S2Svpn, tunnel up, no traffic Networking |
- S2Svpn, tunnel up, no traffic
- Convert UCk9/FoundationSuiteK9 licenses to Smart License
- iptables DROP not working
- Separate client workstations from servers?
| Posted: 26 Mar 2022 05:03 AM PDT SOLVED Hi, could someone give me a hint about my problem with that vpn btw two asa firewalls. Tunnel is up, but no pings btw two RDP stations. What I can tell that may help is: Site A show crypto ipsec sa #pkts encaps: 331, #pkts encrypt: 331, #pkts digest: 331 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 331, #pkts comp failed: 0, #pkts decomp failed: 0 #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0 #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0 #send errors: 0, #recv errors: 0 show crypto ikev1 sa IKEv1 SAs: Active SA: 1 Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey) Total IKE SA: 1 1 IKE Peer: 109.X.X.X Type : L2L Role : initiator Rekey : no State : MM_ACTIVE Site B ishow crypto ipsec sa #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0 #pkts decaps: 334, #pkts decrypt: 334, #pkts verify: 334 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0 #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0 #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0 #TFC rcvd: 0, #TFC sent: 0 #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0 #send errors: 0, #recv errors: 0 show crypto ikev1 sa IKEv1 SAs: Active SA: 1 Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey) Total IKE SA: 1 1 IKE Peer: 212.X.X.X Type : L2L Role : responder Rekey : no State : MM_ACTIVE [link] [comments] |
| Convert UCk9/FoundationSuiteK9 licenses to Smart License Posted: 25 Mar 2022 06:25 PM PDT I had a Cisco ISR4431 voice gateway router, it's running IOS XE 16.6.1 with uck9/FoundationSuiteK9 licenses. Now I want to upgrade IOS to 16.12.5, but I knew that this version use Smart License. I don't know if I need to convert the current licenses to Smart License or not ? If the evaluation period expired (90 days), do the voice router continue to function as normal ? [link] [comments] |
| Posted: 25 Mar 2022 11:02 PM PDT Hi, I am trying to block all the incoming traffic towards my server, which is exposed to my static public IP on port 80 and 443, and my public IP configured in CloudFlare proxy. I have docker installed, and multiple container running on it. I am trying to set rules in iptables which will DROP all the traffic on port 80 and 443 if it is not originated from CloudFalre and my local LAN/VPN, I have applied the rules by downloading all the IPv4 from CloudFlare. Unfortunately it is not dropping the direct external traffic on port 443 and 80, if I am trying to access it from AWS EC2 by telnetting to port 80 and 443, it is getting connected successfully, and I am able to see the public IP of my EC2 from docker host. I have also saved the iptables permanently, but luck. I am not very much comfortable with iptables, but I would like to use this. Please help me fixing this. This is the output of my docker host from sudo iptables -L
[link] [comments] |
| Separate client workstations from servers? Posted: 25 Mar 2022 08:39 PM PDT We have a fairly flat network, and I am looking at doing some network segmentation. Is it still a best practice to put client workstations in one subnet and servers on another? If all of the clients need to talk to the servers, It seems like unnecessary overhead to put them in separate vlans/subnets and route between them. Our environment has a high-level of document storage needs, about 200 clients, about 25 servers. [link] [comments] |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment