GRE over DSL with OSPF in an MPLS network

Similar Messages

• I have a PowerMac G5 using an Edimax EW-7811Un that is unable to communicate over Bonjour with other systems on our network

  I have a PowerMac G5 using an Edimax EW-7811Un that is unable to communicate over Bonjour with other systems on our network.  On occassion, I can see it appear on iChat on our Network but it doesn't receive any incoming traffic and will drop off soon after.
  The PowerMac G5 does not see any other system over Bonjour.
  Any help or solutions for getting my PowerMac G5 to be visible on our network would be greatly appreciated.
  Thanks!
  -Phil

  I do not understand why you are using Bonjour.  You should be able to configure the g5 to use your router for network setup.
  Do you have all of your devices using the same router?  You should.
  I'm assuming this is a small configuration with one router.
  Robert

• Access issue with Terminal server in MPLS network

  Hi,
  i have MPLS network and i have installed windows server 2003 with terminal server.
  Problem - every 40 minutes, 2 hours server stopped pinging in spoke network while this worked in LAN,when we trace it by pinging of server IP address we get RTO,
  after rebooting the server, we can easily access the server and work for again 40 to 2 hours.i am not able to understand the problem
  i have troubleshoot -
  1. restarted all network media during the problem
  2. reset the LAN card of server
  3. restarted the server
  after all, it is not resolved.
  please help me here to solve this issue.
  Thanks,
  Damodar
  Regards, Damodar

  Hi Abrante
  thanks for your response but the issue of tftpboot still seems to be there. I am unable to find the issue here. We users try to load their images from the /tftpboot directory on the routers they get the following error messages
  Error loading file: errno = 0x3c.
  Can't load boot file!!
  They are able to connect to another tftpboot server without any issues at all. I am not sure if I have missed out any configuration parameters while enabling tftp. Is there anywhy I can find tftp log files on the server.

• Tcp mss adjust calculation for GRE tunnel over DSL line

  hi guys,
  need your advice on this one, as i search on cisco.com and netpro but unable to find the exact info that i required.
  First, can anyone confirm the following calculation to find out MSS size.
  Mss size = MTU size - encapsulation size - tcp header size
  So for normal case;
  MSS = 1500 - 48 (48 is the tcp/ip header)
  so MSS = 1452
  Thus in my case GRE tunnel over DSL connection;
  MSS = 1492 - 24 - 48 (24 is the GRE encap; 48 is the tcp/ip header)
  MSS = 1420
  is this correct?
  Secondly, where should the ip tcp mss-adjust to be implemented. Is it at the Dialer(DSL) interface or at Tunnel interface?

