Cisco Firewall :: N2H2 Support On ASR 1001
Aug 31, 2011
A customer recently purchased an ASR 1001 under the impression it could replace their old 3662 router and ASA 5505. The ASA is configured for their SmartFilter proxy server (N2H2), and I am having a heck of a time finding any documention on how to configure this. I found the following: To use SmartFilter with Cisco IOS firewall, install the SmartFilter componentsand use the IFP plugin (off-box). To configure the Cisco IOS for SmartFilter,use the Cisco document Firewall N2H2 Support located on the Cisco Web site,[URL]Well, I found the Firewall N2H2 Support document [URL], but the ip inspect command doesn't seem to work on the ASR. Is there any way to make this work or does the ASA have to stay in line?...
View 3 Replies
ADVERTISEMENT
May 15, 2012
I just would like to confirm if the ASR 1001 with IP Base license can support the normal BGP features such as remote-peering IPV4, Local-AS.
I am not looking for advanced features such as Route Reflectors, VPLS, L2 VPN, etc.
View 1 Replies
View Related
Feb 20, 2011
We are going to purchase ASR 1001 with ipbase, BGP is our basic requirment if we purchase ipbase(SLASR1-IPB) it will support BGP.
ProductDescriptionASR1001Cisco ASR1001 System,Crypto, 4 built-in GE, Dual P/SASR1001-PWR-ACCisco ASR1001 AC Power SupplyCAB-IND-RAPower Cord India, Right AngleSASR1001UK9-32SCisco ASR 1001 IOS XE - ENCRYPTION UNIVERSALSLASR1-IPBCisco ASR 1000 IP BASE LicenseM-ASR1K-1001-4GBCisco ASR1001 4GB DRAM
View 3 Replies
View Related
Mar 4, 2012
is the ASR 1001 either with IDC OC3 or T3 support VPLS and what is the limitation, what is exactly support is it full functionality of VPLS?
View 4 Replies
View Related
Feb 28, 2010
Can any ASA 5500 in particular the ASA5510 firewall support jumbo frames (i.e. greater than the default standard 1500 Bytes frames)?. I plan to use the ASAs to setup a point-to-point IPSec tunnel and need an Application frame of 4Kbytes intact and not segment it.I have done little checking on the Cisco Website and see it mention of Jumbo frames on the 5580 on 10Gig interface but didn't see mention 5510. 5580s are way over-kill and expensive for what I need is to run a mission critical one IPSec point-to-point with maximum of no more than 100Kbps so 5510 is perfect for me but not sure if it can carry the jumbo frame?
On the routers and switches it's the MTU settings and they are configurable per interface and I am OK and the circuit is T1 which the Telcos said it's OK since it's physical layer so the only unkown is the firewall.
View 2 Replies
View Related
Apr 15, 2013
I've an ASR1001 with 15.1(2)S code on it connected to out ISP, we've been get some complaints about performance and I'm seeing drop on the output policy. Checking the bandwidth consumption we have plenty spare when drops are occuring, there's 300Mb/s. Details below, any suggestions gratefully received
The policy is to guarantee the following bandwidth:
Outbound policy:
class 1 => 50% guaranteed
class 2 => 8% guaranteed
class 3 => 1% guaranteed
class 4 => 5% guaranteed
class 5 => 1% guaranteed
class 6 => 5% guaranteed
class => 7% guaranteed
class 8 => 7% guaranteed
class default => not configured
config :
policy-map priority
class 1
priority percent 50
class 2
priority percent 8
class 3
priority percent 1
class 4(code)
View 9 Replies
View Related
Jan 3, 2013
I have a cisco 1841 router , and i want to configure zone based firewall on it. But the document of zone based firewall only said that "after 12.4(6)T" can support zone based firewall. I use the ios " c1841-ipbasek9-mz.124-15.T9.bin ", but it can't support ZFW. What kind of ios support ZFW. for example: ipbase, ent base, ip service ,advent etc.
View 2 Replies
View Related
Jun 13, 2012
I have an Pix 515E firewall with Pix724-33.bin IOS. I just want to know that does this IOS support SNMPV3 or I will have to upgarde it with some other version.
View 1 Replies
View Related
Dec 29, 2012
i have 1001 ASR which boots up ok but shows a warning "filesystem is not clean" and thereafter the image is validated well, it shows up the following two messages and just goes idle from there. [code]
View 6 Replies
View Related
Sep 3, 2012
I just need to start building the configuration of an ASR 1001 but I do not know how gigabitethernet interfaces are named on these routers? Are Gi0/0/X or Gi0/X ??
View 1 Replies
View Related
Apr 29, 2013
I am replacing my 2900 Internet router with a ASR 1001. I am really not doing anything to fancy on the configuration just routing traffic from the internal LAN to our ISP connection. With the new ASR 1001 there is a configuration for VRF Definition Mgmt-Intf do I do anything with this? There is also a interface for vrf forwarding. At this point we are just running IPv4. The plan was just to configure the GigabitEthernet interfaces but I wanted to make sure if I should try and configure VRF.
View 2 Replies
View Related
Jan 22, 2012
I am responding to a tender where the client is asking for the firewall to support an onboard disk drive for logging purposes, which is a minimum of 500 GB in size.
The other requirements all point towards the top of the range ASA 5585-X Chas w/SSP60,IPS SSP60,12GE, 8 SFP+,2 AC,3DES/AES.
I note the 5585 when configured on DCT comes with HDD blanking plates, is there an HDD supported on this?
View 1 Replies
View Related
Mar 7, 2013
We have an existing WAN connection from a Cisco 2821 router to Time Warner with a single mode fiber connection using the following SFP:We have a ASR 1001 router configured to replace the 2821 router. When I connect the fiber into the ASR 1001 router the link does not come up. I have used the above SFP without success and the following SFP.I have seen Cisco documentation that only certain SFP modules are compatible with ASR router, but I believe the second SFP I listed is compatible. As a test, I connected my ASR router to a 3750 switch using long haul SFP modules on each end so I know the SFP module works. The only downside to this test is I only had a multi mode patch cable. Are there specific settings on the ASR interface that need to be set to allow this connection?
View 1 Replies
View Related
Jan 31, 2012
I have an issue with an ASR 1001. The problem occurs with MQC shaping applied to a gigabit interface in the outbound direction. The CIR of the provider we are using is 100Mb/sec, so we are shaping to that value. However when reported traffic levels are about 60Mb/sec, we see a steady increase in output drops. [code]
I have also tried increasing the hold queue, however this does not work with the drops. Increasing the shaping rate to 200Mb/sec gets rid of almost all the drops (not quite all!) but is not what we need. I think that we should see some drops when rates spike above 100mb, however the amount we are seeing seems excessive?
View 1 Replies
View Related
Jan 20, 2013
This would be the first time I will be working on NCS for a client. There is completely a new install and I was just doing my reading to get my head around the overall working of the product. I had a small Q in mind which I wanted to ask here, while going the config guide, i could not find the way to add a router to the NCS prime. W have ASR 1001 in use along with switches. I read in some forum that NCS supported routers but couldnt find the way in the config guide unless i am missing somewhere. The NCS version is 1.0
View 6 Replies
View Related
Aug 8, 2012
We have problem con EIGRP and two ASR 1001 in High Availability. ASR2 have received all route (100 route) from PE, but in ASR1 doesnt received all route (75 route) from PE or from other ASR02. All PE have all route. The ASR1 when modify or lost some route dont update to the ASA. see diagram.
View 5 Replies
View Related
Feb 5, 2012
I have a need to capture traffic on an ASR 1001 subinterface, but what I have found is that the Embedded Packet Capture feature is not supported on this platform. Are there any simple alternatives to capture egress traffic on a subinterface or am I SOL? This is a walk in the park on normal IOS routers...
View 1 Replies
View Related
Aug 14, 2011
We've recently bought a cisco asr 1001 Router and I have a number of interface slots. I want to populate these with fiber modules.
Which fiber modules are compatible? Are the regular SFPs ok to use or is there a special asr series of SFPs to use?
View 15 Replies
View Related
Jul 19, 2011
I'm trying to configure Tacacs on Cisco ASR1001, and the Tacacs server is Cisco ACS v3.3, the ACS won't pass the authentication, complaining bad request from NAS, key mismatch - which I compared millions of times on both ASR and ACS sides. [code]
View 2 Replies
View Related
May 29, 2012
How can i find the list of features supported in ASR for various license
1) IP Base
2) Advance IP Services
3) Advanced Enterprise Services.
View 1 Replies
View Related
Jan 31, 2013
i want to apply a QOS for my trafic LAN, in my ASR 1001 , the LAN is connected with ge0/0/0 interface and it configured with the service instance to bridge vlan 1 ( i do that for OTV ) i put service policy in "service instance 1" to marking data with ef31 but i noticed that the class "plateform_datacenter" match the trafic and the ACL associate to this class not mach any trafic trafic !
tha policy-map march trafic for Datacenter :
sh policy-map interface gigabitEthernet 0/0/0 service instance 1
GigabitEthernet0/0/0: EFP 1
Service-policy input: MARKING-OTV
Class-map: Platforme_DC (match-any)
[code].....
View 9 Replies
View Related
Mar 19, 2012
I have problems to configure CBWFQ on a ethernet sub-interface on a Cisco Router ASR 1001. Then I applied the policy in the physical interface but it should be is in the sub-interface. How can I configure CBWFQ on sub-interface in ASR 1001. (version 3.02).
Error Messages:
CBWFQ: Not supported on subinterfaces and efps
This the final output:
interface GigabitEthernet0/0/0
description Conexion WAN
bandwidth 153600
no ip address
load-interval 30
no negotiation auto
[code]....
View 2 Replies
View Related
Mar 6, 2013
My company has purchased a second ASA for fail over reasons and I'm needing to attach it to my core router (ASR 1001). Currently I'm running the connection between my ASA and my Core as a /19 ie. ASA-10.10.10.2/19 -- ASR-10.10.10.1/19. I know the 2nd interface on the ASR will need to be on a different network segment then the first connection (10.10.10.1/19). What would be the best way to segment this out with out breaking up my /19?
Run /30 segments for each interface? Use a VLan ?
I don't want to use up my Internet rout able IP's on /30 segments. Attached diagram.
View 1 Replies
View Related
Mar 24, 2013
when i make a trace route on an ASR 1001 router to 172.23.30.7 I get the following output:
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.99.192 0 msec
192.168.99.191 1 msec
192.168.99.192 0 msec
2 172.23.30.243 1 msec 1 msec 1 msec
3 172.23.30.7 1 msec 1 msec 1 msec
Is there a loop between 192.168.99.191 and .192 (this are two routers with hsrp .190) or is this normal behavior when using trace route on an asr 1001?
View 2 Replies
View Related
Dec 11, 2012
I am migration an IPsec site to site VPN config to a new ASR1001 router «facing» a Linux box (ipsec-tools + racoon). As the Debian Linux does not offer VTI, I am using a crypto map.
The working config is given below with the corresponding logs on the Linux side.
When I try to apply this previously working config to the ASR1001, I get the following error :
000855: *Dec 12 18:28:21.859 UTC: %ACE-3-TRANSERR: IOSXE-ESP(14): IKEA trans 0x1350; opcode 0x60; param 0x2EE; error 0x5; retry cnt 0
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: initiate new phase 1 negotiation: 194.214.196.2[500]<=>130.120.124.8[500]
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: begin Identity Protection mode.
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: received Vendor ID: CISCO-UNITY
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: received Vendor ID: DPD
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt(code)
View 8 Replies
View Related
Apr 9, 2013
deploy OTV using ASR 1001 between 2 data-centers? We want to acquire HSRP localization there, but at this moment I can only see lots docs are saying how to do this on N7K, not ASR. I saw it has a FHRP filtering enabled by default when the OTV configuration is done, and also see there is a access-list created by default call otv_filter_fhrp, Im just wondering besides this IP ACL there should be MAC ACL applied?
View 3 Replies
View Related
Dec 18, 2011
I have a few new ASR 1001s throwing false environmental alerts.According to the logs, the inlet temp is in excess of 100 degrees C.When I telnet to the routers, they're well within tolerance (30-32C),Running 15.1(1)S and bug toolkit shows no related issues or caveats.
View 1 Replies
View Related
Dec 23, 2012
I was wondering if I am able to add a redundant power supply to an asr 1001 router that is in production without losing connectivity or causing any diruption to the Users - is it hotswappable?
View 1 Replies
View Related
Oct 30, 2012
I'm configuring CoPP for an ASR 1001 router with consolidated IOS XE Version: 03.07.01.S. And I'm trying to use 'DROP' command under policy map to drop.un wanted traffic. But the drop command is not listed.
[code]...
View 6 Replies
View Related
Oct 26, 2011
what license do I need to create a IPSEC tunnel? I have an ASR 1001, running? [code]
View 2 Replies
View Related
Oct 4, 2011
A small compatibility question regarding 6500 series:
The document: [URL]
, but Dynamic Configuration Tool sais that:
"Two or more selected items are incompatible. Selected or default-included item [WS-SVC-FWM-1-K9] is incompatible with: [VS-S2T-10G]. Please change one or more items."
Where is my missunderstanding ?
Should I use Supervisor 720 ?
View 5 Replies
View Related
Jun 22, 2011
We are currently running 8.3(2) and I'm just wondering how many network/host objects the device can support? and how big can an access-l get?
View 1 Replies
View Related
Oct 13, 2011
Does 8.4(2) support snmp v3?
View 1 Replies
View Related
