Cisco Firewall :: 1841 / Failover Between Leased Line And VPN
Jul 15, 2011
I am going to design one network. I had queries with this design.Let me explain scenario first( it was attached below).I have two sites, Site-A and Site-B, repectively.
In site-A i have one Cisco 1841 router, one Cisco ASA 5510 firewall and One cisco 3560 layer 3 switch.
in site-B i have one Cisco 1841 router, one Cisco ASA 5505 firewall and One Cisco 3560 layer 3 switch.
From ISP side
I have point-to-point leased line between sites A and B. And both sites have internet connectivity from another ISP.
I planned to terminate leased line in cisco 1841 router in both branches for branch to branch connectivity.
I will configure site to site VPN between two sites, A and B.
Here my query was i want make VPN as failover connectivity if leased line fails. In both the cases, i need internet to the inside users in both sides.
Summary requirement:Leased line is Primary and VPN is Back-up, if leased line fails. In both cases internet is needed to inside users.
View 3 Replies
ADVERTISEMENT
Feb 4, 2013
Leased line is between dammam to dubai and the dammam office is getting internet from dubai.The ip address of Dammam office is class A (Public IP) x.x.x.x and for dubai it is y.y.y.y which we are using as proxy for accessing internet.I purchase the local DSL direct line connection through cable from Local Provider and this ip address range is 192.168.1.0 - 192.168.1.254.Is it possible to use the DSL line as failover, so if one line goes down the user should remove proxy and can use local internet.The router which is using is cisco 1800.
I believe that failover is possible, 100%, but would like to know how I can do it and requesting for sharing more inputs about failover in this case.
View 2 Replies
View Related
Jul 29, 2012
How to configure leased line from the ONT connection on Cisco 1841 router . there have public IPs on the interfaces fa0/0 & fa0/1.
View 4 Replies
View Related
Jun 11, 2012
We have configured ASA 5510. We have configure Ethernet 0/0 ( Outside ) connected with ADSL line and Ethernet 0/1 ( Inside ) Local LAN. we have configured NAT and all the traffic is passing through outside interface. Now we have connected ethernet 0/3 ( leasedline ) interface with static public IP. Now we want to allow SMTP traffic to pass through from this interface.
How to configure it if we want our local lan SMTP traffic sending through new leased line ( Static Public IP ).
View 2 Replies
View Related
Mar 27, 2012
The reason is i want to know the difference between the leased line and the DSL line. The whole thing behind the confusion is, We plan to have a high speed internet connection in our office. We will don't have a branch office or some thing like that. I preffered to have high speed internet in our office. I found in some website that Lease line will have high speed connectivity(Upto 10Gbps). Can i use the lease line or DSL is enough for our office. Our office contains of 82 user who will use internet.
View 2 Replies
View Related
Mar 31, 2011
my company has a 4mbps leased line from TTSL . we are getting 2 WAN IP and 2 LAN IP. in Addition we are also getting 12 additional IPs .-what is additional IP, their uses?-how are the 2 wan ips configured? & how they are distributed in network? -is 1 IP from the ISP sufficient if i have a 1:1 internet bandwidth connection?
View 9 Replies
View Related
Dec 28, 2011
I got following IP address from BSNL to configure Internet leased line.OFC cable was terminated at our premises. it has to connect Ethernet port.Say eg.Wan IP : 192.168.1.6 255.255.255.252Public address pool : 172.168.10.6 to 12if i configure one address on Ethernet port1 as nat outside 192.168.1.6 255.255.255.252.the ip address given for wan & pool are different.Then how can i configure pool and how to configure nat inside eg 185.168.10.1 to 255the above ip are not actual ips just given for example.
View 6 Replies
View Related
Aug 3, 2012
I have a cisco 2911 set up at one of my sites and it is configured with sub-interfaces as this provides a default gateway to each of the offices.I have just had a 100mb leased line put in and i have a couple of questions regarding the config.let me start by telling you how it is set up .I have 3 HP Procurve switches connected together then that connects to the Cisco and the Cisco connects to a Zywall
HP Switches > Cisco 2911 > Zywall > Internet
We are wanting to remove the Zywall and connect the Cisco to the Leased line box
HP Switches > Cisco 2911 > Leased Line > Internet
The config of the cisco is
G0/0 - is up but no cable connected as this holds the sub-interfaces
G0/1 - Connects the Zywall - 192.168.1.1 (this has firewall rules to forward traffic through)
G0/2 - Leased Line
The way i have configured the sub interfaces is with its own DHCP pool and default router, some of the offices have there own ADSL router and hold there own Internet connection and the default gateway for that is 192.168.xxx.253 and the offices that use the Cisco use default gateway of 192.168.xxx.254
Now my question is how would I move everyone onto the Leased line and get rid of the Zywall ? Would it be as simple as giving the leased line an address and put in a static route to forward all traffic through that connection ? Or am i missing a trick or 2.
View 2 Replies
View Related
Feb 16, 2012
I have two sites connected via 2901 routers to a head end with an ASA 5510, the WAN circuits are LES running at 100MB and at the head end we have a 100MB leased line. All WAN circuits are provided wires onlyby another supplier. I have setup the two 2901 routers with inside IP addresses on GE0/0 and a /30 subnet for the GE0/1 interfaces to the ASA over the LES circuit.
The LES circuits are set to 100MB but the problem I am having is that one of the 2901s will only negotiate at 10MBps Half Duplex with the ASA at 100MB Half Duplex, the other will negotiate at 100MBps Full Duplex at both ends. My WAN provider tells me both LES circuits are the same so I cannot work out why one will negotiate at 100MB Full and the other at only 10Mb Half.
At the head end I have and ASA 5510 connected to the WAN providers 100MB circuit but testing from my end sites I can only get 6MB download and 0.5MB upload on an Internet Speedtest.
I used Wireshark when downloading from my end sites and I can see lots of TCP retries and duplicates so I think this is a duplexing issue, my question is, my WAN provider is stating the issue is nothing to do with them and it is my 2901 and ASA that is at fault, they state if they connect a laptop to the LES circuit and then their leased line they get 100MB up and down.
View 4 Replies
View Related
Feb 7, 2012
I am a total new comer for Cisco Router. All I know is plug the console cable to a serial port on a PC, fire-up HyperTerminal to view and that's it. I don't know any command or scripts.
I am trying to setup my client connection, I already receive the required configuration settings from ISP. It is a Leased Line Serial connection.
How to setup the router with the below configuration.
Serial IP : 1.X.XX.222
Serial Netmask : 255.255.255.XXX
LAN IP : 1.X.XXX.1 to 1.X.XXX.31
LAN Netmask : 255.255.255.XXX
[Code] ....
View 5 Replies
View Related
Oct 3, 2012
What are the commands for Configuring Cisco 1921 Route's Gigabit Port G0/0 or G0/1 for Leased Line termination having Ethernet Hands Off
Modem Provided by ISP (BSNL ) is CTR-U
View 10 Replies
View Related
Oct 11, 2012
We plan migrate an old existing WAN architecture based on legacy data serial links. These links will be consolidated on a E1 channalized card.
My question :
Is the HWIC-2CE1T1-PRI need a PDVM DSP ressources on router to oparate for data leased lines or no?
The VWIC3-1MFT-T1/E1 will be used for the backup dial in ISDN connexions? this type of cards a PVDM DSP ressources for data connexions or no?
ISR router are 2911.
View 5 Replies
View Related
Feb 20, 2012
I have configured cisco 1751 router for internet with nating. Internet browsing working fine. But We have polycom hdx 6000 conference system to connect from remote site.
1. While calling remote ip it is ringing and connecting but not displaying any thing on the screen but their side is displaying.
2. When they call our side ip it cannot connecting.
I have connected netgear router then video conference is working fine (with out port forwarding also). If I configured that router between 2 local sites (not on internet line) its working fine where i did not configured any thing just given routing. Configure same situation using internet leased line.
View 1 Replies
View Related
Dec 18, 2011
I configured a 1841 router that connects to a DSL modem. This DSL connection is our Internet connection for vendor and IT testing. I have connectivity to the Internet using nat and have configured the router to act as a DHCP server. It seems to be working fine. I just want to configure some best practices for securing the device from the outside access. Is there some standard best practices I should be configuring?
View 2 Replies
View Related
Jun 30, 2011
i am very new for WAN failover configuration so how to configure cisco router 1841 with two WAN link.
