Cisco :: 194 ToS Filed Change In Net Flow V9 Packets
Aug 28, 2011
Recently we have configured few of our routers to export FNF (Flexible NetFlow), some of our router are exporting NetFlow V9 packets with fields as mentioned in the NetFlow V9 RFC. We noticed that one router is exporting NetFlow V9 with the field value different from RFC. I have attached the screen shot which shows that Field 194 is assigned for TOS. Whereas according RFC it is 5. Is there any specifc reason begind this or this is an IOS related issue.
I have 2 ASA 5505, with a site-2-site vpn, I need to reach a server on network A on port 7887 from Network B.The 2 boxes are both on a public net and has a private net inside.When initiating a telnet session from a Host on network B, to a ip 172.210.210.56 /24 (which is defined as my remote network in the connection profile)I can see the trafic arriving on the ASA on network A, but the trafic gets rejected with the following.
Built local-host outside:VPN-TEST_172.210.210.5602: VPN-TEST_172.210.210.56 7887 Teardown TCP connection 398765 for outside:VPN-TEST_x.x.x.x/16698 to outside:VPN-TEST_172.210.210.56/7887 duration 0:00:00 bytes 0 Flow is a loopback03: Teardown local-host outside:VPN-TEST_172.210.210.56 duration 0:00:00.I'm a newbee with the ASA 5505, and connot figure out why this is a loopback ?
I am trying to pass Traffic thru the IPSEC tunnel but it does not work ([Cisco Router 892] <---> [Cisco ASA 5510] <---> [Cisco Router 892]) The Cisco ASA 5510 doesn't pass traffic UDP=500 & UDP=4500 ports...
I've been thinking about this for a while and I can't seem to find a comforting answer: Assume you have three datacenters connected over a WAN. Each datacenter has its own Internet and firewall, and each firewall has a trusted network, untrusted network (Internet), and DMZ: [code]
-DMZhostA has inbound access from the Internet over port X. -DMZhostB has outbound access to DMZhostC over port Y. -DMZhostC has outbound access to the trusted network over port Z.
If DMZhostA gets compromised from the Internet, the attacker can indirectly access the trusted network through DMZhostC, assuming the services running on the given ports are vulnerable/poorly secured.How do you track this web of access? This is a simple scenario with just three firewalls and datacenters, but it gets proportionally more complex and harder to track as the network gets larger. Manually tracking the traffic flow seems tedious, slow, and inefficient.
My question is pretty straight forward but here is some background information. I would like my browsing traffic to funnel through my phone's 3G or WiFi connection. Is there any information out there on how to direct the browser to use the second internet connection? I was thinking about setting up a VPN using the second nic and somehow instruct the browser to use the specific proxy. I have no idea if that is even possible though.
The need for this is pretty simple. I do not want my browsing habits being logged by my company's network. Also while maintaining the current corporate connection so Outlook and RDP programs continue to function correctly.
I am fairly new to configuring ASA's. I have an ASA 5505 with one outside interface and three inside interfaces (inside1, inside2, and management). I need inside1 and inside2 to be able to talk to eachother but cannot work out how to make this happen. They are both configured to the same security level and the 'Enable traffic between interfaces with same security level' box is ticked. I have also tried adding appropriate NAT and Access rules. The packet tracer suggests the rules are correct for allowing traffic flow between interfaces but obviosly this may not be the case.
Struggling to find any documentation that states both "ip accounting & netflow" are supported on the new ME3600 switches. I have tried both a 12 and 15 release of software. Netflow produces no data what so ever, ip accounting only produces data (of the global network) when configured on my uplink (running MP-BGP network) unable to get specific data for user networks in seperate VRFs. Is this a case of the commands being there but not being supported?
On my 1841 when i enter the "ip flow-cache timeout active 2" command it accepts this command with no errors. But when i look at my running-config this does not list.I did the same thing on my 2811's and 3745 and it shows up in the running-config. Should I assume if it doesnt' show up in my config file than it is not applied? How can I verify that it is or isn't?
I have a Cisco 2621XM router with two ethernet interfaces that sits before a vendor supplied VPN router. I need to see the IP traffic incoming to my router from the WAN side (fasteth0/1 below). I setup ip cef, and ip flow ingress on the interface. However -- it seems that what I see when I use "ip cache flow" command doesn't have a very long history or life. What commands am I missing so that I can see a summary of the stats over say the last 5, 10 or 15 minutes? Is this the best config that can be used for this, or can I create a more summarized report just using the router HW and IOS? Basic current configuration:version 12.3service timestamps debug uptimeservice timestamps log uptimeservice password-encryption!hostname Littleboy!ip subnet-zeroip cef table event-log size 1024ip cefip cef accounting per-prefix non-recursive prefix-lengthip cef traffic-statistics load-interval 180!ip flow-cache entries 2048ip flow-cache timeout inactive 60!interface FastEthernet0/1 description Littleboy to vpn-wan ip address 10.1.0.1 255.255.255.252 ip flow ingress?
I am unable to input the command "ip flow-cache timeout active 1" to my cisco 2960 and 4948 switches. But i am able to do so in my cisco 6500 series switch. Hence how do i enable netflow on both 2960 and 4948 devices?My 2960 and 4948 are L3 switches. What commands or additional hardware module are required.
I have a 7204VXR Router, with Neflow. The collection for all interfaces is ok, but one interface (Gigabitethernet 1/0), is not showing the egress traffic in the pictures. The configuration has "ip route-cache flow", ip flow egress, and ip flow ingress set. But, is not showing the egress traffic.
The wifi connection is all good to go. Now , we have other companies besides us that also managed to tap to the wireless infrastructure, though they don't have the authentication cert, but it is exposed.So, would like to know how can we conta the wireless signal from overflow to another building? Any setting at the WLC that can be tweak? or check the radius to ensure that it didn't overflow?
I am having issue on my 3750G gig interface, it is not passing data more than 200M.Some how its giving me lots of input Pause on both sides,can some one explain if there is congesstion issue,do I need to enable flow control on both sides? [code]
The network scheme is this one, I have Lightweight APs distributed and a pair of WLC 5508 centralized. We use a pair or SSID for all the branches, concretely Voice and Data.
All the branches has a local DHCP Win2k3 Server, and APs get its IP address correctly from the local DHCP, but the wireless clients obtains the IP address from the centralized DHCP Server, because all the DHCP traffic go through LWAPP/ CAP WAP tunnel to WLC.
I want that the clients get its IP address from the branch DHCP, i have reading and i think that we need to use H-REAP with local switching configuration and the correct vlan mapping in local switch and H-REAP for it works that we want. Is it correct? Is possible that the client obtain the IP address for the local/branch DHCP Server instead of the Local DHCP?
how to configure WRT54GC compact Router if the data should be configured to flow from PC1 through Switch to Router and then to PC2 back through Switch in the following configuration?
That's, the data flow is PC1 -> SW -> Router -> SW -> PC2. I think that Router has to have both routing of 10.14.40.1 & 10.14.50.1, but how should I configure the router?
I have three ASA5505, two firewalls connected to central VPN hub. the central inside network is 192.168.0.0/24,Network A is 192.168.1.0/24,Network B is 192.168.2.0/24,In one of this site (central), I have server with NetFlow collector.,I will collect the traffic information from all ASA at the my one serverCan I configure source IP address (or source interface - inside) for NetFlow packet, originate from ASA? (for example from site A)If it is not possible I think, I can rewrite my access lists and permit udp traffic from outside interface to server IP like this:access-list VPNACL permit udp host <Outside IP site A> host <Inside IP the Server> eq 9996,But I do not understand, what port I must be use in access list on Central site ASA. ,access-list VPNACL_A permit udp host <Inside IP the Server> host <Outside IP site A> eq 9996 ? or, in this place, must be source port in the udp netflow packet?
Setting up Netflow from the 7010 platform to Solarwinds?I implemented the following code on both of my cores (VPC/HSRP Redundant Linked Pair) but had the following issues:
1. One of the cores I could see was sending Netflow records every few seconds whereas the other was not doing anything
2. Solarwinds was not seeing any of those records coming in and was showing last update from both devices as "Never"
Note that I have netflow already working as my Riverbed (fairly intelligently) already updates Netflow.Also i was all set to debug this myself but there doesn't seem to be debugging for Netflow that I can see?!?
I use 3 interfaces on an ASA 5510. First interface is Lan, Second interface is Outside, Third interface is ADSL The Outside interface is used for VPN L2L and smtp traffic. (Leased line on router managed by ISP)The Adsl interface is used for Http traffic. (Adsl Cisco router) I use this configuration found on another forum subjet for routing.route outside 0.0.0.0 0.0.0.0 x.x.x.x 1route adsl 0.0.0.0 0.0.0.0 y.y.y.y 2 nat (inside) 1 0 0global (outside) 1 interfaceglobal (Adsl) 1 interface static (Adsl,inside) tcp 0.0.0.0 www 0.0.0.0 www netmask 0.0.0.0 The problem is now I have an www intranet server on the VPN remote site. How i can exempt the http traffic to the intranet server routed through Adsl interface?
I am in search of a new routers. I don't have any special task to do. Just the flow of maximum 2mb/sec data and some times video conference. However I need the Voip solution as well. I just got excited on the cisco ASA 5505 product. Can this fulfill my requirements. Can this work as the router 1841. Does this support DMVPN, SSL VPN and dynamic routing. Can I upgrade the IOS for dynamic routing purpose. Do you recommend to purchase this produe act or not instead of router ? What are the limitations of this product. If I purchase this I can use this as an router as well as strong security solution. How many ports are available for traffic flow in ASA 5505. Are all routed mode or some of them switch port.
I am using ASA 5510 and I have a specific problem with Http Connection to receive a video Flow ( RSTP protocol ) in the LAN. Some Pc users (192.168.1.133,in the log) with ASA Lan Interface as gateway can ping the Camera but don't receveive the video flow.Some Pc users (192.168.1.116,in the log) using another gateway can ping and receive the video flow. I used Whireshark to capture traffic between camera and Pc using the 2 gateway. I joined Logs with this message.It seems to be a problem of TCP segments on the ASA, I try to changed some TCP options but it's still the same:- Disable Force Maximum Segment Size- Enable Force TCP Connection to Linger in TIME_WAIT State for at Least 15 Second.
We are facing one issue at the Customer site as Cisco 7600 series Router's having issue for reflection of traffic flow through netfluke as using by Customer to get bandwidth utilization report for our WAN links.Recently we have brought this 7606S router into production and moved some of our WAN links to this router and We are not getting proper bandwidth utilization report in netfluke after configuring netflow in this device.
HTAINCHN21XXXCR001#sh ver Cisco IOS Software, c7600s72033_rp Software (c7600s72033_rp-IPSERVICES-M), Version 12.2(33)SRB5, RELEASE SOFTWARE (fc2) HTAINCHN21XXXCR001#sh run int gi1/12
I met a strange problem after enabling flow-control in 2960s.my enviroment,
- 2 cisco 2960s 24ts-l have been created a stack - IOS is 12.2(58)se2 - all ports have been enabled flowcontrol receive dersied
via show flowcontrol, I can see each Gigabyte Port have been enabled "flowcontrol receive desired" but, when I do the following tests
- connect equallogic ps4000xv to the port 21, I found the status of port is "input flow-control is off"
- connect one server with Broadcom Gigabyte Network adapter, which has been enable TX ON RX ON, or Auto, the status of the port is still "input flow-control is off"
I guess, the port status should be ""input flow-control is on". Test them with another port, I got the same result. why?
I am attempting to allow traffic from one vlan to another.Vlan 1 is on Interface 0/2.vlan1Vlan 2 is on int 0/3.vlan2Each vlan can communicate inside it's own vlan, and the gateway on each responds to vlan specific clients My problem is that I am unable to communicate between the two vlans. Using the ASDM packet tracer tool, I find that packets are denied by the default rule (on the second Access List lookup). It appears as if the packet never reaches the other interface. The access rules are set up to allow traffic from one vlan to another (inbound), on both interfaces. Testing from either vlan to connect to the other fails. Below are the accee-rules for each vlans. Once I get basic connectivity working.
access-list aVlan1; 3 elements; name hash: 0xadecbc34 access-list aVlan1 line 1 extended permit ip any 192.168.151.64 255.255.255.192 (hitcnt=0) 0xeb0a6bb8 access-list aVlan1 line 2 extended permit ip any 192.168.151.128 255.255.255.128 (hitcnt=0) 0x3a7dfade access-list aVlan1 line 3 extended permit ip any 192.168.151.0 255.255.255.0 (hitcnt=0) 0x93302455 access-list aVlan2_access_in; 3 elements; name hash: 0x6dc9adc7 access-list aVlan2_access_in line 1 extended permit ip 192.168.151.64 255.255.255.192 192.168.150.0 255.255.255.240 (hitcnt=0) 0x054508b7 access-list aVlan2_access_in line 2 extended permit ip 192.168.151.128 255.255.255.128 192.168.150.0 255.255.255.240 (hitcnt=0) 0xc125c41e access-list aVlan2_access_in line 3 extended permit ip host 192.168.151.3 192.168.150.0 255.255.255.240 (hitcnt=0) 0x4adc114c
Ever since we switched to ASR1004 running XE15.1(2)S1, we have seen that the output of "show ip cache flow" stalls and is super slow to complete. We have a few interfaces with "ip flow ingress" defined. What can be causing this slowness? Any recommendations of commands to speed up the output?
I am really new to Cisco and having a hard time with my Cisco 2800 series.
I have two sites connected with each other Site A and Site B (Using the same Cisco 2800). Now site A can connect to site B on the Cisco and the internal network, but site B can only see the Cisco and not the internal network of site A. So all the traffic is coming in to site B but can't break out of site B. I have tried everything I can think of but again my knowledge of Cisco is not good at all.
