I try to configure PGM in my 2911 plattform but it was impossible. I tried with many 15.1 version that support this protocol.
Someone configured PGM over 2911 Routers? What does correct IOS for work?
I have a router Cisco 2911 with two possible Wan interfaces out and a backup configuration using IP SLA. When the Primary Interface goes down the traffic is automatically rerouted through the Backup Interface, but the problem I have is that when the traffic is going through the Backup Interface (because the Primary is down) if the Backup Interface also goes down, if the Primary goes up, the traffic is not automatically rerouted to the Primary Interface. And it looks to me like it keeps trying to goes out the Backup Interface and cannot see that the Primary is down. I guess that the pings are going out the backup Interface and as it is down the router doen't receive any anwer to the ping and doesn't change to the Primary.
The main configuration related to the IP SLA is this:
!
track 1 ip sla 1 reachability
!
interface GigabitEthernet0/0
description backup Interface
ip address 175.xx.xx.10 255.255.255.252
ip nat outside
[Code]....
We are designing a solution for our customer, they plan to connect 5 site to their main office, on the main office, they use CISCO2911, branch use CISCO1921, so my question is:
1, If I want to use IPSec VPN connect branch and main office, apart from the router, I only need to buy the Security pack, like SL-19-SEC-K9/SL-29-SEC-K9, no need to buy SL-19-DATA-K9/SL-29-DATA-K9, am I right?
2, If I want to use SSL VPN connect branch and main office, apart from the router and SL-19-SEC-K9/SL-29-SEC-K9, I only need to buy L-FL-SSLVPN10-K9 for CISCO2911 in main office, no need to buy L-FL-SSLVPN10-K9 for branch as each CISCO1921 has two default SSL license?
i'm trying to install the security licenses on a 2911 router and is giving the error shown in the attached file
View 4 Replies View RelatedI have a new BGP configuration that consists of two asa 5510 and two routers 2911 at the back. My question is : Does asa 5510 support BGP?
View 1 Replies View RelatedI have CISCO 2911 with SRE module for Wireless Lan controller software. also between my local network and CISCO router is a firewall, CISCO router is an edge router so router and my Lan are in different subnets. i want Wlan and Lan to be in a same subnet is it possible? In other words, can WLC and Access points be in different subnets? the case is that wireless devices should be behind the firewall.
View 5 Replies View RelatedWe have purchased a number of 2911 routers.We got Base & security license as we wanted to enable encryption. However we probably wont use the security.We are replacing 2811 routers.Unfortunately the 2811 routers have FXS ports with 2 - 4 POTS handsets - I completely forgot about these ports when I was ordering.Now I have VIC3-FXS cards which are ok in the 2911 but unfortunately I cant get them to work.I am missing PVDMs (well adapters anyway), and even if I got them the router wont take any commands relating to voice due to the license.Is is possible to 'rehost' the security and turn it into a UC ?I am new to these 2911 and Licensing.
View 1 Replies View RelatedI want to block gtalk on my new cisco 2911 security enabled router.
View 3 Replies View RelatedWe have CISCO2811 model with VWIC2-2MFT-T1/E1 module working good over the E1 line. Since it's getting hard to find new model of CISCO2811 we decided to connect new branches with CISCO2911/K9 model (according to migration doc)
My question is can we use 2811's old config file with the 2911 model directly?
How I configurate EHWIC-3G-HSPA+7 card on 2911.
View 3 Replies View RelatedI am attempting to establish a Site To Site VPN between our SA540 and 2911 routers and somewhere I have a misconfiguration that eludes me. I suspect maybe in the 2911 Transform Set? Here is the output from the SA540. [code]
View 1 Replies View RelatedOur client ( a webhost, they have a lot of servers ) has a an older Cisco Pix, everything works fine with the PIX. They have a Cisco ASA 5500 with ASA version 8.3 , to replace the PIX. Upon migrating the PIX config to the ASA we are running into issues with Dynamic NAT. The static NAT entries are working flawlessly (there is a lot of them), however when Dynamic is enabled for the remainging hosts, outside communication works then drops off. The remaining hosts need outside access for updates. We have access lists set up but I dont se ehow that could cause a problem when the original ACL's were working fine with the PIX, they have not been altered.
The NAT config may be wrong or cluttered, have a look at the full NAT config.
