Cisco Firewall :: 1605R Router - Data Never Comes Back
Feb 7, 2011
I have a sending application that it is establishing a TCPIP socket connection to a vlient that has a receiving application on another server (completely separate networks) The receiving end has a Cisco Router 1605R and has allowed my connection using this firewall rule
access-list 101 permit tcp host xx.xxx.xx.xx any eq 5600 log
(where the x are actually numbers corresponding to the senders IP address)
I can establish an outbound connection to the receiver and the connection shows up on the machine. After the connection is established I can send data and it is received by the receiving application (I observed this using a socket test application, data actually gets through the firewall) However I need to send an acknowledgment back on the same session to the sender. This cannot be transmitted and shortly after I try sending the connection is closed with error 10060.
View 8 Replies
ADVERTISEMENT
Oct 2, 2012
I have 1941, 2901 ISR routers. I will use 3G backup when primary link (metro ethernet / G.SHDSL) goes down. Do I have to use Data License (SL-19-DATA-K9 / SL-29-DATA-K9) in order to switch back to 3G when primary link is not reachable) ?
View 7 Replies
View Related
Apr 11, 2013
I have two site that has a copper wire ( 2 wire) connection between each router ( No Telco in between ). Now I want to use 1921 router with HWIC-4SHDSL-E card to connect these two site together. Can I use attach configuration to make the connection reference from the diagram ?
View 1 Replies
View Related
Nov 25, 2011
I have 2650XM router and 2620 Router Both routers have built in WIC T1 CSU/DSU cards
2620Router --
2620Router#sh int se0/0
Serial0/0 is down, line protocol is down
Hardware is PQUICC with Fractional T1 CSU/DSU
Description: DTE side
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
[code]....
My question is that cisco website says there are two type of cable connections for this type of config --which are --T1 CSU/DSU ConfigurationSet one CSU/DSU to clock source internal, and the other CSU/DSU to clock source line. The linecode, framing, data-coding, and timeslots must be set the same on both CSU/DSUs.Four-Wire 56k CSU/DSU Configuration For my network connection which type of config i should use??Secondly i try to connect these ports by normal crossover cable it did not work.So for this type of connection i know i need T1 cross over cable-- which has RJ 48 connections at both sides.I check cable from ebay which is RJ45 RJ48 cross over -- will this cable work in my router to router connection.
View 5 Replies
View Related
Jan 8, 2013
I would like configure two router (e.g. 1921) back to back via a 2 pin copper wire. Can I use HWIC-4SHDSL-E card to do it? What is the configuration I can use?
View 7 Replies
View Related
Apr 14, 2013
I have two site that has a copper wire (2 wire) connection between each router ( No Telco in between )Now I want to use 1921 router with HWIC-4SH DSL-E card to connect these two ste together.Can I use attach configuration to make the connection reference from the diagram?
View 2 Replies
View Related
Jul 22, 2011
I just recently replaced an older linksys pre-N router with a RV 120W. I thought this would be a good choice as a more professional router. I installed this router last week and things seemed to be working normally for web browsing, though I was receiving more incomplete pages and broken graphics. Yesterday, I tried to watch a youtube video a friend had sent me and it would not play. I tried several other videos from youtube and other sources with the same result: stalled videos, partial played videos followed by a spinning wheel. It was late, so I figured something was going on with Comcast and went to sleep. This morning, I was trying to download Anti-virus updates. The updates failed multiple times. I then tried some videos again with the same results. I tried downloading .ZIP files from several sources, and while the file completely downloaded, each and every file was corrupted and unusable. Before I called Comcast to complain about my Internet being flaky, I unplugged the Comcast Arris TM502G device from the Cisco router and plugged it directly into my computer fully expecting the problem to persist, but the problem immediately dissapeared. The immediate evidence is that the problem lays with the Cisco Router. It appears that I can't make any changes on the Comcast device as it has a comcast public IP address and does not seem to have any web or telnet interface to change the settings.
- On the Cisco router, I disabled every non-essential service: VLAN, QOS (bandwidth profiles), IPV6, etc
- I updated the FW to the newest version the day I installed the router
- I power cycled the router
- I power cycled the comcast device
I need to resolve this issue as soon as possible, but I'm not sure what to try next, and I'm confused about my support options after trying to navigate Cicso's support pages. It offers live chat, e-mail support, etc, but everything I go into requires a contract number.
View 3 Replies
View Related
Nov 25, 2012
I have a Cisco 8510msr that is connected back to back with a 7206vxr across a 155Meg connection.I receive lots of Output drops on the 7206vxr interface facing the atm switch. When I do the following command:-
kwdair9#sh atm int atm 1/0Interface ATM1/0:AAL enabled: AAL5 , Maximum VCs: 4096, Current VCCs: 27 Maximum Transmit Channels: 0Max. Datagram Size: 4528PLIM Type: SONET - 155000Kbps, TX clocking: LINECell-payload scrambling: ONsts-stream scrambling: ON797522 input, 881483 output, 203946630 IN fast, 223768062 OUT fast, 0 out dropVBR-NRT : 110288 Avail bw = 44712 <====
I only have 44megConfig. is ACTIVEkwdair9# I only get 44Meg of the available 155Meg.There is no QOS on the router and the only commands I can find that vaguely see that refer to QOS are on the ATM switch:-
atm address 47.0091.8100.0000.0007.0d87.b201.0007.0d87.b201.00atm router pnnino aesa embedded-number left-justifiednode 1 level 56 lowest redistribute atm-static?why this is acting like a DS3 link and not a 155Meg link?
View 4 Replies
View Related
Dec 4, 2011
What cable I need to connect two 2951 back to back through a HWIC-4T1/E1 card ?
View 1 Replies
View Related
Oct 19, 2012
I have 1 2611xm router and 1 2801 router. For my own lab purpose, i want to configure them back to back to support voice services. I don't know what configuration will be required at each end. in 2611xm, i have NM-2V and its also detecting the card, so i hope it will work ? also what commands i need to run on both ends .
View 1 Replies
View Related
Feb 29, 2012
Just to get this clear as having issues with a E1 link with CRC's at one.Router A,Network-Clock-Participate WIC 1,Should router B have clock participate for WIC 1? We currently have controllers set as UNFRAMED but guess we can set to NO-CRC4 both ends and telco will pass this.
View 1 Replies
View Related
Jan 7, 2013
I'm looking for instructions on how to setup and connect two RV082 routers together with a crossover cable between their WAN ports. This is to connect two separate LANS together via an ethernet connection. For staging we are setting everything up with a crossover cable in our shop. Ultimately the crossover cable will be replaced by a microwave link between the two LANS several miles apart. There will be no internet connection.
View 7 Replies
View Related
Aug 28, 2012
securing a back-toback connection using E1.The connection is between two cities, using 2x CISCO 1841 router + VWIC-1MFT-E1 interface at each city.
The E1 connections has been provided by our local telco, and they are completely private. The customer is a bank, and they asking me if this is a secure connection or not. If possible, we need to guarantee that no body can get access to the bank network even if they brought E1 modem at one of the ends (telco PoP).
View 11 Replies
View Related
Apr 7, 2013
I searched a lot but couldnt find a clear document about connecting 2 G.SHDSL routers back to back.First of all I am not sure which type of cable (RJ11) is used for connecting two 878 routers. Does it have to be cross or straight cable.
Which RJ11 pairs will be connected each other [code]
According the configuration samples One router must be CPE and the other must be CO for simulating DSLAM.
View 2 Replies
View Related
Dec 15, 2011
I'm having some trouble getting two Cisco 888's to work correctly back to back.. The two routers will ultimately be used in conjunction with a BT EPS8 circuit which is effectively four wires short distance between customer sites. We have configured lots of these using the older Cisco 878's.
Anyway, as i've been struggling to get line sync on site I've gone back to basics and connected the two 888's back to back. However, I've found that no matter what I do I can only get the routers to sync at 384kbps!? And that's with a one meter RJ11-RJ11 cable.. Very strange. When we've used the 878's we get much more bandwidth. I have tried statically assigning the line rate at both ends but it still only works at 384kbps.
View 3 Replies
View Related
Sep 29, 2011
I have an 887, I'm having trouble wrapping my head around the ZBF. I would like to change it to the old style firewall, but using the CCP it says I must delete the ZBF policys first - fair enough, I deleted all the rules so the firewall looks blank, but it still doesn't want to let me change the firewall mode - saying I must remove all the policies first.
View 5 Replies
View Related
Apr 22, 2013
I have an old Pix(on ASA 8.0) having a lot VPNs with pre-share keys setup. And it has been too old to find out what those pre-share keys are on any documents. Now I need to replace this PIX with a new ASA. My question is how can I find out those pre-share keys, so I can setup same VPNs on the new firewall and make it plug-and-play. Any way I can export then import those VPN pre-share keys from the old PIX to the new ASA? Or export and import whole configuration, but hardware are different.
