Tag Archives: Cisco Router

IPsec Site-to-Site VPN Palo Alto <-> Cisco Router

This time I configured a static S2S VPN between a Palo Alto firewall and a Cisco IOS router. Here comes the tutorial:

I am not using a virtual interface (VTI) on the Cisco router in this scenario, but the classical policy-based VPN solution. That is, no route entry is needed on the Cisco machine. However, the Palo Alto implements all VPNs with tunnel interfaces. Hence, a route to the tunnel and Proxy IDs must be configured. (I also wrote a guide for a route-based VPN between a Cisco router and a Palo Alto firewall here.)

Continue reading IPsec Site-to-Site VPN Palo Alto < -> Cisco Router

Cisco Router: Disable DNS Rewrite ALG for Static NATs

I am using a Cisco router for my basic ISP connection with a NAT/PAT configuration that translates all client connections to the IPv4 address of the outside interface of the router. Furthermore,  I am translating all my static public IPv4 addresses to private ones through static NAT entries. I basically thought, that only the IPv4 addresses in the mere IPv4 packet header would be translated. However, this was not true since I immediately discovered that public DNS addresses are translated to my private IPv4 addresses, too. This was a bit confusing since I have not explicitly configured an application layer gateway (ALG) on that router.

“Google is my friend” and helped me one more time to find out the appropriate solution: The “no ip nat service alg udp dns” keyword to disable the DNS rewrite. (The synonym from Cisco for DNS rewrite is: DNS doctoring.) Here comes a basic example:

Continue reading Cisco Router: Disable DNS Rewrite ALG for Static NATs

Basic ISP Load Balancing with a Cisco Router

“We have two independent DSL connections to the Internet and want to share the bandwidth for our users.” This was the basic requirement for a load balancing solution at the customer’s site. After searching a while for dedicated load balancers and thinking about a Do-It-Yourself Linux router solution, I used an old Cisco router (type 2621, about 40,- € on eBay at the time of writing) with two default routes, each pointing to one of the ISP routers. That fits. ;)

Continue reading Basic ISP Load Balancing with a Cisco Router

MRTG/Routers2: Adding a Cisco Router

This post shortly explains the process of adding a Cisco router into the monitoring system “MRTG with Routers2” as I explained it here. It gives an example on how SNMP is activated on the router and how the *.cfg file for MRTG/Routers2 is created with the additional values for CPU and memory usage.

Continue reading MRTG/Routers2: Adding a Cisco Router