The static NAT addressing is the same, example 207.11.129.65 will equal 10.10.10.65
saw that we can secure ripv2 via authentication (simple and MD5) ,i undertand that simple is not quite secure because we can see the plain text when capturing RIP packets
however even with MD5 i can see the authentication data (output of MD5) and i think hacker can copy it and paste it in one RIP packet that he will generate !! isn't it ? so how much MD5 is secure ?
I was given a 510 PIX Ver 6.3(1)to reconfigure but have no information on the existing configuration and need to wipe it clean and start over how can I do this to get back to the factory default settings. I have tried the "monitor>" but I don't know the IP address of the PIX interface.and am not sure how to do the setup for recovering the password.
View 7 Replies View RelatedWe have had an ASA5505 for close to two years. About a year ago, we added a second ISP ("BOB") which became our primary and our old one (SBC) became our backup. I successfully modified the config for this and it's been working well.
Now we're changing our primary ISP to Comcast and getting rid of BOB, so right now we actually have 3 ISPs coming into our building.
I removed the BOB interface and routes, then added an interface for Comcast using an IP address from the range they provided as well as a static route to the gateway they provided - everything is analagous to the previous interfaces and routes, but it doesn't work. If I physically disconnect the Ethernet cable going to the Comcast cable modem, then the ASA does fail back to the SBC interface as expected. If I put the BOB interface & route back in there, it works again through BOB.
If I connect a PC to the Comcast cable modem and use an IP/Gateway they provided, the Internet connection *does* work. Using this same exact IP info in the ASA doesn't work.
Is there some other configuration item besides interfaces and static routes that I should be modifying? Is there some way I can dig deeper into the ASA to see exactly what is failing?
I save the configuration in the ASA 5505 using write memory or using copy run start but whe i unplug the power cord and plug it back in the ASA gets its factory default configuration.. then what i do is a copy start run to get the configuration active..
View 2 Replies View RelatedI have got a working 5505 running 8.3.1 firmware and 6.3.1 ASDM.I have now purchased a second unit and ensured that both units are running the same firmware levels etc.
I have via the ASDM created a backup of the working units configuration, and now i want to load this configuration onto the second unit.I have connected the consiole cable up to the second unit and tried pasting in the contents of the configuration file but no joy.I want to ensure that my configuration will work on this unit before i configure the two units in Active/Passiove configuration.
I used my Pix config to setup the ASA 5505.Everything seems to be right. I used ASDM to view settings and it seems right. I am missing something minor, but I am going blind looking at it.
I can remote into the network from outside, but internatlly I cannot get out of network. No internet or email is passing through.
: Saved
:
ASA Version 8.2(5)
!
hostname textasa
domain-name testcorp.com
enable password 579oWRzSY5syo9yt encrypted
passwd 579oWRzSY5syo9yt encrypted
[code]....
i hav asa5520 i copying configuration from PIX to ASA5520 (7.2) everything working fine bt problem is that after sometime my DMZ interface losing connectivity ...
View 1 Replies View RelatedHow to set upo configuration & Security after reset
View 2 Replies View Relatedi just deployed Cisco NAC version 4.8.1 Virtual Gateway OOB on a LAN envieronment and on a WLAN envieronment, it works fine for some users , they can authenticate via the agent or web page, and then they are redirected to the access vlan, But for some other users in LAN and WLAN , when they try to authenticate via agent or web page the following error appears:
Invalid switch configuration-OOB Error:OOB client "mac/ip" not found.
I tried to find some pattern for the users but it dont match any pattern.
I have a problem exporting the config from a 1112 appliance.It does not boot up properly. GUI logon and authentication is not possible.I can console and SSH to it but the only thing i get is the commands below and nothing else.Could not chdir to home directory /home/admin: No such file or directory
View 2 Replies View RelatedI want to put the asa5520 to the factory default please let me know how to do that. how to remove the configuration file from it.
View 5 Replies View RelatedI recently configured WCCP with a Sophos Web Filter on my network it works good but the problem I am having is I have two 5520s so I am directing the device to look at 2 different IP addresses and since the devices are in an Active/Passive failover. The problem is because the second device is in a passive failover it is not responding which is throwing connection errors to my Sophos device. I know you can have a single management connection for the ASA's but is there a way to have a single IP for the ASAs for the WCCP?
View 1 Replies View RelatedI'm having some issues configuring NAT statements on my ASA5505 which has recently been upgraded to 8.41.
