Cisco :: GRE Tunnel Has To Be Reset After WAN Line Bounce C2900
Jun 2, 2013
We are facing a strange issue with GRE tunnel. We are using this tunnel from a branch office to Hub office. All other tunnels terminated on Hub router are working fine. Issue with this tunnel is that whenever WAN connection goes down Line protocol on tunnel interface some times comes up and sometimes not (therefore we have to reset the tunnel interface and it comes up). IOS used on this router : c2900-universalk9-mz.SPA.152-1.T2
View 5 Replies
ADVERTISEMENT
Mar 20, 2013
I'm configuring a new 2911 running c2900-universalk9-mz.SPA.151-4.M4. In the config by default is "line 2" its not a vty, aux or console line and I can't remove it.
View 1 Replies
View Related
Jul 8, 2011
We have a 6 spoke DMVPN setup. Five of the six spokes work fine. On the 6th spoke, a 2911, we have created a Tunnel0. Other spokes and the hubs can ping it's ip, but it can't ping itself. When we do a show interface it shows the Tunnel 0 is up, but the protocol is down. What does that mean?
View 4 Replies
View Related
Nov 7, 2012
I have an ASA 5510 at V8.2(5) with something near 20 site to site VPN tunnels. I am having a problem with 1 tunnel to a RVS4000. The tunnel is completely closed and reset during Phase2. Here is a small snipet at the time of the tunnel reset
x.x.x.x, Username = x.x.x.x, IP = x.x.x.x, Session disconnected. Session Type: IPsec, Duration: 7h:36m:30s, Bytes xmt: 333755, Bytes rcv: 86281, Reason: User Requested
Followed by Group = x.x.x.x, IP = x.x.x.x, Active unit receives a centry expired event for remote peer x.x.x.x.
We use a number of connection oriented sessions and this blowing them out of the water. all other tunnels are up for DAYS to more than a Month.
View 8 Replies
View Related
Feb 20, 2008
Just bought myself an ASA5505 to replace a PIX 501, and having transferred over most of the previous config I've managed to get the two IPSEC VPN tunnels working as before.
Unfortunately when I try and SSH to the ASA the connection just resets instantly even when the tunnel is up. It seems as if the ASA is actively refusing the connection, though the log doesn't state this. I had always presumed that traffic over an established IPSEC tunnel was implicitly trusted and not subject to usual access-list rules.
I am unable to SSH to the ASA from the 10.0.0.x range, but I can SSH to a machine on 10.27.0.4 (so I know the tunnel is up and working)
Config (minus irrelevant sensitive information) is attached for reference.
Also - though I'm not sure how relevant it is given the tunnels appear to work - when I enter the line "crypto map meepnet-map interface outside" in config mode the ASA reports "WARNING: The crypto map entry is incomplete!" even though I have supplied the access-list, peer and transform-set variables.
View 12 Replies
View Related
Sep 15, 2011
I was hoping that the latest firmware would fix my (2) 'bugs', but it did not. We are using the RV042s at our remote medical clinics as an end-point VPN router to our Nortel 1700 VPN router, replacing our old Nortel Contivity 100s.When I try and do a reset when connected remotely via the WAN interface, the RV042 hangs and will only reset by re-powering.
View 1 Replies
View Related
Jun 16, 2011
I installed a 1941 router with an encrypted GRE tunnel yesterday. The router has ipbasek9 and securiyk9 licensed. Initially the router was running the image c1900-universalk9-mz.SPA.150-1.M5.bin and was working fine. The tunnel was up and passing traffic. I then upgraded the IOS to c1900- universal k9-mz.SPA.151-2.T2.bin and when I reloaded the router the tunnel was stuck in a reset/down state. I tried doing shut/no shut on the interface and reloading the router again, no change. Being under some time pressure to get the device back into production I rolled back to the previous IOS image and the tunnel worked fine again. Is there a known bug that causes this behavior? I have searched cisco.com but have not found one. [code]
View 1 Replies
View Related
Aug 11, 2011
Im having some Ping / MS issues lately. My ping bounce up and down from 30 to 600 in just some seconds, and its really unstable. Im using the same internet as my neightbour ( internet cable through the wall) Is there any1 who can give me some tips so I don't need to worry about my ping anymore?,I don't know much about he's internet though.
View 3 Replies
View Related
Oct 4, 2012
I am trying to get a vlan change done with CoA and MAB on a WLC 7.2 but it looks like it doese't disconnect the client, hence no new dhcp request.
