IPSEC Stateful Failover using two 4507RE switches

Similar Messages

• DMVPN and IPSec Stateful Failover?

  Will IPSec Stateful Failover work with a DMVPN hub? If I have two 3845 with the proper AIMs, will this work?

  Yes it is supported. It is supprted on VAM, VMA2, VAM2+.

• Ipsec Stateful Failover issue with Dynamic-Map

  Hi all, I have an issue with a couple of Cisco ISR 2921 in Ha Ipsec Stateful Failover configuration.
  With static crypto-map, stateful works good, Ipsec sessions are correctly trasmitted from Cisco Active router to Cisco Standby router.
  With dynamic-map and profile, stateful fails, Ipsec sessions are not correctly trasmitted from Cisco Active router to Cisco Standby router.
  I tried different IOS version:152-1.T3, 152-3.T2 and 153-1.T but I have the same behavior.
  Could you help me?
  Marco

  Yes it is supported. It is supprted on VAM, VMA2, VAM2+.

• CBAC Stateful Failover HA: ¿can it be used for three segments?

  Hello team.
  I need to protect three segments (inside, outside, DMZ) with two routers running CBAC and Stateful Failover High Availability.
  I would like to know if the concept shown with two sample segments (inside, outside) in the documentation (http://www.cisco.com/en/US/prod/collateral/routers/ps5855/white_paper_c11_472858.html) can be extended for routers with three interfaces, each one attached to the segments I need to protect.
  If this is a supported scenario, I would appreciate your pointing me to a sample configuration.
  Thank you very much in advance.
  Rogelio Alvez
  Argentina                   

  Rogelio,
  Basicamente seria HSRP groups asi como el ASA usa el stateful link, el Router establece una asociacion con un IPC group que se configure por HSRP group:
  Mira el siguiente link:
  Step 6
  ipc zone default
  Example:
  Router(config)# ipc zone default
  Configures the interdevice communication protocol, Inter-Process Communication (IPC), and enters IPC zone configuration mode
  Use this command to initiate the communication link between the active router and standby routers.
  http://www.cisco.com/en/US/prod/collateral/routers/ps5855/white_paper_c11_472858.html
  Si tienes alguna duda con mucho gusto.
  Mike

• I am doing two people's jobs and I need to use two separate log-ins on the same website. How can I keep both log-ins open at the same time. Everytime I switch tabs I have to log in again.

  I am doing two people's jobs and I need to use two separate log-ins on the same website. How can I keep both log-ins open at the same time. Everytime I switch tabs I have to log in again.

  Try one of these extensions for multiple cookie sessions.
  Multifox: <br />
  http://br.mozdev.org/multifox/ <br />
  Cookie Swap extension: <br />
  https://addons.mozilla.org/firefox/3255/ <br />
  Cookie Pie extension: <br />
  http://www.nektra.com/oss/firefox/extensions/cookiepie/

• Is it possible to use the same Switch for two different clusters.

  I have 10g Rac setup on windows.
  Now I am planning to install 11gR2 on different servers.
  Is it possible to use the same Switch for two different clusters.

  user9198027 wrote:
  I have 10g Rac setup on windows.
  Now I am planning to install 11gR2 on different servers.
  Is it possible to use the same Switch for two different clusters.
  Yes.  Technically there will not be any conflict as long as the private addresses used by the 2 clusters do not collide, and provided that the switch's port capacity and bandwidth will not be exceeded.
  Your NA (netadmin) can also configure the switch to separate the 2 Interconnects from one another (called partitioning when using Infiniband) - if the switch supports such features.
  A major consideration is not to make the switch, public. That typically cause a range of problems and can have a serious impact on an Interconnect. But using 2 private networks on the same infrastructure should not have the same problems - if configured and implemented correctly.

• Is there any way to switch between using two different phones?

  I know when phones have SIM cards (like with ATT), you can use two different phones by simply moving the SIM card from one phone to the other and ATT is none the wiser.
  Is there any way to do that sort of thing with Verizon?
  I currently have an iPhone 5 but would like to start playing around with Android (I'm a gadget nut).  So, assuming I find an unlocked Android phone, is there any way to bounce back and forth between using different phones (obviously only one at a time)?

  Michael_F wrote:
  So, the SIM card contains all the info necessary for the new phone to ring when called, etc?
  yes, assuming the phones use the same size SIM card (otherwise, you'll need an adapter or a new SIM card; the cards are free at your local Corporate Verizon store).
  4G SIM Information | Verizon Wireless

• Physical redundancy (CSS connected on two different switches)

  Hello,
  Is it possible for redundancy reasons to connect a CSS to two different switches (like we do for access switches) ?
  I know that one option is to configure both interfaces in the same vlan and use the spanning-tree for the redundancy. However, this will not be transparent for the end-user due to the slow convergence of the spanning-tree (uplinkfast or rapid-pvst is probably not supported).
  Are there any other options ? One interface active, the other backup ?
  Thanks in advance for your reply.
  Gaetan

  Gaetan,
  for the CSS we suggest to be connected to only 1 switch and if the CSS detect a failure with the switch, force failover to the redundant css.
  If you have ASR configured, failover will be stateful.
  Gilles.

