Can a 2651XM router be configured as a PPTP VPN endpoint (client)? I ask because I want to connect this router to a professional vpn (privacy) service such as proxpn or mullvad or similar. If it can't, any vpn privacy services that cater for cisco-based vpn connection?
Can I configure a PIX (515), as PPTP client to establish a tunnel with non-Cisco PPTP server ? Can my PIX initiate this type of connection ?Today, I use a PC with PPTP client to establish this and I want replace this with a PIX and I don´t want depends of a PC.
I am testing rogue on wire using 5508 WLC and , I have a dedicated AP configured as rogue detector and configured the switch port where the Rogue detector is connected as trunk. I have plugged in an autonomous AP with open authentication to the same switch so that it can act as a rogue. On the WLC, I can see that Autonomous AP as rogue on Wire. But along with that I am seeing another AP as rogue on wire, even though i have plugged in only one Autonomous AP to the switch.
We have a number of 2651XM with WIC-1ADSL. These are supplied by another company and we do not have access to the configs.We are told that the maximum througput from the ADSL WIC to the FastEthernet 0/1 is 2.5Mbps ( "it's a backplane issue" ), even though the ADSL speed reported by the router on the external interface is 8MbpsT
if I do #sh arp in the terminal with this router I see a rogue entry thus: Internet 192.168.0.4 0 Incomplete ARPA
My whole LAN operates on 172.16.x.x/16, there are no 192.168.x.x devices connected. In the past I've had 192.x.x.x devices running but for a long time and the router has been restarted since then. I've tried several clear commands in the terminal but this entry is stuck there and I've also seen it in a wireshark scroll on a pc when monitoring the routers' adsl traffic - it shows up an an SNMP entry and I do use SNMP on my router, but that data goes to a 172.16.x.x. machine. How can I clean this entry out?
I have Cisco 2651XM and currently running old IOS c2600-is-mz.123-26.bin (IP PLUS) which I used the NAT protocol. I was wondering can I use IP-BASE on this router and I am not sure if this feature set has NAT protocol.
We have a Cisco 2651XM at the edge of our network, which routes our public IP block. This sits on a 100 Mbit/s ethernet pipe (full duplex) up in the datacenter. We are also running 100mb full duplex on our our side of the network. We have several public servers behind the router.
We have recently set-up a new Apple OS X Lion Server to serve a few websites. However, when downloading some files from the server the from a remote location, I noticed I can only get a maximum of 15 Mbit/s out of the connection.
When downloading a large file over HTTP (Apache) from this OS X Lion server from another server on the same internal network (behind the router), we get a full 100 Mbit/s transfer speed.
However, when we download the same file from anywhere on the internet (external side of the router), we can only manage to get 15 Mbit/s out of the transfer.
However, we also have other Linux & Windows servers that we can achieve a full 50 Mbit/s (our office connection speed) externally under the same network conditions.
So it also appears it's only for a single connection - not a limitation for the whole server. If I open two HTTP connections, I can get say 15 Mbit/s out of each transfer - totalling 30 Mbit/s... if that makes sense.
Update: I also notice slower ping latency when pinging from outside the network. Most of the servers reply in 15ms while the new OS X server usually takes over 40ms on average.
Router show ver: Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-IS-M), Version 12.2(11)YT2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
cisco 2561xm router with WIC1-adsl card and NM-16ESW switchIOS: c2600-ipbasek9-mz.124-23.bin ,I recently had to temporarily disconnect my above router for a few days and replace it with a cheap plastic home router and was embarrased to discover my adsl broadband speed shot up 45% with the cheap router. With the cisco 2651XM I always got a max download of 400kb/sec but with the cheap router I was getting 580kb/sec. Clearly something is wrong with my cisco config, I put this down to the mtu setting, which in the cheap router wasn't shown but set to auto. I've tried different mtu settings in the cisco router (including 'no mtu' but never get more than 400Kb/sec.My isp indicates optimum mtu is 1500 but that doesn't produce any speed increase.What can I do here to get the cisco router working to maximum speed?
cisco 2651XM router with WIC1 adsl card and NM-16ESW switch IOS: c2600-ipbasek9-mz.124-23.bin
I use the following config to export traffic from the adsl card to a fasterthernet port so I can look at the adsl traffic in wireshark on a pc:router(config)#ip traffic-export profile my_rite router(conf-rite)#int FastEthernet 0/0 router(conf-rite)#bidirectional router(conf-rite)#mac-address abcd.efgh.ijkl (mac address of PC) router(conf-rite)#exit router(config)#int dialer0 router(config-if)#ip traffic-export apply my_rite this config works and I can see stuff going on in wireshark but it's only one way. This config only shows traffic going out from my adsl card, but no incoming. There is defintely traffic going both ways because everything about my adsl connection is working perfectly. I've tried using a different fastethernet port, even tried exporting to a different pc but all I see is outgoing ie: source is my public ip address but never as destination . I have bidirectional in the config but it still only shows outgoing. I even tried a different IOS (c2600-adventerprisek9-mz.124-15.T8.bin) but still it doesn't show incoming traffic. Could it be my ISP in some way hiding incoming traffic from view?
