Cisco VPN :: 7200 - Traffic Is Not Passing Through Tunnel?

Nov 17, 2011

I have set a tunnel between Cisco pix 6.3 and Cisco Router 7200. Show Isakmp sa showing below detail on Pix
 
Total     : 1
Embryonic : 0
dst               src        state     pending     created
xx6.x71.x29.x68   x2.1x7.52.1x1    QM_IDLE         0           0
  
Is tunnel is UP ? Traffice is not going throgh the tunnel . why ?

View 1 Replies


ADVERTISEMENT

Cisco VPN :: 5520 - Tunnel Up But Not Passing Traffic

Jan 15, 2012

I have a site to site tunnel between two 5520 ASAs.  Tunnel is up but when I try to talk to the other side, the implicit deny on the inside interface of the local ASA blocks the traffic.  When I ping, the tunnel comes up but in the logs it says it is blocking icmp from inside to outside.  I have tried the sys opt connection permit-vpn but it is not working.  The traffic is from 5 specific machines within the local sub net that I put in a network object group called Celerra_Replication.

I want to them to be able to talk to 5 machines on the far end of the tunnel in a seperate sub net.  They are in a net wrok object group called GP_Celerra_Replication The ACLs I created for this appear to be created correctly allowing IP from Celerra_replication to GP_Celerra_Replication and the opposite on the other side. 

View 1 Replies View Related

Cisco VPN :: Traffic Is Not Passing On Plain IPSec Tunnel Between Two 892s

Dec 14, 2011

I've replaced real networkID to the one mentined below.
 
Topology: classical IPSec VPN tunnel between two Cisco 892s, with pre-shared key and no GRE. One 892 (branch_892) has access to the Internet via PPPoE and has three networks/vlans behind it. One VLAN is NATed to access internet via the PPPoE. Access to two other VLANs - VL92 (100.100.200.0/24) and VL93 (100.100.100.0/24) need is done thrue the VPN tunnel.
 
Second 892 (892_DC) has just one interface - WAN on Gigabit enabled/connected and has a static route to the default GW. It does not have any interal network defined. So the router is strictly used to send traffic for VL92/VL93 to the branch 892 via IPSec tunnel.
 
Here is the problem: access to/from VL93 (100.100.100.0/24) works, however for VL92 (100.100.100.0/24) - does not.
 
From devices in VL92 I can ping the 892_DC IP address across the VPN tunnel. From the 892_DC router I can also ping devices in VL92. However I can no ping from VL92 any device beyond the 892_DC and at the same time packet arriving on 892_DC for VL92 are not sent out via the VPN tunnel.
 
I took the packet trace on 892_DC using capture point/buffer to capute packets for VL92 and could see that traffic does arrive at the 892_DC. I run the same capute on Branch_892 and there was not a single packet.More interesting I modified the access list such a way that left on VL92 and still - no packets are sent out thru the tunnel. [code]

View 5 Replies View Related

Cisco VPN :: 3005 / L2L Tunnel Gets Built And Passes Traffic Then Stops Passing?

Aug 4, 2011

I have created an L2L tunnel between my self and a 3rd party. I am using a Cisco ASA 5520 and the other end is using a Cisco 3005 VPN concentrator. The tunnel will get established and pass traffic both ways for a little while, it varies, sometimes 1 hour or last time we built it it was working for 17 hours, but at some point my ASA will stop transmitting but it will still be receiving packets. These errors start to show up when I look at the traffic going through my ASA interfaces:

713042       IKE Initiator unable to find policy: Intf Outside, Src: 192.168.xx.16, Dst: 10.1.xx.30
 
Then when I try to ping their hosts .30 and .27 I get:
 
713041          Group = 68.23.xx.xx, IP = 68.23.xx.xx, IKE Initiator: New Phase 2, Intf private, IKE Peer 68.23.xx.xx  local Proxy Address 192.168.xx.16, remote Proxy Address 10.1.xx.30,  Crypto map (Outside_map)
 713041          Group = 68.23.xx.xx, IP = 68.23.xx.xx, IKE Initiator: New Phase 2, Intf private, IKE Peer 68.23.xx.xx  local Proxy Address 192.168.xx.16, remote Proxy Address 10.1.xx.27,  Crypto map (Outside_map)
 713050          Group = 68.23.xx.xx, IP = 68.23.xx.xx, Connection terminated for peer 68.23.xx.xx.  Reason: Peer Terminate  Remote Proxy 10.1.xx.27, Local Proxy 192.168.xx.16
 
