Cisco Switching/Routing :: ISR 891 - Initiate Existing VPN Tunnel
Dec 4, 2012
I have configured a site to site VPN tunnel using my Cisco ISR 891 router. The tunnel connects between my network 10.88.10.0 to the remote network 10.210.65.0. When I ping the remote nnetwork my VPN tunnel comes up and all is well.
I have recently connected a second network to my 10.88.... network. The new local network is 192.168.0.0. I have now managed to get the two local networks pinging each other. I can also carry out RDP sessions between systems on both networks. Hence I am happy that both networks are communicating.
I used the Fastethernet Port 8 on my ISR 891 to physically connect to the new 192.168 network and then entered the appropraite 'Static Routes' on the 192.168 exisiting router(Netgear Router). Hence certain traffic arriving at the netgear will now be forwarded to Port FE8 on the cisco ISR 891.. See FE8 Port config at the bottom of this post. I have used tracert to ensure that the traffic does arrive at Port FE8,(192.168.0.235).
I cannot seem to ping any device on the remote 10.210.65.0 network from the 192.168 network. However, as stated above I can sucessfully ping the same remote device from the local 10.88 network. I must be missing something that allows the 192.168 traffic to use the existing VPN tunnel. I have added the following command to the IpSec rules for the VPN tunnel using the Cisco Configuration Professionla tool.
Permit 192.168.0.0/0.0.0.255 10.210.0.0/0.0.255.255 ip
View 4 Replies
ADVERTISEMENT
Feb 7, 2011
I have ASA 5505, i configured site to site vpn between central site and remote site and is working. Now the problem is we use remote site for troubleshooting purpose, so we need to create a tunnel from remote site to central site. I need to configure such a way that remote site can craete a tunnel to central site, but central site not able to create a tunnel, it just respond to remote site.
View 3 Replies
View Related
Nov 28, 2012
since a few days I'm trying to solve a problem. I've successfully established an IPSec tunnel between two local LANs. In the main office I'm working with a ASA5510 CLI 8.4 and a static public IP address. The branches are using different Cisco 8xx routers and dynamic public IP address. The following picture shows the current configuration:As I mentioned an IPSec Tunnel between the main office "Intern"-LAN 192.168.1.0/24 and an outside LAN 10.10.0.0/24 is successfully established. Now there is a new intern "Admin"-LAN 192.168.2.0/24 at the main office. The users from the outside LAN 10.10.0.0/24 need the possibility to reach this new intern "Admin"-LAN.Can I simply route the traffic from 10.10.0.0/24 to 192.168.2.0/24 via the existing IPSec-Tunnel? Or need I a new IPSec tunnel between the outside 10.10.0.0/24 LAN and the new "Admin"-LAN 192.168.2.0/24?
View 5 Replies
View Related
Apr 10, 2012
We have an ASA5520 version 8.3(1) We have an existing VPN tunnel between us and our partner site. We need to add a new vlan to our existing VPN tunnel.
Where do we need to add the new vlan to in ASDM interface? Looking through using ASDM, I found 3 places.
Site-to-Site VPN:
1) Connection profiles
2) Advanced > crypto maps
3) ACL Manager
View 5 Replies
View Related
Aug 26, 2012
We have a Cisco 3845 router for Site 2 Site VPN tunnels to external business partners. The IOS is (C3845-ADVIPSERVICESK9-M), Version 12.4(15)T8.One of our partners is doing a DR test and needs to have us swing the VPN traffic to another peer in a test location temporarily. I plan on adding the test hosts to our existing encryption ACL, but instead of building another crypto map, I was wondering if I can add a secondary peer to the existing one?
View 3 Replies
View Related
May 23, 2011
I have an existing VPN tunnel from my branch office to corporate.I want to allow my employees to establish a VPN connection to our local branch office where we have a local server, and not go through the corporate office.Can I set up a direct VPN connection to my router/ firewall at the branch office, even when there is a VPN tunnel already connected between my office and corporate?
View 1 Replies
View Related
Mar 3, 2013
I need your input on how to appropriately introduce an N5K with Jumbo enanbled to a prexisting Core Network (Stack of Cisco 3750G Switches) without making any major alteration on the Core configs (everything is happy). The idea is to move two High I/O servers to the N5K during a transitional phase. I already have a fair understanding of what Jumbo-Frames are and what it does. Keep Jumbo-Frames within the N5K ONLY.
Conditions:
- Traffic is Data traffic, not storage/iSCSI
- The servers host our ERP applications and MySQL that is accessed heavily by users
- N5K to C3750G connectivity is a Port-Channel consisting of 4x1GB ports
- The servers are to remain on VLAN 2 (Data VLAN)
- The Core Switch is L3 and the boundaries reside here
View 1 Replies
View Related
Mar 5, 2012
I have several cabinets with top-of-rack N2K's attached to N5K's via FEX's. 9 cabinets with 2 switches each.
Recently I added 3 more cabinets to the mix, for a total of 12 cabinets with 2 switches each.
I can get into the new switches and see the FEX's and configure ports, etc. but no device I attach to the 'new' N2K's is pingable over the network. I can take the same device, same cable, and attach it to a legacy N2K talking to the same N5K's, and it immediately joins and is pingable over the network
View 2 Replies
View Related
Aug 2, 2012
I've a situation where I need to add a new 3750x to a existing stack of 3750. [code] When I tried to stack them together, I get a version mismatch error. Is this because of the difference in SW Image? What are my options next ? My ultimate goal is to make the new switch stack correctly with the exisitng switches.
View 11 Replies
View Related
Jan 10, 2013
We've recently inherited a platform with little handover and also minimal networking experience.We're going 100 miles an hour in learning, but I'm a bit confused with the idea of a L2 switch with no IP assignments to ports, so using VLANs, and a L3 switch with IP assignments. And the combination of both.We have 2 Cisco 3750 switches, along with a whole host of other hardware, so we're starting at this "gateway" to start breaking things down.
View 7 Replies
View Related
Aug 8, 2012
When you use the command switchport trunk allowed vlan add [vlan-id]There should be no drop in service to the existing VLANs, correct? I am trunking from a 7K to a 2960S via 2G PoCh.
View 2 Replies
View Related
Oct 1, 2012
I need to add two additional 2960S switches to my stack. I saw a diagram that showed how a 4 switch stack can be connected, but I couldn't find much detail on adding a switch to an existing stack (besides master election). The output below shows how the existing stack is connected and its state
SW#sh switch detail
Switch/Stack Mac Address : 0011.2222.3333
H/W Current
[Code].....
I will need to break one of the stack rings between SW1 and SW2 in order to connect the new switches. Does it really matter which ring I break to connect the additional switches? Does one ring act as primary? If so, I'd rather not break that ring so this process is transparent as possible. Also, is there any benefit to disabling the stack port vs just disconnecting the cable?
View 2 Replies
View Related
Sep 29, 2012
I am a soon to be network admin and have never set up a network to an existing network. Steps you need to add a new location to a company's network. For example if they are using 8 Building with 7600 Routers and 6500 and you need another building and they are using MPLS or Private Network, or Internet.
View 4 Replies
View Related
Sep 22, 2012
I have 3 3750 staking switch with the following configuration:
H/W Current
Switch# Role Mac Address Priority Version State
----------------------------------------------------------
1 Member 442b.0350.9400 1 1 Ready
2 Member 442b.0357.8780 2 1 Ready
3 Master 442b.036f.a800 3 1 Ready
The new switch is installed to be wired to the master switch. the swtich 3 (* 3 Master Ready 442b.036f.a800)my question is: if you disconnect the wiring from the master stack to connect to the new switch, it is possible that the new switch change the current configuration of stacking.
-Can I just add the new switch with clean configuration without changing the current configuration ?
-How is assigned the stack number? i need the new switch be with the GI4 / x?. I can I manually by assigning ports?
-If I want to the new 3750 member witch lower prioridad, can I change priority before adding to stack?
View 2 Replies
View Related
Jan 7, 2013
We have a requirement to build a datacenter within a datacenter for a new project. The existing Core network is 2 x Cisco 6509 in VSS configuration. We would like to connect the new datacenter to the existing Core switch from the new low-end Core switch. This datacenter would have a SAN network and blader chassis.
Listing the Cisco Switches requirements and expansion module requirements ?
- What expansion module is required at existing 6509 ? Can we have one 10Gibit modules on each switches and crate a port-channel connection from new datacenter core switch ?
- Which model of Switch you recommend for the new Datacenter Core which is only going to have one SAN Enclosure and two blade chassis? Will it be a good option to use 3750E ? If yes do we need any additional modules there ?
- Which aggregation switch should we use for the blade enclosure ?
- Should we have a Cisco Embedded Switch module on the chassis to create trunk with aggregation switch ?
- How the SAN director switch is connecting to the LAN ? should we have any particular module at new Core switch ?
View 0 Replies
View Related
Mar 25, 2012
in our network we were using three 3750-48-s switches with stacking one of the switch due to some hardware failure power problem,
now i want to add a new switch 3750-48-s in the existing Stack two switches , the old two switches ios version is = 12.2(25r)SEC the new Catalyst 3750 io verion is = 12.2(35)SE5
how to add this switch in the existing two stack switches , with documentation
View 1 Replies
View Related
Mar 30, 2013
i am not able to add new 3750G switch into existing domain even after the domain name is correct and unable to authenticate with tacacs.
View 5 Replies
View Related
Mar 23, 2012
Is it possible to rename an existing VDC on Nexus7000 without deleting it and creating it again with the new name ?
View 2 Replies
View Related
Jun 5, 2012
some recommendations for product selection and overall infrastructure setup for our datacenter: We have an old, legacy setup, and are looking to replace equipment, improve performance, enhance security, and implement hardware redundancy (if cost effective).
1) We now have (2) IP blocks from our provider, and need to support both (because we have mailers on older IPs with a good reputation rating).
2) We have (2) aged Sonicwalls, one for each IP block, each connects to multiple internal subnets (some internal subnets need connectivity to eachother, some don't).
3) We have (mostly) public facing web servers (Linux/Apache), as well as database servers (with no external access).
Questions-
1) Should we implement a Cisco ASA 5520 w/ or w/o SSM modules for the new IP block (for webservers)?
1a) Should we implement a Cisco ASA 5510 or 5505 for the existing IP block (for mailers)?
1b) Or, can we have multiple public IP blocks connected to a single ASA 5520 (or 2 ASA's w/ failover)?
2) Can we connect both firewalls (5520 and 5510/5505) to a single Catalyst 3550 (or similar) using VLANs, and have 6 - 10 VLANs for webserver subnets, with ACLs controlling which subnets/servers can connect to eachother?
2a) Should we implement a second Catalyst 3550 (or similar) for redundancy (webservers have multiple network cards).
3) From our provider, we only have (1) dmark which both IP blocks connect through. Currently we have a switch connected to the dmark in order to 'splice' the connection, and have both existing firewalls connected. Is there a better approach to this?
4) We would like to implement SSL-VPN, and possibly site to site IPSec VPN, but only if there will not be significant performance degredation.
5) Other thoughts/recommendations for new features, enhanced security, or redundancy?
View 1 Replies
View Related
Nov 23, 2011
I am looking to add a new 3750 Switcch to an existing stack shown below
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 26 WS-C3750-24P 12.2(35)SE5 C3750-IPBASE-M
2 26 WS-C3750-24P 12.2(35)SE5 C3750-IPBASE-M
3 26 WS-C3750-24P 12.2(35)SE5 C3750-IPBASE-M
[code]....
I have looked on notes to add a switch to an existing stack and haven’t identified answers on how the IOS will be affected on the new switch – will it downgrade to the current stack version or will the current stack upgrade to its version. At this moment in time I would prefer if the new switch IOS downgraded to the current stack IOS version.The new switch is a 3750V2 – will this affect how it joins the stack?The new switch has the image of IPBASEK9-M – again will this affect how it joins the stack?
View 5 Replies
View Related
Feb 27, 2013
I have to add a 2960s PoE switch to an existing stack of two 2960s PoE switches. If The new switch has no configuration on it and the existing stack is broken by pulling te stack cables and then new cables are added and everything re-cabled correctly will the new switch assume the configuration from the stack without any issues?
