IOS VPN L2L, placement and discuss best practices

Similar Questions

• Where is the best place and the best prices to buy LCD 15 "display

  I want to buy a 15 "TFT laptop awkward girls...
  any suggestions about where is the best place and the best price?

  Post edited by: peterrothwell

  Hi Peter

  As you probably know the laptop LCD display is one of laptop parts expensive (apart from the motherboard).
  I found a few new LCD for around $ 300

  CA? s your choice. Either you will be by a new one for $ 300 with warranty or you will try to buy a second hand one.
  I recommend to check big famous auction site for some deals! ;)

  Good luck

• Using VPN L2L static and dynamic dedicated tunnels

  We have an ASA 5510 running 8.0 at our company headquarters. We have remote sites who need to create VPN L2L at the HQ ASA tunnels. Some remote sites have static IP addresses and others have dynamic IP addresses.

  I found documentation Cisco L2L static IP VPN tunnels and make them work. I found another Cisco documentation for static IP dynamic L2L VPN tunnels using the tunnel-group "DefaultL2LGroup".

  My question is, can you have two types of tunnels on the same ASA L2L? If so, simply by using the definitions of "DefaultL2LGroup" tunnel-group and of tunnel-group work? Is there a reason to not do? Is better technology (ASA HQ and a combination of ASA 5505 and 1861 at remote sites) available?

  Yes, you can have both types of tunnels L2L. If you use a PSK - remember that the IP address of the remote site is used to 'validate' to connect to Headquarters. As long as you use a sure PSK = 64 characters and all with upper/lower case alpha numeric - you should be OK.

  A better way to do it - is to get the static IP addresses for the site that currently have DHCP from ISP.

  HTH >

• HTML and CSS best practices for Eloqua?

  Hello Topliners community,

  My name is Ben and I am a Web Designer. Currently looking for guidance on best practices in HTML and CSS when you work with Eloqua. I am interested in best practices for email and landing pages.

  Thank you

  Ben

  For landing pages, you can use a bit of HTML, CSS, and Javascript like on any other page. For example, we use the Bootstrap on a couple of our Eloqua landing pages.

  Support for HTML and CSS is much more limited. It is one of the best resources I've seen for CSS support:

  http://www.campaignmonitor.com/CSS/

• Nexus 1000v and vSwitch best practices

  I am working on the design of our vDS Nexus 1000v for use on HP BL490 G6 servers. 8 natachasery is allocated as follows:

  vmnic0, 1: management of ESXi, VSM-CTRL-PKT, VSM - MGT

  vmnic2, 3: vMotion

  vmnic4, 5: iSCSI, FT, Clustering heartbeats

  vmnic6, 7: data server and Client VM traffic

  Should I migrate all the natachasery to 1000v vDS, or should I let vmnic 0.1 on a regular vSwitch and others migrate to the vDS? If I migrate all the natachasery at the very least I would designate vmnic 0.1 as system so that traffic could elapse until the MSM could be reached. My inclination is to migrate all the natachasery, but I've seen elsewhere on comments in forums that the VSM associated networks and, possibly, the console ESX (i) are better let off of the vDS.

  Thoughts?

  Here is a best practice-how-to guide specific to 1000v & VC HP might be useful.

  See you soon,.

  Robert

• ESX 3.5 and SQL best practices

  I searched for info on best practices when deploying SQL on the virtual computer. We already have a couple of lightweight SQL production servers running 2008 x 64 and SQL 2005. We are looking for migrating databases existing physical servers to a 2008 newly deployed x 64 SQL VM, I was able to find documents of Vmware and turned to the forum and information. This are not the giant databases - of things such as BES, EPolicy and other mundane but necessary databases. Even more to divide readers to separate newspapers, the sys and databases? Any advice would be appreciated.

  Take a look on:

  Best Practices for SQL Server

  http://www.VMware.com/files/PDF/solutions/sql_server_virtual_bp.PDF

  http://www.VMware.com/files/PDF/SQLServerWorkloads.PDF

  André

• creation of eBook and EPUB Best Practices guide

  I plan to convert the EPUB format for display on eReaders in my book, but I can't find a set of guidelines. I ran across a reference to a "EPUB best practices guide", but I was not able to find it. Anyhone knows where it is?

