I had a task to build a site-to-site VPN tunnel with another vendor over which a large amount of data was planned to be transacted on regular basis. On my end, the end-point was a Cisco ASA 5585-X firewall running 9.8 code. To protect the internet circuit from being over-saturated, I decided to use MQC […]
Came to know through a colleague about this refreshing new platform called PNETLab. This is a much more polished cousin of EVE-NG. Having spent large part of lockdown learning with EVE-NG on GCP, this was the best thing to come across. Free lab bundles Main feature for me are the downloadable labs which contain not […]
This checks source IP and destination URL, based on it send it via proxy or allows it direct. Use case For users connected over RA-VPN, I don’t want them to ride the tunnel for bandwidth heavy internet based applications. E.g. youtube.com or something such as an e-learning, video streaming services. Solution for such a situation […]
A note to self on how to check current sessions on a Cisco router that has Zone Based Firewall configured (ZBF)
Deployed a new Cisco ASA Anyconnect gateway. End-users reported constant disconnect/reconnect problems. It was fixed by setting anyconnect mtu to 1200 (in this case). When connection is first established, it builds a SSL tunnel (tcp-443) with a negotiated SSL MTU, after a minute, it tries to switch over to DTLS (udp-443). If the MTU is […]
A scenario came up when a colleague was working on a project where his router was peering with a 3rd party router over eBGP. The router was performing aggregation for 10.x.x.x subnets, summary-only as 10.x/16. We know that BGP will generate a null0 anchor route automatically for the summary address. Now a situation occurred where […]
This topic is about BGP’s ability to prefer another router (kinda de-prefer, actually). The following diagram will make it clear. In this situation, it may be a better choice to traverse from R1 to R2 via the point-to-point link instead of going over the ISP Cloud. Here R1 and R2 are eBGP peers only. The […]
Lately, I have been struggling to understand the logic behind route-map and its functioning when used along with a prefix-list in order to filter prefixes. Basically configurations where the permit/deny of prefix-list couples with permit/deny of route-map. So I decided to lab it out in GNS3 – only allow 172.1.1.0/24 to pass through; filter everything […]
Ttcp can be used to test P2P links, however, the drawback of generating the traffic from router is high CPU usage as this is a control-plane operation. Therefore, it is not really recommended to use this utility to determine throughput for bigger interfaces. TTCP is a hidden undocumented and unsupported IOS command. For testing of […]
The Datacenter NOC where I work requires the network team working in night shifts to test the working status of ISDN circuits as they are very prone to failure due to multiple reasons. Let’s find the WAN IP address of a remote branch by logging into the Regional Office (RO) router. Login to the remote […]