Cisco Firewall :: 1841 NAT Out One Interface But Not Other With IOS?
Feb 27, 2012
I am trying to figure out how to use a Cisco 1841 IOS router to take traffic from one interface and source NAT it out towards the Internet on one interface and at the same time NOT perform NAT when sending the traffic towards a different routed interface.
Here the RemoteSite has connectivity back to the MainCampus, but there is no need to NAT traffic from the one site to the other. They share the same umbrella of address space. However, the RemoteSite needs to have its Internet-bound traffic NAT'ed out to the Public Internet via a third interface. I know that I could just NAT everything out from the Remote Site and map the traffic back onto the same address space for intra-campus communication, but I'd rather avoid that and just NAT where I need to NAT it to the Internet.
I do have a caveat here: in the event that either the MainCampus or the Public Internet interfaces go down, I would like to failover traffic from the downed link to other good link. For example, I want to NAT all traffic (including "intra-campus" traffic) out via the Public Internet if the direct link to the MainCampus is down. For the other example, if the Public Internet direct link is down, I would just send out all traffic without NAT towards the MainCampus.
View 1 Replies
ADVERTISEMENT
May 9, 2012
i have a 1841 cisco router and i recently purchased a 1 port HWIC wan interface card. My problem is that I cannot see the interface in my config file. Is there something i am missing?
View 8 Replies
View Related
Dec 7, 2010
I am trying to roll out a new internet router. The problem I am faced with is the LEC only supports VLAN 1227 and greater, specifically they are assigning me VLAN 2528. I am able to create the sub-interface and setup dot1q encapsulation for VLAN 2528, but the vlan database does not have the ability to add VLAN 2528 to it so I am unable to get layer 2 up and going, thus preventing me from getting the implementation done.
View 11 Replies
View Related
Nov 4, 2011
I use an 1841 router as an internet facing firewall with a 10MB MetroE connection. Lately users started reporting slow internet download speeds and web pages timing out. Bandwidth reports do not show the link as being saturated so I looked at the interfaces on the 1841. The interface connected to the provider shows OK as far as errors but the LAN side of the router shows steadily increasing input errors. It doesn't show any other errors, no CRC, frame, runts, giants or overruns, just generic input errors. What type of errors are those? Nothing is being logged on the console.
I moved the connection to another switch ports and the errors continue. I switched it down to 10MB and also changed the switch and the errors slow down but don't stop. Interestingly, the switch side never shows any errors. What can I do here? I guess it can be a bad interface but that is such a rare thing that I am hesitant to replace the router.
View 11 Replies
View Related
Jul 15, 2012
I'm trying to troubleshoot one of our site today and can't seem to issue the show dsl interface command on a 1841 router. Does the same command is used for SHDSL or am I running with an IOS bug?
#sh dsl?
% Unrecognized command
#sh ver
Cisco IOS Software, 1841 Software (C1841-BROADBAND-M), Version 12.4(15)T7, RELEASE SOFTWARE (fc3)
Technical Support: {URL}
Compiled Wed 13-Aug-08 15:42 by prod_rel_team
#sh inv
NAME: "chassis", DESCR: "1841 chassis"
PID: CISCO1841 , VID: V05 , SN: FHK13212639
NAME: "WIC/HWIC 0", DESCR: "WAN Interface Card - ATM (With multi line G.SHDSL module)"
PID: WIC-1SHDSL-V3 , VID: V02 , SN: FOC132041KD
View 4 Replies
View Related
Jan 13, 2013
I have a cisco 1841, Im trying to write an app which will get the Interface Utilization on my 2 atm interfaces and fast eth 0/0 interface.
I’ve been reading up and have got as far as downloading the codeplex snmp library project. I’m using the snmpget app to get details off my 1841 successfully, but I now need to know the OID for interface utilization and how to define which interface to get.
View 1 Replies
View Related
Dec 22, 2010
I have a problem in my Cisco 1841 in Virtual-Access Interface all interfaces is UP Except Virtual Access is Down . [code]
when i want recover the virtual access to up ,should i do shut & no shut to the ATM interface.What is the cause of the problem, and how I can solve this issue?