  I don't use the math (it doesn't work for me probably b/c I miss something). Here's how I do it-
  C:\>ping 10.125.0.250 -f -l 1600
  Pinging 10.125.0.250 with 1600 bytes of data:
  Packet needs to be fragmented but DF set.
  Packet needs to be fragmented but DF set.
  Packet needs to be fragmented but DF set.
  Packet needs to be fragmented but DF set.
  Ping statistics for 10.125.0.250:
  Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
  C:\>ping 10.125.0.250 -f -l 1500
  Pinging 10.125.0.250 with 1500 bytes of data:
  Packet needs to be fragmented but DF set.
  Packet needs to be fragmented but DF set.
  Packet needs to be fragmented but DF set.
  Packet needs to be fragmented but DF set.
  Ping statistics for 10.125.0.250:
  Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
  C:\>ping 10.125.0.250 -f -l 1400
  Pinging 10.125.0.250 with 1400 bytes of data:
  Reply from 10.125.0.250: bytes=1400 time=19ms TTL=251
  Reply from 10.125.0.250: bytes=1400 time=19ms TTL=251
  Reply from 10.125.0.250: bytes=1400 time=19ms TTL=251
  Reply from 10.125.0.250: bytes=1400 time=19ms TTL=251
  Ping statistics for 10.125.0.250:
  Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
  Minimum = 19ms, Maximum = 19ms, Average = 19ms
  C:\>ping 10.125.0.250 -f -l 1450
  Pinging 10.125.0.250 with 1450 bytes of data:
  Reply from 10.125.0.250: bytes=1450 time=19ms TTL=251
  Reply from 10.125.0.250: bytes=1450 time=20ms TTL=251
  Reply from 10.125.0.250: bytes=1450 time=19ms TTL=251
  Reply from 10.125.0.250: bytes=1450 time=19ms TTL=251
  Ping statistics for 10.125.0.250:
  Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
  Minimum = 19ms, Maximum = 20ms, Average = 19ms
  C:\>ping 10.125.0.250 -f -l 1475
  Pinging 10.125.0.250 with 1475 bytes of data:
  Packet needs to be fragmented but DF set.
  Packet needs to be fragmented but DF set.
  Packet needs to be fragmented but DF set.
  Packet needs to be fragmented but DF set.
  Ping statistics for 10.125.0.250:
  Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
  C:\>ping 10.125.0.250 -f -l 1470
  Pinging 10.125.0.250 with 1470 bytes of data:
  Reply from 10.125.0.250: bytes=1470 time=19ms TTL=251
  Reply from 10.125.0.250: bytes=1470 time=22ms TTL=251
  Reply from 10.125.0.250: bytes=1470 time=20ms TTL=251
  Reply from 10.125.0.250: bytes=1470 time=19ms TTL=251
  Ping statistics for 10.125.0.250:
  Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
  Minimum = 19ms, Maximum = 22ms, Average = 20ms
  C:\>
  1470 works and has a little bit of extra room. The tcp mss-adjust should be done on the LAN interface.
  Hope it helps.

• High cpu consumption with GRE over IPSEC

  Hi all,
       After applying a gre over ipsec tunnel on one of our branch office, we get high cpu consumption (average 90%).
  Tunnel is applied between Cisco 2851 (C2800NM-ADVIPSERVICESK9-M), Version 12.4(24)T2, (fc2) and
  Cisco CISCO2921/K9 Version 15.0(1)M3.
  Config of the tunnet is as follow :
  - authentication pre-share
  - encryption aes 256
  - hash : sha
  - transform set : esp-aes esp-sha-hmac mode transport
  Routing process is eigrp.
  Could anyone please help me on solving this issue?

  Cool, good start.
  Check "show ip traffic" on both sides, it would be interesting to see what's going on.
  BTW the CPU usage of top process doesn't add up to 90%, there's a possibility it's traffic rate/pattern + features (IP input and pool manager would suggest that).

• L3 mpls network with out P router, all PE to PE plus daisy chainging

  Guys, is it possible to run a core l3 MPLS network over 7600s and 3800s with out any P routers? The reason i aak is because of the particular situation where we will have to daisy chain PE routers due to lack of fiber.
  any thoughts?

  As martin says absolutley limited problems with this it will work a charm UNTIL yo urun into scaling issues. You are daisy chaining all the PEs which would also suggest to me that you are daisy chaining your RRs. In an mpls network the RR's have enough state to handle to keep them busy enough without also having to deal with passing labels about the network. Also you will have any cisco account team breaking down your door putting the fear of god into you for not having at least 2 P routers ;-). So yes you can indeed run it like you say but the lifetime of your network will be very limited indeed. If your not an SP then dont be concerned - unless you are an enterprise with 10000000s routes then id start to worry. Oh they (cisco) also state that PEs also have enough to do in their life without passing labelled packets about the place. sit and think about what your poor PE is having to do daily it could be 100 vrfs routing tables, which in turn means layer 3 lookups to find out where the packet has to go, qos, multicast, bgp, ospf, rip, eigrp, your own internal IGP, TE tunnels, RSVP - this poor router has enough to do without also adding transit traffic. ;-)

• When do i have to use a gre over ipsec tunnel? i have heard that when i m using a routing protocol and vpn site to site i need a

  i have configured a network with ospf and a vpn site to site without gre tunnel and it works very well. I want to know, when do i have to use gre tunnel over ipsec