Everything is working except 'port bounce'. I can see the new vlan in the controller, if i do a ifconfig /renew on the client it gets the new subnet and everything works as it should. If i remove the endpoint in ISE it swaps the vlan again on the controller, but no port bounce.
View 4 Replies
View Related
Sep 30, 2011
I found that the domain name was hosted at enom.com and the email was gmail. The web servers are both Media Temple servers.we updated the settings on the new server using google's instructions. However, it is still not working properly. So, to be as clear as possible, here is the specifics:
Email from the outside works fine, Email internal to external works fine, email internally (from one emplyee to another internally) will bounce giving a 550 error. After researching this error, I found that several people have had this issue, however, the majority of the fixes didn't work.
View 3 Replies
View Related
Jul 30, 2012
When a client connecting to a specific AP (example AP01), after every 1800 sec uptime it will reconnect and join other unit AP (example AP02)Both AP physically installed distance is around 6 meters from each other. I conduct the testing where i get myself sitting in middle between these two APs.
01. If i disable settsion timeout this feature, or setting the seconds become higher value, what's the performance and security impact? Is it recomend to change the default 1800 seconds session timeout?
02. Is there anyway i can tweak on WLC controller to prevent the client after session timeout then associate with another AP. This will lead major performance impact as the client woudl possibility connect to the weak signal AP and effect on the performance.
These are the details for reference:Client detail
- Dell DW1520 wireless-N WLAN card, with firmware version 5.100.235.12
- CCX version 4 supported
- Layer 2 security is WPA2 personal with PSK.
- wireless radio an
Controller detail:
model is AIR-CT5508-K9
software version is 7.2.110.0
View 4 Replies
View Related
Dec 10, 2012
Have two WRT54G Wireless Routers.
-One WRT54G ver. 6, Firmware Version v1.028
-One WRT54G ver. 6, Firmware Version v2.x
With the WRT54G ver. 6, Firmware Version v1.028.When I ran the android app WiFi Analyzer, I get mixed results.On my Samsung Galaxy S3, I saw my signal on Channel 2, and others around me (two on Channel 6 and two on Channel 11).On my ASUS Transformer Prime TFT201 I see the same signals, but my router signal bounces continously between the baseline (-100dBm?) and about -35dBm.
Plugged in the WRT54G ver. 2, Firmware Version v2.x Channel 8.Hooked it up and got good steady signal strength. It Had 'WPA - Shared Key' but did not have the 'WPA - Personal' that was on the ver. 6. So, I had to go and screw things up. I've upgraded this to Firmware Version: v4.21.5 and guess what? I now have 'WPA - Personal'. I also have a signal is bouncing on BOTH units.
On my ASUS, I can see both routers. The ver. 2 AND the ver. 6 are bouncing between baseline and -35dBm, in unison. Apprently something in the ASUS does not like the later Firmwares.On my Samsung I can see the two signals - the ver. 2 on Channel 8 is stable as a rock and the ver. 6 on Channel 2 is also bouncing, but at a much slower rate! Running Speedtest.net a PC hardwired to the ver. 2 - I get 5.34 Mb/s Download and 0.47 Mb/s upload (yeah, my Internet sucks!) Running Speedtest.net through the ASUS/WiFi to the ver. 2 - I get 2.43 Mb/s Down and 0.65 Mb/s Up.Running Speedtest.net through the Samsung/WiFi to the ver. 2 - I get 5.07 Mb/s Down and 1.07 Mb/s Up.
View 6 Replies
View Related
Feb 23, 2012
We have a vpn L2L with an ASA and C2900 and always stopping to ping each other but the vpn still UP and can each the others devices behind the peers.
Everytime we have to issue on router "clear cry isa peer" or on asa "clear ipsec peer" to start to ping each other but after seconds it's stopping to ping again.Is there something to fix it permanently? We did some debug crypto on asa but no information was logged.
View 1 Replies
View Related
Jan 15, 2011
We want to upgrade the IOS from 15.0(1) to 15.1 for some reason. Here is the output of my router's "show ver":
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M4, RELEASE SOFTWARE (fc1)
Technical Support: [URL]
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 28-Oct-10 18:32 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE
[code]....
We have enabled the technology package license "uc" in the previous version, would it be loss after the upgrade?
