Cisco VPN :: 1941 Disappearing IPsec Routes With RRI
Aug 26, 2012
I am trying to set up a pair of 1941 routers in a HA configuration to act as L2L VPN gateways. The active router of the pair should distribute routes to the remote destinations using OSPF to internal routers. The VPN part is working fine and the routers are correctly advertising routes to internal hosts, however my problem is that when an IPsec sessions disconnect, the routes disappear and therefore internal hosts cannot reestablish a connection. If the remote end establishes a connection, the routes appear again and connectivity is restored.
My setup is as follows: (ASA) --> (pvpn01 & pvpn02 HA pair) --> (internet) --> (remote peer)
The other router in the pair has exactly the same config except with different interface IPs. The remote end is configured to talk to the HA address
91.216.255.248.The VPN routers are both running IOS version 15.0(1r)M9.
When I initially boot the routers, the route for 192.168.66.0/24 appears in 'show crypto route', and is advertised to neighboring routers. If I ping an address on that network an SA is established and stays active as long as there is traffic flowing. pvpn02#show crypto route
If I then stop traffic flowing over the tunnel and wait until the IPsec SA lifetime is expired, the route is deleted from the system routing table and therefore not distributed by OSPF. The result is that internal hosts cannot reestablish the tunnel as the other routers have no route to the 192.168.66.0/24 network.
Is this a bug, or is there another way to get the RRI routes to persist on the active router?
View 2 Replies
ADVERTISEMENT
Jun 24, 2012
I have a 1941 router configured for Policy based routing with two ISPs.Two static default routes configured to point the gateways of respoective ISPs with same metric.But the problem is, packets are going throug the one ISP only while doing traceroute.
N/W connectivity:
ISP1-----> <----------------------> LAN1
| Router |
ISP-------> <----------------------> LAN 2
Below is my configuration :
Current configuration : 5958 bytes
!
! Last configuration change at 05:18:56 UTC Mon Jun 25 2012
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
[code]....
View 26 Replies
View Related
Jan 17, 2013
I need to unlock IPSec to my 1941 router but I'm not sure which license(s) to purchase.
View 1 Replies
View Related
May 17, 2011
I'm trying to configure a Cisco 1941 to connect to multiple Amazon VPC instances. Each VPC instance brings up 2 x IPsec over GRE tunnels with BGP in to the EC2 cloud and enables flat extension of the corporate LAN. Basically. you can spin up EC2 instances in a private subnet and route to them across the VPC link from the corporate LAN.
The Amazon configuration is templated and not designed to support multiple instances on one customer access gateway - however, I want to overcome this and find a technical solution around bringing up a second physical router. I've got VRF configured and working for the first instance, but when we add a second VRF to the configuration IPsec fails. The second VRF is essentially identical to the first.
We're potentially looking at a licensing issue with IOS 15.x, the version we're running is...
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
data None None None
[Code]....
However, the IPsec configuration is complete and all keychains etc. are in place as they should be.
View 13 Replies
View Related
Oct 10, 2012
I did purchase a router 1941 universal k9 but i can not do ipsec on it, i took a smart net for that router in order to have or download ipsec on it.
View 1 Replies
View Related
Jul 23, 2012
The setup is a S2S VPN with failover to 3G HWIC in a Cisco 1941 however the IPSEC tunnel needs to remain up through 3G if ADSL fails.The failover works ok, however when plugging ADSL back in, the - "sh crypto session" shows both dialer 0, and dialer 1 with the crypto map session to the other side of the VPN and either side is now not pingable.The NoIP DDNS updater client runs on a server in the network and all IP resolution to host1,host2 works ok (other side of VPN is Cisco 1921 with ADSL HWIC and 3G HWIC). [code]
View 5 Replies
View Related
Oct 10, 2012
I did have a router cisco 1941 but can not do ipsec with it,i did take a smart net.
View 3 Replies
View Related
Mar 7, 2013
I have an IPSec tunnel configured on my Cisco 1941. The other device is an ZyXEL router.I can see the tunnel is up but there is no traffic.This comes out the show crypto ipsec sa
interface: Dialer1
Crypto map tag: CMAP_AVW, local addr 10.10.10.89
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.200.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.150.0/255.255.255.0/0/0)
current_peer 20.20.20.161 port 500
[code]....
