Ndh encrypted privilege 0
username Walidserver attributes
vpn-group-policy server
username bernard password V/Fqxj2ERUtY84vU encrypted privilege 0
username bernard attributes
vpn-group-policy Voice
username Vanity password 8v6Sr1IM6EXcsg20 encrypted privilege 0
username Vanity attributes
vpn-group-policy server
username Hani password 0FhVusN7CyzoUnZ9 encrypted privilege 0
username Hani attributes
vpn-group-policy Voice
username Ahmad password 1Vqu92EEjwYw4N.6 encrypted privilege 0
username Ahmad attributes
vpn-group-policy Voice
username Elias password FEvweu59nheZBOqM encrypted privilege 0
username Elias attributes
vpn-group-policy Voice
username Elie password Dm9wg5M.rlquePYM encrypted privilege 0
username Elie attributes
vpn-group-policy Voice
username Charles password 0mvBLjD9oOlpXvWM encrypted privilege 0
username Charles attributes
vpn-group-policy Voice
username Tony password k1lDmGM/jEHSwgiu encrypted privilege 0
username Tony attributes
vpn-group-policy Voice
username Chadi password x4YJISOa3GY9pG0r encrypted privilege 0
username Chadi attributes
vpn-group-policy Voice
username tonyb password sUb7eW6f55MDItCG encrypted privilege 0
username tonyb attributes
vpn-group-policy Voice
username Tino password onkxSs5qbJYmlepW encrypted privilege 0
username Tino attributes
vpn-group-policy server
username Rony password 37Hk2MJVRsiTwC11 encrypted privilege 0
username Rony attributes
vpn-group-policy Voice
username AliA password 4T3JfuTi1E0msmx4 encrypted privilege 0
username AliA attributes
vpn-group-policy Voice
username RonyG password 37Hk2MJVRsiTwC11 encrypted privilege 0
username RonyG attributes
vpn-group-policy server
username Aldo password Cq/XUHIHnvc9Ke1x encrypted privilege 0
username Aldo attributes
vpn-group-policy Voice
username Antoine password rJ4Y1txcY1fuURtk encrypted privilege 0
username Antoine attributes
vpn-group-policy Voice
tunnel-group DefaultL2LGroup ipsec-attributes
isakmp keepalive disable
tunnel-group MGVoice type remote-access
tunnel-group MGVoice general-attributes
address-pool Vocie
default-group-policy MGVoice
tunnel-group MGVoice ipsec-attributes
pre-shared-key *
tunnel-group server type remote-access
tunnel-group server general-attributes
address-pool test
default-group-policy server
tunnel-group server ipsec-attributes
pre-shared-key *
tunnel-group mgvoice type remote-access
tunnel-group mgvoice general-attributes
address-pool Vocie
default-group-policy mgvoice
tunnel-group mgvoice ipsec-attributes
pre-shared-key *
tunnel-group 109.224.18.242 type ipsec-l2l
tunnel-group 109.224.18.242 ipsec-attributes
pre-shared-key *
isakmp keepalive disable
tunnel-group 81.90.22.188 type ipsec-l2l
tunnel-group 81.90.22.188 ipsec-attributes
pre-shared-key *
isakmp keepalive disable
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map type inspect im MSNBlock
parameters
match service chat conference file-transfer games voice-chat webcam
drop-connection log
prompt hostname context
Cryptochecksum:772d567a5ee1458daec08caad6009da9
: end

I have added the permit any any on the outside and vpn interfaces of both ASAs. I also change the source and destination of the nat exempt rule to any any.

Load balancing to JDBC connection pool

from http://e-docs.bea.com/wls/docs61///////cluster/overview.html
"WebLogic Server provides limited load balancing support for managing JDBC
connections in a cluster. If you create an identical JDBC DataSource in each
clustered WebLogic Server instance and configure those DataSources to use
different connection pools, the cluster can support load balancing for JDBC
connections. Note, however, that WebLogic Server provides no special load
balancing policies for accessing connection pools. If one of your connection
pools runs out of JDBC connections, the load balancing algorithm may still
direct connection requests to the empty pool."
How is this different from creating one connection pool with one datasource
and targetting the cluster. Are they talking about load-balancing to
different databases, or different servers in WLS. from a servlet or from a
client side app?
Can anyone elaborate?
Thanks in advance.

hi,
without knowing the entire set of requirements or the motivation behind doing this, a few words from me
this is usually done transparently to the applications server, that is having eg. Oracle instances mirroring eachother for extreme high-availability requirements.
1. I would have taken the liberty of calling this business funcionality and let my middleware do the implementation of this. The most elegant solution would probably be to call the master DB for the CUD operation, then post a message to a queue letting the slave DB be updated asynchronously. If the message could not be sent, throw an exception and have the entire operation rolled back.
If however this must happen realtime and transactions must be consistent, there are a few points to consider. And the quieing bit would not work.
if this is something that should be done for all Create, Update and Delete operations, an intercepting JDBC driver could do the trick. Although there are all sorts of different problems that could arise from this, for starters, at least one of the DBMS involved here should be XA compliant. If the entire transaction should be XA compliant, both DBMS must be XA compliant. Next as for the transaction towards the "mirroring" DBMS you would have to do all the transaction stuff your self.
For an example of an intercepting JDBC driver, I found thisone
http://media.datadirect.com/download/docs/jdbc/jdbcref/spy.html
I would guess that there are quite a few more.
- [url http://blog.thej2eestruggle.com]Anders Mathisen
Edited by anders.mathisen at 01/21/2007 2:53 PM

GSS act as an authoritative DNS for non-load balanced sites?

I have a client asking if a GSS can be the authoritative DNS server for their entire domain. This would include sites that are not load balanced.
TIA,
Dan

Hi Dan,
Yes, you would just have to create a new domain under the Domain Lists, create an Answer Group associated to that domain and then you can start adding DNS answers. For non-load balanced sites you would just have one answer in your answer group.
Sincerely,
Kyle

ISDN backup for ADSL connected sites using separate router

In our set-up we have a central site with a large number of remote sites connected.
We have moved a number of remote sites from ISDN connections to ADSL connections. However, we would like to keep the ISDN and use it for backup.
The problem I have is - how do I implement ISDN backup with our current set-up? From the documentation, I can see how to do this for more "straightforward" set-ups but not for the set-up we have! Let me explain:
At the central site, we have a Cisco 7206 router. The ISDN connected sites connect directly to this router (which is configured with a large number of dialer map statements for each site)
The 7206 connects to a PIX515E firewall. The ADSL connected sites connect over the public internet using IPSEC with the tunnels terminating on the PIX.
The 7206 router contains static routes for the ADSL connected sites, pointing to the firewall.
At the remote sites, we have a Cisco 837 router for the ADSL connection.
This is connected (via ethernet) to the router we want to use for ISDN backup - a Cisco 800. The 837 and 800 are configured with HSRP.
However, at the moment, if the 837 or the ADSL link was to go down, there would be no means to connect to the central site. How can we configure this to use the 2nd router for ISDN backup, given our set-up?
Any suggestions would be greatly appreciated!
(incidentally, I have only recently joined this company and have taken this over, without any information to go on as to why things are set up as they are !)

Hello again,
I think you can pretty much ignore my last message. I've done a bit more digging and I think I have a better idea of what you mean now!
Lets see if I've got this about right. To recap:
I need to set up a GRE tunnel between the remote site and 7206 router at head office, which in turn would be using IPSEC tunnel between remote router and PIX.
So, steps required:
1) set up IPSec tunnel to to PIX (this is the way it is already currenly configured - am I right in thinking no further configuration would be required as far as the PIX is concerned, for the new set-up?)
2) set up GRE tunnel between remote ADSL router and 7206 - requires tunnel interface on both router with start point and end point configured. Use GRE keepalive to enable the line protocol to be brought down if the far end cannot be reached.
3) Add static routes on ADSL router to reach head office network via tunnel interface
4) Add static route on 7206 router to reach remote network via tunnel interface
5) Configure ISDN map statement on 7206 mapping remote network to ISDN number
6) Configure "floating" static routes on 7206 to use ISDN to reach remote network
7) Configure HSRP on ADSL and ISDN routers with tracking of tunnel interface. If tunnel interface goes down, then ISDN router takes over as active.
8) Configure static routes on ISDN router to point to head office network using BRI0 interface.
So, under normal operation, traffic between head office and remote office will be routed across the GRE tunnel using the ADSL link.
If the ADSL link was to go down then the GRE tunnel would also go down. So, the 7206 would then use the floating static routes to reach the remote network via the ISDN connection.
The ISDN router would take over as active at the remote site since the tunnel interface would have gone down, forcing the HSRP to failover.
Does that all sound about right? Is there anything I've missed?
I'll start trying to put some configurations together when I get the chance - but, if its ok, I'll probably run these past you too, just to make sure they seem correct!
Thanks,
Neil

MPLS Handling of Aggregated ADSL-connected sites

I'm familiar with serially-connected sites entering an MPLS core, where there is a physical connection associated with each site, and so the site is simply identifiable to the MPLS PE by virtue of a physical port. However, I'm trying to get my head round how to handle ADSL connections, where many sites' traffic is aggregated into one bearer. How does the MPLS network associate the right traffic with the right site under these conditions? Sorry if this is a bit of a "dumb newbie" question, but I've googled extensively, and just haven't got to the stage where I feel confident in my understanding.
Jim

Hi Jim,
When using DSL most architectures use PPPoA/PPPoE (you could just bridge at the dslam and use no PPP but that would result in a subinterface a VRF could be configured on).
PPP will create a virtual-access interface per PPP authentication (username).
When the virtual interface is being created the provider router (LNS) will ask a radius server if the user can be granted access. If yes, the radius can also give the router configuration information which can include IP address and VRF.
Ultimately the traffic is kept separate because point to point logical sessions can be built on top of a multi access network (PPPoE).
Hope this helps,
Matt Ayre

Correct route for ADSL connection

Hi
I found a couple of threads on this topic but none of them seemed to be plain enough for a newbie to understand. I use an ADSL connection for my home box. The connection uses pppoe for authentication. When I start the computer, I have to run the following commands on every run to get access to internet:
su
route del default
route add default gw 81.91.128.10
Here is what my rc.conf reads:
# /etc/rc.conf - Main Configuration for Arch Linux
# LOCALIZATION
# LOCALE: available languages can be listed with the 'locale -a' command
# HARDWARECLOCK: set to "UTC" or "localtime"
# TIMEZONE: timezones are found in /usr/share/zoneinfo
# KEYMAP: keymaps are found in /usr/share/kbd/keymaps
# CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
# CONSOLEMAP: found in /usr/share/kbd/consoletrans
# USECOLOR: use ANSI color sequences in startup messages
LOCALE="en_US.utf8"
HARDWARECLOCK="localtime"
TIMEZONE="Asia/Tehran"
KEYMAP="us"
CONSOLEFONT=
CONSOLEMAP=
USECOLOR="yes"
# HARDWARE
# Scan hardware and load required modules at bootup
MOD_AUTOLOAD="yes"
# Module Blacklist - modules in this list will never be loaded by udev
MOD_BLACKLIST=(pcspkr)
# Modules to load at boot-up (in this order)
# - prefix a module with a ! to blacklist it
MODULES=(mii slhc via-rhine ac97_bus snd-mixer-oss snd-pcm-oss snd-seq-oss snd-seq-device snd-seq-midi-event snd-seq snd-page-alloc snd-pcm snd-rawmidi snd-timer snd snd-mpu401-uart snd-mpu401 snd-ac97-codec snd-via82xx soundcore fuse)
# Scan for LVM volume groups at startup, required if you use LVM
USELVM="no"
# NETWORKING
HOSTNAME="localhost"
# Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available
# interfaces.
# Interfaces to start at boot-up (in this order)
# Declare each interface then list in INTERFACES
# - prefix an entry in INTERFACES with a ! to disable it
# - no hyphens in your interface names - Bash doesn't like it
# Note: to use DHCP, set your interface to be "dhcp" (eth0="dhcp")
lo="lo 127.0.0.1"
eth0="dhcp"
INTERFACES=(lo eth0)
# Routes to start at boot-up (in this order)
# Declare each route then list in ROUTES
# - prefix an entry in ROUTES with a ! to disable it
gateway="default gw 81.91.128.10"
ROUTES=(gateway)
# Enable these network profiles at boot-up. These are only useful
# if you happen to need multiple network configurations (ie, laptop users)
# - set to 'menu' to present a menu during boot-up (dialog package required)
# - prefix an entry with a ! to disable it
# Network profiles are found in /etc/network-profiles
#NET_PROFILES=(main)
# DAEMONS
# Daemons to start at boot-up (in this order)
# - prefix a daemon with a ! to disable it
# - prefix a daemon with a @ to start it up in the background
DAEMONS=(syslog-ng network netfs crond dbus hal adsl privoxy tor keytouch)
# End of file
Here's my ifconfig output:
eth0 Link encap:Ethernet HWaddr 00:05:5D:C8:A5:AA
inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::205:5dff:fec8:a5aa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:93252 errors:0 dropped:0 overruns:0 frame:0
TX packets:69563 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:106552708 (101.6 Mb) TX bytes:6338531 (6.0 Mb)
Interrupt:5 Base address:0xd000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:931 errors:0 dropped:0 overruns:0 frame:0
TX packets:931 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1886158 (1.7 Mb) TX bytes:1886158 (1.7 Mb)
ppp0 Link encap:Point-to-Point Protocol
inet addr:91.184.72.216 P-t-P:81.91.128.10 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:92873 errors:0 dropped:0 overruns:0 frame:0
TX packets:69152 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:104480285 (99.6 Mb) TX bytes:4801320 (4.5 Mb)
What should I do to get the thing done without any manual intervention?

Please refer to this wiki for the detailed and correct steps to set it up:
http://wiki.archlinux.org/index.php/PPP … _with_pppd
And remember to set eth0 up in rc.conf as follow:
eth0="eth0 0.0.0.0 up"
I don't know why you have to set route up manually. I thought that the pppd daemon will do it for you.
And... just use /etc/rc.d/pppd not /etc/rc.d/adsl.
Hope this helps.
BR,
bsdson.tw

Using IP SLA and EEM to provide 3G backup to ADSL connection on CISCO887VAG+7-K9 router

On a Cisco887VAG+7-K9 router, I want to be able to use IP SLA and EEM to track connectivity to an external address via my ADSL line, if connectivity is UP then I want the 3G interface to be admin shutdown. If connectivity is down, then I want the 3G interface to be activated and connectivity to resume via 3G.
I have configured this and it works apart from one problem. If the config on the router is written to startup memory while the 3G interface is admin shutdown, we subsequently have a problem with the ADSL line and the router is then rebooted, then the EEM does not seem to re-activate the 3G interface so all connectivity is lost until the ADSL is returned to service. i.e. it seems to be the case that if the IP SLA starts off as "Down" then the EEM doesn't take any action. The IP SLA has to have gone into the "up" state before it starts working? Does that make sense and, if so, is there any way round it?
For info, here is my IP SLA and EEM config:
ip sla 1
icmp-echo 8.8.8.8 source-interface dialer2
timeout 60000
ip sla schedule 1 life forever start-time now
track 1 ip sla 1 reachability
ip route 0.0.0.0 0.0.0.0 Dialer2 track 1
ip route 0.0.0.0 0.0.0.0 Dialer1 20
event manager applet 3G-ACTIVATE
event track 1 state down
action 10 cli command "enable"
action 20 cli command "configure terminal"
action 30 cli command "interface Cellular0"
action 40 cli command "no shutdown"
action 50 cli command "end"
event manager applet 3G-DEACTIVATE
event track 1 state up
action 10 cli command "enable"
action 20 cli command "configure terminal"
action 30 cli command "interface Cellular0"
action 40 cli command "shutdown"
action 50 cli command "end"
Any assistance/advice on getting this to work effectively would be appreciated!
Thanks.

Yes, basically, when the tracked object is not reachable on initial router boot, the router doesn’t detect a transition of the tracking object from up to down and therefore does not execute the associated EEM script.
So, in my case, if I have an ADSL fault and the 3G interface has taken over, if the router is subsequently rebooted, all connectivity will be lost because the startup config of the router has the 3G interface as admin down and the EEM script to activate it does not kick in.
I've tried using "default-state up" under the track config but this didn't seem to have any effect - the reachability of my IP SLA was still down after a router reboot with no ADSL connection.
I also tried your script but this gave the errors:
%HA_EM-3-FMPD_ACTION_NOTRACK: bump-track: unable to set state for tracking object number 1; object does not exist or is not a stub-object.
Mar 19 10:23:00.005: %HA_EM-3-FMPD_ERROR: Error executing applet bump-track statement 1.0 %HA_EM-3-FMPD_ACTION_NOTRACK: bump-track: unable to set state for tracking object number 1; object does not exist or is not a stub-object.
Mar 19 10:23:00.005: %HA_EM-3-FMPD_ERROR: Error executing applet bump-track statement 1.0
I'm not sure how to resolve that?
Any further advice would be welcome! Thanks.

Two adsl connection on router

Hi Guys,
I have a router with two adsl connection, one of them is working fine. The another one I cannot see any packet going to the ISP. The interface atm is up, there is no reset, error, etc but the router doesn't try to connect to ISP, I see this when I enable debug ppp authentication.
The two links are from the same service provider, so I have swap the links to be sure that both are working. I had no issues with links. The configuration are the same as you can see below, just the username and password are different.
Any idea where is the issue?
interface atm0
no shut
no ip address
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface dialer1
ip address negotiated
no ip directed-broadcast
ip nat outside
encapsulation ppp
dialer pool 1
ppp chap hostname [email protected]
ppp chap password 123A
ppp pap sent-username [email protected] password 123A
interface atm1
no shut
no ip address
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 2
interface dialer1
ip address negotiated
no ip directed-broadcast
ip nat outside
encapsulation ppp
dialer pool 2
ppp chap hostname [email protected]
ppp chap password 123B
ppp pap sent-username [email protected] password 123B
Cheers

Hi Vasilii,
Thank you for your reply. Actually the IOS was the issue, that one that I was using doesn't support the configs that I need. After the upgrade it started to work straightaway.
Tks

What is maximuam site to site connection cisco router 2821

Hi, i want to setup multiple site to site connection, between my headoffice and remote offices.
on HeadOffice, i've cisco router 2821, with IOS model:
c2800nm-adventerprisek9-mz.124-20.T.bin
There is no extra hardware module on this router, and i want to know the number>
What i've found on internet, is that is support up to 10 Cisco VPN Clients, but i've already tested it with 14 simultanious users, so i'm in doubt.
let me know

Duplicate posts. :P
GO here: https://supportforums.cisco.com/discussion/12135781/what-maximuam-site-site-connection-cisco-router-2821

Remote site redundancy IPSEC VPN between 2911 and ASA

We already have IPSEC VPN connectivity established between sites but would like to introduce some resilience/redundancy at a remote site.
Site A has an ASA with one internet circuit.
Site B has a Cisco 2911 with one internet circuit and we have established site-to-site IPSEC VPN connectivity between the 2911 and the ASA.
Prior to getting the new internet circuit, Site B had a Cisco 877 with an ADSL line which are still available but aren’t currently in use.
The internet circuit at Site B has dropped a few times recently so we would like to make use of the ADSL circuit (and potentially the 877 router too) as a backup.
What is the best way of achieving this?
We thought about running HSRP between the 877 and 2911 routers at Site B and, in the event of a failure of the router or internet circuit, traffic would failover to the 877 and ADSL.
However, how would Site A detect the failure? Can we simply rely on Dead Peer Detection and list the public IP address of the internet circuit at Site B first with the public IP address used on the ADSL line second in the list on the ASA? What would happen in a failover scenario and, just as important, when service was restored – I’m not sure DPD would handle that aspect correctly?
I’ve read briefly elsewhere that GRE might be best to use in this scenario – but I can’t use GRE on the ASA. I have an L3 switch behind the ASA which I may be able to make use of? But I don’t want to disrupt the existing IPSEC VPN connectivity already established between the ASA and the 2911. Can I keep IPSEC between the ASA and 2911 but then run GRE between the L3 switch and the 2911? If so, how would this best be achieved? And how could I also introduce the 877 and ADSL line into things to achieve the neccessary redundancy?
Any help/advice would be appreciated!

Hello,
I don't think GRE tunnel that you could set up on the switch behind ASA would be really helpfull. Still site-2-site tunnel you want to establish between ASA and some routers, but still it is ASA which needs to make decision about which peer to connect to.
Possible solution would be to do HSRP between both routers on LAN side and with two independent tunnels/crypto maps (one on each of them). On ASA you would need to set up two hosts in set peer. Problem of this solution is that if one router at side B is going to go down and second ADSL line will take over ASA will not do preempt after you main Internet connection is up again. This would happen after ADSL Internet connection will be down.
Solution to that would be to assign two different public IP addressess on two different interfaces of ASA. Then you attach two crypto maps to both interfaces and by using sla monitor (let's say icmp to main router, if it does not respond then you change routing for remote LAN to second interface) you are selecting which crypto map (with one peer this time) should be used.
I hope what I wrote makes some sense.

My wife and I share our Mac OS 10.6.8 since downloading Skype on her account she can not stay connected to any web site she pulls up. I removed Skype from here account but it stll happens. What can I do to clear this up?

My wife and I share the same Mac OS 10.6.8 and since downloading Skype on her accout she came not asty connected to any web site for more than a few seconds. I have remove Skype from her account but not mine. I don't have the problem on my accout and I still have Skype loaded. How can I fix this problem?

O.k. Thanks for the clarification. I poked around in my TimeCapsule router's settings (TimeCapsule is an Apple Airport Extreme router with attached hard drive for wireless backup/storage). Unfortunately, it doesn't look like I can disable multicasting with the TimeCapsule. I can change the multicasting 'rate'. Settings are Low, Medium, High. It's currently set to Low.
I did a few web searches, and found an Apple.com article: <http://support.apple.com/kb/HT3789?viewlocale=en_US> which explained how to disable Bonjour Service Advertisements. I believe this is the same thing as 'Multicasting'. The process is a modification of "/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist", and a restart of the Mac is required afterwards.
I'm a bit concerned that disabling multicasting will interfere with my AppleTVs and iTunes music sharing, but I may try it next time I'm up for a computer workout. This task will require editing of system preference files, could require multiple restarts, might interfere with my AppleTVs, could interfere with my iTunes file sharing, doesn't have a documented relationship to my problem.
This is way to difficult for something that should just work. Did you say you had read something about a relationship between this bonjour multicasting and smb connectivity? If it was online could you post the link?
I'm currently able to connect to the drive using NFS, but I have to manually configure that connection each time I reboot (can't get the 'Disk Utility' configured to do it automatically). While it's working with NFS, it's not my preferred connect method (for various reasons).

2 x 2911 HSEC router 3 ADSL connections each Site ti Site VPN Load Balancing Failover

Similar Messages

Maybe you are looking for