Cisco VPN :: ASR1002 Responder-only With Dynamic Peering Partner?

Mar 20, 2011

i have an Cisco ASR 1002 Router. I would like to connect our dezentral location to the Router.Unfortunately has this location an standard DSL connection with an dynamic offical IP Address.I have found an Config witch can handle an dynamic IP Addess (enclosed).
 
Is it possible to works witch the "set responder-only" command togehter with an dynamic crypto map? How I can configure it.
 
crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 lifetime 300crypto isakmp key xxx address 0.0.0.0 0.0.0.0 no-xauthcrypto isakmp identity hostnamecrypto isakmp keepalive 10 periodic
!
crypto ipsec transform-set dezentral-location esp-3des esp-md5-hmac
!
crypto dynamic-map fil 1 set transform-set dezentral-location set pfs group2 match address 150 reverse-route
!
crypto map Filialen 1 ipsec-isakmp dynamic fil

View 1 Replies


ADVERTISEMENT

Cisco WAN :: ASR1002 Dynamic NAT Entries Are Not Released

May 31, 2012

we are using an ASR 1002 for dynamic NAT (with route maps). I do have a Problem with the usage of the NAT pool it self.The total NAT Translations for the pool are:

#sh ip nat stat
[Id: 1] route-map natted-host-01 pool nat-pool-01 refcount 136
pool nat-pool-01: netmask 255.255.254.0
start XX.XX.202.0 end XX.XX.203.255
type generic, total addresses 512, allocated 88 (17%), missee 0
 
If i now look into the NAT translation Table i do get less entries:
 
#sh ip nat translations filter map-id dynamic 1 total Total number of translations: 43
 
Only a deeper look into the QFP gives here the right values:
 
# sh platform hardware qfp active feature nat data The ouput count matches the values I get if i isue a sh ip nat stat
 
My question is how is it handled internally.
 
We do have a problem too, with raising usage of the pool over the time.Once allocated Pool entries are not released after a period of time. And no NAT translation occur for that used IP NAT pool Addresses.
 
The timer on the device are set:
ip nat translation timeout 300
ip nat translation tcp-timeout 900
ip nat translation pptp-timeout 900
ip nat translation udp-timeout 120
ip nat translation routemap-entry-timeout 900
ip nat translation max-entries 750000

View 1 Replies View Related

Cisco Firewall :: 5510 Inbound To Partner Network

Feb 26, 2012

I have been asked to create an inbound connection on the ASA from the internet to a part of the network that is accessible over the Wide area network eg
 
-Internet address  94.175.x.100 goes to 151.5.3.100,
-The internal network is 10.42.15.0/22, and connects to the 151.5.3.0/24 network over a private MPLS.
 
Is this possible with the ASA5510 and if so can you give me a clue how to pass the traffic

View 6 Replies View Related

Cisco :: IP SLA Responder On Catalyst 2960S Stacked?

Oct 19, 2011

I have a pair of switches stacked:
 
Switch Ports Model                          SW Version          SW Image
------     -----     -----                             ----------                 ----------
     1    52      WS-C2960S-48FPS-L  15.0(1)SE             C2960S-UNIVERSALK9-M
*    2    52      WS-C2960S-48FPS-L  15.0(1)SE             C2960S-UNIVERSALK9-M
 
When I try to enable ip sla responder on the stack I get: 
 
%SYS-3-HARIKARI: Process IP SLAs Responder top-level routine exited
 
I have been able to find a bug in the toolkit. Should ip sla responder be supported on the stack as above?

View 6 Replies View Related

Cisco Switching/Routing :: WS-C3560E-24TD IP SLA Responder And Conflict IP Addresses

Sep 8, 2012

I have a network topology which you can see on image. All routers are Cisco 3745 with IOS (C3745-ADVENTERPRISEK9-M), Version 12.4(12). SW1 is L3- switch Cisco Catalyst WS-C3560E-24TD  with IOS  (C3560E-UNIVERSALK9-M 12.2(58)SE2). [code] After that I have problem. When PC with OS Windows 7 begins to work in corporate network, it sees "coflict ip addresses" and doesn't work with network. I've used wireshark and seen, when the PC send arp request a SW1 always send arp reply (see attached file). I think problem with command "ip sla responder", but I haven't searched information about it and I want understand this is bug or normal functioning.

View 1 Replies View Related

Cisco :: VRF Aware Peering With Straight BGP?

Mar 24, 2013

I have a scenario where I may have to run VRFs on a router that is currently facing an ISP as a BGP peer. peering two BGP peers, one of which is VRF aware (and hence configured within the address-family ipv4 vrf X subsection) and the other is not? (the BGP aware and internet facing segment will go into its own VRF where previously this router was only in that VRF and hence had no awareness).Are there any caveats or restrictions? Does the presence of the VRF throw the ISP peer?

