Cisco VPN :: Remote Access With 2 WAN Link In 2911-SEC-k9 Router
Mar 4, 2012
I am having cisco 2911-sec-k9 router.
And I got 2 internet connections from isp one is static ip leased line and the other one i dsl dynamic ip one.
What I want is i need to configure internet load balance between these 2 internet and also i need to use static ip for remote access vpna and for my exchange port forwarding.
My dsl line in 100 mps and my leased line 2mb dedicated.
I configured the router as with some example config i got on internet my internet is fine but load balancing not happening and i configured the REMOTE ACCESS VPN . I am able to connect the remote access vpn but no communication through remote access . i cannot reach any device through remote access.
Note: if load balancing is not possible how i can configure for internet traffic use dsl line and for remote access vpn and live exchange port forwarding through leased line.
I am attaching my configuration and also debug crypto isakmp status
View 1 Replies
ADVERTISEMENT
Nov 24, 2011
I want a simple remote client-initiated VPN for employees to access corporate resources from home simultaneously with being able to access the internet. I am using CCP and seem to have several options including Easy VPN server, SSL VPN. I also can choose "Full Tunnel" or not.I have a 2911 router. I have a static range of internet IP addresses. The router is already functioning with inside to outside and outside to inside NAT, etc.
View 1 Replies
View Related
May 16, 2013
i have router 2911
pub ip: 121.97.65.61-74
interface gigabitethernet 0/1
ip address 121.97.65.61/28
[Code].....
and other ip will drop/kick/disconnected automatically
how to implement this on access list
View 6 Replies
View Related
Feb 2, 2011
After trying to configure remote client VPN access to a Cisco 2911 ISR using the CLI I tried to use the Cisco Configuration Professional. However, either way I have the same problem. A client can successfully connect and access servers but just once. When the client disconnects and tries to connect again there is no access to the servers even though the VPN tunnel appears to be up. I've tried multiple versions of the Cisco vpn client SW and all behave the same: 1st connection can access servers, subsequent connections can't. I've also tried a second (different) client after the original connection and still no luck. If I reload the router the client can get the vpn connection and access the servers but if the client disconnects from the vpn and tries again there is no access to the servers.
I've also tried it with and without NAT but it doesn't seem to make any difference.
The config generated using CCP is as follows:
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
[Code].....
View 4 Replies
View Related
Aug 9, 2011
I am using Cisco 2911 router , i configured remote client in that . i need to provide the static ip to the remote users instead of providing from the dhcp pool. is it possible? if it is how we can do that.
View 5 Replies
View Related
Nov 11, 2012
We already have IPSEC VPN connectivity established between sites but would like to introduce some resilience/redundancy at a remote site.
Site A has an ASA with one internet circuit.
Site B has a Cisco 2911 with one internet circuit and we have established site-to-site IPSEC VPN connectivity between the 2911 and the ASA.
Prior to getting the new internet circuit, Site B had a Cisco 877 with an ADSL line which are still available but aren’t currently in use.
The internet circuit at Site B has dropped a few times recently so we would like to make use of the ADSL circuit (and potentially the 877 router too) as a backup.
We thought about running HSRP between the 877 and 2911 routers at Site B and, in the event of a failure of the router or internet circuit, traffic would failover to the 877 and ADSL.
However, how would Site A detect the failure? Can we simply rely on Dead Peer Detection and list the public IP address of the internet circuit at Site B first with the public IP address used on the ADSL line second in the list on the ASA? What would happen in a failover scenario and, just as important, when service was restored – I’m not sure DPD would handle that aspect correctly?
I’ve read briefly elsewhere that GRE might be best to use in this scenario – but I can’t use GRE on the ASA. I have an L3 switch behind the ASA which I may be able to make use of? But I don’t want to disrupt the existing IPSEC VPN connectivity already established between the ASA and the 2911. Can I keep IPSEC between the ASA and 2911 but then run GRE between the L3 switch and the 2911? If so, how would this best be achieved? And how could I also introduce the 877 and ADSL line into things to achieve the neccessary redundancy?
