Cisco VPN :: GRE Over IPSec Applied To Router 3700 And 2911?
Aug 23, 2011
I have a connection between HQ and Branch which connected by GRE tunnel over IPSec. I use Cisco router 3745 that has IOS version: 12.3(18) and Cisco router 2911 that has IOS version : 15.0(1r)M9 with ipbase, security and data license.
I tried to apply command to both routers as follows:
Cisco 3745 (HQ)
crypto isakmp key test address 10.1.1.2
crypto isakmp keepalive 60
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map vpn01 local-address Loopback0
[code]....
When I appied this command that will show a notification as below:
NOTE: crypto map is configured on tunnel interface. Currently only GDOI crypto map is supported on tunnel interface.
*** After appied this command, I cannot ping or send any traffic to HQ. ***
I use this command that is working normally on Cisco router 3745 that has IOS version: 12.3(18) and Cisco router 2811 that has IOS version : 12.4(7b).
View 2 Replies
ADVERTISEMENT
Mar 15, 2011
I have a Cisco 2911 router and a Cisco RV 120W router and i would like to establish a VPN tunnel between theese two. I have defined the settings on the Cisco RV 120W router and i just want the Cisco 2911 to follow those. setting up a connection with Cisco IOS.
View 1 Replies
View Related
Aug 27, 2012
I'm trying to configure a simple IPSec VPN between a Cisco 2911 Router and a Juniper Netscreen ScreenOS device (don't exactly now the model). At first the debbuging looks good (QM_IDLE) but than the ISAKMP SA is deleted.The guy managing the Juniper device did send me his log excerpt:
###########################################################################
2012-08-28 10:24:16 system info 00536 IKE <WAN IP> Phase 2 msg ID
9b839579: Negotiations have failed.
2012-08-28 10:24:16 system info 00536 Rejected an IKE packet on loopback.11
from <WAN IP>:500 to
217.150.152.45:500 with cookies
87960e39d074ca49 and 9302d26c7ce324a5
[code]....
Is there anything special that needs to be considered when building a VPN to Juniper devices?
View 6 Replies
View Related
Nov 11, 2012
We already have IPSEC VPN connectivity established between sites but would like to introduce some resilience/redundancy at a remote site.
Site A has an ASA with one internet circuit.
Site B has a Cisco 2911 with one internet circuit and we have established site-to-site IPSEC VPN connectivity between the 2911 and the ASA.
Prior to getting the new internet circuit, Site B had a Cisco 877 with an ADSL line which are still available but aren’t currently in use.
The internet circuit at Site B has dropped a few times recently so we would like to make use of the ADSL circuit (and potentially the 877 router too) as a backup.
We thought about running HSRP between the 877 and 2911 routers at Site B and, in the event of a failure of the router or internet circuit, traffic would failover to the 877 and ADSL.
However, how would Site A detect the failure? Can we simply rely on Dead Peer Detection and list the public IP address of the internet circuit at Site B first with the public IP address used on the ADSL line second in the list on the ASA? What would happen in a failover scenario and, just as important, when service was restored – I’m not sure DPD would handle that aspect correctly?
I’ve read briefly elsewhere that GRE might be best to use in this scenario – but I can’t use GRE on the ASA. I have an L3 switch behind the ASA which I may be able to make use of? But I don’t want to disrupt the existing IPSEC VPN connectivity already established between the ASA and the 2911. Can I keep IPSEC between the ASA and 2911 but then run GRE between the L3 switch and the 2911? If so, how would this best be achieved? And how could I also introduce the 877 and ADSL line into things to achieve the neccessary redundancy?
View 6 Replies
View Related
Apr 17, 2012
What kind of feature set of IOS for NAT. I need it for my Cisco 3700 router.
