Switch having feature of VPN & Packet Filtering

Can someboady help me to know the low end Switch that can be configured for VPN, Packet Filtering etc... within a switch itself?
Suresh

Hi Suresh,
If you are deploying MPLS VPN then you can got for 3750 metro ethernet switches as well.
The configure vpn in cisco switch Catalyst Metro switches are a new line of premier multilayer switches that bring greater intelligence to the metro Ethernet edge, enabling the delivery of more differentiated metro Ethernet services. Featuring hierarchical quality of service (QoS) and traffic shaping, intelligent 802.1Q tunneling, VLAN mapping, Multi-protocol Label Switching (MPLS) and Ethernet over MPLS (EoMPLS) support, and redundant AC or DC power, these switches are ideal for service providers seeking to deliver profitable business services, such as Layer 2, Layer 3, and MPLS VPNs, configure vpn in switch a variety of bandwidths and with different service-level agreements (SLAs). With flexible software options, the Catalyst Metro offers a cost-effective path for meeting current and future service requirements from service providers serving enterprises and commercial businesses.
HTH,Please rate if it does.
-amit singh

Similar Messages

Switch supporting VPN & Packet Filtering

Can somebody help me in finding the low end cisco switch that can support VPN as well Packet filtering?
As I need to quote this for one of my customer.
Suresh

Mostly switches that support L3 service should support VPN.It is supported in Cisco 6000 Cat IOS.Search for the keyword "VPN support on switches" in cisco.com.Lot of references available.

Viewing MPLS/VPN packet

Hi there,
I would like to know, is there any features on cisco router to view mpls/vpn packet swapping here and there at P,PE or CE routers especially in service provider networks just like "sh ip cache flow" ?
thanks in advance.
maher

MPLS-aware NetFlow should provide you with this functionality. For more information, please refer to the following link:
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1829/products_feature_guide09186a008012dc80.html
Hope this helps,

