I'm trying to set up a new ASA 5510. I have a pretty simple set up with one /24 on the inside NATed to a DHCP address on the outside. Everything on the inside works and I can ping the outside interface from external devices. No matter what I do I can't get anything internal to route across the border to the outside and back. To try and eliminate ACL issues as a possibility I added permit any any rules to the incoming access lists on the inside and outside interfaces. Here's the sh run.
On a recommendation from a network engineer, I got a used Cisco 891. Having worked with small business routers most of my working life, I thought this should not be a problem. However, I had no clue these things used a console and command line to initialize. I have the console cable, am able to console into the device, but am haphazardly issuing command lines straight out of the PDF manual but cannot get Cisco CP to discover the device.
From what I can tell, I am stuck at the point where the manual tells me to enable http server. I ran the command lines several times, executed write mem where available, but when I run the show services command, http is not enabled.
And if you do refere to command lines, I was reading some other forums and they were speaking of "run this command, run that command" but I could not make out the correct syntax, in what mode, whether it be config or config t, etc. So I might need a wee bit of handholding.
I'm hoping that once I can get Cisco CP or CPE to discover the device, I can make my way through the GUI to configure since those usually do make sense to me. As of now, I'm in the thick of it ...
I am interested in learning and setting up VPN IPSec with Cisco ASA 5505. I've managed to successfully setup VPN andcan connect to it from outside and browse securely to the outside/internet via tunnel. However, once I am connected to VPN, I cannot access any of my internal hosts/servers via VPN client. I am wondering it its a missing ACL/NAT...ASA Version 8.2(5)
I am slowly working my way though the setup and configuration of our new 4900m switch. The switch will have a pretty basic operational configuration. We are simply going to network 3 servers together through the swtich. Anyhow, I have been fallowing the guide at this site: [URL]
Basically the switch is brand new and I just setup things such as the clock, the banner, and the hostname. Anyhow, at various points in the guide such as the configuration of the telnet password and especially the interface gigabitethernet I get the "invalid input detected at '^' marker". I also did a show interfaces and noticed there was not any gigabitethernet interfaces but there was a
"FastEthernet1 is down, line protocol is down Hardware is Fast Ethernet for out of band management, address i"
Anyhow, my thinking is continuing on with the guide and at least try to setup the interface for the management port so I can then use the cisco network assistant gui to then configure the rest of the switch.
I'm new to using Cisco Config Professional Express but a lot of things are just "off" with this utility. But my problem for this post is specifically the 891W's internal access point, or initial access to it.
My situation is that I have some 891W's. It's my first time working with them, as well as with CCP Express (2.5). After isolating the router and my PC to their own network, using the IP my PC got via DHCP frmo the router I opened a web broswer and connected to the router. The initiial configuration wizard came up and I went through the various screens. One of those screens had basic config info for the internal wireless AP which I provided. Somewhere in that screen it asked for a Hostname for the AP, and a password. It doesn't askfor a username though. To ensure I wouldn't run into confision, I made sure to set every password I ever get asked to configure as the same thing so the AP's password was also the same.
However after I finish with the wizard, the java-based CCP Express begins prompting me for first the main router credentials which I provide and it gets the router config, then it prompts mefor the username/password for the Access Point. First of all, the initial config wizard had never asked me for the username for the access point, only the hostname, and the password. I had assumed it was just going to use the main router username, or perhaps a blank username.
In any case, nothing I type ever works. I've used cisco/cisco, or a blank username with my new password, or the same username as the main router with the password ---- nothing. This is now the 4th time I have completely Reset the router to factory defaults and while I am learning the use of CCP Express through repetition, I'd also like to get this thing configured and out the door so my customer can use it.
I have manual Cisco 1812 (1811) Integrated Srvice Router Cabling and Installation in front of meI have Cisco 1811 connected to my laptop according to this manualI have Cisco SDM latest version installed on my laptopI have DHCP enabled on my laptopThe problem that my laptop can't get valid IP adreess from the router (see att. laptop_, laptop_2)
Which IP address I have to use in order to get access to router inrerface (see. SDM_1)?
I have a WS-CE520-8PC Switch. I have tried a full 30/30/30 reset, factory reset, and I am still unable to access the express setup page. Running Win7 x64 on the host os (have tried windows 2000 and xp)It also wont allow me to access direct managment mode when pressing the admin button for 10 sec.
I have a fresh SR520 that I only did two things to it using CCA 3.2(1):
1. Assign the address of FA4 to be 1.23.456.90 with a mask of 255.255.255.252 2. Declared a static nat of 1.23.456.90 port 80 to 192.168.75.12 port 80
I connected laptops to two ports:
1. FA0 (DHCP assigned laptop the address 192.168.75.12) 2. FA4 with the address on the laptop set to 1.23.456.90 and mask of 255.255.255.252
This is an exercise to simulate a cable internet configuration I will install the SR520 into.I can ping and point my browser to 1.23.456.89 and access the web server running there on port 80 via the inside laptop.I CANNOT point my browser to 1.23.456.90 from the outside laptop and make a connection.
