Cisco Routers :: Total Failure To Get SR520-ADSL-K9 To Connect To ISP
Dec 15, 2011
We've (an independent school) just bought an SR520 with a view to replacing one of our Draytek 2820s. We need to set up some site-to-site VPN with NAT and the Drayteks won't do it.
I've been trying to configure the SR520 in just the most basic fashion using CCA (3.1) and the CLI but with no success. I can't get a PPP connection with our ISP.
I've tried following the instructions in the software config pdf and also tried replicating the various 'running configs' reported in other posts in this forum to allow connection to a UK ISP, with no success. I don't know how many times I've reset the poor thing to factory defaults.
I have to say that I'm dismayed at how flaky the CCA appears to be. Many of the things I've tried with it simply don't work and often end up in it hanging. Close to useless in my view.
So instead I've tried to use the CLI which seems a lot more solid but is somewhat impenetrable and there's precious little by way of supporting explanation.
I'am a bit newbie at using Cisco products and here is my problem : I have set up a VPN tunnel between 2 Sites (A and B) a few month ago using 2 cisco SR520-ADSL-K9. All was working fine until power failures occured on the sites B (secondary site).
What happened was that none of the ethernet ports were working, excepting during booting, I was then able to ping computers linked to ports Fastethernet0, FastEthernet1, FastEthernet2 and FastEthernet3 but after a few seconds all ports were disabled but my DSL seemed to be working.
So I took back the router home to check it. I managed (I think) to make a factory reset using a serial terminal and following the procedure described here [URL]
Since I did the reset, I thought I would be able to re-use Cisco Configuration Assistant (3.1) to re-configure the router (I am very bad at using the command lines) but I am unable to connect to the router using the supposed default IP : 220.127.116.11 (I set my computer to use 192.168.75.50 IP adress with mask 255.255.255.0). But I can't connect to the router ... even if the Ethernet ports seem to work because green light is on when plugging my cable. connect to my router using CCA ?
For more information, here is what I get when I run "show startup-config" and "show running-config" in terminal console. I guess the objective is to make the startup-config beeing the running-config, but I have no idea on how to do that ..
show startup-config show running-config Router#show startup-config
we have cisco sr520 adsl router at one of the sites. A device is connected to the LAN and needs to be communicated directly to the server with 3rd party over internet. we have a static public IP( a.b.c.d) for cisco router and want this IP redirected to the LAN IP address(192.168.1.20) of the device but locked to only 2 inbound IP address (eg.-18.104.22.168 , 22.214.171.124) .
I have a SR520W-ADSL-K9, I´m trying to setup it trough CCA, but I have some troubles. At the internet connection I mark PPoE option, enter the vci=0, vpi=35, the username, the password (like the ISP TELMEX suggest), and mark the IP Negotiated option, but I have not find the ISP service give me an IP Address and establish the connection.
I got myself lately Cisco SR520 router with some basic firewall functions built in. This is going to be used for my home broadband, so no need to be really super secure, as it would be for some business. I managed to configure it, however there are few things on the firewall side, which I don't understand.
This router had some default configuration in it's flash, when I bought it. There are class maps.... how it works or how to add/edit rules. Also, do I need to use class maps, or can they be replaced by ACL's to certain extend? How to add/edit class maps rules to allow certain port (eg. 3333). Pease see below part of the default config:
class-map type inspect match-any SDM-Voice-permit match protocol sip class-map type inspect match-any sdm-cls-icmp-access match protocol icmp match protocol tcp [Code]...
Our church has 1 phone line, we run BTBusiness Broadband at one of the building where we have a couple of charities based. We have the phone line connected to an extension at the other end (where the Church is) >80m away. Any way of running a second concurrent router on the extension so I can set up an office with a VOIP number, pC's printers etc there too? We use Devolo ethernet over mains and wireless for the main building, but the church itself is on a completely seperate mains power supply so I can't use that. I could run 100m Cat 5 and locate a switch on that, but any way of achieving something similar over the phone cable which is already in place.
A Telindus 1421 SHDSL Router and a Sagem F@st 1500WG wireless adsl router.The question is: Can i connect this two devices directly over the adsl port and share networks on each side of each of the devices?
I have CentOS and the application I am running does not listen on 192.168.1.5 (Private IP address). Right now I have connected using bridge mode and I can see in my network configuration-> ppp and eth0. PPP has public IP and eth0 has private IP. Is there any way that I can get public ip assigned to eth0? I do not have Static IP, I want to use the public dynamic IP assigned by my ISP to use in eth0 interface.
I have one ADSL router that I have configured Port Forwarding on it, but the internet is very slow. I also have another 3G router and I want to use it for internet because it is much faster, but it cannot do Port Forwarding. How can I connect this two routers in one network such that ADSL router is for Port Forwarding only and 3G router is for internet only?
I was using Linksys ADSL router ( WAG120) as modem router. Recently I bought new Linksys x3000 and installed a modem router in place of WAG120. Now i would like to connect the both routers to get the signals in first floor of my house.
I have a SR520 where WAN configured as PPPoE with Dyndns address. I have done all the configuration through the CCA, so far everything is working fine. But now i want to configure SSL VPN, but I have getting an error message : SSL VPN cannot be configured, please configure wan interface using a static IP address. Is there any way that I can configure the ssl vpn through a dyndns address?
i have a demroom set up which includes a sr520 as the edge router connecting to the ISP and i have a uc 560 connected to that which is working fine i also have a new business edition 3000 and a 800 series router which im looking to connect to the sr 520 for access to the ISP as the 800 series doesn't have a ADSL line on it .i have given the 800 series routers wan interface a static address of 192.168.75.14 wich is from the address range in the sr520s default vlan and excluded the address from the DHCP pool. now from the ccp express on the 800 s i can ping the wan port of the 800 s and the default vlan/gateway of the sr520 and the wan ip of the sr520 but no further also once i try pinging it from the cmd on windows i cant ping any further that the wan interface on the 800 s .
I'd like just notify the missing "no ip name-server" command in sr520 series router. However is possible to enter the command "ip name-server" the only way to delete it is to copy a modified config from tftp or other source to the startup config. This behavior is normal?
The Lg840g is a tracfone with wifi capability. I get strong wifi signal and connection at home, but receive failure to connect to requested host message when I open the browser. This phone works at wayport wifi, so I assume it's a compatibility problem with the router. Is there a fix? (Router works great with our Acer and Kindle tablets though.)
Have one switch and network.PC number one have win98 and network adapter and connected to the switch.PC number two have winXP and network adapter and connected to the switch same as win98.Network works on win98 and winxp they see each other.internet working on winxp but dont work on win98
I'm trying to combine dynamic and static NAT on a SR520. My dynamic NAT is specified with:ip nat inside source list 1 interface Dialer0 overload access-list 1 permit 192.168.0.0 0.0.7.255 In addition to this I want to perform static NAT for a couple of selected internal hosts. I can do this:ip nat inside source static 192.168.1.5 10.85.10.2 which works fine but means that the source address 192.168.1.5 is translated to 10.85.10.2 for all destination IPs. What I want is for the above static translation only to occur for a particular destination subnet.To accomplish this I have tried:
ip nat inside source static 192.168.1.5 10.85.10.2 route-map toOtherSite route-map toOtherSite permit 10 match ip address 150 access-list 150 permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
But this does not appear to work. Instead it seems to render the host 192.168.1.5 unable to progress through the NAT, whether the destination subnet is 192.168.10.0/24 or not, and I can't work out what I'm doing wrong.
My operations manager says "Could you go on-site and configure a new clients new internet connection?" I make the arrangements and go on-site. As I'm working with the providers tech he says "Do you have a sub-interface confgured for a dot1q VLAN id of 1057?", I say "What?". Anyway my firewall is not capable of dot1q VLAN, so he says "Do you have a Cisco router that can provide the trunking?", I say "Yes, I tink so but not with me". The question is can I use an SR520 between my firewall and the provider demarc to route the VLAN he is talking about? My initial discovery says yes but I am not quite sure of the details on how to achieve this on the SR520.
I'm trying to configure a zone-based firewall on an SR520 and am confused about the 'not' criterion. The 'zone-design-guide' says (my stress): Class- maps define the traffic that the firewall selects for policy application. Layer 4 class-maps sort the traffic based on these criteria listed here. These criteria are specified using the match.where my intention is to let only LAN hosts with IPs in the range 192.168.1.1 to 192.168.1.7 out through the firewall. There may be an easier way of doing this which I'd be pleased to hear about. But, even if there is, I'd also be interested to know what I'm doing wrong in the above.