  Hi josedilone19
  GRE is used when you need to pass Broadcast or multicast traffic.  That's the main function of GRE.
  Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route other protocols over IP networks
  However there are some other important aspect to consider: 
  In contrast to IP-to-IP tunneling, GRE tunneling can transport multicast and IPv6 traffic between networks
  GRE tunnels encase multiple protocols over a single-protocol backbone.
  GRE tunnels provide workarounds for networks with limited hops.
  GRE tunnels connect discontinuous sub-networks.
  GRE tunnels allow VPNs across wide area networks (WANs).
  -Hope this helps -

• When do i have to use a gre over ipsec tunnel? i have heard that when i m using a routing protocol and vpn site to site i need a gre tunnel

  i have configured a network with ospf and a vpn site to site without gre tunnel and it works very well. I want to know, when do i have to use gre tunnel over ipsec

  Jose,
  It sounds like you currently have an IPsec Virtual Tunnel Interface (VTI) configured. By this, I mean that you have a Tunnel interface running in "tunnel mode ipsec ipv4" rather than having a crypto map applied to a physical interface. In the days before VTIs, it was necessary to configure GRE over IPsec in order to pass certain types of traffic across an encrypted channel. When using pure IPsec with crypto maps, you cannot pass multicast traffic without implementing GRE over IPsec. Today, IPsec VTIs and GRE over IPsec accomplish what is effectively the same thing with a few exceptions. For example, by using GRE over IPsec, you can configure multiple tunnels between two peers by means of tunnels keys, pass many more types of traffic rather than IP unicast and multicast (such as NHRP as utilized by DMVPN), and you can also configure multipoint GRE tunnels whereas VTIs are point to point.
  Here's a document which discusses VTIs in more depth: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec-for-vpns-w-ipsec-xe-3s-book/sec-ipsec-virt-tunnl.html#GUID-A568DA9D-56CF-47C4-A866-B605804179E1
  HTH,
  Frank

• WYSE terminal over DSL IPSEC IOS VPN

  I am having a problem establishing a connection over my WAN via a WYSE terminal to a Citrix server. We have PC's that can connect using the ICA client without any problems but the Wyse terminals fail and don't even display an image on the screen.
  I have experienced problems with the 877 IPSEC VPN's over DSL before and had issues relating to MTU from PC's but this is the first occurance where the PC's are working but the Wyse terminals fail.
  Has anyone experienced this before?
  Thank you!

  This setup applies to a specific case where the router, without enabling split tunneling, and Mobile users (Cisco VPN Client) can access the Internet via the central site router. In order to achieve this, configure the policy map in the router to point all the VPN traffic (Cisco VPN Client) to a loopback interface. This allows the Internet traffic to be port address translated (PATed) to the outside world.
  http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008073b06b.shtml

• Full mesh VPN solution for on MPLS network with PE and CPEs

  Hi,
  We are trying to evaluate some best solution for Hub-Spoke mesh vpn solution in a MPLS network. The VPN hub router will be in PE router and all the VPN spoke will be in CPE.
  Can someone please let us know what will be the best vpn solution, we understands that there will be some technical limitations going with GETVPN but still we did counld find any documenation for possiblity of using DMVPN.
  How about the recent flexvpn, can fex-vpn work on this requirement, where can i get a design/configuration document.?
  thanks in advance.

  Hello,
  GetVPN is intended for (ANY-to-ANY) type of VPN communication, over an MPLS network with Hub and Spoke Topology, your best Option is to look for Cisco (DMVPN) implementation where this type of VPN is primarily designed for Hub & Spoke.
  Regards,
  Mohamed

• How to priortize video & voice traffic over mpls network

  Dear all,
  I have taken a 512k link from mpls network containing juniper as core routers, while i am using completely cisco in my network, my query is can i priortize my voice and video traffic over this mpls network i am also using rtp header compression.
  plz give me sample config if it is possible.
  thanks

  hi
  if i m not wrong there will be different kinda service offering in general being provided by the SPs.
  it falls under 2 main major categories one is managed and the other is unmanaged.
  in managed services your SP will honour the marking being done by the customers and the same is being carried throughout(in SP backbone) till reaching the remote destination.
  in unmanaged services whatever markings you do at ur end will be remarked or ignored by SP according to the policies followed by them.
  you can enquire about this with your SP and you can have the QOS policies configured accordingly.
  regds

