I recently installed a 2951 with a security plus license..I hate it (security featuers not router) and would like to put the asa back in place.how to integrate the asa with the 2951, I believe I need to run it in multi context mode.
View 3 RepliesI have a 2951 which i want to integrate to the CUCM and wish to plug a Siemens ISDX into it which is the best card to use
NM-HDV2-1T1/E1 or WIC2-2MFT-T1/E1? its QSIG
I planning to integrate cisco asa5505 device in runing enviornment for filter ip traffic.Internet ----router----ciscoasa----lan.Ip series is public(25.263.25.0/24) througout of network (no privateIP)now how do I set asa in such case and filter traffic from comming into lan and going out to internet.
View 5 Replies View RelatedI am confiuring ZFW on a Cisco 2951 Router. The router has the following interfaces: [code]Port Channel 1, 1.5, 1.10, 1.15, 1.20 have been added to the zone called IN-OUT. All the subinterfaces correspond to an internal VLAN.The router is connected to a MPLS network and has a BGP peer on interface MPPP. Over the MPLS network, an ecrypted DMVPN tunnel to HQ has been built (tunnel 0). EIGRP is the routing protocol running over the tunnel.Traffic coming in from HQ has to be firewalled on this router (don't ask me why!!). As a result, I am configuring ZFW on this router.
1-The router itself does not need to be protected, only the servers in the remote offices. That being said, I am not planning to create any self zone on this router. I don't want to break BGP, therefore the MPPP interface will NOT belong to any zone. Is this the correct way to do it?
2-The tunnel 0 interface will belong to OUT-IN zone that will protect all incoming traffic into this site from HQ. So when writing class-maps for the traffic coming INTO this site, do I need to write any class-maps for EIGRP or ESP? My guess is no, since that traffic will not be coming into the site, but rather just terminating on the router.
I have a Cisco 2951 Router on which I configured routes for Zone-Based Firewall. I have a FTP server inside my network and I have allowed hosts from the internet to connect to it through the router. They, are however not able to connect or they are connecting but they cannot transfer files. I checked the logs on the router and the error message is as follows:
%FW-6-DROP_PKT: Dropping tcp session xx.xx.xx.xx:21 xx.xx.xx.xx:21766 on zone-pair ccp-zp-out-in class FTPInbound due to Invalid Seq# with ip ident 0
Me to a 2951 router with fireawall featureset. Ive begun to move the ACLs that where in the pix. However some of the rules are allowed to be typed in bur when i look at the ACL afterwards they are not what i typed in.
View 2 Replies View Relatedi have a cisco ACS version 5.0, I need to authenticate a wireless users connected to WLC 2100 controller when i connect the controller to a Dot1x port in the switch , the port go down.
View 6 Replies View Relatedhow to integrate NetFlow to some Ciscoworks module.
View 3 Replies View RelatedWe have a core 6500 switch that has a PRI module in it that binds (4) T1 lines together and we also have a 2600 Rtr that binds 4 other T1 lines together and pipes them into a ASA5520. We are changing WAN vendors but still have to maintain the (8) T1 connections until our contract runs out, which will be in a few years. The 8 T1's are not enough bandwith for our operation and we will be adding a 20meg WAN link in the next month. What I am trying to figure out is how to best integrate 3 different WAN links into one LAN. What I am thinking of doing is to leave the 6500 core switch as is and then to purchase a router that can hold (4) T1 wics and the 20meg link. Is it possible to bind those 5 links together even though they are different vendors?
View 4 Replies View RelatedWe have LMS 4.1 in our network. We had recently installed Remote Syslog Collector on a new Server to collect logs from all the devices. How can we integrate the Remote Syslog Collector with the LMS Server?
View 3 Replies View RelatedI have installed 4 unit Cisco Aironet 1250 acting as Autonomous AP each. I want to integrate these AP to Windows Active Directory for authentication level.
When I read configuration guide on Cisco Aironet, they must be authenticated via RADIUS server.
Is it possible that these AP directly authenticated to Active Directory via LDAP protocol?
We are looking at possibly adding a second 5508 controller to our network and running in HA mode. I see now that there are 5760's available that run on IOS. Is there any way we can integrate a 5760 into our existing network instead of going with a second 5508? I would prefer to invest in newer hardware whenever possible.
View 15 Replies View RelatedI have a question. What is the requirement of integrate ACS 4.2 Appliance and AD about CA server? it has to be windows 2003 server enterprice o windows 2008 enterprice? or it can be windows 2003 and 2008 stand alone? another question is about multi domain, i have domain father and children. the installation of CA Server is in domain father to enable 802.1x with AD with all domain children integrate? or I can be install the CA server in the server of domain children and is it work (CA server installed in server in domain child and it working all domains child and father)?
View 1 Replies View RelatedWe having ACS version 5.2 0.26 with Active/Standby. We need to integrate active directory with ACS. Domain name given by Server team was as xyzcompy.local. When I tried to resolve the same domain name I got five servers ip address against the same domain name. however we given the ip reachability to only for two servers. We we try to save we get error saying that "Can not resolve the network address".
