Thursday, August 23, 2012

Giant frames on VSL link

I was checking the VSL link on a network and I have found a lot of giant:

show int Te1/5/5TenGigabitEthernet1/5/4 is up, line protocol is up (connected)
       8 runts, 1739095 giants, 0 throttles

I have searched on cisco.com and I have found the following:
The VSL carries data traffic and in-band control traffic between the two chassis. All frames forwarded over the VSL link are encapsulated with a special 32-byte header, which provides information for the VSS to forward the packet on the peer chassis. 

I guess if a packet close to1500 MTU is received and a 32-byte header is added, we have giant packet. If I'm wrong, don't hesitate to correct me.
Posted by at No comments:

Thursday, August 9, 2012

VPN connexion and Internet Access

When you are connected to a VPN session, normally you can access to the corporate LAN.
However, it's also possible to have access (in the same time) to Internet.

To do this on ASA, you have to configure some NAT rule.
All traffic that will go to Internet have to use the Internet facing interface like source IP address.

The configuration below is an example that can be applied:

ip local pool Pool_VPN 192.168.40.10-192.168.40.250 mask 255.255.255.0
!
interface GigabitEthernet0/1
 description Outside Facing Interface
 nameif INTERNET
 security-level 0
 ip address 199.199.199.199 255.255.255.240
!
object network NAT-VPN-POOL
 subnet 192.168.40.0 255.255.255.0
 description Pool VPN
!
object network NAT-VPN-POOL
 nat (any,INTERNET) dynamic interface

All traffic with VPN IP Pool source address and with Internet destination will match this NAT rule.
Source address will be modified with the outside interface.
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)