View 3 Replies View Related

Cisco WAN :: BGP Peering Causes 7200 To Crash?

Apr 10, 2012

I have two 7204VXR with NPE-G2 and 1Gb of ram. One router has 2 eBGP peers and the other has 3. The routers receive all internet routes from the 5 peers and send 2 internal routes. There is an iBGP peering between both routers. On all peers I have a route-map to send only our routes.
 
All was working fine since a couple of months when I suddenly saw an increase of memory on one of the router (router B), 1 hour later the memory was 100% and router crash and reboot. The other router (router A) with the same hardware capacity, same ram and same amount of routes was working good. After router B restart, I shut all eBGP peering on it, keeping only iBGP with router A, ram used was the same as router A (about 50% used) but CPU was about 30% used by process Router BGP whereas router A which has active traffic and active eBGP is only 20% and bgp process i almost 0%. Restarting peers one by one on router B cause the same issue, increase of memory then crash, even with only one peer.
 
What I suspected :

- A peer on router B but I can't isolate one because the problem appears with each taken one by one

- Not enough memory,  but router A has the same number of routes and don't have any problem

- IOS version ? same on both 12.4.(15)T1

- Why process router BGP use 30% on router B when all eBGP peers are shut except iBGP and no traffic pass.

- A routing loop but I only send internal routes to peers and only have one iBGP session with no sync nor redistribution with an IGP
 
Of course I can't run any debu ip bgp on routers as the number of routes is very large (300K).

View 1 Replies View Related

Cisco WAN :: ASN 65500 / IBGP Peering Is Flapping?

May 15, 2013

Topology :
 
PE router-T (ASN 1111) ----eBGP---- CE router-T (ASN 65500) ----iBGP---- CE router-V (ASN 65500 ) ----eBGP---- PE router-V (ASN 2222)                  
 
When We have configured in this mannger everything is working fine. Only thing is that I can not receive all the NEtwork updates coming from PE- Router - V in CE router T. It's due to synchroization rule (I have not tunrned off synch in CE Router T.) Now for Load sharing purpose I have applied one Route map on iBGP peering from CE Router V to CE router T in OUT direction  mentioning any routes coming via ASN 65555 than set Local Preference = 150 and will prefer path via MPLS SP - V. Rest via MPLS SP - T.
 
But as soon as I have applied the Route-Map. It's not reflected.When I have applied clear ip bgp * on CE rotuer - V than I can see two routes in CE router - T with LP 150 and default. Everything is working OK.
 
When trying to check the auto failover by Shuting LAN int of CE router-V --- Failover is also working via CE router-T.When reenabling the LAN int  ----- After that iBGP perring is flapping continuolsly. Finally We have remove the route-map ad it was stable.
 
find the route map :
 
CE Router - V
router bgp 65500
  !
address-family ipv4

[code].....

I have also checked the MTU issue between these two Peer (LAN int. of both the CE routers) by pinging each other with size 1500 with df-bit set.

View 5 Replies View Related

Cisco Firewall :: 5510 / Vpn Dead Peering Detection

Sep 13, 2011

I have remote site in which site to site vpn is configured with hub site using 5510 model. now i am using load balancer in which 2 isp will terminate one is isfy and other is reliance . now i want if suppose ipsec-tunnel is configured primary with sify. if sify link fail at hub site then at remote site should be able to communicate with reliance that is secondary?

View 7 Replies View Related

Cisco WAN :: How To Configure NAT On ASR1002

Aug 25, 2012

I am going to configure the NATing on ASR1002 and expecing to have near about 1Million nat translation. Will ASR1002 support 1million nat translations ? how many NAT translations are supportable on the ASR1002 ?I am going to configure NAT on ASR1002-5G/K9 U& have FLASR1-FWNAT-RED.

View 1 Replies View Related

Cisco WAN :: ASR1002 IOS Upgrade From 2.x To 3.x?

May 29, 2013

Right now I have a ASR1002 running a very old IOS version.Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 12.2(33)XNE, RELEASE SOFTWARE (fc1) asr1000rp1-ipbasek9.02.05.00.122-33.XNE.bin – 25-NOV-2009?
 
I am looking to upgrade to a newer version.I was wondering if there are any tricks when upgradeing this IOS. Is it as easy as loading the IOS onto the ASR and then changing the bootpath or is there an upgrade path I must follow? Also would there any need for a licence between 2.x and 3.x.

View 2 Replies View Related

Cisco WAN :: ASR1002 Web Logon

Jan 27, 2011

The loopback of the ASR1002 is 2.2.2.2. When I use a browser to access it, I got the authentication dialog box asking for username/password. I input the information and submit. But authentication box comes back again and ask for the username/password.
 
The username/password is test okay. But somehow, the web GUI just does not use it.