How can I setup same VPN pre-share keys as the that of the old Pix on the new ASA?
View 4 Replies
View Related
Mar 17, 2012
I downloaded a new image to my ASA 5510 and found out up on reboot that the ASA doesn't have enough memory so I am booting to the "ciscoasa" prompt with no config. I still have my old image in disk0:. How do I roll back to this old image?
View 1 Replies
View Related
Feb 27, 2011
I have asa 5505 with security plus license, I configured dual ISP with two different ISP provider. I followed below cisco document to configure dual ISP [URL] The Configuration works during the testing, while removing the primary ISP cable from firewall. The problem i am facing is my primary ISP is down but the gateway is still up and it not switch over to backup ISP. For SLA which IP should i monitor so once my primary ISP is down it will fallback to Secondary.
View 5 Replies
View Related
Feb 19, 2013
I need to NAT a port range spanning from TCP and UDP 50,000 to 59,999 from inside global address 58.96.x.x on loopback2 to an inside local address of 192.168.5.5.Currently all the existing NAT translations are 1-to-1 that map inside global addresses on a wide span of Loopbacks and a Dialer Interface to inside local addresses on few subnets which are fine.I'm using an 1811 with an ADVIPSERVICESK9-M image, version 12.4(6)TS
View 1 Replies
View Related
May 26, 2013
I am setting up my lab using two 2901 routers which is running on 15.2 IOS.I am trying to simulate a back to back BRI.BRI Module: WIC-1B-S/T-V3 (x2) one of each router.
I followed this amazing document to understand the concept of BRI and configuration. url..but it never says if i can use the module that i have mentioned.
Q1. What cabling i need to use to setup back to back BRI using 2x 2901 routers with these modules?
Q2. What cabling do i need to use.
Q3. Is it actually possible to use these 2 modules alone to simulate a back to back BRI..?
View 6 Replies
View Related
Nov 28, 2012
I had a working active/passive pair of ASA5510's, and then I had to do a rush firmware upgrade, but didn't have time to do it on the secondary at the same time. Now I have made config changes and upgraded the secondary firmware to be the same, and wish to know if I plug it back in if it will think the secondary has the "correct" config or if it will know that the primary is newer. I disconnected the failover cable because it was complaining about version mismatches constantly.
Is it safe to add the secondary back in or is it possible it will be declared newer and overwrite the config?
View 6 Replies
View Related
Jun 20, 2012
I am setting up a network that will use the 1941 router with a cellular card (HWIC) to connect to the Internet for communication with remote stations in the field. The 1941 has a static IP address (166.142.xxx.yyy) on the Internet provided by the ISP (Verizon). The 1941 is connected via ethernet to the ASA5510. The end goal is to have the field cell routers (Digi Transport WR-44-R, also static IP) connect to the ASA5510 via VPN tunnels for communication back to the servers behind the firewall. I'm not sure exactly how to configure the 1941 so that the remote router can connect to the ASA using the public IP of the 1941 router. I have the 1941 working stand alone and can connect to the Internet and pass traffic, but I tried a static NAT to translate the public IP to the private IP of the ASA and cannot pass traffic. below is part of the 1941 configuration: [code]
Do I need to use VLAN bridging to accomplish the task or am I missing something with the NAT?
View 3 Replies
View Related
Jul 30, 2012
I have an ASA 5510, one public IP address on my outside interface, an internal email server and a private network.I would like...
1: Users on my private network to be able to access the internet (PAT them to external outside address)
2: Email to be delivered to my MX (my single public IP address translated back to my internal email server.
i.e. can I share my single public IP address to serve translation in both directions (private users surfing the Internet (in-to-out) and an outside to inside NAT for email) ?
Email (MX) = 1.2.3.4
Public (outside) address = 1.2.3.4
Email server internal = 10.1.2.3
Internal private subnet for users = 10.0.0.0/8
View 1 Replies
View Related
Oct 10, 2012
I'm able to build my tunnel but unable to RDP nor ICMP back to the internal network.