When I first configured this tunnel it was with 3DES and SHA for phase 1 & 2, but when the tunnel would come up  my phase 1 would negotiate to an MD5 hash, even though I specifically entered SHA, so me and the 3rd party decided to bring all the hashes for phase 1 & 2 down to MD5, and that was when it was up for the longest, but the problem still came back eventually. My ASA config posted below:
 
ASA Version 8.2(3) 
name 192.168.xx.16 Server description  Server
name 10.1.xx.27 XYZ_01
name 10.1.xx.28 XYZ_02
name 10.1.xx.29 XYZ_03

[code].....

View 1 Replies View Related

Cisco VPN :: ASA 5505 Site-to-Site VPN Tunnel Up But Not Passing Traffic

Apr 3, 2013

I do have a 5505 up and running, and passing data... url...Now I am trying to get a IPSEC VPN tunnel working.I actually have it up (IKE phase 1 & 2 both passed), but it is not sending/receiving data through the tunnel.
 
The networks concerned: name 10.0.0.0  Eventual  (HQ Site behind Firewall)name 1.1.1.0  CFS  (Public Network Gateway for Palo Alto Firewall - Firewall IP: 1.1.1.1)name 2.2.2.0  T1  (Remote site - Outside interface of 5505: 2.2.2.2)name 10.209.0.0  Local  (Remote Network - internal interface of 5505: 10.20 9. 0.3)  On a ping to the HQ network from behind the ASA, I get port map translation creation failed for icmp src inside:10.209.0.9 dst inside:10.0.0.33 (type 8, code 0)
 
I am suspecting that there is a NAT error and/or a lack of a static route for the rest of the 10.0.0.0 traffic, and that I may have to exempt/route the traffic for the HQ network (10.0.0.0), but I haven't been able to get the correct entries to make it work. [code]

View 22 Replies View Related

Cisco VPN :: 7200 / Limitation With Number Of Entries In Split Tunnel ACL

Feb 4, 2013

We have 2 Hubs (Cisco 7200 - 2 for redudancy). Every customer have a Spoke (Cisco 881). The Spokes are 24/24 connected to the 2 hubs (2 dmvpn tunnels) to give us the access to our equipments of monitoring and for support. Every Spoke have a NAT table with a specific NAT range for every Spoke. Like this we can reach every devices with a unique IP inside the VPN.For example:

- Spoke_001 have a NAT IP range of 10.80.0.0 255.255.254.0
- Spoke_002 have a NAT IP range of 10.80.2.0 255.255.254.0
...
 
To connect to the hubs with our laptops, we are using the Cisco VPN client. We have different profiles created in the hubs:

- Admin profile with an ACL that allow the connectivity to every Spoke
- Integrator profiles: that allow the connectivity of one integrator to some defined Spokes.
 
So the integrator profile looks like this in the hub
 
crypto isakmp client configuration group [NAME]
key [PASSWORD]
domain [DOMAIN]
pool [NAME]
acl [NAME_VPN_Split]

[code]....
 
The problem is that if we can't summarize an ACL in less than 50 lines, we will have to create a second profile and to know wich one to use for wich network...
 
Version:
 
ROM: System Bootstrap, Version 12.3(4r)T3, RELEASE SOFTWARE (fc1)
BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.3(15), RELEASE SOFTWARE (fc3)
System image file is "disk2:c7200-advsecurityk9-mz.151-4.M2.bin"

View 3 Replies View Related

Cisco :: VPN Not Passing Traffic

Apr 30, 2011

I've looked at many others having this same problem, but can't seem to figure out what my problem is. Same issue as most, I can connect fine, I get an IP, but it won't pass any traffic, I can't ping anything or access anything.

View 8 Replies View Related

Cisco VPN :: 871 Passing Traffic Between Two VPN Devices Within A LAN

Sep 21, 2012

I have a vendor that currently uses a Cisco 871 as a VPN router in our company network, they use it connect to provide services to one of the servers in our LAN for our customers. Recently, we are going to be setting up a 24/7 call center with this vendor, they will be accessing a server in our network through the VPN to provide customer service during after hour periods.We have a problem however, with an application that is hosted by another vendor that is critical for our regular company call center. Access is reached with this application through this vendor by way of IPSec VPN tunnel that is built in our company's Cisco ASA 5510. This application is accessed via Internet Explorer that goes across to access the application at the endpoint
 
I need to figure a way by which the vendor that will be running the 24/7 call center coming through their tunnel in our network to connect over to the tunnel on the vendor on my ASA. Im likely going to have to set some routing of traffic in my internal default gateway router for this to work.

View 2 Replies View Related

Cisco VPN :: Traffic Not Passing Through On ASA 5505

Sep 7, 2011

I've got a client that recently got an ASA 5505. E0/0 is connected to the outside, E0/1 connected to the internal server (Win 2008). The ASA "local network" is 172.30.1.0/24; my internal network is 192.168.1.0/24. I'm able to connect from home through AnyConnect and get a proper address (which I've got a pool of 172.30.1.64/26 assigned for VPN users), but no traffic from my computer will go to the internal network, nor will the internal server (or the ASA for that matter) can't talk to my VPN'd computer.

On the firewall settings on the ASA, I've got it all open: any/any on both inside and outside, just to try and get anything to go through. I've even got split-tunneling working, but not traffic-passing! The config is below (redacting local AAA users).

[Code] .....

View 9 Replies View Related

Cisco WAN :: Passing Traffic From Lan To Wan In C1921 Router

Jan 26, 2011

Traffic Generator TG connected to R1 via switch SW . One end of the R1 is LAN1 interface and other end is WAN1. LAN1 is connected to switch SW. WAN1 is connected to R2 WAN0 interface..
 
 TG ------------- SW ------------------------------(LAN1)  Router R1   (WAN1)------------------------------(WAN0)Router R2
 
I have to pass traffic to R2 WAN0 interface.
 
Wen I pass traffic say 5000 from TG, I'm to recieve 5000 at R1 lan1 interface but I'm not to recieve at R2 WAN1 interface and hence not to R2 WAN0 interface.
 
Config at TG:'
-----------------
Destination IP : R2 WAN interfavce IP
Destination MAC : R1 LAN mac

View 1 Replies View Related

Cisco VPN :: 1841 / ASA Not Passing Inside Traffic Though Vpn?

May 2, 2012

I am about to pull my hair out. I have a 1841 router at one end with 3 ASA's for teleworkers working great. I'm connecting a 4th one that I can not get to work for the life of me. The tunnel is comming up, but its not passing any traffic. I don't see any glaring errors in the VPN debug. The router comes up, reverse route injection does its thing... all looks great. Am I totally overlooking somthing? I must have rebuilt this a dozen times.
  
: ASA Version 8.2(1) !hostname ciscoasa104domain-name default.domain.invalidnames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.104.1 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address dhcp setroute! interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!boot system disk0:/asa821-k8.binftp mode passivedns server-group DefaultDNSdomain-name default.domain.invalidsame-security-traffic permit inter-interfacesame-security-traffic permit intra-interfaceobject-group network DM_INLINE_NETWORK_1network-object 192.168.2.0 255.255.255.0network-object 192.168.4.0 255.255.255.0access-list outside_1_cryptomap extended permit ip 192.168.104.0 255.255.255.0

[code]....

View 7 Replies View Related

Cisco WAN :: ME3400 Switch Not Passing Traffic

Jan 17, 2011

I have an Cisco ME3400-24TS-A Switch with is not behaving normal.
 
I have already erased its flash, uploaded new IOS but  could not fix the issue. However it boots normally and pass all tests show in boot process. Issue is this the i cant access or ping the computers attached to its ports from one to other.

However i can ping the switch vlan 1 IP from all computers attached to it.

