dslreports logo
site
spacer

spacer
 
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»
spc

spacer




how-to block ads



Suggested Prerequisite Reading
»Cisco Forum FAQ »Setting Up Private Site-To-Site Connections

Introduction

When a local network needs to communicate with remote network, there are in general two ways of doing it. One way is to utilize Public network (such as the Internet) and another way is to utilize Private network. Traditionally, Private network consists of dedicated or private circuits of T1/E1 (and higher), ISDN, and frame relay. With today's VPN technology, one can utilize Public network to transport Private network with less cost than dedicated Public network, more convenient since it is On-Demand based, and yet still secure just like the traditional Private network.

On implementation side, there must be a way to distinguish which traffic destined to Public network and which traffic destined to Private network. With IPSec VPN, this is where Split Tunnel come into place. With proper implementation, Split Tunnel decides which traffic destined to Public network and which traffic destined to Private network.

Another scenario is when there is physical device separation between Public network gateway and Private network gateway. In VPN implementation, the Private network gateway is the device that terminates the VPN tunnel where the Public network gateway is the device that connects directly to the Public network. When there is a IPSec VPN implementation, then typically the Private network gateway terminates the IPSec tunnel where the Public network gateway passes the IPSec tunnel just like passes any other IP traffic.

In some network, Public network gateway and Private network gateway resides at the same physical device. When this is the case, the same physical device terminates the IPSec tunnel and then passes the IPSec tunnel just like passes traffic destined to Public network.

Typical IPSec VPN tunnel implementation is to not NAT/PAT traffic destined to Private network and to NAT/PAT only those traffic destined to Public network. Therefore there must be some mechanism that regulate which traffic to NAT/PAT and which traffic not to NAT/PAT. In Cisco devices, this mechanism is controlled by ACL that regulate such traffic.

With routing protocol, there might be a need to implement GRE tunnel in addition to the IPSec tunnel. Depending on the implementation, there can be one device terminating the GRE tunnel, one device terminating the IPSec tunnel (that carries the GRE tunnel), and another device passes the GRE/IPSec (GRE over IPSec) tunnel just like passes traffic destined to Public network. Check out the following FAQ for more info on GRE/IPSec tunnel.
»Cisco Forum FAQ »Between GRE/IPSEC and IPSEC VPN tunnels

Following is a list of sample configuration with various design and implementation.

Static Routes over VPN

PIX Firewall passing IPSec tunnel
Configuring an IPSec Tunnel through a PIX Firewall with NAT

IPSec tunnel passthrough on NAT/PAT Device and Utilize Single Public IP Address For Both Internet and IPSec Tunnel (Split Tunneling)

1. Router as the NAT/PAT Device IOS Router to Pass a LAN-to-LAN IPSec Tunnel via PAT

2. PIX Firewall as the NAT/PAT Device IPsec Tunnel Pass Through a PIX Firewall With use of Access List and with NAT Configuration Example

3. Static mappings with overloaded NAT and VPN Configuring Router-to-Router IPsec (Pre-shared Keys) on GRE Tunnel with IOS Firewall and NAT



Kindly provided by Manta See Profile courtesy of these posts.

Quoted Post #1

Problem:

Two 837 routers connected to ADSL lines. R1 is at Site1 and R2 at Site2. Both have single fixed IP addresses and run an ISAKMP/IPSEC tunnel between them to route the LAN traffic between sites. This works fine but the problem is that when a static NAT entry is put in so that, for example, Remote Desktop is available from the internet to a particular PC at Site1 then it stops access to any Remote Desktop from Site2.

Solution:

Change the IPSEC tunnel so that it only carries traffic from the loopback interface of R1 to the loopback interface of R2. Then run a GRE tunnel over that IPSEC tunnel and route and site to site traffic via Tunnel0.

Site1: 10.0.0.0/24 GW: 10.0.0.254
Site2: 10.1.0.0/24 GW: 10.1.0.1

Sample Configuration:

