Workaround: BUG in ASA IOS 8.4(4) and 8.4(5) adding network-object-nat

When upgrading from prior IOS 8.4 to 8.4(4) and 8.4(5), the configuration will be converted for the new IOS without any problems. But when you’re creating a new Network Object NAT rule, you’ll get a nasty error:

ERROR: NAT Policy is not downloaded

There’s no solution for this error at this point (january 2013), Cisco TAC mentioned me that the development team is still working on this issue but it’s hard for them to reproduce this error in their lab.

But.. there is a workaround available!

(more…)

Cisco Nexus 7000 OTV configuration

Another post, this time about the basic OTV configuration on a Nexus 7000.
The OTV configuration has the be made on a different switch (or VDC) where no SVI’s are configured for the VLAN’s you want to extend to the other site.
First of all some terminology:
  • Edge device: This device performs layer 2 activities (to the internal network) and OTV transportation to the other site(s).
  • Transport network: This is the network (can be layer 3) that connects all the sites. This is your WAN connection, possible managed by your service provider.
  • Join interface: This is the uplink interface on the edge device that is connected to the transport network.
  • Internal interface: This is the interface on the edge device that is connected to the internal network.
  • Overlay interface: This is a logical interface, with support for multi access, multicast. This interface encapsulates layer 2 frames in IP headers (also ‘MAC routing’)
  • Overlay network: A logical network that connects all sites together and uses MAC routing for interconnecting the sites.
  • Site: Your (layer 2) network on a location. In most cases, this is one of your datacenters.