Cisco Routers :: VPN - SRP527W / 857 Established But No Tx Traffic On SRP Side
Aug 2, 2011
I have now the sa`s stablished between SRP527w and cisco 857, but If i ping from a host of Cisco side to a host of SRP side I get only rx traffic on the tunnel, the stats keep tx at 0 and ping is not answered.My tunnel is to send some voice call into IPSEC tunnel keeping DSCP bits, It comunicate SRP voice vlan with Cisco lan.
I have on SRP 2 vlans:
1 Vlan for data on ports 1,2 and 4
1 voice vlan on ports 1,2,3,4.
I connect a netbook to port 3 and I can connect to internet but I cant reach by ping the other side of the tunnel?Maybe traffic from voice vlan is being natted with data vlan ip address?I need all traffic must go into the tunnel without being natted, on cisco side I have a policy to avoid nat but don know if SRP have any problem about it too.All gateways are ok ?
View 2 Replies
ADVERTISEMENT
Jan 20, 2013
i successfully established site to site with 2 two ASA 5010. The problem is that traffic on not passing, This is current setup:1) Left side : only 1 private network 3) Right side : 1 private network, management network, 2 DMZ networks with public IP, On right ASA some netting is setup so servers in DMZ can be reached from private network. The goal would be that VPN client on left side can reach all resources on the right side (except management network, Just to get things going tunnel is built with only left and right private networks, but after tunnel is established i can't ping anything on other side.
View 4 Replies
View Related
Jul 22, 2012
I'm having some problems getting an ipsec tunnel established between a cisco 887VA router and a cisco srp527w router.I am working from a few text books and some example materials. I have worked through many combinations of what I have got and am still struggling a little bit.I look at debug results and it appears as though the policies do not match between the devices:
Jul 23 05:44:37.759: ISAKMP (0): received packet from XXX.XXX.XXX.XXX dport 500 sport 500 Global (R) MM_NO_STATE
broute1#
Jul 23 05:44:57.079: ISAKMP:(0):purging SA., sa=85247558, delme=85247558
broute1#
Jul 23 05:45:17.031: ISAKMP (0): received packet from XXX.XXX.XXX.XXX dport 500 sport 500 Global (N) NEW SA
[code]....
Some specific questions:
1) on the SRP in the example's I have used (and I have a few SRP->SRP VPN's that work) I see you need to enter the preshared key, I'm not seeing in the examples I have used anything about the IKE preshared key on the IOS box. Any examples where you use the preshared key for IKE? I wonder if this is my primary issue as it states clearly in the log that there is no Preshared key :|
2) I have used a mish mash of names between the various sections as on the SRP the naming convention isnt the same; ie: which parts of the IPSEC negotiation come from the IKE policy section and which from the IPSEC policy section. Do the names really matter across different ends of the VPN?
3) I notice when I perform this command in the(config-crypto-map)#:
set peer FQDN
It is converted to:
set peer XXX.XXX.XXX.XXX
Is this expected? I want the device to look at the FQDN as this particular host is using DDNS and not use a static IP address.
View 4 Replies
View Related
Mar 17, 2013
I'm trying to setup an ASA and a UC540 side by side, to utilize the ASA for data networking and the UC540 for voice. This 'should' work fine, I just seem to be having an issue where the ASA seems to be blocking traffic from the voice network as it passes through.So here is the LAN setup:ASA: 1.1.1.1UC540: 1.1.1.2The UC has a voice vlan 10.1.1.1/24 and a service module at 10.1.10.1/30My PC uses the ASA as its default gateway, 1.1.1.1The ASA then has static routes to the UC networksRoute 10.1.1.1/24 1.1.1.2Route 10.1.10.1/30 1.1.1.2Ping from PC to the UC networks works fine. However, ping from the UC networks to PC fails. ASA logs show traffic being denied due to not having an established connection or something.My guess is that the traffic is being blocked because the egress and ingress paths are different? Traffic from the PC goes to the ASA, then gets routed to the UC and it works. However in the other direction, traffic from the UC is going directly to the PC and bypassing the ASA, because its a directly connected network and doesn't have to route through the ASA to get to the PC. The reply traffic from the PC DOES go through the ASA following its route table, thus the issue of the ASA not seeing the established connection?Same-security inter and intra interface is enabled.So I think I see the issue, I just don't know how to fix it. Is there something I can configure on the ASA to allow for this? My only other option would be to configure a /30 on a new vlan to handle the routing between the UC and ASA or something, but that seems like its going to make this simple setup way too complicated with extra networks, vlans, trunks, etc.I am running ASA version 8.4.5?
