Cisco VPN :: To Ensure That Traffic Is Not Just Being Routed Out Of Interface 3825
May 31, 2011
I have my main branch router (3825) and two remote routers (2821's). They are connected through leased lines that do not touch the internet. For various security reasons I have to ensure that the traffic from the remote's are encrypted in a VPN tunnel even though it is still part of a private network.I have went ahead and created the tunnels and I can verify that they are up. I have applied the cryptomap to the correct interfaces, etc.So the question is - How do I ensure that traffic is not just being router out of the interface from the remote sites back to the branch router with or without using the VPN tunnel? I've taken down the tunnels and of course, the traffic is still being passed back and fourth.
View 1 Replies
ADVERTISEMENT
Mar 7, 2012
we have a Cisco 3825 router which does not work well with a DSL modem(ISP provided). I have configured the Gi0/0 port of the router to plug into this DSL modem but it does not ping to the ISP gateway. If we do a shut/no shut on the interface then it work fine for about 30 secs. Sometimes even for 1 hr. Then the packets drop and we cannot pass any traffic through this interface.
Now, if the ISP connection is terminated on a computer it works fine. It works fine without dropping any packet.I have tried various options like using a straight/cross cable. I have tried to configure the interface negotiation for 100/full, 100/half, auto/auto and almost all the options.I have also tried to interconnect the devices using a L2 device like a HUB. Nothing works.
View 5 Replies
View Related
Feb 21, 2012
On a router I can use IP Accounting or Netflow to see what kind of traffic is moving over an interface. Are there any tools on a 3750 switch with a routed interface which would tell you who is hogging the bandwidth on that interface?
View 2 Replies
View Related
Jan 11, 2013
I recently upgraded from a Cisco 3900 series router to a Cisco ASR1k router. Since the upgrade, I have internal clients who claim they cannot connect to external VPNs. These internal clients are behind a NAT that routes a public IP address to a group of clients with private IP addresses.
How can I ensure that all VPN traffic is able to pass through the NAT?
View 2 Replies
View Related
Feb 24, 2011
I am trying to set up a LAN-to-LAN VPN tunnel between two sites. One site has a 5505, and the other site has a 5510. It looks like the tunnel is being established fine (both ISAKMP and IPSEC SAs look OK), but traffic doesn't appear to be routing across the internet between the devices. [code]
View 15 Replies
View Related
Feb 21, 2011
we are using the catalyst 3550 L3 for BGP routing. For e.g. Gi 0/4 is our internal interface tha we want "switch".
We need on Gi 0/5 the same network that is on gi 0/4.
How is it possible? Make it like a 2 port mini switch. Or make a bridge of these 2 interfaces without any complicated reconfiguration needed?
View 2 Replies
View Related
Oct 30, 2010
I have a subnet (vlan 104) working great across a WAN. At site 1, Router A (3745) has the L2TPv3 tunnel configured while Router B (7204) has a routed interface on vlan 104.
The only thing router A is doing is the tunnel, so I'd like put the tunnel on Router B and eliminate Router A.
The trouble is, when I move the configs to Router B, the tunnel comes up, but the far side does not receive traffic over the tunnel.
Router B shows sending and receiving packets (per the 'sh l2tun session all' command). The far end router shows sending packets but receiving 0.
Is it a problem to have both the vlan 104's L2TPv3 xconnect interface and the vlan 104's routed inteface on the SAME router?
View 10 Replies
View Related
May 12, 2013
We are currently looking at design models for a Multi-Tenancy solution.The firewall layer will be 2 X ASA's running 9.X to take advantage of VPN's in multiple context mode and mixed L3 and L2 contexts.
We will be delivering services through multiple L3 contexts (between 2 and 5 L3 contexts for services) and 1 transparent context for customers infrastructure who will then have virtual firewalls for NAT's and VPN's etc withing their own environment.
I am not very experienced with IPS so my query is; if we were to get an IPS license for both ASA's how would the IPS fit in, can we use it to inspect traffic for all the L3 contexts and the transparent context?
View 4 Replies
View Related
Mar 14, 2012
We are looking for a solution that to use Sub-interface on a routed port on 6509, instead of using a SVI on it.Are there any different when using Sub-interface?
View 3 Replies
View Related
Feb 6, 2011
I have a 3825 with a 1Gb fiber card at one of my sites. Our ISP and MPLS provider hand off a single gigabit fiber to us that contains 2 50MB EVC's.I need to apply QoS to one of the EVC's and shape them both to 50Mb to avoid upstream rate mismatch bottlenecks. Both of the EVC's generally only push 10Mb during business hours.When I run UDP stream tests (various rates from 500k-6m that are marked as AF41) to one of my other sites I am consistently getting about 2% packet loss, despite the fact the circuit isn't even close to 50% saturation. When I remove Shaping and QoS all together, the issue nearly clears itself up, except during peak hours and I get small bursts of packet loss, which is still unacceptable.When the pipe is at near zero utilization (after hours) there also is no packet loss with or with out the shaping/qos applied.
View 1 Replies
View Related
Jun 10, 2012
how to configure vlan tag on routed layer 3 interface in cisco 3945 device?
View 2 Replies
View Related
Feb 28, 2012
What are the pros and cons of configuring a Switch Virtual Interface (SVI) versus a routed physical port between layer 3 switches?For example, if I have two 4506s and have a need to run HSRP and route between them which feature is better and why?
switch_a
!
interface vlan 25
ip address 10.10.10.1 255.255.255.0
!
interface fa0/1
switchport mode trunk
[code].....
View 1 Replies
View Related
Mar 7, 2012
We have a Cisco 3825 router which does not work well with a DSL modem(ISP provided). I have configured the Gi0/0 port of the router to plug into this DSL modem but it does not ping to the ISP gateway. If we do a shut/no shut on the interface then it work fine for about 30 secs. Sometimes even for 1 hr. Then the packets drop and we cannot pass any traffic through this interface.Now, if the ISP connection is terminated on a computer it works fine. It works fine without dropping any packet. I have tried various options like using a straight/cross cable. I have tried to configure the interface negotiation for 100/full, 100/half, auto/auto and almost all the options. I have also tried to interconnect the devices using a L2 device like a HUB. Nothing works.
View 7 Replies
View Related
Mar 13, 2012
We have a new 100MB internet service, but we only pay for 10MB and above that is a per/MB fee and not cheap. I want to limit all traffic inbound and outbound only to use up to 10MB on the outside interface of our Cisco 3825.
View 9 Replies
View Related
Dec 6, 2012
I have two 3825's. Each has it's own ISP connection. Nat is configued for both. They have an ethernet connection between them and I'm running OSPF between the two so the routes propogate. I have qty 11 Dialer interfaces configured on each router (each router has an exact copy of the other routers dialer interface). However, I only want the Dialers up if the ISP connection on the mated router goes down. Much like HSRP I need one to preempt and be active if both ISP connections are up. When one goes down the other Dialers must come up. Each dialer sends a Dynamic DNS host name and IP address pair to DynDNS.org. So I cannot have both up otherwise the DNS names will bounce between ISP#1's IP address and ISP#2's IP address (back and forth). Let me know if any option exists to make this happen. As an aside the ISP's are providing me DHCP addresses so I cannot work off of an IP, it has to be the physical interface (i.e. Gi0/0).
View 1 Replies
View Related
Apr 15, 2013
I am trying to configure site to site vpn between Cisco ASA and Cisco router 3825, I need to establish the vpn connection with an interface that has security level of 90.I followed the procedure shown in the following link: URL.
View 6 Replies
View Related
Jul 7, 2012
How to configure traffic flow between computers inside VLANs and a routed port? Here is the setup details:
1. Switch 3750-X
2. VLAN 100 - ( SVI IP address 192.168.100.1 /24)
3. VLAN 200 - ( SVI IP address 192.168.200.1 /24)
4. routed port gi1/0/48 (IP address 192.168.150.1 /24). Note: this port is directly connected to a firewall ASA 5520 port IP 192.168.150.100 /24
Ip routing is enabled on the switch and inter vlan traffic is flowing ok. I can ping the routed port gi1/0/48 from any computer connected in the VLAN 100 or 200. For example computer with IP 192.168.100.25 can ping the routed port 192.168.150.1. Switch can ping firewall port 192.168.150.100 and the 'sh ip route' command shows the network 192.168.150.0 /24 as directly connected network.
any computer in the two VLANs CANNOT ping firewall ASA port 192.168.150.100 Is it because inter VLAN routing does not work with a routed port on L3 switch? I looked up fallback bridging, but it is meant for non IP traffic.The goal is I am trying to set the ASA port as an internet gateway for VLANs.
View 4 Replies
View Related
Nov 27, 2012
We are using 3825 Cisco router with IOS version 12.4(24)T2. The unknown protocol drops on our GigabitEthernet0/1 interface is increasing. This interface is connected to our modem. What could be causing this unknown protocol drops?
cnshaccent-gw-2#sh int GigabitEthernet0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is BCM1125 Internal MAC, address is ffff.ffff.ffff (bia ffff.ffff.ffff)
[Code]....
View 1 Replies
View Related
Oct 9, 2011
I have Pix 501 firewall and I'm just configuring the device for "Email Server" to allowing POP/SMTP.
Inside Interface Address: 132.147.162.14/255.255.0.0
Outside Interface Address: ISP provided IP address
My question is can my traffic goes from inside interface to outside interface? (because the inside interface address not from 10.0/172./192.168 private address)Also I'm allowing internet from this email server (132.147.162.14) so what my access list to be configured? and what my subnet mask shoud be there?
Pix(config)#access-list outbound permit tcp 132.147.162.14 255.255.0.0 any eq 80
Pix(config)#access-list outbound permit udp 132.147.162.14 255.255.0.0 any eq 53
Pix(config)#access-group outbound in interface inside
View 7 Replies
View Related
Mar 12, 2013
Quick question here. Using 3750E series switches with multiple VLANS configured. These switches serve as our 'core'. I have SVIs configured for the different VLANs and add inbound ACLs in each of the SVIs to control traffic between VLANS. This switch also terminates a P2P Ethernet link which connects to our Colo facility. The port used for this is configured as an L3 port. I noticed today that I was able to send traffic across this L3 link that I thought should have been blocked by an ACL I had in place but it wasn't. So the traffic flowed from a port in say VLAN 20 across this L3 link (assigned with an IP address). Would this traffic flow not cause traffic to be checked against an ACL applied in the inbound direction on the SVI of VLAN 20 (int vlan 20)? Traffic does get checked when routing between SVIs. Why would it not get checked when routing between SVI and L3 interface?
View 2 Replies
View Related
May 5, 2013
I have an asa 5520. How would I configure my dedicated management interface to be able to route off subnet while the firewall is in transparent mode?
View 1 Replies
View Related
Jun 5, 2013
I'm fairly new to Cisco products am in the process of developing my network knowledge on a deeper level. I have a 3825 with a HWIC-4ESW and I'm struggling to fully understand how the two "see" each other. I've setup a V LAN with a layer 3 address on the HWIC and added the switch ports to it. This seemed to allow devices connected to the switch ports to talk to the built-in router ports. I thought this was all making sense until i applied an access-list to the router port. It's a simple ACL i'm just using for testing and the only thing it does is blocks telnet from anywhere. I know the ACL is setup properly because if I connect a device directly to the router port i cannot telnet to the port. However, if i connect a device to one of the switch ports, i am able to telnet to the router port successfully.
It seems that I'm missing something with how traffic flows from the switch port to the router ports and how the two "see" each other.
View 2 Replies
View Related
Feb 14, 2013
I have a TENDA wireless USB tiny dongle. How do ensure that I connect only to my router? My router is by far the strogest signal that the TENDA can see but it insists on connecting to some BT open router nearby when I boot up. The BT router signal is showing very low but of course it is open whereas my router requires a passowrd
View 1 Replies
View Related
Mar 26, 2012
I'm new to learning about networks and I'm trying to do some research to be able to answer this question for a paper I'm writing. It is the only question in which I have no direction on how to find the answer to and was wondering if someone could point me in a direction? Describe strategies to ensure the availability of network access in switched and routed networks.
View 2 Replies
View Related
May 16, 2012
Sonicwall TZ 180 router/firewall LAN and WLAN is configured on different subnets (just the way it is setup) and any devices on either network can not see shares/printers etc on the other network through the same device.from what i can tell, i have all the necessary port forwards/AccessRules setup for WLAN and LAN to communicate together but, it is just not working properly. What the exact settings are to ensure the LAN and WLAN devices communicate to each other.
View 1 Replies
View Related
Aug 14, 2011
I'm working on a computer that has no connectivity on wired or wireless connections. the wired eth card is a broadcom netlink card and the wireless adapter is an atheros ar5007eg. I found the drivers for the wireless on acer.com and removed the driver that was on here at first and put the one from acer. i cant find a network in range but device manager says its working fine. Then I found out the wired connection isnt working either and im getting the same messages from windows troubleshooter. It says both are "experiencing driver or hardware related issues and "make sure your internet protocol bindings are correct - ensure that ipv4 and ipv6 are selected in the config for the network adapter". it links me to the connection properties and ipv4 and ipv6 are checked off for both. futhermore, in the connection status window it says i have no ipv4 or ipv6 connectivity.
View 6 Replies
View Related
May 5, 2011
There is a remote server that downloads info from a server here at HQ. When the dowloads start the rxload on the S0/0/0 interface jumps to 98 percent or so; rxload 250/255. I needed to limit the bandwidth utilization between the servers, so I added the below line to the LAN interface on the remote router.By adding the command, it reduced the download utilization -which is what I wanted.
access-list 185 permit ip host 10.6.27.1 any
!
int f0/0
traffic-shape group 185 10000 8000 8000 1000
Question:How would applying this to the LAN interface cause the download utilization (Coming from s0/0/0) to decrease?
View 4 Replies
View Related
Nov 2, 2011
i want to monitor interface traffic in/out by eem and the if the values is overer than some value i will change the policy. for example my router is 2821 is have 2 fastEthernet port , i want to monitor the traffic on fasE1/0 if traffic over than 80Mbps i will change some configuration ( example: change next-hop on static route) for via traffic to interface fasE1/1 for reduce the traffic on interface fasE1/0?
View 6 Replies
View Related
Jul 17, 2012
I want to allow ICMP traffic on ASA 5510 from LAN interface to DMZ. I've permit any traffic and added ICMP to the inspestion list also but still there is problem. Belos is the configuration. The image is asa822-k8.bin
:
ASA Version 8.2(2)
!
hostname fw-01
names
!
interface Ethernet0/0
[code]....
View 1 Replies
View Related
Jan 15, 2013
I am facing a very big problem with site to site vpn on cisco 2900 ios.
I configured the vpn and when i ping from router itself to destination ip with source as lan interface , VPN works, no problem.
but when i connect any computer directly to router's lan interface to initiate traffic , it doesnot work at all. and on computer's lan i see yeloow sign.
mtu is 1500, speed is auto (I tried changing also) , duplex is auto ( i tried changing also) , through firewall on pc should not affect but still i disabled it.
since their is no problem with vpn config as vpn comes up when i initiate ping from router itself but i dont know why it is not working from lan.
do we need any inspect icmp on this router also ? or any policy modification to pass traffic across the interfac on router is required ?
I was useinf c2900k9-15.0(M4).bin and i upgraded it to 15.3 which is lated to get reed of any bug .
I connected two laptops directly to router's gi0/0, g0/1 interface to ping from one laptop to another but this also did not work.
View 3 Replies
View Related
Jul 7, 2011
I have two ethernet adaptors on my windows machine. OS is Win-XP.I am running ADSL broadband on LAN1 and on LAN2 I am accessing applications on our company's WAN. LAN1 is on 192.168.1.0/24 subnet and LAN2 is on 10.68.104.0/22 subnet.Accessing application through LAN2 involves DNS that is located distantly, therefore routers are also in picture.Problem is that while accessing the application that run on the network of LAN2, I have to disable LAN1. Otherwise the traffic goes on LAN1.
View 2 Replies
View Related
Mar 12, 2012
I have an ASA-5505. [code] I have an Exchange server on the 10.10.10.0 network. I need to be able to allow Active-Sync and OWA from the Guest WiFi through to the Exchange server on the 10.10.10.0 network. The Guest Wi-Fi uses external DNS so traffic is going out to the Internet and getting an IP address which is of course assigned to the Outside interface abd trying to come back in on that interface.How do I make this do what I need? How do I setup the rules to allow this traffic?
View 2 Replies
View Related
Dec 20, 2011
FTP traffic routed from outside to the inside interface works fine. I have another interface with multiple sub-interfaces and vlans configured. FTP traffic routed from the outside to vlan2_servers is not making it through the firewall. I must be missing something. I have attached my config.
View 4 Replies
View Related