So my questions are;
- does ACS should have ip reachaibility to all five servers
- does the username/password we entered in the ACS should have domain admin rights?.
- the given AD is configured with windows NTP [URL] but when we configured ACS as windows NTP it was taking local server as active NTP..?
When we check the ACS logs, we saw the following error;
in acsLocalStore:
AdminName=acsadmin, DomainName=qatarconvention.local, ADOperationResult=unable to create secured connection against AD server, switching to non-secured connection. javax.naming.CommunicationException: simple bind failed: qnccad02.xxxxconvention.local:636 [Root exception is java.net.SocketException: Connection reset],
in ACSADAgent;
32484]: INFO dns.findsrv FindSrvFromDns failed: res_query failed _ldap._tcp.xxxxconvention.local
Sep 4 12:43:20 acs01-cc4 adjoin[32484]: INFO cli.adjoin Join to domain 'xxxxconvention.local', zone 'null' failed.
I attached some screen print which saw the error and output of nslookup for the domain name.
I cannot integrate Virtual MSE 7.3.101 with my Prime Infrastructure 1.2 After I setup MSE via its wizard, I make a change on WCS username and password. When I try to integrate MSE with Prime Infrastructure, Prime notify me about the mismatch username/password.
Both systems are fresh install on my UCS C220 M3.
I would like to integrate our intranet web page with Cisco WLC 2500. Is it possible to integrate custom web page with WLC. I know, that I can create custom authentication page, but what about creation of the user?
View 5 Replies View RelatedI need to integrate Cisco ISE and WLC5508 with FlexConnect (local switching) using EAP-TLS security for wireless clients across multiple floors (dynamic VLAN assignments based on floor level). The AP model used is 3602.
- What RADIUS Attribute can be used for dynamic VLAN assignments based on floor level? Is there an option where I can group all LWAPs in same floor for getting certain VLAN from ISE?
- I intend to use WLC software version 7.2 since 7.3 is latest version. Has someone use WLC software version 7.3 without any major bugs/issues pertaining to FlexConnect and EAP-TLS?
- I read some documents saying L3 roaminig is where the associated WLC has changed. However if user move to different subnet but still associated to the same WLC, would this be consider as L3 roaming too?
I have a 2821 ciso router and i want to setup a vpn for my windows domain users , they must to reach the domain from outside. There is posibile to intregrate Active directory auth with pptp running on 2821 router? kind of dialin via radius server(IAS running on windows server 2003).
View 3 Replies View RelatedCan we integrate cisco acs verison 5.x with active directory Microsoft windows server 2012 ?
View 1 Replies View Relatedour customer has a server farm in a data center.At the moment the farm has connectivity with only one ISP but sometimes it has service discontinuity.Customer wants to become AS and having two ISP connectivity for backup purposes.He needs to evaluete two cisco routers to use at AS edge with BGP.At the moment he says that the throughputh with the server farm is max 15Mbps and in the future he thinks that it will not increase.We think about cisco2951 routers with 2GB ram.Is cisco 2951 adeguate for this task ?
View 3 Replies View RelatedI have the situation with my new Cisco 2951 router. It has only one module on board - SM-D-ES3-48-P. I don't know what is wrong but I can't see any information about this module. When I connect my laptop to any port it's become green, but it's still green even after I disconnect PC from this port. Sh ip int brief command shows only built-in gigabit interfaces. I also connect my second PC to the router by console to monitor any changes when I connect or disconnect laptop to the module's ports. [code]
View 3 Replies View RelatedI'm setting up IPsec for a DMVPN between a 2811 and 2951s in a test lab. I have enabled IPsec on the hub (2811) but I am unable to do so on either of the 2951s. After researching, it seems that I may have the incorrect IOS for this, but I am at a loss which IOS I should be using. Currently the 2951s are on "c2951-universalk9-mz.SPA.151-2.T2.bin".
View 1 Replies View RelatedWe have an old 3725 router with a HSSI card connected to a DL3100, which in turn is connected to a subrate DS3 circuit. The plan is to replace the router with a new 2951 router and a NM-T3/E3 card.After the router was replaced, I configured the NM but the circuit remained dow/down. I'm sure it has to do with the fact that the DS3 circuit is channelized but I'm not sure how to configure this module to be channalized. Here is the configuration that I placed on the router: [code]
View 4 Replies View RelatedWe recently purchased the Cisco Router 2951 router with the IOS 15.0. I have tried to put in my VIC2-4FXO card in it. When I did show invetery, it detected the card.[code] When I tried to configure the voice port by typing voice port, it shows % Invalid input detected at '^' marker. I have tried to reset the cad and replace with another one.
View 3 Replies View Relatedsetting up IPsec for a DMVPN between a 2811 and 2951s in a test lab. I have enabled IPsec on the hub (2811) but I am unable to do so on either of the 2951s. After researching, it seems that I may have the incorrect IOS for this, but I am at a loss which IOS I should be using. Currently the 2951s are on "c2951-universalk9-mz.SPA.151-2.T2.bin" and the only crypto options.
