Has come across issues with multiple GRE tunnels between two devices when using the same source and destination addresses. I've tried using tunnel keys but this makes no difference. The only way I can get this to work is between different source & destination addresses.
View 4 Replies
I have a 10nos of cisco 2960 switches and 1no of cisco 3725 gigabit switch. all 2960 switches are parallaly connected to 3725 switch though fiber.
all the switches are having same vlan and public ips for management.
Now I want to upgrade IOS for all 2960 switches at a time, how to up grade IOS same time for all switches.
We have 2 separate ISP connections with 2 separate routers, during a recent router outage we found that our PIX firewall was not routing to the second default route that I have in the pix configuration. Doing some searches on CCO, I have seen some documents that say that the PIX only supports one default gateway/route. Is this still true, even in version 8 of the PIX software? Is this still true in the newer ASA's? Or will they support multiple default routes?
I'm thinking I'm going to have to setup HSRP on my 7206 Internet routers so the PIX can use one gateway, but wanted to verify before I take the time to set this up.
I will upgrade ios image to router 7206vxr, only have doubts, is necesary upgrade
View 2 Replies View RelatedRouter CPU is staying high. No changes to configuration in a while.
Plt-72-7206-2#show proc cpu sort | ex 0.00
CPU utilization for five seconds: 91%/87%; one minute: 88%; five minutes: 90%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
42 1116663516 34369829 32489 1.55% 1.57% 1.55% 0 Per-Second Jobs
3 12184 479 25436 0.73% 0.18% 0.09% 2 SSH Process
2 10062364 6316855 1592 0.24% 0.18% 0.22% 0 Load Meter
[code]....
I work from home and host quite a few machines within my home network which are all accessible internally, however I have a requirement to be able to access multiple services externally.I have standard home broadband with a SKY ADSL Router Modem and have the ability to set a DMZ, however i can only put 1 IP address as the DMZ destination. This means that from externaly, I can only access a single machine, obviously I can RDP from there but I need other services, for example SSH to another machine. Anything that I can buy which I can set as my DMZ, but can have rules which will redirect me once in the internal network to different services?
View 3 Replies View RelatedI have a MPLS cloud in our data center. I want one network coming into our core router to have a different default route than the other networks coming in. I'm getting hits on the acl but the route isn't applied and goes to the default route that is configured in the router. I have other PBR for setting local-preferences and as-paths and they are working fine.
The router is a 7206 Version 12.4(11)T3
!
ip route 0.0.0.0 0.0.0.0 1.2.3.4
!
ip access-list extended 2nd_Default_Route
[Code].....
I am a employed at a credit union with 17 branches. We have a mpls circuit connecting the branches to our main office. I setup DSL as a backup connection. I have 17 RV042 Cisco VPN Routers. I created a secure vpn tunnel for every branch to the main office. I made a delayed route in our main router to fail over to the VPN, in case the mpls failed. Almost everything works great except our ATM's are required to connect to a router at our main office to a different subnet than the tunnel is connecting, therefore not routing through the tunnel. I've tried creating another tunnel but only works with one of the branches, cause I get a conflict at the main office when I try a second tunnel with the same ip network. Also I tried routing all the traffic through the vpn by putting in the address 0.0.0.0 subnet 0.0.0.0, at the branch site. But I can only do that for one branch, The Downtown Cisco won’t let me create another tunnel with that setting.
View 1 Replies View RelatedWe have 2 Cisco ASA 5520 configured as Active/Standby with public IPs 68.171.xxx.xx6 and 68.171.xxx.xx7 respectively.We have 3 different vendors who are trying to access our Data Center. Do I have to have 3 different public IPs for these 3 different vendors? Or, just share the public IPs assigned to our 'Outside' interface?
View 3 Replies View Relatedi am building new vpn tunnels for multple sites using 2 ASR 1004, and 100 remote devices cisco 2800 routers.I am thinking of using getvpn to do it, am i thinking correct ? can i use DMVPN
View 3 Replies View RelatedI can set up multiple VPN tunnels on a cisco router 800 series?
View 9 Replies View Relatedi have a 7206 router to be used as a gateway for internet router 7206 inerfaces are connected directly to cisco switch 2960g note that 7600 work only at 1 gega , and cant be used for 10 or 10 . im looking forward to use router 7600 instaed of 7206 i copied the config of 7206 and pased in 7600 but some commands which are under interfaces command was not accepted here is the config which as not accepted in 7600 router
%%%%%%%%%%%%%%%%%%%%%%%%
duplex auto
speed auto
media-type rj45
negotiation auto
%%%%%%%%%%%%%%%%%%%%%%%%
note that the 4 lines above was not accpted in 7600. does these commands will affect the new config ?i just want to ask before im trying to apply this config to production network?
I am in the process of configuring two vpn tunnels on one interface of cisco router series 1721. Any link or document with more information?
View 5 Replies View RelatedI purchased the RV180 to replace a dead Linksys BEFVP41 to connect a home office to HQ. The Linksys was configured with three IPSEC tunnels to connect to three different subnets all through the main HQ gateway. Note that each tunnel is independent with its own pre-shared key. I can configure the same tunnels on the RV180, and each one works correctly, but I can only get one to run at a time. I have to disable the other two. Enabling a second tunnel results in the No phase2 handle found error. I could not use the Basic VPN setup as it complains that the remote endpoint is already in use. I had to use the Advanced VPN Setup to create the IKE and IPSEC policies. In a different discussion [URL]
View 3 Replies View RelatedHow to configure CISCO ASA 5510 for multiple IPsec tunnels?On other side is CISCO 2801.
View 20 Replies View RelatedI'm trying to research the tunnel limits on a 5508 controller if you're terminating controllers to two different SSID's. For example. In my DMZ i have a GUEST SSID for contractors and guests and then I have another SSID used by employees so that tablet and mobile phone users can access the interenet. Because we don't trust any of these devices we have that SSID is termiated just as we do our GUEST SSID.
To reduce the number of anchor controllers I deploy, I wanted to start with one 5508 Controller. (then move up to about 3) This controller would have two SSID's, GUEST & MOBILE. On the Foreign controllers when I setup anchor tunneling I will be anchoring to the same controller however to two different SSID's.
Per the 5508 specs it supports 71 tunnels.
So my question to the group is, will the 5508 see this anchoring as one tunnel each? Or does it support 71 Tunnels per SSID?
We have several remote sites with Linksys WRVS4400N and Smoothwall firewall/vpn devices. I need these sites to be able to connect to multiple dis-contiguous subnets at our main office. This was easily done with smoothwall and linksys. You create a separate tunnel for each subnet and voila, you're done. However, when I tried this with our newly installed ASA, it will not let me create multiple tunnels to the same remote peer address. This is a problem since these sites only have a single static public IP address. Am i missing something or does the ASA not allow connections to/from multiple subnets form a site with a single peer address?
View 13 Replies View RelatedDue to special circumstances we have 2 ISP links on an ASA5510. I am trying to terminate some L2L VPN tunnels on one link and others on the second ISP Link, eg below:
LOCAL FIREWALL
crypto map outside-map_isp1 20 match address VPN_ACL_Acrypto map outside-map_isp1 20 set peer 1.1.1.1crypto map outside-map_isp1 20 set transform-set TS-Generic
crypto map outside-map_isp2 30 match address VPN_ACL_Bcrypto map outside-map_isp2 30 set peer 3.3.3.3crypto map outside-map_isp2 30 set transform-set TS-Generic
crypto map outside-map-isp1 interface ISP_1crypto map outside-map-isp2 interface ISP_2
crypto isakmp enable ISP_1crypto isakmp enable ISP_2
route ISP_1 0.0.0.0 0.0.0.0 1.1.1.254route ISP_2 3.3.3.3 255.255.255.255 2.2.2.254
Establising the VPN tunnels in either direction when using ISP_1 works fine establishing in either direction from remote access users and multiple L2L tunnels (only showing one for example).