View 2 Replies
View Related
Feb 11, 2013
I have an 1841 between my firewall and the ISP. Three interfaces - multilink to ISP, FA to my firewall, and FA to my inside network. I use the inside interface for configs aand snmp access, etc. Only my ISP-assigned fixed address block will get routed to the multilink by the ISP but I am nervous about the inside interface sitting on my LAN. I know I can remove it, but if I keep it there, how can I set up an ACL so that all traffic from the multilink interface is denied to the inside interface? I suppose another way to think about it that the inbound iface can only accept traffic from its own outside, not from the router.I think this is fairly simple but I don't want to knock down the traffic if I get it wrong.
View 8 Replies
View Related
Jan 3, 2013
we've to configure our router 1841 to use both 2 interface Fe for two different vlan (also the second has to go on internet).
Actually we have int Fe0/0 configured with an ip address 192.168.1.1 for lan1 192.168.1.0/24 and we will use the second int Fe0/1 with another ip address like 192.168.2.1 for lan2 192.168.2.0/24.
see below configuration:
[code]...
View 5 Replies
View Related
Jul 2, 2012
We have an ADSL2+ line from a WIC in a 1841, everything has been fine for the last few years and then the last few months the connection going down. When checking the interfaces the ATM0/0/0 is up up and the same for the dialer interface we are using, they are both up/up, but this still needs a reload of the router to be functional again, shutting the interfaces does not bring the connection back up.
I am not an expert on ADSL lines, I have never really had a problem with anything previously. The router was running Netflow to a network monitor wondering if this or logging was causing an issue with entries in the buffer??
Here is an output of show dsl int, would change the firmware, it has been fine all this time before though we are running IOS 12.4(24)T1 advseck9-m, as far as I can seen from our ISP the config for ADSL is all correct. [Code]
View 4 Replies
View Related
Dec 19, 2010
We want to terminate new 10M link via Ethernet interface on Cisco 1841 router. We have free Gig port on the router. We also have HWIC-FE module inserted in the router. However, our implementation team said that Cisco 1841 doesn't support 10M link. It is not designed to cater to such high Bandwidth.
View 14 Replies
View Related
Dec 21, 2010
What are the possible effects of assigning an invalid address like 172.22.0.0 255.255.255.252 to a router interface. The 1841 router accepted the address?
View 12 Replies
View Related
Apr 29, 2012
I am trying to use the connected WIC2-2MFT, as the servial interface on my cisco 1841.But it does not show me the option, under configuration interface
[code] What should I do to make this enable on this list?I am attaching the show tech-support, and show version of this device.
View 5 Replies
View Related
Feb 18, 2013
We are using Cisco Router 1841 and users reporting issue related to VoIP. After investigation, seeing input errors on Router LAN interface, but there is no error on connected switch interface. [code]
View 2 Replies
View Related
Nov 14, 2011
We have a 1841 Cisco router for one of our remote sites and we have the GRE over IPSec tunnel on it (with our datacenter router) for the connectivity. The LAN facing interface becomes UP/Down (status 'UP', Protocol 'Down'). When I login the router and 'shut' and then 'no shut' the interface, the interface becomes UP and everything starts to work. Traffic starts to flow across it. But after some time, some hours or sometimes some days, the interface is again back to up/down status. The router is connected to a non-Cisco switch. I do see some CRC's increasing very slowly, but apart from that there seems nothing wrong with the interface in sho int fas0/0 command:
!
RTR01#sho int fas0/0
FastEthernet0/0 is up, line protocol is down
Hardware is Gt96k FE, address is 0026.cb91.ee48 (bia 0026.cb91.ee48)
[Code]....
View 1 Replies
View Related
Oct 22, 2012
While I managed to connect to each router individually, I decided it was time to connect the routers together via serial; as I don't have any serial cables and need to buy some, what serial cables I need, as well as to ask whether I have the right cards in my router(s) that will allow me to do so.
I bought 3 1841 routers, and all have a 1 port serial WAN Interface Card (WIC 1-T); one router has 2 of these, and one router has a WIC-1B-S/T .. My question is, can I connect the routers with a serial cable via WIC 1-T, or do I need a 2-T
View 1 Replies
View Related
Jun 5, 2011
my office is looking in ordering a HWIC-1FE to supply our cisco 1841 router with a second ISP connection. i wanted to find out if this card support load balancing and fail over? not sure if fail over is the right terminology so ill explain, i need it so that if one ISP connection goes down (as it does often) it fails over to the second ISP.
