We our currently using site-to-site VPN tunnels to connect our multiple offices using static public IP's via ADSL connections.We wanted to get an additional ADSL connection from a different ISP so that if one connection drops, the other could be used.Are there any hardware devices or tricks we can use to automatically get our networks to failover to use the backup ADSL connection and have our VPN traffic remain up?
View 1 RepliesWe are in the process of installing time clocks at some of our sites around the USA. Our security department has asked that the time clocks be completely isolated from the rest of the network. The time clocks will be administered by ADP via a centralized firewall utilizing NAT. We have multiple subnets available at each site. Let me give an example to calrify what I would like to do. Example: Site A has 10.168.19.0 /24 user subnet and is configured for VLAN1 using 10.168.19.1 on the router as the default gateway. I would like to use subnet 10.168.20.0 /24 for the time clocks, configure it for VLAN2 and use 10.168.20.1 as the router gateway address for VLAN2. This should allow me to NAT one of our additional public IP addresses to the 10.168.20.1 gateway address thus completely isolating the time clocks from the remainder of the network. Problem is I have not done this before so I'm a little confused about how to configure it in the Cisco 3750 switches.
View 6 Replies View RelatedWe have a HP Procurve 5412zl switch as our default gateway for all our VLANs from there the traffic will be going to a Cisco ASA 5515 and then to a Cisco 3800 Router then to our ISP.
We have yet to purchase the ASA but my question is about my future configuration. I will have the router of last resort on the 5412zl setup to point to the ASA inside interface, how does that work with multiple VLANs? For instance the ASA inside interface would be 10.0.0.1 but traffic could come from another VLAN via the switch with a 192.168.1.x address. Would the ASA just pass it on to the router? Or would it conside this spoofing and drop the packet?
Lastely, if we have WCCP set for the ASA's inside interface, how would it handle the redirect for multiple VLANs ip addresses? Would I use GRE for the redirect to my web filter?
I have a small network that i want to setup, i have 1 2900 router and i'd like to create subinterfaces for the internal. but more importantly i'd like to have the dsl modems connected to the router with traffic from one subinterface going through one modem and traffic from the other going through the other.
View 1 Replies View Relatedremote location on MPLS circuit terminated on a Cisco router that has Internet connectivity through Central Site router. We are installing a cable modem at the remote location that is to be used as the Primary Internet Connection but still be able to use Internet through MPLS if the cable Internet goes down. We want the failover/fallback to be handled automatically.
We have an ASA5505 for the cable Internet which then feeds into the ISPs modem.
At first I was thinking about getting a module for the remote router so the cable Internet could be terminated on the remote router as well but that introduces a single point of failure. I would also like to firewall both the MPLS and the cable Internet but if I do so on the ASA there is another single point of failure.
I have got a Branch Office with two redundant links connecting from Head Office A and Head Office B. Both links are LES 100MB and carry only VLAN 33 traffic. Head Office A has an ASR 1002, Head Office B has Cat3550 and the Branch Office has Cat3560. Both Cat3550 and Cat3560 at L3 switches.At the moment if one link fails i have to manually disable or activate ports/interface on either Head Office A or Head Office B devices and ammend the default gateway on Branch Office switch to either Head Office A or B device, which ever is working.I am looking for an automated and reliable solution for this so that i dont have to make any changes on the devices and failover happens automatically.
View 1 Replies View RelatedI want my core switch auto failover to other route if the primary route is link down it will go to the secondary route
example
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 0.0.0.0 0.0.0.0 2.2.2.2 100
if my core switch detect next-hop 1.1.1.1 it will re-route and go to the 2.2.2.2 for the next-hop my core switch using static route and cant support ip sla
One of our customer has 3 ISP Line, out of which Two are Broadband and One is Leased Line. All 3 ISP interfaces are Etherent.
Now, they want Auto Failover with Load balancing among these 3 ISP lines.
Can we do same implementation in Cisco 1941 Router?? What licenses required in router for same?
We have two Cisco 5505 firewalls connecting to two ISP's . The two internal LAN's on the firewalls are 192.168.184.0/24 & 192.168.186.0/24. We also have a Cisco C3560x layer3 switch with vlan interfaces 184.3 & 186.3. We have two DGS-3100 Dlink layer 2 switches connecting our users to the Layer 3. Ip routing is enabled for intervlan communication & I can reach the Switch interfaces & firewall gateways from machines on both on the vlans.We have pbr enabled on the 3560 & users only on the .186 network can get to the internet. The switch is running the ipservices license & the sdm template is "desktop routing" .
Users on the .184 cannot access the internet but we can ping the layer3 interface & the firewall gateway. [code]
We are in a warehouse type setting and have data centers on each side of warehouse with 5508 WLC's in each data center. Each side is on its own subnet with routing in between and a different set of SSID's for each set of WLC’s. Are goal is to have the ability to failover in the event that if one data center goes down AP’s will move to the controllers in the other DC and the clients will still be able to operate.
Our thought was to implement mobility groups between the controllers. While I saw documentation on setting this up when the controllers are on the same vlan, I didnt see any setup config when controllers are in different vlans. So I am wondering if mobility groups are even an option for what we want to accomplish. For the most part clients stay on their respected sides of the warehouse and so we are not necessarily needing roaming for clients between controllers in DC1 and DC2. But that does raise another question in that we do have a planned voice wlan that we would like to have the ability to roam between each side of the warehouse. But we have seen ip issues with this. In the past we have had both SSID's setup on each side and ran to issues with clients not renewing their IP address when moving to the controllers on the different subnets.
Can we setup mobility groups between controllers on different vlans/subnets? For failover purposes will mobility groups assist in our setup with 2 DC’s and different subnets/vlans? If the answer is yes we can setup mobility groups between different subnets, is there a way to setup the SSID's on all controllers and have the ability for clients to roam and renew their IP’s when moving to a different controller on a different subnet?
I'm a bit perplexed atm with trying to set up multiple failover routes on a 2821 router. Let me say that I have more experieince in a switched network as routing is seldom required where I work atm. Here's my problem. I have a routing table set up as follows but only the primary routes work. The failover routes will not kick in once the primary route is not there.
ip route 10.32.11.0 255.255.255.0 128.32.8.11
ip route 10.32.11.0 255.255.255.0 128.32.24.11 100
ip route 10.32.12.0 255.255.255.0 128.32.8.12
ip route 10.32.12.0 255.255.255.0 128.32.24.12 100
ip route 10.32.14.0 255.255.255.0 128.32.8.14
ip route 10.32.14.0 255.255.255.0 128.32.24.14 100
Ip addresses are not exact but it gets the point across.
Why the failover routes are not failing over? The failover routes work if I remove the primary route from the config.
I have an ASA5520 in location A with an ISP connection and a matching ASA5520 in location B with a separate ISP connection. We have fiber connecting the two locations and vlans passing back and forth so I will be able to configure the failover via a vlan as well as extend the ISP's to each location via vlans. The Active/Active configuration with the multiple security contexts does not seem to be an issue but how is a redundant ISP configured in this mode?We want to have context A using the ASA in location A with ISP1 as the primary and failing over to ISP 2 in locaiton B We also want to have context B using the ASA in location B with ISP 2 as the primary and failing over to ISP1 in location A Would route tracking provide the desired result? Is there a better option?
View 1 Replies View RelatedI have a milestone VMS (video management system) server running on a customers site. The server has two network cards. eth0 has a static IP 10.0.15.250, mask 255.255.255.0, gateway 10.0.15.254 (the gateway is a firewall connected to the internet via an eircom modem in bridged mode) eth1 has a static IP 10.94.238.2, mask 255.255.0.0 gateway all the cameras and related equipment are in the range 10.94.238.1 ~ 20 Customers network users what to view the VMS via an application which needs to run on their PC and connect to the VMS server on 10.94.238.2, The customer has given me a gateway address of 10.94.200.1. However when I use this gateway address in the default gateway of eth1 I loose internet access on the server because the server can not resolve the DNS address. The cusotmers users can see the VMS and the monitoring station can see the VMS via a VPN. However I need internet access otherwise Teamviewer will not work and I can not access the server for configuration and maintenance remotely. Is there some other way I can implant the customers gateway so they have access but I still have internet on the server.
View 2 Replies View RelatedI have two network cards in my computer, one is connected to the ADSL router for a BSNL broadband connection and the other is connected to our compay's MPLS network on which our core software is run , now both networks have different gateways through which they connect , the bsnl ADSL router gets its ip from DHCP ,our MPLS network has its own network ip schema.The problem is I am not able to use both connections simultaneously, if I have to work on our software I have to switch off the ADSL router and if I want to surf the internet then I cannot work on our softwware.
View 3 Replies View RelatedI've got a network with the following address and subnet mask:
xxx.17.0.0
255.255.0.0
The original gateway that we had on the network is at:
xxx.17.0.254
This gateway is a Netgear VPN firewall and it also has a bit of port forwarding going on to a couple of servers on the network.We've now had a new line put in and we have to use different hardware on that line so in order to phase that in, I've set this up as a new gateway at:
xxx.17.1.254
Internally, the clients and servers are quite happy with this and will happily use the new line.Problem arises when users connect via VPN to the OLD gateway (I haven't got VPN set up on the new one yet). Users can still connect to the VPN but can't see any machine that is using the new gateway.How can I get around that? Does the old gateway need a static route?
I have a scenario which i would like to discuss with you people. I have a branch office connected with the Head office using wireless radio bridge(point to point connectivity). Here is the configuration at branch office.Things are working fine until now. The branch office has a DSL internet connection and required to be shared among the users. option 1 (problem)DSL terminate on swtich and all clients have a DSL modem as their default gateway and ISP's DNS. Internet works fine but here comes the problem, now they lost the connectivity with head office.Now my question is i cant have two default gateways then what should i do?
I bought dlink dir615 router and want to configure in such a way that internet terminate on dir 615 and branch office pc's should be able to use the internet as well as get connected with the head office with default gateway configuration.
I installed m0n0wall in a virtualized environment, i have 10 PCs connected to a router ( 192.168.1.0/24) which connect them to the internet through PPPoE, the problem is that this router does not have a QoS so what i want to do is the following :-
let all the PCs get their IP from the Router and the default gateway will be m0n0wall
the moon wall will have 2 interface (Lan 192.168.1.20) and (Wan 192.168.1.21 and default gateway 192.168.1.1)
now when any PC want to access the internet it should go through m0n0wall and then m0n0wall will forward the connection to the default gateway through the wan interface which is the PPPoE running on the router (192.168.1.1)
I have two different networks on same LAN.One net has public 2xx.x.x.x IPs (some on DMZ, they are servers with their own internal firewalling) and goes through a GBeth switch to a Cisco 25xx router for accessing HDSL modem with several HDSL trunks and then Internet. That router is configured to let external IPs access only DMZ IPs, of course.The other net has 192.168.x.x IPs and goes through another GBeth switch to a DLink router to access ADSL. Mainly for download traffic at a low flat cost.I would like to have a way to let the 192.x.x.x machines access the servers on the DMZ of the 2xx.x.x.x net without going outside the physical LAN. The servers host mail services and so sending heavy attached documents needs a hi-speed LAN connection and certainly not the ADSL upload capability. Not to say about servers web contents maintenance.
View 1 Replies View RelatedI need to setup my LAN card to access 2 gateways.
OS: winXP sp3
IP: 192.168.1.101
One gateway is 192.168.1.254 to the internet.Another gateway is 192.168.1.253 to access (via VPN) the other subnets 192.168.x.x? I can even install a second lan card.
I have LinkSys WAG160N V2 with the last firmware 2.00.20 I have very annoying issue, the Gateway always disconnected from time to time .. Some days it work so fine and some days it disconnect 20 times per day and I have every time to go Status >> Gateway and press connect , another weird thing is that sometimes it gaves me speed 3784 Kbps and sometimes 3500 Kbps , sometimes it gaves me the right speed 4700 Kbps i did think maybe it's my ISP problem , but after the upgrade the problem gone for 3 weeks then it back again, and when it back I did make factory reset and reconfigure it again regarding my ISP settings and it did work fine with 3784 Kbps speed and it should be 4700 Kbps.
View 9 Replies View RelatedI need to route a subnet from a 7204 to 2 different gateway's which are not Cisco based. I cannot use HSRP, GLBP or VRRP as the other 2 gateways don't support theses protocols. Yet they do support OSPF, RIP, and BGP.... Take note that this setup is in a ISP scenario. How can I acheive gateway redundancy?
View 4 Replies View Relatedi have one machine have 2 Ethernet devices and i need to connect this server to different 2 network with 2 different gateways (192.168.2.x "vpn network" and 192.168.1.x "adsl network" )so if any other one need to connect this ftp server can connected from vpn or adsl
View 1 Replies View RelatedMy router is showing two separate SSIDs, dlink and dlink 2 it only recently started doing this and around the same time my router has been constantly rebooting when there's little or heavy internet traffic.I have a DIR 655 Hardware Version: A4.Firmware: 1.21 NA
I refuse to go to any version above 1.21 as 1.21 is the most stable firmware for the 655, I have tried all other with terrible outcomes and wireless performance.I've looked around and most people think it's a joke or something, always saying it's probably a neighbors wireless, but that's impossible since I'm on an acreage and my neighbors are too far away for us to be receiving their wireless signals, and if I change the password and encryption type (WPA/WEP/WPA2) I have to change the security settings on both dlink and dlink 2.
Also I have the normal 192.168.0.1 gateway to access the router under the "LAN" section under Status on the router, but under WAN I have a completely different gateway that just recently showed up. I have no idea where this came from or what happened.
The downloadable PDF manual for the WAG160N shows the remote management address as "https://...", while the online support article shows WAG320N screenshots and uses "http://...". The downloadable manuals for the WAG120N & WAG320N don't show either (it's a pretty flimsy manual).point me to, a definitive list of model/firmware combos which do support SSL for remote management?
View 3 Replies View RelatedI have 2x v10000 Websense Security Gateways that are connected to 2x 6500 SUP720. When I turn on cluster management function between Websense appliance, they speak to each other only if they are connected in the same 6500. When they are connected one in every 6500 cluster management does not work. They are connected on the same physical vlan. Do I need multicast to be configured in the 6500 switches?
View 5 Replies View RelatedI have mobile users using air cards that connect to the network with a VPN product called Net Motion. Our firewall is a ASA 5510. Once connected to the Net Motion VPN server the user will get a DHCP address from our network. In the past we could not get the VPN tunnel to complete since our layer 3 switch (3750G IP services) has 3 egress points and the egress point that we needed the VPN traffic to go out of is not the default gateway. To solve this we had the air card carrier set switch our air cards to static IP addresses and using route statements for the public IP addresses and access lists we got it to work.
The problem with this is that every new air card we provision needs a static IP address. My question is would policy based routing work in this scenario? The problem has been that the VPN tunnel was not able to complete the negotitaion phase as the traffic came into the switch and was trying to go out the default gateway. The VPN client wont get an internal IP address until the VPN tunnel is created.
I would like to get away from using static IP addresses.
how i can configure a second ssid for guest access in our environment. this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time. My AP config is attached below.
Do i need to redesign the whole network to have a native vlan other nthan the data vlan? Does the access point need to be aware of the voice vlan? Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
My question is if I can configure 3 ssid, for 3 different VLAN and add the DHCP address from a WAP4410N AP, when you upgrade to the latest version of IOS I can have this functionality?
View 2 Replies View RelatedIs it possible to have multiple dhcp pools for multiple VLANs? The switch is a 6509 and/or 4506 catalyst. I don't want to use server-based products.
View 5 Replies View RelatedI am trying to build a new network from scratch, I have the WLC 5508 w/ Aironet 3600e APs connected to my Netgear Smart Switches and a Linksys RV082 router that I'm using as my DHCP server with several VLANs for several stuff on my Switches.
I have 2 questions:
1. Can I have 5 Interfaces configured on 5 different VLANs, each SSID on each a different Port:
Port 1: Controller management only=> 192.168.x.x /24
Port 2: SSID 1: WiFi Internal=> 172.16.x.x/12 (Radius Auth with no sharing)
Port 3: SSID 2: WiFi Internal w/ sharing=> 192.168.x.x/24 (Radius Auth with sharing)
Port 4 :SSID 3: WiFi Guest=> 10.0.x.x/8 (Web Auth)
Port 5: SSID 4: WiFi IT=> 192.168.x.x/24 ( Radius or certificate Auth with access to the controller management interface)
2. How can I use the Controller as the DHCP server for all the WiFi traffic, and how should that be configured to work with my other DHCP server?
i`m facing a problem configuring the mentioned access point to act as stand alone access point with multiple SSID assigned to differnet VLANs the problem is that
1) i`m not able to broadcast the both SSIDs in the same time from the Access point
2) i need to make the radius server to manage the SSID access for the wireless clients (trying to find a way in which the aceess point sends a log for the radius server containing the VLAN id /IP address of the the SSID) you may find the below info about the IOS ver. & the configuration?
i`m running IOS /c1100-k9w7-mx.123-8.JEE/c1100-k9w7-mx.123-8.JEE?
This is the initial time to set up a new DSL provider's modem with their tech support. TCP/IP auto obtain IP address does not work (LAN status is 'limited or no connectivity'), entered static ip/dns, then LAN status is 'connected'. However, can't access internet (...DNS lookup failed...). After several calls over 5 hours w/ tech support, now only works using a manual broadband connection when cable physically connects modem and pc. Tried once to add wireless router(reset modem, connect and cold boot all 3 devices...) while the tech supporter was on phone, but broadband connection won't work any more. So the service rep said I had connection and could access internet, the router is not his issue.Is this the new modem problem or the provider server issue. I have had SBC DSL for years before swith to the new provider, everything worked fine. I also tried cable connect to a different laptop, got the same problem. Both PCs can still connect to my neibauer's wireless router no problem.
View 3 Replies View RelatedI had this problem since I installed this game (GTA San Andreas). So, I found that it keep auto alt tab when I play GTA only. Not other game. When I restart, it is gone. and will occurs when I open GTA. So, i try to scan and delete the game and the problem fixed. Still, when I install FiFa 2011, it is also happening. So, I deleted the game but the problem didnt fixed. Well, I also download Sims 3. and when I play the game, I tried to remove my Tenda Wireless reader, then the auto alt tab is no more occurs. So, it seems like I have to play games without using internet. Which means I can't play online games. So, I am telling you guys that I am having problem with auto alt tab/ losing focus when playing game/using programs like google chrome. So, what should I do for know? I think it might cause of my Tenda Wireless Reader? I'll try to use wire into my wifi then.
View 1 Replies View Related