Cisco VPN :: 2800 / Tunnel Is Not Forming Between Hub And Spoke?

Jan 12, 2012

i am trying to set up a tunnel connection between twO 2800 routers A<->B

1) destination  ip is-204.x.x.x-ROUTER A2) source  ip is 166.x.x.22-ROUTER B The router B has the modem connected to GE0/1 whose interface ip is 166.x.x.22 The ip-forward-protocol nd is configured as  below

ip route 204.x.x.x 255.255.255.255 166.x.x.21

Also tunnel 1 configuration,isakmp policy are configured properly when i run show crypto isakmp sa it shows MM_NO_STATE,i checked the preshared key on both ends and they are same.whenever i remove the ip address of the interface Ge0/0 and ip route i can ping the 166.x.x.21  which is the modem gateway.when i revert back the configuration to the above ,the ip 166.x.x.21 cannot be pinged,the dsl connection is live though.ways to fix this so that i can make this tunnel state to QM_IDLE?

View 1 Replies


ADVERTISEMENT

Cisco VPN :: 2800 - Tunnel Not Coming Back Up After Power Cycle

Apr 15, 2013

Cisco 2800, 12.4(23b) router has two VPN tunnels to other Cisco devices.
 
Authentication uses certificates from a PKI CA server. Under normal circumstances all works fine, both crypto sessions up.
 
After a power cycle (having first saved configs) however, the crypto sessions are stuck in DOWN-NEGOTIATING.
 
The certificate on the router still looks valid.
 
The only way to get the sessions back up is to renew the certificate, which seems strange as the existing one appeared to be still valid.

View 5 Replies View Related

Cisco WAN :: 33945 Ospf Not Forming Over Hwic

Feb 12, 2013

I' ve come across an weird  ospf issue between my router connected via layer 2  service provider link, details as below.We have a base station router for satelite termination at service provider end connected via Layer 2 vlan link to a head end C3945, current interface for head end is a layer 2 vlan and layer 3 ip address lives under sub interface, config as below

-Head End  router
-Cisco 33945

View 4 Replies View Related

Forming Bridge Between Wireless And LAN For Internet Access?

Mar 10, 2013

Just a little bit of info on the setup I am TRYING to run:

1) Laptop connected to my router via wireless
2) Xbox 360 connected via ethernet port to Laptop
3) Forming bridge between wireless and LAN to give 2 access to internet whilst 1 being able to maintain access.

Foreword: I've tried using ICS before hand because it was a simple alternative, had problems with it and got IP address errors on 2. When it did work, worked exactly how I wanted/need it to. (Was very un-reliable )

Goal: Have constant wireless access to 1 and be able to turn off/ on 2 and have access to internet without any problems.

Problem: So I am able to bridge the two connections just fine and I maintain internet on both, but when I turn off 2 the wireless drops and will stay at " Identifying" for hours and will either A) completely drop and not connect or B) stalls at identifying.

The way I have been able to get wireless back on 1 is to delete the bridge I formed and un-bridge my wireless. At that point my wireless comes back instantly and there are no problems. The thing is I don't want to have to repeat the process every time I want to use 2. With ICS it was " Plug and Play" when it worked and that's my goal. To plug in the ethernet cord via LAN and to be able to use 2.

View 1 Replies View Related

Cisco WAN :: 2800 How Many Site-to-site Ipsec Tunnel Without Vpn Module

Sep 20, 2011

Can i know cisco 2800 router can support how many site-to-site ipsec tunnel without vpn module?

View 2 Replies View Related

Cisco VPN :: L2L Hub And Spoke Using ASA 5510

Feb 18, 2012

I'm setting up a L2L VPN Hub and Spoke. I have 3 sites (1 HUB and 2 SPOKES).
 
HUB-----------SPOKE1
|
|
|
SPOKE 2
 
HUB and SPOKE 1 is okay. My problem was the communication between HUB and SPOKE 2. PING failed on both directions. BTW, I am simulating this only in GNS3. :-). The configuration for HUB and SPOKE 1 are the same also for HUB and SPOKE 2.
 