What I am doing wrong with NAT? (I believe the problem lies therein as I did even try telling CCA to delete the firewall and I still could not connect to the inside web server).I have a network monitor (Wireshark) on the inside and see nothing coming across. I THINK I see successful NAT translations in the NAT logging (also in the attachment).
Trying to get this linksys router working on my network. It is a wrt54gs. The machine that i'm configuring it with is running a 64-bit version of windows 7. I run the disc and it seems as if no matter what i try it will not connect to the internet. Can plug modem directly to pc and connect no problem. Can connect to router no problem. But cannot connect to the internet through the router.I made sure that ip addresses are assigned dynamically through dhcp and cloned the mac address of the pc i'm using to do the initial setup.
We received an ASA5520-K8 through Cisco's Loan program so we could demo it as a replacement for our aging Cisco 3005 VPN appliances. Given that we are a non Cisco shop (except for specific appliances like concentrators and wireless access points), I don't have a great deal of experience with Cisco gear.I started to set to setup the appliance this morning but immediately ran into issues. The 5520 doesnt seem to be acting as a DHCP server, and worse yet, I can't access the unit even if I hard code the IP on the PC being used for configuration. I have to say that I feel kinda stupid having to post this, since I actually followed the documentation avaiable for this menial task and I fully expect the problem to be a simple one. Namely, I am using two specific sources of info for connections.
I am position to migrate from CatOS 6509 switch to native IOS 6509 switch. long time ago, there was some site to convert automatically based on copy and paste onto the tool, but i can not find.
Does anybody know how to convert CatOS configuration to Native IOS configuration ? It is not IOS change, but it is configuration convert.
I have an ASA 5510, with Ethernet0 connected to Internet via a T1 line, Ethernet1 connected to LAN1, and Ethernet2 connected to LAN2. LAN1 & LAN2 are independant, but share the Internet connection, via the T1 line. On LAN2, I have another router that connects to the Internet, via a Comcast line. I wish to route some of the traffic on LAN2 (10.38.77.0) to the other Router, on LAN2 (10.38.77.12) (connected to the Comcast line). I have entered the following lines:
I have mobile users using air cards that connect to the network with a VPN product called Net Motion. Our firewall is a ASA 5510. Once connected to the Net Motion VPN server the user will get a DHCP address from our network. In the past we could not get the VPN tunnel to complete since our layer 3 switch (3750G IP services) has 3 egress points and the egress point that we needed the VPN traffic to go out of is not the default gateway. To solve this we had the air card carrier set switch our air cards to static IP addresses and using route statements for the public IP addresses and access lists we got it to work.
The problem with this is that every new air card we provision needs a static IP address. My question is would policy based routing work in this scenario? The problem has been that the VPN tunnel was not able to complete the negotitaion phase as the traffic came into the switch and was trying to go out the default gateway. The VPN client wont get an internal IP address until the VPN tunnel is created.
I would like to get away from using static IP addresses.
In 3750 switch,I have configured intervlan routing.I have three vlans Vlan 10,vlan 20,Vlan 30 and I have assigned IP address for that Vlan.In vlan 10,I have connected one systen gigabitethernet 0/1 interface.From my system I am able to ping vlan 10 ip address but I can't able to ping other vlan ip address (vlan 20,vlan 30).Is it possible to up the protocol for all that time.
I've one Cisco 3750G-12S with ip routing enable, the swtich is with IP Service firmware, with PRR support.Currently set my default static route 0.0.0.0 0.0.0.0 10.1.18.71 to my Firewall A Currently all of the VLAN for will be routed to 10.1.18.71
I've created a new VLAN 2 for my 10.1.2.0/24 network with the VLAN interface 2 ip address 10.1.2.10, my intention is to route 10.1.2.0/24 traffic to my 10.1.2.1 by creating the access list and route-map.
I've configure my test pc with a static ip and my gateway pointing to 10.1.2.10 (VLAN 2 gateway) , i'm not able to route to 10.1.2.1.
I have an environment where i have two nexus 7010 switches, along with 2 nexus 5510's. I need to run OSPF as a layer 3 routing protocol between the vpc peer links. I have 1 link being used as a keep alive link, and 3 other links being used as a VpC link.
1) Is it best to configure a separate Vpc VLAN i.e 1010
2) Is it best to configure a vrf context keep-alive
3) just have the management address as the peer ip's.
I was recently given a PIX 501 router. I am very new to the world of Cisco, but want to learn. I got a few things setup on the router but, am not sure how to get it to use my DSL connection. My DSL modem IP is 192.168.2.1. Below is my router config. What more do I need to do? Also, is the outside IP not the IP of the DSL modem?
how to backup the configuration of ACS 5.3 then restore it on the secondary ACS 5.3 Appliance in order to save time without configure the 2nd Appliance?
i have linksys modem which already running for differents vlans i cerated another different vlans 10 amd 20 for 10 and 20 i need internet how should i configure internet on another core switch3750
I have been using a Cisco 877 to connect to BT broadband and it was working fantastically with no issues. For reasons outwith my control we have moved to 02 and I cannot get the cisco router to connect (the supplied router works fine). O2 support is limited as they say they will not assist in the config of third party routers but they have supplied the below (the line has a static IP). I have also included my current config which was working fine with BT. I have attempted to write in the updated info but have been unable to get the line to connect. [code]
i have a router 2921 with the aproprieted voice card for E1 and licenses. I would like to know how to configure it for incoming and outgoing calls. I already configured the ephone and SIP phones for internal calls. now i just need to configure it for send and receive external calls.
Router: IOS: c2900-universalk9-mz.SPA.153-1.T CME: 9.1 ISP from Brazil: type: E1 signal: R2 Digital Channels: 32 Phone Number Iniital: XXXX-9250 (main) ephones-dn numbers: 9250 to 9280
I have a network behind an 861 and users are unable to access e-mail from the local exchange server from their iPads using the 802.11wireless network. The wilrelss network is working fine and the iPad users connect fine.I was told that that i need to configure "hairpin DNS".
Any configuration example to build a vpc b/w 5ks and 7ks? i have total 4 links between them . If not, I am assuming to have the following config for the port-channels:- (Provided the vpc domain is configured).
N5k1 and 2: int eth1/10-11 channel-group 10 mode active switchport mode trunk int po10 switchport mode trunk switchport trunk allowed vlan a-d
[code]....
So, its basically vpc 10 that has 4 physical links b/w the vpc domain of 7ks and vpc domain of 5ks.
I'm currently trying to get up to speed on a 1941W ISR. I belive i have most of the configuration correct based on reading the documents on this site. However, i'm noticing that my lan to lan network performance is very slow. Peaking out about 3mbs. I was reading some documentation that suggested MGF (MultiGigabit Fabric) might resolve this problem.
I have a basic setup in my test environment trying to emulate a branch deployment. 1941W connected to a access switch (3400).
- I'm getting slow perfomance (thoughput) between the vlans 66,30,10. Will MGF fix this problem? How do i configure it?
Building configuration...
Current configuration : 7474 bytes ! ! Last configuration change at 09:26:04 PCTime Fri Dec 28 2012 by xxx ! NVRAM config last updated at 09:26:05 PCTime Fri Dec 28 2012 by xxx
We recently switched a faulty N5548UP with a replacement and everything went fine, with the exception of one minor thing.
We're currently unable to authenticate using tacacs+.
When trying to enter the command 'aaa authentication login default group [groupname]', the following msg appears: too big pss key or value size could not update aaa configuration
I currently work in the IT field part-time as a end-user support technician while I am finishing my Bachelor's Degree in Network Administration. I'm not completely new to networking at this point, but I am by no means a master of it either. The basics of small networks (less than 10 PCs) and the lower-end of small business grade Cisco equipment are not unfamiliar to me. Up until this point however, I have had very little experience with any higher-end Cisco networking equipment.
Now on to the questions, which may seem like the answers should be obvious, but let's face it, I do not have the resources to own much equipment myself at this time for experimentation purposes, nor does the school I am attending have a lot of financial resources to provide us with recent hardware to learn on. What I want to know are a few things about PoE as implemented on Cisco devices, specifically the SG200-50P small business series switch. According to the technical documentation, the switch supports PoE on 24 of its 48 ports, specifically 1 - 12 and 24 - 36; simple enough. The switch is currently installed in an office that has less than 24 connected devices, but that is currently expanding. None of the PoE ports are utilized as of yet, but going forward, there will be more than 24 connected devices. Will another switch need to be installed if the additional connected devices (PCs and printers) are not using PoE, or is the PoE an auto-sensing feature that will simply remain disabled if a device that does not require power over the network cable is connected? Is there some setting that needs to be changed through the management interface to keep devices that should not be drawing power from doing so?
There will likely be some additional questions generated by my inquiry, and I fully understand if these are completely novice questions, but I admittedly do not know the answer. When I Googled it, I was greeted by a few hundred thousand results, the first dozen or so pages of results all being for places to purchase this particular type of switch, so I thought I would try my luck on the forums of the place that made it.
I am trying to configure a 891 W to basically provide DNS from my ISP to my internal clients on the 891 W. Currently when I am on a PC I can see that I receive my IP information along with the correct ISP DNS IPs. However when I try to connect or resolve a URL it fails. Nor can I perform an ns lookup from the cli of the 891 W. I seem to be having a translation issue with DNS.
i have a problem with ASA 5510 version 8.2(1),i have a mac os x 10.6.8 dns server when the asa is online and i want to use the internet my internet is very slaw it neede about 1.5 min to open yahoo.com and the asa log viewer shows too many drops, i have only the rule allow any tcp/udp domain.