• DMM - DMP connectivity over DSL network

  Dear All,
  I would like to know whether it is possible to connect DMM - DMP over DSL Network.
  -     I have DMM with private IP 192.168.1.100 have static net public IP 58.177.200.xx
  -     I have DMP with private IP 192.168.xx.xx connect under ADSL network with Dynamic IP address.
  I check NAT enable on DMPDM but It ask me to enter ADSL public IP. When DSL line down and reconnect IP is change.
  What Should I do?
  Thank you very much
  Sukitti

  Hi Sukitti,
  I'm afraid this will never work. As you already saw, you can use the DMP with NAT, but the public IP needs to be fixed.
  Your best approach would be to contact your ADSL service provider and request a fixed IP for that connection. Most of providers give this option for a small extra amount
  Regards
  Daniel

• I am trying to setup wireless using my old dome Airport ExtremeBase station. I had previously used it about 5 years ago when I had dial up but have now switche to DSL with Windstream. I can not get connecte as ABS keeps trying to dial up(the phone number)

  I am trying to setup wireless using my old dome Airport Extreme Base station. I had previously used it about 5 years ago when I had dial up but have now switched to DSL with Windstream. I can not get connected as the ABS keeps trying to dial up(the old phone number). When I tried to change my network settings an annoying popup window says "your network settings have been changed by another application'. I have no idea what the message is all about and when I close this window it immediately pops up again and prevents me -as far as I can tell -from changing my Airport settings?  I need advice on how to get this wireless setup done. Maybe a reset? or something else? I have the DSL phone line plugged into WIndsteam Seimens Speedstream 4200 modem and then the ethernet (yellow) wire from the WIndsteam Seimens Speedstream 4200 modem to the port on the dome that is a circle of dots.

  1)Can you explain how using the AEBS as a bridge will work with the Seimens Speedstream4200?
  As a bridge, the AEBS will basically become a wireless access point. This will allow the AEBS to provide a wireless network, but still allow the Speedstream to provide NAT & DHCP services for the wireless clients connected to the AEBS. If the AEBS was left as a router, you would have a double-NAT condition which isn't necessary bad in itself, but would create a second subnet. That would make it more difficult for clients connected to the AEBS to access clients connected to the Speedstream.
  2) Is there a link that will guide me through the steps to set the AEBS as a bridge?
  You can easily reconfigure the AEBS as a bridge using the AirPort Utility.
  ref: AirPort Utility > Select the AEBS > Manual Setup > Internet > Internet Connection > Connection Sharing = Off (Bridge Mode)
  3)Can I just connect the DSL phone line to the AEBS and eliminate the Speedstream4200?
  Unfortunately no. The AEBS does not have a built-in DSL modem. You will still need the Speedstream to provide this function.

• I accidentally quit my CC on my Macbook pro and now the cloud icon is grayed out and every time I hover over it with the mouse I get the spinning beach ball of death on the icon. I have no idea how to open it because when I use spotlight search to open it

  I accidentally quit my CC on my Macbook pro and now the cloud icon is grayed out and every time I hover over it with the mouse I get the spinning beach ball of death on the icon. I have no idea how to open it because when I use spotlight search to open it it gives me a message saying "Creative Cloud is not open anymore" help!

  Since you didn't include any pertinent info such as the Mac model and OS version you are running, here is some general information:
  Mac OS X: Gray screen appears during startup
  Depending on which OS yours came with originally - and which OS you are now running - you would either need your original install disks - you can call Apple for replacements by giving them your serial number. Or you may be able to reinstall the OS by using recovery (again, depends on which model/which OS).

• Can i text international from one iphone to another iphone over wifi with other friends who will be with us overseas?

  can i text international from one iphone to another iphone over wifi with other friends that have iPhones
  who will be with us overseas?

  Yes, if you are provisioned by your carrier to do so.  IF both phones are iphones with IOS 5.0 or higher then you can use imessage.