Cisco Switching/Routing :: Failover VPN With 2821 And ASA 5510
Jul 2, 2012
Currently I have a network that looks like this:
ASA5510 - - - Internet - - - ASA5510
| |
EIGRP EIGRP
| |
2821 -----------MPLS----------1841
BGP
The MPLS connection is currently down, I'm trying to run a failover Site-to-Site VPN over the internet. All of the examples I've read have both connections involved in the failover coming out of one device. Since I'm not working that way, what is going to be the best way to failover? Do I need to set up some sort of IP SLA in the config? Or can I somehow weight routes in EIGRP in a way that the connection will failover from Internet to MPLS when the MPLS goes down and vice versa when the MPLS connection comes back up?
View 2 Replies
ADVERTISEMENT
Apr 2, 2013
I'm a bit perplexed atm with trying to set up multiple failover routes on a 2821 router. Let me say that I have more experieince in a switched network as routing is seldom required where I work atm. Here's my problem. I have a routing table set up as follows but only the primary routes work. The failover routes will not kick in once the primary route is not there.
ip route 10.32.11.0 255.255.255.0 128.32.8.11
ip route 10.32.11.0 255.255.255.0 128.32.24.11 100
ip route 10.32.12.0 255.255.255.0 128.32.8.12
ip route 10.32.12.0 255.255.255.0 128.32.24.12 100
ip route 10.32.14.0 255.255.255.0 128.32.8.14
ip route 10.32.14.0 255.255.255.0 128.32.24.14 100
Ip addresses are not exact but it gets the point across.
Why the failover routes are not failing over? The failover routes work if I remove the primary route from the config.
View 9 Replies
View Related
Feb 27, 2013
I have two Cisco ASA 5510s that I would like to configure in an active passive failover setup. The ASAs are at the top of our rack and handle all our routing. We have been only using one ASA unit with one line from our ISP connected to the WAN/outside interface of the ASA. We recently had our ISP setup two lines into our rack using HSRP. I do not know what equipment they are running upstream of our ASAs but it is HSRP so it should be a set of Cisco routers/switches. Originally I thought I could just connect the 2nd new line to our 2nd ASAs WAN/outside port and setup failover using a crossover cable between the ASAs. After doing this config I had problems accessing some of our IPs in the subnet that the HSRP is part of. If I disconnected the 2nd ASAs WAN/outside line everything was fine. After talking with my ISP they explained that I need to connect both of my lines into our L2 network and then from there into the ASAs. Currently below the ASAs I have two Catalyst 3560-X switches. They are connected together with an ISL trunk and ASA-1s inside network connects to switch-1 and ASA-2 to switch-2. One idea was to connect each of the HSRP lines to each of my current switches and then from the switches to the ASA's WAN/outside interface. Finally back down from the ASA's to the switches via the inside interface that we have currently. This kind of seems messy and a poor choice. The other idea is to get two switches that would sit above the ASAs and connect the HSRP lines to them with the switches connected together. They would then connect to the ASAs. I like this idea better but I don't like having to buy two more full switches for this. These switches would only use a couple of ports and only handle just the HSRP ISP lines to the ASAs. Putting in two more 3560-Xs would be a big waste of money and space for this. So I was thinking of using two Cisco SG200-08, 8 port gigabit basic managed switches for this.
View 5 Replies
View Related
Sep 25, 2012
I have an issue where we have a single ASA5505 [soon to be active/standby with single ISP] connecting to HQ where there are 2 x Cisco 2821's. Each 2821 router has it's own connection to the internet running BGP and each router is setup to terminate IPSEC VPN's from the ASA. The ASA has a backup VPN configuration with no IP SLA configuration to track if the Primary IPSEC endpoint is alive. Keep alives are set and the VPN does failover to the backup.When the primary 2821 internet connection fails the ASA fails over to the backup 2821 and everything works a dream. However when the primary internet link re establishes to the primary 2821 the ASA does not fail back to the primary 2821 it stays on the backup 2821 and all is broken as the remote site starts forwarding traffic out the BGP default route - which is back via the primary connection...How do I fix this so that the ASA tracks the IP of the primary router to failback without manual intervention - clearing isakmp and ipsec sa's?The other issue is the ASA does not allow traffic to be orignated from the 2821 end of the VPN. You have to establish traffic from behind the ASA for the IPSEC sa to be created.
View 1 Replies
View Related
Mar 2, 2011
We have multiple cisco routers and most of them have dual WAN connections thru different ISPs. So, we use IP SLA monitor with tracking object s to monitor each ISP availability/reliability and switch routing accordingly ( by IOS). So far, it has been working ok. However, recently, we had some ISP high latency and the connection to one ISP will be so slow but the IOS keep seeing it as UP, thus sending traffic thru it. So, I tried to change around the threshold numbers around with no luck. Is there any configuration/commands or tricks that can do the job here? I don't want the users to be the one to detect the Internet slowness and have me manually shut down an interface or change the static routes metrics. here is a sample of my config:
ip sla 1 type echo protocol ipIcmpEcho x.x.x.x isp 1 gateway threshold 3 frequency 5ip sla monitor schedule 1 life forever start-time now
ip sla 2 type echo protocol ipIcmpEcho x.x.x.x isp 2 gateway threshold 3 frequency 5ip sla monitor schedule 2 life forever start-time now
[Code]......
View 1 Replies
View Related
Mar 10, 2013
Most of my remote site is running MPLS primary (2821) and DMVPN (881) as a backup solution..Some of my sites run MPLS primary on 2821 and site to site as back up on 881 router.. MPLS here means the router that connected me to MPLS cloud of provider, not running any mpls..it is easy that way for us..
When MPLS is down,
The way s2s tunnel gets triggered is via HSRP on LAN i.e, the HSRP VIP is served by the 881..At the far end data center, the MPLS route of remote site is purged out, there is static route with higher admin distance will get into routing table.
Remote site A LAN----- MPLS Router-----MPLS cloud-------MPLS router----------------Data Center LAN
Remote site A LAN----- DSL Router-----internet cloud--------Data center ASA----------Data Center LAN
In the MPLS plus s2s model, I often get into problem...the problem is how do I manage the 881 router via snmp, ccm , tacacs or any other management tools? There is a routing issue in hand that I canno route to and from to the mgt address of DSL. I cannot reach the loopback or mgmt vlan of the DSL router when the MPLS is active…but this will disallow all the management stuff we do on the DSL router.
View 1 Replies
View Related
Jun 13, 2012
Currently I'm looking for a way to failover our internet connection from one site to another site over our MPLS line, should that internet connection go down.
My layout: Internet > Cable internet modem (Site B) > ASA 5510 (Site B) > 2821 Router (Site B) > MPLS Line > 2821 Router (Site A) > ASA5510 (Site A) > ISP provider internet router (Site A) > Internet
Facts:Site B is the one with the internet issues.The MPLS line is routed using BGP. [URL]
View 46 Replies
View Related
Oct 3, 2010
We've got a cisco 2821 router which periodically stops routing all traffic. It seems to happen about once every 2 weeks, and I can't find anything that could be causing it. There are no entries in the log and the router stays up and running but requires a restart to begin processing traffic again. We're running 12.4(13r)T11.Any thoughts, or troubleshooting steps to track this down?
View 7 Replies
View Related
Mar 12, 2013
I start configuring Cisco 2821 router for multicast . First short description and attached sheme explanation. Let we say I have small network with 100 users. One router and Cisco switch 3560. Two VLAN’s, one for data another for multicast. Data from internet works fine but now I want to connect multicast servers (or source of more multicast streams) from another subnet. Router have three interfaces.I expect there should be no problems with multicast configuration, but unfortunately it is not like I expect. What I did ?
First step: enable multicast routing
Second step: on both interfaces (Fe 0/1 and Fe 0/2) - ip pim sparse-mode
Third step: configure switch that users are connected to access port in VLAN 222 (temporary to see if multicast work)
When I start VLC on computer nothing happend. If I try to connect computer on same subnet where is source of multicast streams it works fine.What I am doing wrong ? Is there anything about routing ? All subnets are directly connected. RP is not needed if I have one router or ?
