Cisco Switching/Routing :: 2800 Series VPN And PCI Compliance
Aug 21, 2012
I'm trying to turn off SSH version 1 & 2 to pass PCI compliance. Problem is, I cannot touch the VPN link between the two offices. I'm afraid the PKI certificate used for the VPN will be deleted if i zeroize the RSA key which seems to be the only way to stop the router responding on port 22.
Here is the stuff from the running config related to the crypto map:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
[ code].....
I'm only CCNA so I'm not even sure if the certificate or RSA key is being used for the VPN link, but I can't tell from the running config that zeroizing it would be a good idea and not break the VPN. I'm open to other ways of disabling SSH, as we are able to just connect using a console cable. But it looks like denying port 22 with an access-list doesn't even stop the router from responding to the port.
View 6 Replies
ADVERTISEMENT
Jan 25, 2013
My Cisco seems to be stuck when it boots up, with the following:
Upgrade ROMMON initalized
And it goes on with self comperessing image then an OK but then it starts loading again all over.
View 13 Replies
View Related
May 22, 2013
I have Router 2800 series Global nating is configured on it.
ip nat inside source list 111 interface Dialer1 overload
!
access-list 111 deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 111 permit ip 192.168.1.0 0.0.0.255 any
My object is that i want give internet access only for few users ip E.g IPs addresses from range 192.168.1.0-10 can acess intenet access other all are deny.How i do this with ACL .
View 2 Replies
View Related
Aug 3, 2012
Is there a way to set static routes per VLAN?Example VLAN 100 sends all traffic to 192.168.1.1 and VLAN 200 sends all traffic to 10.1.1.1. (2800 Series RTR)I have 5 networks that have their own gateway to the Internet via satellite link. Those networks run over the same infrastructure on separate VLANs. They frequently send traffic to each other, which gets sent over a slow SAT link. I introduced a router to the network and would like to set all my hosts default gateway to the local routers sub-interface then have a static route that send all traffic that is not on one of my 5 networks back to that VLANs respective SAT modem to get routed out over the Internet.
View 4 Replies
View Related
Aug 16, 2012
I am trying to add WCCP to be configured for websense. My first option seems to be either purchase an IPServices license for the stack of 3750E switches, but i am thinking this will require us to license all three switches in the stack. The second option i am looking at is to do the WCCP configuration on the 2800 router we have on the edge. The problem is both Gig ports are in use, one going to the firewall and the second going to the ISP. My first question would be, which option is better in terms of manging as well as cost of implementing it.The second question is, if WCCP on the router is a better option, what is the add on module i should be looking to get to add the additional ports to hook up the Websense cache.
View 8 Replies
View Related
Jan 31, 2012
In a site we currently have 1 BT provided ADSL link which is currently terminated using their device which I believe is some kind of 2wire device, which is extremely slow due to distance from the Exchange (4Mbps)...We have a growing number of users here and want to install a second ADSL line from BT to give them increased performance.
We have a Cisco 2800 sat not doing much so I was wondering if I could use this to load balance the link? I know BT do not support MPPP so therefore the maximum any user can get will be the speed of a single link (4Mbps)...But basically how can this be done..
Can I leave the two BT routers in place and place the Cisco 2800 behind them, or do I need to purchase two ADSL modules for the 2800 and terminate the connection there?Also once done, what do I need to do regarding actually setting up the load balancing? I have seen this:
[URL]
But am unsure as to how relevant it is? I am not sure I understand what the ACL's are being used for? I just want all users on the LAN to load balance out...
Also I am unsure of this statement:You potentially need to add policy-based routing for specific traffic to ensure that it always uses one ISP connection. Examples of traffic that require this behavior include IPSec VPN clients, VoIP handsets, and any other traffic that use only one of the ISP-connection options to prefer the same IP address, higher speed, or lower latency on the connection.I do not understand why a established session such as a VPN client, would ever traverse the second ISP connection anyway?
View 2 Replies
View Related
Mar 25, 2012
We have recently implemented Windows Deployment Services on our local network, but everytime we do a multicast image deployment the network get flooded to point of total saturation.
We have Netgear switches and a Cisco 2800 series router. IGMP Snooping has been enabled on all Switches, however, we are unsure on how to implement multicasting on the router.
The whole network is flat - no VLANs over than the default VLAN1. We only want multicasting to work within our local network and does not need to go out the other side of the router as that is the connection to the internet.
How to get the Cisco router configured properly to enable multicasting to not flood the network. It seems that even if we were to image 4 PCs using multicast this is enough to completely get the network flooded.
Also, am I right in thinking that IGMP needs to be enabled on all of the Switches?
View 5 Replies
View Related
Nov 15, 2011
I just read the Removing and Installing CompactFlash Memory Cards in Cisco 2800 Series Routers instructions and there was nothing said regading powering down the router. Are these CompactFlash cards hot swappable??
View 2 Replies
View Related
Jun 2, 2012
why I can't use cisco ehwic-3g-hspa-u card in cisco 2800 series and 1841 series router?documentation said that it should work with that devices but when I installed it, it doesn't work even as device i can't see I am using cisco latest ios advance ent. 15.1(4)M4?
View 3 Replies
View Related
Jan 5, 2012
confirm whether the Catalyst 3550 with IOS Rel. 12.2(44)SE is compliant with POE IEEE 802.3af? I see some conflicting informaiton on Cisco's web site. Before Release 12.1(22)EA2, Catalyst 3550 PoE-capable switches (without intelligent power management support) caused high-power powered devices that supported intelligent power management to operate in low-power mode. Devices in low-power mode are not fully functional.
IEEE 802.3af—The major features of this standard are powered-device discovery, power administration, disconnect detection, and optional powered-device power classification. For more information, see the standard.
View 2 Replies
View Related
Aug 1, 2011
We've just discovered it seems the 2800 series aren't getting IOS 15.2?
We're running a 2851 for our CME and specifically want some features in CME 8.8...
End of Sale has been announced, but as it stands you can still purchase this router new today.
View 5 Replies
View Related
May 7, 2013
i have one cisco router 2811 now its not booting normally.
Router was working without any problems but due to power loss router restarted and goes into rommon mode
I tried to boot from flash and usbfalsh with different images but no use router is in still rommon mode.
here the output of my router:
program load complete, entry point: 0x8000f000, size: 0x3117470
Error : compressed image checksum is incorrect 0x8E095E7F
Expected a checksum of 0x8E0AE77F
*** System received a Software forced crash ***
signal= 0x17, code= 0x5, context= 0x80014e20
[Code].....
View 7 Replies
View Related
Feb 20, 2012
We have an MPLS network to a half dozen remote sites. At our main location we have a 2800 series router. In the routers config are the following lines for QOS. When I go to the routers on the other end of the MPLS, none of them are configured with these same policies. Would these not be in the running config of the 1800 series routers, or is this not setup correct and this should be removed?
View 13 Replies
View Related
Feb 7, 2011
Each time I enter show run on my router 2821, it takes ages to display and I have a cpu peak from the ssh process ( I am connected through SSH)
RTR-2821-01#sh proc cpu sorted
CPU utilization for five seconds: 96%/21%; one minute: 34%; five minutes: 22%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
55 26948 814 33105 74.96% 16.92% 5.87% 323 SSH Process
View 3 Replies
View Related
Oct 3, 2011
Any problem/issue with using 28VDC to power the 2811 router. The spec calls for a 24VDC power.
View 1 Replies
View Related
Jan 10, 2011
i have Router 2800 series we are using leased line Connection 8 Pubilc IP.One IP Config in Router FE0/0 IP 101.102.148.91 and FE0/1 192.168.0.0 Local IP.I have 6 Web Server. How to Config other 7 IP address on Web server in the router 2800 series.
View 6 Replies
View Related
Jun 10, 2012
Can I use Sandisk Compact 4GB Flash card on Cisco 2800 series Routers
View 8 Replies
View Related
Jun 29, 2011
I have a comcast business class cable modem and am trying to connect it to my cisco 2821 to route only certain types of traffic.
View 3 Replies
View Related
Sep 18, 2012
The layer 2 switches are connected to layer 3 Switch via trunks, and routing between layer 2 switch ports with configured SVI's on 3550. All working fine. Now I'm trying to configure routing between 2800 and 3550, I tried connecting both Straight Throught and Crossover cables to the 2800 Fa0/0 and Fa0/1 ports as well as the switchports on 3550
No switchport commands are configured however, the lights do not go on for both straight through or crossover cables. I tried connecting 1750 routers but same result. My goal is to have all the VLANS routed to the internet with configuring NAT translation the router.
View 2 Replies
View Related
Sep 27, 2011
I have a 2801 running c2801-spservicesk9-mz.124-3g.bin According to the Cisco IOS MIB locator the image supports OLD-CISCO-SYSTEM-MIB I have tried .1.3.6.1.4.1.9.2.1.55 etc to set server IP address and the filename string but without any luck.e.g.
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: iso.3.6.1.4.1.9.2.1.55.a.b.c.d (where a.b.c.d is the server IP)
I have also tried the method similar to that for Cat 3550 switches where you create a table of entries to define the transfer paramaters then activate the transfer (I think the CISCO-CONFIG-COPY-MIB)
e.g.
[URL]
C:>snmpset -v 1 -c private <device name> ccCopyProtocol.<random number> integer 1 ! 1 = tftpccCopySourceFileType.<Random number> integer 1 ! 1 = networkFileccCopyDestFileType.<Random number> integer 3 ! 3 = startup & 4 = runningccCopyServerAddress.<Random number> ipaddress "<server ip address>"ccCopyFileName. <Random number> octetstring "<file name>"ccCopyEntryRowStatus.<Random number> integer 4 ! 4 = createAndGo, or 1 = Active
To write net have the source as running (4) and the dest as network (1)
ccCopySourceFileType.<Random number> integer 4
ccCopyDestFileType.<Random number> integer 1
Clean up at the end - destroy .14 with the value of 6.
example output : -
-- earlier output omitted --
Error in packet.
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: iso.3.6.1.4.1.9.9.96.1.1.1.1.4.111
Error in packet.
[code]...
View 4 Replies
View Related
Apr 11, 2013
I've problem with IP SLA probes between two different routers.2900 (c2900-universalk9_npe-mz.SPA.151-4.M4.bin) here is set "ip sla responder" only and 2800 (c2800nm-advipservicesk9-mz.124-24.T2.bin) here is set two type of tests "udp-jitter" and "icmp-jitter" - temporary, used to check for availability of 2900 router.As a result, I've what udp-jitter doesn't work at the same time icmp-jitter test is OK.Here are the settings of IP SLA tests
ip sla 281
icmp-jitter 172.25.28.1 source-ip 192.168.28.6 num-packets 100
tos 128
frequency 120
ip sla schedule 281 life forever start-time after 00:05:45
[code]...
View 3 Replies
View Related
Dec 11, 2011
Is there any official Cisco reference to describe what is considered to be the highest acceptable production CPU load on 2800 routers? I found the document "Integrated Services Routers G2 - Performance Overview" that states at page 5,Most service providers set their CPU alarms to 60 or 65 percent. Many enterprise customers are comfortable running production networks with CPU around 70 or 75 percent.
View 3 Replies
View Related
Apr 3, 2012
I have a router with two interfaces what i need to filter the HTTP traffic from one interface and the rest of the traffic through the other on my cisco router 2800.
View 3 Replies
View Related
Nov 20, 2011
I have a problem to create a VLAN with a Cisco 2801.,I need to have base ports FastEthernet 0 / 0 and FastEthernet 0 / 1, in the same VLAN.
Basically I'm trying to switch access redundacion, now I have redundant switches in which I have the servers, but if one of these switches fails, and,coincidentally is where I have connected the router, the server runs out of internet connection.,I idea is to connect the FastEthernet 0 / 0 to a switch, and FastEthernet 0 / 1, to the other switch,but I managed to have these two ports in the same vlan, in order to have a unique IP for both FastEthernet ports,As I can do this?. do is a lot of documents using the switchport command, but this command is not available in my router, I tried different IOS, and nothing.,currently I have the following IOS: c2801-adventerprisek9-mz.124-24.T6.bin
View 2 Replies
View Related
Nov 26, 2012
I have a 2800 router and tried so many ways to block the unwanted sites on my office network.Like access list ip based, null0 routing and policy map. Faced issues with below config
1. Creating Access-list. very difficulty to block the sites with https those sites will be opend, and we cant block all the IPs
2. Creating null0 routing. it also a bit deficult the block maximum sites because we can't fiend all IPs for those sites
3. Policy map.. with policy map we can only 1site we can block, but not more than one..
I heard that port based routing or port based access-list are the best ways to stop the websites in my local network..for this one i need to map the site to unsued ports then i need to null rouging or need to create the access-list.
View 3 Replies
View Related
Nov 23, 2012
I have a cisco 2800 router.. (flash:/c2800nm-advsecurityk9-mz.151-4.M4.bin, Version 12.4(13r)T11) configured DHCP, DNS, NATING and Bandwidth restriction...And to stop some social network [URL] i configured ip route 66.220.144.0 255.255.240.0 Null0 (rang of facebook address) But still i am able to open facebook.com in my network...
ADMIN-II_2811#sh run
Building configuration...
Current configuration : 1812 bytes
!
! Last configuration change at 17:26:33 UTC Sat Nov 24 2012
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
[code]....
View 1 Replies
View Related
Oct 16, 2012
Needing to upgrade IOS on 2800 router from c2800nm-advipservicesk9-mz.123-14.T7.bin to c2800nm-advipservicesk9-mz.124-15.T13.bin. I noticed ther are several other files on the old code that may needed for booting up router but Im running low on memory. The other existing files are ;
c2800nm-advsecurityk9-mz.124-3i.bin
securedesktop-ios-3.1.1.45-k9.pkg
sslclient-win-1.1.4.176.pkg
Do I need these files for the upgrade or can i delete them when upgrading to 124-15.T13.bin. ?
View 5 Replies
View Related
Jun 13, 2012
How to setup redundancy on a 2800 series Router so that whenever it fails it will be routed through the MPLS router
View 5 Replies
View Related
Jan 10, 2012
I have a customer who has a Cisco 2821 router with software 2821/HSEC/K9 and they wish to upgrade to C2821-VSEC-SRST/K9.From my understanding they want to use the same router but install an IOS with the capabilites it has at the moment but with voice. [code]How do I go about pricing this up and what upgrade sku's will do this?I am not to worried about the memory.Is it just a simple ios upgrade as the srst licenses are on a trust basis?
View 2 Replies
View Related
Oct 17, 2012
Just need to verify if HWIC-2T is compatible with the Cisco2800 routers?
View 4 Replies
View Related
Feb 19, 2012
I am in need to have the arp table cleared every 5 seconds or so on a 2800 router. I was wondering how I might be able to accomplish this.
View 4 Replies
View Related
Jul 22, 2012
I have a WAN router that's on 172.x.x.x segment, and another WAN router that's on a 147.x.x.x segments.How can I make them communicate, I would like to interconnect both segments to talk to each other.We are using a Cisco 2800 on both segments.
View 8 Replies
View Related
Jan 11, 2012
I am looking a 16 or 24 Port Ethernet (NON POE) card for my 2800 Cisco Router NM-16ESW is EOL/EOS and the replacement is shown as SM-ES2-24 However SM-ES2-24 is not supported on Cisco 2800 Series.
View 2 Replies
View Related
