Cisco WAN :: 1811 / Dual WAN Ping Source?
Apr 1, 2012
I have an 1811 with 2 WAN connections, Fiber and ADSL (both Ethernet). I'm having a heck of a time getting traffic out the ADSL link.As it stands, I can ping the next hop 75.158.58.1, but no further. ping source FastEthernet1 times out to any external address nor can I NAT internal subnets out the interface.I'm really at a loss as to why, especially since I can ping
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
[code]...
View 2 Replies
ADVERTISEMENT
Feb 20, 2013
Basically, he has an office he's supporting on a contract basis, they have a cable modem uplink. They move very large (100MB or so) EXCEL files to/from a server "somewhere out there"...The place has 19 users on cable modem (presumably commercial level). They're having "severe latency due to all the users". They're also using VOIP (not sure what product, shouldn't really matter)this doesn't pass the sniff test to me- I have 70+ users on 4 T1s and don't have the problems they claim to be having. Suspect they should be doing some packet sniffing to see who's camping on Youtube, but this is not an option....They're adding in a second cable modem line and want to bind both together. I immediately figured they should do QOS, dedicate the mission-critical traffic to 1 line and let it bleed over onto the other and take precedence if necessary. They have a Cisco 1811 router. I haven't messed with those before, but what I am seeing is they are a "fixed-configuration router". Obviously there has to be SOME config changeable- if for nothing other than IP assignment to interface and such. So what does Cisco mean by "fixed-config"? Is this basically a dumbed-down Linksys router?
View 19 Replies
View Related
Nov 9, 2011
i have two branch offices A & B both connected by a vpn. i am planning to add another isp on both the locations and have it just for the vpn. i.e have the second isp do just vpn and all other traffic go through the older ISP.. what are my options ? am not planning to add any extra hardware and also am not planning on acheiving any fail-over or load-balancing because i know ASA 5510 does not do load-balancing.
View 1 Replies
View Related
Oct 15, 2012
I have a Dual-Hub DMVPN with PKI dep[oyment infrastructure and with 2 Hub on Cisco 1811 and Spokes on Cisco 1841. When I enter the 'subject-name' parameter (pki trustpoint configuration mode) on a Spoke routers, one of two Tunnel is up, but the second Tunnel is not up. ISAKMP-negotiation select the rsa-sig-mode is correctly. If I select pre-shared-mode or if i remove 'subject-name' from Spokes, DMVPN work is fine!
Configuration example:
1. HUB:
--------------------------------------------------------------------------------
Cisco IOS Software, C181X Software (C181X-ADVENTERPRISEK9-M), Version 12.4(15)T15, RELEASE SOFTWARE (fc3)
Technical Support: [URL]
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 08-Mar-11 06:09 by prod_rel_team
[code].....
View 14 Replies
View Related
Nov 13, 2011
I'm trying to configure cisco 1811 with dual isp internet connections. Everything is working fine till i get to setting up port forwards.The port forwards for 2nd ISP do not work while connection to 1st isp is active. If if shutdown the connection to isp1 the port forwards work fine.
here's relevant section of the config
Code:
track 123 ip sla 1 reachability
delay down 15 up 10
!
track 456 ip sla 2 reachability
delay down 15 up 10
[code]....
I can access the 192.168.2.131 web server using the ISP1 ip but not ISP2 ip If i shutdown ISP1 interface the server becomes accessible through ISP2.Also while ISP1 is active I can't remote desktop to 192.168.1.210There are no acls, firewall zones or anything else.
View 3 Replies
View Related
Sep 25, 2011
I have a Dual-Hub DMVPN with PKI dep[oyment infrastructure and with 2 Hub on Cisco 1811 and Spokes on Cisco 1841. When I enter the 'subject-name' parameter (pki trustpoint configuration mode) on a Spoke routers, one of two Tunnel is up, but the second Tunnel is not up. ISAKMP-negotiation select the rsa-sig-mode is correctly. If I select pre-shared-mode or if i remove 'subject-name' from Spokes, DMVPN work is fine!
