Dual IPsec for redundant purpose (Not Dual ISPs)

  Chapter user (Branch user) usually access data through route #1. When ISP1 is down (route 1), I like to use backup ipsec tunnel (automatically) if possible.
  I saw many articles regarding "One interface with multiple IPsec tunnels"
http://thelostpackets.blogspot.com/2011/11/multi-point-ipsec-vpn-tunnel.html
  However my requirement is little different because remote IP address is same (10.0.0.0/8) for both IPsec tunnels. VA ---- MPLS ---- MD are connected through MPLS, so remote IP is same.

May I know what is the difference between
8GB 1600MHz SODIMM 1.35V    and    8GB 1600MHz SODIMM as you have specified ..  And will Kingston be a good replacement the factory fitted Hynix brand ??
My laptop is 64 bit Win 8.1 OS

Similar Messages

  • IPSec for Redundant DMVPN with VRF

    Hi.
    I have been labbing up a solution using DMVPN and VRF, similar to that described in the blog post here.  It works very well, however when I try to extend the concept to a redundant hub, it breaks with IPSec.  If I remove the tunnel protection, it works fine.
    Does anyone have any ideas about providing IPSec protection to multiple DMVPN tunnels for VRFs to a redundant Hub?
    Thanks.
    Client config (no IPSec):
    interface Tunnel10
    ip vrf forwarding Staff
    ip address 10.254.254.23 255.255.255.0
    no ip redirects
    ip mtu 1416
    ip nhrp authentication MFS
    ip nhrp map multicast 172.16.1.1
    ip nhrp map 10.254.254.1 172.16.1.1
    ip nhrp map 10.254.254.3 172.16.1.3
    ip nhrp map multicast 172.16.1.3
    ip nhrp network-id 10
    ip nhrp holdtime 600
    ip nhrp nhs 10.254.254.1
    ip nhrp nhs 10.254.254.3
    ip tcp adjust-mss 1360
    tunnel source FastEthernet0/0
    tunnel mode gre multipoint
    tunnel key 10
    interface Tunnel20
    ip vrf forwarding Clients
    ip address 10.254.253.23 255.255.255.0
    no ip redirects
    ip mtu 1416
    ip nhrp authentication MFSC
    ip nhrp map 10.254.253.1 172.16.1.1
    ip nhrp map multicast 172.16.1.1
    ip nhrp map multicast 172.16.1.3
    ip nhrp map 10.254.253.3 172.16.1.3
    ip nhrp network-id 20
    ip nhrp holdtime 600
    ip nhrp nhs 10.254.253.1
    ip nhrp nhs 10.254.253.3
    ip tcp adjust-mss 1360
    tunnel source FastEthernet0/0
    tunnel mode gre multipoint
    tunnel key 20
    Hub 1:
    interface Tunnel10
    ip vrf forwarding Staff
    ip address 10.254.254.1 255.255.255.0
    no ip redirects
    ip mtu 1416
    ip nhrp authentication MFS
    ip nhrp map multicast dynamic
    ip nhrp network-id 10
    ip nhrp holdtime 360
    ip tcp adjust-mss 1360
    tunnel source FastEthernet0/0
    tunnel mode gre multipoint
    tunnel key 10
    interface Tunnel20
    ip vrf forwarding Clients
    ip address 10.254.253.1 255.255.255.0
    no ip redirects
    ip mtu 1416
    ip nhrp authentication MFSC
    ip nhrp map multicast dynamic
    ip nhrp network-id 20
    ip nhrp holdtime 360
    ip tcp adjust-mss 1360
    tunnel source FastEthernet0/0
    tunnel mode gre multipoint
    tunnel key 20
    Hub 2:
    interface Tunnel10
    ip vrf forwarding Staff
    ip address 10.254.254.3 255.255.255.0
    no ip redirects
    ip mtu 1416
    ip nhrp authentication MFS
    ip nhrp map multicast dynamic
    ip nhrp network-id 10
    ip nhrp holdtime 360
    ip nhrp server-only
    ip tcp adjust-mss 1360
    tunnel source FastEthernet0/0
    tunnel mode gre multipoint
    tunnel key 10
    interface Tunnel20
    ip vrf forwarding Clients
    ip address 10.254.253.3 255.255.255.0
    no ip redirects
    ip mtu 1416
    ip nhrp authentication MFSC
    ip nhrp map multicast dynamic
    ip nhrp network-id 20
    ip nhrp holdtime 360
    ip tcp adjust-mss 1360
    tunnel source FastEthernet0/0 tunnel mode gre multipoint
    tunnel key 20

    Under the Hub you have to add
    HUB1
    interface Tunnel10
    ip nhrp map 10.254.254.1
    ip nhrp map multicast < ip add of FastEthernet0/0 for HUB2>
    HUB2
    interface Tunnel10
    ip nhrp map 10.254.254.3
    ip nhrp map multicast < ip add of FastEthernet0/0 for HUB1>
    The same thing for the other tunnel interfaces

  • Can Photoshop Elements 13 and Premier Elements 13 be installed/configured/patched standalone for security purposes (not linked to cloud, mobile, Microsoft, Adobe, etc)?