View 2 Replies
View Related
Aug 11, 2012
my client insisting to set a dscp value of 56 (= CS7 , the highest priority) for their video packet without any bandwith restriction in the input of fast ethernet port and PPP Multilink serial output port of the 7513 router. What will be the outcome at time of video streaming and video conference ? As this dscp value CS7 is the highest priority and reserved for network only.we are using ospf routing (some of the network is connected through this multilink port via ospf routing), also this ethernet is connected to various statice routed ip network via cisco asa and cisco 4507. The keep alive ospf neighbor router will be lost or not?
View 2 Replies
View Related
Oct 15, 2011
I'm getting decent signal through my 3 story home with my new router, however, there are some dead spots on the 3rd floor.
This is my setup:
1. WNDR-3700 Router on main floor
- TV is hooked up router (internet tv)
- VOIP modem hooked up to router
- USB drive hooked up to router for transferring files from computers upstairs to router USB driver
So basically, the router MUST stay where it is. I'm wondering if it's possible to WIRELESS-LY connect my WNDR-3700 router to another BELKIN wireless router. possible at all?
View 4 Replies
View Related
Apr 3, 2013
I have two Cisco routers - 2911 in HQ and RV180 in branch office. Because in HQ LAN network I have some development servers, to which guys from branch office need to have acces, I decided to setup VPN site-to-site between HQ and branch office. Everything went quite smoothly, on both devices I see, that ipsec connection is established. Unfortunately I am not able to ping resources from one network to other one and vice versa. Below is the configuration of 2911 router (I skipped som unimportant (imho) configuration directives) :
crypto isakmp policy 1
encr 3des
hash md5
[Code].....
View 9 Replies
View Related
Feb 12, 2011
I'm havoing probems with my network "stuttering" and wanted to update the firmware. The RVO82 is currently running v2.0.0.19-tm and I have downloaded the latest; V 4.0.0.0.07-tm and tried to upload it to the router using both Safari and Firefox but the update won't take. I have followed the instructions to go to a fixed ip of 192..168.1.50 and have a connection directly to the router( bypassing the switch) but cannot get it to update.
View 1 Replies
View Related
Nov 26, 2011
I have noticed that changes in MAC address filter list are applied only after reboot of router. It is inconvenient.
Router Linksys E4200
Firmware Version: 1.0.03
Operation system on client computer is Windows 7.Can it be resolved in the next version of firmware?
View 1 Replies
View Related
Feb 24, 2011
I am not able to disable rate limit comand from Cisco 3700 series router. I have tried with no rate limit command in the interface .Command is taking but still the rate limit comman in the interface.
View 2 Replies
View Related
Dec 15, 2003
Is there any tool or script which will automatically generate scripts for routers, switches. I am configuring 100's of cisco 3700 routers and 3500 switches. I want to be consistent with my configuration . I am looking for script that when u run it, it will prompt you step by step to configure router, and switch and generate router config file. I know aobut cisco autoconfig maker but thats not what i am looking for.
View 2 Replies
View Related
Jul 31, 2012
How to forward Port 123 on this router?
View 4 Replies
View Related
Aug 21, 2012
so i want to move my dns and dhcp to a server (sbs2011). i am currently using a netgear 3700. i am a little confused on how to set this up. i know to turn off dhcp on the router. will the server give out a dns address? do i even need to router, or could i just use a switch?
View 1 Replies
View Related
Mar 13, 2013
My config:
Windows 7 host
MS Loopback Adapter with ICS
GNS3
ASA 8.42 with ASDM 6.4
Vmware Workstation 7 with Windows XP SP3 vm
All are working like a charm, from my virtual XP machine I can ping every site, e.g. www.google.com which replies nice with it's ip-address.
However, I cannot reach ANY website
When I connect through a Cisco 3700 router the webbrowser works perfect, so it must be something in the ASA configuration (I presume )
I've tried about all possible Access Rules, but still nothing.
View 13 Replies
View Related
Feb 29, 2012
I have a dell vostro 3700 and have had it for about 3 years with no problems. Lately it has been picky on when it will let me use my home wifi it will say "restricted use". Then today it stop working all together and says that no network connections are available, but they are because everyone else's computers in my house are working.
