Controlling Traffic Over SA520 VPN

Similar Messages

• Control Packets over non-MPLS connection

  Is it possible to configure Cisco router 7204 to send BGP packets not over LSP that has been established for the BGP peer, PE router, but over non-MPLS connection, while all data traffic to the PE router get forwarded through the LSP. In other words, I'm wondering it is possible to constrain all control
  packets, including BGP, OSPF and LDP, to the non-MPLS interfaces, even though the LSP exists for the destination prefixes for the BGP packets.
  I hope it could be applied to establishing MP-iBGP sessions between PE routers in MPLS/VPN network, in other words, we want all BGP packets not be forwarded through the LSP established between two PE routers, which is actually an ATM LER system since we have established non-MPLS connections between LERs in order to forward control packets including routing protocol and MPLS signaling protocol.
  Any response will greatly appreciated.
  Regards,
  Yongjun.

  Yongjun,
  r1------r2-----r3
  \-------r4----/
  r1, r3 are PEs
  r2 is a P rotuer
  r4 is a non-LSR
  r1-r2-r3 is LSP
  r1-r4-r3 is a ip path, non-lsp
  Then, you can do 'local-policy routing on r1 and r3 to send the Bgp control traffic over r1--r4--r3 path.
  config on r1:
  ip local policy route-map foo
  route-map foo perm 10
  match ip addr 100
  set ip next-hop
  access-list 100 perm tcp host eq 179 host
  access-list 100 perm tcp host host eq 179
  you got to do similar config on r3.
  let me know if you have further q's.
  best regards,
  gopal

• How can i use an existing vpn connection without using the option "Send all traffic over vpn connection"?

  I have been trying to get my computer (os x.7) to astablish a remote desktop connection to my work computer via a vpn tunnel. In fact I have just discovered that it works fine if i select to "send all traffic over vpn connection" from the options in the advanced setup of the vpn.
  If the option is selected microsofts "Remote desktop connection for mac" works just fine. However without selecting the option it is not taking advantage of the tunnel but tries to connect as if the tunnel would not exist.
  Now the question is how do I get program to use the vpn tunnel without checking the above option?
  Thanks for any hints and pointers.

  Then can her computer be authorized to both accounts?
  Absolutely. You can authorize any given computer to up to five iTunes Store accounts.
  If purchases are made on her account, to a computer authorized to my account, can I put those songs on my iPod?
  If you connect your iPod to her computer, yes. Tracks download only to the computer from which they're purchased, regardless of which iTunes Store account is used for the purchase. Or you could copy the tracks from her computer to yours and then authorize your computer to her iTunes Store account. But that's sort of defeating the original purpose, it would seem to me.
  is it better to buy music through Amazon downloads and/or actually purchasing CDs to avoid the security features iTunes puts on its music?
  That's certainly an option. If it's an entire album I want, I buy CDs. That way I can import them at the quality I want and to whichever of my systems I want. Amazon or one of the other download stores that offer tracks as MP3 are also an option, though for me download stores are best when you just want a couple of tracks off a given CD.

• Cisco 857W that freeze when a lot of traffic travel over a VPN tunnel...

  Hi to all...
  i've a serious trouble with 2 cisco 857w...
  They will freeze!
  Between them there is a ipsec tunnel, over the vpn tunnel there are 2/3 termianl services connections, and some outlook/exchange clients.
  While all work great when only 2 terminals are working, the branch office router(sometimes also the main office router...) stop responding when someone other onen outlook or open a new ts connection. Both lines are 4mb download and 512 upload, that must be emough...
  The attached config is the sh run of the router that freeze only sometimes (the other that freezes frequently is 90% identical).
  I avent's still updated the adsl FW...
  [code]
  Init FW: embedded
  Operation FW: embedded
  FW Version: 2.5.42
  [/code]
  Until not too much traffic is sent trougth the vpn tunnel, all ok, work really well.
  Someone can help me how to find where is the problem?? It's a config problem??
  Thanks to all!