Here is my show isakmp sa and ipsec sa on HUB
 
ciscoasa# sh isakmp sa
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1

[Code].....

View 4 Replies View Related

Cisco :: Config DMVPN Between 2 Hub Location And One Spoke?

Nov 19, 2011

suppose i have 2 hub location and one spoke and i want to config DMVPN between them and want to keep 1 HUB as active and 2nd HUb as passive then how its possible.

View 2 Replies View Related

Cisco VPN :: ASA5505 And Spoke VPN Between Multiple Sites

Aug 12, 2012

I currently have a "hub" ASA 5505 that links to 4 sites running 877 routers. From the hub network i can connect to all sites fine but what i would like to do is to almost compartmentalise the various VPN links into little clusters.The hub ASA 5505 basically provides IP telephony through the VPN's from a PBX allowing the users at the other end of the VPN to make outgoing calls and recieve incoming calls. However, a couple of the sites would like to be able to call between eachother internally via the hub. This obviously requires traffic to be allowed between their various networks. Currently when you attempt an internal call it rings but there is no audio either way. I assume this is due to access list restrictions. I am not even sure whether what I am trying to achieve is possible. I've attached the hub and 2 spokes below. The ideal end result would be interconnectivity between the two spokes via the hub, from reading up it would seem that its possible but i can't quite get my head around it! Would it involve using different subnet masks at the hub?

View 1 Replies View Related

Cisco Routers :: Hub And Spoke Between SA540 And RV120

Jul 11, 2011

I want to build a "hub and spoke" topology for one of my clients. For the "HUB" , I'm planning to use an SA540, with a static public IP provided by a 4Mb SDSL. For the "spokes" (21 at the moment), I'm planning to use RV120. They will be behind a NAT, provided by a "SAGEM LIVEBOX", and a static public IP. The boss will connect to the HUB using Cisco VPN client, or quickVPN, and get access to all the spokes. Some spokes will have to connect to each other, via the HUB. I searched a long time on this forum and reading documentation, but I didn't find at the moment the answer to my question : is this topology suitable with the choosen hardwares ?

View 7 Replies View Related

Cisco WAN :: 2851 How To Make Spoke Going To Hub To Get To Internet

Mar 23, 2011

Imagine MPLS network. Total of 4 sites.
 
HQ-HUB is the only site with access to the Internet.
 
So if Site1 or Site2 or Site3 need to access the Internet, traffic will have to go through HQ-HUB and from there reach the Internet.I have routes 2851's on the spoke sites. Which command or mechanism you would explore in this case to make the spoke sites point to the HQ-HUB to reach the Internet?
 
Would you do this based on DNS settings or getting an access-list & static route defining when the spoke routers traffic need to go the internet, point to the HUB-HQ as the default?

View 3 Replies View Related

Frame Relay Hub And Spoke Resiliency?

Apr 7, 2011

I am having real problems trying to build resiliency into a hub and spoke frame relay scenario. I know the hub is a single point of failure. Is there any way to put some resilience into the network? There is 4 attached branch offices.

View 8 Replies View Related

Cisco VPN :: Allow Access For VPN Client To Spoke Network Through ASA 5520?

Mar 26, 2012

I'm trying to set-up 3 remote access groups on an ASA5520 running version 8.4(3) software so that remote clients connected via Cisco VPN Client can also access spoke networks which are also connected to the ASA.   I've previously set this up on ASAs running v7.2 software without issue but don't seem to be able to do the same here and can't for the life of me figure out what's wrong!
 
I have set-up the 3 remote access groups:
 
Group 1 - subnet 192.168.1.48/28Group 2 - subnet 192.168.2.0/25Group 3 - subnet 192.168.3.0/25
 
My remote access user groups can all connect to the head office subnet (10.0.0.0/8) without issue.  But only one of the groups (192.168.1.48/28) appears to be able to access the spoke sites (172.30.10.0/24 and 172.30.20.0/24) that I have set-up.  However, I can't see what the difference is between the 3 groups I have configured so can't understand why it works ok for one group and not the others?
 
When I use the packet tracer, it tells me that the flow is being dropped at the VPN encryption phase but why is that?  How can I find out more? Here's the relevant config on my ASA:
 
!same-security-traffic permit intra-interface!crypto dynamic-map remoteuser 5 set transform-set ESP-3DES-MD5crypto dynamic-map remoteuser 5 set security-association lifetime seconds 28800crypto dynamic-map remoteuser 5 set security-association lifetime kilobytes 4608000!crypto map outside_map 65000 ipsec-isakmp dynamic remoteuser!ip local pool pool1clients 192.168.1.49-192.168.50.54ip local pool pool2clients 192.168.2.1-192.168.2.126ip local pool pool3clients 192.168.3.1-192.168.3.126!access-list split-tunnel-pool1 standard permit 10.0.0.0 255.0.0.0 access-list split-tunnel-pool1 standard permit 172.30.10.0 255.255.255.0 access-list split-tunnel-pool1 standard permit 172.30.20.0 255.255.255.0  !access-list split-tunnel-pool2 standard permit 10.0.0.0 255.0.0.0 access-list split-tunnel-pool2 standard permit 172.30.10.0 255.255.255.0access-list split-tunnel-pool2 standard permit 172.30.20.0 255.255.255.0  !access-list

[code].....

View 12 Replies View Related

Cisco WAN :: 2900 ISR - Upper Limit For EIGRP Hub And Spoke Setup?

Aug 9, 2011

Is there any suggested upper limit to a single EIGRP hub-and-spoke design (i.e. with a single central router)?
 
Router is a 2900 ISR
 
I'm vaguely aware of a similar design limitation with OSPF areas where no single area should contain more than 40 - 80 routers. Could be heresay...

View 13 Replies View Related

Cisco WAN :: 2900 Isr Suggested Upper Limit For EIGRP Hub And Spoke Setup

Mar 25, 2013

Is there any suggested upper limit to a single EIGRP hub-and-spoke design (i.e. with a single central router)?Router is a 2900 ISR,I'm vaguely aware of a similar design limitation with OSPF areas where no single area should contain more than 40 - 80 routers.

View 8 Replies View Related

Cisco VPN :: 3745 DMVPN Design Using ISP Dial-up Redundancy At Spoke Side

Apr 14, 2013

I'm working on a new DMVPN configuration with one 3745 at the hub site and a 1941 the spoke. I have internet through gsm for the primary line at the spoke and a dsl line for  backup on spoke.I have one tunnel interfaces on both the hub and the spoke.Currently my VPN tunnel is coming up fine , however we are planing to do an ISP failover at spoke side . since in the tunnel interface i can only define one "tunnel source interface" which is gsm cellular interface , i don;t know how to use my another ISP for the same tunnel interface as it will always initiate traffic from gsm.
 
do i have to create another tunnel interface with same hub site , or do i need another hub as backup? is their any other way to create loopback interface and initiate the traffic from that loopback?

View 1 Replies View Related

Cisco WAN :: 7201 Option To Send All Traffic Through GRE Tunnel / L2TPV3 Tunnel

Jan 9, 2011

i have a 7201 router with NPE-G2. i have a design which i have the option to send all the traffic through a GRE tunnel or a L2TPV3 tunnel.which method is more CPU consumption ?

View 1 Replies View Related

Cisco WAN :: 1941 Router - Enable IPSec Virtual Tunnel Interface With Tunnel Mode IPv4

Sep 23, 2012

I'm in process of purchasing a new Cisco routers for our branches that will be used primary to enable IPSec virtual tunnel interfce with "tunnel mode ipsec ipv4". does the default IOS IP Base supports this feature? or i need to purchase DATA license or SECURITY license?

View 4 Replies View Related

Cisco Routers :: Set A VPN IpSec Tunnel GW To GW Tunnel Between RV110W

Oct 17, 2012

I am using a Cisco RV110W (Firmware 1.2.09) in a branch and I would like to create a VPN Tunnel to another site that has a Cisco RV042 (firmware v4.2.1.02)
 
What would be the correct Configuration? the current configuration I am using is
 
in the RV042 i am using
 
Check Enable 
Local Group Setup
Local Security Gateway Type : IP Only
IP Address : RV042 Pulbic IP address

[Code].....

View 3 Replies View Related

Networking :: To Tunnel All Routers Traffic Through SSH Tunnel With WRT300n

Jul 24, 2012

Environment :linksys wrt300n v1.1 which can have ddwrt-mega. Willing to tunnel all lan's outbound traffic through an ssh tunnel.

View 2 Replies View Related

Cisco VPN :: Tunnel With WRVS4400N Need To Push 2 IPs Through Tunnel?

Jan 23, 2012

There are a few situations were I'd like to be able to use the locally configured account on a device but still have ACS in place.I want to complete this WITHOUT adding the locally configured account into ACS.I have tried setting the advanced option under Identity for if an account is not found to "Continue" however this causes the account to be allowed as long as a password is typed (any password, as long as its not blank).

View 2 Replies View Related

Cisco WAN :: IOS 15.2 For 2800 Series?

Aug 1, 2011

We've just discovered it seems the 2800 series aren't getting IOS 15.2?
 
We're running a 2851 for our CME and specifically want some features in CME 8.8...
 
End of Sale has been announced, but as it stands you can still purchase this router new today.

View 5 Replies View Related

Cisco WAN :: SonicWall VPN Between 2800

Oct 29, 2012

I have two CISCO 2800 routers tied together over a Metro Ethernet bewteen an HQ location and a Colocation facility.    There are multiple subnets on both sides of the MAN.   All things work in this regard.
 
I added two new Interfaces to the routers to create a VPN failover should the above MAN go down.  I use IP SLA to track the MAN, then move to the VPN route when reachability is down.
 
I can source ping from one CISCO router Interface to the other, through the two interfaces to the Sonicwalls and reach the router interface of the CISCO on the other side of the VPN tunnel.      
 
Problem: I can not ping any subnet behind the interface I ping through the Sonicwall VPN tunnel?  
 
Example 2800 G0/2 interface 100.1.1.41 /30 through Sonicwal over Internet to other Sonicwall and out ot the G0/2 100.1.10.41 /30 interface on the other 2800 router.  Ping is fine.

View 15 Replies View Related

Cisco VPN :: 2800 Can Only Establish A VPN One Way

Dec 1, 2011

I am having an issue with a VPN tunnel in that we can only establish this from the VPN 3k side to the 2800 and not from the 2800 to the VPN 3k , the setup is as follows: [code] I am awaiting the logs from the VPN 3k but here is the debugs from the 2800. [code]

View 4 Replies View Related

Cisco VPN :: 2800 Router - VPN Between ASA 8.3 And ASA 8.2

May 14, 2013

i hace a VPN configured between two Cisco ASAs, but I have a problem to reach a network behind a router 2800.

View 7 Replies View Related

Cisco VPN :: 2800 - ASA With Two ISP VPN Design

May 29, 2012

we have anew office and have a 2800 router as a WAN router it has a 3G card and a DSL link. We have a ASA which has to be configured to 2800 router. we want that ASA shd have a VPN link with pirmary site over DSL if DSL fails it shd automatically fall to 3G....what we really need and how it would be done interims of IP addressing do we need any special IP from service provider.?

View 2 Replies View Related

Cisco :: Netflow On 2800

Apr 17, 2013

I have configured the netflow to gathering flow from my cisco 2800 as below:
 
interface GigabitEthernet0/0
description ### To VNPT_FTTH_20M ###
no ip address
ip flow egress
ip route-cache flow
[Code]...
 
But i still not see users addresses(each individual hosts will go though) What and where i am configured wrong? I also attached here the map network.

View 5 Replies View Related

Cisco :: How To Get Into The Console Router 2800

Oct 17, 2012

want to ask something about configuration ruter 2800I already have a usb to DB9 | DB9 to RJ45but i have a problem like the image below

View 19 Replies View Related

Cisco WAN :: How To Add A Wic-2t Card On Router 2800

Dec 21, 2011

How to add a wic-2t card on router 2800
  
Had the card as follows
 
I want to know routr 2880, such as the following picture

View 1 Replies View Related

Cisco WAN :: 2800 - ACL To Block Routing?

Mar 20, 2012

I have a Cisco 2800 router.  I have been noticing a lot of traffic to Pandora lately.  At times my pipe is 25% music streaming and my router utilization can be quite high.  Our web filtering is a hosted service that does not block all traffic depending on some of the ports.  It is really designed for port 80 and 443 only.
 
We decided we want to block access to Pandora completely on both our primary internal LAN's and our Guest wireless LANs.
 
When I perform the ARIN lookup, I get these results for the IP range:

NetRange: 208.85.40.0 - 208.85.47.255
CIDR: 208.85.40.0/21
 
The CIDR notation does not make sense to me entirely.  The IP range includes 8  class C networks.  The /21 is a class b subnet of 255.255.248.0 or a router broadcast address for routing tables (depending on how you want to look at it).  I was not sure if I could block the address based on the router CIDR range of if I had to use the individual classful IP ranges.
 
Should I block "208.85.40.0 0.0.7.255" in my ACL or should I create 8 entries to block the networks like this?
 
208.85.40.0 0.0.0.255
208.85.41.0 0.0.0.255

View 5 Replies View Related

Cisco WAN :: 2800 Router Certificate Key For SSH

Sep 19, 2011

I am operating a 2800 series Cisco router.  The router is working fine  except that I am not able to SSH into the router.  I have checked the  running config with cisco's documentation and every line is correct.   Prior to me getting this job they did an update and think they have  corrupted the a certificate key for SSH.
 
Any command to generate just the SSH key  and not all the other keys that would cause bigger connection issues.

View 1 Replies View Related

Cisco WAN :: 2800 - Client Not Getting IP From Router

Feb 23, 2012

I have 2 2800 series routers configured the same, but with different subnets. One works fine, the other the client can't obtain an IP, and hardcoded, cant ping.
 
I ran DHCP debug and I can see the router assigning the IP, and I see and ARP entry that matches the MAC of the client.
 
*Feb 24 11:33:55.915: DHCPD: Sending notification of DISCOVER:
*Feb 24 11:33:55.915:   DHCPD: htype 1 chaddr 000a.e40c.d232
*Feb 24 11:33:55.915:   DHCPD: remote id 020a0000ac10760101000078

[Code].....

View 3 Replies View Related

Cisco WAN :: ADSL2+ Configuration On 2800

Dec 28, 2010

We have a customer in the UK, who is starting to deploy ADSL2+ circuits for the new sites they are adding to their BT IPClear MPLS network.We want to standardise with a config for each site, but to date have found that we seem to be using a different config for each site. Some are configured using a dialer interface & some using a virtual template.

Why on some of the sites the virtual template method works & on others we have to configure a dialer interface. Also in regards to the speeds, what should we configure as bandwidth statements & also for traffic shaping. I know that the ADSL2+ circuits can operate at various speeds, but am i right in thinking these higher speeds are the clock rate of the line & with the BT IPClear product, the customer only gets the agreed/paid for bandwidth.

As this figure is different in both directions, when the traffic shaping is configured using vbr-rt command, is the amount entered based on the slower upstream bandwidth on the circuit.

View 7 Replies View Related

Cisco WAN :: WAN Design Using Juniper SRX 2800

Jan 10, 2011

Local LAN is connected with cisco 2800 router and SRX 210 Firewall, currently all LAN segment will go to my Data Center via ISP A and all internet traffic from LAN segment will go to internet via SRX firewall, there is no relation/connection between cisco router and SRX firewall. I have separate AS no. s for both the ISP

I am having attached scenario. based on current one I would like to do following.

1. I need to use PBR at LAN Switch ( its L3 Switch) such that in normal scenario - local VLAN traffic is equally distributed on both ISP.
2. dedicated internet traffic will flow through ISP B only and if WAN link of ISP B goes down, the internet traffic will pass through ISP A.

( in normal scenario, ISP A will utilized 100 % for LAN traffic to reach it to DC but once ISP B link goes down, the b/w of ISP A will be divided to route 50% traffic for LAN segment to DC and rest 50% traffic of LAN segment to internet)

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved