Cisco Adaptive Security Appliance Software Version 8.3(1)4 Device Manager Version 6.3(1)
The command wouldn't succed since the interface does not have a "nameif" (as suggested by cisco.com). If I do set a "nameif" then the redundant interface will pass untagged packets.
The command is "crypto isakmp enable interface-name"
It would be: crypto isakmp enable Redundant1.251 but
Here is my run conf:
interface GigabitEthernet0/0 description Switch_#1 duplex full no nameif no security-level no ip address ! interface GigabitEthernet0/1 description *** not used *** duplex full shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/2 description Switch_#2 duplex full no nameif no security-level no ip address ! interface GigabitEthernet0/3 description *** not used *** duplex full shutdown no nameif no security-level no ip address
interface Management0/0 description mgt-vlan nameif inside security-level 100 ip address 172.19.24.66 255.255.254.0 management-only ! interface Redundant1 description Switch_#1_#2 member-interface GigabitEthernet0/0 member-interface GigabitEthernet0/2 no nameif no security-level no ip address ! interface Redundant1.251 description vlan251 vlan 251 no nameif security-level 100 ip address "outside_ip" 255.255.255.
Re: how to enable ISAKMP outside redundant interface ?
No, you shouldn't configure the nameif command on the physical interface if you have subinterfaces under that particular physical interface purely because that trunk interface would not be tagged, hence it is not recommended to configure any interface settings under the physical trunk interface.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...