View 6 Replies
View Related
Aug 9, 2011
I am attempting to get a solid setup for a remote office we have going up and I am running into little issues that I cant seem to get around.
Basically, we have a remote office that will have dual ISPs, one hard wired circuit from a local carrier and the other will be a Verizon 4G router that plugs in via Ethernet and hands out DHCP to my Cisco router.The Cisco router is a 2911 with IP SLA configured. I have it setup to ping my DC out one interface and if that fails, it removes the default route and injects a new default route from the other ISP,
The problem I am having is with the VPN. I figured using EZVPN would be the only solution because the Verizon 4G only supports DHCP so I have to be able to connect from a dynamic remote host. The other caveat is that failover needs to be seamless as we have no person onsite that can troubleshoot. Its fine if it takes a few minutes, but the VPN just needs to come back up on its own without any intervention.
I attempted to setup two different EZVPN crypto maps on the router but realized you can only have one inside cryptomap per interface, which would cause a problem with the internal network. I thought I could just create subinterfaces off the router to have two inside interfaces to work with but that wouldnt have supported because they would now be on different subnets.
I decided that adding an ASA5505 behind the router may be the simplest solution. Use the router only for the purpose of handling routing between the two ISPs and performing NAT out the interfaces. Then use the ASA to do EZVPN from. This works well but there are some issues I am trying to work through.
First, when the ISP fails over to the backup, the NAT translations have to timeout before things start working again. For a constant ping, this is fine, I have the timers set down to 15 seconds for NAT timeouts and after 15 seconds the ping picks right back up again. However, this breaks the EZVPN. The ASA keeps trying to bring up the ISAKMP nearly every second, which keeps resetting the countdown on the NAT timeout for the remote EZVPN server. Because of this, the VPN will never come up until I manually clear the NAT translations on the router. So my first question is this; is there a way to adjust the timer that the VPN uses to try to bring the tunnel up? I tried the crypto isakmp keepalive command but that didnt work, it looks like it doesnt work with EZVPN.
The second issue is really with the IP SLA and is only an issue because of the first issue I mentioned. When the router first comes up after a reboot, both the primary and secondary interfaces come up. However, since the primary default route is only injected into the routing table once IP SLA is up and can reach its destination, the secondary route gets injected initially and the VPN comes up over the secondary ISP. In a few seconds, the primary default route is injected, changes the path and because of the NAT translation, breaks the tunnel and never comes up again because of the first issue with the VPN tunnel renewing the NAT translation continuously.
I could easily go out and purchase a $100 Linksys router that will do the failover and clear its NATs and everything, but I need better reliability out of the hardware than that. There has got to be a way to do this on a Cisco device since consumer level equipment can.
View 1 Replies
View Related
Oct 8, 2011
I have set up an access point as per the instructions I found on this site. It works perfectly, holds a wireless signal fine. Now, I have the challenge of trying to remote connect to the home computer that is connected to this access point. I have absolutely no clue as to what changes in settings have to be made.
View 4 Replies
View Related
Aug 24, 2011
I recently purchased a 825 and a WD Mybook Live. I have been going back and forth on the WD board trying to resolve a remote access issue with the mybook and I am being told to do some settings in the router and I am not sure I have dine them correctly> It has not resolved the issue but I would like to make sure I am correct before I claim its not a good fix. The mybook is connected into a network port on the router which is connected to a High Speed modem and then out to the internet. Initially I was told to enable UPnP on the 825, which was already enabled. Then this is what I was told to do by a WD tech. You could try assigning a static IP to the My Book Live, then making sure ports 80 and 443 are assigned to that IP on your router. It is possible that something else is taking one of these ports. We use uPnP to try to open up these ports, and if it fails, we resort to relay mode. In the future, we will allow you to set these ports within the My Book Live to other than 80 and 443.
View 7 Replies
View Related
Apr 26, 2010
I am having trouble accessing my DIR-655 remote management screen via ip to my network.To make sure i didnt have any odd settings, i did a hard reset on my router first.I then enabled remote management, and left the default port 8080 I try to access viw the ip address on my status page suffixed by the port 8080 [URL] page cannot be found.I then enabled https and tried to access via:[URL]page cannot be found.I then setup a entry in the virtual server to redirect http requests to my workstation hosting IIS7, if i connect to localhost, the iis welcome screen appears, but if i browse to my ip, i get nothing.I am using Cox residential service, i called them and they informed me that they do not filter or block requests in any way.
View 12 Replies
View Related
Oct 4, 2011
i have a WD My Book Live and it's connected to my DIR-825. i'd like to configure the router to allow FTP access to the NAS from the internet. the drive has an option to enable FTP in it's configuration, but i have not done this before and i don't know what to do to create a solid/secure FTP portal so that i can access my files remotely.how do i configure the router for this ? my router is set to DHCP and i have turned MAC filtering on.. in particular i am looking for the ability to transfer/copy files from the drive, and not allow any modification/writing to the drive from the outside.
View 10 Replies
View Related
Dec 22, 2011
I opened the remote management to my Dir 655 but i can't enter it I tried to change port it didn't work, tried to factory defaults or hard reset didn't work what can i do I think it all so stuck my access to my remote desktop (not sure)
View 3 Replies
View Related
Aug 4, 2012
I have site to site vpn between cisco asa and cisco 2911 router.asa is static ip and cisco 2911 side is dynamic ip. my site to site vpn is working fine. I am just trying to make PAT over the vpn means i want forward one ip in my public pool to one of my local ip in the cisco 2911 side.
View 2 Replies
View Related
Sep 4, 2011
I recently purchased a Cisco 2911 to replace my Cisco 1711 router. I copied the configuration from the Cisco 1711 router to the Cisco 2911 router. Everything seemed to work correctly except when I VPN tunnel into the Cisco 2911 router using Cisco's VPN client version 5.0. I can ping the router LAN interface from my PC that is VPNed into the router but I can no longer ping or access the devices on the LAN side of the router as I did on the Cisco 1711 router. I don’t see errors in the log or hits blocking anything in the acls. It’s using the same configuration that I had on the Cisco 1711 router, and this did work on the Cisco 1711. The Cisco 2911 router is running IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1).
Here is the VPN clinet portion of the configuration: The LAN is addressed as 192.168.0.0/24. The router LAN interface is 192.168.0.1, which I can ping and access. I can't ping or access anything on the LAN (192.168.0.0/24) beside the router.
aaa authentication login vpnclientauth local
aaa authorization network vpngroupauth local
!
crypto isakmp client configuration group remote-clients
key 6 xxxx
pool clients
[Code]....
View 11 Replies
View Related
Oct 22, 2009
After I change my router, I recently found out that I cannot access remote network resources after VPN tunnel is established. I use CISCO System VPN client. I can see the connection is successful. I cannot ping server on the remote network
View 2 Replies
View Related
May 16, 2013
I currently have ipV4 as the setting on my DIR-825. Other posts seem to want ipV6 which is more secure but is not possible with a DIR-825 Rev A1. I have two routers, a primary router (DIR-825 Rev B1) capable of ipV6 and a secondary router (DIR-825 Rev A1). If I implement ipV6 on the Rev B1 router but keep ipV4 on the secondary router, will this improve the security, or will it just mess things up so nothing works?Certain devices (cell phones and most Tablets) don't deal with ipV6 very well at all. The ones I have tested flat don't connect to the wireless network if the router is set at ipV6. Is ipV4 adequate for a Home/Small Business Network when trying to implement Remote Access and VPN?
View 2 Replies
View Related
Dec 5, 2012
Region : Ireland
Model : TL-WR740N
Hardware Version : V1
Firmware Version :
ISP :
I am trying to setup my DVR for remote access but my public IP and the routers WAN are not the same?
View 4 Replies
View Related
Nov 2, 2011
I have a 2911 router where I was configuring the device to allow remote desktops connections. Everything is working properly, but for some reason my ACL has disappeared.