View 1 Replies
View Related
Mar 16, 2012
Is it possible to redirect all web traffic to a Symantec web filtering address on a particular listening port. I had a look at the Srp527w Router and can't find where this could be done.
View 1 Replies
View Related
Sep 22, 2011
I require a system that will support 3 VLANs, the VLANs are purely for containment of broadcast traffic and needs to support inter-VLAN communication between client devices. Would the following configuration work:
Port based VLAN on the SRP527W with each port connected to layer 2 switches serving each VLAN.
DHCP server on the SRP527W assigning IP addresses for each of the V LANS in different ranges. (eg 10.10.1.xx, 10.10.2.xx, 10.10.3.xx). Would there be any benefit upgrading the Router to a SRP547W?
View 2 Replies
View Related
Aug 22, 2011
I have a RV220W (running fw version 1.0.2.4) that i am trying to configure for a client. They are set up on Comcast with 13 available IP's. I should note that this netowrk is now currently running without issue using a Cisco Pix 506e. Unfortunately, the Pix is almost impossible to configure using the GUI now as I have to load a 4-year old version of Java now just to get the PDM to load. But I digress.I've set up the RV using the identical settings as the Pix on bth the LAN and WAN side. When I do, computers on the LAN side can all reach the Internet ok. However, once I enable one-to-one NAT for an internal server, that machine can't send or receive ANY traffic to the WAN side. I've even tried setting access rules enabling ANY traffic in both directions, and that has no effect. Either I'm missing something, or this is just one more bug in this product.
Even though it was a bit of a step down going from the Pix to the RV220W, it was done for the ease of setting up VPN's as I was ready to purchase a second one for a new satellite office opening in a few weeks. It looks like we will be switching vendors on the router side as my faith in Cisco is waning at this point.
View 1 Replies
View Related
Aug 21, 2011
I'd like to create a site-to-site vpn between an SRP527 and an other vpn gateway. The problem is i don't see how to route all traffic from the local network (network defined by the lan ip interface of the SRP527) to the other vpn gateway? It seems to be only possible to define the destination network (accessible via the vpn) with ip/mask (but only for "small" network: for exemple i tried with 10.2.0.0 mask 255.255.0.0 and it's ok but i tried with 10.0.0.0 mask 255.0.0.0 -> it's not working. I obtain the message "invalid ip")
View 1 Replies
View Related
Apr 7, 2013
I make a vpn site-to-site IPSEC tunnel between 2 RV110W the above ,you will find the configuration
Site1
Site 2
always the same message
View 3 Replies
View Related
Mar 24, 2011
I have set up a site to site VPN from a Cisco ASA 5580 to a Netgear FVS318v3 using 3DES, MD5, GH 2 and preshared key, My VPN Tunnel is always up, I can see on the netgear and firewall ASA that the connection VPN is established at both phase 1 and phase 2 level, but no traffic is flowing through the tunnel sometimes. The only way I can see the traffic passing, it is reload the tunnel on the firewall netgear.the configurations on the firewalls are same.
I can see the requests of the ASA Red_Lan to server located at the remote site, behind the Netgear Firewall and observe traffic on the ASA but on the outside/inside interfaces of the firewall Netgear there are not traffic. Is necessary to configure and others parameters for VPN?
