Hi all. I have almost 100+ remote sites and management has decided to use security and remote branch end to only allow few specific IPs to access resources to/from that site. For eg Consider Site1 with LAN subnet 10.1.56.0/24, now the actual access-list entries are different but just to explain my point i am listing 3 of them here
ip access-list ex Outbound
per ip host 10.1.56.26 host 10.1.1.4
per ip host 10.1.56.8 host 10.1.2.26
per ip 10.1.56.0 0.0.0.255 host 10.1.1.8
and also its exact replica
ip access-list ex Inbound
per ip host 10.1.1.4 host 10.1.56.26
per ip host 10.1.2.26 host 10.1.56.28
per ip host 10.1.1.8 10.1.56.0 0.0.0.255
Now communication can be initiated from either side, i.e. either
10.1.1.4 -> 10.1.56.26
10.1.56.26 -> 10.1.1.4
I thought of using reflexive list but i think it wont work here since communication is bi-directional. If i need to add an entry i have to add it on 2 list and since number of sites are large i am suspecting it will be a great overhead, but one thing is decided that this security must be applied on SITE end and not HUB end. So now is there any way that if i create and entry with permit statement its exact replica is also created ? i hope you are getting the idea, i dont want to create 2 seperate access-list, just one that can also allows an entry's replica as well.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...