Cisco LAN :: 2811 / Traffic-export Capturing Only Inbound Traffic?
Mar 19, 2013
We have a Cisco 2811 running ITP IOS. On that router we run the SMPP service. A client on the network connects to this service, and we need to capture the traffic for debug.
I've tried traffic-export, but I cannot see any outbound traffic.I'm guessing that this is due to the fact that the outbound SMPP traffic is not transit traffic as it is generated by the router itself.
Is there any way to capture the outbound traffic?
View 4 Replies
ADVERTISEMENT
Apr 25, 2011
We are trying to sniff traffic in one of our routers 2811 IOS 12.4(3f) capturing data into the flash memory and tftp later to one of our servers. We had followed the command procedure as it is indicate in Router IP Traffic Export Packet Capture Enhancements doc but it seems that the mode capture option is not alllowed in my router. My question is Why? I had read the doc and the hardware and software should support this feature.
ROM: System Bootstrap, Version 12.4(1r) [hqluong 1r], RELEASE SOFTWARE (fc1)
yourname uptime is 2 weeks, 4 days, 22 hours, 14 minutesSystem returned to ROM by power-onSystem image file is "flash:c2800nm-ipbase-mz.124-3f.bin"
Cisco 2811 (revision 53.51) with 251904K/10240K bytes of memory.Processor board ID FCZ104174196 FastEthernet interfacesDRAM configuration is 64 bits wide with parity enabled.239K bytes of non-volatile configuration memory.62720K bytes of ATA CompactFlash (Read/Write)
View 4 Replies
View Related
Dec 25, 2012
I have been trying to figure out a NAT issue on my 2811 and the inspect engine.I have 'ip inspect FW out' on my outside interface. If I turn it off, I also have to remove the access-list applying to inbound traffic on that same interface. Why is that? This whole thing centered around SIP registrations from devices on my LAN to my provider. The provieder is showing that I am registering from a high end port (1024 or something crazy). He said that it sounds like some type of SIP ALG or something on my router. For the life of me, I can't figure out what would be causing it. I am just using a standard route-map that points to the outside interface using 'overload'.
View 6 Replies
View Related
Nov 28, 2011
Quick question. I have a site - site tunnel that is up and running between a Pix 515E and a 3050 appliance.Tunnel is up and running but on the pix side I dont see traffic from a couple of subnets behind the inside interface.On the vpnallow access list there are no hits So I setup a capture on the inside interface to see if the packets is making it to the inside interface and nothing. There is some traffic making it thru the tunnel that would have to hit the inside int first and even that doesnt showup in the capture.
View 1 Replies
View Related
Dec 30, 2011
I am monitoring 2 or more source interfaces which are running 1G traffic on each interface. Destination is 10G interface.There are 2 kinds of traffic running through the source interfaces: icmp and regular IP traffic. I am only interested in capturing icmp traffic. How can I achieve my goal?I don’t have any vlan traffic at all. Router is c6500.
source (1G) destination (10G)
------------------------- Router --------------------------------------Linux
|
| source (1G)
|
|
View 1 Replies
View Related
Nov 21, 2011
I have configured SPAN session on 2960 switch, source port being a VLAN and destination being one of the fastethernet ports. All I see in the capture is control traffic (HSRP, RIP, Syslog, DNS..etc). However I dont see any real data traffic being captured. Below is how I have SPAN configured..
monitor session 1 source vlan <vlan_id> both
monitor session 1 destination interface fa0/42
View 1 Replies
View Related
Mar 22, 2012
I have configured Span port on our 4510. We have an application 5view server to monitor trafic connected to G9/17 Since we have changed the network connection from physical Giga port and add a Port-channel instead, we don't see any more trafic from the new Port-channel to G9/17
We have the configuration below on our 4510 :
monitor session 1 source interface Gi4/6
monitor session 1 source interface Po20
monitor session 1 filter vlan 311 - 312 , 375
monitor session 1 destination interface Gi9/17
From the commands show, we don't see the trafic duplication from the source to the destination port :
Port Source
4510-5567#sh int po20
Port-channel20 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 0016.9de2.a818 (bia 0016.9de2.a818)
[Code].....