View 2 Replies
View Related
Aug 2, 2012
I have a cisco 1841 whose LAN interface is showing status as "Fastethernet 0/1 is up , line protocol is down" the duplex and speed settings in the Router are in Auto mode and the Router was working fine till now , when i changed the duplex settings to duplex full , speed 100 the ping replies comes back with 5-6 replies then the link dies again..
View 1 Replies
View Related
Apr 2, 2011
how to configure VPN connection with failover on cisco Router 1841?
View 5 Replies
View Related
Feb 13, 2012
I got a simple office: one flat LAN, one single 1841 router and 2 ISPs.LAN is 10.10.20.0/24 and is connected to a port on an HWIC card I installed in the 1841. Then FA0/0 connects to ISP1 and FA0/1 connects to ISP2.
Everything is fine except that I am having some issues with the Failover feature. Currently, I am using Object Tracking with SLAs. I am pinging 2 hosts located on the internet and then I have an SLA OR statement which basically say if ANY of the 2 objects are unreachable, DO NOT trigger a failover to ISP2. If in the case that BOTH objects become unreachable, then DO trigger a failover. It works like a charm.
The problems:Any internet hiccup obviously makes the router activate the tracks and redirects all traffic to ISP2. However, 99% of the time ISP1 is back online within minutes or seconds, so after 180 seconds the traffic gets redirected back to ISP1. So in essence, the customer suffers 2 interruptions.
Besides internet hiccups, I have also noticed that every time any user tries to copy a big file accross the tunnel (the 1841 has site to site tunnels with 2 branches) the tracks go crazy and the objects become unreachable so a failover is triggered. We were breaking our heads and fighting with the ISP1 provider because every time this happened, we called them but every time they kept telling us that their line was UP and running without any problems. So after careful investigation, I do admit they were right.... it is not so much that the ISP1 experiences hiccups, it is actually the fact that users putting heavy load into the router are causing it to have its track to stop reaching the objects.
View 5 Replies
View Related
Jul 2, 2012
I'm trying to configure policing and/or shaping on a setup of 2 x ASA 5505 Sec Plus. The units are placed in office A and office B and each have a ISP connection to the internet and a leased line with a capacity of 4/4 Mbit/s for interoffice communication.
On each ASA there's four subnets. VLAN 200 is used to connect the offices through the leased line.
Subnets:
Outside = 2
Data = 10
Voice = 100
Linknet = 200
I've read a lot of articles and posts about shaping and policing on the ASA but still can't get it to work like I wan't to. I'm trying to limit all traffic besides IP-telephony traffic to 3 Mbit/s and thus reserving 900 Kbit/s for voice traffic. I tried setting a service-policy on the linknet interface on each ASA and set Traffic match to Any traffic and QoS settings for both input and output.
I can see traffic passing the policy when I run the "show service-policy police" command but it never seems to be high enough to be policed which is strange since the ASDM monitoring shows that I'm pushing 3900 kbit/s. I file transfers verifies that policing does'nt work.
View 2 Replies
View Related
Nov 9, 2012
I've moved a Cisco 887 router from a site where it was used to dial up on an ADSL line to a new site where we have a EFM circuit which terminates at a Cisco 1841 router managed by our ISP. I therefore need to re-configure our 887 router to work as a conduit from our servers back to the Cisco 1841 as its gateway.
I have asked from our ISP and they told me that i need to configure the 887 to use IP address 176.35.140.65 255.255.255.248 and its gateway should be 176.35.140.70. That's great advice in theory but I don't know how to configure this correctly
Our internal network is using subnet 192.168.42.XX which will need to be retained for local devices.
View 7 Replies
View Related
Feb 19, 2012
I have a Cisco ASA 5505 in our office. We are currently using Interface 0 for outside and 1 for inside. We only have 1 Vlan in our environment. We have two three switches behind the firewall. Today the uplink to Interface 1, to the firewall, on the switch went bad. I want to setup a second inside interface on the firewall and configure it as failover incase this happens again. I want to attach it to the other switch. Can I do this? If so, what do I need to do? would it only be a passive/standby interface?