    We have installed a trial version of Photoshop Elements and plan to do so for Premier Elements. However, for security reasons, it is of no use to us unless we can install and use it standalone (not linked to cloud, mobile, Microsoft, Adobe, etc.). Can Photoshop Elements 13 and Premier Elements 13 be installed/configured/patched standalone as described above? If so, what do we need to do regarding installation/configuration/patching to test this?  Thanks in advance.

    Hi,
    Can you please share the logs?
    You can use the Adobe  Log Collector tool (Log Collector Tool) and share the corresponding zip file @ [email protected]
    Thanks,
    Shikha

  • Super slow speed, and for once its not my ISP's fault.....

    Hello friends,
    I have the WRTG v6 router and have had no problems with it until the last few days.  Suddenly my connection has become very slow and I am no longer able to play my xbox online without going straight through the modem.  I thought that it may be my ISP, but when I hook up directly to the modem and do a speed test everything is perfect.  I also thought that maybe the computers had some spyware that was slowing things down, but even with both computers powered down the online gaming was still lagging.  So what gives?  Is there a setting somewhere in the router that is slowing things down?   Any info at all is greatly appreciated.

    same thing to me, so slow... i regret why i bought  this router. i got no help what so ever

  • 2 Switch stack Design for redundancy

    Hi Everyone,
    I need to connect 2 switches in stack which will connect to 2 servers.
    Each server will habe 12 NICs.
    So for Redundancy purposes i can connect 6 ports from server A to Switch 1
                                                                   6 Ports from server A to Switch 2
    Same way i can do
    6 ports from Server B to Switch 1
    6 ports from Server B to switch 2
    IF i go with above design and in case say switch 2 dies then stack will have single switch will it cause any outage?
    Regards
    Mahesh

    Disclaimer
    The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.
    Liability Disclaimer
    In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.
    Posting
    IF i go with above design and in case say switch 2 dies then stack will have single switch will it cause any outage?
    It depends.
    One of your two switches will run in the role of switch master, and if that switch fails, there's a brief impact as control plane function are taken over by the second switch.  Whether this control plane switch over causes any impact to the server hosts depends on switch configuration and how (via L2 or L3) the hosts are communicating to other hosts.  For example, if you're running default, regarding master switch MAC persistence, that MAC will change, which I understand, will drop Etherchannel.

  • Single or dual 4500e for redundancy

    I apologize if this has been asked before, but I haven't been able to find a solid answer when searching.
    We're deploying a new datacenter and will have 20 racks of servers, mostly 1u.  Given our bandwidth needs which are reasonably modest we're planning on using dual 2960s switches at the top of the racks and aggregating on a single or dual 4500e using 10gig links.  The 4500e(s) will also have a bunch of 1gb devices such as firewalls, routers, and load balancers connected to them.  Pretty typical network core.    Given the need for 40 10gb links to racks and then another 20-or-so 1gb, the 4500e chassis seems to fit the bill.
    My question is, do we go with a single 4507e with full redundancy (dual 10gb cards, one link to each from each rack, dual 1gb card, and dual supervisors) or a pair of either 4506e switches each with their own cards.  With a virtual chassis the 4506e is appealing, but I'm not up to speed on any limitations that might impose.   With IISU and the like does having two physical chassis vs everything in a single actually buy us anything if they're going to be in the same physical proximity anyway?  A big reason to go with the single chassis is space - 11 rack units vs 20.
    If we do go with a single chasis, other than Cisco's HA docs on the 4500e, is there any documentation or case studies that I could use to sell the idea to management?  A number of people, especiailly those in favor of a ton of cheap netgear switches, argue that a single chassis is a single point of failure and we should never do it.
    Thanks!