! Last configuration change at 11:16:23 BST Thu Jun 3 2004 by gareth
! NVRAM config last updated at 11:16:25 BST Thu Jun 3 2004 by gareth
!
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec show-timezone
service timestamps log datetime msec show-timezone
service password-encryption
!
hostname Site1
!
logging queue-limit 100
enable secret 5
!
username
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00
aaa new-model
!
!
aaa authentication login local-auth local-case
aaa session-id common
ip subnet-zero
no ip source-route
no ip domain lookup
ip domain name
!
!
no ip bootp server
ip cef
ip inspect udp idle-time 15
ip inspect tcp idle-time 1800
ip inspect tcp finwait-time 1
ip inspect tcp synwait-time 15
ip inspect name INTERNET-OUT tcp alert on
ip inspect name INTERNET-OUT udp alert on
ip inspect name INTERNET-OUT http alert on
ip audit notify log
ip audit po max-events 100
ip audit smtp spam 100
ip audit name INTERNET-OUT info action alarm
ip audit name INTERNET-OUT attack action alarm drop reset
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
crypto isakmp policy 11
encr 3des
authentication pre-share
group 5
crypto isakmp key address
!
!
crypto ipsec transform-set lan-lan-tunnel esp-3des esp-sha-hmac
!
crypto map vpn-tunnel 10 ipsec-isakmp
description IPSec tunnel to carry GRE
set peer
set transform-set lan-lan-tunnel
set pfs group5
match address site2-gre
!
!
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.255
!
interface Tunnel0
ip address 192.168.2.1 255.255.255.0
keepalive 3 3
tunnel source Loopback0
tunnel destination 192.168.1.2
!
interface Ethernet0
ip access-group Ethernet_In in
ip address 10.0.0.254 255.255.255.0
ip access-group Ethernet-In in
ip nat inside
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Dialer0
ip address negotiated
ip access-group Internet_In in
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect INTERNET-OUT out
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname
ppp chap password
crypto map vpn-tunnel
!
ip nat inside source list NAT interface Dialer0 overload
! Collection of static mappings removed but example given
ip nat inside source static tcp interface Dialer0
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.1.0.0 255.255.255.0 Tunnel0
no ip http server
no ip http secure-server
!
!
ip access-list extended Ethernet-In
remark Invalid internet addresses
deny ip any 0.0.0.0 0.255.255.255 log
permit ip 10.0.0.0 0.0.0.255 10.1.0.0 0.0.0.255
permit ip 10.0.0.0 0.0.0.255 any
deny ip any 10.0.0.0 0.255.255.255 log
deny ip any 127.0.0.0 0.255.255.255 log
deny ip any 169.254.0.0 0.0.255.255 log
deny ip any 172.16.0.0 0.15.255.255 log
deny ip any 192.0.2.0 0.0.0.255 log
deny ip any 192.168.0.0 0.0.255.255 log
remark Lock down email to servers
permit tcp host 10.0.0.2 any eq smtp
deny tcp any any eq smtp log
deny tcp any any eq pop3 log
remark other
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit tcp any any
permit udp any any
deny ip any any log
ip access-list extended Internet-In
remark vpn enable
!Unsure if next two lines needed but it's belt and braces
permit esp host any
permit udp host eq isakmp any eq isakmp
permit ip host 192.168.1.2 host 192.168.1.1
remark Invalid internet addresses
deny ip 0.0.0.0 0.255.255.255 any log
permit ip 10.1.0.0 0.0.0.255 10.0.0.0 0.0.0.255
deny ip 10.0.0.0 0.255.255.255 any log
deny ip 127.0.0.0 0.255.255.255 any log
deny ip 169.254.0.0 0.0.255.255 any log
deny ip 172.16.0.0 0.15.255.255 any log
deny ip 192.0.2.0 0.0.0.255 any log
deny ip 192.168.0.0 0.0.255.255 any log
remark Port Mappings
remark SMTP mail mapping
permit tcp any any eq smtp
remark SSH access mappings
permit tcp host any eq 22
remark Other
permit icmp host any echo
permit icmp any any unreachable
permit icmp any any time-exceeded
permit icmp any any echo-reply
remark SNTP time servers
permit udp host 158.43.128.33 eq ntp any
permit udp host 158.43.128.66 eq ntp any
deny ip any any log
ip access-list extended NAT
! Don't know if these NAT Deny's are necessary any more but it's two hot to think about it at the moment.
deny ip 10.0.0.0 0.0.0.255 10.1.0.0 0.0.0.255
deny ip 10.1.0.0 0.0.0.255 10.0.0.0 0.0.0.255
permit ip 10.0.0.0 0.0.0.255 any
ip access-list extended site2-gre
permit ip host 192.168.1.1 host 192.168.1.2
radius-server authorization permit missing Service-Type
banner login $
Access to this device is only permitted by authorised users
All access to this device is logged
$
!
line con 0
logging synchronous
login authentication local-auth
no modem enable
stopbits 1
line aux 0
login authentication local-auth
stopbits 1
line vty 0 4
logging synchronous
login authentication local-auth
transport input ssh
!
scheduler max-task-time 5000
sntp server 158.43.128.33
sntp server 158.43.128.66
!
end