System crash attempting to use the packet filtering on Solaris 10, MU7

I have been attempting to port my kernel module to run on Solaris 10, MU7 (from MU6). Some changes to the packet filtering hooks interface requires me to make code changes and linker option changes i.e -Nmisc/neti -Nmisc/hook
I now have my module loading successfully and "hooking" packets. However, I am seeing instability and after processing in the order of 100-200 packets the system crashes. See stack dump beow for details.
Also note that initially my callback hook function is very simple i.e returns 0.
I require assistance on identifying the root cause. The key code fragements are as follows:
int _init()
// allocated a control block using net_instance_alloc
// populated the nin_name, nin_create, nin_destroy, and nin_shutdown fields with valid callback functions
// registered the control block using net_instance_register
static int _attach(dip, cmd)
dev_info_t *dip;
ddi_attach_cmd_t cmd;
// initialised a hook control block using HOOK_INIT
// performed a protocol lookup (using net_protocol_lookup) on the net_id provided by the nin_create function callback
// registered the hook with the net_id protocol using net_hook_register
static int
myipf_hook4_in (hook_event_token_t tok, hook_data_t info, void *arg) {
// simple callback function for test purposes
return 0;
System Stack trace:
Boot device: /virtual-devices@100/channel-devices@200/disk@0:a File and args:
SunOS Release 5.10 Version Generic_139555-08 64-bit
Copyright 1983-2009 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
Hostname: bfs-t5440-03-ldm12
NIS domain name is bfs.nis
Reading ZFS config: done.
bfs-t5440-03-ldm12 console login:
panic[cpu9]/thread=2a100a67ca0: BAD TRAP: type=9 rp=2a100a67630 addr=7b6e8d48 mmu_fsr=0
sched: trap type = 0x9
addr=0x7b6e8d48
pid=0, pc=0x7b6e8d48, sp=0x2a100a66ed1, tstate=0x1606, context=0x0
g1-g7: 1910, 18b0, 2a100a678f0, 60010776b14, 1910, 0, 2a100a67ca0
000002a100a67350 unix:die+9c (9, 2a100a67630, 7b6e8d48, 0, 2a100a67410, 182b400)
%l0-3: 000000000100954c 0000000000000009 0000060020ac1620 00000000010523ac
%l4-7: 00000000018a3c78 0000060020ac1848 000003000481dbe0 00000000010ac400
000002a100a67430 unix:trap+6cc (2a100a67630, 10000, 0, 0, 30004028000, 2a100a67ca0)
%l0-3: 0000000000000000 000000000185b480 0000000000000009 0000000000000000
%l4-7: 0000000000000000 0000000000000000 0000000000001606 0000000000010200
000002a100a67580 unix:ktl0+64 (300014c8e40, 2a100a67890, 600114fb428, 3, 1, 0)
%l0-3: 0000030004028000 0000000000000048 0000000000001606 0000000001021604
%l4-7: 00000000003c0000 0000000000000001 0000000000000000 000002a100a67630
000002a100a676d0 hook:hook_run+7c (30001b039c0, 300014c8e40, 2a100a67890, 60012566ea8, 7b6e8d48, 1)
%l0-3: 0000030001b039c8 00000600117df3c0 0000000001878888 0000000000000000
%l4-7: 0000000000000000 000000000000003c 0000000000000000 0000000000000000
000002a100a67780 ip:ip_input+3b4 (0, 600135ca040, 0, 6001359bc28, 0, 0)
%l0-3: 0000000000000000 0000000000000000 0000000000000000 0000060011562000
%l4-7: 00000000e0000000 0000000000000001 0000000000000000 0000000000000000
000002a100a67910 dls:soft_ring_drain+78 (600135d1f00, 60011dfa940, 2, 2000000, 2, 0)
%l0-3: 0000000000000000 0000000000000000 0000000000000004 0000000000000005
%l4-7: 000006001359bc28 00000600135ca040 000000007be1c238 000000000000fffe
000002a100a679c0 dls:soft_ring_worker+64 (600135d1f00, 0, 2, 600135d1f4c, 0, 2a100a67a8a)
%l0-3: 000002a100a67a88 0000000000000000 000002a10001fca0 000002a10001fca0
%l4-7: 0000000000000002 0000000000000000 0000000000000002 00000000018f1000
syncing file systems... [1] 104 [1] 95 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 done (not all i/o completed)
dumping to /dev/dsk/c0d0s1, offset 644284416, content: kernel
100% done: 118970 pages dumped, compression ratio 10.00, dump succeeded
rebooting...
Resetting...
-eugene
Edited by: emonagh on Aug 25, 2009 1:54 AM
Edited by: emonagh on Aug 25, 2009 1:56 AM

I have checked weblogic download link.
Currently webloigc is only available only for below mentioned platforms:-
1. Windows (32 bit jvm)
2. Linux (32 bit jvm)
3. sun solaris (only SPARC) (32 bit JVM)
There is no generic installer available for weblogic 9.2
Thus what I want is weblogic 9.2 setup for x86 machine.
I have tried to run weblogic 9.2 setup for linux on sun solaris x86.
But it did not run, it also gave error message that some package is missing in /lib/.. folder.....

Packet filtering and traffic shaping during peak h...

I play the online game World of Tanks and an currently exteriancing severe lagg and disconnects, the problem does not appear to be with the game/service provider but with BT, i need to know does BT use "packet filtering" and "traffic shaping" during peak hours and if so why has it suddenly started.
This game use's P2P to keep the latency down for players so have been advised to contact BT and ask them are they limiting these types of connections.
Most games do not use these types of connections, but World of Tanks one does and again,been told BT just don't like them, due to the amount of connections they attempt to forge in order to have a stable latency.
I need to know if this is going to continue as pay to play the game, therefore would have to consider changing my ISP to virgin who dont use "packet filtering" and "traffic shaping" during peak hours .
Quick advice would be appreciated.

It's absolutely horrible. i turned off wifi all other devices and every other open program just to reduce my latency for 120ms to 80ms.
Still suffer from huge packet loss.
It would be absolutely horrible if they have started throttling worldoftanks.eu servers. Phone support is no help all they torld me to do is restart my router
I hope this is fixed soon. There are many posts on the WoT eu official forums and everyone that is effected appears to be a BT customer.
Some have mentioned it could be the damaged undersea cable.
I don't have any problems with torrents being throttled or anything like that. only worldoftanks.eu being throttled.

What is an example of an external switch in the accessibility- switch control feature on an iPhone 5s

what is an example of an external switch in the accessibility- switch control feature on an iPhone 5s

Perhaps this will help:
http://bdmtech.blogspot.com/2013/09/new-in-ios-7-detailed-look-at-switch.html

Systemd- failed to start packet filtering framework

I had installed systemd and also iptables and till recently everything seemed all right. Now I have started getting an error message on bootup that "failed to start packet filtering framework".
There is a suggestion at this site: https://mailman.archlinux.org/pipermail … 30565.html
On running the command "sudo systemctl status iptables", following is the output:
iptables.service - Packet Filtering Framework
Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled)
Active: failed (Result: exit-code) since Tue, 23 Oct 2012 17:30:07 +0000; 12min ago
Process: 200 ExecStart=/usr/sbin/iptables-restore /etc/iptables/iptables.rules (code=exited, status=1/FAILURE)
CGroup: name=systemd:/system/iptables.service
Oct 23 17:30:16 myhost iptables-restore[200]: Can't open /etc/iptables/iptables.rules: No such file or directory
How can I correct this error? Please help.
Last edited by rnarch (2012-10-23 12:17:56)

/etc/iptables/iptables.rules file does not exist, but system was not giving this error message earlier. I was loading iptables rules by following command in /etc/rc.local:
iptables-restore /home/myfw-regular.saved
Probably, I should move myfw-regular.saved file to /etc/iptables/iptables.rules and remove the rc.local line.

Disable packet filtering on BM 3.6

Hi
I have a border manager firewall that I am replacing with a hardware box. I
would still like to use the Border manager as a proxy server and use its
access rules but do not want it to packet filter.
What is the easiest way to acheive this?
thanks
Mike

thanks for that Craig. I am happy with that part of it but what I need to
do is turn the BM box into just a router and turn off all packet
filtering.
What is the best way to do that. Is it via filtcfg or do I need to stop
certain NLMs loading?
thanks
> Make the BMgr server's default gateway the new filtering box.
>
> Filter port 80 and 443 on the new box, and allow those ports only from
> the BMgr server's IP address.
>
> Craig Johnson
> Novell Support Connection SysOp
> *** For a current patch list, tips, handy files and books on
> BorderManager, go to http://www.craigjconsulting.com ***
>
>

What is Switch Customer feature in Aruba Central?

Q: What is Switch Customer feature in Aruba Central?
A: Aruba Central is accepted by two segments of customer:
End-Customer : These are end customers where they buy the solution, deploy and monitor the solution.
Service Provider: They provide Aruba Central solution to customer, deploy and monitor on behalf of end-customer.
An example of service provider deployment could be one as below:
There would be multiple small coffee houses or clinics across the city, where only 2 - 5 IAPs are required at each location. Service providers, deploy instant access points at each such store or location and monitor all these sites via Aruba Central.
"Switch Customer" feature is used by service providers. With his feature, service provider can switch between two customer accounts and monitor them successfully.

Perhaps this will help:
http://bdmtech.blogspot.com/2013/09/new-in-ios-7-detailed-look-at-switch.html

802.11 Promiscuous Packet Filters

Hi!
This WDK documentation
topic has the following text:
Note It is only valid for the miniport driver to enable the NDIS_PACKET_TYPE_PROMISCUOUS, NDIS_PACKET_TYPE_802_11_PROMISCUOUS_MGMT, or NDIS_PACKET_TYPE_802_11_PROMISCUOUS_CTRL packet filters if the driver is operating in Network
Monitor (NetMon) or Extensible Access Point (AP) modes.
Is that correct? Why are promiscuous filters valid for ExtAP and not for ExtSTA modes?
Please note that I looked at the Native Wi-Fi Miniport Sample Driver in the Windows 8.1 WDK. I could not see any code that sets the promiscuous filters as described in the WDK. In fact, the function StaSetPacketFilter simply sets the filter settings
without checking to see if any of the promiscuous filter bits are set.
What am I missing?
Thanks!

