I have a 2691 router with 4 fastethernet and 2 T1 cards. One serial port is my production WAN hosting my GRE/VPN interoffice connections. Two fast ethernet ports are part of my DMZ. fa1/0 is attached to my DMZ switch, and fa1/1 is cnnected to a 2503 e0 router, which the s0 on this 2503 hits te Internet.
I currently have "ip policy route-map BYPASS_VPN" in my interface fa1/0 and a route map with the next hop defined as well.
This all works fine.
I now need to initiate from within my DMZ an ftp session into my production network, so the next hop will not be my DMZ router.
Can anyone supply me with some examples as to how you folks do this?
Can you paste your configs. Why do you have a route-map in the first place, when you could run routing protocol over the GRE/VPN topology to know about routes in your production network, while have a default route to 2503 for Internet traffic ?
I have an application that utilizes 100% of circuit capacity. This application, when launched, killed my production T1 link. The work around was to implement a second T1 line and use this link solely for this business application. Now, I call this segmented network DMZ. In addition to me launching this killer application to an Internet based customer facility, I have a need to ftp to one of my internal machines. I do not advertise DMZ IP address space on my inside network, so yes, I can get to the inside FTP server, but the return path isn't known, and I do not want to use static routes. Therefore I'm looking at a nat statement and an access list.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...