When i tried Debug All Command, its shows the following:

debug all 
This may severely impact network performance. Continue? (yes/[no]): yes
All possible debugging has been turned on
Switch#
*Mar  1 00:03:41.467: special_oce_change_vectors: select debug vectors

[Code]....

View 2 Replies View Related

Cisco Routers :: RV042 DMZ Is Not Passing Traffic

Apr 18, 2012

i am using RV042 router, i have configured DMZ in this,  DMZ is not passing the traffic, i am able to ping the DMZ ip from the server. but the server is not getting the Internet. 

View 1 Replies View Related

Cisco WAN :: 2900 - Traffic Not Passing From One Interface To Another

Jan 15, 2013

I am facing a very big problem with site to site vpn on cisco 2900 ios.
 
I configured the vpn and when i ping  from router itself to destination ip with source as lan interface , VPN works, no problem.
 
but when i connect any computer directly to router's lan interface to initiate traffic , it doesnot work at all. and on computer's lan i see yeloow sign.
 
mtu is 1500, speed is auto (I tried changing also) , duplex is auto ( i tried changing also) , through firewall on pc should not affect but still i disabled it.
 
since their is no problem with vpn config as vpn comes up when i initiate ping from router itself but i dont know why it is not working from lan.
 
do we need any inspect icmp on this router also ? or any policy modification to pass traffic across the interfac on router is required ?
 
I was useinf c2900k9-15.0(M4).bin and i upgraded it to 15.3 which is lated to get reed of any bug .
 
I connected two laptops directly to router's gi0/0, g0/1 interface to ping from one laptop to another but this also did not work.

View 3 Replies View Related

D-Link DIR-655 :: Passing SQL Server Traffic?

Jan 24, 2012

I have a server with SQL Server 2008 on it.  It listens on the default ports 1433 & 1434.  But traffic is not making it through my DIR-655 to the LAN so that SQL Server can respond to the request.  I am using DynDNS and have confirmed that the traffic is getting thru DNS and finding the router, but after watching the syslog I can see that I'm getting multiple of the following error messages when a request is initiated from a client (Microsoft Access app) outside my network:

01-24-2012   22:28:24   System3.Info   192.168.1.1   Tue Jan 24 22:28:28 2012 D-Link Systems DIR-655 System Log: Blocked incoming TCP connection request from 67.167.87.109:53284 to 67.167.87.109:139 01-24-2012   22:28:24   System3.Info   192.168.1.1   Tue Jan 24 22:28:28 2012 D-Link Systems DIR-655 System Log: Blocked incoming TCP connection request from 67.167.87.109:53282 to 67.167.87.109:445

In Port Forwarding I have specified a rule to allow/pass port 1433 & 1434 TCP traffic to my internal server IP.

Also I'm confused by the ports shown above since I was expecting to see 1433/1434 in there...seems this is a factor in the traffic never getting to the SQL Server to process the request?

View 1 Replies View Related

Cisco WAN :: Traffic Being Dropped On 7200 Router?

Jun 7, 2011

I have 7200 Router some flows are not forwarded and when i check ""show ip cache flow"" output i found the destination interface is going to Null i checked the access-list it permits these flows.

View 3 Replies View Related

Cisco Firewall :: ASA 5510 Ftp Traffic Passing On 1 Interface But Not Another?

Dec 20, 2011

FTP traffic routed from outside to the inside interface works fine.  I have another interface with multiple sub-interfaces and vlans configured.  FTP traffic routed from the outside to vlan2_servers is not making it through the firewall.  I must be missing something.  I have attached my config.

View 4 Replies View Related

Cisco Routers :: RV042 Stops Passing Traffic On WAN

Feb 12, 2012

We have a managed service provider voip network that requires us to use our own router for the data network. We wanted to use the RV042 for it's easy vpn setup. After installing it worked great for about 10 min. then the WAN port stopped passing traffic. 3 min. later it started working again. We tested the RV042 on a different network and it works fine. We tested an older Pix on the managed network and that works fine. But the RV042 will not work on the managed service provider voip network. The service provider says that on their end it shows our WAN port going up and down.

View 1 Replies View Related

Cisco Firewall :: Passing Traffic From Polycom Via 1812

Jun 15, 2011

We are trying to get a video conference system (POLYCOM) up running.  Thrue a Cisco 1812 router with Firewall feature set.
 