  My book is in InDesign CS5, and I was the creation of PDF files for the eBook version. I would be very interested in his comments on the advantages and disadvantages of the EPUB. I understand that the page size will be smaller (it is now 8.5 x 11) and images (there are many of them) will be online. Is there anything else I should know before I plunge into that?

  Thank you

  Mark

  This page a link to EPUB best practices and other useful resources:

  http://www.Adobe.com/devnet/digitalpublishing.html

  I also highly recommend Elizabeth Castro eBook, "EPUB Straight to the Point"

• Simple IOS VPN IPsec HUB and Spoke failover HUB

  Hi all

  I have a nd architecture VPN Hub spoke with Asit, IKEv1 and IPsec.

  My hub is connected to a single service provider.

  I wish I had a hardware redundancy for my hub.

  Instead of creating a double tunnel in each Department, I would like to use my router 4000ISR failover protocol.

  Is it possible to simply achieve?

  If I use IOS IPsec failover that I need to deploy my changes on the two router or (such as ASA) I can set the active router and allow the watch to receive the chenges?

  Thanks to you all.

  Johnny

  If your ISP connection is one that has a routed block and you can connect two routers same in it, you can then configure HSRP.

  The source of the Tunnel becomes the HSRP address.  Rays may not know that there are two routers.

  Easy failover.

  Alternatively, you can have a single tunnel with hubs double (if you do not use HSRP).  You don't have to borrow the double tunnels.

• charge battery for the first time and the best practices for maintaining the life of the new PC laptop battery

  Received my first laptop as a gift today (Pavilion touchsmart 15-n287cl).  You need to know 1.  How long to charge it for the first time or first several times; 2 do you need to unload and reload between each use completely and how long should it take to charge an average before being used again.  3. Since no instructions is a good idea to leave it plugged when you use all the time or the battery should be removed to improve the conservation of life?

  Thank you in advance, it has taken a lot of time to migrate from the desktop.  Want it to be a positive experience.

  Hello

  Modern batteries and chargers are now smarter than you.

  1. you can plugin and immediately to use the machine, the machine will stop charge when the battery is fully charged.

  2. No, we don't need to unload completely between uses, then as above. The recommendation is sometimes we run machine on battery until that up to 10%.

  3. when using AC is a way to protect the unit during the failure of current, all of a sudden, leaving battery on laptop.

  Please read the following article:

  http://BatteryUniversity.com/learn/article/how_to_prolong_lithium_based_batteries

  Kind regards.

• IOS VPN L2L + C2L (cisco IPSEC client)

  Hello

  need to configure a C2L (client to the LAN) vpn on a cisco router where there is already an ipsec vpn.

  !!! already configured on the ROUTER

  !

  crypto ISAKMP policy 1

  md5 hash

  preshared authentication

  address of cisco key crypto isakmp 0.0.0.0 0.0.0.0

  !

  !

  Crypto ipsec transform-set esp - esp-md5-hmac Tunnel

  !

  crypto dynamic-map 10 Road-Tunnel

  game of transformation-Tunnel

  match address 115

  !

  !

  !

  !

  Crypto map 10 ipsec-isakmp Crypto-Tunnel Dynamic Channel-Tunnel

  !

  point-to-point interface ATM0/1/0.1

  card crypto Crypto-Tunnel

  !

  access-list 115 permit ip 10.0.0.0 0.0.0.255 192.168.168.0 0.0.0.255

  access-list 115 permit ip 10.0.0.0 0.0.0.255 10.2.0.0 0.0.0.255

  access-list 115 deny ip 10.0.0.0 0.0.0.255 any

  !

  !!! new configuration for cisco ipsec client

  !

  no address Cisco key crypto isakmp 0.0.0.0 0.0.0.0

  address of cisco key crypto isakmp 0.0.0.0 0.0.0.0 no.-xauth

  !

  AAA new-model

  !

  AAA authentication login AutClient local

  AAA authorization groupauthor LAN

  !

  !

  username 0 pippo pippo

  !

  crypto ISAKMP policy 10

  BA 3des

  preshared authentication

  Group 2

  !