View 11 Replies
View Related
Jun 25, 2012
I have just bought myself a Cisco 2821 ISR.At present in my home I have a Cisco 2621XM. Fast Ethernet 0/0 is connected to a 3524XL as a trunk to provide my LAN with inter-vlan routing. it works great. Fast Ethernet 0/1 is connected to my ISP's cable modem and uses the command "Ip address dhcp" to get an IP and all other info from my ISP.FA 0/1 is Ip nat outside and the FA 0/0 and all sub interface like 0/0.1 .24 .168 etc all ip nat inside.I get intervlan routing and access to the internet via this router.I have this 2821 to replace the 2621XM as I plan to run CME on it and want gigabit routing on my vlans as at the moment on the 2621 routing between vlans it at half duplex or seems to be.I have configured the 2821 to ip nat outside on gig 0/0 and ip nat inside on gig 0/1 and all of the sub interfaces (same setup as my 2621 but with gig ethernet)I have no access to the internet at all but I can ping www.google.co.uk and other domain names from the terminal session when I am connected to the 2821 via the console or telnet/SSH. the gig 0/0 has an IP assigned from my ISP too but no other nodes on the network can ping outside.Am I missing something here? the version of IOS is V 15.
My access list goes someting like
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip 10.0.0.0 0.255.255.255 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
and so on
I still cannot access the internet.....
View 5 Replies
View Related
Jun 7, 2012
I have a Cisco 2821 Router. Its ethernet Interface(E1) is connected to an ISP's Gateway.The outside interface IP is 207.x.x.1, The ISP has given 6 public IPs (202.x.x.1- 202.x.x.6) to use in LAN.
I have configured the router`s Internal Interface(E0) with a public IP address. (i.e. 202.x.x.1)
My Internal LAN PCs are in a private range of 192.168.1.0/24 subnet. Now I wanted my PC users to access the Internet while the Routers public IP remains on internal interface. How can I do the same?
View 6 Replies
View Related
Dec 6, 2011
I have a 2Fe-2W Card and wanted to find out if it can be picked up and installed on a Cisco 2821? Below is the version
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(8a), RELEASE SOFTWARE (fc2)
Technical Support: [URL]
Copyright (c) 1986-2006 by Cisco Systems, Inc.
ROM: System Bootstrap, Version 12.4(1r) [hqluong 1r], RELEASE SOFTWARE (fc1)
System image file is "flash:c2800nm-adventerprisek9-mz.124-8a.bin"
View 1 Replies
View Related
May 29, 2012
According to my boss every 3 to 4 months he has to restart our 2821 with a 16-esw module installed because of a low memory issue dealing with CEF. Here is the exact error message.
%% Low on memory; try again laterJun 8 11:18:51.777: %FIB-2-FIBDOWN: CEF has been disabled due to a low memory condition. It can be re-enabled by configuring "ip cef [distributed]" Jun 8 11:19:51.823: %FIB-2-FIBDOWN: CEF has been disabled due to a low memory condition. It can be re-enabled by configuring "ip cef [distributed]" %%
Low on memory; try again later
%% Low on memory; try again later
%% Low on memory; try again later
Jun 8 11:20:51.868: %FIB-2-FIBDOWN: CEF has been disabled due to a low memory condition. It can be re-enabled by configuring "ip cef [distributed]" Jun 8 11:21:51.914: %FIB-2-FIBDOWN: CEF has been disabled due to a low memory condition. It can be re-enabled by configuring "ip cef [distributed
View 4 Replies
View Related
Jan 27, 2012
I have a 5412zl 10.215.x.x/16 Most of the connections on this switch are on vlan1. B9 is the port which is connected to a Cisco 2821 Router. The port on that end is GE0/1. The port on the cisco side is not a trunk but configure with an ip of 10.215.1.30/24 Its part of a some ip access group. The network that i now sit on is a 172.x.x.x/24 (behind cisco router, about 3 hops to that main 2821)We current have a system on my side that talks to a server on the 10.215. that has no issues. I'm trying to access some switches on the 10.215. and have had no luck reaching them.
Here is the access list that i found that port is configured to use:
permit ip 10.215.0.0 0.0.255.255 172.18.0.0 0.0.255.255 permit ip 10.254.0.0 0.0.255.255 172.18.0.0 0.0.255.255 permit ip 10.215.0.0 0.0.255.255 172.14.0.0 0.0.255.255 permit ip 10.254.0.0 0.0.255.255 172.14.0.0 0.0.255.255 permit ip 10.215.0.0 0.0.255.255 192.168.2.0 0.0.0.255 permit ip 10.254.0.0 0.0.255.255 192.168.2.0 0.0.0.255 permit ip 10.215.0.0 0.0.255.255 192.168.20.0 0.0.0.255 permit ip 10.254.0.0 0.0.255.255 192.168.20.0 0.0.0.255 I would think the first permit would allow me to get through to the 10.215 side but maybe i need to set something up on the hp size to let it know how to get back? I'm very new to this stuff.