I  Have heard in the past that there should be issues with Polycom and Cisco, but have actually never seen it.I can establish a video call from inside the 1812 to outside.
 
But when I try from outside to the public ip adress there is nattet to, then it reach the video system and die straight after, so there is never any video session set up.
 
I have tried to remove everything regarding firewall feature and passing true, so the only thing the 1812 should do is NAT. And still the same.
 
I can not see anything in the log on the router from the ACL's where I permittet everything, other then it connect on the port TCP 1720, as it should. This is the software I'm running on the router:
 
Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.4(15)T3, RELEASE SOFTWARE (fc1)
 
When I search Google, it look like there is a lot issues with Cisco and Polycom, but I have not found any concret solution. Other then I should use a ADSL line with a public IP address.  As we probably is going to do.

View 6 Replies View Related

Cisco WAN :: 2911 Not Passing LAN Traffic To Public Interface

Sep 23, 2011

We have a 2911 Router running 15.0(1)M4. G 0/0 is our LAN interface, and it has three subinterfacesG0/0.1 is our data LAN, and the gateway for our Windows machines.  This is the interface this question concerns.G0/0.23 is a separate LAN for various equipmentG0/0.192 is another LAN for equipmentG 0/1 is connected to the internet, and has a public address.S 0/0/0 is a T1 PPP, connected to our core data centerS 0/1/0 is a backup T1 PPP, again, connected to our core data center.There are three static routes entered:ip route 0.0.0.0 0.0.0.0 10.12.1.1 100 This is the first PPPip route 0.0.0.0 0.0.0.0 10.13.1.1 200 This is the secondary PPPip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 255 It currently has a cost of 255 while i figure this one out. xxx.xxx.xxx.xxx represents the cable company gateway, which I can ping properly.  I've also used "gigabitethernet 0/1" in place of the next hop ip with the same results. The public interface is properly connected, and can ping it's next hop (the cable company gateway).  When I change the static route for gigabitethernet 0/1 to a cost of "0", the router can properly ping DNS names, such as google.com through the public interface. 
 
However, devices on the data LAN cannot reach any public addresses except for the router's public interface, let alone DNS names (I am using 8.8.8.8 as my test IP).  If I revert the cost back to 255, making the PPP the gateway of last resort, these devices can again connect. (they travel through the PPP to our Data center's internet) 
 
This confuses me.  If our server, on the same LAN as the router can ping the public interface (it's definitley not leaving the 2911, as latency is less than 1ms), and the router itself can ping outside addresses, what is preventing the router's public interface from passing traffic to the internet from any source other than itself?  I have attached our running config in the hopes that there is something obvious I'm missing (the public ip addresses have been changed so they are not exposed).  I simply want clients on our 10.23.0.0 LAN to get to the internet via the public interface of the local router, and still connect to corporate resources using the PPP links. MAS_2911#sho run

Building configuration... 
 
Current configuration : 5666 bytes
!
! Last configuration change at 01:47:50 eastern Sat Sep 24 2011 by redacted

[Code].....

View 6 Replies View Related

Cisco WAN :: Linux Not Passing Traffic Through 1721 / 1841?

Jan 6, 2011

I run a network that uses MPLS circuits to connect all of the companies different stores.  Internet access is through a Cisco ASA5500 here at the corp headquarters.
 
To make all of this work, we use a little 1721 gateway router to move traffic as needed.   All the clients in our corporate office use 10.10.99.1 (Cisco 1721) as a gateway.  The 1721 routes the traffic either to the internet (10.10.99.106 Cisco ASA5500) or the MPLS router (159.61.54.30).
 
For some reason, anything that runs on Linux (Ubuntu server, ReadyNAS boxes, Thecus NAS) will not pass traffic beyond the 1721 gateway router.
 
I've poured over the config for that router, and I can't find anything that could be causing this not to work.  Thinking that the 1721 was bad, I put an 1841 online in it's place, and it did the same thing.   I'm a noob when it comes to Cisco configs, but am learning as I go along.
 
Ive attached a txt file of the 1721 config.

