I have created a PPTP VPN on a cisco 3745 router, and a pool of addresses for the VPN clients. Now i want to find a way to reserve the addresses in the pool for specific machines, for example, if machine A connects to the VPN it should always be given the IP address a.a.a.a and that address should never be assigned to any other machine even if machine A is not connected to the VPN.
View 1 Replies
Issue: When I attempt to save the changes I made to the DHCP reservation list I get an error window that reads:
http:\201.201.201.201 (my internal router IP address - changed from 192.168.0.1)
Host name Invalid I have a DHCP Range setup as 201.201.201.100 to 201.201.201.199
I'm attempting to reserve an IP address of 201.201.201.199 for one of the computers on my network.
I can see the computer on the dir825 router and am connecting to it through a linksys wrtgs working as a repeater bridge running dd-wrt. The computer in question is successfully getting it's IP address from the dhcp server on the dlink router.
The dir825 is running 2.05na firmware. Why am I unable to reserve an IP address?
I am new to networking and configuring a ASA 5505. I have one public IP and would like to know if I can Nat this ip to 2 private IP addresses. Both addresses will be passing similar traffic.
View 1 Replies View RelatedI need to know the maximum number of MAC addresses that can be entered in to the MAC security filter list on the AP541N.I know it has a maximum number of 200 concurrent users, however the documentation does not specifiy whether this also applies to the MAC filter.
I have used wireless acces points in the past that allow hundreds of users but only allow 64 MAC addresses, so this is very important.
In setup for old RV042 (V1), when updating / adding Mac addresses, the table is always sorted by IP addresses. But in the new oneRV042 (V3) I have, even with latest firmware 4.2.1.02 the list is random, thereby increasing the chance of user entering DUPLICATE IP addr with diff Mac addr. That will result in conflict.If the firmware sorts the DHCP entries by ip addresses, user would be able to catch duplicate ip errors even if the system does not flag the errors. All Cisco smart engineers can you all get the dhcp entries SORT by ip addresses.
View 2 Replies View RelatedI need to connect site to MPLS provider and run Cisco GETVPN.Problem:I have been browsing Cisco Feature Navigator Tool and to my surprise when I enter "platform:3745" I can't find an image compatible with GET VPN. there is no workaround (image) I can run GET VPN on 3745? I need IP routing (BGP, OSPF) as well.
View 1 Replies View Relatedwe've got a pair of old 3745's that are getting upgraded to new 2911's, and I'm trying to run IOS 15.2 on the new routers to get them most current before going into test and production use.The routers are doing BGP, IPv4, and HSRP, and I'm trying to put one in at a time as to not have to big bang everything at once. I'm putting the one that matters least in first, and basically using the same config as the old one, which was running IOS 11.
I was using "no ip mroute-cache" on ethernet interfaces, and it says that command is deprecated and I should use the MFIB commands instead. Darn if I know what that means, I believe it was set up so the ethernet interfaces had IP multicast fast switching disabled, which was set up by our vendor 10 years ago so I'm not sure if it matters. It would seem logical to me this would have an impact on HSRP and speed of failover. Does this matter, and if so how in the world do I do this with IOS 15.2?The second one is the use of "no fair-queue" on our serial connection for a T1. This command isn't there either, and I'm not sure if I even need to bother on this. It was set up on the old router on a T1 Frame Relay circuit.
There is no special requirements, just need new hardware with some reserve availability. As for now it's 3745 EOL and I assume to use 3945.
View 4 Replies View RelatedI have two routers I am trying to connect via the WIC-2T port. I can ping from router to router, but not from my PC (192.168.2.122) to the 3745 (10.0.1.3)..
3640:
Current configuration : 1846 bytes
!
version 12.2
[Code].....
i just configured GRE over IPSEC on my Cisco 3745 router with VPN module installed. As soon i hit 25Mbps traffic, my CPU is touching 80%.
What maximum Traffic 3745 with GRE over IPSEC it can support?
Also show process CPU sorted dont show any evidence of which process eating it up.
sh processes cpu sorted
CPU utilization for five seconds: 75%/75%; one minute: 77%; five minutes: 78%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
[Code].....
I have to replace the 3745 which is our edge router (running (C3745-ADVIPSERVICESK9-M), Version 12.4(23), RELEASE SOFTWARE (fc1)) with (I think) a 3900 (drawing from memory, I haven't actually seen the device yet).In an ideal world, I SHOULD be able to just set term length to "0", do a show run, copy that off to a text file, and then paste it into the new one...
View 19 Replies View Relatedhow many NM-32A or NM-16A module can be installed on 3745 and 3640 routers?
View 1 Replies View RelatedOne of my clients has an older 3745 running IOS 12.3 and we are looking at replacing it with a new 3945 that runs IOS 15.0. This router is also configured with CME. Is it possible to migrate the current 12.3 config to load on the new 15.0 IOS? This will be my first encounter with 15.0 so I don't know what I am up against at this time. I am just hoping I don't have to retype all the ephone config, dial-peers, etc
View 2 Replies View RelatedOur 3745 router goes into Rommon mode . I am trying to upload the ios using x modem & tftpdnld , but it giving error " monitor: command 'copy not found" for x modem & " monitor: command"tftpdnld" not found" for tftpdnld.
View 3 Replies View Relatedi have Cisco 7200 VXR in which OC3 circuit is terminated. Module installed in VXR is PA-POS-2OC3 Now i have to move this connection to 3745 Router.
What i need to know which card is required to connect OC3 in cisco 3745, as per online search this module NM-1A-OC3SMI will work, but i am confused with term ATM OC3 module, so is this the right card to connect same OC3 circit on 3745?
I am using a range of IPs from my inside LAN for my IPSec VPN clients. For example my inside network is 172.16.1.0/24 and I have a pool setup like this: ip local pool vpnpool 172.16.1.200-172.16.1.210 mask 255.255.255.0.
Before the upgrade to 8.4 it was working and now it isn't. Clients can connect and pickup and IP but can't cominuicate with the inside LAN. I think I have to do manual NAT to nonat this range. So I want to try the following:
object network obj-vpnpool range 172.16.1.200 172.16.1.210 nat (inside,outside) 1 source static any any destination static obj-vpnpool obj-vpnpool
However there are two things preventing me from doing this:
1) When I try to create obj-vpnpool I get an error stating that this object overlaps with local pool
2) Even if I create the obj-vpnpool with a non-overlapping range, when in the VPN config I don't have an option for selecting obj-vpnpool.
I intend to deploy a voice+data network using some old 3745 and 2811. The network in effect has six 3745 in a hybrid topology at different locations and each having three WIC-2T, one WIC-4T, three NMHDV-2E1. That's pretty much juicing out the maximum from these routers These will serve as my core routers and for access I will be using my 2811s with more VWICs and lesser WIC-2T to give voice and data to subscribers. The 2811s will have links to multiple 3745s. The NMHDV-2E1 will serve for the voice needs at the 3745 locations. All the WAN links will be E1. All my telephones will be on analog voice using traditional EPABX with CEPT/ PRI E1 cards for connecting to the routers. And for data, ethernet ports.Two of the routers will have E1 links to the PSTN and Internet which has to be extended to all my folks. Now, for the tricky part, all my network modules are refurbished stuff from ebay and all the ports will have links on them. I intend to use OSPF with only the backbone area.
View 7 Replies View RelatedI have a Cisco 3745 Router with 1 Subrate T3/E3 port card installed on it. We want to add another T3/E3 card,
Q1- Can i add another card in this model? Q2- Can we multilink bundle up two T3/E3 cards? (current we have a single DS3 P2P connection between two office, so want to increase the bandwidth)
We have a 3745 LNS router, currently there are less number of users connected.when a user dials request authenticated and one virtual-access interface is formed in LNS router.Now the user is disconnected the vpn and connected to VPN again in this case, whether the user is connected to the same virtual-access interface which was assigned before disconnecting or different virtual-access interface is created.
View 0 Replies View Relatedtrying to establish a connection on an ibm 3745 controller via two IBM 5822 modems to a cisco 2600 router using sdlc encapsulation secondary bridging data from the serial port to the E/Net port to run the 3270 client ???
View 19 Replies View RelatedHave an ADSL router (887) at a site which has a GRE tunnel to to a 3745.The GRE tunnel is setup with default ip mtu of 1476.If I ping from the 3745 to the ADSL router (or in the reverse direction)with a packet size of 1500 bytes this works fine.However if I ping from a router (R1) that is directly connected to 3745 to the ADSL router with a pkt size of1500 bytes then the first ping succeeds while the subsequent pings fail.Pkt sizes less than or equal to 1476 work okay.Pinging between R1 and the 3745 with a packet size of 1500 bytes works fine.If I set the tunnel ip mtu size to 1500 bytes then it works.This is obviously something to do with fragmentation, but I don't undertsand why itdoesn't work with the default mtu set to 1476.
View 11 Replies View RelatedI have a couple of these routers in the lab with a very basic MPLS configuration on them. Everything works fine on the fixed interfaces but I cannot get the ldp neighborship to form between the 1FE2W interfaces on each router. Does this module support MPLS?
View 3 Replies View RelatedI have a Cisco 3745 that is my internet router, I have a domain that directs the web address to the WAN IP address...Can I set up my 3745 to forward incoming connections to my server?
View 3 Replies View RelatedI have a subnet (vlan 104) working great across a WAN. At site 1, Router A (3745) has the L2TPv3 tunnel configured while Router B (7204) has a routed interface on vlan 104.
The only thing router A is doing is the tunnel, so I'd like put the tunnel on Router B and eliminate Router A.
The trouble is, when I move the configs to Router B, the tunnel comes up, but the far side does not receive traffic over the tunnel.
Router B shows sending and receiving packets (per the 'sh l2tun session all' command). The far end router shows sending packets but receiving 0.
Is it a problem to have both the vlan 104's L2TPv3 xconnect interface and the vlan 104's routed inteface on the SAME router?