In what there can be a problem?
Configuration example:
1. HUB:
crypto pki trustpoint TRUSTPOINT-CA1
enrollment mode ra
enrollment url http://.../certsrv/mscep/mscep.dll
password ...
[ code]....
View 17 Replies
View Related
Nov 5, 2011
We have a Cisco 1811 which is running a number of different services. Let me try and explain how everything is working first.
On routed port 0, we have a statically configured fiber connection which routes a public /28. No BGP, etc just default routes. The /28 is divided into a two /29's, once of which is routed to Vlan3.
On routed port 1, we have a PPPoE DSL connection, with a single static IP.
Vlan1 is a 192.168.1.x subnet
Vlan2 is a 192.168.2.x subnet
Vlan3 is a y.y.y.x/29 subnet(the routed subnet)
Vlan1 and Vlan2 PAT the static fiber IP(not the other /29) along with the DSL. The other /29 is used for a few static NAT translations and SSLVPN
There is a zone based firewall in play, as well as a few route-maps to redirect traffic out certain interfaces on the inside.
The problem is, the fiber IP randomly stops responding to ping/ssh, however I can ping the interface IP assigned to Vlan3 from the WAN. DSL never loses connection in this manner.
I can normally reestablish "normal" connectivity by connecting to the DSL and bringing down the fiber and routed vlan in a specific order.
View 2 Replies
View Related
Feb 19, 2012
I would like to make a design with 4 Nexus 5596UP. 2 of them equipped with Layer 3 Expansion Module so they can serve as core layer and the other 2 Nexus used as Layer 2 for aggregation server layer.The 2 Nexus in the core layer will run HSRP and will peer with ISP via BGP for Internet connection The 2 Nexus in the aggregation layer will be configured as layer 2 device and have FEX and switches connected to them.What I am ensure of is how the vpc and port-channel configuration should look like between the 4 nexus. What I was thinking is to run vpc between the 2 Nexus in the aggregation layer and between the 2 Nexus in the core layer. Than I was thinking of connecting each Nexus in the aggragtion layer to both Nexus in the core layer using port-channel and vice-versa.
View 3 Replies
View Related
Dec 17, 2012
how to change our wireless setup. Currently, we have 2 Cisco AiroNet 1130 WAP's in the office that go directly into the 2 POE ports on our Cisco ASA 5500. These WAP's have 1 SSID and are using WEP for security. After demonstrating the flaws of WEP to my boss, he has agreed that we should use something more secure and I've suggested WPA. We want visitors to our office to be able to hop on our wireless but on a separate guest SSID with WEP.
I'd like the internal SSID to route to the ASA and take the default route to the internet (it will be our new fiber connection once it's installed in a couple weeks). The default route is whichever connection is working since our ASA 5500 will fail over when it detects an outage.
I'd like the guest SSID to route to the ASA and then go over our existing cable connection. This connection will be our backup once the fiber connection is installed. Since we won't be using it very often, but will be paying for it, I advised that we send all guest wireless traffic over this connection since 50/5 is plenty for guests.
The current SSID (which will be the internal SSID) has no VLAN. We do currently have a few VLANS on our network, one for voice (.42) and one for data (.100) and the default (.0). What device to I create the VLAN on (Cisco 5500?) and how to I setup the WAP? I need very basic instructions to start and I'm also trying to do this without causing downtime if possible.
I've attached a diagram of what it should look like. Red indicates our internal network and Blue indicates the guest network. I can send screenshots as well.
View 2 Replies
View Related
Mar 29, 2012
I wanted to ask a question about the diagram I have included. We are bringing up 2 MPLS WAN connections and would like some specifics on the best design. We are using BGP to the providers. From there we have big questions. We can run BGP internal and are licensed to do so on the N5K's. The N5Ks are currently using HSRP for inside LAN clients as default gateway. We want to load balance and provide redundant routes using a dynamic approach. Should we use BGP internal utilizing the connections between the routers? Should we use HSRP on the routers? How best to get the routes to the N5K and should we be considering this?