View 5 Replies
View Related
Nov 11, 2011
Previously posted as C2900 - inward NAT partial success...
Running C2900-UNIVERSALK8-M, Version 15.0(1)M3 RELEASE SOFTWARE (fc2)
I have several sets of inward NAT defined (51001-51007, 52001-52007. 53001-53007),all to various internal addresses. When I attempted to add another set, the new onesdo not work and get a "timeout" error.
When I tried port 51008, it gets a timeout. When I changed 51008 to 51010, the 51010 now gets a timeout, and 51008 now gets "connection refused" (which I expect).The original sets all work, the new ones (added at the end of the lists) do not.When I am on any of the internal machines, the target (192.168.1.21) works fine.When I am "in the router", I can connect via the ssh command, so I know that therouter can talk to 192.168.1.21 on port 22 as expected.
View 1 Replies
View Related
Jan 19, 2012
I have 1 x C2900 router with 3 x ADSL WIC and UC500. I setup 3 x ADSL to access internet and UC500 is connected with 3 telephone lines (plugged into FXO ports). I have 2 x GE on my 2900. 1st GE is connected to switch and 2nd GE is connected to UC500.
I want to setup that traffic from UC500 (SIP) is going through 1 dedicated ADSL line and data (from computers & servers) is going through remaining 2 interfaces only. How I can set it up.
I would also like to know how I can load balance internet connection going through 2 dedicated data ADSL lines.
View 4 Replies
View Related
May 22, 2013
I have a mixed WAN environment with both eBGP and EIGRP routes. The BGP routes should always take precedence, when they exist. If no BGP routes exist I want the router to fail over to using the EIGRP routes. So far, this works fine.
The problem is, when the BGP route again becomes available (and the associated entry appears in the "sh ip bgp ... received-routes" output) the router is NOT relinquishing the EIGRP route. It remains in effect, showing as a "D" route int the route table even though there is a better ("B") route available. If I bounce EIGRP or the interface associated with it, the EIGRP route disappears and the BGP route reasserts itself, and everything will run correctly until the next time the BGP route disappears due to maintenance, line failure, etc.
My router is (C2900-UNIVERSALK9-M), Version 15.3(1)T
Here's the associated config
interface Tunnel101
description VPN backup WAN interface
bandwidth 7168
ip address 192.168.75.1 255.255.255.0
[code].....
View 7 Replies
View Related
Aug 29, 2012
There is nice c2900PortNumberOfLearnedAddresses table in C2900-MIB, but it's outdated and not supported by modern switches.Is there similar table for modern switches? Most interested in Catalyst 2960 and 3750.
View 2 Replies
View Related
Oct 20, 2012
Imagine I am designing a small network with a C2900 router running OSPF and in the future BGP with service provider. Please see attached diagram.The router is connected to (2) C3750 Layer 3 distribution switches. Then one C3560 layer 2 switch to serve future IP phone users and desktops.
Question:
a)If I connect the router interface to the (2) 3750 switches, if I make the router interface fa0/0 and fa0/1 as a trunk to accomodate VLAN 200 and other future VLANs, don't I have a problem with overlapping networks between router interface fa0/0 and fa0/1?
b)Alternatively, I could make the Router1 fa0/0 and fa0/1 configured with IP addresses and advertised in OSPF. Then the SW1 fa0/24 and and SW2 fa0/24 I could make as 'no switchport and create a routed interface port' with IP addresses, also running OSPF. Question is, from a scalable design perspectie, would you create 2 management networks and use those when assigning the IP addresses for Router1 fa0/1 and fa0/2? Because again Router1 fa0/1 and fa0/2 obviously need to be placed on different networks to avoid overlapping. So my question is more about proper network planning design to make this scalable to accomodate future VLANs in the future.Using trunks between the Router1 and SW1 option:
Router1
int fa0/0
description connection to SW1
no ip add
int fa0/0.200
[code]....
View 3 Replies
View Related
Oct 10, 2012
Cisco 2500 series access servers show line usage with the "show line" command:
View 2 Replies
View Related
Mar 19, 2013
I am having 2911 router running with C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M5, RELEASE SOFTWARE (fc1)IOS and i have configured the following commands for eigrp
-router eigrp 100
-network 10.20.0.0
-no auto-summary
It takes all 3 commands but when i check through show run command i am not seeing no auto-summary command.
