Cisco Switching/Routing :: 1721 / Change Remote Site Network Configuration With / Without Losing Connection?
Sep 19, 2012
My company just assumed management of a remote entity. The network has several misconfigurations and I need to make some network modifications from my office w/o losing access or incurring lengthy outage to the clients. The network consists of 1721 router and three 2960 switches.
- I only have access to the router from the Internet. I telnet off the router to the 3 switches.
The site uses a single class C 192.168.1.0 / 24. The router is running RIPv2 even though this is the only network. The prior network person (contractor) set up separate native vlans on each switch and all the ports are defined as Native trunk and access are defined to the VLAN interface assigned to the switch. So of course the logs are flooded with Native VLAN mismatch, Each 2960 switch is a VTP server but has no VTP domain.
basic network layout:
Internet => Eth [Cisco 1721] => Fa 0 192.168.1.254 ==> [SW1]
[SW1]
interface Vlan1
no ip address
no ip route-cache!interface Vlan220ip address 192.168.1.219 255.255.255.0no ip route-cache
[code]....
!interface GigabitEthernet0/1description SW2 Gi0/1switchport access vlan 204switchport trunk native vlan 204!interface GigabitEthernet0/2switchport access vlan 204switchport trunk native vlan 204!interface Vlan1no ip addressno ip route-cache!interface Vlan204ip address 192.168.1.224 255.255.255.0no ip route-cache Normally, I would assign the current 192.168.1.254 to a subinterface to Router Fe 0/0 but with each switch having its own native VLAN I am afraid I will lose connectivity to the downstream switches -- my only access is telnet off the Cisco1721 Router.
View 3 Replies
ADVERTISEMENT
Nov 15, 2012
I have an Acer 7750G, running Windows 7,connected to our home network using a Dynex router. At the moment this is the only laptop in the house that is having problems with connectivity. Starting yesterday, it only connects intermittently. When I run diagnostics, it says the following problems have been fixed but it either solves the problem for a few minutes only or not at all: "Problem with wireless adapter or access point" or "Default gateway is not available".
IPV6 connectivity also shows 'no internet access' and sometimes IPV4 reports no internet. I've unplugged and rebooted the modem and router a few times but that hasn't solved the problem.
Edit: I ran troubleshoot again, and it says the following issue is not fixed: "Wireless Network Connection 2 does not have a valid IP configuration".
View 14 Replies
View Related
Dec 12, 2011
I have a 1721 router installed with both an adsl wic and a 4 port switch wic card. My setup is as follows:
pc connected to port 3 (mode access on vlan 20) on the 4 port switch wic (installed in 1721 router)port 4 is configured as trunk (encap dot1q) and connected to fasethernet 0 (inbuild of 1721)fastethernet 0 configured with no ip address?
created sub-interface fastethernet 0.20 with encapsulation dot1q on vlan 20?ip address of sub interface 0.20 is 192.168.20.240?pc nic ip address is 192.168.20.245 however cannot ping 20.240?I want to use only this router with its switch wic for vlans and internet?
View 20 Replies
View Related
Mar 9, 2011
I am try to configure ASA 5510 with 8.3 IOS version.My internal users are 192.168.2.0/24 and i configured dynamic PAT and are all internet .
i want configure identity NAT for remote access VPN.Remote users IP pool is 10.10.10.0 to 10.10.10.10
i know to configure NAT exemption in IOS 7.2 version. But here IOS 8.3 version. configure NAT exemption for 192.168.2.0/24 to my remote pool( 10.10.10.0 to 10.10.10.10).
View 6 Replies
View Related
Mar 6, 2011
i have 2 router asa 5505 with base license i wanna make site to site vpn connection and remote site using vpn client to connect first i have hdsl router with 5 public ip i wanna try it by giving 1 public ip to each router and try the vpn but nothing work?
View 1 Replies
View Related
Jan 14, 2013
We have a 5508 controller in main site.Which has two ports connected to local network.Management VLAN 500 is untagged and mapped to Port 1.All other interfaces are including 501 to 507 are mapped to Port 2.We have a SSID that is mapped to VLAN 501 interface , which successfully can be joined in main site.We connect an AP to remote site ;We have a remote site VLAN 115 which can be reached from main site.We connect an AP to access vlan 115 port on the remote site , we had described option 43 , so AP can successfully finds controller in local mode.
AP gets ip from VLAN 115 , can setup connection / ping controller successfully.There is a wide area connection between remote and main site.No trunk setup , the whole remote site is vlan 115.However when the client is trying to connect the test SSID , client cant get connected nor get ip address.Local switching is disabled.For this setup , client comes to AP as a requested , AP tunnels traffic to controller from vlan 500 , controller lets the client get into wired platform from VLAN 501.
View 25 Replies
View Related
Aug 10, 2011
So I have been asked to make the following scenario work: We have 2 Cisco 1721 routers that need a site to site link between them. One will live on a corporate network with the following setup. It will only have one interface active at an internal ip of 10.10.1.76 with a extrnal address nat'd to it (only port open is 500 for VPN traffic). The far end lives behind a DSL and I know that configuration works (hole in the firewall passing to it) (tested already).
The building network is 10.10.0.0/16.
When we first tried this setup we were using both interfaces available on the 1721 for the head end. Now I'm being told we are getting the NATd ip and one interface.
So the question is, can I make a site-to-site work with only one interface on the router? Or do I have to get the client to give us a 2nd network connection?
View 5 Replies
View Related
May 22, 2012
We are connected to 2 different providers (PROV01 and PROV02) with eBGP full internet tables. PROV01 routes have higher local preference over PROV02.
We are having problems with our provider and would like your expertise. PROV01, higher preference has been having trouble with their router. The BGP remains up but the router stops forwarding traffic. as a resulta we lose connection to the internet but our traffic never goes to PROV02 since PROV01 BGP remains up announcing the 400K routes to us.
Is there a way to test internet connection though PROV01 and as the "internet is DOWN" automatically change traffic to PROV02? Can BGP parameters changes be triggered by IP SLA? Our router is an ASR1006 RP2.
View 11 Replies
View Related
Jul 21, 2011
I setup RA-VPN under local asa 5510 IP pool (192.168.127.0/24) and all was working fine. I got internet and local network access.
Then i have 5 site to site VPN working fine but when im traying to access to those L2L VPNs from the remote acces client im not able to do that. So after that i decided to obtain IP addresses from my DHCP server so i can obtain IPs from my local network (172.17.16.0/16) and then access normally to the VPN site to site. But the surprise was that the VPN cisco client is getting local IP address (172.17.16.222) perfectly but im not able to access even to my local network.
I have the same-security-traffic permit inter-interface same-security-traffic permit intra-interface enable.
View 6 Replies
View Related
Apr 3, 2013
I have two Cisco routers - 2911 in HQ and RV180 in branch office. Because in HQ LAN network I have some development servers, to which guys from branch office need to have acces, I decided to setup VPN site-to-site between HQ and branch office. Everything went quite smoothly, on both devices I see, that ipsec connection is established. Unfortunately I am not able to ping resources from one network to other one and vice versa. Below is the configuration of 2911 router (I skipped som unimportant (imho) configuration directives) :
crypto isakmp policy 1
encr 3des
hash md5
[Code].....
View 9 Replies
View Related
May 21, 2011
Remote-access users aren't able to reach our remote network through a site-to-site VPN tunnel between two ASA 5505's.
I've seen several threads about that here, I've run through the walkthrough at [URL] I've taken a stab at setting split tunnelling and nat exemption, but it seems I'm still missing something. Remote-access users can reach the main site, but not the remote site.
Remote-access (vpn-houston) uses 192.168.69.0/24.
The main site (houston) uses 10.0.0.0/24
The remote site (lugoff) uses 10.0.1.0/24
View 5 Replies
View Related
Jun 28, 2011
I have a site-to-site VPN already established, everything is working as it should. I'm trying to block the remote network from accessing our network since we only need to access theirs. I'm sure this is something very easy to implement with an ACL but I'm not sure where this rule needs to go. The VPN is on ASA 5505.
View 5 Replies
View Related
Apr 15, 2012
We have a Site that is connected via Wireless Bridge to the Main Site, the site is on separate VLAN with Cisco 3560 switch. The main site has 6509 swith. Configuration as per attached diagram. We are connecting a fiber between the remote and the main site and adding a 3560E switch at the remote site, however we would like to keep the wireless connection as a backup in case the fiber is severed the wireless will be availble. Attached diagram shows detailed cofiguration. I would like to know what should I change to make this working. STP is enabled on all switches.
View 3 Replies
View Related
Jun 20, 2012
We have a new building where we added 3 network closets with 3750x stacks.We have 2 fiber gig ports connected to 2 microwave units and etherchanneled the to ports
We have the same setup at the corporate office except the connection is 2 fiber gig ports on a 6509. The 6509 is doing the routing
Now the problem is that we lost the connection to the management interface on only one of the three closets after a few days running. But some workstations at the corp office could reach it... others could not. The workstation were on the same VLAN. We solved the problem for a few days by shutting on of the fiber ports on the etherchannel. But is started happening again... now with PCs being installed at the new location.
The PC that was not working on the 3750x side could ping across to the 6509 but no further then that. It seems like an arp issue not routing because some devices are reachable and fully operational throughout the network.
Here is the configuration:
3750x:Cisco IOS Software, Version 12.2(55)SE1
Current configuration : 118 bytes!interface Port-channel1switchport trunk encapsulation dot1qswitchport mode trunkno snmp trap link-statusend
!interface GigabitEthernet1/1/1description 2gig to STB-6509switchport trunk
[Code]......
View 19 Replies
View Related
Sep 14, 2011
I have a PIX 515 and am working with a Site-to-Site VPN. When I do not specify a filter on the Group Policy I can successfully access the remote network and the remote network can access my local network. However this by itself poses a securty risk for my local servers. I need to be able to access the remote network fully, however only one or two workstations on the remote network need to access mine.
If I add access-list vpn-remote-site extended permit ip host remote-wkstn1 any then only the remote workstation can access my remote network. This gets me a step closer as now only the remote workstation can access my network effectively denying everything else. However, from my local network I can now only access the remote workstation and not all of the other devices. I do not have any control over the remote firewall and would like to make sure it is secured on my end.
View 1 Replies
View Related
Oct 29, 2011
We have a site-site and remote vpn configured in same interface in ASA 5520 ( software version 8.3 ). When Remote vpn users try to connect to computers located on the distant end of site-site VPN, their request failed. I tried No-Nat between remote vpn private IP to the remote site private IP, also stated the same in Split tunneling. I cant find even the tracert, ping also timed out.
View 7 Replies
View Related
Nov 9, 2011
The day before yesterday, I bought the dir-615.
I had set an admin password and user's password. It was not same password. In this setting, there was no problem. Sure, no problem at connect from private IP, internet IP or just reboot and anywhere. The problem is the next.
If you got an electronic timer-switch and apply the DIR-615 then you cannot obtain an admin privilege from a remote. It just general user's permission even if I put the admin password.
I have been DIr-615 E4 hardware and 5.10 firmware. It does not happens at local IP address(i.e. 192.168.0.1) but it happen as trying connect from a remote IP address after AC plug re-powered.
I am doing use the AC timer for the remote internet managing at every day. It useful things for the router and IP camera. I need a admin privilege from a internet for the router managing.
View 16 Replies
View Related
Jul 16, 2012
How do I find out who made the last configuration change on a 6509 CAT switch with the following Show VER
WS-C6509 Software, Version NmpSW: 8.5(9)
Copyright (c) 1995-2007 by Cisco Systems
NMP S/W compiled on Apr 16 2007, 21:23:23
[Code].....
View 5 Replies
View Related
Aug 22, 2011
We have an RVS4000 router at two ends of a VPN tunnel. The VPN tunnel is working fine, however a phone at the remote site drops calls, even though they sound clear and unblemished. I have set highest priority on the port the phone is hooked up to at the remote site, and have set a priority for upload traffic on both routers, but the phone stills drops calls after 2 to 3 minutes.
View 3 Replies
View Related
Aug 21, 2012
I have a WRT54G router anf DSL modem. My router keeps losing connection, wired and wireless (My connection is not visible on any laptop). I tried briged mode on the modem and I tried the configuration CD. Everything works for some months or weeks. Sometimes the CD setup asks me for manual configuration. I am using modem to desktop connection?
View 2 Replies
View Related
May 18, 2012
I have a requirement to create a site to site vpn tunnel on ASA 5510 from a remote site to my HO, ihave already other site-to-site tunnels are up and running on the ASA.The issue is my remote site has got the network address which falls in one of the subnet used in HO(192.168.10.0/24).My requirement is only My remote site need to accees couple of my servers in HO which is in 192.168.200.0/24 subnet.
View 2 Replies
View Related
Jun 17, 2012
We have ordered a pair of Cisco ASA5520 (ASA5520-BUN-K9).Now there is a requirement to terminate site-to-site VPN from remote site. Do we need VPN plus licence for this and how much it cost?
View 1 Replies
View Related
Jun 13, 2012
The scenario where a Site to Site VPN tunnel has been established between Site A and Site B. Lan on Site A can ping Lan on Site B. My problem is a Printer behind Site B needs to be accessed by using the WAN IP address of Site A. Also i could not ping the remote lan or printer from the router.
Below are my configure on the Cisco 877 in site A.
Building configuration...
Current configuration : 5425 bytes
!
! Last configuration change at 15:09:21 PCTime Fri Jun 15 2012 by admin01
!
version 12.4
no service pad
[code]....
View 1 Replies
View Related
Oct 11, 2011
cisco products and am struggling getting a VPN going between an ASA 5505 and 5510. I have a VPN created (using the VPN wizward on both) and it shows the VPN is up, but I can't ping the remote site (from either side).