View 1 Replies
View Related
Nov 11, 2012
The other day I set up a firewall on my Cisco 1841 router, it all seems to work fine except for a few small problems. 2 wireless devices an iPhone and an Android tablet are having some problems with 1 or 2 apps. iPhone 6.0.1 Facebook app and the App store will not load Android tablet ICS BBC iPlayer and Google play app store wont load or play content. Both devices with their issue were working fine until the new firewall was installed. I’ve tried opening ports and adding ACLs but nothing seems to work. I’ve included my start up config. All other PCs, laptops, smartphones and iPads work fine.
Building configuration...
Current configuration : 5551 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
[code].....
View 3 Replies
View Related
Jan 3, 2013
I have a cisco 1841 router , and i want to configure zone based firewall on it. But the document of zone based firewall only said that "after 12.4(6)T" can support zone based firewall. I use the ios " c1841-ipbasek9-mz.124-15.T9.bin ", but it can't support ZFW. What kind of ios support ZFW. for example: ipbase, ent base, ip service ,advent etc.
View 2 Replies
View Related
Oct 10, 2012
Cisco 2500 series access servers show line usage with the "show line" command:
View 2 Replies
View Related
Feb 13, 2012
What is the best way to deploy the IOS firewall feature?I have a Cisco 1841 router running 12.4.
View 4 Replies
View Related
Nov 10, 2011
I got PIX 525 with failover. Due to power issue one Unit was offline for a while. During this time couple of changes was done on the Firewall.
Which Unit becomes active when I plug the Firewall unit which was offline for a while now. Each Unit has 4 Ethernet Connection
E 0/0 - connects ISP Router
E 0/1 - connects to Lan switch
E 1/0 - connects to DMZ port
E 2/0 - connects to failover unit PIX
View 4 Replies
View Related
Sep 23, 2012
we have noted the automatically removing of the only "nat (inside,any)" line, during the upgrade of ASA 5540 from 8.4(3) to 8.4(4) 1: why ?
View 1 Replies
View Related
Jun 20, 2011
Currently we have one ISP1 and all traffic goes to this way. Suppose our isp1 goes down, our outside user cant get the server. All servers are nated to this ISP1.We planned to purchase a another ISP2. Shall we Configure same inside server to map this ISP2? so that one primary ISP1 goes down it will take place the outside trafficISP2.
View 1 Replies
View Related
Nov 23, 2011
How to configure ASA failover for 8.4.
View 1 Replies
View Related
May 23, 2011
a customer have 2 pix 525 with ver 7.0.1 in a failover configuration with serial cable and 2 sc fiber interface and 2 fastethernet 1 used for failover. the strange behaviour is that when i try to do traffic from inside to dmz or dmz to inside the maximum transfer is 862Kb/s to 1MB/s not more.... i don't understand what's happened. the show mem and show cpu are normal 7% mem used and 1-2% cpu used. attached you will find the configuration.
View 5 Replies
View Related
Jul 19, 2011
Is it possible to setup 2 x Cisco ASA 5520 that are in an Active/Standby failover using sla monitoring?
For example ASA1 outside interface connects to an upstream switch and you setup sla monitor with icmp echo to ping that switch. The switch goes down and you need the other ASA2 to become the Active ASA. Can the sla monitor be automatically integrated with the failover commands for this to happen?
View 5 Replies
View Related
Oct 9, 2011
I have a ASA 5505 which is connected to a remote site which also has a ASA 5505 over a L2L VPN tunel. One of the sites has a WAN failover configured with two ISP which is working successfully.
But, when the WAN connection fails over to the backup connection the VPN link breaks as the peer site IP address has changed and the VPN can not establish a connection.
Would it be possible to configure a VPN failover so that when the connection failovers so will the VPN tunnel?
View 6 Replies
View Related
Jun 20, 2011
There are 2x Cisco ASA 5505 in an active/standby failover config. The primary asa 5505 has been reset and the secondary is now running as active. I would like to reintroduce the primary again but need to know how to do this.
Ideally I would like to remove the failover config and start from scratch. Do I just need to enter the following to disable failover on the active secondary box?
no failover
no failover lan unit secondary
no failover lan interface failover Vlan999
no failover interface ip failover 192.168.254.1 255.255.255.252 standby 192.168.254.2
View 2 Replies
View Related