View 10 Replies
View Related
Mar 1, 2011
I have a pair of Catalyst 3560 GB switches that are trunked with two of the standard ports, and that have trunk ports connecting to a failover pair of PIX 515e's. We're considering adding a pair of cluster database nodes and an iSCSI SAN, both of which would need a dedicated interconnect VLAN that I'd like to employ Jumbo frames on. I don't necessarily need the VLANs to traverse the firewall trunks since they're private interconnects, but I need each host to traverse the switch trunks.
Since it seems I can only enable Jumbo frames on the entire switch (current standard frame size is 1500 and jumbo is also 1500), when I enable it what kind of possible negative impact could this have on my trunked ports as well as my host connections? I've read mixed reviews of users with iSCSI SAN devices seeing terrible performance when enabling jumbo frames so I'm apprehensive about enabling them on an existing network.
View 3 Replies
View Related
Dec 6, 2012
I am having an issue with adding a c3750x switch to an existing switch stack Currently there is 2 x WS-C3750X-48P and I am trying to add another WS-C3750X-48P to this switch I have cabled the switch to the stack using the stack cables and added the command to provision the switch on the exisitng stack. However when I turn the switch on it just goes on its own stack.
I noticed the new switch had a later version of IOS so have downgraded this to the same version as the other switches but still no joy Here is the sh ver from the exisitng stack
uptime is 4 weeks, 4 days, 23 hours, 30 minutes
System image file is "flash:/c3750e-universalk9-mz.122-53.SE2/c3750e-universalk9-mz.122-53.SE2.bin"
License Level: ipbaseLicense Type: PermanentNext reload license Level: ipbase
cisco WS-C3750X-48P (PowerPC405) processor (revision A0) with 262144K bytes of memory.Processor board ID FDO1448Z0FJLast reset from power-on21 Virtual Ethernet interfaces1 FastEthernet interface156 Gigabit Ethernet interfaces6 Ten Gigabit Ethernet interfacesThe password-recovery mechanism is enabled.
[code]....
View 3 Replies
View Related
Oct 16, 2012
I am attempting to add and Catalyst 3750 - 12 port Gigabit switch to an existing stack of 3750 48 port switches (non-X fabric). I am not sure how to proceed. These are the two questions/thoughts I have. Any additional perspective I should have before proceeding.
What kind of configuration should I apply to the Gig switch before adding it to the stack?I am sure I will need to assign priority to the new switch, ideally, it will act as master.
View 1 Replies
View Related
Mar 7, 2013
On first floor, I have two stack switches and each stack has got 4 switches. they all are working fine.Now the client would like to add one more stack on the 2nd floor. But the second floor switches are different when compared to the 1st floor switches.
can you have differnt IOS among different stacks. I knew in a stack we need all the switches should have same IOS version. But in between two stacks to communicate do we need same IOS or they can be on differnet IOS?
1st floor switches have 15.0 version and 2nd floor new switches has 12.2.58. Is this ok ?
1st floor switches are 3500 series ( Note: only one one Vlan 20 we are using on the both stack switches and we would like add same Vlan 20 on to the new stack)
2nd floor switches aew 2 catalyst 2960 switches.
Note: on the second floor switches one is 24 port switch and the other one is 48 port switch. so can i make them as a stack?
We have already done cabling from 1st floor to second floor. So no problem with that at all.
View 9 Replies
View Related
Apr 2, 2009
I have 1841, 2800 and 3800 routers and need to do IOS upgrade to all of them. Existing routers do not have enough flash to hold 2 IOS images.if the router has 12.4.13r ROM IOS, will I be able to boot the ISR router via Cisco brand USB? That means in case something goes wrong while I am uploading new IOS to the router via WAN and something wrong, now router in ROMMON mode. If a local site person has a Cisco USB with an IOS in it, can he just stick it to the router and reboot the router and router will go out of rommon and go into normal mode? After it is working, then I can put the running IOS onto the exisitng CF card so now I can remove the USB and the CF card has a good IOS and reboot the router again.I am just trying to find a safe way to upgrade the site when they don't have big enough flash to hold 2 IOS at the same time. The local person is not technical so asking him to setup tftp server and put the IOS in the computer and so I can do tftpdnld while in rommon mode to grab the IOS from his tftp will be difficult to have the local person to set it up.