View 3 Replies
View Related
Jul 31, 2012
I have 2821 router configured with two subinterfaces. This router is connected on cisco 2960 switch. The trunk on 2960 is configured without any prunning of vlans. I noticed that udp broadcast traffic is being forwarded through my router on native vlan 1 (this interaface do not have ip address configured). Below is configuration:
Router:
interface GigabitEthernet0/0
no ip address
duplex auto
[Code]....
View 6 Replies
View Related
Mar 10, 2013
What is the maximum VPN Clients that could be connected to cisco router 2821, with this IOS c2800nm-adventerprisek9-mz.124-20.T.bin
View 3 Replies
View Related
Jul 23, 2012
My 2821 router has an arp table with the wrong ip to Mac mappings. The impact is that I can reach any host in the 10.1.1.1 subnet. I can reach hosts in the 192.168.35.0 just fine. [code] It is as if the 192.168.35.1 device is answering all arp requests as a proxy arp or something. Clear arp-cache nor clear ip arp on my 2821 have any affect.
View 1 Replies
View Related
Sep 8, 2012
I need to configure a subinterface eg g0/0.1 and g0/0.2 with a untagged VLAN for each subinterface on a Cisco 2821.
View 5 Replies
View Related
Nov 13, 2012
Yesterday my router was hangs and my services was stuck. I start the router hard booted and it works fine.This was second time i was facing this kind of scenario. The attached are the "show tech support" of the cisco router 2821.
View 2 Replies
View Related
May 14, 2012
I have a cisco 2821 router in rommon and displaying the message '' softwre forced crash '' and '' checksum error'' .I tried to do rommon tftpdnld but as the image is self decompressing into the ram it again crashes with the same error although i have done it with various valid ios but in vain.
View 1 Replies
View Related
Apr 15, 2012
I have a 2821 Router, with a VWIC2-2MFT card in it, with two T1s going into that card. The two T1s are a bundled MPLS line.
I then have a cable modem connection going into the gigabit Ethernet GE 0/1 port on the router.
Right now, the cable modem provides a backup connection in case the T1s go down.
What I was wondering is if there was a way to 'combine' the bandwidth from the two T1s with the cable modem?
View 4 Replies
View Related
Apr 3, 2012
Basically I run 3 voice gateways on 2821 routers. In two of my routers I've had fan failures, one router has had two fans die and one has had just the one.
I was going to buy the offical Cisco fan replacement kit but then I thought with such as high failure rate I'd rather buy something else and better guarentee the service to my call centres.
So, what i'm asking is:
- Is there any reason why I cannot procure a standard 80mm 12V fan with a better rating (cooling and reliability) and install this in my 2821's?
I understand this may invalidate any warranties but mine have long expired.
View 1 Replies
View Related
Mar 17, 2013
I've 3 interfaces on router:
Gb0/0-ISP01 with DHCP client
Gb0/1-ISP02 Static IP 192.168.2.x/24
Fa0/0 - LAN 192.168.1.1/24
I want to know, how to configure:1. Set the IP of interface Gb0/0 as dhcp client from ISP01 and make it as default route.
2. How to configure the ip nat.....overload?
3. How to use the ip sla to monitor internet connectivity to 8.8.8.8 for ISP01, if it fails, to go to ISP02.
View 3 Replies
View Related
Sep 25, 2012
We've got Cisco 2821 for our 90mb/s Internet Access. Its CPU usage is around 80%. Show process cpu does not show any cpu proccess with high utilization. But we have got plenty of policing configured for our clients using policy maps. Can this policing affect cpu usage?
View 1 Replies
View Related
Apr 8, 2013
I am having an issue pinpointing why my 2821 router is discarding so many packets when transferring data to our second site. The traffic flows from the local lan, to the router, where it is redirected via WCCP to a WAN optimization device, back to the router and over a GRE tunnel to the second site where the same process happens. The traffic does get there, but the LAN/Repeater router interfaces have around 20,000-60,000 input drops an hour. From the output below, it looks like traffic is being dropped by the RP.