View 2 Replies
View Related
Jan 24, 2012
At present we are having a 4900 series switch where we are running one monitor session.Additionaly we are in need of capturing VLAN traffic and set the destination to 2 * GE ports , both are in the same switch.Due to the limitation of two monitor sessions per switch , we thought of putting the destination ports as port channel but it looks like it is not supported.
View 1 Replies
View Related
Aug 6, 2012
I am aware that the 3750 switches are not able to support Netflows, so I have created a SPAN port and spanning traffic from a specific port. I would like to create a seperate VLAN and trunk the traffic from the SPAN port down to the 6509 switch and then capture all the traffic for that VLAN on the 6509.
View 4 Replies
View Related
Oct 12, 2012
cisco 2651XM router with WIC1 adsl card and NM-16ESW switch
IOS: c2600-ipbasek9-mz.124-23.bin
I use the following config to export traffic from the adsl card to a fasterthernet port so I can look at the adsl traffic in wireshark on a pc:router(config)#ip traffic-export profile my_rite router(conf-rite)#int FastEthernet 0/0 router(conf-rite)#bidirectional router(conf-rite)#mac-address abcd.efgh.ijkl (mac address of PC) router(conf-rite)#exit router(config)#int dialer0 router(config-if)#ip traffic-export apply my_rite this config works and I can see stuff going on in wireshark but it's only one way. This config only shows traffic going out from my adsl card, but no incoming. There is defintely traffic going both ways because everything about my adsl connection is working perfectly. I've tried using a different fastethernet port, even tried exporting to a different pc but all I see is outgoing ie: source is my public ip address but never as destination . I have bidirectional in the config but it still only shows outgoing. I even tried a different IOS (c2600-adventerprisek9-mz.124-15.T8.bin) but still it doesn't show incoming traffic. Could it be my ISP in some way hiding incoming traffic from view?
View 3 Replies
View Related
Mar 7, 2012
I am using a Thrid party NetFlow tool, Enabled NetFlow on the Cisco 6500 as per recommendations and getting only half amout of traffic passing thorugh the interfaces. I have verified with 3 different NetFlow based tools, everything showing the same value. Is there any bug in my Cisco 6500.
View 2 Replies
View Related
Dec 6, 2012
I have two ISP, I want to divide Inbound to ISP1 and Outbound to ISP2.
View 3 Replies
View Related
Sep 17, 2012
I have a remote office with a 1.54mb circuit connected to our private MPLS network. Our main office has a 20mb conneciton to said network. I want to set a QoS policy for traffic from the remote office to our Avaya subnet within the main office. This policy is to give priority to all traffic to the Avaya G350.
I have set up the outbound traffic policy on our remote office router using a policy map as follows:
access-list 101 permit ip any 192.168.0.0 0.0.255.255 (this represents the Avaya subnet)
class-map match-all voice_outbound
match access-group 101
policy-map voip_outbound
class voice_outbound
priority percent 50
interface Serial0/3/0
service-policy output voip_outbound
This works fine for outbound traffic. Now how do I give priority to inbound traffic from the 192.168.0.0 network? When I try to do similar command it says CBWFQ is only configurable as output, not input.
I'd just limit it at the far end, but that has a 20mb pipe. All other traffic from our corporate datacenter, as well as internet traffic, flows from the main office to the remote office. Should I just rate limit everything else destined for the remote office subnet, and if so, what's the best method?
View 4 Replies
View Related
Oct 5, 2011
How to configure the 825 to block inbound traffic from a specific internet IP address ?i noticed an IP and MAC that i don't recognize that is listed as a connection to my NAS's media server ...i blocked it in the NAS configuration page, but i don't want any unsolicited traffic into my network.
View 3 Replies
View Related
Jan 17, 2013
I have two Cisco 7606 routers using BGP to connect our customers to the internet. Recently we added a new 1G circuit in addition to an existing 1G circuit and all traffic inbound is now on this new 1G circuit. We would like to shift some of the inbound traffic over to the other 7606. Our Tier provider has the same AS number for both paths. One path goes directly to New York and the other goes to Boston then New York.
View 1 Replies
View Related
May 28, 2013
CE IP - 172.18.10.10 /30PE IP - 172.18.10.9/30 I had configured some floating static route on the PE towards CE .The routes were installed correctly till PE - CE link was UP as next hop IP was showing as connected .Now the link has been removed and I am receiving a supernet of 172.16.0.0/12 from PE2 via MPBGP. Although the 1st static route for 10.10.0.0 is showing in routing table, the other 2 ( 172.17.0.0 & 172.24.0.0 ) donot show. I believe that as both the routes and next hop fall under the supernet , the static route is not installing. But I don't know why is this behaviour. I tried to remove the distance 250 from both the routes , but still the static route does not install. I tried this on GNS3 but got the same results .
View 14 Replies
View Related
Apr 6, 2013
I have a working L2L between two locations. Location A and Location B.
Location A: 172.16.16.0/24
Location B: 192.168.0.0/24
I would like to block anything inbound to Location A from Location B that isn't initiated from Location A. The block should be done on the ASA5505 at Location A. Location B uses an ISR G2 router. i.e. Location A can start an SSH session to a server in Location B Location B cannot start an SSH session to a server in Location. .
I tried using a VPN filter on the ASA5505 but it isn't stateful, I cannot pass any traffic when using it.
Config on my ASA:
access-list vpn-traffic extended permit ip 172.16.16.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list block-vpn-to-local extended deny ip 192.168.0.0 255.255.255.0 172.16.16.0
[Code]....
I also have an AnyConnect VPN setup for the ASA5505 and it is running 8.2(5).
View 4 Replies
View Related
Mar 16, 2012
I use a mail filtering service that delivers mail to me via SMTP on standard port 25 on one of my 5 static external IP's. I wish to restrict this to their IP's only (they have two) and I am unsure on how to do so? As it stands now, anything on the net can talk to my mailserver and my logs are filling quickly with failed attempts as a result. Here's my setup and what I am trying to accomplish:
mail filtering service -> my public ip:25 -> internal mailserver at 10.0.10.2:25, deny everything inbound except traffic from the mail filtering service, I am thinking an ACL would fit the bill here, but unsure of how to implement. Router is an 1811 with version 15.1(4)M3 IOS. WAN is on fa0, lan is on fa1.
View 3 Replies
View Related
Dec 25, 2012
We have a L2L VPN with a vendor and our outbound traffic (our local network is 192.168.0.0) NATs over one of our public IP addresses x.x.x.164 to their public IP address 128.x.x.x. In the beginning all our traffic was outbound (port 23) to the vendor and now we need to allow inbound from the vendor to specific 192.168 addresses on our network using port 9100. I’m uncertain as to what I should do to allow their inbound traffic to these IP addresses since we are NATing our entire network over one IP address. Note, the .164 public IP is also used to NAT to other vendors we have L2L VPN with. The VPN terminates to our ASA 5580 version 8.2.
View 5 Replies
View Related
Nov 7, 2012
I have an ASA5510 with 8.3 and a Cisco PIX525 (retiring). The ASA was for VPN traffic only while the PIX was for all other Internet traffic. I'm trying to move all the traffic to the ASA5510 so I used the PIX to ASA migration tool. I migrated the PIX rules over to the ASA5510, however we can't receive email and there is no external access to our internal websites. But the VPN connections remain intact and internal users can get out to the internet.
When I run Packet Tracer on my outside (incoming rules) the packets are dropped at the inside interface. What am I missing?
View 1 Replies
View Related
Oct 9, 2012
We want design a topology based on transparent proxies using WCCP. Our proxies can do spoofing of user ip addresses. So, the HTTP request will go out our network with the user ip address as source ip. The HTTP Response will arrive with destination address the user ip address. We want use WCCP to redirect inbound and outbound traffic because we have c3750 with L2 WCCP support. The outbound redirection, when the packet is going out our network is simple. But, the problem is the inbound redirection. How we redirect this packets to proxies by WCCP?. Is it possible?. This redirection is done by c3750 using TCAMs/hardware?. Our throughput could grow until 2-3Gbps and we are worried about the performance.