Quoted Post #2

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec show-timezone
service timestamps log datetime msec show-timezone
service password-encryption
!
hostname
!
boot-start-marker
boot-end-marker
!
logging buffered 40960 warnings
enable secret
!
aaa new-model
!
!
aaa group server radius wireless-radius
server 10.1.0.2 auth-port 1645 acct-port 1646
ip radius source-interface Vlan1
!
aaa authentication login local-auth local-case
aaa authentication login wireless-eap group wireless-radius
aaa authentication ppp default local-case
!
!
aaa session-id common
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
dot11 association mac-list 700
dot11 syslog
!
dot11 ssid w-secure
vlan 2
authentication open eap wireless-eap
authentication key-management wpa
!
dot11 ssid w-ps3
vlan 3
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii
!
no ip source-route
ip cef
!
!
!
!
no ip bootp server
no ip domain lookup
ip domain name bullet-systems.com
ip multicast-routing
ip inspect udp idle-time 15
ip inspect tcp idle-time 1800
ip inspect tcp finwait-time 1
ip inspect tcp synwait-time 15
ip inspect name INTERNET-OUT tcp alert on
ip inspect name INTERNET-OUT udp alert on
ip inspect name INTERNET-OUT http java-list 2 alert on
ip inspect name INTERNET-OUT ftp alert on timeout 300
ip inspect name INTERNET-OUT tftp alert on
ip inspect name INTERNET-OUT sip alert on
ip inspect name INTERNET-OUT rtsp alert on
ip ips name INTERNET-OUT
!
multilink bundle-name authenticated
!
!
username secret
!
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 5
crypto isakmp key address
crypto isakmp key address
crypto isakmp invalid-spi-recovery
!
!
crypto ipsec transform-set ipsec-tunnel esp-3des esp-sha-hmac
!
crypto map vpn-tunnel 100 ipsec-isakmp
description A to B IPSec tunnel to carry GRE
set peer
set transform-set ipsec-tunnel
set pfs group5
match address adsl-gre
!
crypto map vpn-tunnel 110 ipsec-isakmp
description A to B via SDSL
set peer set transform-set ipsec-tunnel
set pfs group5
match address sdsl-gre
!
archive
log config
hidekeys
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map match-any voip
match ip rtp 9000 20
match access-group name voip
!
!
policy-map voip
class voip
priority 516
class class-default
fair-queue
!
!
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.255
!
interface Loopback5
ip address 192.168.1.5 255.255.255.255
!
interface Tunnel0
description Tunnel over ADSL
bandwidth 800
ip unnumbered Loopback0
ip load-sharing per-packet
ip multicast boundary multicast-boundary
ip virtual-reassembly
ip tcp adjust-mss 1200
qos pre-classify
keepalive 3 3
tunnel source Loopback0
tunnel destination 192.168.1.2
tunnel key 0
tunnel bandwidth transmit 800
!
interface Tunnel5
description Tunnel SDSL
bandwidth 800
bandwidth receive 1024
ip unnumbered Loopback5
ip load-sharing per-packet
ip multicast boundary multicast-boundary
ip virtual-reassembly
ip tcp adjust-mss 1200
qos pre-classify
keepalive 3 3
tunnel source Loopback5
tunnel destination 192.168.1.6
tunnel key 5
tunnel bandwidth transmit 800
!
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
pvc 0/38
ubr 832
encapsulation aal5mux ppp dialer
dialer pool-member 1
service-policy output voip
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption vlan 2 mode ciphers aes-ccm
!
encryption vlan 3 mode ciphers aes-ccm
!
ssid w-secure
!
ssid w-ps3
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.2
description Wireless VLAN for laptop and trusted machines
encapsulation dot1Q 2
ip address 10.2.2.1 255.255.255.0
ip helper-address 10.1.0.2
ip nat inside
ip virtual-reassembly
!
interface Dot11Radio0.3
description Wireless VLAN for PS3
encapsulation dot1Q 3
ip address 10.2.3.1 255.255.255.0
ip access-group wireless-lockdown in
ip helper-address 10.1.0.2
ip pim sparse-dense-mode
ip nat inside
ip virtual-reassembly
!
interface Vlan1
description Local Area Network
bandwidth 100000
ip address 10.1.0.1 255.255.255.0
ip access-group ethernet-in in
ip nbar protocol-discovery
ip pim sparse-dense-mode
ip nat inside
ip virtual-reassembly
hold-queue 100 out
!
interface Dialer0
description ADSL line 8192kbps/832kbps