I am really new to this and studiying so I know that I am doing something dumb. Anyway, I purchased an ASA 5505 and placed it between my Cable Modem and Cisco 3745 router. The outside interface on the ASA is dhcp, the inside interface is 192.168.100.1. The outside interface of the 3745 is 192.168.100.2 and the inside is 192.168.1.1. The VPN pool is 192.168.200.10 - 192.168.200.10.
Here's are the problems...
1. When I establish a VPN session to the ASA, I can ping and access any resources dierectly connected to the ASA's interfaces and on the ASA's internal 192.168.100.0 network. However, I cannot access any resources behind the 3745. I cannot even ping 192.168.1.1.
2. Although I believe that I sent up split-tunnel, I cannot U-Turn back to the internet once connected to the VPN.
I am having problems accessing our internal network via VPN. We have an ASA at the perimeter that connects to a 3745 router and all of our networks come of that router. I can establish a VPN connection to the ASA but I can’t ping any of our internal host.
The internal network I need to access is 172.18.0.0. When I connect to the ASA I get a dhcp address from a pool created in the ASA, the pool is 172.200.1.x. I can’t ping from the ASA to the connected vpn host and I can’t ping from the host to the ASA ip address or to 3745 connected to it.
ASA config:
group-policy NAMEOFPOLICY internal
group-policy NAMEOFPOLICY attributes
dns-server value 172.18.2.2 172.18.2.23
[Code]....
route inside 172.18.0.0 255.255.0.0 172.18.255.1 1 Route on the 3745 back to the ASA ip route 0.0.0.0 0.0.0.0 172.18.255.2 I can’t see anything on the internal network, I can’t even ping the dns servers and so on.
I am having two small issues....First on my 3745 i get the following message:
*Mar 2 12:13:13.615: IP-EIGRP(Default-IP-Routing-Table:1): Neighbor 192.168.3.1 not on common subnet for FastEthernet0/1
*Mar 2 12:13:25.811: IP-EIGRP(Default-IP-Routing-Table:1): Neighbor 192.168.2.1 not on common subnet for FastEthernet0/1
Second problem is that I have my internet connection going to the 3640 on FE0/0 and it works just fine....I want to change over and have the 3745 be the internet router, but when I configure it, I get no connection.
3745 -
Current configuration : 1624 bytes
!
version 12.4
service timestamps debug datetime msec
LD version 0x10
GIO ASIC version 0x127
[Code]...
Receiving syslog message :%SIP-3-UNSUPPORTED: Unsupported ptime value. But we have no SIP-related commands in our config. We reloaded router Friday eve 1/15 but two more %SIP-3-UNSUPPORTED: Unsupported ptime value messages re-appeared on 1/18. The router in question is a 3745 running c3745-a3jk9s-mz.123-14.t7.bin. This router does have one interface facing an ISP.
View 4 Replies View RelatedON ASA, I understand that we can assign a static IP for a specific VPN client, or we can use a DHCP pool to assign IP. Now if I want to create DHCP pools, say pool_A and pool_B, for user A, B and C they use the IP from Pool_A, and user D, E, and F they get the IP from pool_B. Is there a way to do this in ASA?
View 4 Replies View RelatedI have Remote Access VPN users (IPsec) who are terminated on Cisco ASA 5520 (v8.2). For those users, AAA is done on the ACS. Group-policies and tunnel groups are defined on ASA. Initialy I had all VPN users defined on ASA and group policies were associated with each user. Each group policy had it’s own IP pool for users. Now, I moved users to ACS. How can I associate group policy, defined on ASA, with users group defined on ACS? Is it possible that ACS send to ASA information about IP pool for different group policy? Users will use ONE vpn profile BUT based on the Active Directory group they belong to they obtain a different IP address for each group.Can it be done ? ACS version is 5.2.
View 1 Replies View RelatedWe have the configuration below set up in a 3560 switch (addresses and names modified for privacy). We are running out of dynamic IP’s in the current pool (6.35.159.0 – 6.35.159.255). We have a new set of IP’s that we can use (6.44.56.0 – 6.44.57.255 – an additional 512 addresses). Although I can figure out the commands to add a new dhcp pool, secondary subnet, etc., I’ve never done this before so I’m not sure of everything I need to do. The end result I need is that the 3560 needs to be able to hand out IP addresses from the current and new pool to anything connecting to vlan 300 – our datanet where computers access the Internet. What I need to do as far as modifying the vlan, adding the secondary subnet, defining helper IP’s, gateways, whatever, so that computers connecting via vlan 300 have Internet access via either of the pools? I have been told that all I need to do is create the pool, but not sure if that is correct...
[code]....
We are testing the upgrade from version 8.2 to 8.4 on an ASA 5505 and ran into a problem. For VPN connections we had pools created. A few of the pools were limited to a single IP address. After the upgrade the ASA rejects the pools that only had one IP address instead of a range. In the command line if you enter a question mark after typing in "ip local pool (pool keyword)" in config mode it says "Specify an IP address or a range of IP addresses:start[-end]" with the word "or" it sounds like it should except a single IP address but it doesn't. The error is "Please enter a valid IP address range."
View 5 Replies View RelatedIs it possible to create an ip address pool for ip address assignment in ACS 5.3, like it used to be possible in 3.x and 4.x?
View 2 Replies View Related
