I have DMVPN with two hubs and an EIGRP relationship to a firewall (as well as to the spokes.)
The problem I am running into is that all of the DMVPN traffic is trying to egress Via one of the two VPN  hubs - HUB 1 - it's at capacity for passing encrypted traffic.

SPOKE----HUB 1----FW
SPOKE----HUB 2----FW

HUB1 is assigning a metric to the routes it learns from the spokes which is preferable to HUB2.
So that's why the FW is sending all the traffic to HUB1.

HUB1
 redistribute eigrp 300 metric 100000 0 255 1 1500 route-map EIGRP300-TO-EIGRP100

HUB2
 redistribute eigrp 300 metric 100000 10 255 1 1500 route-map EIGRP300-TO-EIGRP100

The firewall and the HUB DMVPN routers speak via EIGRP100. Hub to spokes via 300.

What I want to do is for the firewall to prefer one hub for half of the sites roughly. I could put in some static routes as a quick fix out of the traffic jam. I could remove HUB 1 from half of the spokes and that would make the HUB 2 the best path for half of the spokes. But surely there's a more elegant approach using route maps.

Something to the effect of..

If you match ACL SAVE-MY-DMVPN, you have a better metric than HUB 1. Otherwise you keep the same metric you have now and let HUB 1 keep doing its thing.

???
spiker.png

I'm in a new gig and I want to understand what happens if a site's Internet link goes down what takes over for their default route.
The routing protocol is EIGRP.

{DATA CENTER}-----WAN EIGRP-----{OFFICE}-----LAN EIGRP----[Cisco ASA]-----{INTERWEBS}

So the switches in the OFFICE are learning their path to the Internet from the Cisco ASA which advertises
a default route inward via EIGRP. The ASA learned it has the default via OSPF from an edge router
outside of it. My guess is that the DATA CENER's default route would propagate over the WAN to
the OFFICE in the event the Cisco ASA stopped advertising the default route inward.

How could I find out the behavior of the lost default route without causing an outage?

Thank you.

I have a Peplink Balance One Router at work and intend to connect 2, or more computers from the same LAN to no avail. Only one connections seems possible. Is this by design?
On the router I use L2TP/IPsec and Windows 10 built in VPN client.

On internal intranet the C/C++ client sends out REST-like queries via TCP/IP and receives an XML response from the Java server. If the REST query loops fetching 3 records at a time, the total time to accumulate 90000 records is about 10x longer than if we fetch 100 records at a time. We will be performing a number of timing tests to isolate the cause. In anticipation that the problem may be the slow TCP/IP start due to initial small windowing, what settings are there to tell TCP/IP to start off with the largest (or larger) window size possible?

We are on 64-bit RHEL servers, and I assume that since the client/server are run on an intranet self-contained within the company, that we do not have to be concerned about congestion.

Thanks,
Paul

Hello we enable these setting to disable NTLM completly in our network.


Im testing it and one problem i got is that when im trying to connect in RDP from a non domain pc (WIndows 10 1903) to my domain pc (WIndows 10 1903) it's not working

I get this error


If i do the same thing from my domain join pc (windows 10 1903) to my non domain join pc (Windows 10 1903) i get the same error but if i add an exception in the GPO above it's working

I also have a problem accessing the \\IP_OF_PC\C$ folder when NTLM is disable

Can we fix that ?

Thanks !

Dear Experts
We have to restrict internal users to access internet but the requirement is they have to access G-suite email account  via email client software MS Outlook to send or receive emails, We have Cisco 1010 firewall and the same is integrated with Windows AD , please  help what ports to be opened or any url to be allowed at firewall so that users can access g-suite email account through email client software .

Hi,
Port 25 is open but I've got the following. Any advice?

C:\Users\Administrator>telnet localhost 25
Connecting To localhost...Could not open connection to the host, on port 25: Connect failed

I use "Remote Desktop Connection" from my windows PC to connect to remote Linux Virtual Machine running Ubuntu 18.04.2 LTS.
I open terminal window and type following command to clone git repository:

git clone git://git.yoctoproject.org/poky_local_copy

The response is as follows:

I open Mozilla Firefox Web Browser, enter git.yoctoproject.org and connect.  Why Web Browser connects to this site but from terminal cannot connect to this site?

Hello,

I've been given two servers for a PHP project inside my company (one for PHP and the other for MS SQL) but my local system administrator has never dealt with remote SQL connections (yeah, I know).

I've managed to use his admin session (thru Skype's desktop presentation) and configured the SQL instance to use a fixed port instead of dynamic (to avoid headaches in the future). I've also created an inbound rule in the SQL server's firewall that allows that same TCP port for the domain. I didn't create an inbound UDP rule for the SQL Browser because I'm not using a dynamic port.

Also, the user that I'm using in my PHP script was created under Security -> Logins but within the database, instead under Security -> Logins for the entire SQL instance. It was created as dbreader and dbwriter only.

This is how my PHP connection looks like (the x are IP address and NNNNN is the port):

$servername = "xxx.xxx.xxx.xxx\\INSTANCENAME, NNNNN";
$connectionInfo = array( "Database"=>"MY_DB_NAME", "UID"=>"loginname", "PWD"=>"somepassword" );
$conn = sqlsrv_connect( $servername, $connectionInfo );

if ($conn) {
     echo "yup";
} else {
     echo "nope";
}

Select all Open in new window

What else can I try to make the connection happen?

BTW, both sqlsrv and pdo_sqlsrv extensions are loading fine in PHP.

Both servers are Windows Server 2016 and SQL is also 2016.

Thanks in advance!

OSPF Address-Family

I have seen  in some examples EIGRP configured with   address-family ipv4 vrf <VRF Name>  autonomous-system <AS Number>
However I have not seen examples where OSPF  is configured with  address-family ipv4 vrf <VRF Name>

for instance, in the topology below Customer Edge CB_1 uses OSPF  and  it is connect to PE_1

Thanks

Naive Question on the Bandwidth versus Throughput

EE Members / Gurus ,

Need your help to clarify the definition

1. If i hear in a meeting , client has internet link of 40Mb . Does this means his bandwidth is 40Mb or the throughput ?
Does this 40Mb in case if it is bandwidth inclusive upload/download speeds ie 20/20

2. What does the terminology means ' ' pipe can handle 80Gb of traffic ' . Does this mean the backbone / backplane speed can or should handle this traffic

Regards,
Sid

Connect 2 Networks that use Different Routing Protocols.

I would like to know in the case we have 2  separate Networks  , one runs OSPF and the other one runs EIGRP.  If I need those 2 networks to be able to talk to each other without using Redistribution nor MP BGP, would that be possible?  for Instance using VPN GRE Tunnel or IPSEC VPN Tunnel ..

Thank you