L2L traffic multiple spokes routing

Similar Messages

• Is it possible to have 2 DMVPN tunnels on a spoke router having 2 ISPs to the same hub?

  I have a router R1 acting as a hub for DMVPN. I have a spoke router R2 which has 2 ISPs. Can I establish a DMVPN tunnel via each ISPs to R1 from R2?

  the other posters are correct all you need is osx lion. i have tried it out and it works.
  the bottom line and most important thing to remember about multiple users using the same mac is:
  each user needs their seperate account. for example, if bob is on the screen, and tim logs on using vnc
  then tim gets his own desktop and kbd and mouse. but if bob is on the screen and bob logs on using vnc
  then they share the same desktop
  so if u want say 2 or 5 users or whatever the limit is, and i don't know. you are going to need 2 or 5 or whatever
  seperate users
  on the host mac you go into system preferences, sharing, screen sharing, and turn it on
  and on the remote mac you run finder, click on connect to server and type vnc:// and the address to the computer
  like vnc://192.168.1.4 and it should work great over the local network
  theres no other hardware or software you need, you just need to be running osx lion
  there is also vnc clients available you can download that might be better then the vnc client in finder

• Load balancing using multiple default routes

  Hi Guys,
  I just want to ask does creating multiple default routes on my router provides load-balancing on my WAN side? As far as i know, for example if I have two default routes on my router and let say I have two users connecting to the internet, the first one might go to the first WAN link while the second user might go to the second WAN link.
  Thank you so much
  Rex

  there are the difference between, load balancing and load sharing..which we need to understand.
  load sharing means you have 2 users, user A and User B, user A wants to use ISP1 and user B wants to use ISP2. this is called load sharing. and can be achieved via PBR (Policy based routing).
  we should not try to use load balancing for Internet traffic with 2 different ISPs.

• DMVPN split tunnling issue, not able to by pass http traffic at spoke end.

  Dear all,
  I would appreciate please help me out to resolve following issue.
  I have been using DMVPN setup (Routing protocol EIGRP) for 20 site no issue at all and everything is perfectly working.
  Now I received one request that I would need to split corporate legitimate traffic and internet traffic at spoke end, so all internet traffic has to forward via local ADSL connection , but I tried to resolve it but  spoke router is  continuously forwarding all traffic to tunnel.
  Moreover I found on internet that DMVPN has limitation that split tunneling is not possible.
  Please can you suggest me how can I forward internet traffic (HTTP) via local ADSL connection
  thanks and regards,

  I agree with Marcin.
  At the spoke you would need to add a static default route for the internet traffic.  You are also, most likely, injecting a default route into the EIGRP process at the hub, but the static route at the spokes will override this as it has a lower metric.  Depending on your setup, if the ADSL line is on a different interface than that of the DMVPN you could leave the EIGRP default route and use it as a backup incase the ADSL goes down.  But if they are both located off the same interface then there is no point in keeping the injected default route.
  Please remember to rate and select a correct answer

• FlexVPN Spoke-to-Spoke Routing Override Loop

  I have a Spoke Router, this Router hat a Routing to inside192.168.1.0 255.255.255.0 next hop is 10.1.1.1(10.1.1.0/29 is the tranfer network):
  ip route 192.168.1.0 255.255.255.0 10.1.1.1
  After active the FlexVPN i get the Routing override, then the routing is 192.168.1.0 255.255.255.0 tunnel0 in the Soke-Router. I lost the right routing, and i get the loop from Center to 192.168.1.0.
  How can i let the Spoke Router to ignore the Routing from himself from Center?

  One was would be to increase distance of routes received from hub. 
  http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/m1/sec-m1-cr-book/sec-cr-r2.html#wp1846954161

• DM-VPN with Static NAT for Spoke Router. Require Expert Help

  Dear All,
              This is my first time to write something .
                           i have configure DM-VPN, and it's working fine, now i want to configure static nat.
  some people will think why need static nat if it's working fine.
  let me tell you why i need. what is my plan.
  i have HUB with 3 spoke. some time i go out side of my office and not able to access my spoke computer by Terminal Services. because its by dynamic ip address.  so what i think i'll give one Static NAT on my HUB Router that if any one or Me Hit the Real/Public IP address of my HUB WAN Interface from any other Remote location so redirect this quiry to my Terminal Service computer which located in spoke network.
  will for that i try but fail. 
  will again the suggestion will come. why not to use .. Easy VPN. well sound great. but then i have to keep my notebook with me.
  i'll also do it but now i need that how to do Static NAT. like for normal Router i am doing which is not part of VPN.
  ip nat inside source static tcp 192.168.1.10 3389 interface Dialer1 3389
  but this time  this command is not working, because the ip address which i mention it's related HUB Network not Spoke
  spose spoke Network: 192.168.2.0/24
  and i want on HUB Router:
  ip nat inside source static tcp 192.168.2.10 3389 interface Dialer1 3389
  i am using Cisco -- 887 and 877 ADSL Router.
  but it's not working,   Need experts help. please write your comment's which are very important for me. waiting for your commant's
  fore more details please see the diagram.
  for Contact Me: [email protected]

