i have configured remote access vpn on my 2801 router's gio0/0 int ip x.x.x.1. i connected my laptop through vpn client from internet. i connected successfully and my vpn router gives me the assigned ip block y.y.y.1. from my laptop i can ping the other int gio/1 ip z.z.z.1 but i cant ping the ip z.z.z.2 of my core sw which is connected on router's int gi0/1.
View 14 RepliesI have a Cisco 2801 with dual ADSL WAN connections, PATing to a network hanging on the fa0/1 interface. From the server connected to the router (hanging off of the fa0/1) interface, I can ping any address and there are no issues. But from inside the Cisco CLI, pinging certain addresses causes erratic behavior. [code]
View 5 Replies View RelatedI have one problem doing a ping to a router lan interface, I have 3 routers (2801) connected between each other (separated 1 mile each), the link is established trough microwave signals (connected to the 2801 fast ethernet interfaces), every router has a connection to a LAN. One of them is located at headquarters.Last thursday I replace one of the router with a cisco 2901, i configure the router with the same configuration that was on the 2801, i power up the router and the 2 link were up without problems.One day after the noc called me to tell me that after i replace the router they can't ping the router IP lan interface on the new 2901 (before the replacement the ping was sucessful). I called one user the lan connected to that 2901, and they can do a ping to the router's LAN IP address.
I can ping the 2901 IP wan interfaces, I can ping the LAN users ip address, but i cannot ping the router LAN IP address, from my desktop, and neither the 2 routers 2801 connected to the 2901.I show the configuration on the 2901, I couldn't change it because i didn't have time to do that, but i'll change the configuration to use ipsec tunnels.The configuration as you can see, has a crypto map, but the acl used by the crypto map, only permits the interfaces ip address, so i think that doesn't work, so the traffic doesn't get encrypted, but i don't know if that is the problem why i can't do a ping to the lan interface. [code]
I have a cisco router 2811 connected on other two routers but can't ping any of them from any of them too (frame-relay encap correct) DLCI mapping ok all ip configured only router 2 's line protocol is up the rest is down on others and seems LMI sent are not receive and do know how correct that
View 1 Replies View RelatedI just installed a new ASA 5505 for an office with three internal subnets.* The three networks can each get online fine and ping eachother, but cannot browse to shares on the two internal networks other than their own.* How do I configure the ASA to allow all traffic between these three inside networks?
192.168.152.0
192.168.152.0
192.168.154.0
[code]....
I'm using 3 AP's 1140 with local authentication using local radius (flex connect mode).the radius server im using is MS 2008 R2.authentication is working great on all devices pc's&mobile.authentication method is PEAP wpa2 aes enterprise.after 3 or 4 hours devices loose connectivity to the web.the device seems to be still connected to the ap but there is no ping to host from local lan or any arp learnd on local router.only manual disconnect on device and reconnecting brings connectivity up again.in one case only reseting the AP's worked.
View 6 Replies View RelatedI cannot ping mydomain.local from any computer on my network. In order to this, I have to set DNS 1 as my server's ip address, then I can ping it. The reason this is a problem is because in order to add a workstation to my domain, I have to manually configure DNS to my server's ip. I have two networks, all new systems and this occurs on both. So obviously it is the way im setting things up[CODE]
View 13 Replies View RelatedI am trying to connect my 2800 Series CIsco Office router with VPN client software from home. I can successfully authenticate and get the IP address from the pool configured but couldnt ping any LAN Ips including default gateway. I am pasting my router's configuration.
IP Address Of LAN: 192.168.22.x/ 24
IP Addresses handed out to Clients: 10.10.10.5- 10.10.10.20
aaa new-model
!
!
aaa authentication login default local
[code]....
I have noticed that my virtual-access interface comes up but the line protocol of virtual-interface remains down as follows:
Virtual-Template100 x.x.x.x YES TFTP up down
Also The client PC picks up a random gateway of 10.10.10.1 which I never configured anywhere on the server.
I have, what I believe to be, a simple issue - I must be missing something. Site to Site VPN with Cisco ASA's. VPN is up, and remote hosts can ping the inside int of ASA (10.51.253.209). There is a PC (10.51.253.210) plugged into e0/1.
I know the PC is configured correctly with Windows firewall tuned off. The PC cannot get to the ouside world, and the ASA cannot ping 10.51.253.210.
I have seen this before, and I deleted VLAN 1, recreated it, and I could ping the local host without issue. Basically, the VPN is up and running but PC 10.51.253.210 cannot get out
ASA Version 7.2(4)
!
hostname *****
domain-name *****
enable password N7FecZuSHJlVZC2P encrypted
[Code]...
