Cisco ASA – VPN Reverse Route Injection With OSPF
Reverse Route Injection KB ID 0000982 Problem Reverse Route injection is the process that can be used on a Cisco ASA to take a route for an established VPN, and populate/inject that route into the routing table of other devices in it’s routing group. In the example below, on the main site, we have a Layer 3 switch that’s routing all the 192.168.x.x networks, and we have an established site to site VPN to a remote site. To...
Cisco – Joining Layer 2 Networks Over Layer 3 Networks
KB ID 0001313 Problem It’s a common problem, you want to connect one site to another and still have them on the same layer 2 network. As you can see above both the routers at the bottom are in the 172.16.1.0/24 network, let’s assume they are clients in the same layer 2 network how would you connect them? Solution Option 1: xconnect over L2TP All the ‘heavy lifting’ is done on the SiteA and SiteB routers. We...
Cisco Licence Differences LAN-Lite / LAN Base / IP Base / IP Services
KB ID 0001270 Problem Actually finding the answer to this question is far more challenging than it needs to be! As usual Cisco can change this on a whim so before you purchase any equipment it’s still a good policy to check on the feature navigator. Solution This is about the best reference I’ve found. Although anyone who can tell me what the correct Layer 2 differences between Enterprise Access and Complete Access are,...
Azure to Cisco VPN – ‘Failed to allocate PSH from platform’
KB ID 0001219 Problem It’s been a week for strange VPN shenanigans with Cisco and Azure. I was liaising with an Azure service provider for a customer this week, and trying to get a VPN up from a Cisco ASA in one of our data centres in the UK. This is what we were seeing; And I could see the same error in the debugs; Decrypted packet:Data: 616 bytes IKEv2-PROTO-1: Failed to allocate PSH from platform IKEv2-PROTO-1: IKEv2-PROTO-5:...
Cisco IOS – DHCP Helper (DHCP Relay) – IP-Helper Setup
KB ID 0001168 Problem Cisco documentation calls this a ‘DHCP Relay’, and uses the command IP-Helper, and I usually call this DHCP Helper, just to confuse everyone. To be fair the term DHCP Relay is an industry standard, it’s not particular to Cisco (as you will see later when I Wireshark the traffic). So If you are reading this you have a DHCP server and you want to use it to lease addresses to clients that are on a...