View 1 Replies
View Related
Apr 5, 2013
I have a RV110W that's been in service since Dec 2012. All Everything is working fine except every month or so the firewall starts blocking all inbound traffic. It does not respond to remote management access. If I reboot the firewall (pwr off/on) everything works correctly for the next month or so and then it begins blocking all inbound traffic again. Local access to the Internet and VPN tunneling are not affected. When it's working, all my rules and port forwarding work correctly.
View 2 Replies
View Related
Nov 3, 2011
I have a client that has an ASA 5520 that has two internet connections, FIOS and Comcast. The ASA is configured to failover from the FIOS to the Comcast if the FIOS fails. This works perfectly fine. However, I was wondering if VPN and other inbound traffic will come into the secondary connection when it is active. I think VPN will work inbound when the FIOS connection fails, but I am not sure about the other inbound connections.
View 1 Replies
View Related
Nov 1, 2012
I have a VPN on my ASA 5510 between (A)192.168.255.0/24 and (B)172.20.2.0./24. The purpose of the tunnel is to send kerberos tickets from our domian controller on the A side, across to a server at B, and receive a respose. I want to lock down inbound traffic to the A network, but not sure of best method.
I initially tried using an ACL filtering on ports, but soon realised the incoming traffic uses a wide range of ports so this is not really possible.Seeing as the A side will always be initiating the conversation, I was wondering if I could use the 'established' option on the inbound ACL for the ASA at A side, so that it would block any flows that are not initiated by the A side.
View 3 Replies
View Related
Jun 22, 2012
I have two 1800 routers running VRRP. Also I have two sub interface configured on both router and both router connected to swith through thunk link. My goal is to limit inbound traffic to 3Mbps for both VLANs on router's inside interface which is connected to switch.
View 1 Replies
View Related
Mar 2, 2012
We are using Cisco 3750 switches in our environment as distribution switches.We currently use to police inbound traffic, but we need to find a solution to limit inbound traffic per IP.Something like this “Inbound traffic for each IP can be maximum 1 Mbps” This can be done having, one ACL and one class-map for each IP, but in my situation is not a practical solution, because we have more than 500 IP’s on that site.
Is any way to accomplish this without writing 500 ACLs and 500 class-map?
View 2 Replies
View Related
Feb 12, 2010
BEFSX41 V2.1
Firmware: 1.52.16
The manual states how to create an inbound traffic policy but if you follow the directions there is no place to select inbound traffic.From the manual: To Create an Inbound Traffic Policy1. Enter a Policy Name in the field provided. SelectInbound Traffic as the Policy Type.2. Enter the IP Address from which you want to block.Select the Protocol: TCP, UDP, or Both. Enter the portnumber or select Any. Enter the IP Address to whichyou want to block.3. Select Deny or Allow as appropriate.4. By selecting the appropriate setting next to Days andTime, choose when the Inbound Traffic will be filtered.5. Lastly, click the Save Settings button to activate thepolicy.When finished making your changes on this tab, click theSave Settings button to save these changes, or click theCancel Changes button to undo your changes.I want to filter out a range of ip addresses from trying to connect to my network.
View 3 Replies
View Related
Oct 23, 2012
I am trying to block outbound and inbound traffic on TCP 5222 and 5223 on E2500 but cannot figure out how. The reason is I have kids in my house using KiK (texting app) on iPads, iPods etc. My goal is to eliminate this applications ability to function for ANY wireless device connected to my WLAN.
View 1 Replies
View Related
Oct 24, 2012
We are having issues with our Cisco 2811 when there a lot of traffic on the device. Usually the router is down around 5%-10%. Total traffic might be around 2.0 MB. This is a router we are using at a remote campus. We do HD video conferencing every friday. We have a 10 MB internet connection that has our VPN connection to the main campus on it. While doing these VTC, the totall traffic is about 6 MB. The CPU Utilization then rises to approx 75% cause call issues and loss of sound. With another test with no one using the connection for anything else the utilization went up to 35%. The router has 128 MB Ram in it. Does the router need more RAM or do we need a larger internet pipe.
