Cisco | Cisco IOS router to Meraki Appliance | site-to-site VPN with Zone based Firewalling

Lately I'm busy to configure Cisco IOS routers in combination with Remote offices where we place Meraki Appliances (like the MX64, MX65 or the Z1) When we do this we create also a VPN connection (site to site). In this setup the Main office has a Cisco IOS router. Configuration of the Main Office. (Cisco … Continue reading Cisco | Cisco IOS router to Meraki Appliance | site-to-site VPN with Zone based Firewalling

Advertisements

Cisco | IOS version difference in case of use NO_NAT

Since a couple of years actually I noticed that when I use recent IOS versions on a Cisco ISR device. That there are some struggles with NAT rules in combination with a VPN client. In somecases you have to put the access-list for the NAT rule with a Permit like below. ip access-list extended ACL_OUTSIDE_NO_NAT … Continue reading Cisco | IOS version difference in case of use NO_NAT

Get rid Cisco IOS router message: %FW-4-TCP_OoO_SEG: Dropping TCP Segment

Some times you will see on a Cisco IOS router the following message in your show logging: 009357: Jul 8 09:28:22.214 CDT: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:104330552 1492 bytes is out-of-order; expected seq:104304632. Reason: TCP reassembly queue overflow - session <internal host>:1535 to <external host>:80 This message can be very annoying if you see it. … Continue reading Get rid Cisco IOS router message: %FW-4-TCP_OoO_SEG: Dropping TCP Segment

ISP Failover Cisco IOS Router

Cisco ISP Failover IOS Router. Today I figured out I had a problem.  With a tracking on the router with 2 ISP connections. After some trouble shooting I found the problem. And fixed it with the configuration below. Number of the track.  So you can see which track is related to the default route. track 10 ip … Continue reading ISP Failover Cisco IOS Router

How to simplify your access-list changes on a Cisco IOS Router

How to simplify your access-list changes on a cisco IOS Router. There is a manner how to do this. The following steps you need to know or have to change are. 1. To know which access-list you need / want to change 2. The name of the access-list written as in the show running-config 3. … Continue reading How to simplify your access-list changes on a Cisco IOS Router

Cisco Inter-vlan configuration Cisco Router 871 Cisco Catalyst 2960

Today I was busy with a configuration between a Cisco Router 871 and a Cisco Catalyst 2960. It was in an enviroment with lots of other switches ( Catalyst 3560 PoE ) So i had to create a good routing infrastructure. Situation: Cisco Catalyst 3560 ( main infrastructure ) Cisco Catalyst 2960 ( Customer infrastructure … Continue reading Cisco Inter-vlan configuration Cisco Router 871 Cisco Catalyst 2960

One-time passwords on Cisco routers

One-time passwords on Cisco routers Cisco routers preconfigured for SDM have default username/password cisco/cisco. As many users forget to disable or change the default username after configuring their router with SDM, they could end up with an exposed router. Cisco has patched this vulnerability in IOS release 12.4(11)T that includes the one-time password/secret option of … Continue reading One-time passwords on Cisco routers