olpeleri

Member Since: Dec 27, 2005

English
olpeleri commented on FlexVPN Licensing , Remote Access EZVPN client ? in VPN 1 year ago

Hello Swap, "Does User Apex Subscription automatically entitle us to use Anyconnect client ?"User...

olpeleri commented on FlexVPN with F-VRF and multiple tunnels in VPN 2 years ago

It has always been working If the endpoints have different IP's [ eg one tunnel sourced from ADSL...

olpeleri commented on ipsec vti ipv4 over ipv6 possible ? in VPN 3 years ago

Merci!

olpeleri commented on ipsec vti ipv4 over ipv6 possible ? in VPN 3 years ago

Nicolas,Can you enable IPV6 unicast-routing on both sides and try again?Cheers,

olpeleri commented on ipsec vti ipv4 over ipv6 possible ? in VPN 3 years ago

Can you past both complete config ?

olpeleri commented on ipsec vti ipv4 over ipv6 possible ? in VPN 3 years ago

wierd... I did a quick test on my boxes [151-4.M6]R102#sh crypto session dCrypto session current...

olpeleri commented on ipsec vti ipv4 over ipv6 possible ? in VPN 3 years ago

Bonjour Nicolas,So to summarize:On the 1841 we  have     #pkts encaps: 4, #pkts encrypt: 4, #pkts...

olpeleri commented on ipsec vti ipv4 over ipv6 possible ? in VPN 3 years ago

HelloNo there is nothing obvious that I would spot as wrong. Let's see what you have on the other...

olpeleri commented on ipsec vti ipv4 over ipv6 possible ? in VPN 3 years ago

Nicolas,I see     #pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 4      #pkts decaps: 0, #pkts...

olpeleri commented on FlexVPN/Ikev2/EAP secure connection between Iphone/Ipad and a Cisco router in VPN 3 years ago

Hello,The only platforms where licensing is required (ASR1001 or ASR1002-X) just requires the '...

olpeleri commented on Can not connect to easy VPN Server in VPN 3 years ago

Add ip nat inside on the virtual-templateAdd the vpn subnet to the pat pool

olpeleri commented on VPN Question about Encryption in VPN 3 years ago

Hello,1. Crypto maps on tunnel interfaces are not supported. Can you remove that?2. Your crypto ACL...

olpeleri commented on FlexVPN with F-VRF and multiple tunnels in VPN 3 years ago

2 questions;1. VT1 is sourced from tunnel source Ethernet0/0That means you are trying to resolve...

olpeleri commented on VPN Question about Encryption in VPN 3 years ago

On top of what Karsten is saying. U need to understand the concept of encapsulation. Looking at...

olpeleri commented on Problem loading AIM-VPN/HPII on C3745 in VPN 3 years ago

Hello,Bad news: Hardware is end of support since 2012. See the URL below.http://www.cisco.com/en/US...

olpeleri commented on FlexVPN with F-VRF and multiple tunnels in VPN 3 years ago

Hello,Currently you can't have 2 tunnels sharing the same source and destination [ However in a...

olpeleri commented on DMVPN/S2S VPN With XAUTH? in VPN 3 years ago

It may work using network authorization with the following huge drawback. U will have to use...

olpeleri commented on ipsec proxy-id problem in VPN 3 years ago

Yep expected with initiate-only, we negotiate proxy-id's for the peer public IP in order to...

olpeleri commented on ipsec proxy-id problem in VPN 3 years ago

Hello,As long the interesting traffic reaches the ASA, it will start. Are you sure the traffic is...

olpeleri commented on ipsec proxy-id problem in VPN 3 years ago

Hello,Can you remove crypto map ssa 1 set connection-type originate-onlyIt's supposed to...

olpeleri commented on Why DMVPN contains GRE ? in VPN 3 years ago

Hello,NHRP is not an ip protocol but a layer 2 protocol. Because of that we need GRE which can...

olpeleri commented on ASR901 support IPsec gdoi in VPN 3 years ago

Hello,If you select Group Encrypted VPN (GETVPN) as technology in the feature navigator the ASR901...

olpeleri commented on remote desktop die when connecting the VPN in VPN 3 years ago

Hello,If the vpn server is win2008, I've no experience about it. I can't really help.Regards,

olpeleri commented on remote desktop die when connecting the VPN in VPN 3 years ago

What type of server do you use ? IOS ? ASA?Cheers,

olpeleri commented on VPN tunnel not coming back up after power cycle in VPN 3 years ago

You would need to debug that furtherdebug crypto isakmp debug crypto pki trandebug crypto pki mess...

olpeleri commented on Need help for Cisco VPN 3000 Concentrator in VPN 3 years ago

HelloThat product has been flagged as obsolete few years ago [ End Of Support]Except the 3002, all...