View 5 Replies
View Related
May 31, 2012
I am seeing SNMP coldstart traps that either are delayed by many hours or are false (e.g. right after receiving the coldstart trap a query to sysUptime shows the nodes been up for days).I seen this twice this week in a new network environment for me for two different C2900s running C2900-UNIVERSALK9-M Version 15.0(1)M3 Assuming the coldstart traps are coming from the actual source nodes, I am curious what could be going on here.
1) One guess I have is possibly the system clock changed could cause the SNMP agent to send a false cold start trap. Then my guess is in the device log I should see a system time change syslog message.
2) I recall hearing once that syslog and possible traps messages are held in configurable buffer who default value is 1 and if not sent are held and then suffer a delayed sent. Is it true for both traps and syslog ? In the past I assumed this was simply the logging history buffer and applicable to syslog traps only. My assumption in the past was that last trap or last syslog message is sometimes held on reload and sent immediately after restart regardless of device connectivity to the management target.
I always assumed coldstart traps are never delayed for any reason and that they were pretty accurate substitutes for system reload syslog messages. Does anyknow know any reason for false or delayed coldstart traps on a C2900 with IOS 15.0(1) ?
View 1 Replies
View Related
Mar 27, 2012
The reason is i want to know the difference between the leased line and the DSL line. The whole thing behind the confusion is, We plan to have a high speed internet connection in our office. We will don't have a branch office or some thing like that. I preffered to have high speed internet in our office. I found in some website that Lease line will have high speed connectivity(Upto 10Gbps). Can i use the lease line or DSL is enough for our office. Our office contains of 82 user who will use internet.
View 2 Replies
View Related
Dec 10, 2012
Does any know what " Last reset from system-reset " means? Is this becouse of a power failure or someone reloading the switch?
View 3 Replies
View Related
Apr 16, 2013
I have the WAP11 serial number G3110320414 that does not have a reset switch in the back. How do I get back to factory settings?
View 3 Replies
View Related
Jan 9, 2011
i have a 7201 router with NPE-G2. i have a design which i have the option to send all the traffic through a GRE tunnel or a L2TPV3 tunnel.which method is more CPU consumption ?
View 1 Replies
View Related
Sep 23, 2012
I'm in process of purchasing a new Cisco routers for our branches that will be used primary to enable IPSec virtual tunnel interfce with "tunnel mode ipsec ipv4". does the default IOS IP Base supports this feature? or i need to purchase DATA license or SECURITY license?
View 4 Replies
View Related
Oct 17, 2012
I am using a Cisco RV110W (Firmware 1.2.09) in a branch and I would like to create a VPN Tunnel to another site that has a Cisco RV042 (firmware v4.2.1.02)
What would be the correct Configuration? the current configuration I am using is
in the RV042 i am using
Check Enable
Local Group Setup
Local Security Gateway Type : IP Only
IP Address : RV042 Pulbic IP address
[Code].....
View 3 Replies
View Related
Jul 24, 2012
Environment :linksys wrt300n v1.1 which can have ddwrt-mega. Willing to tunnel all lan's outbound traffic through an ssh tunnel.
View 2 Replies
View Related
Jan 23, 2012
There are a few situations were I'd like to be able to use the locally configured account on a device but still have ACS in place.I want to complete this WITHOUT adding the locally configured account into ACS.I have tried setting the advanced option under Identity for if an account is not found to "Continue" however this causes the account to be allowed as long as a password is typed (any password, as long as its not blank).
View 2 Replies
View Related
Oct 4, 2012
how T line contributed to voice transmission.
View 4 Replies
View Related
May 5, 2011
One of my branch offices is connected to an ADSL line as well as a VDSL line.Since I really don't need the ADSL line I came up with the idea to use it as a backup line.So I searched google and found this nice little article URL. I wonder if the router will switch back to the primary ISP if the primary line comes up again?
View 3 Replies
View Related
Jan 26, 2013
I was working on a problem the other day and came across something that I had seen before but never given much thought. I had a router with a switch connected to it and the interface was showing as Ethernet0 is up, line protocol is down. The problem in the end turned out to be a cable that had fell out because it was not connected correctly, but I was able to replicate this interface status on a router (FastEthernet0/0 is up, line protocol is down), and NO cable was attached to the interface.I've had a look on the internet but cant seem to find a good answer, so does anybody else know why this status is shown on the router? Remember, NO cable is connected to the interface so it isn't a speed or duplex problem
View 5 Replies
View Related