    Disclaimer
    The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.
    Liability Disclaimer
    In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.
    Posting
    As you've described, the problem with any single chassis, the chassis itself can become a single point of failure even when loaded with redundant components.  Independent chassis (e.g. VSS, StackWise) provide chassis redundancy although it does raise a question on software redundancy, i.e. multiple chassis are running some form of tightly coupled chassis OS vs. standalone chassis.  Standalone chassis should be, in theory, the most redundant but they too create issues such as load sharing and asymmetrical path issues (e.g. unicast flooding).  If you understand and trust a multi-chassis OS, I personally think it's often the "better" redundancy option.
    I don't know if VSS on the 4500s support it, but 6500 VSS supports quad supervisiors, so if you lose a single sup on those you don't lose one of your VSS chassis pair.
    Regarding your later post on using a 4500-X VSS pair, yes that might be an idea core for high density 10g.  For twenty 10g ports each, you would need either the 16 port with the optional 8 port module or the 32 port model.
    Depending on your remote rack setups, you might also consider 3750-Xs, stacked, in lieu of multiple (individual cabinet) ToR 2960S pairs.  StackWisePlus is a much better stacking technology then FlexStack.  Yes, the 3750-Xs are more expensive, but you might need less if you can bring multiple racks to the same 3750-X stack.  (Depending on how many downstream stacks you actually need, you might also reduce your need for 10g ports on the core.)  Depending on your feature needs, you might even be able to use the LAN Base models which in the later IOSs also support StackPower.
    10g is nice, but it's also expensive.  When working with switches within 100m, don't overlook the possibilities of gig copper Etherchannels.  For example compare total cost of 8xgig (copper) build-in ports vs. single 10g (fiber) especially if special module is required.

  • Configuring Dual-homed servers for redundancy to 6509s

    I am looking for assitance in properly configuring dual-homed servers for redundancy to two CatOS based 6509s. My search for information on how to do this has been unsuccessful to date, so any help you can provide would be most appreciated.
    Do I need any special hardware/software on the 6509s and/or on the servers?
    Thanks, in advance.
    John

    A lot depends on the kind of servers you have and the NIC teaming algorithms they support. Usually two or more NICs can be teamed in either a fault tolerant configuration (with one primary NIC) or in transmit load balancing configuration. Both these configurations allow the NICs to be connected to separate L2 switches so in case your servers do support such kind of teaming all you need is to have both NICs in the same VLAN and ensure L2 connectivity between the Catalyst 6509s. I recommend you research this from the server perspective also and like everything else test it before production deployment.

  • VPN device with dual ISP, fail-over, and load balancing

    We currently service a client that has a PIX firewall that connects to multiple, separate outside vendors via IPSEC VPN. The VPN connections are mission critical and if for any reason the VPN device or the internet connection (currently only a T1) goes down, the business goes down too. We're looking for a solution that allows dual-ISP, failover, and load balancing. I see that there are several ASA models as well as the IOS that support this but what I'm confused about is what are the requirements for the other end of the VPN, keeping in mind that the other end will always be an outside vendor and out of our control. Current VPN endpoints for outside vendors are to devices like VPN 3000 Concentrator, Sonicwall, etc. that likely do not support any type of fail-over, trunking, load-balancing. Is this just not possible?

    Unless I am mistaken the ASA doesn't do VPN Load Balancing for point-to-point IPSec connections either. What you're really after is opportunistic connection failover, and/or something like DMVPN. Coordinating opportunistic failover shouldn't be too much of an issue with the partners, but be prepared for lot of questions.

  • Performance Routing (PfR) with single router, dual ISP and load balancing

    It looks like PfR can do this but I have only found information about this feature which will start using ISP2 once ISP1 reaches 75% usage. But this is not load balancing.
    Can we accomplish load balancing utilizing a single router with dual ISPs using this PfR feature? 
    Or do we have to use another feature?
    thank you in advance

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    I'm rusty using OER/PfR, but I recall it could load balance two links on same router.  The issue, I also recall, if doing BGP, OER/PfR has to detect a load imbalance, and there's a certain difference allowance, and OER/PfR takes some time to decide, so depending on actual traffic, it might not be obvious it's working.  If doing BGP, there's a hidden command (which I don't recall is) that will load balance the two links on the same router; then you use OER/PfR to dynamically refine the balance load.

  • I buy adobe creative suite for teachers and students about one year ago but now i'm not longer a student. Can I still use this programs legally for commercial purposes or do I have to buy some upgrades or something like this? Please help

    I buy adobe creative suite for teachers and students about one year ago but now i'm not longer a student. Can I still use this programs legally for commercial purposes or do I have to buy some upgrades or something like this? Please help

    The license did not have use restrictions Licenses and terms of use | Adobe
    BUT... when your one year Education account ends, I do not think you will be able to renew at the Education rate

  • I imported some 24P HD videos from my DSLR to Aperture but these videos do not show up in iMovie '09 for editing purposes. Although my previous 24P HD Videos from iPhoto '09 show up. Why can't I access these videos stored in Aperture library?