Ive got my home lab setup with two 2610 routers hooked togeather with a DTE/DCE Crossover and I have OSPF configured on both routers. Each router has one 3550 switch connected to each FA0/0 inteface. The issue is that Everything can be pinged except my windows 7 PC connected to the R1 LAN. Everything else can be pinged from any other device. I checked the PC gateway configuration, disabled the firewall and checked my switch configuration! Is their something that I need to change in Windows?
Windows PC ------------ 3550 Switch-------------R1-----------------------------------R2---------------------3550 Switch----------------------Linux Box
Windows PC can't ping past the FA0/0 interface between the switch and R1
I wounder if there is any way to ping the local deviceses connected to a network hosted by a Cisco 1921 router? I wan't to be able to ping the device(computer name) but currently cant do that.
View 1 Replies View Relatedi'm trying to setup a local DNS server to manage small office local-only domain names for our servers. i have the DNS working properly (resolving local machines and using the ISP dns if it can't). so i put the DNS server ip into the "Static DNS 1" field of the router settings. the other 2 static dns fields are empty.the problem is that the router is still using the ISP dns server as the primary and my local dns server as the secondary. i verify this in two places. first, if i go to the "status" tab, DNS 1 shows the ISP server while DNS 2 shows my local DNS server. secondly, if i connect to the wireless device with a linux-based machine, the /etc/resolv.conf file shows the nameserver ips in the same incorrect order.
View 1 Replies View RelatedI have a new 3560G to set up a small network for a remote site. I configured the vlan and an SVI as the gateway. The switch is also the DHCP server for the LAN. I configured Gi0/2 as L3 port, connecting to the nearest neighbor. My network runs EIGRP so i advertised the routes into the EIGRP process. The switch forms EIGRP neighbors and learns all routes in the enterprise network. The problems I'm having now are: 1. The switch learns all routes in my enterprise LAN and can ping devices in the enterprise LAN, but I can’t ping any interface on the switch from the enterprise LAN. 2.
View 5 Replies View RelatedI set this up and I can ping all the gateways but never the hosts. I was hoping I could make these links between 6500's a mix of L2 and L3. Check it out. They are connected in a linear fashion R1--->R2--->R3. I can ping from R1 to R3's SVI4 gateway but I can never ping a host on that SVI4. I was hoping that I could use the port-channels between 6500's as routed links or as trunk links depending on the type of traffic....thought it would ease the migration. I suppose I could always get rid of the port-channels and just make separate L2 and L3 links between the 6500's.
View 3 Replies View RelatedFrom My Router that connects to Cable modem i am unable to ping website 4.2.2.2I am able to ping all other websites fines.Same website i can ping from my pc and all other switches fine.Router has only 1 ACL thats for NAT.
View 25 Replies View RelatedWhen I ping an address from my windows machine, it succeeds, but when I ping to the same IP on my MAC OS X machine, it fails.
1. Why?
2. How to get successful ping on my MAC machine?
I have a 2801 router. The Fa0/0 int shows up/down. I have plugged it into diffrent cisco and non cisco switches and even a cross over cable to my laptop. I cant seem to get the protocol up. I have changed the speed to 100 and duplex to full to try to get it up that way and nothing. [code]
View 7 Replies View RelatedI have a 2801 with dual ISP connections, and I have configured route-maps to direct voice traffic over ISP1 (working just fine), and I'm attempting send all other traffic over ISP2 (traffic is load-balancing instead). The connection to ISP2 is DHCP, and I have configured a route-map to route this traffic using the 'ip next-hop dynamic dhcp' command, but when I look at the route-map, it states the following: ip next-hop dynamic dhcp - current value is UNKNOWN..Is there something that I need to enable in order to see the next-hop, and properly send traffic over the ISP2 connection? [code]
View 9 Replies View RelatedI have a Router 2801 What conf should i make to access the webserver from the same LAN.
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.63
[Code].......
I looked but could not find any information on what's the use of the USB interface on my 2801 router. I saw something about Cisco USB memory module and eToken by Aladdin. Is this interface restricted to Cisco and Aladdin only?
View 17 Replies View RelatedI have a Cisco 2801 with flash: c2801-advipservicesk9-mz.124-16.bin where I use to doing VPN IPSEC.My problem is where I do a connection with a client, if my VPN dont have a traffic, the tunnel are closed. If a receive or send any traffic, the tunnel get up again.If don't have traffic, this tunnel is closed and after is opened other tunnel where is changed the conn-id to 999 for example.This comportament is normal? Exist a form that my tunnel never close? I enabled the parameters below: [code] But the tunnel continues closing if a don't have traffic.
View 5 Replies View RelatedWe are setting up a new VPN from an ASA to a cisco 2801 router (behind a third parties checkpoint firewall). We seem to be almost there with the setup but the tunnel is not working correctly. I have included a debug from the 2801 router and its config and a diagram of the setup. [code]
View 2 Replies View RelatedI have a Cisco RV110W small business router setup at my home. It has one of those HTML GUI interfaces, check the boxes, etc.., to get things working. Basically, your typical home router with VPN. I have enabled the VPN, it's PPTP, added the password, and now it's automagically configured! I can successfully VPN to my home with a Windows7 client. Here's my problem, I now need to VPN into my home router with a 2801. Is this possible? Everything I found on the subject has only been to setup a Cisco IOS router as a VPN server or tunneling to another IOS router. No examples using an IOS based router as the client.
View 3 Replies View RelatedWe have one Router Cisco 2801 at the customer site and facing issue of having very High CPU coming to 99%.CPU utilization for five seconds: 99%/28%; one minute: 99%; five minutes: 98%
View 2 Replies View RelatedI am trying to run the following commands on a 2801 router, but the commands are missing:
mls qos
mls qos map cos-dscp 0 8 16 40 32 46 48 56
The only QoS command i have in global config is (no MLS qos) :
REMOTE-ROUTER1(config)#qos ?
restore-show-output Restore old show output
shape-timer Set the HQF shape timer interval
The router is running IOS:
System image file is "flash:c2801-ipbasek9-mz.151-4.M5.bin"
Am i just running the incorrect IOS or am i missing somehting, i need to change the QoS Map for my Nortel VoIP. The VoIP phones connect to a 3750 PoE which used to conenct to a 2651XM to route VoIP and data traffic over the same copper pairs (WAN link to hub site) hence the need for a Service policy but being Nortel phones, require changing the cos-dscp map. the 2801 is going to replace the 2651XM using a new HWIC.
We have a 2801 rotuer in place that hooks up to a metro ethernet link that's obviously dropped off to us via ethernet. Anyway, the throughput granted to us is 20MB, but for some reason I can't get it to go anything above 11MB at the most. I've spent a day going through documentation trying to find the fastest speed the 2801 supports and I can't find my answer. I've seen that the high speed wan cards in this router support up to 45MB, but I'm not using a WAN card, only one of the two built in 10/100 ports.
what the maximum throughput speed is on a 2801?
I have a FWSM in my 6509, this firewall is managing three VLANs, one of which holds a file server. As you all know, FWSM do not support VPN like the ASAs and PIXs do. I have been trying to add remote access to this file server LAN all week. The only VPN device i have is a 2801 router.
first layout: VPN router behind FWSMstatic translation from FWSM LAN (private) to VPN WAN (public)default route was facing back at FWSMip address pool was to be NAT'd on the interface facing the FWSM the idea was that my VPN address pool would be NAT'd back to the FWSM on it's VLAN. since the FWSM was managing this VLAN and recognized the source IP of the translated address pool, i would have access to my precious file server.
second layout: VPN router fa 0/1 on a /30 with 6509 (public)VPN router fa 0/0 still on the same LAN as FWSM (private)address pool for VPN once again NAT'd to fa 0/0default route pointed to fa 0/1static route of FWSM LAN pointed to fa 0/0 this idea was to have more of a 'inside' and 'outside' interface on the VPN router. this too did not work, having used every trick in the book, i could still not ping anything on the FWSM LAN while VPN'd in the network (aside from the LAN interface on my router)
trace route was showing that the all routes were headed out fa 0/1 (default route) and all to my FWSM died. i really don't think my address pool is being NAT'd, though my route map statement applied to the NAT policy is permitting my VPN address pool.
I am new to VPN technology, one of those things that happened to land on my lap. how this layout could work? there are no good VPN Remote access walkthroughs for a situation like this (2801 allowing access to a FWSM controlled LAN)
The application here is a wind power project, built in two phases, without any effort to coordinate or integrate the two sites during the design phase. All operations activities for both phases are performed by one staff out of a common location. This is a rural area and Internet connectivity is mission critical due to contractual obligation with Electrical Utilities.
The client has a need to reconfigure a network which has grown over time in a layer by layer approach, whereas at every point in time that an additional T-1 or other changes occurred to address a specific need, no thought was ever put into integrating the entire site as a whole. It is at best a dysfunctional solution which somewhat accomplishes thier needs, and at worst, a kludgy, grossly security compromised, and difficult to use infrastructure. There is every kind of equipment one can imagine, each installed by some entity providing needed services on the site, but forced to make uninformed decisions because the client really has no IT department to coordinate with. Over time, every vendor just provided their own switch, router, or maybe figured out how to reconfigure another existing device to also provide the routing or access needed, To say the least, it's a mess.