> Is that correct?
No one denied this, so, very probably, correct.
> What am I missing?
Sample drivers are not 100% production quality. You can request to fix the sample to match the documentation.
Happy new year!
-- pa

Suggestion for packet filtering

i m trying to use the java to implement the packet filtering function..i would like to know which package i suppose to use? java.net is not enought for packet filtering rite? another one thing jar file is suitable to use the agent or not? or use the agent in exe and call the main function in java? can i have some suggestion? thanks

is planning the fault? or people who discouraging me bear the fault? without planning what u can do? consider please! if u wanna know something but people laugh at u because u don't know, how will u feel? u have posted lots in here. are all the messages are discouraging the people who don't know? stop thinking urself as GREAT ok? NO BODY IS PERFECT IN EVERY THING. stick on it.
why don't u just help me out by showing the way? stop flaunting around! no body want like this kind of character here.

Packet filters support supernets?

I trying to get BM3.8 setup to allow packet filter exceptions for smtp
from multiple "networks" which are supernets (email goes thru'
MessageLabs)
I read somewhere that there is a bug or 3.8 does not support supernetting.
The trace shows the inbound packets being discarded even though they are
in the supernet range.
Any ideas - work arounds.

Given that there are literally hundreds of individuals subnets - I will just recommend that the client purchase a real firewall. :(
>>> Caterina Luppi<[email protected]> 23/06/2006 03:52:54 >>>
Jeff,
> I trying to get BM3.8 setup to allow packet filter exceptions for smtp
> from multiple "networks" which are supernets (email goes thru'
> MessageLabs)
>
> I read somewhere that there is a bug or 3.8 does not support supernetting..
Correct - packet filters don't support supernetting.
> Any ideas - work arounds.
no workarounds, I'm afraid. You'll have to duplicate the filters for
each network you need to open.
Cat
NSC Volunteer Sysop

Bordermanager 3.8 sp5 ir packet filtering problems

Hello,
On a freshly installed netware 6.5 sp6 with post fixes server, i have some problems with the packet filters i had never before.
the strange thing that happens is that when i load my filters some services configured on the private network card get blocked to. Like DHCP (does not want to bind)/NDPS manager/Groupwise poa
The rest of the traffic is going correctly thru my exceptions.
i already checked the tcpip.cfg for duplicate entry's and checked my servers configured services and ip numbers on NORM.
already tried to clear all filters and delete the filters.cfg file and run a brdcfg.
Best regards,
Niels van der Greef

Originally Posted by Craig Johnson
What is configured in FILTCFG for filtering (not filter exceptions?)
Does it look like tip #13 at the URL below?
Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to Craig Johnson Consulting - BorderManager, NetWare, and More ***
Yes the filters are configured that way.

Still having problems with VPN access

Hello!
I am having problems with my VPN clients getting access to the networks over a MPLS infrastruture. I can reach these resources form my Core network (172.17.1.0/24) and my Wifi (172.17.100.0/24) but not from my VPN network (172.17.200.0/24). From the VPN I can reach the Wifi network (which is behind a router) and the rule that allows that also allows access to the other networks but for some reason it is not working.
When I ping inside the core network from VPN I can connect and get responses. When I ping to the Wifi network, I can get responses and connect to resources there. A tracert to the wifi network shows it hitting the core switch (a 3750 stack) @ 172.17.1.1, then the Wifi router (172.17.1.3) and then the host. A tracert to a resource on the MPLS network from the VPN shows a single entry (the destination host) and then 29 time outs but will not ping that resource nor connect.
I've posted all the info I can think of below. Any help appreciated.
*** Here is a tracert from a core network machine to the resource we need on the MPLS:
C:\Windows\system32>tracert 10.2.0.125
Tracing route to **************** [10.2.0.125]
over a maximum of 30 hops:
1     1 ms    <1 ms    <1 ms 172.17.1.1
2     1 ms    <1 ms    <1 ms 172.17.1.10
3     5 ms     5 ms     5 ms 192.168.0.13
4    31 ms    30 ms    31 ms 192.168.0.5
5    29 ms    30 ms    29 ms 192.168.0.6
6    29 ms    29 ms    29 ms 192.168.20.4
7    29 ms    29 ms    29 ms RV-TPA-CRMPROD [10.2.0.125]
Trace complete.
172.17.1.10 is the mpls router.
**** Here is the routing table (sh ip route) from the 3750 @ 172.17.1.1
Gateway of last resort is 172.17.1.2 to network 0.0.0.0
S    192.168.30.0/24 [1/0] via 172.17.1.10
     172.17.0.0/24 is subnetted, 3 subnets
S       172.17.200.0 [1/0] via 172.17.1.2
C       172.17.1.0 is directly connected, Vlan20
S       172.17.100.0 [1/0] via 172.17.1.3
     172.18.0.0/24 is subnetted, 1 subnets
S       172.18.1.0 [1/0] via 172.17.1.10
S    192.168.11.0/24 [1/0] via 172.17.1.10
     10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
S       10.2.0.0/24 [1/0] via 172.17.1.10
S       10.10.10.0/24 [1/0] via 172.17.1.10
S       10.20.0.0/24 [1/0] via 172.17.1.10
S       10.3.0.128/25 [1/0] via 172.17.1.10
S    192.168.1.0/24 [1/0] via 172.17.1.10
S*   0.0.0.0/0 [1/0] via 172.17.1.2
*** Here is the firewall config (5510):
ASA Version 8.4(1)
hostname RVGW
domain-name ************
enable password b5aqRk/6.KRmypWW encrypted
passwd 1ems91jznlfZHhfU encrypted
names
interface Ethernet0/0
nameif Outside
security-level 10
ip address 5.29.79.10 255.255.255.248
interface Ethernet0/1
nameif Inside
security-level 100
ip address 172.17.1.2 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 172.19.1.1 255.255.255.0
management-only
banner login RedV GW
ftp mode passive
dns server-group DefaultDNS
domain-name RedVector.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network WiFi
subnet 172.17.100.0 255.255.255.0
description WiFi
object network inside-net
subnet 172.17.1.0 255.255.255.0
object network NOSPAM
host 172.17.1.60
object network BH2
host 172.17.1.60
object network EX2
host 172.17.1.61
description Internal Exchange / Outbound SMTP
object network Mail2
host 5.29.79.11
description Ext EX2
object network NETWORK_OBJ_172.17.1.240_28
subnet 172.17.1.240 255.255.255.240
object network NETWORK_OBJ_172.17.200.0_24
subnet 172.17.200.0 255.255.255.0
object network VPN-CLIENT
subnet 172.17.200.0 255.255.255.0
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
object-group network DM_INLINE_NETWORK_1
network-object object BH2
network-object object NOSPAM
object-group network VPN-CLIENT-PAT-SOURCE
description VPN-CLIENT-PAT-SOURCE
network-object object VPN-CLIENT
object-group network LAN-NETWORKS
network-object 10.10.10.0 255.255.255.0
network-object 10.2.0.0 255.255.255.0
network-object 10.3.0.0 255.255.255.0
network-object 172.17.100.0 255.255.255.0
network-object 172.18.1.0 255.255.255.0
network-object 192.168.1.0 255.255.255.0
network-object 192.168.11.0 255.255.255.0
network-object 192.168.30.0 255.255.255.0
object-group network VPN-POOL
network-object 172.17.200.0 255.255.255.0
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
access-list Outside_access_in extended permit tcp any object-group DM_INLINE_NETWORK_1 eq smtp
access-list Outside_access_in extended permit tcp any object BH2 object-group DM_INLINE_TCP_1
access-list global_mpc extended permit ip any any
access-list Inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
pager lines 24
logging enable
logging asdm informational
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
flow-export destination Inside 172.17.1.52 9996
mtu Outside 1500
mtu Inside 1500
mtu management 1500
ip local pool VPN 172.17.1.240-172.17.1.250 mask 255.255.255.0
ip local pool VPN2 172.17.200.100-172.17.200.200 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (Inside,Outside) source static EX2 Mail2
nat (Inside,Outside) source static any any destination static NETWORK_OBJ_172.17.1.240_28 NETWORK_OBJ_172.17.1.240_28
nat (Inside,Outside) source static any any destination static NETWORK_OBJ_172.17.200.0_24 NETWORK_OBJ_172.17.200.0_24
nat (Inside,Outside) source static inside-net inside-net destination static NETWORK_OBJ_172.17.1.240_28 NETWORK_OBJ_172.17.1.240_28
nat (Inside,Outside) source static LAN-NETWORKS LAN-NETWORKS destination static VPN-POOL VPN-POOL
object network inside-net
nat (Inside,Outside) dynamic interface
object network NOSPAM
nat (Inside,Outside) static 5.29.79.12
nat (Outside,Outside) after-auto source dynamic VPN-CLIENT-PAT-SOURCE interface
access-group Outside_access_in in interface Outside
access-group Inside_access_in in interface Inside
route Outside 0.0.0.0 0.0.0.0 5.29.79.9 1
route Inside 10.2.0.0 255.255.255.0 172.17.1.1 1
route Inside 10.3.0.0 255.255.255.128 172.17.1.1 1
route Inside 10.10.10.0 255.255.255.0 172.17.1.1 1
route Inside 172.17.100.0 255.255.255.0 172.17.1.3 1
route Inside 172.18.1.0 255.255.255.0 172.17.1.1 1
route Inside 192.168.1.0 255.255.255.0 172.17.1.1 1
route Inside 192.168.11.0 255.255.255.0 172.17.1.1 1
route Inside 192.168.30.0 255.255.255.0 172.17.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server RedVec protocol ldap
aaa-server RedVec (Inside) host 172.17.1.41
ldap-base-dn DC=adrs1,DC=net
ldap-group-base-dn DC=adrs,DC=net
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=Hanna\, Roger,OU=Humans,OU=WPLAdministrator,DC=adrs1,DC=net
server-type microsoft
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 172.17.1.0 255.255.255.0 Inside
http 24.32.208.223 255.255.255.255 Outside
snmp-server host Inside 172.17.1.52 community *****
snmp-server location Server Room 3010
snmp-server contact Roger Hanna
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Outside_map interface Outside
crypto ikev1 enable Outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
telnet 172.17.1.0 255.255.255.0 Inside
telnet timeout 5
ssh 172.17.1.0 255.255.255.0 Inside
ssh timeout 5
console timeout 0
dhcpd address 172.17.1.100-172.17.1.200 Inside
dhcpd dns 172.17.1.41 172.17.1.42 interface Inside
dhcpd lease 100000 interface Inside
dhcpd domain adrs1.net interface Inside
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
group-policy RedV internal
group-policy RedV attributes
wins-server value 172.17.1.41
dns-server value 172.17.1.41 172.17.1.42
vpn-tunnel-protocol ikev1
default-domain value ADRS1.NET
group-policy RedV_1 internal
group-policy RedV_1 attributes
wins-server value 172.17.1.41
dns-server value 172.17.1.41 172.17.1.42
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
default-domain value adrs1.net
username rparker password FnbvAdOZxk4r40E5 encrypted privilege 15
username rparker attributes
vpn-group-policy RedV
username mhale password 2reWKpsLC5em3o1P encrypted privilege 0
username mhale attributes
vpn-group-policy RedV
username dcoletto password g53yRiEqpcYkSyYS encrypted privilege 0
username dcoletto attributes
vpn-group-policy RedV
username rhanna password Pd3E3vqnGmV84Ds2 encrypted privilege 15
username rhanna attributes
vpn-group-policy RedV
tunnel-group RedV type remote-access
tunnel-group RedV general-attributes
address-pool VPN2
authentication-server-group RedVec
default-group-policy RedV
tunnel-group RedV ipsec-attributes
ikev1 pre-shared-key *****
class-map global-class
match access-list global_mpc
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
class global-class
flow-export event-type all destination 172.17.1.52
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
hpm topN enable
Cryptochecksum:202ad58ba009fb24cbd119ed6d7237a9

Hi Roger,
I bet you already checked it, but does the MPLS end router has route to VPN client subnet 172.17.200.x (or default) pointing to core rtr)?
Also, if the MPLS link has any /30 subnet assigned, you may need to include that as well in Object group LAN-NETWORKS.
Thx
MS

Discover Switch and router over VPN

i am in contact with a company having many branches connecting over VPN tunnel and with different IP range in each branch
how can i configure the LMs to discover my switch and my router over VPN

LMS 3.0.1 and higher can use non-CDP discovery methods which should be able to find your remotely connected VPN devices. You could use the Ping Sweep or Route Table modules to accomplish what you want.
See https://supportforums.cisco.com/docs/DOC-9005 for more details.

Switch having feature of VPN & Packet Filtering

Similar Messages

Maybe you are looking for