bandwidth 8192
ip address negotiated
ip access-group internet-in in
no ip proxy-arp
ip multicast boundary multicast-boundary
ip nat outside
ip inspect INTERNET-OUT out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname
ppp chap password
crypto map vpn-tunnel
!
no ip forward-protocol nd
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.1.1.0 255.255.255.0 Tunnel0
ip route 10.1.1.0 255.255.255.0 Tunnel5
!
!
no ip http server
no ip http secure-server
ip nat translation timeout 1800
ip nat translation tcp-timeout 300
ip nat translation finrst-timeout 15
ip nat translation syn-timeout 45
ip nat translation max-entries host 10.1.0.52 1500
ip nat pool used-ip-block prefix-length 29
ip nat pool unused-ip-block prefix-length 29
ip nat inside source list nat-list pool used-ip-block overload
ip nat inside source static tcp extendable
ip nat inside source static udp extendable
!
ip access-list standard multicast-boundary
deny 239.255.0.0 0.0.255.255
permit any
!
ip access-list extended sdsl-gre
permit ip host 192.168.1.5 host 192.168.1.6
!
ip access-list extended ethernet-in
permit ip any host 192.168.2.2
remark Invalid internet addresses
deny ip any 0.0.0.0 0.255.255.255 log
deny ip any 127.0.0.0 0.255.255.255 log
deny ip any 169.254.0.0 0.0.255.255 log
deny ip any 192.0.2.0 0.0.0.255 log
deny ip any 192.168.0.0 0.0.255.255 log
remark Other
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit tcp any any
permit udp any any
permit igmp 10.1.0.0 0.0.0.255 any
deny ip any any log
!
ip access-list extended internet-in
permit esp host any
permit udp host eq isakmp any eq isakmp
remark Invalid internet addresses
deny ip 0.0.0.0 0.255.255.255 any log
deny ip 10.0.0.0 0.255.255.255 any log
deny ip 127.0.0.0 0.255.255.255 any log
deny ip 169.254.0.0 0.0.255.255 any log
deny ip 172.16.0.0 0.15.255.255 any log
deny ip 192.0.2.0 0.0.0.255 any log
deny ip 192.168.0.0 0.0.255.255 any log
permit tcp any any eq domain
permit udp any any eq domain
remark Other
permit icmp any any unreachable
permit icmp any any time-exceeded
permit icmp any any echo-reply
permit udp host 158.43.128.33 any eq ntp
permit udp host 158.43.128.66 any eq ntp
deny ip any any log
!
ip access-list extended adsl-gre
permit ip host 192.168.1.1 host 192.168.1.2
!
ip access-list extended nat-list
deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
permit ip 10.1.0.0 0.0.255.255 any
permit ip 10.2.2.0 0.0.0.255 any
permit ip 10.2.3.0 0.0.0.255 any
!
ip access-list extended voip
permit ip any 217.10.79.0 0.0.0.255
permit udp host 10.1.0.2 range 9000 9020 any
!
ip access-list extended wireless-lockdown
permit tcp 10.2.3.0 0.0.0.255 host 10.1.0.2 eq domain
permit udp 10.2.3.0 0.0.0.255 host 10.1.0.2 eq domain
permit tcp 10.2.3.0 0.0.0.255 host 10.1.1.2 eq domain
permit udp 10.2.3.0 0.0.0.255 host 10.1.1.2 eq domain
permit ip 10.2.3.0 0.0.0.255 host 10.1.0.3
permit udp any eq bootpc any eq bootps
deny ip 10.2.3.0 0.0.0.255 10.0.0.0 0.255.255.255 log
deny ip 10.2.3.0 0.0.0.255 192.168.0.0 0.0.255.255 log
permit igmp 10.2.3.0 0.0.0.255 any
permit ip 10.2.3.0 0.0.0.255 any
!
ip radius source-interface Vlan1
logging history size 100
access-list 1 remark SNMP access
access-list 1 permit 10.1.0.2
access-list 1 deny any log
!
access-list 2 remark JAVA applet firewall exception list
access-list 2 permit 72.5.124.95
access-list 2 permit 85.210.20.0 0.0.0.255
!
!
access-list 700 permit 0123.4567.8901 0000.0000.0000
!
snmp-server community RO 1
snmp-server contact Me
snmp-server chassis-id
snmp-server enable traps tty
!
!
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 10.1.0.2 auth-port 1645 acct-port 1646 key
radius-server vsa send accounting
!
control-plane
!
banner login ^CC
Access to this device is only permitted by authorised users
All access to this device is logged
^C
!
line con 0
logging synchronous
login authentication local-auth
no modem enable
stopbits 1
line aux 0
login authentication local-auth
stopbits 1
line vty 0 4
exec-timeout 20 0
logging synchronous
login authentication local-auth
transport input ssh
!
scheduler max-task-time 5000
sntp server 158.43.128.33
sntp server 158.43.128.66
!
!
end




Private Routing over VPN

GRE/IPSec tunnel to support IP Routing Protocols

Configuring a GRE Tunnel over IPSec with OSPF
GRE over IPSec with EIGRP to Route Through a Hub and Multiple Remote Sites

New OSPF Feature on ASA/PIX Firewall running OS version 7.x or later

With new OS version, it is no longer requirement to encapsulate OSPF into GRE tunnel in order to pass it through IPSec VPN tunnel. By running OS version 7.x or later, ASA or PIX Firewall is now able to pass OSPF through IPSec VPN tunnel just like pass through GRE or any IP traffic.

Furthermore, the ASA/PIX Firewall will also be part of the OSPF domain. In other words, the ASA/PIX Firewall running OS version 7.x or later can terminate IPSec VPN tunnel, has no requirement to have GRE tunnel to support OSPF, and will be part of the OSPF domain. With this new feature, you may notice that the ASA/PIX Firewall is more like a router.

Check out the following link for sample configuration.
PIX/ASA 7.x and later: VPN/IPsec with OSPF Configuration Example

IPX Routing over GRE/IPSec

Configuring GRE and IPSec with IPX Routing
Configuring IPSec with EIGRP and IPX Using GRE Tunneling

DMVPN

When Cisco routers act as the VPN device at all sites, it is simpler and scalable to run DMVPN between routers instead the previous GRE over IPSec approach. With DMVPN, there will be no need to manually setup each tunnel for each connection between two sites. DMVPN will be "dynamically" setting up necessary GRE and IPSec tunnels.

Should you decide to run DMVPN, verify your router IOS image version support it. IOS image version with either Advanced Enterprise or Advanced IP Services features should support DMVPN.

Check out following links for more info on DMVPN.

Dynamic Multipoint IPsec VPNs (Using Multipoint GRE/NHRP to Scale IPsec VPNs)
Configuring DMVPN Spoke Router in Full Mesh IPsec VPN Using SDM
Configuring Dynamic Multipoint VPN Using GRE Over IPsec With OSPF, NAT, and Cisco IOS Firewall

Sample Configuration



Courtesy of ladino See Profile from this post

Here is a config that I know to work and scales well even when numerous remotes sites connect to the hub

HUB

!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key Cisco123 address 0.0.0.0
crypto isakmp invalid-spi-recovery
crypto isakmp nat keepalive 20
!
!
crypto ipsec transform-set ABC esp-3des esp-md5-hmac
mode transport require
!
!
crypto ipsec profile TRNSS-DMVPN-IPSEC
set transform-set ABC
!

!
interface Tunnel1
ip address 192.168.253.1 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
ip nhrp authentication Cisco123
ip nhrp map multicast dynamic
ip nhrp network-id 101
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 101
tunnel protection ipsec profile TRNSS-DMVPN-IPSEC
!

SPOKE

!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key Cisco123 address 0.0.0.0
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 10 periodic
crypto isakmp nat keepalive 20
!
!
crypto ipsec transform-set ABC esp-3des esp-md5-hmac
mode transport require
crypto ipsec df-bit clear
!
!
crypto ipsec profile TRNSS-DMVPN-IPSEC
set transform-set ABC
!
interface Tunnel1
ip address 192.168.253.6 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication Cisco123
ip nhrp map multicast dynamic
ip nhrp map multicast 10.10.10.10
ip nhrp map 192.168.253.1 10.10.10.10
ip nhrp network-id 101
ip nhrp nhs 192.168.253.1
ip tcp adjust-mss 1360
tunnel source FastEthernet4
tunnel mode gre multipoint
tunnel key 101
tunnel protection ipsec profile TRNSS-DMVPN-IPSEC shared
!




Some discussions

»DMVPN vs individual tunnels
»[Config] DMVPN works, restrictions needed...
»[Config] Need Help with DMVPN
»[Config] DMVPN reundandt WAN (SOLVED - config inside)

More Sample Configurations
»Sample network configuration

Expand got feedback?

by Covenant See Profile edited by aryoba See Profile
last modified: 2013-10-28 14:48:24