So I've got a hub and spoke config setup between three sites (reston, DC, and NY with DC being the middle site btwn the other two) currently up and operational (thanks, acomiskey). All is good to go, but I wanted to lock down some ports/services and don't have much experience with access lists.
I'm only going to be doing rsync over TCP port 873 between DC and NY (DC will be doing an RSYNC pull from NY only). I'd also like to have ICMP for troubleshooting, as well, if possible.
I also wanted to only allow SSH access and icmp *from* Reston to DC, so the only thing Reston can do is SSH and PING the DC hosts.
Right now Reston can get to NY through DC (hence the hub and spoke). I'd like for that to continue after locking down rsync between DC and NY.
Hope that's not too confusing :) Thanks in advance.
The sample configuration in the below URL shows a hub and spoke IPsec design between three routers. This configuration differs from other hub and spoke configurations because in this example, communication is enabled between the spoke sites by going through the hub. In other words, there is not a direct IPsec tunnel between the two spoke routers. All packets are sent across the tunnel to the hub router where it redistributes them out the IPsec tunnel shared with the other spoke router.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :