setting up IPsec for a DMVPN between a 2811 and 2951s in a test lab. I have enabled IPsec on the hub (2811) but I am unable to do so on either of the 2951s. After researching, it seems that I may have the incorrect IOS for this, but I am at a loss which IOS I should be using. Currently the 2951s are on "c2951-universalk9-mz.SPA.151-2.T2.bin" and the only crypto options.
I'm setting up IPsec for a DMVPN between a 2811 and 2951s in a test lab. I have enabled IPsec on the hub (2811) but I am unable to do so on either of the 2951s. After researching, it seems that I may have the incorrect IOS for this, but I am at a loss which IOS I should be using. Currently the 2951s are on "c2951-universalk9-mz.SPA.151-2.T2.bin".
our customer has a server farm in a data center.At the moment the farm has connectivity with only one ISP but sometimes it has service discontinuity.Customer wants to become AS and having two ISP connectivity for backup purposes.He needs to evaluete two cisco routers to use at AS edge with BGP.At the moment he says that the throughputh with the server farm is max 15Mbps and in the future he thinks that it will not increase.We think about cisco2951 routers with 2GB ram.Is cisco 2951 adeguate for this task ?
I have the situation with my new Cisco 2951 router. It has only one module on board - SM-D-ES3-48-P. I don't know what is wrong but I can't see any information about this module. When I connect my laptop to any port it's become green, but it's still green even after I disconnect PC from this port. Sh ip int brief command shows only built-in gigabit interfaces. I also connect my second PC to the router by console to monitor any changes when I connect or disconnect laptop to the module's ports. [code]
We have an old 3725 router with a HSSI card connected to a DL3100, which in turn is connected to a subrate DS3 circuit. The plan is to replace the router with a new 2951 router and a NM-T3/E3 card.After the router was replaced, I configured the NM but the circuit remained dow/down. I'm sure it has to do with the fact that the DS3 circuit is channelized but I'm not sure how to configure this module to be channalized. Here is the configuration that I placed on the router: [code]
We recently purchased the Cisco Router 2951 router with the IOS 15.0. I have tried to put in my VIC2-4FXO card in it. When I did show invetery, it detected the card.[code] When I tried to configure the voice port by typing voice port, it shows % Invalid input detected at '^' marker. I have tried to reset the cad and replace with another one.
I recently installed a 2951 with a security plus license..I hate it (security featuers not router) and would like to put the asa back in place.how to integrate the asa with the 2951, I believe I need to run it in multi context mode.
We have approx. 40 branch offices that connect to our core IOS Firewall (2951) over ipsec VPN Tunnel. One particular site has been facing issues over the past few days. This site will sporadically drop it's VPN Tunnel and reestablish after a few seconds. If I run debug crypto ipsec and crypto isakmp on the site that is dropping, it is constantly going through the DPD process. If I run these same commands on another site, they seem to run DPD at all.
Here is some of the output I am seeing on the site that is failing.
Jan 8 11:18:38.873 AST: %FW-6-DROP_PKT: Dropping tcp session 111.222.3.106:50083 96.16.47.144:80 due to Stray Segment with ip ident 54856 tcpflags 0x5004 seq.no 2154004347 ack 0 Jan 8 11:18:46.061 AST: ISAKMP (4028): received packet from 111.222.255.106 dport 500 sport 500 Global (I) QM_IDLE Jan 8 11:18:46.061 AST: ISAKMP: set new node -1497488895 to QM_IDLE Jan 8 11:18:46.061 AST: ISAKMP:(4028): processing HASH payload. message ID = 2797478401 Jan 8 11:18:46.061 AST: ISAKMP:(4028): processing SA payload. message ID = 2797478401
How to get a WLC on a SRE up and running. I have a WLC installed and running on a 2951 SRE connected to a L3 switch in a lab.
I've tried to follow the Cisco document:
[URL]...
My wireless clients could only receive a DHCP allocated IP address for the 55.XX subnets defined on the wireless lan controller and SRE (shown on page 12 of the pdf). All traffic seemed to be routed via the native vlan of the inside router trunk interface and all DHCP requests arriving at my DHCP server were from 55.XX. Because of this I didn't see the point of trunking
so I've changed it to a point to point routed connection, created a 55.XX DHCP scope on my DHCP server for the wireless clients and all routing works fine.I found the document rather misleading.
configuring my Cisco 2951 router. There are three routed interfaces that I need to configure: one for the internal LAN, the second for another private subnet that connects to a Data Centre and the third for the WAN connection. I have configured the Ge0/0 interface as the LAN interface with the internal network 10.17.0.0/24. I have also configured my WAN interface Ge0/1 for internet connectivity. Now, I need to configure the third interface Ge0/2 that will connect to the Data Centre. This will be a private point to point switched ethernet link. The Data Centre will host a secondary domain controlller. So, I want it to be on the same network as the internal LAN, i.e., 10.17.0.0/24. I want to be able to see all other devices that will be located at the Data Centre just like I would see all devices connected to the internal LAN.The problem I am facing is that Cisco 2951 does not allow me to configure two routed interfaces to be on the same subnet. Is there any way to work around this problem and configure both the internal LAN and the Data Centre private network to be on the same subnet.