• Slow stateful failover for mission critical applications

  I have two CSS running vip redundancy,ip interface redundancy and redundant-index on a ASR active-backup model.
  They are attached to separate 3750 which share vlan info via a port channel.
  When the master fails, we see the VRIR negotiation and mastership of VIPs occurs normally but the script that we run to validate our services fails and the services go to a down state.
  Since the gateway for the reals is a redundant VIP that stays alive always based on a DUMMY service, we believe this could be a mac address table update on the 3750.
  Traffic back from the reals is still sent to the "old" port where the gateway used to live.
  Failover takes several minutes and TCP sessions timeout defeting stateful failover.
  Any ideas???
  Thanks
  MANUEL

  VLAN1 STP State: Disabled
  VLAN1: Root Max Age: 6 Root Hello Time: 1 Root Fwd Delay: 4
  Designated Root: 06-a4-00-11-93-90-61-78
  Bridge ID: 06-a4-00-11-93-90-61-78
  Root Port Desg
  Port State Designated Bridge Designated Root Cost Cost Port
  VLAN11 STP State: Disabled
  VLAN11: Root Max Age: 6 Root Hello Time: 1 Root Fwd Delay: 4
  Designated Root: 06-a4-00-11-93-90-61-79
  Bridge ID: 06-a4-00-11-93-90-61-79
  Root Port Desg
  Port State Designated Bridge Designated Root Cost Cost Port
  e1 Fwd 06-a4-00-11-93-90-61-79 06-a4-00-11-93-90-61-79 0 19 8001
  VLAN211 STP State: Disabled
  VLAN211: Root Max Age: 6 Root Hello Time: 1 Root Fwd Delay: 4
  Designated Root: 06-a4-00-11-93-90-61-7a
  Bridge ID: 06-a4-00-11-93-90-61-7a
  Root Port Desg
  Port State Designated Bridge Designated Root Cost Cost Port
  VLAN222 STP State: Disabled
  VLAN222: Root Max Age: 6 Root Hello Time: 1 Root Fwd Delay: 4
  Designated Root: 06-a4-00-11-93-90-61-7b
  Bridge ID: 06-a4-00-11-93-90-61-7b
  Root Port Desg
  Port State Designated Bridge Designated Root Cost Cost Port
  e3 Fwd 06-a4-00-11-93-90-61-7b 06-a4-00-11-93-90-61-7b 0 19 8003

• Can I use two apple ids on my iPhone?

  Does anyone know if I can use two apple ids on my iPhone. Basically I have a problem where I can't download an app because its not available in the Australian store but I am considering starting a new apple id linked to my Hong Kong credit card so I can purchase this app
  app
  if I do this will I only be able to see the apps downloaded using each particular apple id account on my iPhone at any one time...?

  wjosten wrote:
  That only applies if you turn on Automatic Downloads or iTunes match.
  To the OP, you can ignore Philo124's post.
  No, it Applies if you download content from one then switch to another and download content from the other. Automatically or not.
  Apple Wrote:
  Association of Associated Devices is subject to the following terms:
  You may auto-download iTunes Auto-Delivery Content or download previously-purchased iTunes Eligible Content from an Account on up to 10 Associated Devices, provided no more than 5 are iTunes-authorized computers.
  (ii) An Associated Device can be associated with only one Account at any given time.
  (iii) You may switch an Associated Device to a different Account only once every 90 days.
  Not sure if its only limited to past purchases or new ones as well though.

• Using two iPhones with one Apple id

  Hello!!
  I am currently an iPhone 3GS user.  I just got my new iPhone 5 and as I use two numbers, thought of switching my other number to this 3GS and thus using 2 iPhones for both the numbers.  So, can someone tell me if I can use the same Apple id for both the cell or I need to create a new one to use two iPhones.  (Please note: I use iCloud only for contacts sync and dont mind having same contacts on both the devices)
  Shall appreciate a quick response!
  Thank you. 

  Really appreciate this quick response.  So I guess there won't be an issue to use the same id on two iPhones at the same time.
  Thanks again!