  I meant to say I have a MBPro and an IPAD 3...

• 9.0 can a dynamic nat be used over ipsec vpn?

  9.0 can a  dynamic nat be used over ipsec vpn?
  we have a vpn up and working between two asa's and when we run the traffic through a static nat rule the traffic passes over the vpn. When we use a dynamic nat the traffic does not get picked up by the vpn ACL. 
  we are disabling the nat rules to switch back and forth so even when we use the same source destination the result is the same. 
  Am I missing something with 9.0 code versions? If i disable all nats and pass the traffic it goes over the vpn. 
  So it seems when using the dynamic nat statement it pushes the traffic to the outside interface without looking at the vpn acl. Please let me know if I am off base I am a newb on post 8.3 code. 
  Thanks

  I didn't do that at first because I remember reading something about in ver 9 to only use the unnatted IP because of order of ops. That seemed weird to me at the time. 
  Yes it seems that you need the nat ip like always. Should have just went with my gut on that. 
  Thanks

• Trouble accessing a remote machine via ARD over a VPN

  Hi There,
  I'm having  trouble accessing a remote Workstation via ARD over a VPN.
  The VPN is set up and I can:
  - Control our 10.6 server via ARD remotely
  - Mount volums from the 10.6 server remotely
  - Access another server (we run an accounting server) remotely
  But we can't access a Workstation using ARD.
  I can connect to the Workstation when in the office so assume it's configured for access - I guess I suspect the issue lies with the Firewall on the 10.6 server and/or the Netgear FSV366G Firewall.
  The VPN is setup on the 10.6 server so figure it's something to do with Snow Leopard server?
  I'm just not sure how to narrow things down and fix the issue - although I setup the server I'm not super Unix savvy.
  Any help or pointers in the right direction would be much appreciated.
  Cheers
  Ben

  I can't say for certain what is going wrong in your case but I can confirm it is possible to do an ARD connection i.e. Screen Sharing to a remote user connected via a VPN. The way we do this is to get the user to connect to the VPN server (a Mac OS X Server), then on the Mac OS X Server in Server Admin see what IP address they have been allocated by the VPN server, then tell ARD Admin to connect to that IP address.
  This works fine for me.
  The IP address will be a 'local'  to the ARD and VPN machines IP address it would not be the remote public or private IP addresses.

• Route Internet over Pix VPN to Sonicwall

  Have a working VPN from Pix501 at remote site to Sonicwall 3060 enhanced at Cental Office. Would like remote site to use the Sonicwall for Internet. Basic setup...
  LAN--Pix----Internet----Sonicwall--LAN
  Thanks

  So you basically want all traffic to pass over the tunnel, just define your nat exemption and interesting traffic acl's as being "to any". This will force all traffic over the tunnel. As far as the internet access is concerned, can't help you with the sonicwall, but it sounds like you want to do something like "public internet on a stick" or outside nat.

• Map Traffic over GE links with Etherchannel in 4500 platform

  Hi,
  Does anybody have experience with the command "show platform software etherchannel..." over 4500s?
  For instance:
  sw#sh platform software etherchannel port-channel 3 map ip 10.1.1.1 10.1.1.3
  Map port for Ip 10.1.1.1, 10.1.1.3 is Gi3/3(Po3)
  NOTE: Software forwarded traffic will use Gi3/1(Po3)
  We are concerned about the "Software Forwarded Traffic". One could think that is related to CPU forwarded traffic (L2 control traffic eg, CDP, PAgP, etc etc).
  However in some tests we are suspecting that ICMP traffic is passing through that link instead of the the link mentioned as "map port" (ICMP traffic not originated nor received at the switch).
  Is this command 100% reliable ?
  Thanks

  You can use the following command to verify which type of traffic (source/destination,
  mac/ip/l4-port) would select which member port within etherchannel.
  show platform software etherchannel port-channel map mac
  ex :
  Cat4507#$e etherchannel port-channel 2 map mac 0000.0000.0000 1111.1111.1111
  Map port for mac 0000.0000.0000, 1111.1111.1111 is Fa4/48(Po2)
  NOTE: Software forwarded traffic will use Fa4/48(Po2)
  Use the above command for a channel that is up.

• Troubleshooting RPC issue over ASA VPN

  Hello,
  I have a IPSec VPN Tunnel between my corporate data center and a satellite service provider.  I also have 2 trucks, A & B, with networks on them.  These truck networks communicate via satellite to the provider base station, and then across the VPN tunnel to our corp. data center.  The A & B truck networks each have a Windows Domain Controller that communicates to our DCs in the data center, for Active Directory replication.  They are using RPC for this.
  Both truck networks and servers were tested and worked perfectly when first tested and deployed.
  ASA 5510 running IOS ver 8.2(1)
  About a month ago, truck B lost it's ability to communicate via RPC to the DCs in the data center.  Nothing has changed on the network on my side as well as the satellite provider side.  I've looked through my VPN logs and firewall logs, but don't see anything that indicates a probable cause.  There is no evidence of requests being denied on my firewall, and the VPN ACLS.
  The one strange thing I've noticed when doing some tests is that I don't see interesting traffic hitting the ACL on the ASA when trying to PING or traceroute from the truck B server, or when the RPC request is being run.  BTW, the truck B server can PING and traceroute over the VPN tunnel to servers in the data center just fine.  And the reverse it also true. Just the RPC doesn't work.
  Here's the RPC error output:
  NtFrsApi Version Information
     NtFrsApi Major      : 0
     NtFrsApi  Minor      : 0
     NtFrsApi Compiled on: Feb 16 2007 20:10:33
  ERROR -  Cannot RPC to computer, odyssey; 00000721 (1825)
  Below is a traceroute from the truck B server to the data center server.  Notice the multiple entries for server accord?
  I seem to remember that this kind of behavior occurs whent an IP Address is being Natted.  Is that correct?
  Any suggestions are greatly appreciated.

  Thanks Pranesh,
  I haven't checked IPsec tunnel but I assumed that since I get successful connection to the VPN tunnel, the tunnel is up.  I have very limited knowledge about this; still learning the basics for CCNA certification.    The wiered thing is when I swap out ASA-5505 with home netgear router (at home), I don't have any problem accessing inside network at the temple.  Therefore, my assumption is something is wrong on my ASA-5505 config at home (the confg is pasted in intitial post.).  Please advise.
  Again thank yo so much for your help.

• Forward internet traffic over openvpn?

  My current setup is that I have an openvpn server running at home and a client running on my laptop. The connection works (I can ssh over it) but I want to forward my (web browsing) traffic over it as well. Does anyone know how to accomplish this? I'm running KDE if that helps.

  Another option would be to set your gateway to the far end of the vpn and make sure you enable routing on that box. That would make *all* traffic bound for the internet travel through the vpn. This may not be what you want.
  One thing to watch with the proxy aproach is that while your web traffic is sent through the vpn, your dns lookups will stil be going through your isp making it possible to see which websites you have been to. There is an option in firefox to fix this if it bothers you.

• How can I see shared review comments in a PDF when connected to a SharePoint server over a VPN?

  I am using Acrobat Pro XI on Windows 7.
  When I issue a shared review, hosted on our work SharePoint server, I always encounter problems when accessing my work network from home, over a VPN. My comments do not get published, and I cannot see comments that reviewers have published.
  I issue the review PDF as an attachment when I open the review, and all reviewers save a local copy of this file. When I open the PDF, the "Welcome back to shared review..." screen is never updated with the number of comments. The server status always seems to show green, but the comment reporting mechanisms do not behave as they do at work. When I click Publish comments, I am usually asked if I wish to take ownership of unpublished comments by other reviewers (to which I click No). When I return to the office, everything seems to "just work" again. But this is hugely inconvenient if I am out of office for days on end.
  I had this problem with my previous version of Acrobat, and no satisfactory solution was ever reached. I am most dismayed to find it is still present in version XI.
  Please can anyone advise?