I currently have a 50Mbps Internet Connection provided by an ethernet handoff for hosting some webservers. We are looking at adding an additional 10Mbps Internetn connection and route BGP between the two. For the 50Mbps connection, i'm using a Cisco 2951 router. I also have another 2951 router to terminate the 10Mbps connection. Does these router have enough horsepower to fully route BGP?
I'm just double checking here because I saw one doc that didn't mention the 2900 on the data sheet but, I ve seen the 2900 listed with on others. I don't see the 2900s listed in this with the interface.
We have just installed our first 2951 router, and were suprised to see in our Netflow collector that Tunnel interfaces appeared even though we did not configure any, I have seen other posts talking about PIM tunnel when using Multicast, but we dont use multicast and the tunnel is GRE questions are, where do these interfaces come from? how do they pick up an IP address? can we shut them down? IOS is 150-1.M4 loopback interface ip address is 172.16.224.238 ( tunnel source) see output from sh int below
Tunnel0 is up, line protocol is up Hardware is Tunnel Interface is unnumbered. Using address of Tunnel1 (172.16.0.1) MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec, reliability 255/255, txload 99/255, rxload 1/255 Encapsulation TUNNEL, loopback not
configuring my Cisco 2951 router with Z0ne-based firewall. This is the scenario I would like to configure.
I have two ftp servers,S1 and S2, behind the router which needs to be accessed by two groups of users, G1 and G2, from the outside, i.e., from the internet.
I have two public IP addresses, 152.12.164.203 and 152.12.164.204. The WAN interface of the router is configured with IP address 152.12.164.203. G1 needs to access S1 on 152.12.164.203 and G2 needs to access S2 on 152.12.164.204.
What are the steps in configuring the router if I need the above scenario to be implemented?
We have 50 Mb Comcast cable conencted to 2951. There is another conenction to AT&T 20 Mb circuit which goes thru' an ASA 5510. Path to Internet is as below. [code]
As long as Comcast is up, 2951 sends Internet traffic out to Comcast and uses AT&T via ASA for backup.When traffic goes over Comcast, users complain about slow speed out to Internet. If we force traffic to AT&T via ASA, speed issue goes away.
We don't see any issue on 2951 router in terms of CPU or memory util.WHat can cause slow speed despite the fact that router resources are not maxed out and Comcast circuit has 150% more capacity than AT&T?
I have a new Cisco 2951 router and I am trying to configure it for external users to connect to an internal ftp server. I created a firewall and added rules so as to allow ftp connections from the outside to the internal ftp server. I configured NAT so as to allow incoming connections through the router. I have been unsuccessful so far in trying to make this ftp connection work.I am using a zone-based firewall and for the particular ftp rule, the action is inspect so as to allow stateful inspection of packets.
One of the route maps doesnt want to work, all the other are fine -
route-map vlan23-out permit 40 match ip address 123 set ip next-hop 87.194.168.1
If it take the ip policy off interface gi0/0.123 the client can access the internet OK but over the wrong ISP?As soon as i add the policy all internet stops
Can Cisco2951 work as an MPLS router. If yes what will be needed to make it function as an MPLS router? Else which alternative router can function as an MPLS router.
I have a Cisco 2951 Router on which I configured routes for Zone-Based Firewall. I have a FTP server inside my network and I have allowed hosts from the internet to connect to it through the router. They, are however not able to connect or they are connecting but they cannot transfer files. I checked the logs on the router and the error message is as follows:
%FW-6-DROP_PKT: Dropping tcp session xx.xx.xx.xx:21 xx.xx.xx.xx:21766 on zone-pair ccp-zp-out-in class FTPInbound due to Invalid Seq# with ip ident 0
I have talked to two Cisco Reps via our distributor and explained our network to them both and asked for suggested equipment. Our infrastructure has 4 circuits coming into the data center from our remote sites. Two of the circuits are cat5 and two are DS3. I want to use two routers to support two circuits each (cat5 and DS3). Each circuit is around 30Mb servicing around 13 locations with T1 connections, 55 locations in total. They suggested at a minimum the cisco 2951 model because we are utilizing one NM-1T3/E3 module in each router, and suggested getting the cisco 3925 model to cover future growth. I asked for a data sheet that has suggested models of routers for the bandwidth of the incoming pipes. The technicians said they would email this information over but twice now I have not received it and cannot find this information anywhere online. We currently have a cisco 2851 utilizing one NM-1T3/E3 module and they purchased a cisco 2911 to replace this unit.
Purchased and configured 2951 router based on Telco specs that required T3/DS3 card with coax connection for MPLS. When telco showed up to install DS3 they handed me a UTP copper connection.... Can I use one of the Gigabit ethernet connections on the 2951 as my MPLS interface into the provider's cloud?
I have a site to site ipsec tunnel setup between an ASA5510 and a 2951 Router. The ASA 5510 is on a 10.x subnet with a few vlans behind it. There are also 7 other ASA5505 that connect to this box with ipsec.
The 2951 is on a 10.x subnet with multiple vlans behind it (10.x and 192.x subnets).
When I had ACL to allow traffic from 10.20.0.0 (ASA) to 192.168.111.0 (2951 - voice vlan) the connection comes online and is stable.
The minute I add any of the following, the connection drops off with Phase 2 errors: 10.20.0.0 to 10.1.200.0 10.20.1.0 to 10.1.1.0
I can add a second 10.20.0.0 to 192.168.10.0 with no problem at all. The issue only seems to occur when attempting to add traffic from 10 to 10 on the tunnel.
I am looking to setup a solution for backing up a Metro Ethernet connection on a 2951 using an 1841 and 2 T1's in a Multilink. The Metro E will be primary, and if the BGP peer goes down, I want it to switchover to the 1841. Can it be done and is there an example of the BGP setup to work off of?
on-plus see the device and allows CPE( imbedded) to start then never opens,,,tried genera connection and used that address supplied to open CCP no discovery.also seems onplus doesn't see a service contract or firmware, etc
I recently received these routers and after the first reboot I changed the user id and password so it does not lock out...After configuring my routers for installation, upon bootup I am getting this message scroll down my screen
We have 6 sites which are connected through E1 links.All sites connected from HQs.
Site A is HQs. Sited B, C, D, E, and F are Branches. Site A is directly connected with site B, C, D and E. Site D is connected with Site F.
Now we have another redundant E1 link for site C and Site F.we are using Static Routes.i have configured Qualified-next-hope on Juniper Router but i am unable to configure IP SLA on Site C Cisco 2951 with IOS 15.0 router.is there another solution for my scenario plz share with me for Redundant Link.
Is this module supported in the CISCO2900 routers?I have come across two documents that seem to contradict each other:In this one says:
Cisco 8-Port Channelized T1/E1 and ISDN PRI High-Speed WAN Network Module # –Part number: NM-8CE1T1-PRI # –Provides channelized T1 or E1 connections or ISDN PRI connection # –Supported on Cisco 3800, Cisco 2900, and Cisco 3900 series routers
We are planning on testing a new ISP provider in our company but we have the following doubt: This new provider is using a Optical Fiber line (GPON – PT Prime) for this new internet connection and we already have a Cisco RV220W router but they are not sure if that can be used, so they just informed that they a capable router is the Cisco 2951-SEC/K9, that they are selling of course. So our actual doubt is if the Cisco 2951-SEC/K9 can have some “extra” WAN configurations/authentications that are not available in our Cisco RV220W and that can implicate that we cannot use our RV220w router?
Having an issue that we have with a CISCO2951/K9. It connects to Internet through the GigabitEthernet0/1 interface. Since a few days ago, the Gi0/1 interface is flapping many times in a day:
100468: Oct 30 12:16:28 CST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down 100469: Oct 30 12:16:29 CST: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down 100474: Oct 30 12:17:08 CST: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up [Code]....
We are a medium-large sized company with approx.100 offices located across North America. Every single office connects to each other and the data center via a DMVPN overlay network. The DMVPN hub router (Cisco 2951), R-Q9-1, is located at our data center and is the "workhorse" of the company. We also have a redundant hub router, R-Q9-2, at the data center with exact same hardware specs.
Each office builds an EIGRP Tunnel0 and Tunnel1 to R-Q9-1 and R-Q9-2 respectively. All data traffic flows over Tunnel0 to R-Q9-1 until it fails, at which point traffic starts to flow over Tunnel1 to R-Q9-2. This has been working seamlessly for last 1 year of implementing this design, until yesterday, when both R-Q9-1 and R-Q9-2 rebooted all of a sudden at the same time right in the middle of a production day. I confirmed there was no power failure at the data center. A show version of both routers gives me this:
R-Q9-1 uptime is 1 day, 1 hour, 24 minutes System returned to ROM by address error at PC 0x5C92E28, address 0x5DF36FE9 at 11:52:23 EDT Tue Sep 21 2010 System image file is "flash0:c2951-universalk9-mz.SPA.150-1.M3.bin" Last reload type: Normal Reload [code]...
I Google that error but can't find anything specific other than it's saying it's some kind of bus error. What I also found a bit off is the time it's showing on both routers' show version output (Sep 21, 2010 and Jan 10, 2012). Here are the current clock settings on both routers at the time of this writing.
R-Q9-1#sh clock *16:53:31.216 EDT Wed Oct 31 2012 R-Q9-2#sh clock *16:59:44.220 EDT Wed Oct 31 2012
I checked my Syslog server and did not find anything specific during the time of the crash, however, syslog was filled with errors similar to this one
2469: * Tunnel0: NHRP Encap Error for Resolution Request , Reason: protocol generic error (7) on (Tunnel: 10.10.200.1 NBMA: IP address ommitted) [code]...
I have never seen these errors before and all of a sudden they seem to have stopped since this morning.