• OS 10.4.6. has broken dialup connectivity when using fast user switching

  I installed OS 10.4.6. It seems to have broken dialup connectivity when using fast user switching when switching from one user to the next.
  For dialup, it is extreamly annoying that I can not resume downloading a file from were it got cut off, but now, if another user wants to check their email, my download always gets broken and has to be restarted. Dialup is slow enough with out having to start from scratch even more frequently, now.
  Also, in earlier versions of 10.2 or 10.3 (I don't remember which), I was able to switch users and maintain listening to a single users' iTunes.
  I would like to be able to switch users and not lose either my dialup network connection or the primary users currently playing iTunes songs.
  Perhaps for iTunes, one should be able to chose to mute another users' instance of iTunes, if it is currently playing.
  Mini-Mac 1.42GHz 80GB BT/AE   Mac OS X (10.4.6)  

  I have not tried replicating this but might be able to provide some additional information.
  We use network login accounts on our desktop computers. Fast User switching deliberately will not work for multiple network login accounts. (Remember network login accounts normally also have an associated network home directory mounted via AFP.)
  Now a bit of background about volumes and mount points under Mac OS X. Under Mac OS X, any additional drive (or more accurately 'volume') is listed under the 'Volumes' folder, remember also that Mac OS X is a Unix operating system. So just as normal for Unix, the boot drive is '/' or the root level and Volumes is a folder in it. The underlying Mac OS X software automatically 'attaches' and additional volumes as sub-folders in the 'Volumes' folder (in Unix speak these are called 'Mount Points'), if you have an external hard-disc called 'Fred' then this would be represented by the following path
  /Volumes/Fred
  If you happen to have two volumes with the same name connected at the same time then while in the Finder they may show up with the same name, in Unix they would have different names automatically assigned to keep them separate like so
  /Volumes/Fred
  /Volumes/Fred 1
  Now getting back to the Fast User switching problem and AFP volumes, when you login to a File Server volume it also is automatically added to the Volumes folder, so if we have a File Server volume called 'Shared' it would look like
  /Volumes/Shared
  With Fast User switching potentially both user accounts could be accessing the same /Volumes/Shared which means both user accounts would be talking to the server via the same File Server login, hence the possibility for one of the Fast User accounts to be using the 'wrong' permissions.

• Using two routers for the same SSID

  So here's my story. I have a standard Actiontec router in my basment, connected straight to the coax outlet, and connected by LAN Ethernet to a crappy computer nobody uses. It gives off a WPA2 wifi network, let's call it MyNetwork. For the longest time it's been the only router in the house. The coax outlet is on a splitter, splitting the coax outlet into one wire that goes to the Actiontec modem/router and the other to my TV STB. Recently we installed a new coax outlet on the other side of my house and next to it we have a brand new desktop computer that we use often. It has no wifi so and we can't run an ethernet cable throughout the entire house so we got a new Actiontec modem/router from our neighbor who just moved out. It's the exact same Actiontec device.
  What we want to do is make it so that both routers give off signal on the same MyNetwork we have to make it a wider reaching signal, and so that I can connect the new desktop computer to the new router with an ethernet cable. I've read so many guides and they're all so confusing and it's such a mess that I almost completely screwed over my network. it seems like the two routers are completely independent of one another, not even aware of the others' existence. The new router is definitely in range of the old one. I've logged into 192.168.1.1 on the new computer and the new router seems to think it IS the old router (or so I think). It showed me all the same devices that have connected to MyNetwork and such, but then again it's always hard to be certain exactly which device is which. After messing around I must have changed some IP address or something, but it seems that 192.168.1.1 doesn't take me to the Verizon login screen, but 192.168.2.1 does. Can I reset those IP addresses?
  And of course, can somone please provide a clean, easy to follow course of action as to how to set up two routers on one network?

  maxbirch wrote:
  ... I have a standard Actiontec router in my basement ... connected by LAN Ethernet to a computer ... It gives off a WPA2 wifi network, let's call it MyNetwork ... The coax outlet is on a splitter ... one wire that goes to the Actiontec ... other to my TV STB ...
  ... installed a new coax outlet on the other side of my house ...
  ... What we want to do is make it so that both routers give off signal on the same MyNetwork we have to make it a wider reaching signal, and so that I can connect the new desktop computer to the new router with an ethernet cable ...
  ... can somone please provide a clean, easy to follow course of action ... ?
  I suspect it might be a good idea to step back reconsider your ultimate layout.  Essentially you now have two (or if the STB is also included, three) coax drops connected to the ONT.  It seems that you desire that one of these service the STB, and the other two each service a desktop and a wireless access point.  If this is the case, continue reading.
  There is no need to consider the original Actiontec router as the primary router, wireless or otherwise.  Use the new coax location to connect to the primary Actiontec router (you can use either router).  For starters, reset both routers to their factory defaults using the reset switch on the back of each device (for details, do a search).
  Once the primary router has been located (or relocated) to the new coax drop, just connect the new desktop there using an Ethernet cable connected to one of the LAN ports on the back of the router.  Then set up your primary wireless network based on this router (once again, do a search on these forums for specifics on setting up a basic wireless home network).
  Now use the original coax outlet where the first router was located to set up another access point.  This access point will provide Ethernet connections plus an additional wireless network (if it's still needed).  However you cannot have two wireless devices on a single home network with the same SSID (i.e., network name).  Here are details on some methods to do this:
  http://www.dslreports.com/faq/12506
  For additional details, here's the complete FAQ:
  http://www.google.com/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=1&cad=rja&sqi=2&ved=0CCwQFjAA&url...
  Take a careful look at these suggestions and references to decide if this is what you want.  Then report back if there are remaining questions.  Good luck.