If ISR can boot off of the IOS in USB only, then I assume the requiremetn is the ROM IOS needs to be 12.4.13r. Then what is a safe way to upgrade the ROM IOS to this then? I never upgrade ROM IOS before so don't know what kind of problem I may run into and whether it's higher risk to upgrade this than upgrading the regular ios? If it is, then all my routers won't have this ROM IOS version, so that means I can't use USB to boot then? Will that means I am down to tftp server option? ( I heard xmodem won't work as it will time out before the ios can load via the slow dialup link into the router to rescue it from rommon mode).
View 33 Replies
View Related
Aug 29, 2012
I have some questions in regards to network equipment I want re-utilize for my distribution layer in one of my buildings.The choices at the moment are:
OPTION 1.) 2x WS-3550-12G's (HSRP)
OPTION 2.) 1x WS-6509 with cards:
What option would be better from a performance aspect? We want to have network, voice, and wireless data go through this distribution layer switch(es).This is exisiting equipment I already have and can not buy anything else at the moment.
View 2 Replies
View Related
Jan 29, 2013
I need to tear down an existing port-channel on a 3750X running c3750e-universalk9-mz.150-1.SE3.bin. This port channel is currently down down. It has three ports in it that will be added one each to three existing port-channels, I am assuming as long as the "channel-group" command is exactly the same as it is on the three existing port-channels I should be ok just adding the new port. One point to note is that the three existing port-channels all have three ports so this will be adding the fourth port to each port-channel. I know after reading that it is a best practice for load balancing to use either 2, 4, or 8 ports for a port-channel. Also what is the command to see all ports that are in a port channel?
View 1 Replies
View Related
Nov 17, 2011
I need to configure an existing 2600 router to use dynamic NAT for access to the web and ALSO I have (5) fixed IP addresses for use with an email server, a web server, and (3) future servers. I do not know the concept of how to set this up. I'm currently using dynamic NAT for the web and this seems OK but I dont know how to map my fixed servers. I assume this is done with static NAT. Do I need to add sub interfaces on the S0/0 T1 interface for each of these fixed IPs? Then do I somehow do static NAT on these fixed IPs to their respective servers?
View 14 Replies
View Related
Apr 3, 2013
current topology is build from 4 6500 switches connected in a ring topology. Using Port channel (2x 10Gbit) links to connect left side top and bottom 6500's (DC1), 10 G bit link to connect right side 6500's (DC2) In between a 1 G bit link is used to connect top 6500's (DC1-DC2) and the same for bottom 6500's (DC1-DC2).
Path costs are 5 and 6 so the T5/4 from bottom right is blocking. Bandwidth demands are increasing, so thinking about adding extra 1 G bit links to the existing ones and create ether channels. Path costs here are 4 and 5, so T5/4 from bottom right is still blocking, but when the bottom 2 G bit port-channel is loosing one 1 G bit link the path costs of both directions become equal. So I am worried that STP will not re converge and leave me with a congested 1 G bit link. I cannot test this setup in a lab, are there any options for STP to re-converge here?
View 1 Replies
View Related
Jan 13, 2012
I have a number of existing 4506 chassis type switches (the older non -E version) that I would like to roll out IP phones to. Instead of replacing the entire chassis, I would like to just replace the line cards in the switches with WS-X4548-GB-RJ45V. What or how much power supplies should I have in each switch to be able to power the 5 poe line cards (each port per line card will power an ip phone)?
View 6 Replies
View Related
Feb 12, 2013
Q. Does the Supervisor 720 support all existing Cisco Catalyst 6500 series interface and services module, protecting customer investments?
View 1 Replies
View Related
May 3, 2011
i have one asa 5505 that have classic remote access vpn set-up and now i need to add site-to-site tunnel on top of the existing configuration. Is that possible with asa 5505 and do i need some special IOS bundle for that? May i use vpn wizard for that or do i need to go through cli since remote access vpn is setup using wizard.
View 2 Replies
View Related