View 1 Replies
View Related
Sep 15, 2011
I was hoping that the latest firmware would fix my (2) 'bugs', but it did not. We are using the RV042s at our remote medical clinics as an end-point VPN router to our Nortel 1700 VPN router, replacing our old Nortel Contivity 100s.When I try and do a reset when connected remotely via the WAN interface, the RV042 hangs and will only reset by re-powering.
View 1 Replies
View Related
Mar 13, 2013
i configured cisco asa 5520 as cisco ezvpn server and cisco 891 as ezvpn client .the configurtion is working fine.i am using client mode on the ezvpn client side.but my quesion is , is it possible to communicate to ezvpn client side internal ip from the ezvpn server side?and one more thing what is the benefit of network extension mode on the client side and how it will work what are possible changes need to do in the server and the client side.
View 4 Replies
View Related
Jan 30, 2013
My E1500 enters a state where the LAN-side (broadcast, etc.) works, but the WAN-side (internet connection) just goes away. If I go unplug and replug the E1500 the internet connectivity comes back.When this happens, the wireless indicator on my desktop (Dell with Intel wifi) says I have an internet connection, but I clearly don't.
View 2 Replies
View Related
Apr 17, 2013
if the SRP527W supports QOS over a site to site VPN.
SITE A will have the main phone system and SITE B will have a couple of phones which hook into the SITE A phone system over the existing IPSEC VPN
Need to be able to set some type of QOS over the VPN connection.
View 1 Replies
View Related
Dec 17, 2012
I have a SRP527W router connected to a L2 managed switch (a TP-Link... I know, it is not a Cisco...). and a PC and a Printer connected to the switch. Now, I want to have the PC and the printer on 2 VLANs.
I've created 2 VLANs on the SRP (192.168.1.0/24 and 192.168.2.0/24) and I have assigned Lan port 1 to both. The SRP acts a DHCP server so I have the SRP setup as 192.168.1.1 and 192.168.2.1 providing IP addresses to the 2 VLANs.
I setup VLAN 1 and 2 on the switch, assigning port 2 to VLAN 1 and port 3 to VLAN 2 (port 1 is trunk and connects to the SRP).
When I fire up the PC and printer they get their respective VLANs correct addresses (PC: 192.168.1.30 and printer: 192.168.2.30) but I cannot for the love of Odin see the printer from the PC. The SRP has Inter VLAN routing enabled. By the way, the switch has address 192.168.1.2
View 8 Replies
View Related
Sep 12, 2012
I have a network which is based upon a 4507 Core/Dist switch, with 1G fibre to a bunch of radially connected 2960 Access switches. It all works fine and as expected for data and telephony.I have been tasked with setting up one of the VLANs to support multicast, so a bunch of video streams will be injected at the 4507, and will be delivered to client PCs connected to the 2960 switches.The 4507 is running with SVIs to some VLANs, but the VLAN that will have the Multicast on it is isolated, with no SVI.I could change this if required,I need to run IGMP snooping, and probably deploy CGMP to take advantage of the Cisco-proprietary functionaity.
View 4 Replies
View Related
Jun 5, 2012
I've got a new Cisco srp527w-u router which is working fine though it's syncing at a lower rate than my Billion (6mbps vs. 8.5 mbps for the billion on the same line). I had tweaked the billion way back to connect with a 4db SNR margin and almost certainly this is why it achieves the higher rate (by comparison the cisco is syncing with an snr margin of 12db). Is there some way that I can configure it to use a lower SNR margin? I realize this might reduce connection stability but I'd at least like to be able to give it a try if possible.
View 2 Replies
View Related
Jan 28, 2012
I recently bought a Cisco SRP527W and I'm trying to setup a second wireless network for guests.
I created a "guest" VLAN and I assigned the "guest" SSID which I have created.
I created a "guest" DHCP server and assigned it to the "guest" VLAN.
The "guest" SSID is set to broadcast and has WPA2 Personal (TKIP+AES) authentication. These are exactly the same settings I have for the "non-guest" WiFi.
However, I can't get my clients to connect to the network. The "guest" WiFi is visible and clients are prompted to enter the password but after that they end up with an APIPA address. When I move the "guest" SSID to VLAN1 (along with all the other networks) then it works absolutely fine.
I was just wondering if I'm simply missing something in the configuration ..
The device is running the latest firmware (1.01.24 (003) September 7, 2011)
DHCP server has DNS Proxy setting enabled and WAN Interface configured as "Default Route" (have basically replicated the same settings as VLAN1)
View 1 Replies
View Related
Apr 30, 2013
my client has just had the above router supplied by telstra and upon setup can no longer access filemaker server which was accessed prior on their netgear router. I have port forwarded to 5003 and 16000 as per the previous setup. Is there another setting somewhere that i am missing like perhaps static ip or something. I might add that networking is not my strong point.
View 7 Replies
View Related
Oct 21, 2012
I've just received a new SRP527W-U-E-K9 router to replace an old D-link router. However Apple IOS devices are not discoverable by iTunes on a Windows PC. The PC is connected to SRP527 by wired ethernet. All IOS devices are on the same SSID and the same VLAN as the wired ethernet devices.I have been reading on several other threads in this site about this exact same problem. The fault was that multicast broadcasts were not being forwarded between wired ethernet and WiFi on the same vlan. url...
The fault in thie above thread was resolved by a firmware update MR3 (v1.1.19) last year however it appears that the SRP527W-U has slightly different firmware to this version.The configuration of my SRP527 is the same as the original poster's config in the above thread. [code] The version information of my SRP is embedded below. As it is brand new, I assume that it is the most recent firmware, so I would have assumed that the bug which was resolved in the above thread above would be incorporated in this firmware version. [code] Is Cisco aware of this problem and is there any other firmware that I can load onto my model of SRP to resolve this?
View 1 Replies
View Related
Sep 16, 2012
I have a Cisco SRP527W at my remote office set up. I have configered a VPN connection to it. I installed Cisco VPN Client on my laptop.I can connect to the VPN but can not access the shared folders. I can ping the PC that has the shared folders. I take my PC and connect to the onsite LAN with WIFI, and I can now view the shared folders. I assume it must be somthing in the VPN set up that is blocking the shared folders from being seen. I also have disconnect all firewalls during testing at the remote end. I'am using windows 7 (64) on both PC's.
View 6 Replies
View Related
Jun 3, 2012
I've just purchased a SRP527w router and loaded the new firmware which includes the 5 client VPN server function.
The function works great with my iPhone as a client, but I've been unable to make a connection from my Windows 7 laptop, as the built in VPN configuration doesn't have anywhere to put the group name.
Is there a VPN client, or is there some way to get the Windows 7 native VPN configuration to work?
View 2 Replies
View Related
Nov 5, 2012
We have a SRP527W, we have created VLAN for DATA and VOICE remotly connected to an office by VPN.
VPN is working fine.
Now we want to register SIP lines integrated in SRP527W to a Cisco Call Manager located in our office.
The problem is that the source of SIP packets is WAN interface of the SRP527W, so packet wont pass in the VPN. Is possible to change the IP source of the SIP registration ? The most useful will be to set the IP source SIP on the voice VLAN.
View 2 Replies
View Related
Feb 12, 2012
I'm wanting to use the SRP527W (from Telstra) to route a block of assigned internet addresses (/29) over the WAN internet IP address. Is this possible on the 527W, or does it only do NAT routing?
View 6 Replies
View Related
Nov 26, 2012
I have a pair of SRP527W-U units, which each connect to a separate ISP by ADSL2+ . I am attempting to use each simultaneously as follows:
ISP-A via Cisco A for general traffic, and to run HTTP server X
ISP-B via Cisco B to run HTTP server Y
HTTP servers X and Y are on one machine, but binding to two separate IP addresses eg x.x.x.3 and x.x.x.4 . In a situation like this, I would normally configure Cisco A and Cisco B with x.x.x.1 and x.x.x.2 respectively. CiscoA would run DMZ to x.x.x.3 and Cisco B DMZ to x.x.x.4. The server would use x.x.x.1 as the default route. Then I would set Cisco A to have a policy route catching source address x.x.x.4 and sending it to next-hop/gateway x.x.x.2.