I need to diable RDP packet inspection on this router but I can't find where I do that. I'm having troubele with audio on a sip line and I read here (bottom of page) url...that turning off RDP packet solved the problem. I've looked through the config and searched on google but couldn't find the asnwer. what is the command to turn off RDP packet inspection?
our WAN is connected via L2WAN and using EIGRP to connect the sites. Currently there are 35 EIGRP neighbors over L2WAN and we are to install 15 more sites and will be connected to the same L2WAN. Some sites are still using Cisco 2651XM and we would like to know if it can still handle another 15 EIGRP neighbors. Some sites are 2800 and 2900 routers. And is there any other things to consider for EIGRP over L2WAN?
I 'm trying to set up a home lab with a couple of 28XX and 2651XM series routers.I would like to simulate a frame-relay connection between HQ, Branch1 and Branch2 . All of them are conneced to a PSTN switch (2811 router) via T1 cross over cables. The connectivity is like this. [code] I have configured all the routers and FR switch with necessary configuration. However the link between HQ and Branch1 is not coming up. On both the routers I could see the line protocol is down.I have pasted the configuration below.[code]
im unable to create pri-group under T1 controllers in 2651xm , I have 3 T1 VWIC controller cards [dual port], tried using differnt IOS [advance enterprise/IPVoice/SPservices], i can onyl see channel-group unter the controllers.
I have a cisco 2651xm router here at home, and at another remote location I have a cisco 1760 router, both are connected to the internet via adsl (WIC1-ADSL card).The problem is that from home I can't connect to the snmp-service on the 1760 router. I'm using a PC that's on the LAN of the 2651XM router, the blockage is in the 2651XM router, because if I swap it for a cheap plastic domestic router I can get snmp data from the 1760 router, and this is without any port forwarding in the domestic router. What config do I need on the 2651XM router so it will pass this traffic?
I have a 16 port hub (NM-16ESW) installed in this router. Is there a way to lock down this hub so that only whitelisted machines will be allowed to connect to its ports? ie: by mac address or some other type of permission method? How to be able to plug their computer into the hub and join the network unless their device has been ok'd first.
I was wondering if i can enable url filtering on my 2691 or 2651XM routers so that if someone visits any website i can see that under router logs. right now i am using kiwi syslog that logs the router activities.
I have a new customer that I installed an ASA 5505 to replace a Linksys VPN router. They have a main office with a static IP address, 3 branch offices with static IP addresses and 2 branches that are doing DHCP from the ISP for their router address. I have no problem getting the static VPNs up and running. My problem is with the VPN connections that are doing DHCP. I can go in and determine what IP they are currently using and setup a connection and it works fine. The problem is of course when their IP address from the ISP changes, which seems to happen at least daily. What is the proper way to setup a connection that is using DHCP? Also, can you setup multiple connections this way? Currently the 2 locations have different passwords setup in their routers.
We have a switch in our IT office, Cisco 2960G. It plugs into the wall and goes to the server room and connects somewhere. This weekend we redid almost the whole server room and now this switch can connect to the rest of the network. The uplink has a link light but can get anything.
I have rebooted the switch, used scanning on our other switches to try and find the MAC of the switch but for the life of me I cant see it. Is there a command I can run from the command line of the switch to see where its pointing?
In my organization we have 2 sites. These 2 sites have ASA 5520s, and the l2l between each ASA. The interface that is forming the VPN tunnel is on the ASA, NATed on the router. These ASAs sit behind the router, which are then connected to the ISPs. Recently, we had to change the ISP that we were creating the tunnel on, from Comcast to Sprint on our remote site. I re NATed the interface, and the l2l tunnel came back up after editing the tunnel-group, crypto maps, and reapplying the crypto map to the interface. However, our remote access VPN no longer works on the ASA that we changed the IP on. The other side was never changed, and still works fine. When I tried using debug cry isa and debug cry ip sec on the firewall, nothing shows when we attempt to connect. We are using IPsec over TCP. On the ASDM log, it says: Deny TCP (no connection) from xx.xx.xx.xx/49907 to xx.xx.xx.xx/10000 flags RST on interface WAN.
The VPN worked fine before, could it be an ACL thing? All we changed was the IP so that's what I'm inclined to believe, but on the router none of the interfaces have an ACL that's applied to them. It can't be on the ASA, because I believe we have the option to ignore the ACL enabled, but I might be incorrect about this. I'm new at ASA/VPNs in general.
I would upload the configs, but is there a pertinent output that would work, or just a general sh run?
