Cisco VPN :: 1921 Router Q - How Many IPsec Tunnels Will It Support

Nov 8, 2011

I need to know how many IPsec VPN tunnels one Cisco1921 can support reliably. Haven't had any luck sifting through documentation on the web.

View 2 Replies


Cisco Switching/Routing :: IP SLA Support On 1921/K9 Or 1921-SEC/K9?

Oct 5, 2012

We want to puchase new Cisco ISR 1921/K9 .   i want to know does it support the following sample IP-SLA commands
ip sla 2icmp-echo 500frequency 1ip sla schedule 2 life forever start-time now
track 10 rtr 1 reachability
delay down 1 up 1
track 20 rtr 2 reachability
delay down 1 up 1 
ip route track 10ip route track 20
Im asking above question because we will need to enable ip-sla  on  the mentioned router.   as i read on the cisco webside, it says Cisco-ISR-1921/K9-IP Base  support only  IP-SLA RESPONDER  feature nothing else. If  Cisco-921/K9  does not support the above commands , should i go for ordering Cisco-1921-SEC/K9 ? 

View 4 Replies View Related

Cisco WAN :: 1921 - Route Between VPN Tunnels

Jul 7, 2011

I have a Cisco 1921 and it has 2 VPN IP-sec site-to-site tunnels up and running. Lets say the tunnels goes from the Cisco to Site A and Site B.

Now i want Site A to reach Site B through the existing tunnels. I'm guessing that static routes maybe the answer but i cant seem to get it working.

The LAN networks is as follows:
Cisco: A: B:
At Site A i have set up a static route as follows:
Traffic destined for Go to gateway (the default gateway of Cisco LAN)

At Site B i have set up a static route as follows:
Traffic destined for Go to gateway (the default gateway of Cisco LAN)

View 9 Replies View Related

Cisco WAN :: How Many GRE Tunnels Can 7200 Router Support

Mar 1, 2011

how many GRE tunnels (without IPSEC) can 7206 router supported. I have low bandwidth 2000 links & i want to configure GRE tunnels for them.

View 1 Replies View Related

Cisco VPN :: Create Multiple IPsec Tunnels On 837 ADSL Router?

Nov 4, 2011

I need to create multiple ip-sec vpn tunnels on A Cisco 837 ADSL Router. I am able to create one tunnel but the second connection is asking for the outside interface which is atm and already taken by the first tunnel. How can i create more tunnels?
Secondly, after creating the first tunnel i am able to access the remote lan network but when i tried tracert "remote lan ip of a pc" from my pc i got "request timed out" after passing my 837 but succeeded to reach the target. Does tracert needs something to be opened in the router?

View 2 Replies View Related

Cisco VPN :: Configure IPSec Tunnels On 941SEC/K9?

May 26, 2013

My company paid a Cisco 1941 SEC/K9. There is no VPN SSL Licence. I would like to know if I can configure IPSec tunnels basically on my router?
In this case, how many IPSec Tunnels I can configure?
how configuring IPSec Tunnels on my router?

View 3 Replies View Related

Cisco VPN :: IPSec Tunnels Between ASA 5510 And 5555

Nov 13, 2012

I have an ASA 5510 running ver 8.0(2) that has (4) Ipsec tunnels going from it to various other locations.  I am having an issue with data transfer speed on only one of the Tunnels.  This tunnel is between the 5510 and the 5555, on that link I am getting a dat transfer rate of a little over 120k a second, whereas if I pull the same set of files from another location I am seeing a transfer rate of 5m per second. 
I have verified that it is not a capacity issue on the Internet bandwidth on both locations, and I can pull the same data from the same location to various other locations via Ipsec tunnels, I am only having an issue with a specific tunnel going from the 5510 to the 5555. 
Since it is not affecting other tunnels on the 5510 nor is it affecting tunnels on the 5555 going to other locations, I am leaning toward a routing issue within the ISP?  I will say the ISP is taking me a long way around to stay in the same Metropolitan area.