olpeleri commented on 1801 Router Remote VPN Issue in VPN 3 years ago

......002015: *Apr 19 11:18:41.632: ISAKMP:(0):Authentication method offered does not match policy!...

olpeleri commented on remote desktop die when connecting the VPN in VPN 3 years ago

It's a setting controlled on the ezvpn server....

olpeleri commented on remote desktop die when connecting the VPN in VPN 3 years ago

Javier,When VPN comes up on server1, then all traffic get tunnelled into the client [ including the...

olpeleri commented on VPN tunnel not coming back up after power cycle in VPN 3 years ago

Check the RSA key prior and after reload. Is it still the same with the same name?   sh crypto...

olpeleri commented on Issue of IPsec VPN network over transport mode in VPN 3 years ago

Hello,Your analysis of point 1 seems right. That's why the RFC2401 does not allow that scenario:...

olpeleri commented on anyconnect certificate based authentication on ios router in VPN 3 years ago

Hello,Have a look at this document,  https://supportforums.cisco.com/docs/DOC-23967It should cover...

olpeleri commented on IPsec Client VPN - aggressive mode in VPN 3 years ago

Hello,Ikev1 HUB running aggressive mode sends his PSK hash in the second packet along with his DH...

olpeleri commented on vpnagentd and repeated connections to 202.x.y.z sites in VPN 3 years ago

Looks like CSCue43390 vpnagentd wants to connect to 202.x.x.x - false positive alarming msgIt's...

olpeleri commented on Does SFTP need additional VPN to be secure ? in VPN 3 years ago

I would say:Protocol wise, SFTP uses the SSH framework. Increase ServerKeyBits from 768 to 2048 in...

olpeleri commented on DMVPN Crypto Map Priority in VPN 3 years ago

Hello Ray,I was asking for a config without any secrets, you are exposing your pre-shared-key to...

olpeleri commented on Cisco 1921: On board hw module not used ? in VPN 3 years ago

Hello Sylvain,ISR-G1 [ 1800 - 2800 - 3800 ] are currently going through their end of life process....

olpeleri commented on DMVPN Crypto Map Priority in VPN 3 years ago

Hello,Can you share the config [ remove secrets ] and explain what exact issue you are experiencing...

olpeleri commented on Cisco 1921: On board hw module not used ? in VPN 3 years ago

Hey Sylvain,If you are looking for HW suite-B support, then you will have to upgrade to 15.2(4)M...

olpeleri commented on Cisco 1921: On board hw module not used ? in VPN 3 years ago

Hello,What version are you running?Cheers,

olpeleri commented on Cisco 1921: On board hw module not used ? in VPN 3 years ago

Hey Sylvain,What version do you use? Can you paste the crypto part of your config?Cheers,

olpeleri commented on Cisco Router with IKEV2 support in VPN 3 years ago

Hello Tharaka,It's not available on ISR G1.ikev2 is available on ISR G2 [ 1900 - 2900 - 3900 - 880'...

olpeleri commented on Policy Nat on cisco router in VPN 3 years ago

U should avoid any ambiguity by havingaccess-list 100 deny ip 10.103.70.0  0.0.0.255  10.193.128.0...

olpeleri commented on Policy Nat on cisco router in VPN 3 years ago

My bad... it looks ok in factpermit ip 10.193.115.0 0.0.0.255  10.193.128.0 0.0.1.255

olpeleri commented on Policy Nat on cisco router in VPN 3 years ago

Crypto ACL should match the addresses after nat [ not before nat]

olpeleri commented on Site2Site Tunnel issue PSEC(epa_des_crypt): decrypted packet failed SA identity check in VPN 3 years ago

HelloThe only thing I can say... This counter will increase only if a packet fails the SPD check...

olpeleri commented on Case-Sensitive logon with ASA and LDAP in VPN 3 years ago

Hello,That reminds me a old bug CSCsz21934    ASA AAA should  treat RA username as...

olpeleri commented on Site2Site Tunnel issue PSEC(epa_des_crypt): decrypted packet failed SA identity check in VPN 3 years ago

I had that issue 1 year go"decrypted packet failed SA identity check" means that we have decrypted...

olpeleri commented on What are different types of VPN and how do Layer 2, Layer and Layer 4 VPNs work ? in VPN 3 years ago

Hello,IPSEC VPN can encapsulate almost anything - U can do xconnect [ l2tpv3 over ipsec ] - that...

olpeleri commented on IKEv2 with certificates in VPN 3 years ago

Hello,I'm afraid the info is incorrect. IOS CA is of course compatible with ikev2. Cheers,

Bio












olpeleri's Stats

Points315
Discussion started 0
Answers marked as Correct 28
Endorsed 0
Content Rated 52