Routing, Switching

Cisco ASA & ESX: strange ARP behavior

René Jorissen on January 12, 2009 10 Comments • Tags: #arp #behavior #esx #icmp #interface #nat #noproxyarp #path #proxy #reverse #reverse-path #spoofing #strange #sysopt #verify #vmware

Last week I had a very strange problem with a Cisco ASA firewall. The firewall is configured with multiple interfaces, including a DMZ interface. There are multiple servers in the DMZ. These servers are physical and virtual servers. The virtual servers are VMware servers in a blade environment. I configured the feature ip verify reverse-path … Read More

Firewalling

VPN Filtering through Group Policy

René Jorissen on January 9, 2009 0 Comments • Tags: #access #connection #filtering #group #lists #permit-ipsec #permit-vpn #policy #sysopt #tunnel #vpn #vpn-filtering

When configuring a Remote Access VPN or a Site to Site VPN connection you have the ability to filter traffic entering and leaving the VPN connection. You have the ability to enable inbound IPsec sessions to bypass interface access lists. Group policy and per-user authorization access lists still apply to the traffic. The sysopt connection … Read More

Routing

GRE over IPsec with Cisco ASA

René Jorissen on December 3, 2008 0 Comments • Tags: #clear #connection #cscse36327 #gre #host #ipsec #local #local-host #reclassify-vpn #sysopt

In different scenario’s it is required to configure some kind of routing protocol between two offices, but the routers should be configured to look directly connected to each other. Normally I always configure an IPsec VPN between the two offices and configure an additional GRE tunnel over the IPsec VPN tunnel. In that way the … Read More