Cisco VPN :: 2921 - Clients All Have Same MAC Address?
Apr 21, 2011
We are deploying softphones for remote employees in our company. We currently are using Cisco 2921's with VPN enabled.
All of the clients who connect with the Cisco VPN x86 client are getting 00:00:00:00:00:00 for their MAC Addresses, and all of the Cisco VPN x64 bit clients are all getting the same MAC Address, although it is different than the x86 clients.
This is causing the softphones to not work, as they all need to be sending independant MAC addresses.
View 1 Replies
ADVERTISEMENT
Oct 23, 2011
I have a trouble with PPTP VPN between Windows clients and Cisco 2921 router with RADIUS (IAS) authorization. When I try to connect to Cisco 2921 from Windows 7 using MS-CHAP v2 I receive error 778: it was not possible to verify the identity of server . Then I use PAP - everythig is OK. On Windows XP the same situation.
Cisco config:
version 15.0
service timestamps debug datetime msec
[Code].....
View 6 Replies
View Related
Sep 15, 2012
I have a 2921, and I have 4 network segments. In segment 172.16.0.0./27 I wand to "pair" somehow connections. I mean IP 172.16.0.x has to have MAC aaaa.bbbb.cccc and so on, and not accept connections otherwise.How can I do that?
View 7 Replies
View Related
Nov 23, 2011
I have configured 5508 with multiple APs but clients on the internal SSID aren't getting an IP address. I have the IP helper address configured and I have also disabled DHCP proxy on the controller.
I get the following from the client debug, I don't know what the below mac address is, it's not one my APs or the clients, I am not seeing this mac address on the controller at all but it shows up in the debug.
type = Airespace AP - Learn IP address
on AP 6c:9c:ed:87:23:c0
*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.579: 08:11:96:20:94:28 Entering Backend
[Code].....
View 5 Replies
View Related
Feb 8, 2011
I have setup an AnyConnect Connection Profile on my ASA 5520.
We have some remote support software which the helpdesk use to connect to PC's remotley and torubleshoot.
I cannot connect to this software using the assigned IP address of the client even though it works fine with our old Nortel VPN.
If I hit the IP address the packet gets all the way to the ASA and seems to disappear.
I have setup an IP v4 access list on the connection profile which allows any/any access b ut still no joy.
View 1 Replies
View Related
May 16, 2012
We got a question about our WLC 5508 single controller deployment with 14 access points without a VLAN configuration.
When our clients connect to the wifi, we cannot see any ip address of them in the client details page. It shows everytime the ip address 0.0.0.0. The clients are configured with a static ip.
View 8 Replies
View Related
Mar 29, 2012
I would like to share one problem with WLC 5508 . we added a new virtual interface on the WLC. One new SSID is associated with this interface.
We created a ACL for this interface to restrict the access via WIFI to certian services. It´s not correct that everything works fine because the change were not applied. [code]
The changes of the ACL are applied on the fly, but for reason we don´t know, the clients don´t get a DHCP IP-Address (after changing the ACL) until the Controller is rebooted.
View 2 Replies
View Related
Jul 1, 2012
I setup ASA5540 for SSL-VPN (clientless) works fine. But I try to use Client (AnyConnect) to access internal resources, it is failed. It is stiil initiate sessions from remote client IP. I need to initiate session from client IP assigned by ASA5540 box (same with Cisco VPN client connect to Cat65 SVC module). How I setup it?
View 3 Replies
View Related
Feb 12, 2013
Im facing with some DHCP lease issue and its like this,Our Cisco 2951 edge router is configured with local dhcp pool for a set of remote users when they connect through Cisco VPN which was working fine until we planned to change it to a Windows box that is configured for DHCP.The basic idea now is to relay the DHCP requests that are coming from the remote clients through Cisco VPN to the DHCP Windows server. So we added the scope on the server and changed the client config on the router as follows (highlighted is the dhcp relay config). [code]
View 1 Replies
View Related
Jan 15, 2013
Just inserted a new 5508 WLC into the network. We current have 3 4404 WLCs, and there was a need to duplicate, as much as possible, the configurations on the 4404s, and the design. The 5508 came online as expected. We moved a few access points over to it. The APs got the correct address range. The clients are expected to get addresses in the same scope range as the APs. However, the clients are receiving addresses in the management IP scope.I know there are two "not a good way to do it" in here. Why is the management address range in the DHCP scope, and why are the clients using the same scope as the APs. We are going to change that. For now, the AP and client in the same range has been going on since we rolled out wireless in 2006.The 8 ports on the 5508 are configured for LAG. There is no dedicated port for management. They tell me not to do that on a 5508.
