contacthas.blogg.se - Cisco udi components

#Cisco udi components how to#
#Cisco udi components upgrade#

Traffic in both directions (ingress and egress).

VCN security lists: Ensure that your VCN security lists allow.

Oracle, make sure to specify more specific static routes for the preferred IPSec

Multiple IPSec connections: If you have multiple IPSec connections with.

Single tunnel preferred: If you want to use only one of the tunnels,Įnsure that you have the proper policy or routing in place on the CPE to prefer.

Tunnels: crypto map set connection-type originate-only Here's an example of the command that you should NOT use for the IPSec The command is only for tunnels between two Ciscoĭevices. It causes the tunnel's traffic toīe inconsistently blackholed. Originate-only option with an Oracle Site-to-Site VPN IPSec tunnel. Ping tests or application traffic across the connection will not reliably work. Traffic from your VCN to your on-premises network can use any tunnel that is Even if you configure one tunnel as primary and another as backup,

Firewall rules: Ensure that your firewall rules allow both ingress andĮgress traffic with the Oracle VPN headend IPs and the VCN CIDR block.Īsymmetric routing across the multiple tunnels that make up the IPSecĬonnection.

You must add the appropriate ingress and egress rules to allow ping traffic. Note that the VCN's default security list does not allow ping traffic (ICMP type 8 and ICMP type 0).

VCN security lists: Ensure you've set up the VCN security lists to allow the desired traffic (both ingress and egress rules).

For more details about the appropriate configuration, contact your CPE vendor's Your CPE is configured to handle traffic coming from your VCN on any of the tunnels.įor example, you need to disable ICMP inspection, configure TCP state bypass, and so Multiple Tunnels If you have multiple tunnels up simultaneously, ensure that With policy-based configuration, you can configure only a single tunnel between yourĬisco ASA and your dynamic routing gateway (DRG).

#Cisco udi components upgrade#

You upgrade to a software version that supports route-based configuration. For the best results, if your device allows it, Oracle recommends that The Cisco ASA does not support route-based configuration for software versions older To avoid interoperability issues and to achieve tunnel redundancy with a single

#Cisco udi components how to#

Maximum Transmission Unit (MTU): The standard internet MTU size is 1500 bytes.įor more information on how to determine your MTU please see Overview of MTU.Ĭisco ASA: Policy Based: Oracle recommends using a route-based configuration For instructions, seeĬhanging the CPE IKE Identifier That Oracle Uses. Oracle expects the value to be either an IP address or a fully Provide the value either when you set up the IPSec connection, or later, by editing

If you cannot, you must change the remote IKE ID in the Oracle Console to match your CPE's local IKE ID. Local IKE identifier: Some CPE platforms do not allow you to change the local If you want one IPSec connection as primary and another one as backup, configure more-specific routes for the primary connection and less-specific routes (or the default route of 0.0.0.0/0) on the backup connection. If both IPSec connections have only a default route (0.0.0.0/0) configured, traffic will route to either of those connections because Oracle uses asymmetric routing. Multiple IPSEC Connections: You can use two IPSec connections for redundancy. "IP SLA Configuration" in the Cisco ASA policy-based configuration template. For more information, see the section for Traffic running through the IPSec tunnels. CertainĬisco ASA versions require the SLA monitor to be configured, which keeps interesting Through the IPSec tunnels at all times if your CPE supports it. Times: In general, Oracle recommends having interesting traffic running