Our ISP gave us a /30 for our external connection (with one IP being their side, and the other our firewall's outside int) and they then route a /28 down to us to give us 14 public IP addresses. Usually we use static NATs to give internal servers a public IP, and it works fine.
However, now I need to setup another VPN device with a public IP from our /28 pool. How the heck do I nat that? Should I give it's external int a private IP, and then NAT it at the first firewall? The 2nd firewall will be a VPN end point, and I'm afraid the NAT will break that.
I'm pondering this new client's topology. He has: (internet) >> router >> switch >> Windows server with a VPN enabled.
Right now I access his network remotely by just RDP directly into the server with a public IP address.Now doesn't this mean that I'm already sailing through his router and switch? Doesn't that mean that all (broadcast, routing, etc) communication hitting this IP is sucking CPU cycles and bandwidth on his router, switch, and server? Wouldn't it be best if he had his VPN endpoint set on his gateway?
We have about 160 users setup using the Anyconnect client connecting to a ASA 5510. We are using split tunneling and also using the Websense endpoint client. Every now and again after installing the endpoint client we are unable to connect the AnyConnect. It asks for credentials waits for a while and then fails with the error "AnyConnect was not able to establish a connection to the specified secure gateway.Please try again later."
If we uninstall the endpoint client it works again and normally after reinstall it fails again ( I know). Eventually it just works and then its fine.
We have logged a call with websense and sent packet traces of working and none working . Then only thing they came back with is if we filtered the non working trace with port 80 you could see a few RST,ACK coming from the ASA to the client so they blamed the Cisco components.
I have a Snapgear 560U VPN Gateway at the main office with VPN connections to several branch offices also using Snapgear 560U. Those are no longer manufactured though, so I bought a Cisco WRVS4400N for our new office. The main office has a fixed IP but the branch office ha a dynamic one. On the Snapgear's it is very clear where I need to enter the Mandatory endpoint name on the dynamic side of the tunnel, but I can't find anything on this on the Cisco WRVS4400N. So where do I enter this information so that I can make a VPN connection between the Snapgear & Cisco boxes?
With firmware 1.2.0.9 - can the RV110W be used as a VPN endpoint? The VPN capabilities have been expanded in this version - but from the docs this isn't quite clear to me.
I purchased the RV180 to replace a dead Linksys BEFVP41 to connect a home office to HQ. The Linksys was configured with three IPSEC tunnels to connect to three different subnets all through the main HQ gateway. Note that each tunnel is independent with its own pre-shared key. I can configure the same tunnels on the RV180, and each one works correctly, but I can only get one to run at a time. I have to disable the other two. Enabling a second tunnel results in the No phase2 handle found error. I could not use the Basic VPN setup as it complains that the remote endpoint is already in use. I had to use the Advanced VPN Setup to create the IKE and IPSEC policies. In a different discussion [URL]
I have an ipsec tunnel IP is changing from mythical 200.200.200.182 to 200.200.200.254. Is it possible to change the .182 ip in below config via the CLI to .254 and have the site-to-site vpn continue to work? [code]
I try to connect a Router as an Endpoint (Because I just want to use a SERVICE from it).Well, the issue is this: I have a SW L3 that have too much VLANS, It is routing traffic and it provides internet connection. VLAN 182 has been created at this point and in this SW L3 has configured an interface vlan 182 with an IP 10.0.82.1/28.
To this Switch L3 is connected another switch L2 with an interface vlan 182 with an IP 10.0.82.2/28. Finally I have the last switch with the same features of configuration just that this has an IP 10.0.82.3/28. In this last switch is connected the router in the Gi1/0/24 as Switch port access, this port belongs to VLAN 182. At the router, the port is gi0/0 and it has an IP 10.0.82.4/28 and is UP.
The Switch where the router is connected is reachable from this router but not by the other switches. Router can reach all the network but not in the reverse way.Router has configured an ip default gateway 10.0.82.1.
we have installed nac for our customer and it works fine ,but the customer want the change the version of kaspersky antivirus from 6 to 8 end point security ,when we have try this the nac agent does not find the antivrus on the the workstation . i want to know if this version of kasoersky (end point security ) is supported by nac ,if no is ther a solution to make it works with the NAC .
I'm Connecting an endpoint to the switchport, the End client is a printer (Samsung ML-2850)Weird thing is after connect, the end point success got IP from DHCP server, but somehow cannot ping to it. For switching there's no concern, even I try with ohter PC connect to this switchport and it's PIGN'able. Only problem this printer cannot reach.
I able to see the MAC address entry of the printer at my ASA firewall, rule wise at this moment i just enable the rule as permit any any, no restriction at all.
I would like to know how to configure my DIR-600s firewall UDP Endpoint Filtering. I ve read some guides and I ve got to configure this to Endpoint Independent in order to play League of Legends. The problem is that I can see the option Firewall & DMZ but then I don't see the UDP or TCP Endpoint Filtering options.