View 1 Replies View Related

Cisco :: IPSec GRE Tunnels And Traditional Site VPNs

Mar 21, 2011

I've been reading this site for a while, and finally decided to post I'm really interested to see what everyones opinion on this is.My company currently uses what i would call traditional site to site VPN's using crypto maps, main site has a pair of ASA's in HA and remote sites use ISR's like 1801's.I've recently been playing in my lab with GRE tunnels using IPSec protection (note this is config from my labs, so ip's and key's are just randomly selected)

View 17 Replies View Related

Cisco WAN :: How Many Ipsec Tunnels Are Supported In 3900 Routers

Jul 30, 2011

How many ipsec tunnels are supported in Cisco 3900 routers(with & without the hardware processors)?How much is the throughput of the 3900 routers?

View 1 Replies View Related

Cisco WAN :: Config ASA5510 For Multiple IPsec Tunnels

May 13, 2013

How to configure CISCO ASA 5510 for multiple IPsec tunnels?On other side is CISCO 2801.

View 20 Replies View Related

Cisco VPN :: ASA 5550 And 5510 / SNMP For IPsec Tunnels?

Jan 23, 2011

I tried to monitor via SNMP my ASA 5550&5510 my Active IPSEC tunnels , I want to receive Bandwidth for each tunnel interface.I’m running Version 8.2(1)?  which OID to use?

View 3 Replies View Related

Cisco Routers :: How Many IPSec Tunnels WRVS4400N Can Passthrough

Jan 31, 2012

I'm trying to find a reference for how many IPSEC tunnels the WRVS4400N can passthrough. 

View 0 Replies View Related

Cisco VPN :: ASA5510 - Slow Traffic On IPSec Tunnels

May 2, 2013

We have many VPN tunnels back to our corporate office.  All of these tunnels are very slow (same with our client VPN's).  Our main firewall device at the corporate office is an ASA5510.  We have a 100 Mb/sec Metro Ethernet internet connection here.  We do not allow split-tunneling.

Our remote sites vary.  We have DSL connections, cable internet connections, and other types of broadband that vary in speeds from 5 to 100 Mb/sec (up and down).  The remote sites mostly have PIX 501's, but we have an ASA 5505 in one of the locations.

To take an example.  On one of our remote sites that has a 100 Mb/sec connection, if I ping device to device, I'm getting ping times of about 50ms.  And I'm pinging back through another 100 Mb/sec connection.  If I get on a computer down there and run a speed test, I'm showing down speeds of about 1.5 Mb/sec... nowhere near 100.  Some of that could be due to the lack of split tunneling, but I also suspect this could be an MTU issue. 

Right now, all my MTU's are just set to the default 1500.  Perhaps this is too high.  I used this site to check my max: [URL]
I did a few tests from behind several of my firewalls.  I pinged from a machine on one side of the tunnel to the firewall on the other end.  I'm assuming the max MTU I come up with is the max MTU for the firewall I'm behind while pinging, right?  The max amounts I came up with for some of my devices were as follows: Corporate ASA 5510 > 1272 (if you add the 28 byte packet header that would make it 1300) Remote PIX 501 > 1416 (if you add the 28 byte packet header that would make it 1444) Remote ASA 5505 > 1418 (if you add the 28 byte packet header that would make it 1446)

So, do I just need to set my MTU values to the appropriate amounts?  I have tried changing the value, but I don't see any change in speed/performance.  But I also don't know if I need to reboot the firewalls after changing the MTU.  I know with Catalyst switches, you have to reload.  But I didn't see any messages about needing to reboot on the ASA's/PIX's.

View 10 Replies View Related

Cisco Routers :: Can RV042G IPSec VPN Support Apple IOS IPSec VPN

Apr 29, 2013

I tried any type of combination and just couldn't make it works.  Only PPTP works well. Whether Apple iOS IPSec VPN is supported or not?

View 11 Replies View Related

Cisco Firewall :: How Many IPSec Tunnels An ASA 5500 Series Supports

Aug 4, 2012

I tried looking in ASA documentations but unable to find out that how many IPSec Tunnels can be terminated to an ASA cluster. I have 5545 running only two IPSec Tunnels so far but need to terminate 18 sites all up and would like to confirm how many tunnels we could terminate? Is there a limitaion to it?

View 2 Replies View Related

Cisco VPN :: ASA 5505 - Configure Allowed Bandwidth On IPSec Tunnels?

Oct 25, 2011

ASA 5505 8.2.1
ASA 5520 8.4 
We currently have a tunnel configured between 2 ASAs
1-  Is it possible to assign 1.5 Mbits of Bandwidth(BW) to this tunnel?. Then if Tunnel number 2 is configured I could assign 2 Mbits to that one for example?
I am not referring to prioritizing certain type of traffic over the IPsec tunnel, I am referring to Tunnel 1 has 1.5 Mbits of BW guaranteed for all traffic that goes thru it. Same for tunnel 2
2- How to monitor the amount of BW in an IPsec tunnel?

View 1 Replies View Related

Cisco VPN :: 2801 - Unable To Route Traffic Over IPsec / GRE Tunnels

Jan 12, 2013

I have an issue where I can get traffic to pass from HDQ to two branch offices over our ipsec/gre tunnels even though the tunnels appear to be UP. The HDQ is a 2811, branch is a home office using an 871W and branch runs a 2801 router. I initially had HDQ working fine with the 871W but when I configured branch2 (2801), they both broke. The tunnels appear to be up but traffic is not routing across them. The two 2801 routers run 12.4 (c2800nm-adventerprisek9-mz.124-24.T2.bin). These are gre over ipsec tunnels. Currently traffic flows over an exsting MPLS network that we are getting away from due to cost. As soon as I change the routes to point to the Tunnels, it breaks. Traffic doesn't appear to pass through the tunnel. I have attached my sanitized configs.

HDQ#sh crypto sessCrypto session current status
Interface: FastEthernet0/1Session status: UP-ACTIVEPeer: port 500  IKE SA: local remote Active  IPSEC FLOW: permit 47        Active SAs: 4, origin: crypto map  IPSEC FLOW:


View 3 Replies View Related

Cisco Switching/Routing :: 881 - IPsec VPN Tunnels / Ping From Workstations

Sep 25, 2012

We have a number of sites running Cisco 881 routers. A few of the sites are connected by IPSec VPN tunnels that have been configured using Cisco CCP without any issues until now.  On one location I can ping from a workstations on  Site1 to Site2, however I cannot ping from the same workstation on Site2 back to Site1.
Here is a strange behavior.  If I have a continuous ping going from Site1 - Site2 and then start a continuous ping from Site2 - Site1 then I get a response  until I stop the ping from Site1 - Site2.  Site 1 has approximately 5 successful tunnels with absolutely no issues. 
Here is some site specific Info:

Cisco 881 running Version 15.0(1)M7
crypto isakmp policy 1encr 3desauthentication pre-sharegroup 2crypto isakmp key ThePreShareKey address XXX.YYY.ZZZ.232 crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel toXXX.YYY.ZZZ.232set peer XXX.YYY.ZZZ.232set transform-set [code]......
Site 2
Cisco 881 running Version 15.2(3)T1  
crypto isakmp policy 2encr 3desgroup 2crypto isakmp key ThePreShareKey address TTT.UUU.VVV.224
For additional troubleshooting I established a VPN tunnel from Site2 to our office Site3 with no issues at all. Site3 happens to be one of the VPN tunnels that connects to Site1 with no issues. I have seen a number of articles on this on the net and gone through the troubleshooting steps of an article such as [URL]. The tunnel is confirmed as up when I have done all my troubleshooting.

View 20 Replies View Related

Cisco Wireless :: Do 1042 Autonomous APs Support GRE Tunnels

Jan 24, 2013

Do the 1042 Autonomous APs support GRE tunnels?

View 4 Replies View Related

Cisco WAN :: Does Router 887va K9 Support EIGRP And IPsec

May 12, 2013

does a router Cisco 887 va k9 support EIGRP and IPsec ?