View 2 Replies View Related

Cisco WAN :: ASR1002 - How Does It Differ From SFP-GE-L Adapter

Feb 5, 2009

Is the GLC-LH-SM SFP compatible with the ASR1002 and how does it differ from the SFP-GE-L adapter?

View 4 Replies View Related

Cisco WAN :: ASR1002 How To Attach L2 Interface

Mar 11, 2012

We have an ASR1002 with asr1000rp1-adventerprisek9.03.05.01.S.152-1.S1.bin software.I couldn't find any documentation on how to attach an L2 interface, in my case a subinterface with a single dot1q vlan, to a BDI interface.I'm able to create a bridge-domain interface but it's down down.The command bridge-domain on the subinterface url...

View 2 Replies View Related

Cisco WAN :: ASR1002 - Inspection Of ACL Hits

Aug 17, 2011

I'm aware ACL's are handled in hardware on the ASR platform but wondered if there was any way to inspect how many hits we get on each line of an ACL on the ASR, I can't seem to find a command to do this.
 
Using LOG is not possible due to the large number of hits.

View 2 Replies View Related

Cisco WAN :: Load Balancing On ASR1002?

Jun 25, 2012

One of our customer just purchased ASR1002 router, they have three internet links from different ISPs and they dont have any remote site, they have three different public IP pool as their respective ISPs. So, is it possible to load balance the internet traffic using all three link on Cisco ASR router ( IOS - Advance Enterprise Services)

View 3 Replies View Related

Cisco WAN :: BVI Configuration On ASR1002 Router

Oct 14, 2012

We have a cisco7206 router which is going to be replaced with an ASR1002 router. The 7206 has some interfaces in a BVI-group - the config of which i am trying to translate over into IOS XE (which runs on the ASR1002). How to translate this config from IOS to IOS XE.

View 3 Replies View Related

Cisco WAN :: BGP Flapping Peer With ASR1002

Oct 18, 2011

We are having an issue with BGP flapping peer. We have a ASR1002 as Route Reflector and it work fine with all peers except with 2 peers.

View 3 Replies View Related

Cisco VPN :: Create VPN Between ASA5510 And ASR1002

Apr 6, 2013

im trying to create a VPN between a Cisco ASA5510 and an ASR1002 when my Loopback interface is The Source IP . [code]

View 1 Replies View Related

Cisco WAN :: Configuring IP Accounting On ASR1002?

Oct 23, 2011

what command is required to configure ip accounting on an interface?
 
I would have thought to what is required is on the interface, turn on Ip accounting i.e.
 
int gi0/0/0
ip accounting
 
However, there is no ip accounting command within the interface.  We are running version Version 15.1(1)S2.

View 6 Replies View Related

Cisco WAN :: Error During Boot IOS On ASR1002?

Dec 27, 2011

During the boot ios we found the error messages below. How can i clear this messages?
 
Missing or illegal ip address for variable DEFAULT_GATEWAY Using midplane macaddr
Missing or illegal ip address for variable IP_ADDRESS
Missing or illegal ip address for variable IP_SUBNET_MASK

View 2 Replies View Related

Cisco WAN :: ASR1002 With Full Bgp Table(s)

Jun 19, 2011

I've inherited a project building an internet connectivity solution for a large corporate. It has its own AS and its own PI space. They are putting in 100Mbit connections from 5 different Tier1's , taking full internet routing from each. Cisco ASR1002's have already been specified and purchased for the job. I'm not familiar with the ASR platform at all - is it up to the job with full routing tables? multiple instances of full tables ? (not likely to put all 5 into one box!)

View 2 Replies View Related

Cisco WAN :: ASR1002 / 1006 SFP Compatibility With SPA Module?

Aug 15, 2011

I am trying  to bring up a couple of ASR's. They are fitted with SPA modules (SPA-8X1GE-V2). These have SFP modules GLC-T fitted into them. For the life of me I cannot get these ports to come up. If I have a look at the inv the SFP's show as GE-T's (physically they are GLC-T's)
 
Is there a compatability problem with these GLC-T's on ASR 100x?

View 3 Replies View Related

Cisco WAN :: ASR1002-X L2TP Tunnels Up But No Ping

Jun 13, 2013

we are testing an ASR1002-X which acts as LNS for L2TP tunnels.
 
- All tunnels are UP (sh vpdn all return list of tunnels)
- VirtualAccess interfaces are UP
- C routes are added in routing table
 
but ping remote IPs  don't work !!! [code]

View 1 Replies View Related

Cisco WAN :: Configure NetFlow Top Talkers On ASR1002?

Sep 5, 2012

I am trying to configure the NetFlow Top Talkers function on an ASR1002 with ADVENTERPRISEK9-M, Version 15.2(4)S.  With this new Hardware and Software I am surprised to see that the command:
 
ip flow-top-talkers
top 50
sort-by packets
 
cannot be found on the CLI - it's just not there.  

View 1 Replies View Related

Cisco WAN :: ASR1002 - Licensing Not Supporting Any Device

Jun 30, 2011

I have recently purchased ASR1002-RP1-ESP5 with 2 x 4K Broadband licenses to be used as LNS. Cisco have sent me PAK files for the licenses however when I try to enter the licenses into the device I get an error message saying that Licensing is not supported on this platform.
 
Any experience with this platform and installation of the broadband licenses?
 
When I spoke to Cisco TAC they told me that for this particular model the licensing is on "trust" basis where you buy license and do not install it on the actual router - similar to what 7200 used to do.

View 1 Replies View Related

Cisco WAN :: Management And BITS Ports On ASR1002

Aug 30, 2011

We recently purchased a Cisco ASR1002 router with four on-board Gigabit SFP-style Ethernet ports. However, when I do a "show ip interface brief", I see that there's an extra Gigabit Ethernet port. See the last interface in the following output:
 
ASR_1002_router#sh ip int b
Interface                         IP-Address       OK?     Method Status          Protocol
GigabitEthernet0/0/0       unassigned      YES  manual     down                down

[Code].....
 
On the router itself, in addition to the four Ethernet SFP ports, there are four additional RJ-45 ports. They're labeled "BITS", "MGMT", "CON", and "AUX". I know what the Con and Aux ports are, but what are the Bits and Mgmt ports? And is one of them the Gigabit Ethernet interface that I see listed at the bottom of the output? And if it is, is there anything special about it, or is it just another routed Ethernet port? Can I do something special with it, like out-of-line managment?

View 1 Replies View Related

Cisco WAN :: ASR1002 Running SubPackages And IOS Vulnerability?

Apr 19, 2012

We have ASR1002 routers configured to run individual SubPackages, at this point everything is operating without problems.We just received a Cisco Security Advisory informing us SSHv2 is vulnerable in our version of router code.We have to upgrade to the recommended stable release, so we downloaded, installed and expanded the IOS to expose the SubPackages on the ASR routers bootflash.

Since we are running SubPackages, do we need to upgrade all SubPackages (I.E. complete IOS upgrade) of can we just upgrade the vulnerable SubPackage? How do you determine which SubPackage contains the SSHv2 application?

View 2 Replies View Related

Cisco WAN :: ASR1002-X - L2TP Tunnels Up But No Ping?

Jun 13, 2013

We are testing an ASR1002-X which acts as LNS for L2TP tunnels.
 
- All tunnels are UP (sh vpdn all return list of tunnels)

- VirtualAccess interfaces are UP

- C routes are added in routing table
 
but ping remote IPs  don't work !

LNS1# sh ver
Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-UNIVERSAL-M), Version 15.3(2)S1, RELEASE SOFTWARE (fc1)
Technical Support: [URL]

[Code].....

View 1 Replies View Related

Cisco Firewall :: ASR1002 - Implement ZBF On Router?

Jun 3, 2012

We are trying to implement the ZBF on our router to assist us in limiting the intial impact of DDOS attacks.We have configured the below and it appears that it's not working, as when un der attack the statistics don't increae.

[code]...

View 2 Replies View Related

Cisco WAN :: Configuring SSH On ASR1002 / Apply To Management Interface?

Jun 30, 2010

How to configure SSH on a ASR 1002 and apply it to the Management Interface?

View 3 Replies View Related

Cisco WAN :: OSPF Route Between Nexus 7010 And ASR1002?

Sep 16, 2012

I cannot receive any OSPF route from Nexus to ASR1002 even they are both OSPF neighbour. I have attached the config for both, Both Nexus and ASR part of Area0.
  
Config 
ASR1002#sh ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface10.165.117.12     1   FULL/BDR        00:00:35    10.231.175.226  GigabitEthernet0/0/0

[Code].....

View 2 Replies View Related

Cisco WAN :: Management Port In ROMmon Mode - ASR1002

Jun 4, 2013

Is it possible to use the mgmt port when in rommon mode? I use the Mgmt port when IOS is loaded and it works fine. I reboot the router, issue a break to put it in rommon and have set some variables but my Mgmt port never has link and I cannot ping it from the network. In rommon mode it looks like this:
 
PS1=rommon ! >
MCP_STARTUP_TRACEFLAGS=00000000:00000000
BOOT=bootflash:asr1000rp1-adventerprisek9.03.07.03.S.152-4.S3.bin,1;
IP_ADDRESS=10.71.50.101
IP_SUBNET_MASK=255.255.255.0
DEFAULT_GATEWAY=10.71.50.3
BSI=0
RANDOM_NUM=1133006948
RET_2_RTS=13:38:27 EDT Wed Jun 5 2013
RET_2_RCALTS=1370453907
?=0

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved