[c-nsp] DMVPN breaks when IPSEC protection is applied to tunnels

Nic Tjirkalli nic.tjirkalli at za.verizonbusiness.com
Tue Aug 26 01:37:07 EDT 2008


Howdy ho,


> Maybe try to put in an ACL or could use netflow for this as well...
> ip access-list extend check_packets_in
> permit esp any any
> permit udp any eq isakmp any eq isakmp
> permit ip any any
> interface dialer 1
> ip access-group check_packets_in in
>
> To see if ESP coming in to your spoke router.
good suggestion but now I am even more c0onfused

created acl as follows and applied to dialer 1 in :-
interface Dialer1
  ip access-group check_packets_in in

but there ar no matches at all - not even IP 
nhrp-spoke-2#show access-lists check_packets_in
Extended IP access list check_packets_in
     10 permit ahp any any
     20 permit esp any any
     30 permit udp any eq isakmp any eq isakmp
     40 permit ip any any


`:wq``


>
> -Luan
>
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Nic Tjirkalli
> Sent: Monday, August 25, 2008 3:40 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] DMVPN breaks when IPSEC protection is applied to
> tunnels
>
> howdy ho all,
>
> thanx to thise who sent through suggestions to how to get the IPSEC to
> work
> - the ideas were :- try mode transport
>                  :- dont use wilcard for the secret
>
> so i changed the hub and spoke as follows :-
> crypto ipsec transform-set 3DES_MD5 esp-aes esp-md5-hmac
>  mode transport
>
> crypto isakmp key CISCO address 41.195.37.0 255.255.255.0
> crypto isakmp key CISCO address 196.47.0.204 255.255.255.0
>
>
> alss same symptons
> - crypto comes up
> - hub reports IPSEC encaps and decaps
> - spoke sites report 0 decaps for IPSEC and no errors
>
>
> any other ideas?
>
> thanx
>
>>
>>
>> howdy ho all,
>>
>> Was hoping I could use this forum to get some direction on resolving a
>> strange issue I have with a DMVPN setup.
>>
>> All works 100% if I do not protect the tunnels with IPSEC. As soon as I
>> enable IPSEC the tunnels stop passing traffic.
>>
>>
>> The setup :-
>> ============
>>
>> All routers are CISCO 1841 platforms. the IOS image is :-
>> C1841-ADVIPSERVICESK9-M
>> c1841-advipservicesk9-mz.124-21.bin
>>
>>
>> HUB Router
>> ----------
>> HUB router connects via ADSL (a PPPOE session over ethernet) and then
> fires
>> up an L2TP tunnel to obtain a static IP address.
>>
>> The IP address allocated to the L2TP interface is 196.47.0.204
> (Virtual-PPP1)
>> This IP address is the NHS. All connections to/from the hub
>> use the address of 196.47.0.204.
>>
>> Tunnel interface on the hub router is 10.0.0.1
>>
>>
>> Spoke Router
>> ------------
>> the Spoke router (there are 2 I am just showing one) connects via ADSL
>> (a PPPOE session over ethernet) and obtains a dynamic IP address. the
> spoke
>> routers use Dialer1 as their interface into the NHRP cloud.
>>
>> NHRP comes up and if I do not use IPSEC encryption on the Tunnel interface
>> ie do not add the command tunnel protection ipsec profile DMVPN
>> on Tunnel0
>>
>> Tunnel interface on the hub router is 10.0.0.3
>> all works perfectly.
>>
>>
>> The Problem
>> ===========
>>
>> When I enable IPSEC encryption on the tunnel interfaces on all routers
>> then things break. I have tried with both 3DES and AES and same issue.
>>
>> All the crypto sessions seem correct - correct SAs come up. The
> dynamically
>> created crypto-maps seem correct.
>>
>> BUT. on the spoke routers, IPSEC reports that no packets are being