View 8 Replies
View Related
May 23, 2013
I've got a Cisco 1941 setup working fine for Cisco Anyconnect. Clients can connect to local resources fine. The issue I have is I need the remote clients to access a third party IP address but to do so they must do it through the VPN. At the moment only local resources are accessed across the vpn and if they need internet they use their own internet connection they are connecting with.I've added the below to make sure traffic going to the IP is going across the VPN.
View 4 Replies
View Related
Dec 5, 2012
I have not yet completed my CCNA, however I have managed to configure a 1841 router with 1 x HWIC-ADSL1 and it also has 1 x HWIC-AG-AP-A which is the only part I am unable to get working.
The Wi-Fi (Dot11Radio) config has enabled me to see the SSID from wireless devices, but they never get an IP address. I need them to get the same IP range as the DHCP service I have in there 203.35.10.xxx, there is no option for "IP ADDRESS DHCP" only "IP ADDRESS POOL LAN" Lan is of course my DHCP pool name. however I cannot have the same DHCP pool on both Dot11Radio interfaces.
I know I'm missing one very simple command, but as I've never worked with Radio on Cisco equipment, I am unsure how to fix it.
Then once I get that worked out, I need changing the access from OPEN to WPA or WPA2, etc..
IOS Software on Router is C1841-ADVSECURITYK9-M - Version 12.4(9) T
I can upgrade to a better version of software if needed, I only have a 32mb Flash and 128Mb Ram.
The current Radio Config is:
!
interface Dot11Radio0/1/0
no ip address
no ip redirects
[Code]....
View 1 Replies
View Related
May 4, 2011
I have a couple of ASA 5505's which work fine for what they are doing VPN and all that - we have 1 DLINK DFR-700 Firewall left and I need to get a new ASA to replace this since it is old.
All this box really does is port forward external clients to 1 address on the internal lan for client software updates. Any example configs?
So lets say we have client a with IP 1.1.1.1 and client b has 2.2.2.2 - at the moment this is what happens client a and b come in through http and get mapped to the internal http server 10.10.1.2
So I need to setup about 100 clients which can come in through http only - get mapped to the internal IP and also keeping the internal server to be able to access anything outside.
View 1 Replies
View Related
Jan 22, 2013
I have a strange behavior between a WLC 5508 (version 7.0.116.0) and NEXUS7010.
WLC
The WLC is configured in DHCP Bridging Mode (it sends DHCP requests without change)
Nexus
The VLAN interface is configured as follows
interface Vlan501
ip access-group acl-int-vlan501-in-1 in
no ip redirects
ip address 10.12.56.4/21
ip ospf network broadcast
ip router ospf 100 area 10.23.0.0
hsrp 51
Clients can not obtain an IP address intermittently. If I deactivates the ACL when the problem appears(when the client can not obtain an IP@) the probleme is resolved
Note: Before the WLC was connected to Catalyst 6500 and worked properly for 2 years (with same configuration)
I saw this note about differences between DHCP relay on the NEXUS7000/NXOS an Ip helper one the 6500/IOS URL. Do you think the problem may come from the DHCP relay or ACL on the NEXUS.
View 2 Replies
View Related
Oct 30, 2012
with our WLC 5500 controller, once the clients get the DHCP address the page is not redirecting them to the guest portal.What is the best way to check as to why the redirection is failing.
View 8 Replies
View Related
Nov 9, 2012
I set up the IPv6 on EA2700 (running firmware v1.1.39), and all the wired clients can get an IPv6 address, assigned by the router, without issue.However, all the wireless clients seem to unable to get an IPv6 address. If I connect a laptop to the router both wirelessly and with an ethernet cable, then the ethernet NIC gets an IPv6 IP but not the wireless NIC.
View 9 Replies
View Related
Jun 18, 2012
I have a ASA5505 and it has a vpn set up. The VPN user connects using the Cisco VPN client. They can connect fine (the get an ip address from the ASA), but they can't ping the asa or any clients on the network. Here is the running config:
Result of the command: "show running-config"
: Saved
:
ASA Version 7.2(4)
!
hostname ASA
domain-name default.domain.invalid
[code].....
what I need to add to get the vpn client to be able to ping the router and clients?