View 5 Replies
View Related
Feb 21, 2013
I run 2 RV042 V1 for home and office with Gateway to Gateway VPN connection with single WAN connection in use. Everything works like a charm!
I was even able to create VPN connection with 2 WAN connection on one Router and 1 WAN connection on another with Smart link failover and VPN Tunel Backup.
I got problem though when i tried more complex connection diagram. [URL]
So basically I now have 2 ISP connections on each point with Static IPs and I'd like VPN Connection to be alive for ALL 4 options automatically with failovers (smart links) And tunel backups but i'm not sure if that's ever possible with my equipment.
View 2 Replies
View Related
Jan 8, 2013
I need some help in configuration of Cisco IOS VPN. Basically, we have 2 Cisco 1811 routers in our company. Router 1 - Production router (IP 192.168.x.254)Router 2 - VPN router (IP 192.168.x.251). All machines/servers inside our network has been configured with a default gateway of 192.168.x.254. Hence, all internet traffic will go through the production router.
Now, we want to deploy a new router (i.e. Router 2) which will be solely used for VPN purpose (such as DMVPN, IPsec site to site, VPN client configuration etc). I have configured Router 2 with Cisco VPN client and can connect to this using VPN client application from my home PC. However, once I connect to it, I am not able to ping anything inside this network other than Router 2 IP (192.168.x.251).
Is there anything else that I would need to put into the configuration so that I can ping everything inside the network?
View 4 Replies
View Related
Oct 19, 2011
i have cisco router 1811 , i make port forwarding for my mail server , so from outside i can access to the mail server via my mobile but inside lan i cannot because i use my global ip address at my mobile config .
View 12 Replies
View Related
Feb 28, 2012
I have some problems with making stable VPN between SRP512W and ISR1811.Configuration:
- IKE policy - 3DES/SHA1 group2(1024bits)
- crypto map on ISR1811
One of the main issues I've noted appears when SRP loose it's IP connectivity to remote router, even if this connectivity interruption lasts for only couple of seconds. When the IP connectivity is restored SRP is unable to re-establish the IPSec session. There is connect/disconnect option in SRP menu (Status -> VPN Status -> Connect/Disconnect) and automatic VPN disable (VPN -> Site-to-Site VPN -> IKE policy -> Enable Dead Peer Detection) yet I couldn't found any option for nor automatic mechanism for VPN reconnection when the IP connectivity is reestablished. This issue lead to interruption of Site-to-Site VPN service when there is some short outages within the ISP network.
Another issue is building GRE tunnels between the same devices. Can you verify my configuration? Belive it or not - I spent more than 4-5 hours and couldn't do it.Should I make some additional settings/configurations ?
View 1 Replies
View Related
Aug 16, 2011
I got a new 1811 series router. Its sh version output is " flash:c181x-advipservicesk9-mz.124-11.XW6.bin". I need to upgrade to the latest IOS. How can i find a latest one? How can i upgrade to the latest one?
View 1 Replies
View Related
Jul 14, 2011
I am a new owner of a Cisco 1811, brand new. So im trying to follow this,
[URL]...
But when i get to this,
it won't continue, if i cancel this and not setup the WAN connection then log back into after it's rebooted i can see both lan's * both disabled * when i enable 0 it wont allow me to click add or do anything else to setup the WAN connection
View 19 Replies
View Related
Jan 23, 2012
I am setting up my 2nd 1811 router for NAT and VPN. The 1st 1811 works great, completed a few months ago. On this 2nd 1811, I decided to just copy the working startup-config from the good, 1st router to this 2nd, and then change IPs and from there. I did not do the setup wizard, but just erased the startup-config, reloaded, gave temp IP on local LAN and copied good startup-config from TFTP server.
Question: on this 2nd 1811, I show this:
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no ip subnet-zero
I do not have this on the 1st, and I cannot get rid of it. Is this due to IOS versions?
On the 1st I have:
Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.4(6)T8, RELEASE SOFTWARE (fc3)
flash:c181x-advipservicesk9-mz.124-6.T8.bin
On the 2nd I have:
Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.4(4)T1, RELEASE SOFTWARE (fc4)
flash:c181x-advipservicesk9-mz.124-4.T1.bin
View 10 Replies
View Related
Jul 17, 2012
I am having an issue where the GRE tunnels are up/up but are not pingable. The GRE tunnels are on a cisco 1811 and cisco 2811 routers The tunnel source and destination IP addresses are private addresses. These private addresses are pingable to each other and they are connected via IPSEC. The IPSEC tunnels are generated from the ASA to which the cisco routers connect. Probably the tunnels are up/up because keepalives are not configured. But I am still not able to see why I cnt ping the end points. The ACL for IPSEC in ASA includes the "permit gre host <Private IP 1> hist <Private IP 2>" commands.
View 2 Replies
View Related
Feb 27, 2011
I have a cisco router 1811 when powered displays the output below then it hangs at that point.
System Bootstrap, Version 12.3(8r)YH8, RELEASE SOFTWARE (fc2)
Technical Support: [URL]
Copyright (c) 2006 by cisco Systems, Inc.
C1800 platform with 393216 Kbytes of main memory with parity disabled
[code]....
View 10 Replies
View Related
Aug 21, 2012
Last night I had a crack at setting up PBR on my companies Cisco 1811.Joy, I thought, it's actually working. Alas I was wrong, the addresses were getting translated to our ADSLs external ip address but routed over our EFM.What I want to acheive is to send all HTTP(s) traffic from our workstations over the ADSL (FastEthernet1) whilst all other traffic and VPN goes out over our Bonded ADSL (FastEthernet0). There is also a minor failover in place for traffic routed to the ADSL in the route-map PBR_VLAN1. The servers are on IPs 200, 202, 204 and 240.
Anyway, I have re-written the configuration and xxx'd and x.a/b/c'd all the IP addresses I want to keep secret. Need to make sure that the PBR is correct, and will do what I want it to? I have a very small time-frame to get this correct and I dont want to fudge the bucket so to speak.
View 8 Replies
View Related
Jan 5, 2013
I got a Cisco 1811, with on FA0 ( WAN ) acting as a dhcp client and on FA1 ( LAN ) my laptop wich is getting a address form the DHCP Pool.
I receive a ip address on my laptop but it doesn't know the way to get outside.
here is my config:
Building configuration...
Current configuration : 3498 bytes
!
version 12.4
[code]....
View 5 Replies
View Related
Oct 21, 2012
trying to upgrade an 1811 to the latest firmware. [code] just seems to always boot back to the original file and not the one i just tftp'd up. could it be that this router requires additional ram to support this ios?
View 5 Replies
View Related
Sep 8, 2011
This is problably a stupid question but how do I open a prot on a cisco 1811? I have a cisco 1811 and a computer that has VNC installed on it. I want to be able to access that computer from out side the network using the external ip address and port 5950. People outside the network will be able to open vnc viewer and type in *external ip address*:5950 and it will be directed to the computer with a static internal ip address of 10.11.101.10. What commands do I use to do this?
View 23 Replies
View Related
Jun 28, 2011
To determine if the 2811 and 1811 ISRs support Verizon or Sprint USB 3g modems?
View 1 Replies
View Related
Mar 9, 2011
I have an (old) 1811 router acting as the Internet gateway. My users like to use download managers such as Orbit JDownloader to download large files that should not download. Is there a way to block it? The download managers often start multiple connections and seem to open/cose connections.
View 1 Replies
View Related
Jan 26, 2010
trying to fetch the equivalent of the mac-address-table on a 1811 with SNMP. I want a mapping between active MACs to a port ifIndex (not a VLAN interface ifIndex).
