Sunday, May 16, 2010



1. Existing XLate
2. NAT 0
3. Satic NAT
3. Dynamic NAT, nat (inside)

Tuesday, May 11, 2010

Sometimes Answers will be a Question !!!! Route Precedence

Recently I got a call from one of my followers, asking if we have three routes via bgp via ospf via eigrp

which route will take for

Now the basic funda is,

Route selection precedence is as follows

1. Most Specific route
2. AD value
3. Metric

Now here most specific routes are via bgp via ospf

Now AD value will come in the picture as tie breaker....

Take a look at the following Table for AD values

Default Administrative Distances
Connected 0
Static 1
eBGP 20
EIGRP (internal) 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
EIGRP (external) 170
iBGP 200
EIGRP summary route 5

Now the Answer is a question, Which BGP route was that, EBGP or IBGP??

If it is IBGP (AD value: 200), OSPF routes will get precedence…. Else it gonna take BGP routes (AD Value: 20)

Thursday, May 6, 2010

Checkpoint : How to Find the the Management Interface

It will be gud if you know the one who controls you.. So I was thinking how to get it in SPLAT and I was sure that they are storing it somewhere as they ask during configuration...

Finally I found the file:

more /etc/sysconfig/external.if

Sunday, May 2, 2010

GRE is like Girls!!! - GRE Tunnel in IPSEC - there will be twists in the Story...

Atleast I could not sleep for two dayz thinking, why GRE (Generic Routing Encapsulation) is required in IPSec when we run Dynamic Routing Protocols...

I talked to techies which I ever trust... all said "its required" but their answers were not enuf for me to sleep... eventually I reached office very early.. Started with my friend Google... My biggest confusion was IPSec works in Layer 3 , why they cant accommodate the dynamic routing protocol which runs on the same layer... Why it is not compatible... ??

Finally I found the answer... Its nothing but IPSec doesnt support Multicast Traffic.. I recalled my routing KB, yeas,,, most of the routing updates are done with Multicast.. So they needed a work around, and hence GRE into the scene... Now what is GRE....??

GRE is nothing but, type of a VPN, which create a virtual tunnel towards the destination from a particular source..

It hides the Multicast Packets, generated by your D. Routing Protocol and fools IPSEC, pretending that its a normal IP Packet.. I felt GRE is just like girls, hiding so many things in them and pretends everything normal...

Now, is GRE is only meant for IPSEC?? Answer is simplee.. NO.. whenever you want to hide something from your transit path, can do the same..

It seems nothing wrong in hiding something and fooling someone .... here is the twist, there will be overheads for these type of packets.. Did you forget the MSS value... ?? So beware those who fools someone.. there will be twists in the Story...