EIGRP · IPv6 · Routing

EIGRP IPv6 map-leak

! hostname R1 ! ipv6 unicast-routing ! interface Loopback1 ipv6 address 2001:A:B:1000::1/64 ipv6 enable ! interface FastEthernet0/0 ipv6 address 2001:A:B::2/127 ipv6 enable ! interface FastEthernet1/0 ipv6 address 2001:A:A:1000::2/127 ipv6 enable ! router eigrp CONFIG-IF ! address-family ipv6 unicast autonomous-system 65000 ! af-interface default passive-interface exit-af-interface ! af-interface FastEthernet0/0 no passive-interface exit-af-interface ! af-interface FastEthernet1/0 summary-address… Continue reading EIGRP IPv6 map-leak

AnyConnect · VPN

IOS SSL VPN – tunnel mode

This configuration details how to setup an SSL VPN in ‘tunnel mode’ on a router running v15 IOS. Such a configuration could be run implemented on a small to mid-size remote site utilising an ISR router. Firstly install the AnyConnect package onto the router: ! webvpn install svc flash:/anyconnect-linux-64-4.2.01035-k9.pkg sequence 1 ! Confirm the package… Continue reading IOS SSL VPN – tunnel mode

ISE · Uncategorized

Cisco ISE 1.4 – Change FQDN of Primary Administration node

Half way through our ISE pre-production testing it was decided to move all of the nodes into a new sub-domain. Moving the PSN and secondary Administration node was simply a case of de-registering and re-adding the nodes. From notes I had read online, it was not possible to do the same with the Primary Administration… Continue reading Cisco ISE 1.4 – Change FQDN of Primary Administration node

IPv6 · munin

IPv6 conntrack and munin

Argh, my beloved linux IPv6 firewall was suffering, too many connections, munin graphs not updating; this needed looking at… Firstly I noticed multiple entries of the following in kern.log: nf_conntrack: table full, dropping packet After checking the existing table size: # /sbin/sysctl net.netfilter.nf_conntrack_count net.netfilter.nf_conntrack_count = 76768 …it seemed sensible to double it: # cat /proc/sys/net/nf_conntrack_max… Continue reading IPv6 conntrack and munin