View 3 Replies
View Related
Nov 5, 2012
We currently have an ASA 5520 communicating with 10 ASA 5510's, all on static outside addresses. I was asked to add 5 additional 5510's on dynamic address. All worked well in testing until it was decided that some of the dynamic clients needed to talk to each other.
My testing shows packets just dying in the 5520.
View 1 Replies
View Related
Feb 1, 2011
I have 4 desktops cat5 to Dlink DIR 615 router. All work fine. Any wireless clients, laptop or netbooks, see the desktop computers for a while then disconnect somehow. All machines can see the Internet through the router at all times. The desktops disappear from the laptop/netbooks but the wireless machines can be seen from the desktop computers but clicking on them gets 'Access Denied' message after a wait.3 desktops = XP, 1 98SE. All laptop/netbooks = XP
View 2 Replies
View Related
Jul 6, 2012
I have a Netgear WNDR4500 running the stock firmware, acting as a router for my home. I also have 2 routers that are flashed with DD-WRT (Linksys WRT54G and Asus WL-520GU) running as client bridges. The Netgear is 192.168.1.1 and the other 2 client bridges are 192.168.1.2 and 192.168.10.3. The Netgear router is performing DHCP giving addresses from 192.168.10.100 to 192.168.10.254. I have numerous machines connected to the Netgear, wirelessly and wired, and numerous machines wired to each client bridge. All machines have IP addresses that are 192.168.10.100, 192.168.10.101, 192.168.10.102, etc... Everything is working fine, but I have one question: When I access the Netgear router, it shows the client bridges as clients, machines that are wired and wireless to the Netgear router are listed as clients, but the client list does not show any clients that are connected to the client bridges. I assumed that since the router is performing DHCP that all clients would show up.
View 2 Replies
View Related
Feb 29, 2012
I have a strange issue on my ASA 5510 (8.4). I can't ping or connect to the VPN clients but the VPN clients can ping/connect to any inside resources. I have checked all the NAT extemtion entries.
View 3 Replies
View Related
May 29, 2013
I want talk BGP with ISP though 200Mb/s WAN link by using Cisco Router 2921; and in the near future WAN link will be upgraded to 1Gb/s. Does Cisco Router 2921 has enough performance to do this task?
View 5 Replies
View Related
Nov 13, 2012
We have a CISCO 2921/K9 which has the securityk9 feature set (reflects Permanent under show version)
I thought that included SSL VPN, but doing a "show license all" it doesn't reflect that:
StoreIndex: 4 Feature: SSL_VPN Version: 1.0
License Type: EvalRightToUse
License State: Active, In Use
[Code].....
View 2 Replies
View Related
Jun 30, 2011
Using a Cisco 2921 router with an RPS 2300, I came across a table in the 2900 Hardware Installation Guide that I can hardly believe: table 5-3 seems to tell me that in order to back up ONE 2921 with RPS power, I will need an RPS with TWO 750 Watt or TWO 1150 Watt power supplies. Is it really true that I need to throw at least 1500 Watts of backup power at a router that has a main power supply of approx 300 W?
View 13 Replies
View Related
Oct 13, 2011
I need a router to connect to our ISP by BGP and in a future to a second ISP. Our ISP is going to provide us about 300.000 route entries by BGP. So router 2921 would be enough??? or should i go to a higher model?We are going to have 100Mbps with this ISP and probably in 3 months we'll have to double it. Also we'll need IPv6 support.I saw router performance [URL]f and it's has 480.000 PPS and 245 Mbps but for 64 bytes lenght packages. If the packets are bigger the throughput should be best I suppose... 1500 bytes about 5,5 Gbps. In the case you consider the model is sufficient, the flash or RAM should be increased?
View 4 Replies
View Related
Mar 28, 2012
i have one interesting problem with local PBR on 2921 router. Here is the case,On HQ site there is 2921 router with two directly connected ISP, and there is Branch which is connected to only one ISP. The configuration should be to connect HQ router to Branch router with two VTI tunnels, so that each tunnel on HQ site should be terminated on different ISP, and EIGRP will be monitoring each VTI status.The problem is on HQ site, there is only one way to specify router with LOCAL PBR configuration, so router should send on ISP1 terminated tunnel traffic to ISP1, and on ISP2 interface terminated tunnel traffic to ISP2.
As I know this configuratino should work, but I could't make it work on c2900-universalk9-mz.SPA.151-4.M4.bin IOS, and on c2900-universalk9-mz.SPA.152-2.T1.bin.
Here is simple config:
ISP1 ip is 1.1.1.1
ISP2 ip is 2.2.2.2
3.3.3.3 is Branch ip address.
!
ip vrf BRANCH
[code]....
when I configure one default static route, it starts workig, but both tunnels go with specified ISP, and also there is no vrf problem,when there is no any vrf config it also don't work. gre tunnels also dont work.
View 4 Replies
View Related
Mar 7, 2013
why Cisco 2921 Gigaethernet 0/1 is not coming up ? I also tried to connect the interface to another SWITCH with no joy.
ME3400 (ISP's switch)<-------------MPLS link--------------> Cisco 2921 Gi0/1 >>>>>>>>>>Port not coming up
I tried connection between ME3400 (ISP's switch) and spare switch and the INTERFACE of spare switch was in UP/UP state .Troubleshooting I did so far on Interface Gi0/1
1> Changed ths speed/duplex manually and revert it back to auto
2>diable keepalive
3> Tried differnet LAN cable with no luck
4> Please see HIGHLIGHTED part (in red colour) of "Show controller Gi0/1" command
I am pasting some of the SHOW command output R2921_MMP#sh run int gi0/1Building configuration.[code]
View 8 Replies
View Related
May 16, 2013
I have a 2921 on Ethernet MPLS circuit. Problem is Voice has jitter at 60ms and no dropped packets from source to destination. How to reduce the jitter? Is the polices correct using Cisco recommended Nb = CAR x (1/8) x 1.5?
The PE is honoring the DSCP marked packets.
CE router 2921 QOS:
policy-map IFCQOS
class EF
priority 2048
[code]........
View 8 Replies
View Related
Feb 19, 2011
I am trying to set up a new router for training.I am attempting to my First BGP multihome.
The router is a 2921.We have a bonded t1 line and a metro ethernet connection
we have 2 /24 networks 1 /23 and 1 ipv6 /48 ,Behind the cisco router we have 3 Open BSD firewall Pairs, that are used to segment the networks into the production, development and my lab.
one of the /24 and the ipv6 block are veriably subneted, these are the routes that I am having troubles with.I am attempting to aggregrate the /24 and the ipv6 block to go out to the internet.
they show up in the routing table as advertised but you can not reach any hosts through the cisco router.
here is the bgp config
address-family ipv4
network 24.104.xxx.240 mask 255.255.255.240
network 204.17.xxx.0 mask 255.255.254.0
network 204.138.xxx.0
[Code]....
View 2 Replies
View Related
Jun 8, 2012
i need any one exact IOS from below list .can some provide me the link.
15.1(0.20)T
15.0(1)M1.4
15.1(24.6.26)PIL13
15.1(0.2.12)PIB13
15.1(1)XB1
15.1(0.0.10)PIL14
15.1(1.7.1)PIA13
15.1(1.7.1)PIA14
15.1(0.0.3)PIL15
View 1 Replies
View Related
Feb 12, 2013
I have a cisco 2921. I have 2 networks that has its own router
192.168.1.0 network is connected to watchguard firewall 192.168.9.0 network is connected to the cisco 2921 router.
I want to connect the 2 subnet using one of the interface of the cisco router. How I can get this work? It is not connected via vpn tunnel but we want to have LAN speed when accessing resources on both network. Each network is connected to a dell switch.
View 22 Replies
View Related
Feb 20, 2013
Is there a recommended number of GRE tunnels that Cisco 2921 ISR router with default configuration (512MB DDR2 ECC DRAM) can support?
View 5 Replies
View Related
May 8, 2011
i have a question regarding the monitor session command. I have following interfaces on my router:i want to monitor the traffic from the source interface Gi0/2 to the destination interface fa1/3,monitor session 1 source interface gigabitEthernet 0/2 brings this error message % Incomplete command.,monitor session 1 source interface gigabitEthernet 0/2?/ : <0-2>,i don't have any ports on the Gigabit Interfaces. Any ideas how to monitor traffic?
View 1 Replies
View Related