On ISP_2
1. Peer 3.3.3.3 device establishes a VPN tunnel, but the return traffic does NOT get back to devices on 3.3.3.3 tunnel.
2. The local firewall does NOT establish a VPN tunnel going to 3.3.3.3
It would seem to indicate that the problems lies with this multihomed firewall not directing the traffic correctly to either return down and establised VPN tunnel (point1) or to intiate a tunnel if none exists (point 2).
Reconfiguring the VPN tunnel peer for 3.3.3.3 to be on ISP_1 of the local firewall, all springs into life! There are sufficient license etc...
I need to create multiple ip-sec vpn tunnels on A Cisco 837 ADSL Router. I am able to create one tunnel but the second connection is asking for the outside interface which is atm and already taken by the first tunnel. How can i create more tunnels?
Secondly, after creating the first tunnel i am able to access the remote lan network but when i tried tracert "remote lan ip of a pc" from my pc i got "request timed out" after passing my 837 but succeeded to reach the target. Does tracert needs something to be opened in the router?
We have a number of sites running Cisco 881 routers. A few of the sites are connected by IPSec VPN tunnels that have been configured using Cisco CCP without any issues until now. On one location I can ping from a workstations on Site1 to Site2, however I cannot ping from the same workstation on Site2 back to Site1.
Here is a strange behavior. If I have a continuous ping going from Site1 - Site2 and then start a continuous ping from Site2 - Site1 then I get a response until I stop the ping from Site1 - Site2. Site 1 has approximately 5 successful tunnels with absolutely no issues.
Here is some site specific Info:
Site1
Cisco 881 running Version 15.0(1)M7
crypto isakmp policy 1encr 3desauthentication pre-sharegroup 2crypto isakmp key ThePreShareKey address XXX.YYY.ZZZ.232 crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel toXXX.YYY.ZZZ.232set peer XXX.YYY.ZZZ.232set transform-set [code]......
Site 2
Cisco 881 running Version 15.2(3)T1
crypto isakmp policy 2encr 3desgroup 2crypto isakmp key ThePreShareKey address TTT.UUU.VVV.224
[code].....
For additional troubleshooting I established a VPN tunnel from Site2 to our office Site3 with no issues at all. Site3 happens to be one of the VPN tunnels that connects to Site1 with no issues. I have seen a number of articles on this on the net and gone through the troubleshooting steps of an article such as [URL]. The tunnel is confirmed as up when I have done all my troubleshooting.
Is it possible to have multiple dhcp pools for multiple VLANs? The switch is a 6509 and/or 4506 catalyst. I don't want to use server-based products.
View 5 Replies View RelatedQuestion on ASA VPN tunnels. I have one ASA 5510 in our corporate office, I have two subnets in our corporate office that are configured in the ASA in a Object group. I have a site to site IPSEC tunnel already up and that has been working. I am trying to set up another site to site IPSEC tunnel to a different location that will need to be setup to access the same two subnets. I'm not sure if this can be setup or not, I think I had a problem with setting up two tunnels that were trying to connect to the same subnet but that was between the same two ASA's. Anyways the new tunnel to a new site is not coming up and I want to make sure it is not the subnet issue. The current working tunnel is between two ASA 5510's, the new tunnel we are trying to build is between the ASA and a Sonicwall firewall.
View 3 Replies View RelatedI am in a manufacturing test scenario and need to connect multiple devices with the same IP address (identical hardware all with the same fixed IP) to one Windows 7 desktop for the purposes of testing.I have a 3Com SuperStack II Switch 1100 that I am using as my switch. This switch supports VLAN and I have set up a number of VLANs, 1 for each device, with the host machine residing in all of the VLANs. I need to connect to these devices via SSH, preferably all simultaneously.'m thinking this will work except I have no idea how to differentiate ssh traffic to/from any 1 of the VLANs to the host.
View 13 Replies View RelatedI would like to connect a variety of wireless devices in my house to my work VPN while allowing other devices in the house access to my home network as normal.I was hoping to find a wireless ADSL router that allows me to associate a LAN port to a VPN connection, then connect a wireless access point to that port. I could then run two wireless networks in my house, one that would connect to my work VPN and the other that would not.