View 3 Replies
View Related
May 28, 2013
We are having Cisco ASA 5540 having Cisco Adaptive Security Appliance Software Version 8.0(5)23 at certain time of moment daily wer are facing latency and packetdrop wherin when I checked for ASA Interface which gives me " Input Errors" on outside interface ,so can any one tell me what are the causes to get input errors on cisco asa outisde interface.
View 2 Replies
View Related
Oct 9, 2011
I have Pix 501 firewall and I'm just configuring the device for "Email Server" to allowing POP/SMTP.
Inside Interface Address: 132.147.162.14/255.255.0.0
Outside Interface Address: ISP provided IP address
My question is can my traffic goes from inside interface to outside interface? (because the inside interface address not from 10.0/172./192.168 private address)Also I'm allowing internet from this email server (132.147.162.14) so what my access list to be configured? and what my subnet mask shoud be there?
Pix(config)#access-list outbound permit tcp 132.147.162.14 255.255.0.0 any eq 80
Pix(config)#access-list outbound permit udp 132.147.162.14 255.255.0.0 any eq 53
Pix(config)#access-group outbound in interface inside
View 7 Replies
View Related
Mar 18, 2013
I've got a ASA 5550 firewall interface failover issue. (File attached).
when I shut down the inside interface Gi 1/1 of the left firewall(Active firewall), It failed to failover. but when I shut down the Gi 1/12 of the Core 1 switch, The firewall failover very well.
I followed this guide but I was not able to failover. [URL]
how can I configure so that when the Gi 1/1 or Gi 1/0 interface goes down, it can failover ? Code...
View 6 Replies
View Related
Nov 11, 2012
The other day I set up a firewall on my Cisco 1841 router, it all seems to work fine except for a few small problems. 2 wireless devices an iPhone and an Android tablet are having some problems with 1 or 2 apps. iPhone 6.0.1 Facebook app and the App store will not load Android tablet ICS BBC iPlayer and Google play app store wont load or play content. Both devices with their issue were working fine until the new firewall was installed. I’ve tried opening ports and adding ACLs but nothing seems to work. I’ve included my start up config. All other PCs, laptops, smartphones and iPads work fine.
Building configuration...
Current configuration : 5551 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
[code].....
View 3 Replies
View Related
Jan 3, 2013
I have a cisco 1841 router , and i want to configure zone based firewall on it. But the document of zone based firewall only said that "after 12.4(6)T" can support zone based firewall. I use the ios " c1841-ipbasek9-mz.124-15.T9.bin ", but it can't support ZFW. What kind of ios support ZFW. for example: ipbase, ent base, ip service ,advent etc.
View 2 Replies
View Related
Feb 13, 2012
What is the best way to deploy the IOS firewall feature?I have a Cisco 1841 router running 12.4.
View 4 Replies
View Related
Apr 5, 2011
I'm trying to configure my BRI interface in "network protocol-emulate network" and "layer1-emulate network" but i don't have this second command.Is someone have allready to that with this type of interface ?I've to configure this because the ISDN line of my telco is in user mode only.
View 5 Replies
View Related
Oct 20, 2012
In my company, we have two Internet connections, one for VPN and the other for emails and browsing. I have Cisco 1841 router with dual ADSL links, and also it's conntected to ASA and the other PIX. through one physical interface (vlan 1and vlan 2). The PIX firewall is connected to users, and the ASA is for VPN only.How can I seperate the traffic is going for emails and browsing and the vpn traffic. I have got to the point, that the router is configured for both ADSL connections, and I also configured the access-list and route-map in the router, the thing is when both ADSL configured together none of them works.
View 1 Replies
View Related
Apr 2, 2012
I have a Cisco 1841 serving as a connection between my ISP and my Firewall (non Cisco).
I seem to be having performance issues with my traffic going through the Router.HTTP (web browsing) is fine andI get my download rate as I would expect for a 10mbps connection.But anything to do with my VPNs I find a delay when sending via the 1841.(all my VPNs are managed by my Firewall and I have never had problems with those).