View 3 Replies
View Related
Apr 8, 2011
Is there a way in EIGRP to prefer external routes versus internal routes. EIGRP always picks up internal routes as long as they are available, no matter if external routes have better metric. Our Scenario is that we have DMVPN hub and spoke topology running EIGRP 101. The Core routers also on EIGRP 101 prefer EIGRP 101 routes. We have the new MPLS network running BGP and redistributing these BGP routes into EIGRP 101. The core routers prefer EIGRP 101 routes (internal) to redistributed BGP (external) routes.
View 9 Replies
View Related
Jul 12, 2012
I am trying to set up a site to site ipsec connection. AT site A, I have Vlan's 652-10.55.216.0/24, Vlan653 -10.55.217.0/24, Vlan 654-10.55.217.0/24 and Vlan655-10.55.219.0/24 and at site B, Vlan650-10.55.214.0/24 and Vlan651-10.55.215.0/24.The problem is that I am unable to get any associations when i do a "sh crypto isakmp sa"/"sh crypto ipsec sa" on either router at each site.I am also unable to ping by pluging in a laptop into the site at each site. Laptop at site A is set to access vlan 655 and laptop at site B is set to acess vlan 651. I can ping all the devices from one end to the other.I have turned on debug crypto isakmp, debug crypto ipsec, debug crypto ipsec errors but dont get anything at all as output.I have attached the sh run for each router Cisco (1941/K9) and switch (Catalyst 3750) at each site.
View 4 Replies
View Related
Sep 23, 2012
I'm in process of purchasing a new Cisco routers for our branches that will be used primary to enable IPSec virtual tunnel interfce with "tunnel mode ipsec ipv4". does the default IOS IP Base supports this feature? or i need to purchase DATA license or SECURITY license?
View 4 Replies
View Related
Mar 23, 2012
When I map a network drive it disappears every time I reboot my computer how I can keep it from disappearing? I am running Windows XP Professional
View 2 Replies
View Related
Oct 5, 2011
I have a Pix 501 vs. 6.3(3). I have made changes to some Access Rules that made other rules disappear. When I try to recreate them I get an error that includes "Possible duplicate entry" statement.
The rule appears to be active, so how can I resurrect it in my Access Rule list?
View 16 Replies
View Related
Jun 7, 2011
We have a modified hosts file on each of the computers here at work. This way we can have multi servers, in multi locations that can all be used by everyone for email & our finance program.However, there is one user who the hosts file keeps disappearing. Over the last 2 days it has disappeared 3 times (at least).The user has ran the symantec corp antivirus (at least a couple of times). All risks found have been quarentined and deleted, ran again and nothing found. Also ran Malwarebytes, which was clean. And ran ComboFix.At this point the hosts file has been fixed after running ComboFix.
View 14 Replies
View Related
Dec 3, 2012
I have had the virgin media superhub on 30mb broadband for about a month and over the last week I have been disconnecting from my network up to as much as 3 or 4 times a minute or sometimes once in five minutes and other times it just vanishes from the network list for about 30 seconds then re-appears, sometimes when I disconnect it re-connects almost instantly other times I have to wait about a minute or sometimes even longer even though I can permanently see my neighbours network and my laptop does not have this problem.. I payed �50 for a new wireless card to try and fix the problem and it was fine for a few weeks now it is the same. Restarting the router makes no difference and this is happening all constantly over the last week without fail, i have tried updating my wireless drivers and using different wireless cards.
View 6 Replies
View Related
May 9, 2012
It's been doing this for over 7 or 8 hours now. And no, there's no network connection, that's what the problem is here. This is a Windows XP desktop.Basically what it's doing is within a second, this icon disappears from the taskbar, then reappears, over and over again: When I hover over it, it gives me a message about not being connected. I can't get the exact message screencapped and I can hardly even read it, it disappears too quickly.Sometimes it gives me this instead, and the connection works, but only for as long as this icon is there:But it disappears too quickly for me to load any pages completely, so they always end up being incomplete pages. When I hover over this one, it says acquiring network address.When I click repair, it gets stuck on "renewing IP address" every time, without fail.
Previously the internet connection would drop occasionally, but restarting the computer has always brought it back. I have tried this countless times by now, I have tried clicking repair, I have tried resetting the router, I have tried manually removing the connection then reconnecting to it, I have tried command prompt and running through the ipconfig flushdns, release, and renew commands, I have tried logging on as a different user account, I have tried uninstalling my wireless adapter software then reinstalling it, I have tried using a different adapter [I get a different error with that one], I have ran a scan with Malwarebytes' Anti-Malware then retried all these things, but that didn't fix it either. If my brother wasn't asleep I'd be wiping the hard drive by now as a last resort. And I will be doing this first thing in the morning if it isn't fixed.
There is one other computer on the wireless network, and its connection never drops. Ever. It's a Windows 7 laptop. There are two other computers in the house, but they both connect using the ethernet cable, and those never drop, either. The two Wiis, the Xbox 360, and the 3DS also connect wirelessly, and one of the Wiis drops occasionally as well -- and it's not connecting right now, either.There is one more PC in the house, which also runs Windows XP, but I haven't gotten it to connect in weeks and I've pretty much given up on it. It'd be nice to get that to run, too, since I have to share this computer, but it's 7 years old, it's just too old and is stuck on "acquiring network address" with either adapter, if I'm remembering right.
This is everything I know. This problem is still occurring, and it just occurred randomly today, while the computer wasn't even in use. I can connect to the internet with a wired connection, but stretching the wire across the house isn't something the homeowner wants me to do, so I can't keep it permanently, as much as I desperately want to.I looked around at a few other threads and there was some sort of Wifi program I can install? But it won't install. Or rather, the .net framework is what's not installing. So I guess I can't use that. Hope it makes finding the problem still possible though, this is the only computer I have left since my other one won't connect anymore either.
View 2 Replies
View Related
Aug 6, 2011
I've had a strange problem with my laptop for quite a while now. From time to time, my entire wi-fi capability vanishes. The green wi-fi light goes off and my Intel PROset/Wireless tells me that I do not have a wireless physical adapter installed.From there, I go to Network Connections. Sometimes, I can hit "repair" under Local Area Connection 3 and after some struggles, the green light will come back on. However, sometimes when I go to Network Connections, I cannot repair the Local Area Connection, because the 1394 Connection is no longer even listed and, from all ways of searching, doesn't even exist on my laptop.In that case, I have to restart my laptop. Sometimes, a restart works and the wi-fi capability magically returns. Sometimes a restart does not work, and I have to power off, wait, and power back on my laptop. And sometimes, I have to keep rebooting SEVERAL TIMES in a row before I get wi-fi back.
I'm not sure what to do for it, nothing has changed with the router or the location of the router. My laptop will be fine for a couple of weeks, or I may lose wi-fi ability a couple of times in a week or so. However, at the moment, I lose my wi-fi adapter frequently, often every two minutes to perhaps every ten minutes. It has "acted up" this badly only once before (probably a month ago), and I just keep rebooting for a couple of days until everything seemed to calm down. However, I can't keep just restarting my laptop every five minutes
View 14 Replies
View Related
Sep 24, 2011
I'm trying to diagnose & repair a problem with the built in wireless adapter on a gateway NV53. The OS is 64 bit Win 7. The computer isn't mine, I was just trying to repair it for a friend. Initially, the wifi worked fine; the disk drive seemed to have a bad laser or something, sometimes there were problems with printers, it was slow to start, etc., so I thought I would just backup everything, "restore to factory defaults" (reformat & reinstall OS from hidden partition), then copy everything back / reinstall programs. I wanted to reformat just to clean it up, etc. After reformatting and updating windows to the latest version, it seemed to work fine (I hadn't tested those other problems, they are unimportant). However, after the computer is on for awhile - anywhere from a few minutes to a few hours - the wireless adapter suddenly can't see any networks. There are several networks in the area, so I know it isn't a problem with my router (also, other comps. can see them all still) After awhile longer, the wireless adapter disappears completely from device manager. I think that when it initially loses track of all the networks, the mouse, typing, etc. slow down and have jerky movement for a minute (may be incidental). When I restart the computer, the adapter works fine again, but of course, only for awhile.
Things I've tried:
-Setting the power settings on the adapter (don't allow power saving to turn this off.. box)
-reformatting
-updating drivers
-updating windows
-running antivirus
-uninstalling the antivirus
View 1 Replies
View Related
Apr 26, 2011
Running OS X 10.5.8 on an old MacBook Pro on a wireless network. It might be relevant that I recently upgraded the wireless router and the DHCP-assigned IP addresses changed. Before that, everything worked reasonably well.
I can connect to the MBP from Windows 7 computers on the network, logging in with a user name and password, and access the files there as expected.
But the MBP disappears from Windows Explorer after a few minutes. I can usually add it back (always checking the box to remember it) but it just keeps disappearing. Sometimes when it disappears, I can't add it back and when I try, Windows Explorer says, "can't find."
How can I get this share to stick?
View 1 Replies
View Related
Aug 17, 2012
The original network had a Zylex router, Netgear Switch. There was 2 pc's, one XP and Win 7. There is also 3 tills connected too. There is VPN network connected too. This emits a wireless signal to connect to a scanning gun and is also used to administrate the entire network. I was told by the Administrator of that network that it shouldn't interfere with the wifi network.
The job I was requested to do was to install 3 new wall plates as the Win 7 pc was using a Belkin wireless adapter. There was 2 put inside the office where the XP and Win7 pc's are located. The 3rd was just outside the office.
Now all the ethernet connections work 100%. The wifi is another story though. It will show up in the connect too, when you try connect it will disappear/no response from AP/connect then disappear, these are random too. No order to when each is error is displayed. Even when I put in another router the exact same issues happen.
I have tried to connect to both routers wifi when it wasn't plugged into the switch. Just the router's turned on with no cables plugged in separately of course, no joy same issue with both.
View 2 Replies
View Related
Dec 13, 2011
I have new DIR-615 D-link router. Since we installed it the network has disappeared randomly off the available networks list, and when I try and open Google Chrome it says there's DNS error. Troubleshooting through windows networks doesn't work because it can't find any problems since my network doesn't even show up on the list. We've even done a factory reset and the problem persists, and it does this about once a day. Resetting the router temporarily fixes the problem. This problem is happening on all 3 laptops in our home, two of which run windows 7 and one which runs XP.
View 1 Replies
View Related
Jun 25, 2011
Desktop
Windows 7 64-bit -> cable directly to router
Laptop
Windows 7 64-bit -> wireless
Laptop
Windows 7 64-bit -> wireless
Playstation 3
-> Wireless
Xbox 360
LAN cable from router to 360
Scientific Atlanta 2203C modem to a Cisco Linksys E3000 wireless router.Ok, so if I turn everything on I can see all computers from all computers, but after a few hours/days (random time) everything disappears, and I have to unplug the router and then everything is back. Is there a way to stop this, and just have everything just be there all the time?
Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:UsersJohn>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : John-PC
Primary Dns Suffix . . . . . . . :
[code]....
View 3 Replies
View Related
Sep 15, 2012
The original network had a Zylex router, Netgear Switch. There was 2 pc's, one XP and Win 7. There is also 3 tills connected too.There is VPN network connected too. This emits a wireless signal to connect to a scanning gun and is also used to administrate the entire network. I was told by the Administrator of that network that it shouldn't interfere with the wifi network.The job I was requested to do was to install 3 new wall plates as the Win 7 pc was using a Belkin wireless adapter. There was 2 put inside the office where the XP and Win7 pc's are located. The 3rd was just outside the office.Now all the ethernet connections work 100%. The wifi is another story though. It will show up in the connect too, when you try connect it will disappear/no response from AP/connect then disappear, these are random too. No order to when each is error is displayed. Even when I put in another router the exact same issues happen.I have tried to connect to both routers wifi when it wasn't plugged into the switch. Just the router's turned on with no cables plugged in separately of course, no joy same issue with both.
View 2 Replies
View Related
May 6, 2012
My new EA4500 works fine all day, both wireless and wifi, on both bands, but nearly every evening, the wifi signal disappears, as shown on a wifi app for my smart phone, but not on Issid on my laptop, strangely, and my PC laptop and iPad both disconnect, then reconnect. Smart phone disconnects too. It isn't like the signal drops in strength, it just goes away! I have tried various settings on modes, and bandwidths, I am using different SSID's on each band, WPA2 security with a long non-dictionary passphrase and MAC filtering. The hardwire connection works great at 30+ Mbps even when the wifi is disappearing from the wifi scanner and the wifi connections are dropping. In other words, the cable connection/modem is working fine, but the wifi radio signal stops or the SSID drops off the signal. I really can't tell, but I know it is becoming very frustrating. The old WRT54GS works fine if I put it back on-line in the evening when these things start to happen.
I have turned off everything I can think of in the house that transmits or might transmit, in case it is an interference thing. I have tried disabling the 5 GHz side, since I can't see what is happening on that band, and the last thing I tried was changing the MTU from 1500 to 1400. So far, the past evening, it was okay, but I am not confident it will stay that way.
View 6 Replies
View Related
Dec 26, 2009
I have problem with using my dell studio 1537 with platronics pulsar 260 bluetooth stereo headphones. After some time listening music bluetooth just disappearing from system, bluetooth indicator is on and not reacting for wireless switch. My OS is Win7x64, mini-card driver 6.2.0.9000, bt audio driver 6.2.0.9500. With other bluetooth functions, such as bt mouse or pda sync, i have no problems.
View 21 Replies
View Related
Apr 29, 2013
I tried any type of combination and just couldn't make it works. Only PPTP works well. Whether Apple iOS IPSec VPN is supported or not?
View 11 Replies
View Related
Feb 4, 2013
We have a BGP / OSPF configuration as shown in the topology picture. When the connection towards Internet is taken down, we expect the traffic to be forwarded toward WAN 2 (preferred) or WAN 1. The problem is that the BGP learned routes disappears when the Internet connection is taken down. The IP routing table on R2 only shows internal networks and the networks between R2 and WAN 1 and 2. No routes to internet is shown. We run "show ip bgp neighbors <ip-to-wan-1-router> received-routes" it contain internet routes. And when we run "show ip bgp neighbors <ip-to-wan-1-router> routes" it contains no routes at all.
View 2 Replies
View Related
Jul 24, 2011
How many routes support 7206VXR with NPE-G2?
View 2 Replies
View Related
Jan 23, 2011
I want to know the number of routes supported by CISCO3825-HSEC/K9(512MB DRAM).
View 2 Replies
View Related
Feb 15, 2011
I have an ASA 5510 that is configured for a remote access VPN
When users login, they are given an address from a locally defined pool (172.16.101.1-254 /24). Users can log in fine.
I have enabled EIGRP on the ASA and I have configured the following to be advertised:
1. 0.0.0.0 (default)
2. 172.16.100.0 /24 (dmz network)
3. 172.16.101.0 /24 (vpn pool)
I have also enabled reverse-route injection.
The problem I am having is that the VPN pool network is not being advertised via EIGRP, but the other networks are.
The other issue I am having is that even though I have created access-lists that allow the inside network (10.0.0.0) to ping the DMZ interface (172.16.101.1) on the ASA, the ASA is not allowing it. I have also created an ACL that allows the DMZ interface to ping inside, but this fails as well.
View 1 Replies
View Related
May 20, 2012
I am running an ASA with 8.4(3) and am trying to setup a dynamic VPN tunnel. We are having a business reason to establish a VPN tunnel to customers who do not have nailed down IP addresses. Now I found a number of documents that outline the steps involved. It seems the basic steps were to Establish a regular tunnelAdd dynamic crypto mapAssign the dynamic crypto map to the tunnel created under step 1. While this sounds pretty straight forward and simple, while prepping for doing just this I hot a road block while thinking it through. In order for my ASA to put anything into the tunnel it has to have a route to the remote network pointing at my VPN peer at the end of the tunnel. How do I do this in a dynamic tunnel? How do I add a dynamic route so the ASA knows which tunnel to stuff the traffic into? How do I stop the traffic from just being send to the Internet?
View 1 Replies
View Related
Dec 12, 2012
I'm trying to set up a Cisco ASA 5505. I'm mainly setting things up through ASDM but I also have console access. Right now while I'm setting it up I have the outside/Vlan2 port attached to my existing network and a laptop connected to the inside/Vlan1 port. More info about that:
interface Vlan1
nameif inside
security-level 100
[Code]....
Before I added that last "0.0.0.0" entry, the ASA would not see anything on the internet. Now I can ping any external IP address from the router's console. However, the laptop I have connected to the 'inside' port still cannot reach any IP address outside the 10.10.153.0 network. Every time I try to add a similar route for the 'inside' interface, I get the following error: "You have another route configured for this network any which has same gateway 10.10.152.1 and same metric 1. You cannot add a duplicate route." I know I'm misunderstanding something here. In order to make devices connected to the 'inside' port connect to the internet, I need to set up a new route that will direct these devices to 10.10.152.1, right?
View 9 Replies
View Related
Jul 5, 2011
For ASR1000 to support 4M routes, RP2 must be used.
1) RP2 need to have 16GB memory in order to support 4M routes?
2) Need to use ESP20/40 together with RP2?
3) If RP2 + ESP10, supporting route table size down to 1M?
4) 4M routes is shared for both IPv4 an IPv6?
5) SIP card will affect route table size?
View 1 Replies
View Related