View 1 Replies View RelatedI have a network with a Catalyst 3750 as the main switch and then some Catalyst 2960 switches that are plugged in to that. I have a server running windows server 2008 with a couple of virtual machines running in Hyper-V. I created 4 VLANS listed below and gave the 3750 the following IP Address.I would like the 3750 to only be configurable from VLAN 40 but currently every VLAN can connect to it, I noticed in the standard web page settings there was a setting for "Management VLAN" but it was set to 1 and would not let me change it, I kinda assumed that was for the management port in the back.-Now the tricky part, I was trying to set up routing between the VLANs and so far I have only been able to get a sort of "all or nothing" routing to work. I can turn IP routing on and add two or more VLANs to the routing and it works fine. But what I was hoping to do is create a couple of "junction vlans" that would only route to one or two other vlans. For instance, I wanted to create a VLAN 100 that routed to VLAN 20 and 30 but nothing else. I also want to route VLAN 1 just to VLAN 30, and so on. I am able to do each one of the cases but only one, it seems like the switch only supports one "routing table" am I missing something or is this just a limitation of the switch?
View 2 Replies View RelatedWe have two Cisco 5505 firewalls connecting to two ISP's . The two internal LAN's on the firewalls are 192.168.184.0/24 & 192.168.186.0/24. We also have a Cisco C3560x layer3 switch with vlan interfaces 184.3 & 186.3. We have two DGS-3100 Dlink layer 2 switches connecting our users to the Layer 3. Ip routing is enabled for intervlan communication & I can reach the Switch interfaces & firewall gateways from machines on both on the vlans.We have pbr enabled on the 3560 & users only on the .186 network can get to the internet. The switch is running the ipservices license & the sdm template is "desktop routing" .
Users on the .184 cannot access the internet but we can ping the layer3 interface & the firewall gateway. [code]
Can I use a USB hub to connect multiple usb devices to a single usb port on a wireless router? I want to connect a usb printer, usb scanner, and usb external hard drive.
View 1 Replies View RelatedI am looking for a modem and router for multiple devices, we have 3 phones a lap top, PS3, and Xbox 360. i have thought about adding an addition phone line with internet so we have to connections?
View 1 Replies View RelatedI lost it on my old laptop. Figured it was time to get a new computer anyways, we bought a new one, along with a Playbook. Both the new computer and the Playbook have had this problem, though they were able to fix it.They all use Wi-Fi.
View 2 Replies View RelatedI want to connect my ps3, sky hd+ box and samsung smart tv. Upstairs is my wireless router and I have connected to this by using a power supply networking adaptor (duvelo). I have since purchased a cheap ethernet switch from ebay and plugged this into the power adaptor connection next to my ps3, sky hd+ and samsung smart tv downstairs. I thought by connecting these 3 devices to the switch (which is connected to the duvelo adaptor) I could have all 3 devices simultaneously connected online. However, I still can only have 1 ethernet cable in the switch at once and hence only connect 1 device at a time.
View 2 Replies View RelatedWe can only connect 2 devices at a time. Someone suggested that it may be a setting with my wireless router.
View 2 Replies View RelatedI just got a Nook Color as a gift (nice huh?) I just bought my iPad2 in Jan. So now I've got Comcast cable with a Netgear N600 router and:
1 desktop Win XP sp3 plugged into router
1 desktop Win 7 usb wireless
1 HP laptop w/ Vista
2 Dell old laptops Win XP not used much
Sony PS3 not on much
iPad2 always on
Nook Color
AND a Roku always on
I think that's all. So I'm guessing all this will slow down my whole connection? My iPad is the fastest. My Nook is extremely slow. Maybe it's the B&N website? When I go to shop and even when I registered it, it says connection having trouble. I finally had to setup my account at BN with my desktop. The Nook wouldn't stay connected.
I have a i-ball 150M wireless-N ADSL2+ Router device in that , in the NAT tab, i have activated DMZ at my static ip with a private address 192.168.1.224 , so that that ip enabled device can be access to anywhere in public network.I want that using this single static ip , How to configure two private address devices in DMZ, so that both of ip enabled devices can be access in public network.
View 3 Replies View Related
