[c-nsp] cisco-nsp Digest, Vol 82, Issue 34

Thilak T thilak.t at gmail.com
Mon Sep 7 12:08:30 EDT 2009


IPSeC VPN termination 6500 chassis with SPA module is not supported.
You can bring up IPSec Tunnel , however it wont work as expected , I
have seen sup720 cpu hitting 80 to 90 % even for 1Mbps traffic.IPSec
connection w/o SPA is not reliable and supported.

Thanks

Thilak Thankappan


On Mon, Sep 7, 2009 at 9:00 AM, <cisco-nsp-request at puck.nether.net> wrote:
> Send cisco-nsp mailing list submissions to
>        cisco-nsp at puck.nether.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://puck.nether.net/mailman/listinfo/cisco-nsp
> or, via email, send a message with subject or body 'help' to
>        cisco-nsp-request at puck.nether.net
>
> You can reach the person managing the list at
>        cisco-nsp-owner at puck.nether.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of cisco-nsp digest..."
>
>
> Today's Topics:
>
>   1. 6500 ipsec vpn (ying-xiang)
>   2. Cisco ACS related (Mohammad Khalil)
>   3. Re: MIBs and OIDs (Lee)
>   4. Re: VPN traffic to the Internet ... (ASA) (Garry)
>   5. Re: Syslog Solutions (Mario Spinthiras)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 7 Sep 2009 17:13:57 +0800 (CST)
> From: ying-xiang <ying-xiang at 163.com>
> To: cisco-nsp <cisco-nsp at puck.nether.net>
> Subject: [c-nsp] 6500 ipsec vpn
> Message-ID:
>        <13618054.353951252314837673.JavaMail.coremail at bj163app25.163.com>
> Content-Type: text/plain; charset=gbk
>
>
>
> hi
>
> may i config ipsec vpn between two 6500 chassis without vpn service module?
>
> ------------------------------
>
> Message: 2
> Date: Mon, 7 Sep 2009 14:32:54 +0300
> From: Mohammad Khalil <eng_mssk at hotmail.com>
> To: <cisco-nsp at puck.nether.net>
> Subject: [c-nsp] Cisco ACS related
> Message-ID: <BLU102-W175DDB3F072211A758AD9FAEB0 at phx.gbl>
> Content-Type: text/plain; charset="windows-1256"
>
>
> can i deny a certain command under configuration mode for certain authorization shell ?
>
> _________________________________________________________________
> With Windows Live, you can organize, edit, and share your photos.
> http://www.microsoft.com/middleeast/windows/windowslive/products/photo-gallery-edit.aspx
>
> ------------------------------
>
> Message: 3
> Date: Mon, 7 Sep 2009 07:43:30 -0400
> From: Lee <ler762 at gmail.com>
> To: Mohammad Khalil <eng_mssk at hotmail.com>
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] MIBs and OIDs
> Message-ID:
>        <dd5f2deb0909070443je479527jb4f3d1de01a160f7 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 9/7/09, Mohammad Khalil <eng_mssk at hotmail.com> wrote:
>>
>> hey all
>> what is the way to transform the MIBs to OIDs ?
>
> as already mentioned, snmptranslate from http://net-snmp.sourceforge.net/
>
> http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en
>
> get the file ftp://ftp.cisco.com/pub/mibs/oid/oid.tar.gz
> unzip oid.tar.gz to OIDs
> from a cygwin command prompt
>  cd /cygdrive/c/ ..whatever.. /OIDs
>  cat * | sort -k 2,2 -k 1 | uniq | nawk '{printf("%-50s  %s\n", $1,
> $2) }' > ../oids_all.txt
>  unix2dos ../oids_all.txt
>
> Regards,
> Lee
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 07 Sep 2009 15:19:06 +0200
> From: Garry <gkg at gmx.de>
> To: Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] VPN traffic to the Internet ... (ASA)
> Message-ID: <4AA5084A.6000706 at gmx.de>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Alan Buxey wrote:
>> Hi,
>>
>>>> What am I missing here?
>>
>> your ASA cannot be that IP - so is probably just dropping
>> those packets as invalid... what you need to do is set up a
>> proxy (eq squid) on your internal network that has an address
>> within the 'allowed IP range' and then configure the ASA to
>> use that proxy - your mobile clients can then use that
>
> So, say, I wouldn't have split tunneling - the ASA IOS isn't able to let
> VPN clients get through to the Internet by doing a PAT or NAT on the way
> out?
>
>
> -gg
>
>
> ------------------------------
>
> Message: 5
> Date: Mon, 7 Sep 2009 14:52:15 +0100
> From: Mario Spinthiras <spinthiras.mario at gmail.com>
> To: Cisco Network Service Providers <cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] Syslog Solutions
> Message-ID:
>        <4f890e580909070652m5cc70c89s5d693f6993c873f9 at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> Zenoss has syslog and snmp traps , its actually quite nice due to it's
> integration with the rest of the monitoring system (hierarchies ,
> notification settings) and it also takes repetitions in a time lapse in
> order to avoid sending you hundreds of notifications and just sends a more
> reasonable amount =) Do keep in mind however Zenoss is more a monitoring
> solution overall and not just a snmp traps/syslog tool.
>
>
> If you are looking for something more standalone, Splunk is also nice but
> haven't had an in-depth with it.
>
>
> Mario.
>
>
> ------------------------------
>
> _______________________________________________
> cisco-nsp mailing list
> cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
>
> End of cisco-nsp Digest, Vol 82, Issue 34
> *****************************************
>


More information about the cisco-nsp mailing list