View 3 Replies
View Related
Dec 4, 2010
I bought a Vostro 3700 which i formatted and installed windows 7 using the CD which came with the laptop. I used the drivers CD which also came with the laptop to install the drivers but i am still having trouble with the network controller. On the device manager list it still says its not intalled and as a result i have been unable to use the wireless. When i try to install the wireless drivers an error message comes up saying no compatible hardware found, but the wireless worked fine before the format!
View 15 Replies
View Related
Feb 6, 2011
I am working w/ WNDR3700, and I've been trying to take a look at the traffic meter to judge how much I actually us.
In 7 days I supposedly already used 30gig. There are only two computers to the network and the most we do is Pandora/gaming. Is this router incorrectly reading incoming/outgoing data? Is there someone logging into my router and downloading freaking porn or something? Because whenever I check to see connected devices, I only see our comps, are they able to hide their device on the router?
This month
153:58 Upload/Avg=2,562/366.03 Download/Avg=30,228/4,318 Total/Avg=32,790/4,684
The most I do on the web is schoolwork/pandora and play league of legends or counter strike.
View 4 Replies
View Related
Feb 19, 2013
I have a issue where after configuring aaa and rebooting, logging into the console port seems to be auto trying something before it finally times out and let's the user try. I getting the following sequence: [code] I need aaa to work via vty, however I need the device to boot directly to the Username: prompt so I can continue to use my VB script to clear the config when the devices are return from the field.
View 4 Replies
View Related
Dec 31, 2012
The only difference I can see is the 3700 has gigabit ports. Any other performance differences about with these two routers? I already have the 3400 but I am wondering if I chose the wrong router seeing as the 3700 is only ten bucks more. What there experiences were or there knowledge of these two products or even opinions. I have a gaming PC hard wired, ps3 wireless, nexus 7 wireless, and LG Media Player wireless in a 1400 square foot house with one wall between ps3 and 2 walls between media player. I doubt range will be an issue with either routers though. I might transfer files between PC's later on but 10/100 should still be pretty good speed or not so much?
View 3 Replies
View Related
Oct 13, 2011
I bought this wireless router about a year+ ago, and it's just great. It's attached to the cable modem "downstairs" and right now it supports 2 smartphones wirelessly plus an ancient wired cable to an "upstairs" home office.
I'd like to improve overall performance with a wireless bridge to a gigabit hub in the upstairs office. I'd also like to add a second wireless bridge so I can stream movies to a box that would be attached to my TV, which does not have built-in wireless access.
Trendnet seems to have some interesting wireless bridges, but in the past I had a Trendnet wireless router with really, reallly bad software.
View 10 Replies
View Related
Apr 15, 2012
I had to re-install Windows 7 -64bit after my hard drive had crashed, but I can seem to get the Wireless to work. I tried following the installation order as per the following link but I couldn't install the NSS/DSS as I could not find this download for my Vostro 3700. I also read somewhere that it is not needed for Windows 7, so I left it.
I installed the WLAN 1501 Half Mini-Card (4313bgn) (R270598) driver as this is the wireless card that I have and it installs. The problem I have is that the wireless software and windows says my wireless card's radio is disabled and that I need to switch the radio on using the switch on the laptop. This laptop has a physical switch and no matter if I turn it on or off.. the radio remains off. Even the wireless light above the keyboard does not switch on.The thing is, before the hard drive crashed, my wireless worked fine. Is it possible that the switch broke too, or am I missing some kind of driver or software for the wireless switch.
View 11 Replies
View Related
Jan 16, 2011
Looking for the most efficient setup of my home network. I recently bought the netgear 3700 and it has been great. I also have a trendnet green 8 port giga switch. Both of these will be located in my equipment closet.
I also have an ooma voip hub. before i did the router upgrade i had modem>ooma hub>router. Mainly had it that way since the previous router was a wrg614 and i thought the hub probably had better qos routing. I now have the 3700 infront since i think it does that. I need to learn how to setup the qos though. Problem is that having the hub after the router loses one of my 11 ports (i have pleanty now).
Will speed through the switch be as fast as straight from the router? should my netflix devices connect directly to the router or does any of this matter. [code]
View 7 Replies
View Related
Sep 28, 2011
Had a WNDR 3700, as I do, and replaced it with a 4500 and whether it was worth the upgrade.I can always use the 3700 as a wireless repeater in the living room, where I kind a need one anyway.
View 7 Replies
View Related
Oct 18, 2011
I would like to find out if security plus license ASA-5505-sec-pl be applied to ASA5505-K8. I think the strength of encryption should not be determining whether additional feature can be applied or not, but I need to confirm with you people..
View 1 Replies
View Related
May 23, 2012
crypto map mapName 20 match address NAME_20_cryptomapcrypto map mapName 20 set peer IPADDRcrypto map mapName 20 set transform-set ESP-3DES-SHAcrypto map mapName interface IFNAMEcrypto isakmp identity addresscrypto isakmp enable IFNAMEcrypto isakmp policy 10authentication pre-shareencryption 3deshash md5group 2lifetime 86400crypto isakmp policy 30authentication pre-shareencryption 3deshash shagroup 2lifetime 86400crypto isakmp policy 50authentication pre-shareencryption aeshash shagroup 2lifetime 28800(code)
I need to be sure that when traffic matches access-list "NAME_40_cryptomap" Isakmp policy 50 are used. And then traffic matches "NAME_20_cryptomap" isakmp policy 10 are used. How do i link the crypto map with the specefic isakmp policy?
View 1 Replies
View Related
Nov 30, 2011
I encountered this problem with cisco 870 atm interface. I applied service-policy output, its being accepted but when you do a show run interface, it's not there.
View 5 Replies
View Related
Nov 8, 2012
I cant find the v LAN-membership command on my 3700 layer 3 switch, I've searched Google on whether the command has upgraded to a new syntax to no avail, I'm using GNS3 and the IOS is c3725-adventerprisek9-mz.124-25d.bin
View 4 Replies
View Related
Aug 1, 2012
I get that to avoid fragmenting the packets we need to reduce the MTU to 1492, fine, but should the MTU restriction be applied at the virtual-template (server)/dialer (client) or on the physical ethernet interfaces?If I apply it to one or the other, which takes precedence? Should I just apply it to both the virtual/dialer interfaces and the ethernet interfaces?
View 6 Replies
View Related
Dec 12, 2012
I have a cisco 887 connected as temp measure to a 3g device via a fast0 port. all works fine. VPN comes up...but the moment i apply the crypto map to the vlan.. DHCP stops allocating ip address. I have remove irrelevant config ( dialer, atm etc as they not been used)
config below
p dhcp excluded-address 10.29.80.253 10.29.80.254
ip dhcp excluded-address 10.29.80.1 10.29.80.229
!
[Code]......
View 4 Replies
View Related
Apr 7, 2013
I have a cisco ISE 3355 and WLC 5508 and microsoft Active Directory 2008. I joind the ISE to the ADe successfully and I can see all groups on the AD, also I integrated the ISE with the WLC. my problem is when I created the Authentication policy on the ISE and joined to the AP by the PC nothing applied to the PC.
WLC version 7.4
ISE version 1.1.1.268
View 5 Replies
View Related
May 12, 2012
it seems that users with active device authorization - e.g. permitting only a certain user defined group - can anyway view all devices or views?Is it possible to apply the same view rule from user management, so that these users can only view certain devices or topologies?
View 5 Replies
View Related
Oct 4, 2011
In earlier versions of LMS it was possible to choose i.e. the Routers category (top level) and enter a series of commands to be excluded from the comparison. In LMS 4.0.1 I experience, in several different installations, that this is not possible. It seems I can enter one exclude command beyond the defaults per category, the rest is not applied even though the feedback from the application is positive. Next time I access the Exclude Commands view, the commands I entered are gone. Is this a change of behaviour or a bug?
View 2 Replies
View Related