View 11 Replies
View Related
May 12, 2013
router 1721 with one wic-1adsl ,i have adsl conection with irb static ip. the router connect with mannaged switch through a trunk port. the switch has 2 vlans one for the static IPs and the other for private lan. i need the private lan to be able to go to internet. vlan2 can go to internet because it has the same subnet with provider but vlan 1 canot go internet, so how i can make all vlans go internet(the router has only 1 fastethernet port)
View 4 Replies
View Related
Mar 11, 2012
I started to set up a 1721 router with WIC-4ESW. This is on an internal network, so only looking to just do routing from FA/0's interface to the networks attached to ports on the WIC. I first assigned just VLANs to 2 of the ports and this did not work. So I did some reading up and decided to use bridge groups. Except I still can not access the interfaces on the WIC. And by that I mean on the router itself I can not ping the ip assigned to the BVI.
I have another 1721 w/4 port that long ago I seem to remember simply assigning VLANs to the interfaces and I was able to communicate between the networks without issue (or maybe I just don't rememer that well). Thing is I should be able to at least ping the internal interfaces shouldn't I (assuming the status is up). I don't know why BVI2 and 3 are listed as down, nor do I seem to know how to bring these up.
This is what ip int br gives me:
1721#sh ip int br
Interface IP-Address OK? Method Status Protocol
BVI2 192.168.101.1 YES manual down down
[Code]....
View 3 Replies
View Related
Feb 11, 2012
We have a new remote site for customer which only have 3G connection and to add more pain to that they have dynamic IP address.the easist possible solution was EZY VPN.....client has 2800 router with 3G and at our end we have ASA.....the issue is that , that always server (clients nehind) asa initiate connection to the remote site ie to 3G.....the rule of thumb is that whenever client(ie EZY VPN) will initiate conection the tunnel will establish.
View 1 Replies
View Related
Sep 14, 2012
I have set up a couple of vlans on a cisco 1721 router 4esw card using the vlan database and assigning an ip address of 192.168.1.x and 192.168.2.x for each vlan interface.Strangely enough connected computers can talk to the other vlan and I have not set any subinterfaces on the etherner0 (layer 3) and not even connected a cable.Is there any reason why this should happen since they should not talk to eachother being on seperate vlans.Doing a tracert shows that first the vlan ip address is hit and then straight to the target pc in the other vlan?
View 4 Replies
View Related
Oct 20, 2011
Long time since I have had to configure a router and have a small project
Here is what I have in a simple diagram:
PC(static IP)--to--Switch--to--(Ethernet0 int, WIC0)1721 router(FastEthernet0 int, built-in)--to--Switch--to--PC(DHCP)
I need static IP PC to be able to ping the DHCP client. Static IP units 10.1.1.x/16, DHCP clients 10.1.3.x/16.
I have found these overlap and thus give errors and will even shutdown the interface if I enable certain things like routing or bridging.
So I gather I need to change one interface IP range, which would be the DHCP side, I need to stay 10.1.1.x/16 for static side.
View 7 Replies
View Related
May 17, 2012
I can ping [URL], from the router but not from a client attached to the router dhcp interface(10.1.3.1). When I turn on ip routing I cannot ping at all. Here is the config I have now that can ping the internet from the router.
sh runBuilding configuration... Current configuration : 1191 bytes!! No configuration change since last restart!version 12.3no service timestamps debug uptimeservice timestamps log datetime msecno service password-encryption!hostname
[code]....
View 7 Replies
View Related
Jan 26, 2012
enable dot1q encapsulation on two ethernet ports on a 1721 router. I am able to configure it on the built in fastethernet port, but not on any interface provided by a WIC-1ENET or a WIC-4ESW. I have an application that requires two physical ethernet ports that support dot1q encapsulation.
View 4 Replies
View Related
Nov 27, 2012
since a couple of days I've a strange behavior in my Spanning-Tree Topology.Every time I plug in a new Switch ( e.g. WS-2960S ) a topology change on my root bridge occurs and all client losing connection to the default gateway.The root bridge is also the default gateway.
Nov 28 11:14:12.865: STP: VLAN0001 Topology Change rcvd on Gi4/48
VLAN0001 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 0, sysid 1, address 0019.aa37.e040
Configured hello time 2, max age 20, forward delay 15
We are the root of the spanning tree
[code]....
View 5 Replies
View Related
Jan 1, 2013
I have a Cisco 1721 router with an ADSL wic. I have followed guides on the Cisco website so that I can connect the router to my home adsl connection. The router connects to my broadband provider and sucesfully obtains an IP address along with Dynamically assigned DNS servers. I am able to ping google.co.uk from the router but not from clients attached via DHCP.
I have noticed that if I ping the IP address of google.co.uk from a client it resolves but it will not resolve the name. This would lead me to believe that the problem lies with DNS resolution/forwarding but I do not know how to investigate further.
View 3 Replies
View Related