  ISAKMP crypto client configuration group vpnclient

  key 0-pippo

  DNS 10.10.10.10

  WINS 10.10.10.20

  domain cisco.com

  pool ippoolvpnclient

  Save-password

  ACL 188

  !

  !

  card crypto Crypto-Tunnel client authentication list AutClient

  card crypto Crypto-Tunnel isakmp authorization list groupauthor

  card crypto Crypto-Tunnel client configuration address respond

  card crypto Crypto-ipsec-isakmp dynamic dynmap Tunnel 20

  !

  Crypto ipsec transform-set esp-3des esp-md5-hmac RIGHT

  !

  Crypto-map dynamic dynmap 10

  match address 188

  Set transform-set RIGHT

  !

  !

  !

  !

  IP local pool ippoolvpnclient 10.99.0.1 10.99.0.30

  !

  access-list 188 note #.

  access-list 188 note # split tunneling VPN C2L

  access-list 188 allow ip 10.99.0.0 0.0.0.31 10.0.0.0 0.0.0.255

  !

  can you tell me if the new configuration is OK?

  Thank you all

  NOT the ACL should be the opposite. Sound from the point of view of the router.

  access-list 188 allow ip 10.2.0.0 0.0.0.255 10.5.0.0 0.0.0.31

  Concerning

  Farrukh

• What is the best practice to block through several layers sizes: hardware and hypervisor VM OS?

  The example below is not a real Setup, I work with, but should get the message. Here's my example of what I'm doing as a reference layer:

  (LAYER1) Hardware: The hardware RAID controller

  • -1 TB Volume configured in the 4K block size. (RAW)?

  
  

  (Layer2) Hypervisor: Data store ESXi

  • -1 TB of Raid Controller formatted with VMFS5 @ block size of 1 MB.

  
  

  Layer (3) the VM OS: Server 2008 R2 w/SQL

  • -100 GB virtual HD using NTFS @ 4 K for the OS block size.
  • -900 GB virtual HD set up using NTFS @ 64 K block size to store the SQL database.
  • 
    

  It seems that vmfs5 is limited to only having a block size of 1 MB. It would be preferable that all or part of the size of the blocks matched on different layers and why or why not? What are the different block sizes on other layers and performance? Could you suggest better alternative or best practices for the sample configuration above?

  If a San participated instead of a hardware on the host computer RAID controller, it would be better to store the vmdk of OS on the VMFS5 data store and create an iSCSI separated THAT LUN formatted to a block size of 64 K, then fix it with the initiator iSCSI in the operating system and which size to 64 K. The corresponding block sizes through layers increase performance or is it advisable? Any help answer and/or explaining best practices is greatly appreciated.

  itsolution,

  Thanks for the helpful response points.  I wrote a blog about this which I hope will help:

  Alignment of partition and blocks of size VMware 5 | blog.jgriffiths.org

  To answer your questions here, will:

  I have 1 TB of space (around) and create two Virutal Drives.

  Virtual Drive 1-10GB - to use for OS Hyper-visiere files

  Virtual Drive 2 - 990 GB - used for the storage of data/VM VMFS store

  The element size of default allocation on the Perc6 / i is 64 KB, but can be 8,16,32,64,128,256,512 or 1024 KB.

  What size block would you use table 1, which is where the real hyper-visiere will be installed?

  -> If you have two tables I would set the size of the block on the table of the hypervisor to 8 KB

  What block size that you use in table 2, which will be used as the VM data store in ESXi?

  ->, I'd go with 1024KO on VMFS 5 size

  -Do you want 1024KO to match the VMFS size which will be finally formatted on top he block?

  -> Yes

  * Consider that this database would eventually contain several virtual hard drives for each OS, database SQL, SQL logs formatted to NTFS to the recommended block, 4K, 8K, 64K size.

  -> The problem here is THAT VMFS will go with 1 MB, no matter what you're doing so sculpture located lower in the RAID will cause no problems but does not help either.  You have 4 k sectors on the disk.  RAID 1 MB, 1 MB invited VMFS, 4 k, 8K, 64 K.   Really, 64K gains are lost a little when the back-end storage is 1 MB.

  If the RAID stripe element size is set to 1 024 Ko so that it matches the VMFS 1 MB size of block, which would be better practice or is it indifferent?

  -> So that's 1024KB, or 4 KB chucks it doesn't really matter.