View 2 Replies View Related

Cisco VPN :: 1921 - No Local Network / Internet While On IPSec VPN

Dec 28, 2011

I am testing a EasyVPN IPsec server set up on a cisco 891. Here is how I have it set up right now- the 891 is connected to our backup internet connection (different ISP from our main line) and we have a cisco 1921 as our production router.
I am experiencing a problem where when I am on our internal network off the 1921 and I connect to the VPN on the 891 I lose all local network connectivity. Nothing works, can't ping, can't telnet to the 1921, can't browse the internet, its not just DNS either.
I believe the issue lies in the configuration of the IPSec server on the 891 because when I connect to our client's cisco IPSec VPN I experience full local connectivity with no issues whatsoever. It seems to me that ALL traffic is being routed through the tunnel.
Other than the local issues the VPN is working fine and I can remote desktop to the PC I have set up off the 891 and telnet to the 891 from there.
Current configuration : 8967 bytes
! Last configuration change at 20:45:17 UTC Thu Dec 29 2011 by admin
! NVRAM config last updated at 19:52:26 UTC Thu Dec 29 2011 by admin
version 15.0
service timestamps debug datetime msec


View 4 Replies View Related

Cisco VPN :: 1921 - IOS L2TP IPSec With Windows VPN Client

Apr 7, 2013

I'm having problem establish l2tp/ipsec vpn connection from Windows vista/7 vpn client to cisco 1921 ( ios 15.2 )
C1 --------> (internet cloud) ---------> (cisco 1921)----->LAN
Error that I'm retrieving is always the same: Error 789: "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer"
But I'm able to establish l2tp/ipsec vpn connection to the same vpn server with my iPhone 4.
Below is isakmp debug log from lns router(cisco 1921) when I've tried to establish vpn with windows client. Anything useful from these logs to point me on the right direction to finally solve this problem with windows clients.
#debug crypto isakmp
*Apr  8 10:56:47.018: ISAKMP (0): received packet from dport 500 sport 987 Global (N) NEW SA
*Apr  8 10:56:47.018: ISAKMP: Created a peer struct for, peer port 987
*Apr  8 10:56:47.018: ISAKMP: New peer created peer = 0x3296C24C peer_handle = 0x80000068

View 4 Replies View Related

Cisco WAN :: 1921 And VWIC3-2MFT-t1 Support?

Mar 7, 2013

I was just given a task to setup some T1 connections. We rarely use T1 interfaces anymore as they are typically just not enough anymore. I see the newer vwic3 interfaces are supported on various 2900 series but downloaded the vwic3 configuration guide and noticed that the 1900 series routers were not in the list? Is this correct. So are vwic3-2mft-t1 ehwic cards supported or not on 1921 routers? i can see the controller interfaces but not the ports as there must be additional configuration required. Im running 15.1(4)M4 IOS version that looks to be supporting the cards.

View 2 Replies View Related

Cisco WAN :: Layer 2 Tunneling Protocol (L2TP) Over IPsec On ISR 1921

Aug 22, 2012

Is it possible to configure Layer 2 Tunneling Protocol (L2TP) over IPsec on a cisco router like 1921 ISR? This link shows basically what i want to achieve but instead of an ASA, i would like to use just a router with sec..

View 3 Replies View Related

Cisco WAN :: Routing Table Entries Support On 1921 / K9?

Nov 27, 2012

Is there a Table which the list the route table entries on Cisco ISR Router especially ISR 1921 Router.

View 3 Replies View Related

Cisco Firewall :: 1921-SEC / Terminate Each IPSec Connection In Separated Zone

Apr 26, 2011

We are using a CISCO1921-SEC Router. On the "WAN" side we have 1 public IP Adress assigned by DHCP. At the moment we are using the WAN Interface with a crypto-map as endpoint of some IPSec connections. We set up a zone-based-firewall with "WAN" and "LAN" zone. In this setup all IPSec Endpoints are on one Interface - connections to the "LAN" zone can be managed by rulesets. What about connections between IPSec connections and the zone "self".We like to terminate each IPSec connection in a separated zone. How can this be configured ?Each one on a "tunnel inetface" with "tunnel source ..." binding ?