    I imported some 24P HD videos from my DSLR to Aperture but these videos do not show up in iMovie '09 for editing purposes. Although my previous 24P HD Videos from iPhoto '09 show up. Why can't I access these videos stored in Aperture library? I assumed that like  the videos in iPhoto, I would be able to access the videos in Aperture through iMovie. Come on Apple! I am starting to get frustrated with your products here. And this is saying a lot when I have been using and loving apple products for the last 4 years.

    Hi. My camera is a Canon 600D. And yes my videos are stored in the Aperture library and they are not referenced. Even then I tried to select all the videos in Aperture and clicked 'consolidate masters' and there was a messge that said all 'none of the files are referenced',... so they didn't need consolidating.
    I also tried preferences> export> external video editor > choose > iMovie. And then right click on the video to edit with imovie. Even then the video didn't show up in iMovie. It seems like the only option for me is to import the videos directly to iMovie which means there will be two versions of the same file stored in my computer eating up space.
    APPLE. What are you doing?

  • I was trying to use the Matlabscripting VI, but it says it is for instructional purpose and not for research and the system is getting stuck.When I used it two days back it worked.Could U plz tell me what the problem is??

    I have Labview 7.0 and Matlab 6.5 installed on all the computers at my School. When I tried to use the Matllab Scripting Window for the first time, it worked, but after two days when I was trying to run the program, there was a meesage saying that the License is for instructional Purpose only and not for Research or commercial use and the Labview is getting totally stuck. I need the Matlab Scripting VI for my Project,could anyone suggest what I shd do or is there any other method by which I could do that.

    Hello Medha,
    Thank you for contacting National Instruments.
    From the information you have provided, I am not sure what is causing your problem. Make sure that you do not have an evaluation license for LabVIEW.
    What, if anything, was changed in your VI before it stopped working? Will it run without the Matlab script?
    If you continue having trouble getting your VI to work, please respond with more information. If you like, you can post your VI (along with any necessary sub-VIs) and I will take a look at it.
    Have a great day,
    Sean C.
    Applications Engineer
    National Instruments

  • HT204053 I had Snow Leopard and was using iWeb and Filezilla for my website (not MobileMe). Wanting to move to single-click publishing, I now find it is not supported by iCloud and Mountain Lion. I feel cheated, having bought it mainly for this purpose!

    I had Snow Leopard and was using iWeb and Filezilla for my website (not MobileMe). Wanting to move to single-click publishing (supported by MobileMe), I now find it is not supported by iCloud and Mountain Lion. I feel cheated, having bought it mainly for this purpose! The other thing they don't tell you is that Mountain Lion disables OfficeMac, and I am considering uninstalling it for that reason - do I get my money back?!

    You stated; "Mountain Lion disables OfficeMac"
    That is not true.
    Mountain Lion does not have Rosetta so it is not capable of executing PowerPC code. If you have MS Office 2004 that is coded in PowerPC code and will not run in Mountain Lion. What you need to do is upgrade to an Intel version of Office.
    Allan

  • I cannot install ODX Yosemite over OSX Mavericks as my Mac Book Pro (early 2011) advises that the disc "Mackintosh HD" is used for Time Machine back ups. This is not the case however as I use a separate external HD for this purpose, help please ?!  T

    I cannot install ODX Yosemite over OSX Mavericks as my Mac Book Pro (early 2011) advises that the disc "Mackintosh HD" is used for Time Machine back ups. This is not the case however as I use a separate external HD for this purpose, help please ?!
    Thanks

    Check this link out...
    OS X: Cannot install on a volume used by Time Machine for backups
    I was apart of this thread and it helped the OP...
    Re: System installer thinks my main drive is my time Machine backup and won't install.
    KOT

  • TS4009 I upgraded my Icloud storage yesterday by 10GB, but one day later realize I did not need to do so.  The apple advice is to cancel within 15 days for a refund, but does not tell you how to do so.  Anyone know how to contact apple for this purpose?

    I upgraded my Icloud storage yesterday by 10GB, but one day later realize I did not need to do so.  The apple advice is to cancel within 15 days for a refund, but does not tell you how to do so.  Anyone know how to contact apple for this purpose?

    You would have to contact Apple in order to do that. Just use this link to ask Apple for a refund: http://www.apple.com/support/contact/

Maybe you are looking for