I just restarted the router as a last resort, and here is what has accumulated in the last 30 min:
FastEthernet0/0/1 is up, line protocol is up
Hardware is Fast Ethernet, address is 0025.840c.7680 (bia 0025.840c.7680)
[code]....
And CPU never goes above 40%
100
90
80
70
[code]...
View 17 Replies
View Related
May 5, 2013
I have customer that we have configured netflow on the 2821 router that their traffic is on. Currently the company they have contracted with for the analysis is seeing data duplication. Below is the configuration for the interface and the router
Cisco 2821;
interface GigabitEthernet0/0
description TVC-FI-Ethernet-Fiber-Ethernet link
ip address 216.255.164.33 255.255.255.248 secondary
ip address 192.168.5.1 255.255.255.0 secondary
ip address 216.255.166.129 255.255.255.128 secondary
[code]....
View 2 Replies
View Related
May 9, 2012
I start configuring Cisco 2821 router for multicast . First short description and attached sheme explanation. Let we say I have small network with 100 users. One router and Cisco switch 3560. Two VLAN’s, one for data another for multicast. Data from internet works fine but now I want to connect multicast servers (or source of more multicast streams) from another subnet. Router have three interfaces.I expect there should be no problems with multicast configuration, but unfortunately it is not like I expect. What I did ?
View 10 Replies
View Related
Mar 25, 2012
we're facing a weird issue lately with a Cisco 2821.An interface stops responding after a few hours.The only way to bring it 'up' again is:
Hardcode: duplex or speed
or
shutdown -> no shutdown
there are no errors in the "sho interface" and no errors or entries in the log.
FastEthernet0/0/0 is up, line protocol is up
Hardware is Fast Ethernet, -
Description: Infopoint
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
[code]....
View 17 Replies
View Related
Mar 23, 2013
WAN link plugs into a 2821 Router with an switch module in it. About 8 clients are plugged in to the 2821.2821 connects to super cheap netgear switch (I'm 99% sure it's stripping dot1q headers) via one of the ports in the switch module. About 4 people are connected to the netgear.Now, I sent a catalyst 3560g to the branch because they wanted to extend into a new building. Someone decided to run a single cable from the netgear to the 3560. On the 3560, I have about 5 clients and a couple of APs.
So it goes 2821 -> Netgear -> 3560. All of these are single connections.When the 3560 gets plugged in, all clients on the netgear lose their connection, and nothing on the 3560 works. It happens almost instantly. I can't figure out why connections are dropping. The APs have about 4 VLANs onn them, and the PCs are on their own VLAN (the native VLAN).
View 3 Replies
View Related
Jan 21, 2012
I am having issues with 'telnet' on port 2821 to a range of servers connecting through vlan interface from my core switch 6513 running s72033_rp-DVIPSERVICESK9_WAN-VM) version 12.2(33)SXH7, RELEASE SOFTWARE (fc3). The telnet on port 1556 and 13724 is ok.
View 1 Replies
View Related
Nov 6, 2012
We have several DMVPN-connected sites that are connected to our 2821 ISR pair.They're all configured as eigrp stub connected summary. Yesterday, a few of the sites went inaccessible, but the VPN tunnels were still up and running. Upon further investigation, we noticed that the remote sites stopped receiving routing updates from our 2821's. As a quick fix, we added static routes to bring the sites back up.Later that night, we removed the static routes and cleared the eigrp neighbors, hoping it would fix the problem. When it didn't, we cleared them two more times.Suddenly, the router lost all downstream adjacencies. While we were adding statics to at least bring the sites back up, all of the adjacencies came back.
View 2 Replies
View Related
Aug 28, 2008
When i try logging by HTTPS on a router i have next errors.
%HTTPS: http ssl get context fail (-41104)
HTTP: ssl get context failed (-40407)
I have a 2821 router with
c2800nm-advipservicesk9-mz.124-15.T1.bin ios
View 9 Replies
View Related
May 21, 2012
One of our client wants to know "How many route entries a 2821 router or 881 router can support" Such as the 3750 can support 11k routes in ‘desktop routing’ mode. But I want to know the limitations on routers.
View 1 Replies
View Related