View 7 Replies
View Related
Jan 17, 2013
[OK] Site to Site IPSec + GRE = success, no problems.
[OK] IPSec remote access = success, no problems.
[NO] SSL VPN = remote users can successfully connect to all internal systems. Cannot pass traffic to the Internet.
Hardware:
Cisco 2811, Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(22)T5, RELEASE SOFTWARE (fc3) . Software: Cisco Any Connect Secure Mobility Version 3.1.01065
Single hub router terminating IPSec+GRE site to site, IPSec remote access, and SSLVPN remote access VPN services. All services currently configured and running successfully with the exception of the SSLVPN service. Remote users can initiate and successfully establish SSL VPN sessions. While established, connectivity to all internal systems/resources are successful. Only when the remote access client tries to connect to "Outside" Internet resources does traffic not pass successfully. Troubleshooting has pointed to a NAT related issue (I believe).
When connecting from a remote access workstation, utilizing IPSec remote access client (built-in Cisco IPSec client from Mac OS), the session establishes and the client works flawlessly. Examining the Cisco 2811 router, you see the /32 host route from the remote access session get installed, and you see the corresponding NAT translation entries created when the client accesses outside (Internet) resources. Appropriate configuration to implement "hair pinning" have been included to handle the in and right back out (with NAT translation) needed for remote clients to access the Internet.
Configured the 2811 for SSL VPN, and remote access clients can successfully connect and access all internal network resources. Examining the Cisco 2811, the /32 host route for the remote access client is installed, pointing to SSLVPN-VIF0 interface with a next hop of 0.0.0.0 When checking the NAT translation table, there are NO entries for the remote access client address created which leads me to believe the hair pinning/NAT function is not being invoked for SSLVPN clients.
Originally, the IPSec remote access VPN local pool was 10.0.100.0 /24. To keep from having to adjust the existing NAT translation, PBR Route-MAP for the hair pinning function - I took the 10.0.100./24 and broke it into a pair of /25 networks. Bottom half for the IPSec remote access VPN pool (10.0.100.0 /25); upper half for the SSL VPN pool (10.0.100.128 /25). By utilizing SSL VPN, is the traffic somehow bypassing the DIALER1 interface where both the crypto map (and more importantly: IP NAT OUTSIDE, and PBR configuration for the hair pinning function)? I cant explain why NAT translation entries are not being created for SSLVPN client sessions.
Cisco 2811 Configuration has been included. IPSec & SSL VPN Remote Access Sessions Captures (performed from same remote client) have been included.
View 2 Replies
View Related
Apr 14, 2013
Cisco 2811 runs ITP IOS. On that router we run the SMPP service. A client on the network connects to this service, and we need to capture the traffic for debug.
I've tried traffic-export, but I cannot see any outbound traffic. Is there any way to capture the outbound traffic?
View 1 Replies
View Related
Feb 17, 2012
I was previously using SDM for our Cisco 2811, and this past week installed CISCO Configuration Professional so I could have access to a bandwidth/traffic monitor.
I have successfully started the monitoring service and monitored traffic from within CCP, but it appears that if I turn off the computer I am using to monitor the traffic, it stops collecting data until I start CCP and the monitor up again.
Is there a way (maybe with IOS console commands) that I can have the monitor always running, so I can pull up, say, a week's worth of info at any time? Leaving the computer on all the time is not an option, and currently I have only a few days of data, then a big empty chunk, and then what I have collected since I started it back up today.
View 1 Replies
View Related
Oct 31, 2011
I have an ASA5520 and need to set up multiple VPN's to some vendor sites. All these vendors are using 192.168.1.0 networks. All have public IP's and very little knowledge so are unable to NAT from their end.The idea is to create some /28 blocks of IP's (172.29.0.0/28) and manage this on our end.
How do I get this to work?
example: (all IP's are fictional)
tunnel1
VPN
My side "outside" 10.10.10.10
Their side "outside" 20.20.20.20
Networks
My side "inside" 172.30.30.0
Their side "inside" 192.168.1.0 NAT'ed to 172.29.0.0/28
[code]....
View 3 Replies
View Related
