| |
| |
| |
|
Comments:
<0> http://www.shoutfile.com/fullscreen/gSfSsCpR
<1> mornin snowebabe
<2> mornin hon
<3> hi guy,
<3> how can i check lost packet in proper way please, i got two site link by vpn
<3> i'm using either ping, tracert, traceroute and check the log from vpn gateway,
<4> just wondering - which vpn you use
<3> is this correct way to check lost packet between site or should i look at different method?
<3> i'm using vpn that come with cisco router
<4> ahh
<3> i'm check log from there
<3> and i'm always use ping or traceroute for connection check
<3> is anyway i can check lost packet in proper way?
<3> well, my boss would like to know what packet being lost on the vpn tunnel
<4> I dont know cisco. isnt there something in the routers with stats?
<3> you means check the the log?
<4> well, lots of those high end routers come with management software
<4> built in manangement
<5> [snowe] oh hells bells
<6> hello, if you have a Cisco router setup with 2 Isp's for BGP sessions so you have a redundant system, but the backup only gets used maybe once a year, is there an easy way to make certain pc's use the backup ISP?
<6> like say, just add the backup ISP's dns server ip's to certain computers as the 1st priority, would that use the backup ISP? or not?
<7> Well, routing doesn't work like that.
<6> bummer
<6> someone told me that would work :P
<6> figured it was too easy to be true
<7> First, DNS has nothing at all to do with routing. Second, routing pays attention to nothing but destionation IP of each packet. If BGP says the path that that destination is out ISP A, then any packets received to that destination will go out ISP A
<7> Do you mean like a home NAT without BGP?
<6> no
<6> this is at work
<6> and is not subnetted
<6> default cl*** c network
<7> Oh, ok
<7> No NAT?
<6> no
<7> ok then if you're trying to do this for traffic purposes, you can spread some of the outbound traffic out the other link
<7> but not inbound
<6> cool, thats a start
<7> You can either:
<7> a) Use something called "policy routing" to make all traffic from specific source IPs go out the second ISP
<7> b) Route specific destination IPs out the second IP, so that all machines on the LAN will go out the second ISP when sending traffic to the specific destination IPs you have rerouted
<7> both of these methods affect outbound traffic only.
<6> so i could say, take half of the 254 addresses and have them do your 1st option?
<7> Right.
<6> perfect
<7> However most offices tend to be mostly downstream traffic
<6> does "policy routing" get setup inside the router? or is this on the clients or what?
<7> it is done on the router
<6> well we have an EMR that is purely webbased
<6> so theres alot of upstream traffic as well
<7> ahh
<6> thanks for your help man, going to look into how to do this policy routing
<7> well also I guess I should point out that PBR (policy based routing) will override BGP for the IPs you force out the 2nd ISP
<7> if the second ISP goes down, those IPs are down (well unless you go back in and manually remove the PBR config)
<6> ah
<6> hmm
<6> would the ultimate way to accomplish this.. be to get another router, and subnet a section of the clinic to reverse the ISP's?
<8> Would there be anyreason a site cannot be viewed by IE but can be in any other browser
<8> Our firewall has ssl open and RPC (for the web services)
<8> Its like the connection is being refused
<8> we cannot ping the RPC server,
<8> Oh and this is over ssl
<9> can anyone spot my error here http://rafb.net/p/Z0SPIF60.html
<9> tyring to enter this command "crypto map outside_map 20 psec-isakmp" and i get this error WARNING: crypto map entry will be incomplete
Return to
#networking
or
Go to some related
logs:
pass 4realamateurs
#beginner
celestestar
#online
#bsd
dma hanseng
Microsoft WinXP Pro *Corp* *SP2 Integrated
#nhl
#linux-noob
#red
|
|