View 4 Replies View Related

Cisco WAN :: 1921 Provide IPSEC Tunnel Back To Central Office

May 5, 2011

Equipment Cisco1921, HWIC-1ADSL, 2 x GB Ethernet interfaces (Only one used for local LAN) Software IOS Version 15.1(1)T2..I have been asked to configure this router to provide an IPSEC tunnel back to our central office.We have been provided with an ADSL business class 7MB service from Telecom Italia, they have presented the circuit to our office with no terminating equipment (wires only). Telecom Italia have provided us with some IP addressing information as follows (I will not disclose the entire IP address) [code]

I can see that the packet count is increasing both inbound and outbound on the ATM interface. I have read many documents and tried many different way to try and get this resolved, I even logged a call with Cisco but no dice.

View 5 Replies View Related

Cisco VPN :: Multiple Site To Site IPSec Tunnels To One ASA5510

Dec 4, 2012

Question on ASA VPN tunnels. I have one ASA 5510 in our corporate office, I have two subnets in our corporate office that are configured in the ASA in a Object group. I have a site to site IPSEC tunnel already up and that has been working. I am trying to set up another site to site IPSEC tunnel to a different location that will need to be setup to access the same two subnets. I'm not sure if this can be setup or not, I think I had a problem with setting up two tunnels that were trying to connect to the same subnet but that was between the same two ASA's. Anyways the new tunnel to a new site is not coming up and I want to make sure it is not the subnet issue. The current working tunnel is between two ASA 5510's, the new tunnel we are trying to build is between the ASA and a Sonicwall firewall.

View 3 Replies View Related

Cisco VPN :: IPv6 Support On ASA 8.4 IPSEC

May 7, 2011

I need to implement IPv6 for ASA VPN. According to the ASA_8.4_cli_cfg.pdf , IPv6 is not supported on ASA IPSEC vpn and remote client vpn. I do not have a ASA 8.4, any way to verify on ASA8.4 whether the crypto command support ipv6 address ? If  the crypto command do support ipv6 address then probably there is chance it will work.what i mean is eg. crypto map xxx set peer <ipv6 address| ipv4 addres> able to set ipv6 address.

View 4 Replies View Related

Cisco VPN :: Does AnyConnect 3.0 Support IPSec Remote-access VPN

Jul 12, 2011

I've read on Cisco AnyConnect 3.0 Q&A that it supports IPSec remote-access VPN: url...I've downloaded and installed AnyConnect 3.0.0629 Secure Mobility Client, but I'm not able to get IPSec VPN working. There's also no option to use PCF files from the previous Cisco IPSec VPN client. How to get IPSec VPN working on AnyConnect 3.0?

View 2 Replies View Related

Cisco Wireless :: WLC 5508 Support IPSec To Radius Server?

Jan 23, 2013

I am trying to follow the Fips guide for the WLC5508 and it wants to encrypt the connection to the Radius, either with PSK key wrap or IPsec. I have the options for Ipsec only as the Windoes NPS does not support Key wrap from what a previous user confirmed for me here on the board.. But then found another post that states that the 5508 does not support IPsec?

View 5 Replies View Related

Cisco VPN :: ASR901 Support IPsec - Cannot Encrypt ICMP Packet Back

Apr 25, 2013

I'm trying to setup a GDOI based IPsec connection between a cisco AS901 (advanced Metro lic - asr901-universalk9-mz.152-2.SNI ) and a 7606-S.What I see is that the ASR901 is capable of decrypting the IPsec packet but I cannot encrypt the ICMP packet back, so the question is if the AS901 can support IPsec in software. What I could not find in the docs on CCO. [code]

View 1 Replies View Related

Cisco WAN :: GRE Tunnels On 2921 Router

Feb 20, 2013

Is there a recommended number of GRE tunnels that Cisco 2921 ISR router with default configuration (512MB DDR2 ECC DRAM) can support?         

View 5 Replies View Related

Copyrights 2005-15, All rights reserved