The client requests a solution which provides a means to accomodate 6 internet connections (4 T-1 lines, and 2 satellite) in a manner which aggregates available bandwith and provides redundancy. The T-1 lines will be the main internet access, with the satellite connections only used if available bandwidth falls below some threshold, say 3Mb. There are many internal networks which need to be routed to and between, in total, about 20 subnets. There are 2 SCADA (Control) networks which have a mandatory requirement of 1Mb each, a VoIP system which does not use any internet connetivity as there are 6 POTS lines dedicated to it, an internal office LAN and a turbine manufacturers site LAN.
The T-1 lines, at 1.5Mb x 4 = 6Mb.
The 2 SCADA networks require a guaranteed 1Mb each, the remaining 4Mb is to be allocated between the office LAN and the turbine manufacturer site LAN. The satellite connection are only to be active in the event bandwidth falls below 3Mb.
There are 2 Cisco 2801 routers on site which could be reutilized if appropriate. Each T-1 has it's own Adtran CSU with Ethernet out. All T-1 lines are /29 IP Blocks. 2 of the T-1 lines are adjacent IP Blocks, for what its worth.
Everything here is open to reconfiguration. The client wants this finally integrated correctly with the ability to address emerging Electrical Utility cybersecurity requirements in the immediate future.
An ideal solution would be fully redundant to eliminate the single point of failure at the edge router. As to whether there needs to be separate edge and interior routers, I just don't know that. I would guess everything could be done with just a pair of redundant routers at the edge, but perhaps it is better to do the interior routing between subnets on a different router(s).
Again, the goal is a well integrated, redundant, and secure solution. My part is mostly complete, with the OSP part of the network finally at 100% after 5 years of stupid and careless misconfigurations and bad fiber splicing (by others).
I'm absolutely covered up in business at Layer 1 & 2 on these sites, as the physical plant and associated network elements are typically very poorly designed, specified, and implemented. The complexity of this job leads me to seek outside advice and ultimately a more qualified Cisco professional than me. I'm experienced enough with Cisco to know when I'm in over my head. I know a diagram would be nice, but at this point I've only got a very detailed diagram which reveals too much site identity information to make public. I'll wait to see a few comments and in the meantime work on removing site identity info so I can post a good diagram for everyone to see.
Someone told me the commands, but I can't remember them. Have a router (2801) at the end of a highly utilized T1 link/router. How do I protect it so my SSH and/or Telnet sessions will get serviced if the router is real busy.
View 9 Replies View Related1- Cisco Router
Eth0/0 : Ip address 192.168.1.1 /24 == connected my laptop of 192.168.1.2
/1: Ip address : 192.168.2.1 /24 = connected cisco swith
2 - Cisco Switch
VLAN 2 Name : Sales : ip address 192.168.3. 1 = connected computer 192.168.3.2
VLAN 3 Name : Marketing : ip addres 192.168.4.1 = connected computer 192.168.4.2
So I want my laptop that connected the router Eth0/0 Interface should access both VLAN 2 and VLAN 3 computers
I've been looking and I can really find much info about this, I got a 1841 and 2801 router with ADSL WIC cards and both are synching really low compared to my cheap home router
This leads me to believe I need a firmware update so I got the adsl_alc_20190.bin and loaded it into flash and reloaded my router but its still saying my firmware is using an embedded one.
sh flash:-#- --length-- -----date/time------ path1 1000636 Oct 4 2011 05:59:54 +00:00 adsl_alc_20190.bin
sh dsl interface atm0/1/0ATM0/1/0Alcatel 20166/20174 chipset information ATU-R
[Code].....
I have a nat and vpn setup on my Cisco 2801 router.Everything is working as expected except the NAT. I have a single static nat translation but it only works for inbound and not outbound. Going outbound, it uses the default overload nat address of the outside interface. [code] I want to add another mailserver. But I fear if one mailserver were to get black-listed, they would both be reporting there ip address as the same address (the one on the ethernet interface) which would blacklist both mail servers.Again, inbound nat works ok, but outbound is just using the IP of the ethernet0/0 address.
View 2 Replies View RelatedI have a cisco 2801 router, My ISP in which i receive my bandwidth from has assigned me a ip address/gateway etc for my FA0/0 from our Telco switch. I need to figure out how to bridge through the public ip scheme they are issuing me through FA0/1 (setting up a transparent bridge) so in example if i was givin 192.168.1.189 on a /30 network for my router (assigned to FA0/0) how to i set it up to bridge through the publics?
View 9 Replies View Related