• Using a KVM switch between the Mini and a PC

  I've just bought a Mini to try out the whole Mac experience.
  I'm having trouble getting a KVM switch to work with the Mac.
  I have a Tripp Lite B034-002-R KVM switch to share between the Mini and my WinXP PC. The switch changes over to the other computer when you press NUM LOCK twice within 2 seconds. This is working in the PC (i.e. switching from the PC to the Mac is fine) but is not working in the Mac (i.e. the switch doesn't change from the Mac to the PC).
  I have a MS "Natural Keyboard Pro" USB keyboard.
  Is the NUM LOCK key somehow disabled or something on the Mac? I'm hoping there's some knob I can turn to get this working.
  Thanks for your help,
  Tom

  I bought an IOGEAR GCS632U KVM switch to move between my Mini and Windows XP Pro PC. The keyboard is an Apple Pro. The switch was perfect for several days, then every attempt at invoking the hot key mode would fail; resetting the switch would not correct the problem. IOGEAR Support had me try another keyboard, which is the current standard Apple wired keyboard (the $30 one); it had the same problem as the Pro keyboard. Also we tried other things, but all failed. Sent the KVM switch to IOGEAR and they sent me a new one. After two days using the new switch, the keyboard malfunctioned; this time it was the backward delete key that failed. Same problem using other Apple keyboard. IOGEAR Support, after going through the same previous routine in which nothing succeeded in correcting the problem, tells me to return the switch and they will send me another. Based on my experience, apparently the GCS632U model has an incompatibility problem with (some?) Apple keyboards. This is confirmed by two posts on other discussion groups sites. Also, IOGEAR Support would almost admit that to be the case. They suggested that I use a generic keyboard, but I refuse to buy one just to use that KVM switch. IOGEAR should post the potential problem on their website as a warning.
  Does anyone out there know from experience that a particular IOGEAR model does work with an Apple keyboard? IOGEAR Support says that they will send me a different model if I pay the difference. Or can anyone give me the brand name and model number of any KVM switch known to be compatible with Apple keyboards (particularly one that costs less thatn $75)? A ConnectPro 2-port USB KVM switch will work, according to another discussion group post. Any advice or information will be much appreciated.

• Can I use two airports to use internet and listen to itunes in stereo? simultaneously?

  Can I use two airports to use internet and listen to itunes in stereo?  I just bought a second airport so I could listen to itunes & Pandora on my stereo.  My problem is that I haven't been able to connect to both airports at once.  I want to listen to the stereo (one airport) while using internet which is connected to a separate airport.  Unfortunately, the stereo and ethernet cables are not close by which is why I bought the second airport.

  You can run both simultaneously. You just need to reconfigure the base station that will be used for streaming as a wireless client.
  I suggest that you start by performing a "factory default" reset on the 802.11n AirPort Express Base Station (AXn) to get it back to its "out-of-the-box" configuration. By default, the AXn will broadcast an unsecured wireless network with a Network Name of something like: Apple Network NNNNNN
  After the reset has completed, plug the AXn into power, and then, verify from the iMac that this network shows up in the list of networks under the AirPort icon in the OS X menu bar.
  Be sure to first switch the wireless network to the AirPort that will be used for streaming. Note: You will temporarily lose the Internet connection from your "main" AirPort. Then, run the AirPort Utility. The Utility should now find the streaming AXn. If not, use the Utility's "Configure Other" option under the File menu option in the Utility's menu bar. Enter 10.0.1.1 for the Address and "public" for the Password.
  AirPort Utility > Select the AXn > Manual Setup > AirPort > Wireless
  Wireless Mode: Join a wireless network
  Network Name: <existing "main" AirPort's wireless network>
  Wireless Security: <select the encryption type of the existing wireless network>
  Wireless Password: <enter the existing wireless network password>
  Verify Password: <re-enter the existing wireless network password>
  AirPort Utility > Select the AXn > Manual Setup >Music
  Enable AirPlay (checked)
  iTunes Speaker Name: <enter desired speaker name>
  iTunes Speaker Password: (optional)
  Verify Password: (optional)
  Click Update to write the new settings to the AX