VPN Client IP: 192.168.200.200
INTERNAL IP: 172.17.130.200
my configuration is below:
HOME-ASAFW02(config)# wr t: Saved:ASA Version 8.4(4)!hostname HOME-ASAFW02domain-name hsd1.nj.comcast.netenable password ViPq56cvd3SGvB08 encryptedpasswd 8bcozHCAwCqA5BmN encryptednames!interface Ethernet0/0description OUTSIDE-Connectionswitchport access vlan 2switchport protected!interface Ethernet0/1description INSIDE-Connectionswitchport protectedspeed 100duplex full!interface Ethernet0/2description WiFi-LinkSYSswitchport access vlan 3switchport protected!interface Ethernet0/3shutdown!interface Ethernet0/4shutdown!interface Ethernet0/5shutdown!interface Ethernet0/6shutdown!interface Ethernet0/7shutdown!interface Vlan1description INTERNAL-Networknameif insidesecurity-level 100ip address 172.17.130.129 255.255.255.128!interface Vlan2description OUTSIDE-Link-to-ISPnameif
[code]....
View 12 Replies
View Related
Apr 6, 2011
I have two box cisco asa 5550 in multiple context mode and failover.
My network topology is:
Outside Network
•
•
•
DMZ2 Network • • • • (CISCO ASA 5550) • • • • DMZ1 Network
•
•
•
Inside Netowork
My interface "Inside Network" is full(I think).I can't diagnose this, based on command "sh interface gigabitEthernet"
109042974565 packets input, 100691006385765 bytes
94097614769 packets output, 59002295942465 bytes
999339444 packets dropped
My interface is 1GB, based on the above command, it is full?If interface is full, i have a problem! All the ports on asa firewall are using, how do resolve this? I can compress all data on this interface with class maps and policy maps?
View 4 Replies
View Related
Feb 13, 2012
I have a question regarding firewall configurations. Is it possible to have two interfaces ( for two internet service providers) one for voice and one for data. Can I have two Outside Interfaces that one will apply to a pppoe client group and the other will apply to a static IP? Is this possible and if so What would be the steps on applying this connection? Also to note I have a point to point connection already established for the pppoe. I also have another point to point connection for data, but however I do not know how to apply this to the firewall.
View 3 Replies
View Related
Apr 4, 2011
We are planning to purchase an ASA 5505 for a VPN solution for one of our offices. The office has 50-60 user at peak load who would be connecting over the S2S VPN to the datacenter.
From a hardware standpoint, can the ASA 5505 handle this load. The licence is for unlimitedf inside hosts but what is the actual limit on this platform?
View 1 Replies
View Related
Feb 4, 2013
I have inherited an asa 5510 whit 4GE SSM module installed. The asa runs fine, but i can not use the 4GE SSM ports. Using ASDM or console i can get and configure the gigabitethernet1/x ports but i can not get traffic on it. The ping from the console to the ip address of the Gigabitethernet1/0 is successful. On switches or hubs connected to those ports i can not see the port's mac address. The two Internal-data0/0 and Internal-data1/0 are down and i can get they up. How to configure 4GE SSM or ASA internal-data ports.
View 8 Replies
View Related
Oct 3, 2012
I am not a ASA expert but I have configured them few times. I have a vision of a task I have to complete but not sure if it is practical or how to go about doing it.
We two locations, Location A and Location B. Both locations have a 100MB internet conection. Location A has a ASA 5510. Location B has a 5505. Users at both locations access the internet via their respective ASA. Location A is the headquarters and Location B is a disaster recovery site. We want to setup a tunnel between both ASAs. This tunnel will be used to replicate data between the two locations for DR purposes. We need the users to still use the same pipe to get to the internet but want to allocate 10MB for internet use and the remaining 90MB for the DR tunnel.
View 30 Replies
View Related
May 7, 2012
I have one server-A(windows 2008) installed one application called"host front" which gives athentication to connect Linux(mainframe console) server (SERVER B).These 2 servers are bihind the firewall.If one internal user who has the athentication to logine server-B ,tried to login server A,will get the" username and password"screen and once they enter the username and password ,will get the server-B screen.But if somebody try to connet via MPLS(we need to test MPLS site customers) from outside via ASA 5540 ,to server-A will get the "username password" screen and once enter the credentials, after 1 minitue will get error"http server faild to send datas to the server" and will not move to server -B screen.
View 1 Replies
View Related
Nov 4, 2012
We will be moving to a new data center in the very near future and with them our WAN IP addresses will be changing. Any best course of action for changing the IP addresses throughout the firewall configuration? Would it be possible/suggested to export the running-config, make the neccessary changes, then import the config? I am familiar with the ASA 5510 only so far as changes are required. It is not something I work with on a regular basis.
View 5 Replies
View Related
May 2, 2013
we have ASA 5510 Configured. this is regarding site-to-site VPN.
View 1 Replies
View Related