View 5 Replies
View Related
Jan 26, 2013
Region : Singapore
Model : TL-WDR4300
Hardware Version : V1
I need to set up remote access to my HDD connected to my WDR4300, so I can always go online when I am out to retrieve the saved files in the HDD. However I have zero knowledge of network setting of the FTP servers, I can gain access when I am home and connected to the Wireless network, but how to gain access remotely.
View 6 Replies
View Related
Apr 3, 2013
I have two Cisco routers - 2911 in HQ and RV180 in branch office. Because in HQ LAN network I have some development servers, to which guys from branch office need to have acces, I decided to setup VPN site-to-site between HQ and branch office. Everything went quite smoothly, on both devices I see, that ipsec connection is established. Unfortunately I am not able to ping resources from one network to other one and vice versa. Below is the configuration of 2911 router (I skipped som unimportant (imho) configuration directives) :
crypto isakmp policy 1
encr 3des
hash md5
[Code].....
View 9 Replies
View Related
Apr 22, 2013
Region : Australia
Model : TL-MR3420
Hardware Version : Not Clear
Firmware Version :
ISP : Telstra
Is remote administration over 3G connection possible? The telstra public IP is not pingable. (from externally) Goes no where when I put the public IP into a browser. (from externally) Any settings changes to enable this?
View 1 Replies
View Related
Apr 20, 2011
I am configuring Remote Access IPSEC VPN in IOS Router 12.4T.I am able to establish IPSEC VPN from VPN Client 4.0. But I am able to access all the LAN machines from this client connected.I want to restrict access to only one server in my LAN rather than accessing all the servers in Datacenter.For example
-Group FTP should be able to access only FTP Server with ip addess 10.1.1.21 on Port 21
-Group WEB should be able to access only WEB Server with ip address 10.1.1.80 on Port 80
View 11 Replies
View Related
Aug 12, 2012
I am trying to set up Remote access vpn in 1841 router. The vPN client is connecting to router, but cannot ping to remote LAN Here is the config.
Current configuration : 3625 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
[code]....
I am not getting any hit on the deny statement of 102 when i try pinging to client ip address (10.0.0.10).
View 2 Replies
View Related
Dec 15, 2010
I can ping across the tunnel from the pc's on either end of the tunnel, but I can't ping across the tunnel from the routers. If i ping using the source command using the LAN interface, the ping is successfull.
The reason i need this is for the remote router to be able to lookup the head office server for dns wins and ldap.
View 4 Replies
View Related
Oct 26, 2010
I am using Cisco configuration professional to set up one easy vpn server on 887-K9,vpn client can dial up the server successfully but can only ping router but on other lan. Looks like there is a nat issues between lan and vpn client?
View 5 Replies
View Related
Sep 23, 2011
I made a custom-built V1 Windows Home Server that I really would like to be able to remote access. I have tried the Netgear 3700, but it did not allow remote access. A D-Link DIR-825 does, but it, and many D-Link products, have a persistent problem of requiring a reset due to dropped connections. I have had 2 of the DIR-825's drop connections. I have been told that their QoS components cannot handle the load on them and fail, causing the drops, but I cannot corroborate that.Perhaps what I need is a router that allows "NAT loopback"? This way I can see the WHS Console verify that I can access the server from outside my network. I have tried to do so with the above routers via a 3G connection on my iPhone 4 and all except the D-Link failed to allow access to my WHS.
I should add that I am using a D-Link DSL-520B modem on ATT DSL. It is a 6MB connection from the ISP. Previously the modem was in "bridge mode" on the D-Link router. Also, contacting ATT I was told they do not block any ports. I have tried forwarding the proper ports (80, 443, 4125) for the WHS, but that has not given me remote access. I did get them by enabling UPnP on the D-Link. Is all this an issue of needing the modem on "bridge mode" in order to work properly? Any router for my needs that allows remote access (NAT loopback needed?) and also has a solid connection? Gigabit ethernet is a must have too. Otherwise I am open to options. I would like a combined router/modem unit to make things a little easier.
View 3 Replies
View Related
Sep 3, 2012
I have a router 2811 that it's configured with VPN remote access and I'm trying to block clients based on their MAC address, I tried configuring access interface as routing/bridging, configured an ACL 750 for 48-bit MAC address access list and enable "bridge-group 1 input-address-list 750" command on bridged interface, but the only match I got when VPN clients access the LAN is from router interface.
Internet(VPN) ---> Router1 (FE 0/1) ---> Router1 (FE 0/0) --> Router2 (FE 0/0) --> Router2 (FE 0/1) --> LAN
I tried configuring on Router1 (FE 0/0) interface and also on Router2 (FE 0/0) interface with same behaviour. Router2 is used for internal NAT.
bridge irb
bridge 1 protocol ieee
bridge 1 route ip
[Code].....
View 4 Replies
View Related
Dec 6, 2011
I have setup a VPN connection on a 891 router. I can connect to the VP both but am unable to ping or access any resources on the remote network.
Here is my running configuration:
[code]...
View 5 Replies
View Related
May 15, 2013
I am trying to troubleshoot my own router (Linksys) issues with using Lync and accessing some sharepoint sites that are internal to my company's network. I am connecting to the Internet using a Linksys router (WRT400N). When I have my work laptop using RESCUE GFE hardwired directly to the modem - and then connecting to VPN - I can connect to Lync and work normally. However, when I move connection via the router - I can no longer connect to Lync nor access some Sharepoints. I can access VPN fine but with Lync I get an error stating "Your Lync account does not allow access from outside your organization's network. Please connect to your organization's network and try again. However, I am connected via the VPN.this connection worked with a prior laptop using WinXP (I am no on Win7) and the connection thru router and using VPN worked with Communicator.I unfortunately had to reset my router - so I cannot recall if there were port settings established from the last time I had to set up the network. I didn't save the configuration; note to self - save configuration in future.
View 1 Replies
View Related
Mar 23, 2010
Even when I disable remote access, people still can get to my router login by typing my external IP. Is there anything I can do to stop this?
View 5 Replies
View Related
Nov 29, 2011
I'm using a Linksys WRT54G in my home and I have it set up to allow me to connect remotely (VPN and RDP) from work. I do this every day and it works perfectly. The problem I'm having, though, is that every morning it doesn't work until my wife wakes up her laptop. After that it works fine, whether her laptop is on or off. It behaves as if the router is "asleep," and when she generates some local network activity, it wakes up, thus allowing me remote access.
I believe it's a router issue and not a computer issue because not only does it affect VPN and RDP, but even the router's remote management interface is unavailable until this happens.
Some more details about my home setup. I have a fixed IP address assigned to me by my ISP . All computers connect to the router wireless VPN and RDP is routed to a desktop computer running XP SP3 that is always on (it never goes to sleep or hibernates)The router is enabled as a DHCP server (192.168.0.2 thru 11)The desktop computer is set up with a fixed IP address (192.168.0.100)The router is set up to forward VPN and RDP traffic to the desktop . Here's some screenshots that may be useful.
Basic Setup Port Range Forward Management
Pretty much every other setting is defaulted. Like I said at the start, my setup works perfectly and I'm very happy with it. I just can't figure out why every morning it doesn't work until my wife uses her laptop?
When I'm at work, hers is the only computer on the local network getting assigned an IP by the router. Until she turns on her laptop, the DHCP client list is empty. Could it be that the router needs at least one connected device assigned an IP by its DHCP service in order for it to receive external connections?
View 6 Replies
View Related
Jul 15, 2012
I have a 2911 which works perfectly except I cannot access it via HTTPS. HTTP and SSH both work. I've regenerated the RSA-key several times but to no avail.The box has a host- and domain-name configured.
View 8 Replies
View Related
Jan 3, 2012
I have a Cisco 678 connected to my ISP (Qwest) using DHCP. This is connected to a Linksys WRT54g router. I also have a home server running for remote access to some files and media streaming. I just installed security cameras that I wish to monitor remotely via the internet.I can access my home files over the internet with no issue. However I am unable to access my cameras using the internet. Looking at my router incoming log, I see my request arriving, but I never get to the DVR attached to the camereas for remote viewing.I enabled bridging on the Cisco 678 but this did not solve the issue.
View 1 Replies
View Related