  hi rvarelac  thank you for reply :
  i allready done that ,  i put a deny statements in nat access-list excluding the vpn traffic , but the problem still there !
  crypto isakmp policy 10
   encr aes
   authentication pre-share
  crypto isakmp key 12344321 address 1.1.1.1
  crypto ipsec transform-set Remote-Site esp-aes esp-sha-hmac
   mode tunnel
  crypto map s2s 100 ipsec-isakmp
   set peer 1.1.1.1
   set transform-set Remote-Site
   match address vpnacl
  interface GigabitEthernet0/0
   crypto map s2s
  Extended IP access list lantointernet
  30 deny icmp 172.17.0.0 0.0.1.255 192.168.1.0 0.0.0.255
  40 deny igmp 172.17.0.0 0.0.1.255 192.168.1.0 0.0.0.255
  50 deny ip 172.17.0.0 0.0.1.255 192.168.1.0 0.0.0.255
  80 permit ip any any

• Redirect web traffic on SRP527W router

  Hello,
  Is it possible to redirect all web traffic to a Symantec web filtering address on a particular listening port.
  I had a look at the Srp527w Router and can't find where this could be done.
  Thanks,
  Sent from Cisco Technical Support iPad App

  Can anyone recommend a Small business type router that does provide web proxy functionality on the device.
  Trying to find something that can provide this without the need to go an ASA firewall or equivalent.
  Thanks.
  Sent from Cisco Technical Support iPad App

• How to apply LLQ QoS to traffic generate by router?

  There is a voice gateway at the remote site, the voice card connect to the local pstn, for qos, the router must prioritize the voice traffic which is generated locally.
  So is there any idea?

  No, it doesn't work. please see below:
  R2#sh ip local policy
  Local policy routing is enabled, using route map QoS
  route-map QoS, permit, sequence 10
  Match clauses:
  ip address (access-lists): IP_QOS_5
  Set clauses:
  Policy routing matches: 11060 packets, 950804 bytes
  Local Policy match many packet of IP prcendence 5 or RTP traffic. But... CBWFQ only match a little RTP packet...
  Class-map: Voice (match-any)
  5 packets, 458 bytes
  30 second offered rate 0 bps, drop rate 0 bps
  Match: protocol rtp
  5 packets, 458 bytes
  30 second rate 0 bps
  Queueing
  Strict Priority
  Output Queue: Conversation 136
  Bandwidth 70 (%)
  Bandwidth 358 (kbps) Burst 8950 (Bytes)
  (pkts matched/bytes matched) 0/0
  (total drops/bytes drops) 0/0

• ASA as l2l terminaison point and route between remote peers

  Hi dear support community,
  I need to setup the following scenario :
  I managed to create the tunnels from routers to ASA but there are 2 issues :
  From remote LANs i am not able to ping the inside interface, apart if i use the management-access command on my inside interface, thing that i dont want.
  Remote LANs cannot communicate with each other. Is there some routing i should add ? My Inside Interface has a temporary permit icmp any any, and i guess that the ASA should bring up the appropriate routes when tunnels comes up. I have identfyed the routes correctly in my Crypto map and on my remote routers.
  As my remote routers all have dynamic assigned IP adresses they all fall into the defaultl2l Tunnel group. Is this wrong ?
  Any ideas or suggestions would be extremely appreciated
  Thank you for your help !

