We have purchased a couple of Cisco 891 routers - both are running IOS 15.0(1) M5 licensed with advanced IP services (default). The literature for these devices on Cisco's website claims they support IPsec stateful failover on advanced IP services.
Our intention is to configure them with HSRP and IPsec stateful failover to provide a highly-available default gateway and VPN end-point.
I have configured HSRP and that seems to work fine. My problem is that I cannot configure IPsec stateful failover. The documentation that I have found implies that I need to configure inter-device redundancy on a particular HSRP group and use the physical IP addresses on the interfaces within that group to allow stateful failover communication between the routers however the routers do not recognise the 'redundancy' command in config mode...
I have 2 C2811 ISRs runnning c2800nm-advsecurityk9-mz.124-15.T17.bin and having on board: 1 Virtual Private Network (VPN) Module.is it possible to enable IPSec stateful failover (or switchover, SSO) between these boxes? I get different infos from Cisco sources. url...All commands were accepted, but failover doesn't seem to be statefull (I loose connection for few seconds and VPNs are reestabilishing)
In my network we have 2 ISPs connections 2mbps from different service providers are terminated in two different routers (Cisco 3845).Now i want to achive if one router fails(ISP down) next router has to up and if both the links is up i need to achive load balance for both the routers(ISPS).i need 100% uptime.
How can I configure the routers, any examples to achieve the HW failover.
I just installed a HWIC-2T in a Cis co 3845 running IOS 15.1(3) T New build.The IOS self installed the port configuration including the command line "clock rate 2000000." I can edit everything but that entry using the CLI. When I enter the "no clock rate" it will not take in the running conf.
I have two ASA 5510's that I want to setup in a Active/Standby configuration. My only question is on how to connect the inside ports to my LAN. I have 5 Catalyst 3750's stacked together that connect to the ASA's. Should I run the inside interface on ASA1 to a port on switch 1. Then run the inside interface on ASA2 to a port on switch2? And make sure both those ports are in the same VLAN? But, then when failover occured, how to I automatically make it clear the arp cache so the traffic starts flowing out of the right port?
We have multiple cisco routers and most of them have dual WAN connections thru different ISPs. So, we use IP SLA monitor with tracking object s to monitor each ISP availability/reliability and switch routing accordingly ( by IOS). So far, it has been working ok. However, recently, we had some ISP high latency and the connection to one ISP will be so slow but the IOS keep seeing it as UP, thus sending traffic thru it. So, I tried to change around the threshold numbers around with no luck. Is there any configuration/commands or tricks that can do the job here? I don't want the users to be the one to detect the Internet slowness and have me manually shut down an interface or change the static routes metrics. here is a sample of my config:
ip sla 1 type echo protocol ipIcmpEcho x.x.x.x isp 1 gateway threshold 3 frequency 5ip sla monitor schedule 1 life forever start-time now ip sla 2 type echo protocol ipIcmpEcho x.x.x.x isp 2 gateway threshold 3 frequency 5ip sla monitor schedule 2 life forever start-time now
I am using a Cisco 1921 with a Verizon 4G LTE card installed. The primary connection is a Cable Modem with the 4G LTE acting as the backup. I've setup a track on the static route to the primary ISP. I'm having multiple issues. Initially I used the Gig 0/0 int instead of a Loopback address for the IP SLA source. The IP SLA traffic would be sent to the cellular interface and cause an IP source violation and the interface would flap. Then I used the Loopback and I could not get the route to fail back when the connection came back up. Even with the Loopback as the source for IP SLA I'm still getting flapping and I think that is a NAT configuration issue. I've applied an access-group on the cellular interface to try to fix the ip source violation issues, but it doesn't appear to work. The IP-SLA-POLICY route map is an attempt to force the IP SLA traffic to the primary interface. [code]
I've two Cisco ASA 5550 firewall. I'm don't have much knowlege on configuring this kind of firewall. I need configuring these firewall for simple NAT. I have 3 public IP address. I would like to allow server's inside of the firewall to be able to connect to internet using private address. A basic NAT. Also need to configure some port forwarding. We've bought two firewall for the Active/Active failover support. How can i configure this through ASDM? My ASDM version is 5.2.
We try to migrate two ASA stateful Active / Passive from version 8.0 to 8.4 but many of acl rules and Nat no longer working. We must go through the version 8.2? The release 8.4 changes everything and seems to me not too stable, it'sl best to stay in 8.2 or 8.3 !!!
We have 3845 Router which is using for only Internet connectivity with one ISP(X) Customer has only one Vlan, Public AS number, and Public IP pool.Scenario:User--> L2Access-SW--> L3 (6500) SW--> Firewall (5520) --> IPS--> 3845Router.Now we have another ASR Router, which also has Internet connectivity from another ISP(Y).Now the issue is we would like to use both ISP in active/active scenario.
Is there any physical or technical diferrences between PWR-3845 AC/2 and PWR-3845 AC? We are trying to order replacement parts and wondering if PWR-3845 AC is for one power supply and AC/2 means you get two with one order?
I need to install a HWIC-2Fe card onto the Cisco 3845 motherboard. Do I need to power down the router for this installation?Also I had a few more queries in regards to 3845 routers.
1) DO C3845 routers support insertion and removal of Network modules while powered on? 2) Do C3845 routers support insertion and removal of Power supply (redundant one)? 3) Is it the case that all Network modules which need to be inserted onto the motherboard require the router to be powered down? 4) If there is a need to replace the Network module from a particular slot with a new one (same make), powering down the router is not required?
Is there any physical or technical diferrences between PWR-3845 AC/2 and PWR-3845 AC? We are trying to order replacement parts and if PWR-3845 AC is for one power supply and AC/2 means you get two with one order.
I have two Cisco 3845 routers which receive a multicast stram via a tunnel interface, i.e Tunnel163 (PIM Dense mode is enabled). These routers are both connected to a LAN segment (FastEthernet0/1/0) where receivers are. [code] Router1 is the assert winner (highest IP address), it sees igmp joins request, but it's pruning the interface. It happens sometimes and it lasts until I manually issue clear ip mroute.Unfortunately I cannot migrate to Sparse Mode.
I am trying to configure two 3845 routers to act as dhcp server and dhcp relay. Clients are connected to the router that relays all dhcp requests to the vrf instance which is used to connect it to the router wich is running dhcp server.
Router1 ip vrf dhcp_dns rd 8:1 int gi0/0 ip vrf forwarding dhcp_dns ip address 192.168.200.5 255.255.255.248
So far I can see dhcp requests coming from the R1 and dhcp server on R2 replies with the dhcp offer but PC is not getting any ip.
I have 2 Cisco routers 3945. Use HSRP for links failover. Does exist any possibility (any protocol) which makes routers configuration's automatic synchronization (as failover for ASA firewalls)? I mean, if I will make any configuration changes on the Active router, automticly will taken this changes by the Standby router.
I’m currently training to take my CCNA, So for the reason I’m here, I have just been asked to take over the company network.And I need to know how I go about configuring some base level routers.I have 3 remote sites and 1 main site, all these routers are using 857’s, with a VPN tunnel between them, this is running all OK and working fine,But my boss has decided to have a second ADSL line installed in the main site for failover.How do I go about configuring this, ie how do the VPN’s terminate on the other router when the main one goes down?
I have an issue where we have a single ASA5505 [soon to be active/standby with single ISP] connecting to HQ where there are 2 x Cisco 2821's. Each 2821 router has it's own connection to the internet running BGP and each router is setup to terminate IPSEC VPN's from the ASA. The ASA has a backup VPN configuration with no IP SLA configuration to track if the Primary IPSEC endpoint is alive. Keep alives are set and the VPN does failover to the backup.When the primary 2821 internet connection fails the ASA fails over to the backup 2821 and everything works a dream. However when the primary internet link re establishes to the primary 2821 the ASA does not fail back to the primary 2821 it stays on the backup 2821 and all is broken as the remote site starts forwarding traffic out the BGP default route - which is back via the primary connection...How do I fix this so that the ASA tracks the IP of the primary router to failback without manual intervention - clearing isakmp and ipsec sa's?The other issue is the ASA does not allow traffic to be orignated from the 2821 end of the VPN. You have to establish traffic from behind the ASA for the IPSEC sa to be created.
I'm looking to use 861s at few remote sites connecting to a 881 in the main office using Easy VPN. If I was to get 2 ISPs at the main office, can I configure it in a way that if the primary WAN failsover to the secondary, the VPN tunnels from remote sites will also failover?
Would you recommend an ASA 5505 at main office over the 811?
We are looking at purchasing and RV042 soon and have one cruitcial question. I am looking at having two internet connections running into the RV042. The only load balancing is going to be that all the VOIP traffic will go through one connection (eg WAN2) and then have all other traffic (such as web and email) through WAN1.
I am looking to have it so that if one of the internet connections goes down then it will failover EVERYTHING to the one that is working so both the VOIP and all the other traffic share the same connection until both WANs then go back online.
I was wondering how does failover works on Cisco Small Business RV016. Specifically, I am interested when one WAN line stop working, and all the computers in the LAN start using another line. Does it means that IP addresses of the computers in the LAN will change, or they stay the same? If they change can I set it up that they always stay the same no matter which input WAN they are using?
RV042 in Router mode.WAN1 preferred.With Smart Link it seems to work to a point.When WAN1 fails, it fails over to WAN2.But then it gets stuck on WAN2 and I have to manually switch to WAN2 preferred and then back to WAN1 preferred to get WAN1 connection to return.The test IP addresses should be just fine as set.
Have a 1921 that has 3 eth connections (1 LAN, and 2 WAN) - I have 2 seperate OSPF processes (2 areas) on the WAN Ints - both upstream WAN's are sending defaults back to the 1921, and the 1921 is sending it's LAN range to them.
I have ip ospf cost 150 set on the "failover" WAN connection interface (Both on the 1921 and upstream), but the 1921 is preferring the default route from the "failover"?
The default routes are both being received by the 1921, but it's preferring the "failover" Int with the ip ospf cost 150 configured?
I recently bought a Cisco SRP527W and I'm trying to setup a second wireless network for guests.
I created a "guest" VLAN and I assigned the "guest" SSID which I have created.
I created a "guest" DHCP server and assigned it to the "guest" VLAN.
The "guest" SSID is set to broadcast and has WPA2 Personal (TKIP+AES) authentication. These are exactly the same settings I have for the "non-guest" WiFi.
However, I can't get my clients to connect to the network. The "guest" WiFi is visible and clients are prompted to enter the password but after that they end up with an APIPA address. When I move the "guest" SSID to VLAN1 (along with all the other networks) then it works absolutely fine.
I was just wondering if I'm simply missing something in the configuration ..
The device is running the latest firmware (1.01.24 (003) September 7, 2011)
DHCP server has DNS Proxy setting enabled and WAN Interface configured as "Default Route" (have basically replicated the same settings as VLAN1)
I want to configurate Cisco SSL AnyConnect VPN on cisco router 2900 series.when i install this license on router after that can i configurate ssl anyconnect vpn? Must I be first enable EULA then install this license?
I'm trying to configure and DMVPN architecture with two routers ASR1006 to server a bank remote offices, one ASR in CO building and the other in CA building (CO: Operational Center; CA: Recovery Center).Each ASR have two LAN connections to internal network and two WAN links to remote office. Each WAN links belongs to differents provider.Each remote office has a router with two WAN links connected to that WAN providers.We are configuring the DMVPN considering two primary tunnels in the CO building and two failover tunnels in CA building.We made the configuration (schemas and configuration attached) but we only get two tunnels up at a time. We cannot ping from office router to four tunnels interfaces in both hubs.
We made some test disabling some tunnels and we could get communication only with two tunnels interfaces. We got communication through tunnels when we have just two.We want to have the four tunnels for high availability. We would like to know how to troubleshoot and make a design review because the examples and documentations are very limited.
i got a problem in configuring a VPN Connection for our Colleagues (Laptops & Iphones 4/4S/5) We got an RV042G .
A WAN Connection from Deutsche Telekom AG with Static IP connected in WAN1. Configured for PPPoE. Ive got configured a Port Forwarding on our SBS 2011 Server for OWA and other Services on web. I´ve got extreme Problems configuring VPN Connections. We use Quick VPN, other tools got to much buttons to click .
1st i configured a Group VPN , with FQDN (Remote Group) Local Group (IP only) . i configured 2 users. Then on a Laptop connected to the internet through an Hotspot Connection of an Iphone.
I entered the WAN IP .. Username. Password. Pressed ENTER. I get to the point of Verifyiing Network, and after it timeout with Remote Gateway not responding. Do you want to wait. If i Press Yes, after max. 1 minute there comes the message again.
I looked in the VPN Summary, and i see, that my username was connected through VPN for seconds, but then disconnected. Do i have overseen an option to configure??