  What effect this has on the OS/Virtual HD and their sizes respective block installed on top of the tape and the size of block VMFS element?

  -> The effect is minimal on the performance but that exists.   It would be a lie to say that he didn't.

  I could be completely on the overall situation of the thought, but for me it seems that this must be some kind of correlation between the three different "layers" as I call it and a best practice in service.

  Hope that helps.  I'll tell you I ran block size SQL and Exchange time virtualized without any problem and without changing the operating system.  I just stuck with the standard size of microsoft.  I'd be much more concerned by the performance of the raid on your server controller.  They continue to do these things cheaper and cheaper with cache less and less.  If performance is the primary concern then I would consider a matrix or a RAID5/6 solution, or at least look at the amount of cache on your raid controller (reading is normally essential to the database)

  Just my two cents.

  Let me know if you have any additional questions.

  Thank you

  J

• Best practices of the controller auto-Anchor

  Hi all

  I got confused with this configuration. I have 2 of Wlc. One is the internal controller and another set for the controller of the anchor (different subnet-DMZ area) for traffic comments. Where can I configure DHCP assignment for users of this... ? Must deal with to intervine Production controller in this dhcp or will I directly anchor to take care of everything... ? What is recommended?

  And any best practice doc is also available for this... ?

  Help, please...

  Thanks in advance.

  I usually use the WLC anchor for dhcp or the client will in fact have a dhcp server in the DMZ. I don't like to dig holes through the FW to dhcp unless I have to.

  Sent by Cisco Support technique iPhone App

• ASA5510 VPN L2L cannot reach hosts on the other side

  Hello experts,

  I have an ASA5510 with 3 VPN L2L and remote VPN access. Two VPN L2L, Marielle and Aeromique no problem, but for VPN ASPCANADA, to a host behind the ASA 192.168.100.xx, I can't reach 57.5.64.250 or 251 and vice versa. But the tunnel is up. Can you help me please, thank you in advance.

  Add these two lines to the NAT 0 access list:

  inside_outbound_nat0_acl list extended access allowed hosting ASP-NETWORK 255.255.255.0 ip 57.5.64.251

  inside_outbound_nat0_acl list extended access allowed hosting ASP-NETWORK 255.255.255.0 ip 57.5.64.250

  Also make sure this reflection of these statements are also in the distance of the ASA NAT 0-list of access.

  Test and validate results

  HTH

  Sangaré

  Pls rate helpful messages

• Best practices for migrating workflows, actions, patterns between environments

  Hello

  Is there a better document practical to migrate workflows, actions and configuration between vco (-> production development) environments. We want to lock all the workflows/action/configurations in prod. Migration can be done manually through package. Is there something more than that.

  Thank you

  Create a Package using Orchestrator (change the drop-down list in the client in CREATING packages of access mode).

  Add the desired workflow, actions, resources and Configurations to the package. As they added, dependent actions, workflows, resources and configuration items will be detected and added to the package.

  Right-click on the package and either export or synchronize.

  Backup file system export package / archive. Then import it on the server (test or production) target.

  Synchronize to test or prod server when you are ready.

  In both cases, you will be presented with a comparison window that indicates what workflow / actions/configurations/resources will be updated on the target system.

  Make an element by element synchronize would be tedious and could miss dependencies packages are the preferred and recommended best practice.

  For additional info of workflow development lifecycle, see blog of Christophe here: http://bit.ly/vroWdlc

• Recommendations or best practices around change of the audio data on a network share?

  I have several users editing audio located on the same network share. They are always complaining about the performance.  Is it a best practice to edit audio located on the network?  I see so many issues (latency time, possible corruption, etc.) with that from the computer SCIENCE point of view, but I would like the opinion of those more familiar with the application and its best practices.  Thanks in advance.

  It's crazy! So that any audio to be edited with any degree of speed and security, it must be downloaded to a local computer, edited on that, and then the final result re-recorded on the network.

  You might as well do this anyway - at the time wherever you make a change, you store a local version of the file temp on the editing machine, and it has real save, or save as who turned to the network drive. Also, you would be working on a copy, the original is still available in the case of the vis - is up, and would not be the case if you edit the original files directly on the network, so it is intrinsically safer.