RT @CiscoSecurity 25 Worst Passwords of the Year for 2011 http://t.co/J80GPruK
Author: admin
RT @CiscoSecurity RT @debbiema…
RT @CiscoSecurity RT @debbiemahler: Majority of Firewall Rules Are Improperly Configured, Managed, Survey Finds… http://t.co/bZY3irNc
Cisco Smartnet and code download issues
19th November 2011
Cisco Smartnet and code download issues
I recently retweeted (doesn’t that make me sound like I’m down with the kids) a post I spotted on one of Cisco’s forums with another set of people complaining about Cisco’s appalling Smartnet maintenance proceses. I finally feel that I’ve been vindicated as I’ve been banging on about this for years. I’ve tried complaining to Cisco and got precisley nowhere.
The full article is available here.
I just hope someone at Cisco finally wakes up, listens, takes note and actually does something about this.
Barry
RT @IBM_NEWS Help find a cure …
RT @IBM_NEWS Help find a cure for malaria through the unused power of your PC! http://t.co/j19NSt50 #malaria #IBM
RT @ciscosubnet Cisco SmartNet…
RT @ciscosubnet Cisco SmartNet smarts http://t.co/dE45OKbJ
RT @CiscoSecurity Beware the b…
RT @CiscoSecurity Beware the beaten boy facebook hoak. No, they will not donate $0.45 per share http://t.co/7JKNxZFA
RT @CiscoSecurity BYOD – how t…
RT @CiscoSecurity BYOD – how to cope? Archived webinar from Cisco/IDC has some options http://t.co/Z8HtJOmm
RT @CiscoSecurity Gamers, pare…
RT @CiscoSecurity Gamers, parents of gamers, Steam has been breached http://t.co/pnIbdtBi
RT @CiscoSystems IT in a Cold …
RT @CiscoSystems IT in a Cold Environment. What technologies work best for reducing #datacenter energy costs? http://t.co/0h6Wlapr
Cisco IPSEC tunnel using HSRP address
November 9th 2011
Cisco IPSEC tunnel using HSRP address
A technical update this morning. We’ve been asked by a client how to configure high availability for IPSEC tunnels on Cisco routers. Situation is that the customer had a single ISR Router terminating VPN tunnels at their head office and wanted to add a second router for redundancy.
The question that was asked: what’s the best way of achieving this?
There are a few ways you could go about this – including backup VPN peers, Dead Peer Detection, Reverse Route Injection etc, however in our experience, the easiest way of doing this is to use HSRP across the two routers, and configure IPSEC to use the HSRP address. Note that this will not load balance connections across both gateways (therein lines a completely separate discussion) however provides a seamless failover connection in the event that the primary gateway fails.
A brief snapshot of the relevant parts of the config (please note that the standard crypto commands for building a VPN tunnel are not shown – these are identical to any other site to site VPN config).
Interface f0/1
desc outside interface
ip address 1.1.1.2 255.255.255.255.0
standby 1 1.1.1.1
standby 1 preempt
standby 1 pri 255
standby 1 name ha_address
crypto map crypto_map_name redundancy ha_address
The key here is the “redundancy” keyword on the crypto map that is bound to the external interface. This allows you to specify the name of the standby group – and therefore forces the gateway to use the HSRP address as the source and destination of all IPSEC packets. In this example, the gateway will use “1.1.1.1” which will be the tunnel endpoint for the remote connections.
Hope this is useful.
Barry Hesk