  Hi Jouni,
  thanks very much for your implication on this topic !
  Here is my configuration :
  ## definition of network objects
  object network CIPAC-ENERGY-VALE
  subnet 192.168.250.0 255.255.255.0
  object network CIPAC-ENERGY-VALE-POMPE1
  subnet 192.168.242.0 255.255.255.0
  object network CIPAC-ENERGY-VALE-POMPE2
  subnet 192.168.252.0 255.255.255.0
  ## tunnel towards POMPE1
  access-list OPT_cryptomap_65535.120 extended permit ip object CIPAC-ENERGY-VALE object CIPAC-ENERGY-VALE-POMPE1
  access-list OPT_cryptomap_65535.120 extended permit ip object CIPAC-ENERGY-VALE-POMPE2 object CIPAC-ENERGY-VALE-POMPE1
  ## tunnel towards POMPE2
  access-list OPT_cryptomap_65535.121 extended permit ip object CIPAC-ENERGY-VALE object CIPAC-ENERGY-VALE-POMPE2
  access-list OPT_cryptomap_65535.121 extended permit ip object CIPAC-ENERGY-VALE-POMPE1 object CIPAC-ENERGY-VALE-POMPE2
  ## tunnel group for POMPE1
  tunnel-group CLT-CIPACENERGY-VALE-POMPE1 type ipsec-l2l
  tunnel-group CLT-CIPACENERGY-VALE-POMPE1 general-attributes
  default-group-policy CLT_CIPACENERGY_GroupPolicy
  tunnel-group CLT-CIPACENERGY-VALE-POMPE1 ipsec-attributes
  ikev1 pre-shared-key blablabla
  peer-id-validate nocheck
  ## tunnel group for POMPE2
  tunnel-group CLT-CIPACENERGY-VALE-POMPE2 type ipsec-l2l
  tunnel-group CLT-CIPACENERGY-VALE-POMPE2 general-attributes
  default-group-policy CLT_CIPACENERGY_GroupPolicy
  tunnel-group CLT-CIPACENERGY-VALE-POMPE2 ipsec-attributes
  ikev1 pre-shared-key blablabla
  peer-id-validate nocheck
  ## nat to allow remote sites to reach each others
  nat (OUTSIDE,OUTSIDE) source static CIPAC-ENERGY-VALE-POMPE1 CIPAC-ENERGY-VALE-POMPE1 destination static CIPAC-ENERGY-VALE-POMPE2 CIPAC-ENERGY-VALE-POMPE2
  ## routes on remote sites :
  POMPE1
  S~     192.168.250.0/ 255.255.255.0    via 202.XXX.YYY.ZZZ    VPN-1
  S~     192.168.252.0/ 255.255.255.0    via 202.XXX.YYY.ZZZ    VPN-1
  C~     192.168.242.0/ 255.255.255.0    directly connected    LAN
  POMPE2
  S~     192.168.250.0/ 255.255.255.0    via 202.XXX.YYY.ZZZ    VPN-1
  C~     192.168.252.0/ 255.255.255.0    directly connected    LAN
  S~     192.168.242.0/ 255.255.255.0    via 202.XXX.YYY.ZZZ    VPN-1
  This seems to be very correct to me, correct me if there are some mistakes.
  However, as i am using the ASDM, i just saw that both tunnel-groups are using the
  default-group-policy CLT_CIPACENERGY_GroupPolicy that i have defined :
  group-policy CLT_CIPACENERGY_GroupPolicy internal
  group-policy CLT_CIPACENERGY_GroupPolicy attributes
  vpn-tunnel-protocol ikev1
  Can the group-policy affect my configuration ? here the default
  group-policy DfltGrpPolicy attributes
  dns-server value 172.16.xx.yy 172.16.xx.yy
  vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
  default-domain value mydomain.local
  Thanks a lot for your valuable feedback !

• How to forward the traffic of my router??

  Good evening
  I have a problem, I hope someone can help me.
  I have to forward the traffic of my Cisco Router 877W (ip:10.10.10.1) into a hardware firewall (ip: 10.10.10.50) and I can't do it.
  Could you give me some advice??
  Thanks for your attention.

  Hi Marco,
  ip route 0.0.0.0 0.0.0.0 10.10.10.50
  !-- Static default route pointing to the Firewall.
  http://www.cisco.com/warp/public/105/36.html
  Regards,
  ~JG
  Please rate helpful posts

• How to create production version for multiple BOM & Routing ?

  If I have 3 BOMs ( A, B & C ) and 2 Routing ( 1 & 2 ) for material XYZ then how then production version will be created ? I feel that there will be 6 PVs.
  combination of A1, A2, B1, B2, C1 & C2. but some one told me that  I have to create duplicate routing of 1 & 2
  with number 3 & 4 and use it for bom B, and another duplicate Routing with number 5&6 and use it for BOM C.
  in this case my PV data will be like this A1, A2, B3, B4, C5, C6.
  Please guide me which way is correct. I feel that the first way is right, because in that case I have 2 routing in system, and in second way I have total 6 routings for that product. please guide me.

  Hi Archana
    If you are doing component allocation with routing ,
  routing for material 1  counter 1 you are choosing alternate Bom  1 or 2 for material.
  similarly for Material 1 counter 2 you are choosing alternate Bom 1 0r 2 according to your choice
  like this   3 routing groups will get created with each have 2 counters
  if you allocate similar kind of material in one group in material allocation tab & you are going for component allocation it will assign one material bom.
  second material bom will not get assigned to the operation.
  if you are not going assign the component at the routing level than you can follow first process.
  if you are planning to allocate components at routing level than you have to follow second process.
  If have any more doubt kindly revert back with your query.
  Thanks & Regards
  Sandeep Kumar Praharaj

• Response Groups - Duplicate "Built In" Services - Multiple Default Routing Endpoints

  Hello,
  I have a Lync 2013 deployment that has been migrated from OCS 2007, to OCS 2007 R2, to Lync 2010, and now to Lync 2013. I am including that information as that may be important for the following discussion.
  When the Response Group Service starts, it logs four error messages which I will place at the bottom of this post. The error messages point to duplicate routing endpoints for the same service. Upon review, it appears to me that I have duplicates of the following
  two services, when I look up the below SIP addresses with Get-CSApplicationEndpoint.
  Announcement Service
  RGS Presence Watcher
  My guess is that during one of these migrations, we ended up with a duplicate service. The problem is - how do I get rid of the duplicate, and how do I know which is the duplicate and which I want to keep? Error messages below.
  Lync Server 2013, Response Group Service was not able to establish the application endpoint.
  The following exception occurred when establishing application endpoint associated with 'sip:RtcApplication-9ebda80c-12e1-4db6-b5f3-f0dc9585ad4d@<scrubbed>.com': System.InvalidOperationException - The ChannelDispatcher at 'net.tcp://<server scrubbed>:8404/'
  with contract(s) '"IAgentSignInOut", "IMatchMaking"' is unable to open its IChannelListener..
  Cause: Failed to connect to Front End server or the Front End server is misconfigured.
  Resolution:
  Check the Front End server for errors.
  Application endpoint for Contact object cannot be created.
  The following exception was thrown during application endpoint creation for Contact object 'sip:RtcApplication-8e1e15ac-09d4-4271-b961-6757feabd621@<scrubbed>.com'. The Response Group associated with this endpoint will not be available.
  Exception: System.ArgumentException - Only one default routing endpoint is allowed per platform. The platform already contains a default routing Endpoint.
  Inner Exception: ~
  Cause: Networking problems with the Front End server, or Front End server configuration problems.
  Resolution:
  Check for eventual SIP errors on the Front End servers.
  Lync Server 2013, Response Group Service was not able to establish the application endpoint.
  The following exception occurred when establishing application endpoint associated with 'sip:RtcApplication-11e8fb5c-9847-460c-9e60-0f34834f8b37@<scrubbed>.com': System.InvalidOperationException - The ChannelDispatcher at 'net.tcp://<scrubbed>:8404/'
  with contract(s) '"IAgentSignInOut", "IMatchMaking"' is unable to open its IChannelListener..
  Cause: Failed to connect to Front End server or the Front End server is misconfigured.
  Resolution:
  Check the Front End server for errors.
  Application endpoint for Contact object cannot be created.
  The following exception was thrown during application endpoint creation for Contact object 'sip:RtcApplication-1c871209-add1-40a6-87bb-07884eb879b5@<scrubbed>.com'. The Response Group associated with this endpoint will not be available.
  Exception: System.ArgumentException - Only one default routing endpoint is allowed per platform. The platform already contains a default routing Endpoint.
  Inner Exception: ~
  Cause: Networking problems with the Front End server, or Front End server configuration problems.
  Resolution:
  Check for eventual SIP errors on the Front End servers.

  Hi,
  Have you reviewed this blog? You may check the ownerpoolID in rgsconfig database.
  http://blog.lync2013.org/tag/lync/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Can I create a multiple waypoint route in Maps?

  I would like to be able to define my own route in the Maps App instead of picking from one of the 3 offered.  Is there any way that I can force a route to go through a specific location?

  Hi HAMADART and welcome to our community
  I'm a bit fuzzy on what you are looking for.
  If you are asking if you can create a hyperlink from a text
  caption that will open a URL or something, the answer is that you
  can, but not like you think. You would insert a caption and place
  it, then insert a click box object and program it to point to the
  URL. Then place the click box object over where you want your user
  to click.
  If you are asking if you can create a link that forces the
  Closed Captioning to display, first off I'd wonder why a link when
  clicking the CC button is so easy. But if you are asking if there
  is a way to cause Closed Captioning to display without user
  intervention, you need to take a look at fellow Adobe Community
  Expert Paul Dewhurst's site and use one of his widgets.
  Click
  here to visit Paul's site.
  Cheers... Rick

• Is it possible to plot a multiple stop route in Maps?

  Does anyone know how to plot multiple stops on one trip?

  Nishan,
  The ability to show two x-axis criteria is limited and might be achieved if you can establish two metrics.  If you can get two (or more) metrics established, then fiddling with the "vertical iine and bar chart" capability may be the answer, however, vert line & bar only works with a minimum of two metrics present....  If you want two lines, then you can change the background of the chart to white and set the bar to white with no lines, thus they'll be "non-existent" to the human eye and only the lines will show through. 
  Thanks,
  John

• Multiple & independant routing tables

  Can the Catalyst 4500 support more than one routing table .

  No, there is only one routing table. What is it you are trying to achieve? Maybe there is another way.
  Kevin Dorrell
  Luxembourg