BUT, the policy route feature requires traffic be sent out the WAN port or a tunnel (no next hop, only WAN side VLANs, tunnels or interfaces). configuring a GRE tunnel connecting the two routers is fruitless, and the tunnels refuse to be created on the LAN side (tunneling is only possible out the WAN).
Attempting to simultaneously use the 4th LAN/WAN port in WAN mode also fails, as the WAN port is only available when the ADSL port is not. Under Win2000 and Linux it was possible to configure two separate network cards and use seperate sub nets, each with a default route. This feature no longer works with more recent versions of Windows.
How I might get this working, without buying a 887? I am open to buying a 547.
View 1 Replies
View Related
Mar 20, 2012
Currently we're using Cisco 867 routers, wich connect to a IP-VPN network with internal IP's. I'm trying to test a SRP527W router as a replacement for the current 867 routers, as they are more affordable for our customers in the SMB segment.
However all our 867 routers have 'ip unnumbered' on their dialer interfaces (we're using PPPoA) to avoid NAT and problems with SIP and easy management of the IP Phones behind the router.
Does any know if it is possible to have the same IP on the WAN interface and the LAN interface? If so, how do you configure it in the SRP527W?
View 1 Replies
View Related
Apr 17, 2013
I upgraded the firmware to latest and apparently i've lost couple of options inlcuding TCP Dump in diagnostic as well as I cannot find how to disable/enable an ethernet port.
View 5 Replies
View Related
Feb 2, 2013
I have recently purchased a srp527w and I am thinking to buy a Cisco wireless ip phone 7921g. Does it works with the srp527? Do I need another device betweenn my srp527 and the ip phone? or it just works by configuring the voice vlan. If so, what phone would it work, the analog or the ip phone?
View 2 Replies
View Related
Aug 20, 2011
having trouble to configure the Cisco SRP527w where we have two incoming VLAN's.
1. vlan1 is for internet (20mbps)
2. vlan2 is for a specific application (Specific IP Address - 10mbps)
Somehow we are unable to configure the router to enable PC's connected to the router to access both vlan based to the application specific vlan. Its always routing it through the internet.
View 0 Replies
View Related
Sep 16, 2010
im having trouble setting up site to site vpn from my 527w to my 877 series and thought it would be much easier to see whats going on the 527 if i could see command line
so ive ssh'd to the 527s ip address but none of the usernames/password combos work that let me in the web gui, what are the logins?
View 9 Replies
View Related
Feb 14, 2011
I've been having the lockup issue with the SRP527W (in fact this has been an extremely embarrassing situation after spending 4 x what I could have on a Net gear type unit, to do the same task). I've not yet managed to get hold of the new firmware (MR3) as I've not received the email with a link.
On another note, I'm not sure if this has been covered in other posts, but, when my unit stops working (Wireless still alive, no internet) - the CPU hits and stays at 100% and only a reboot fixes it.
View 5 Replies
View Related
Aug 23, 2012
Recently I have switched from DSL to Comcast Cable. In the PPoE settings you can disable DNS from ISP. However, now since I have to use DHCP I cannot disable the DNS from ISP.If I change the DNS on the LAN or change the DNS in my adapter properties (in local machine) this makes my Brother printer loose connectivity.How can I get the openDNS servers on the WAN side of the RV220?I do not have a static ip address from Comcast either....
View 5 Replies
View Related
Sep 20, 2012
I just bought a new Cisco SRP527w and I'm just new on this kind of equipment. I can't locate the user management tab as I'm trying to change the default password.Also, I can't access the internet. My dsl modem rj45 is connected to the WAN/LAN port with IP Static settings.
View 14 Replies
View Related