View 31 Replies View Related

Cisco Routers :: RV180W - All Traffic Passing Through Router Is Seen As Ip?

Mar 7, 2013

Beta Firmware: 1.0.2.3
 
Web server log showing the issue:
2013-03-08 05:39:21 192.168.1.102 POST /somewebpage/somefile.htm - 80 - 192.168.1.1 - 404 0 0 6098 410 457
 
ISSUE: 100% of the traffic forwarded through the router is taking on the IP address of the router when it arrives at the web server. In this case, 192.168.1.1
 
My email server and FTP servers are having fits due to the anti-hammering issue that this creates.
 
I simply got the run around and they told me to call level 2 support and did not provide me with a contact number. For some reason, he refused to escalate the call. They simply told me to contact someone from a previous issue in which they gave me the beta firmware to download and I spent a lot of time on the phone to get that far. I do NOT want to speak with the same person who addressed my last issue.

View 4 Replies View Related

Cisco WAN :: 7201 Option To Send All Traffic Through GRE Tunnel / L2TPV3 Tunnel

Jan 9, 2011

i have a 7201 router with NPE-G2. i have a design which i have the option to send all the traffic through a GRE tunnel or a L2TPV3 tunnel.which method is more CPU consumption ?

View 1 Replies View Related

Cisco Firewall :: Command To Check ASA 5520 Is Passing Traffic

May 14, 2012

how can i check that ASA is passing traffic? Also what command we can use to make sure VPN is working fine.

View 2 Replies View Related

Cisco Switches :: SF300 - Passing Traffic From Phones To Network?

Sep 5, 2012

I am trying to hook up a SF300 switch to a cable modem and then plug some phones into the switch that are configured with static IPs.  I am able to access the switch without an issue, but need it to pass traffic from the phones to the network and it is not doing so.  We cannot do trunking because we are not using BSoD modems yet (next phase).  For now, we just need the switches to pass everything from the phones to the network as is. Any ideas?

View 4 Replies View Related

Cisco Firewall :: Pix 506e Passing Traffic Even With A Deny Ip Any Any Rule

Sep 20, 2012

So I was doing some testing with my BB Playbook where I wanted to see what outside connections it tried to make during startup and whatnot. I have a pix 506e running 6.3(5). I created an simple 'deny ip any any' access list on the inside interface so that the Playbook doesn't actually make any connections, but I set up a 'capture' on the inside interface accepting 'ip any any' to see what kind of traffic I could see heading outbound from the Playbook. Well, it started off showing attempts to query DNS (and failed, naturally), but then after a couple of minutes, it tried to connect to a couple of IPs over port 443 and actually got a response!!! For the life of me, I can't figure out how this can happen. NO traffic should be allowed outbound due to my explicit 'deny' rule, but for some reason some traffic on port 443 made it past the firewall and got a response back. There are no other rules in the access list except the 'deny' rule. My PIX configuration is quite simple and I cannot see anything that would allow the Playbook traffic to circumvent the access list.

I've come to think that either RIM has found away around Cisco access-lists, or there is a bug in the Pix OS. I know it's an old appliance/OS, but still. I wouldn't think it could be THAT easy to bypass the firewall.

View 4 Replies View Related

Cisco Switches :: Setting Up New SF-300 Managed Switch - Not Passing Traffic

Sep 15, 2011

I just purchased a new SF-300 managed switch for the purpose of using it on the DMZ, so we can mirror the internet port and monitor traffic for my company.  I have set it up from the web interface to miror port 1 to port 2 and that's pretty much it.  I decided to test it before putting it in production, by hooking it up to one of my core network switches, connecting a laptop to it and trying to get online.  It doesn't even connect to my DHCP server to get an IP address.  If I put the laptop back on the same subnet as the switch management IP, I can still connect to the switches web interface.  Isn't the basic functionality of a switch to pass traffic? 
 
I should also mention that I'm not a network engineer, so there might just be something I'm missing with regard to a default setting that needs to be switched off?

View 4 Replies View Related

Cisco WAN :: 7200 - Load Balance Traffic Between BRAS Routers?

Oct 29, 2011

ISP environment with 3 Cisco 7200 BRAS ( NPE-G2 ) , we need to load balance traffic between two of them so the load balancer will accept traffic from backhauling link and distribute traffic the upper two BRAS , can we achieve this using spare 7200 we have or is there any software solution can do this .
 
another question , Cisco 7200 VXR ( NPE-G2 ) , does it support concurrent calls or sessions from more than 16000 subscriber ?

View 13 Replies View Related

Cisco WAN :: 2911 Multicast Traffic Stops Passing Through Multilink Interface

May 8, 2012

I have configured multicast (ip pim dense-mode) on two 2911 routers that are connected by a Multilink (3Mbps) Wan connection.The configuration work fine for awhile and sometimes all day but at some point one of the Multilink interfaces stop passing multicast traffic.I perform a sh multilink 1 on the interfaces and one interfaces show the multicast packets incrementing and the other does not, it just stops.The only fix for this is to hard reboot both routers and the multicast traffic begins to flow once again.

View 3 Replies View Related

Cisco Firewall :: After Upgrading ASA 5520 To 8.4.2-8 VPN Clients Traffic Not Passing Destinations?

Dec 26, 2011

after upgrading an ASA 5520 to 8.4.2-8 VPN clients traffic is not passing destinations other then destinations behind the inside interface. the log shows routing failure for the vpn client on the inside interface.it was working fine with 8.4.1 but the traffic is originated from the outside interface. confirm the the interface for VPN clients changed from outside to the inside interface.

View 5 Replies View Related

Cisco Firewall :: ASA 5520 Not Passing Full Interface Rate Traffic

Apr 12, 2012

I have an issue where our ASA 5520 is impacting upload (from LAN to internet) speed. We have a 100Mbps SDSL internet link and only see around 45-50 Mbps on the upload when going via the firewall, download is around 90+ Mbps so that is acceptable. I have tested a laptop connected directly to the internet router and that give near on the 100Mbps up and down speeds, but if I put that laptop on the LAN or directly onto the firewall interface I only see 90Mbps down and 45Mbps up. I have check that the interface speeds/duplex on the firewall, switch and laptop are correct and also checked there are no errors on the ports. I also turned off the IPS and that made no difference. In addition I have checked the CPU during download/upload (max): CPU utilization for 5 seconds = 9%; 1 minute: 3%; 5 minutes: 1%
 
In theory the 5520 should be able to cope with this throughput:

Cisco ASA 5500 Series Model/License:    5520
Maximum firewall throughput (Mbps):          450 Mbps
Maximum firewall connections:                      280,000

[Code].....

View 1 Replies View Related

Networking :: To Tunnel All Routers Traffic Through SSH Tunnel With WRT300n

Jul 24, 2012

Environment :linksys wrt300n v1.1 which can have ddwrt-mega. Willing to tunnel all lan's outbound traffic through an ssh tunnel.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 (9.1.1) & Comcast Business Cable Stops Passing Traffic

Apr 18, 2013

I am trying to determine why Comcast Business Class modem configured with a static IP (IPV4) works with a laptop or Linksys Cable modem but not with a Cisco ASA 5505. After a few minutes, the 5505 stop passing web traffic. I am able to ping the default gateway even though I can not surf the web. Restarting the 5505 and the Comcast modem, web traffic flows for a short period of time, then stops. I can connect inside the firewall via ASDM 7.1.1 and via SSH. I can not connect via either from the outside.  Comcast tech support indicated their router is working and is configured in bridge mode. I swapped out the 5505's memory, and then with another 5505. Nothing seems to resolve the issue. I am trying to determine if the 5505 or the Comcast router is not configured correctly.
 
Here are the parameters: The 5505 was reset to default factory settings via the command: config factory-default. Configured the outside interface with static IP Address followed by the no shutdown command, then removed DHCP features from outside interface.  Added Comcast DNS servers, default route, ntp servers, configured DHCP features on the inside interface. Enabled HTTP/SSH (inside & outside interfaces) and ICMP echo-reply (outside only).
 
I believe the Comcast modem is not configured correctly. The show version and show startup output are below.
 
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 9.1(1)
Device Manager Version 7.1(2)

[Code].....

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved