We have a 1721 and PIX 515E. 1721 has serial (128Kbps) and ADSL (1MB/128Kbps) connections. Through PBR, PAT'ed traffic from PIX is routed to ADSL. Domino replication, SMTP and IPSec VPN connections to 3 sites are what using the Internet Leased Line.
VPN is terminated outside PIX. Accessing a critical web application on other site is very slow.
This is what I'm thinking to resolve the issue.
* Remove the existing VPN connection from the PIX to the site where the web application is running.
* Use ADSL for the VPN instead.
* 1MB/128Kbps is the max ADSL speed the ISP offers. For more bandwidth, get another ADSL line. 1721 has no spare slots so it has to be replaced so serial & 2 ADSL can be connected.
1. Is it possible that one ADSL will be only for outbound http, FTP,etc and dedicate the other ADSL for VPN only?
2. With VPN terminated on ADSL, the traffic passing between the router and the firewall is not encrypted.
To ensure a secure tunnel connection, the Cisco Easy VPN Remote feature does not support transform sets that provide encryption without authentication (ESP-DES and ESP-3DES) or transform sets that provide authentication without encryption (ESP-NULL ESP-SHA-HMAC and ESP-NULL ESP-MD5-HMAC)
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...