>> de-encapsulated but no errors are reported.
>>
>> nhrp-spoke-2#show crypto ipsec sa
>>
>> interface: Tunnel0
>>   local  ident (addr/mask/prot/port): (41.195.37.191/255.255.255.255/47/0)
>>   remote ident (addr/mask/prot/port): (196.47.0.204/255.255.255.255/47/0)
>>   current_peer 196.47.0.204 port 500
>>     PERMIT, flags={origin_is_acl,}
>>    #pkts encaps: 13410, #pkts encrypt: 13410, #pkts digest: 13410
>>    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
>>    #pkts compressed: 0, #pkts decompressed: 0
>>    #pkts not compressed: 0, #pkts compr. failed: 0
>>    #pkts not decompressed: 0, #pkts decompress failed: 0
>>    #send errors 3, #recv errors 0
>>
>>
>> But on the HUB. all is well
>>   protected vrf: (none)
>>   local  ident (addr/mask/prot/port): (196.47.0.204/255.255.255.255/47/0)
>>   remote ident (addr/mask/prot/port): (41.195.37.191/255.255.255.255/47/0)
>>   current_peer 41.195.37.191 port 500
>>     PERMIT, flags={origin_is_acl,}
>>    #pkts encaps: 153, #pkts encrypt: 153, #pkts digest: 153
>>    #pkts decaps: 80, #pkts decrypt: 80, #pkts verify: 80
>>    #pkts compressed: 0, #pkts decompressed: 0
>>    #pkts not compressed: 0, #pkts compr. failed: 0
>>    #pkts not decompressed: 0, #pkts decompress failed: 0
>>    #send errors 1, #recv errors 0
>>
>>
>> Any ideas/thoughts would be greatly appreciated.
>>
>> The configuration's and some useful output are  below
>>
>>
>>
>> HUB Configuration
>> =================
>>
>> hostname adsl-nhrp-hub
>> !
>> boot-start-marker
>> boot-end-marker
>> !
>> logging buffered 4096 debugging
>> !
>> no aaa new-model
>> ip cef
>> !
>> !
>> !
>> !
>> no ip domain lookup
>> ip auth-proxy max-nodata-conns 3
>> ip admission max-nodata-conns 3
>> vpdn enable
>> !
>> l2tp-class l2tpclass1
>> authentication
>> password 7 03070E0C2E572B6A1719
>> !
>> !
>> !
>> !
>> !
>> !
>> pseudowire-class pwclass1
>> encapsulation l2tpv2
>> protocol l2tpv2 l2tpclass1
>> ip local interface Dialer1
>> !
>> !
>> !
>> crypto isakmp policy 10
>> encr aes
>> hash md5
>> authentication pre-share
>> group 2
>> crypto isakmp key XXXXX address 0.0.0.0 0.0.0.0
>> !
>> !
>> crypto ipsec transform-set 3DES_MD5 esp-aes esp-md5-hmac
>> !
>> crypto ipsec profile DMVPN
>> set transform-set 3DES_MD5
>> !
>> !
>> !
>> !
>> interface Loopback0
>> ip address 172.16.1.1 255.255.255.255
>> !
>> interface Tunnel0
>> ip address 10.0.0.1 255.255.255.0
>> no ip redirects
>> ip mtu 1400
>> no ip next-hop-self eigrp 1
>> ip nhrp authentication xxxxxxxxxx
>> ip nhrp map multicast dynamic
>> ip nhrp network-id 1
>> ip nhrp holdtime 60
>> ip nhrp registration timeout 30
>> ip tcp adjust-mss 1360
>> no ip split-horizon eigrp 1
>> tunnel source Virtual-PPP1
>> tunnel mode gre multipoint
>> tunnel key 1
>> tunnel protection ipsec profile DMVPN
>> !
>> interface Null0
>> no ip unreachables
>> !
>> interface FastEthernet0/0
>> no ip address
>> speed 100
>> full-duplex
>> pppoe enable group global
>> pppoe-client dial-pool-number 1
>> !
>> interface FastEthernet0/1
>> no ip address
>> duplex auto
>> speed auto
>> !
>> interface Virtual-PPP1
>> ip address negotiated
>> ip mtu 1452
>> ip virtual-reassembly
>> no logging event link-status
>> no peer neighbor-route
>> no cdp enable
>> ppp chap hostname XXXXX
>> ppp chap password 7 XXXXXX
>> ppp pap sent-username XXXX password 7 XXXXX
>> pseudowire 196.30.121.42 10 pw-class pwclass1
>> !
>> interface Dialer1
>> mtu 1492
>> ip address negotiated
>> ip virtual-reassembly
>> encapsulation ppp
>> ip tcp adjust-mss 1452
>> dialer pool 1
>> dialer-group 1
>> ppp chap hostname XXX
>> ppp chap password 7 XXXX
>> ppp pap sent-username XXXX password 7 XXXX
>> !
>> router eigrp 1
>> redistribute connected route-map to-eigrp
>> redistribute static
>> passive-interface Dialer1
>> network 10.0.0.0 0.0.0.255
>> no auto-summary
>> !
>> no ip forward-protocol nd
>> ip route 0.0.0.0 0.0.0.0 Virtual-PPP1
>> ip route 196.30.121.42 255.255.255.255 Dialer1
>> !
>> !
>> ip http server
>> no ip http secure-server
>> !
>> !
>> ip prefix-list local seq 5 permit 41.195.37.0/24 le 32
>> ip prefix-list local seq 10 permit 196.47.0.0/16 le 32
>> access-list 1 permit any
>> access-list 2 deny   any
>> access-list 3 permit 10.0.0.2
>> access-list 3 permit 10.222.0.1
>> access-list 3 permit 10.222.0.2
>> access-list 3 permit 10.244.0.2
>> no cdp run
>> !
>> route-map to-eigrp deny 10
>> match ip address prefix-list local
>> !
>> route-map to-eigrp permit 1000
>>
>>
>> adsl-nhrp-hub#show ip nhrp
>> 10.0.0.2/32 via 10.0.0.2, Tunnel0 created 03:19:00, expire 00:00:57
>>  Type: dynamic, Flags: authoritative unique registered used
>>  NBMA address: 41.195.37.174
>> 10.0.0.3/32 via 10.0.0.3, Tunnel0 created 00:04:56, expire 00:00:33
>>  Type: dynamic, Flags: authoritative unique registered used
>>  NBMA address: 41.195.37.191
>>
>> adsl-nhrp-hub#show crypto ipsec sa
>>
>> interface: Tunnel0
>>    Crypto map tag: Tunnel0-head-0, local addr 196.47.0.204
>>
>>   protected vrf: (none)
>>   local  ident (addr/mask/prot/port): (196.47.0.204/255.255.255.255/47/0)
>>   remote ident (addr/mask/prot/port): (41.195.37.174/255.255.255.255/47/0)
>>   current_peer 41.195.37.174 port 500
>>     PERMIT, flags={origin_is_acl,}
>>    #pkts encaps: 5764, #pkts encrypt: 5764, #pkts digest: 5764
>>    #pkts decaps: 3484, #pkts decrypt: 3484, #pkts verify: 3484
>>    #pkts compressed: 0, #pkts decompressed: 0
>>    #pkts not compressed: 0, #pkts compr. failed: 0
>>    #pkts not decompressed: 0, #pkts decompress failed: 0
>>    #send errors 0, #recv errors 0
>>
>>     local crypto endpt.: 196.47.0.204, remote crypto endpt.: 41.195.37.174
>>     path mtu 1452, ip mtu 1452, ip mtu idb Virtual-PPP1
>>     current outbound spi: 0xD9D819B1(3654818225)
>>
>>     inbound esp sas:
>>      spi: 0x8AD878CD(2329442509)
>>        transform: esp-aes esp-md5-hmac ,
>>        in use settings ={Tunnel, }
>>        conn id: 3006, flow_id: FPGA:6, crypto map: Tunnel0-head-0
>>        sa timing: remaining key lifetime (k/sec): (4437499/1923)
>>        IV size: 16 bytes
>>        replay detection support: Y
>>        Status: ACTIVE
>>
>>     inbound ah sas:
>>
>>     inbound pcp sas:
>>
>>     outbound esp sas:
>>      spi: 0xD9D819B1(3654818225)
>>        transform: esp-aes esp-md5-hmac ,
>>        in use settings ={Tunnel, }
>>        conn id: 3005, flow_id: FPGA:5, crypto map: Tunnel0-head-0
>>        sa timing: remaining key lifetime (k/sec): (4437454/1923)
>>        IV size: 16 bytes
>>        replay detection support: Y
>>        Status: ACTIVE
>>
>>     outbound ah sas:
>>
>>     outbound pcp sas:
>>
>>   protected vrf: (none)
>>   local  ident (addr/mask/prot/port): (196.47.0.204/255.255.255.255/47/0)
>>   remote ident (addr/mask/prot/port): (41.195.37.191/255.255.255.255/47/0)
>>   current_peer 41.195.37.191 port 500
>>     PERMIT, flags={origin_is_acl,}
>>    #pkts encaps: 153, #pkts encrypt: 153, #pkts digest: 153
>>    #pkts decaps: 80, #pkts decrypt: 80, #pkts verify: 80
>>    #pkts compressed: 0, #pkts decompressed: 0
>>    #pkts not compressed: 0, #pkts compr. failed: 0
>>    #pkts not decompressed: 0, #pkts decompress failed: 0
>>    #send errors 1, #recv errors 0
>>
>>     local crypto endpt.: 196.47.0.204, remote crypto endpt.: 41.195.37.191
>>     path mtu 1452, ip mtu 1452, ip mtu idb Virtual-PPP1
>>     current outbound spi: 0x6E27D1C2(1848103362)
>>
>>     inbound esp sas:
>>      spi: 0xEE9B0E5D(4003139165)
>>        transform: esp-aes esp-md5-hmac ,
>>        in use settings ={Tunnel, }
>>        conn id: 3004, flow_id: FPGA:4, crypto map: Tunnel0-head-0
>>        sa timing: remaining key lifetime (k/sec): (4478781/3289)
>>        IV size: 16 bytes
>>        replay detection support: Y
>>        Status: ACTIVE
>>
>>     inbound ah sas:
>>
>>     inbound pcp sas:
>>
>>     outbound esp sas:
>>      spi: 0x6E27D1C2(1848103362)
>>        transform: esp-aes esp-md5-hmac ,
>>        in use settings ={Tunnel, }
>>        conn id: 3003, flow_id: FPGA:3, crypto map: Tunnel0-head-0
>>        sa timing: remaining key lifetime (k/sec): (4478771/3289)
>>        IV size: 16 bytes
>>        replay detection support: Y
>>        Status: ACTIVE
>>
>>     outbound ah sas:
>>
>>     outbound pcp sas:
>>
>> adsl-nhrp-hub#show crypto map
>> Crypto Map "Tunnel0-head-0" 65536 ipsec-isakmp
>>        Profile name: DMVPN
>>        Security association lifetime: 4608000 kilobytes/3600 seconds
>>        PFS (Y/N): N
>>        Transform sets={
>>                3DES_MD5,
>>        }
>>
>> Crypto Map "Tunnel0-head-0" 65540 ipsec-isakmp
>>        Map is a PROFILE INSTANCE.
>>        Peer = 41.195.37.174
>>        Extended IP access list
>>            access-list  permit gre host 196.47.0.204 host 41.195.37.174
>>        Current peer: 41.195.37.174
>>        Security association lifetime: 4608000 kilobytes/3600 seconds
>>        PFS (Y/N): N
>>        Transform sets={
>>                3DES_MD5,
>>        }
>>
>> Crypto Map "Tunnel0-head-0" 65541 ipsec-isakmp
>>        Map is a PROFILE INSTANCE.
>>        Peer = 41.195.37.191
>>        Extended IP access list
>>            access-list  permit gre host 196.47.0.204 host 41.195.37.191
>>        Current peer: 41.195.37.191
>>        Security association lifetime: 4608000 kilobytes/3600 seconds
>>        PFS (Y/N): N
>>        Transform sets={
>>                3DES_MD5,
>>        }
>>        Interfaces using crypto map Tunnel0-head-0:
>>                Tunnel0
>>
>> adsl-nhrp-hub#show crypto engine connections active
>>
>>  ID Interface            IP-Address      State  Algorithm
> Encrypt
>> Dt
>>  16 Virtual-PPP1         196.47.0.204    set    HMAC_MD5+AES_CBC
> 0
>> 0
>>  18 Tunnel0              10.0.0.1        set    HMAC_MD5+AES_CBC
> 0
>> 0
>> 3003 Tunnel0              196.47.0.204    set    AES+MD5
> 169
>> 0
>> 3004 Tunnel0              196.47.0.204    set    AES+MD5
> 0
>> 8
>> 3005 Virtual-PPP1         196.47.0.204    set    AES+MD5
> 818
>> 0
>> 3006 Virtual-PPP1         196.47.0.204    set    AES+MD5
> 0
>> 1
>>
>>
>> Spoke Configuration
>> ===================
>>
>> ip cef
>> !
>> no ip domain lookup
>> ip auth-proxy max-nodata-conns 3
>> ip admission max-nodata-conns 3
>> vpdn enable
>> !
>> l2tp-class l2tpclass1
>> authentication
>> password 7 xxxx
>> !
>> !
>> pseudowire-class pwclass1
>> encapsulation l2tpv2
>> protocol l2tpv2 l2tpclass1
>> ip local interface Dialer1
>> !
>> !
>> crypto isakmp policy 10
>> encr aes
>> hash md5
>> authentication pre-share
>> group 2
>> crypto isakmp key XXXXX address 0.0.0.0 0.0.0.0
>> !
>> !
>> crypto ipsec transform-set 3DES_MD5 esp-aes esp-md5-hmac
>> !
>> crypto ipsec profile DMVPN
>> set transform-set 3DES_MD5
>> !
>> !
>> !
>> !
>> interface Loopback0
>> ip address 172.16.1.3 255.255.255.255
>> !
>> interface Tunnel0
>> ip address 10.0.0.3 255.255.255.0
>> no ip redirects
>> ip mtu 1400
>> ip nhrp authentication xxxxxxxxxx
>> ip nhrp map 10.0.0.1 196.47.0.204
>> ip nhrp map multicast 196.47.0.204
>> ip nhrp network-id 1
>> ip nhrp holdtime 60
>> ip nhrp nhs 10.0.0.1
>> ip nhrp registration timeout 30
>> ip tcp adjust-mss 1360
>> tunnel source Dialer1
>> tunnel mode gre multipoint
>> tunnel key 1
>> tunnel protection ipsec profile DMVPN
>> !
>> interface FastEthernet0/0
>> ip address dhcp
>> speed 100
>> full-duplex
>> pppoe enable group global
>> pppoe-client dial-pool-number 1
>> !
>> interface FastEthernet0/1
>> ip address 10.222.0.1 255.255.255.0
>> speed 100
>> full-duplex
>> !
>> !
>> interface Dialer1
>> mtu 1492
>> ip address negotiated
>> ip virtual-reassembly
>> encapsulation ppp
>> ip tcp adjust-mss 1452
>> dialer pool 1
>> ppp chap hostname XXXX
>> ppp chap password 0 XXXX
>> ppp pap sent-username XXXX password 0 XXXXX
>> !
>> router eigrp 1
>> redistribute connected route-map to-eigrp
>> redistribute static
>> passive-interface FastEthernet0/1
>> passive-interface Dialer1
>> network 10.0.0.0 0.0.0.255
>> no auto-summary
>> eigrp stub connected
>> !
>> ip forward-protocol nd
>> ip route 0.0.0.0 0.0.0.0 Dialer1
>> !
>> !
>> ip http server
>> no ip http secure-server
>> !
>> !
>> ip prefix-list local seq 5 permit 41.195.37.0/24 le 32
>> access-list 1 permit any
>> access-list 2 deny   any
>> access-list 3 permit 10.222.0.1
>> access-list 3 permit 10.222.0.2
>> access-list 3 permit 10.244.0.2
>> access-list 3 permit 10.244.0.1
>> !
>> route-map clear-df permit 10
>> set ip df 0
>> !
>> route-map to-eigrp deny 10
>> match ip address prefix-list local
>> !
>> route-map to-eigrp permit 1000
>>
>>
>> Some Debugs
>> ===========
>>
>> nhrp-spoke-2#show ip nhrp
>> 10.0.0.1/32 via 10.0.0.1, Tunnel0 created 23:59:15, never expire
>>  Type: static, Flags: authoritative used
>>  NBMA address: 196.47.0.204
>>
>>
>> nhrp-spoke-2#show crypto ipsec sa
>>
>> interface: Tunnel0
>>    Crypto map tag: Tunnel0-head-0, local addr 41.195.37.191
>>
>>   protected vrf: (none)
>>   local  ident (addr/mask/prot/port): (41.195.37.191/255.255.255.255/47/0)
>>   remote ident (addr/mask/prot/port): (196.47.0.204/255.255.255.255/47/0)
>>   current_peer 196.47.0.204 port 500
>>     PERMIT, flags={origin_is_acl,}
>>    #pkts encaps: 13410, #pkts encrypt: 13410, #pkts digest: 13410
>>    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
>>    #pkts compressed: 0, #pkts decompressed: 0
>>    #pkts not compressed: 0, #pkts compr. failed: 0
>>    #pkts not decompressed: 0, #pkts decompress failed: 0
>>    #send errors 3, #recv errors 0
>>
>>     local crypto endpt.: 41.195.37.191, remote crypto endpt.: 196.47.0.204
>>     path mtu 1492, ip mtu 1492, ip mtu idb Dialer1
>>     current outbound spi: 0xEE9B0E5D(4003139165)
>>
>>     inbound esp sas:
>>      spi: 0x6E27D1C2(1848103362)
>>        transform: esp-aes esp-md5-hmac ,
>>        in use settings ={Tunnel, }
>>        conn id: 3004, flow_id: FPGA:4, crypto map: Tunnel0-head-0
>>        sa timing: remaining key lifetime (k/sec): (4530791/3584)
>>        IV size: 16 bytes
>>        replay detection support: Y
>>        Status: ACTIVE
>>
>>     inbound ah sas:
>>
>>     inbound pcp sas:
>>
>>     outbound esp sas:
>>      spi: 0xEE9B0E5D(4003139165)
>>        transform: esp-aes esp-md5-hmac ,
>>        in use settings ={Tunnel, }
>>        conn id: 3003, flow_id: FPGA:3, crypto map: Tunnel0-head-0
>>        sa timing: remaining key lifetime (k/sec): (4530789/3584)
>>        IV size: 16 bytes
>>        replay detection support: Y
>>        Status: ACTIVE
>>
>>     outbound ah sas:
>>
>>     outbound pcp sas:
>>
>> nhrp-spoke-2#show crypto engine connections active
>>
>>  ID Interface            IP-Address      State  Algorithm
> Encrypt
>> Decrypt
>>  13 Dialer1              41.195.37.191   set    HMAC_MD5+AES_CBC
> 0
>> 0
>>  14 Dialer1              41.195.37.191   set    HMAC_MD5+AES_CBC
> 0
>> 0
>> 3003 Dialer1              41.195.37.191   set    AES+MD5
> 15
>> 0
>> 3004 Dialer1              41.195.37.191   set    AES+MD5
> 0
>> 0
>>
>> nhrp-spoke-2#show crypto map
>> Crypto Map "Tunnel0-head-0" 65536 ipsec-isakmp
>>        Profile name: DMVPN
>>        Security association lifetime: 4608000 kilobytes/3600 seconds
>>        PFS (Y/N): N
>>        Transform sets={
>>                3DES_MD5,
>>        }
>>
>> Crypto Map "Tunnel0-head-0" 65537 ipsec-isakmp
>>        Map is a PROFILE INSTANCE.
>>        Peer = 196.47.0.204
>>        Extended IP access list
>>            access-list  permit gre host 41.195.37.191 host 196.47.0.204
>>        Current peer: 196.47.0.204
>>        Security association lifetime: 4608000 kilobytes/3600 seconds
>>        PFS (Y/N): N
>>        Transform sets={
>>                3DES_MD5,
>>        }
>>        Interfaces using crypto map Tunnel0-head-0:
>>                Tunnel0
>>
>>
>> ---------------------------------------------------------------------
>> A feature is a bug with seniority.
>>
>> Nic Tjirkalli
>> Verizon Business South Africa
>> Network Strategy Team
>>
>> Verizon Business is a brand of Verizon South Africa (Pty) Ltd. This e-mail
>> is strictly confidential and intended only for use by the addressee unless
>> otherwise indicated.
>>
>> Company Information:http:// www.verizonbusiness.com/za/contact/legal/
>>
>> This e-mail is strictly confidential and intended only for use by the
>> addressee unless otherwise indicated.
>>
>>
>
>
> ---------------------------------------------------------------------
> Some days you're the pigeon, and some days you're the statue.
>
> Nic Tjirkalli
> Verizon Business South Africa
> Network Strategy Team
>
> Verizon Business is a brand of Verizon South Africa (Pty) Ltd. This e-mail
> is strictly confidential and intended only for use by the addressee unless
> otherwise indicated.
>
> Company Information:http:// www.verizonbusiness.com/za/contact/legal/
>
> This e-mail is strictly confidential and intended only for use by the
> addressee unless otherwise indicated.
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


---------------------------------------------------------------------
A feature is a bug with seniority.

Nic Tjirkalli
Verizon Business South Africa
Network Strategy Team

Verizon Business is a brand of Verizon South Africa (Pty) Ltd. This e-mail
is strictly confidential and intended only for use by the addressee unless
otherwise indicated.

Company Information:http:// www.verizonbusiness.com/za/contact/legal/

This e-mail is strictly confidential and intended only for use by the
addressee unless otherwise indicated.



More information about the cisco-nsp mailing list