I also have a legacy ADSL connection to my firewall, which bypasses the 1841 and I am having no issues on that at all.If anything it is quicker! Which is madness as my Fibre should out-perform it easily.This leads me to believe the issue is not with the Firewall.
My 1841 is very simply setup, 2 fa interfaces with simply a default gateway setup within it.Which leads me to ask if I need more static routes in or a dynamic route protocol setup?
View 4 Replies
View Related
Feb 11, 2013
Configuring Cisco 1841 router and firewall.My provider has put their equipment and given me 2 subnets with public ip address. I am used to getting just one Subnet and connecting my firewall straight to the hand off. But in this case I am a bit confused. I assume I will need to put a router and configure it with before I connect my firewall. [code] I also have a firewall that I would like to be on the subnet 2 at 200.xxx.97.130 and have my private network 192.168.xxx.xxx behind it.
View 2 Replies
View Related
Apr 6, 2011
I have configured a Cisco router. I am able to ping google from rotuer. I can ping my local IP from router and router local IP to my machine. But I can not access internet on machine. I can not ping google and any other IP out of network.
View 11 Replies
View Related
Nov 27, 2011
I have a Cisco 1841 router with an HWIC-ADSL module installed. My ADSL connection is PPPoA with a dialer interface and I have been provided 6 ip's from my provider to use on this service. Previously I have connected Fa0/0 on the 1841 straight onto my network and used NAT and ACL's on the 1841, I would now like to change this and have Fa0/0 connected to a Palo Alto firewall and use the Palo Alto to provide NAT, Firewall & site to site VPN functions. What config would I require on the 1841 to allow me to use one of my ISP IP addresses on the Palo Alto to allow it to be a VPN endpoint? Do I need to configure the 1841 in bridge mode?
View 3 Replies
View Related
Feb 19, 2012
I have a Cisco ASA 5505 in our office. We are currently using Interface 0 for outside and 1 for inside. We only have 1 Vlan in our environment. We have two three switches behind the firewall. Today the uplink to Interface 1, to the firewall, on the switch went bad. I want to setup a second inside interface on the firewall and configure it as failover incase this happens again. I want to attach it to the other switch. Can I do this? If so, what do I need to do? would it only be a passive/standby interface?
View 1 Replies
View Related
May 5, 2013
I have an asa 5520. How would I configure my dedicated management interface to be able to route off subnet while the firewall is in transparent mode?
View 1 Replies
View Related
Apr 21, 2013
I am trying to figure out how this works. I have an ISP device that connects to my 1841. ISP and fa0/0 hold the /30 WAN addresses. Fa0/1 hold one of the public IPs, lets say 1.1.1.1/29. Then the outside interface of the ASA holds 1.1.1.2/29. Now I have two routes in the 1841, one for default route going back to the ISP device, and a route for the 1.1.1.0/29 network going to the ASA.Now I have 4 more publics I can use 1.1.1.3 - 6. I do not want to assign these IPs to the servers, but yet just NAT them. I know this is possible, but cant figureI took an internal host and did a one to one static NAT from private to public. Packet tracer says my NAT rules are ok. Allowed all IP traffic for testing and still can't ping the server.
View 3 Replies
View Related
Jul 15, 2011
I am going to design one network. I had queries with this design.Let me explain scenario first( it was attached below).I have two sites, Site-A and Site-B, repectively.
In site-A i have one Cisco 1841 router, one Cisco ASA 5510 firewall and One cisco 3560 layer 3 switch.
in site-B i have one Cisco 1841 router, one Cisco ASA 5505 firewall and One Cisco 3560 layer 3 switch.
From ISP side
I have point-to-point leased line between sites A and B. And both sites have internet connectivity from another ISP.
I planned to terminate leased line in cisco 1841 router in both branches for branch to branch connectivity.
I will configure site to site VPN between two sites, A and B.
Here my query was i want make VPN as failover connectivity if leased line fails. In both the cases, i need internet to the inside users in both sides.
Summary requirement:Leased line is Primary and VPN is Back-up, if leased line fails. In both cases internet is needed to inside users.
View 3 Replies
View Related