I have a Cisco Small bussiness RV120w and I setup the radius server , WPA2 Enterprise with a windows 2008 NPS radius server . The big problem is that the authentication fails .This is the error that I see in event viewer / server roles / Network policy and access services: reason-code 49 "The connection attempt did not match any connection request policy".The radius key is matching between the server and the client . The radius server is reachable and I don't find any routing issues .Does anybody tested this router with this type of wireless security?
Tried upgrading my firmware to 4.0.2.08-tm and now I cannot log in via the web interface. The router boots and gets out to the internet. It still allows incoming vpn connections. The login screen displays and will display an error message if I use incorrect credentials, but if I log in properly and am directed to the routers web config homepage at "192.168.1.1/default.htm", I get a 404 error message. Telnet does not work either (not sure if it's on, never used it before) 404 Not FoundThe requested server-side-includes filename, /usr/local/EasyAccess/www/htdocs/default.htm, does not seem to exist.As if the web pages after the login screen got removed or corrupted after the update.
SN is NKS10403247
I realize there is a newer version. Attempted the upgrade incrementally since I could not find documentation specifiying if that was required or not.
I'm experiencing a failure on headend 3945 routers with VPN tunnels to remote 2901 routers. Essentially, a tunnel a a 3945 will go down/down although the tunnel on the remote router indicates it is up/up. It happens intermittently and I am not seeing anything in the logs, other than the tunnel goes down. This seems so much like an IOS bug, but I can't find anything specific in caveats on this version of code.
As part of my business' PCI compliance regime, we are regularly scanned for vulnerabilities. Today we started getting notifications of failure on all of the QuickVPN ports (443, 60443) for the following:
06/11/12 CVE 2009-3555 Multiple vendors TLS protocol implementations are prone to a security vulnerability related to the session-renegotiation process which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context.
Cisco, will you be issuing a firmware update to address this anytime in the near future? Presumably it effects all the other RV routers as well.
I just updated my RV042 to the firmware RV0XX-v4.0.4.02-tm-20110704-code.bin and now im having this error every time that i try to logon in the router? 404 Not FoundThe requested server-side-includes filename, /usr/local/EasyAccess/www/htdocs/default.htm, does not seem to exist.
having the same problem with my Aquos TV. We have a 2wire router, that is directly connected to a home computer. all other computers are connected via wireless with no problems. I have followed the manual instructions, the TV finds the router with enough bars, input the wep key, but it fails to connect. [code]
at our office we've recently upgrade from a old consumer-grade linksys wag200g modem/router/ap to the Cisco SRP527w. The Cisco is suffering from very frequent ADSL disconnections. These disconnections happens when there is some traffic to the internet and they seem to don't affect the LAN routing: on the weekends there are no disconnections at all while during the working hours there may be disconnections every FEW MINUTES making this router unusable. Often these disconnections force us to do a full reboot of the router.
Firmare version is SRP520W-1.1.19, the latest. ADSL line is a 6Mbps/640kbps. Noise margin is about 11dB for downstream and 20dB for upstream. No voice line is used and therefore they are both disabled. 2 wireless network are active. The old linksys was (and is) working correctly, no adsl disconnections at all. Never.
I have an issue with the Cisco SG200-50p and almost all of the POE ports on the switch.
We had an issue with the UPS in the server rack yesterday where the UPS failed and turned off all power to the equipment in the rack. It is possible that something was blown in the UPS itself. I was able to reroute power to all devices but the only one that seems to have an issue is the SG200-50p switch. After the power was restored the unit refuses to acknowledge all the IP phones plugged into the POE ports. Running a copper test via the web interface on the majority of the POE ports are listed as Operational Status: Down.
I have tested the affected ports with Laptops, other switches, and simple loop test to verify that the port operational status after a coper test goes back to 'Up' when any of these devices are connected to the those ports. However it fails to recognize when one of the IP phones are connected at all. There are not even any lights on the device for those ports and the status is listed as 'Down' when I plug in any of the IP phones. The IP phone is a Linksys IP Phone SPA922. I know the phones are good because when I connect them through another POE switch they come on and function properly.
I tried updating the drivers, then deleting and reinstalling but no success so far. Still can't connect to the internet. The browser can see the router, at 192.168.1.1 I don't know where the problem is.