I have a single dynamic IP on the outside interface of the ASA and would like all internal hosts to NAT/PAT to it. In addition, I would like to have several ports 'forwarded' to internal hosts, one of which is TCP/4343. With the current configuration all hosts are NATing to the external interface properly but the service running on TCP/4343 is not accessible from the outside. See command output below:
"sh run object" output:
object network DrJones host 10.81.220.90object network LAN-10.81.220.0 subnet 10.81.220.0 255.255.255.0
"sh run nat" output:
object network DrJones nat (inside,outside) static interface service tcp 4343 4343object network LAN-10.81.220.0 nat (inside,outside) dynamic interface
"sh run access-list" output:
access-list inside_access_in extended permit ip 10.81.220.0 255.255.255.0 anyaccess-list outside_access_in extended permit icmp any any echo-replyaccess-list outside_access_in extended permit tcp any interface outside eq 4343
I've noticed that many people have routers with NAT as part of their security configuration. What NAT is/does? Also, I entered the router's settings and went to Advanced > Firewall > NAT ENDPOINT FILTERING .There are 3 options specified for UDP/TCP Endpont Filtering; they are:
Endpoint Independent
Address Restricted
Port and Address Restricted
What are these options? I downloaded the manual for the router but it doesn't mention what NAT, Endpoint Independent, Address Restricted, and Port and Address Restricted are.
Side Note: I thought about setting up a secure connection using WPA2. Right not I'm using an unsecured wireless network. If I setup a new secure wireless connection using WPA2 will my current unsecured connection still be available?
security configuration of the 1410 bridge and on how to test the bandwidth/throughput between two 1410 Bridges setup for point-to-point connectivity.
We have setup this in one of our Client sites.
I have a problem exporting the config from a 1112 appliance. It does not boot up properly. GUI logon and authentication is not possible. I can console and SSH to it but the only thing i get is the commands below and nothing else.
login as: admin
admin@10.10.1.126's password:
Last login: Wed May 30 11:11:42 2012 from jsmith
Could not chdir to home directory /home/admin: No such file or directory
acs>
API called before initialised at V:ismg_israel_acsAcsEndPointCoreendpoint.cpp:395
Command Description
----------------------------------------------------
? List commands
exit Log off
help List commands
csutil -dumpadmin Dump Admin Audit Information
csutil -dumpgroups Dump Group Audit Information
csutil -dumpusers Dump User Audit Information
csdbsync -syncnow RDBMS synchronization
I need to estimate the installation and configuration time of Cisco NAC (NAC Network Module spare for 2800, 3800 ISR) and Cisco NAC Manager(NAC Appliance 3315 Manager -max 3 Servers. There is some Cisco tool to estimate the installation and configuration time?
View 3 Replies View RelatedI am implementing wireless lan controller for a customer's site. This site uses Cisco WLC2112 and AIR-LAP1041. I configure via start-up wizard and WLAN security configuration. The client joining via WLAN seems to work fine, able to browse Internet. But when adding a shared printer or sharing files, the machine's unable to find the computer name. When test pinging, it replies when pinging by IP only. This is not happened when using a LAN wire.
View 3 Replies View RelatedI am having one router CISCO2911/K9 (Cisco 2911 w/3 GE,4 EHWIC,2 DSP,1 SM,256MB CF,512MB DRAM,IPB). But now my management asking me to upgrade this router as CISCO2911-SEC/K9.
What will be the BOM for this up gradation.
I'm trying to configure the NAC Profiler with a 3310 CAS Collector. In the "Edit Collector" menú, it shows all the modules as "Running", except for the NetWatch module which shows a state "Invalid configuration file (missingInternalAddress)".
I configured the eth3 interface of the CAS as a monitor interface in the Profiler (see attached image), and I tested that the SPANed traffic actually reaches that interface from the access switch. I'm using software version 3.1.0_24 in both the Profiler and the Collector.
I have connected a 10BaseT device to a CISCO Catalyst 3560xPOE switch with dynamic port security. All seems to work fine when the distance between the two devices is closer then 200ft. When I connect to 10BaseT devices farther out near 300ft the response from the attached device is lost. It works ok on unmanaged switches at the longer distance. Is there a minimum response time from attached devices for dynamic port security to work properly? Is there any other explanation why it would work on cheaper switches, but not on the Port Secured Switch?
View 2 Replies View Related