About tim_cahoon

We are setting up DMVPN routers for on-demand VPNs from our remote sites to HQ.  our DMVPN routers have the front end exposed to internet and the back end is on our special DMVPN DMZ.  When the VPN is built from the remote site traffic from the site comes into the DMZ and needs to be routed through the PA (5050) to the trusted interface (HQ LAN SEGMENT).   The traffic is being blocked by policy and when I tried to put in a policy I get a L3 error. It think its because the traffic from the site is not part of the DMVPN ZONE.   The DMVPN zone is 192.55.XXX.XXX but the traffic going through is on the 10.XXX.XXX.XXX network.  Since the traffic being passed is not part of the ZONE I think that is causing the L3 error/message.   Any suggestions would be appreciated.  (We wanted to use the DMZ approach so the traffic could be controlled, blocked, and scanned as required.) ... View more

We have a servers running in Azure with a B2B.  Recently they started using BLOB storage and to load the data into the blob it goes to a public IP outside of our B2B.  We like to control where our Servers go out to the internet but the problem is that there 100's of addresses (maybe a 1000) that are used by AZURE in North America)   Does anyone have a good way to get this under control with a policy of some sort so we can say Server X can to to Azure  but only these azure IPs in the public internet?   Thanks for your time ... View more