View 9 Replies View RelatedWe have approx. 40 branch offices that connect to our core IOS Firewall (2951) over ipsec VPN Tunnel. One particular site has been facing issues over the past few days. This site will sporadically drop it's VPN Tunnel and reestablish after a few seconds. If I run debug crypto ipsec and crypto isakmp on the site that is dropping, it is constantly going through the DPD process. If I run these same commands on another site, they seem to run DPD at all.
Here is some of the output I am seeing on the site that is failing.
Jan 8 11:18:38.873 AST: %FW-6-DROP_PKT: Dropping tcp session 111.222.3.106:50083 96.16.47.144:80 due to Stray Segment with ip ident 54856 tcpflags 0x5004 seq.no 2154004347 ack 0
Jan 8 11:18:46.061 AST: ISAKMP (4028): received packet from 111.222.255.106 dport 500 sport 500 Global (I) QM_IDLE
Jan 8 11:18:46.061 AST: ISAKMP: set new node -1497488895 to QM_IDLE
Jan 8 11:18:46.061 AST: ISAKMP:(4028): processing HASH payload. message ID = 2797478401
Jan 8 11:18:46.061 AST: ISAKMP:(4028): processing SA payload. message ID = 2797478401
[code]....
How to get a WLC on a SRE up and running. I have a WLC installed and running on a 2951 SRE connected to a L3 switch in a lab.
I've tried to follow the Cisco document:
[URL]...
My wireless clients could only receive a DHCP allocated IP address for the 55.XX subnets defined on the wireless lan controller and SRE (shown on page 12 of the pdf). All traffic seemed to be routed via the native vlan of the inside router trunk interface and all DHCP requests arriving at my DHCP server were from 55.XX. Because of this I didn't see the point of trunking
so I've changed it to a point to point routed connection, created a 55.XX DHCP scope on my DHCP server for the wireless clients and all routing works fine.I found the document rather misleading.
configuring my Cisco 2951 router. There are three routed interfaces that I need to configure: one for the internal LAN, the second for another private subnet that connects to a Data Centre and the third for the WAN connection. I have configured the Ge0/0 interface as the LAN interface with the internal network 10.17.0.0/24. I have also configured my WAN interface Ge0/1 for internet connectivity. Now, I need to configure the third interface Ge0/2 that will connect to the Data Centre. This will be a private point to point switched ethernet link. The Data Centre will host a secondary domain controlller. So, I want it to be on the same network as the internal LAN, i.e., 10.17.0.0/24. I want to be able to see all other devices that will be located at the Data Centre just like I would see all devices connected to the internal LAN.The problem I am facing is that Cisco 2951 does not allow me to configure two routed interfaces to be on the same subnet. Is there any way to work around this problem and configure both the internal LAN and the Data Centre private network to be on the same subnet.
View 6 Replies View RelatedI currently have a 50Mbps Internet Connection provided by an ethernet handoff for hosting some webservers. We are looking at adding an additional 10Mbps Internetn connection and route BGP between the two. For the 50Mbps connection, i'm using a Cisco 2951 router. I also have another 2951 router to terminate the 10Mbps connection. Does these router have enough horsepower to fully route BGP?
View 1 Replies View RelatedI'm just double checking here because I saw one doc that didn't mention the 2900 on the data sheet but, I ve seen the 2900 listed with on others. I don't see the 2900s listed in this with the interface.
[URL]
We have just installed our first 2951 router, and were suprised to see in our Netflow collector that Tunnel interfaces appeared even though we did not configure any, I have seen other posts talking about PIM tunnel when using Multicast, but we dont use multicast and the tunnel is GRE questions are, where do these interfaces come from? how do they pick up an IP address? can we shut them down? IOS is 150-1.M4 loopback interface ip address is 172.16.224.238 ( tunnel source) see output from sh int below
Tunnel0 is up, line protocol is up Hardware is Tunnel Interface is unnumbered. Using address of Tunnel1 (172.16.0.1) MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec, reliability 255/255, txload 99/255, rxload 1/255 Encapsulation TUNNEL, loopback not
[Code]......
configuring my Cisco 2951 router with Z0ne-based firewall. This is the scenario I would like to configure.
I have two ftp servers,S1 and S2, behind the router which needs to be accessed by two groups of users, G1 and G2, from the outside, i.e., from the internet.
I have two public IP addresses, 152.12.164.203 and 152.12.164.204. The WAN interface of the router is configured with IP address 152.12.164.203. G1 needs to access S1 on 152.12.164.203 and G2 needs to access S2 on 152.12.164.204.
What are the steps in configuring the router if I need the above scenario to be implemented?
We have 50 Mb Comcast cable conencted to 2951. There is another conenction to AT&T 20 Mb circuit which goes thru' an ASA 5510. Path to Internet is as below. [code]
As long as Comcast is up, 2951 sends Internet traffic out to Comcast and uses AT&T via ASA for backup.When traffic goes over Comcast, users complain about slow speed out to Internet. If we force traffic to AT&T via ASA, speed issue goes away.
We don't see any issue on 2951 router in terms of CPU or memory util.WHat can cause slow speed despite the fact that router resources are not maxed out and Comcast circuit has 150% more capacity than AT&T?