  I don't know if you solved this issue yet. But we have the same issue in the pass, and clean the log files under "\Synchronizer\resources\" folder seems to be a solution. Here is the thread talking about it.
  https://forums.adobe.com/thread/1426298?start=0&tstart=0

• Is it OK to have two SBS Servers with same name, on different subnets but connected over a VPN?

  Hi Everyone,
                     I'm just about to connect up two SBS 2011 Servers with the same server name but on different subnets & domains over a VPN.
  So for example both servers will have the name Server01, one would have an ip address of 192.168.85.5, the other 192.168.86.5, they both then would be connected over a VPN.
  Can anyone foresee any issues with this configuration, like DNS & DHCP requests, adding new machines to the domain, mapping drives etc.
  Many thanks,
  Nick

  Hi Larry & Strike First,
                    Thank you for your responses. I understand that this is an unusual situation. Basically I've recently taken over the IT support for this client. The client has just had a new phone system installed
  & are asking if they can speak to each office internally, which can easily be done once I setup the VPN.
  However I noticed whilst looking at this further that the Server names are the same, hence my question?
  Am I right in saying that providing the workstations  have a trust relationship with their own domain controllers through their individual domains on separate subnets, that hopefully there shouldn't be any DNS issues between the two domains and Servers?
  I could build a new VM if you feel it would be better practice to do so?
  Many thanks for your assistance,
  Nick

• What happened to command control D over text?

  In Snow Leopard and Lion, you could hold down command control D over text (try it in TextEdit or Safari) and the definition for the word would pop up.
  What happened to this?  Why is it gone?  How can this be restored?
  Anyone?
  It is so bothersome when functionality you've been using for years mysteriously goes away.

  Alex Zavatone wrote:
  OMG.  Now it does it on the release of the keys.  Previously, you had to wait for it to display.
  I'm still on Lion and the definition doesn't appear until you release the keys. I tested it in Safari and TextEdit. I think your mind is playing tricks on you!

• "Remotely Control LabVIEW Over the Web "in LabView 6.0

  Hello,
  is it possible that I realize "Remotely Control LabView Over the Web" in
  LabView6.0 ?
  Thanks a lot!

  The LabVIEW Remote Panels feature was added with version 6.1. If you have not done so, I highly recommend the upgrade!
  Daniel L. Press
  PrimeTest Corp.
  www.primetest.com

• Best way to pass IPv4 and IPv6 traffic over a GRE Tunnel

  Hello,
  We have two 3825 routers with Advanced Enterprise IOS 12.4.9(T). Each of them serves many IPv4 (private and public) and IPv6 networks on their respective site.
  We have created a wireless link between the two, using 4 wireless devices, with IP Addresses 10.10.2.2, 3, 4, 5 respectively (1 and 6 are the two end Ethernet interfaces on the routers).
  Then we created a GRE tunnel over this link using addresses 172.16.1.1 and 2 (for the two ends) to route traffic over this link.
  Now we want to route IPv6 traffic over the same link. However, we found that simply routing the IPv6 traffic over the above GRE / IP tunnel did not work.
  Questions:
  Is there a way we can use the same (GRE / IP) tunnel to transport both IPv4 and IPv6 traffic?
  If not, can we setup two GRE tunnels over the same wireless link, that is, one GRE / IP for IPv4 traffic and a second one GRE / IPv6 for IPv6 traffic?
  In brief, what is the suggested way to transport IPv4 and IPv6 traffic over the aforementioned (wireless) link?
  I have read http://www.cisco.com/c/en/us/td/docs/ios/12_4/interface/configuration/guide/inb_tun.html#wp1061361 and other Internet material, however I am still confused.
  Please help.
  Thanks in advance,
  Nick

  We have set up two tunnels over the same link, one GRE / IP for the IPv4 traffic and one IPv6 / IP ("manual") for the IPv6 traffic. This setup seems to be working OK.
  If there are other suggestions, please advise.
  Thanks,
  Nick