- I've snmpwalked every MIBs on this device (including all the proprietary MIBs supported by the IOS)
- I've upgraded to latest IOS from the 12.4(24)T series and also tried latest from 12.4(15)T series
- I am aware of the community index (@ sign in read-only community to split per vlan)
- I've exhausted all my google skills
On 29xx, 35xx, we obtain that information using the BRIDGE-MIB, community indexing and the following OID:
1.3.6.1.2.1.17.4.3.1.2 (dot1dTpFdbPort)
ex:
# snmpwalk -v 2c -c public@1 192.168.1.61 1.3.6.1.2.1.17.4.3.1.2
SNMPv2-SMI::mib-2.17.4.3.1.2.0.23.89.208.164.62 = INTEGER: 24
SNMPv2-SMI::mib-2.17.4.3.1.2.0.23.101.255.67.177 = INTEGER: 12
SNMPv2-SMI::mib-2.17.4.3.1.2.0.24.25.113.78.52 = INTEGER: 11
View 4 Replies
View Related
Mar 23, 2012
I've got an 1811 router running 15.4 IOS and a cable modem with 5 static IP's attached to Fa0. I would like to dedicate one of those IP's to a dedicated internal subnet (10.0.30.0/24) but I am not sure how to accomplish this?
What would be the best method to accomplish this? Unsure of where to begin..
View 3 Replies
View Related
Mar 23, 2006
I’m having serious issues getting Tandberg H.323 working behind this router with NAT.
My setup is Cisco 1811 configured with Fas0 to pull DHCP (public address). This router is being used in a mobile medical clinic VAN so the setup needs to be seamless and transparent to the users. The idea with the DHCP is anywhere they go they could pull a DHCP address and then NAT behind that address. The van visits mostly small schools in the Texas Rio Grande Valley providing medical assistance and consulting to the local community. The router has an 8 port built in switch and all ports are sitting in default VLAN 1.
Basic stripped down config, only relevant commands listed…
ip dhcp excluded-address 10.0.0.1 10.0.0.4
ip dhcp pool VANnet
network 10.0.0.0 255.255.255.240
default-router 10.0.0.1
dns-server 10.0.0.1(code)
Now initially I can’t even get the call to connect with just using the ports above, which I should. Also knowing there are several issues with H.323 and NAT I went ahead and added all know ports Tandberg says they use…
80 HTTPd *TCP
443 HTTPs TCP
1719 H323/RAS UDP
1720 H323/Q931 *TCP
2326-2373 (2837)** H323/RTP UDP
5555-55xx (5587)** H323/H.245/Q.931 TCP
Basically I created static NAT entries for all the ports and the ranges above. For the ranges I had to add a line for every port.
This didn’t and hasn’t worked yet even with some additional tweaking… Finally the question… am I going about this all wrong? Is there an arrangement of commands that will even work? How can I accomplish the port forwarding setup on a Linksys/Netgear router on a real Cisco router?
View 9 Replies
View Related
Mar 10, 2012
I've got a Cisco 1811 router with FastEthernet0 plugged into a cable modem with 5 static IP's. I want to disable the ability for those IP's to be pinged externally except for certain addresses that I specify (I have some offsite servers that I use to monitor the ISP link for example). I also want the ability to be able to ping external addresses from the router as well as any of my inside subnets. [code]
I've tried varying ACL's and applied to Fa0, none of which work [code]
View 3 Replies
View Related
Feb 28, 2012
I successfully pulled it out of the box and already broke it.
What I did to lose my connectivity to it (via IP, console is OK), but I'd like to start from scratch and during my learning/experimentation I will undoubtedly need to do this over and over until I get things right.
I've found various guides, none of which look like what I am after. Basically, I want to return this to the condition that it was in when it came out of the box. IOS is version 12.4(6)T11 .
View 2 Replies
View Related
Jan 18, 2013
On interface FA0 goes the UTP from my ISP. Further more I have setup my Vlan1 but i can't connect to the Internet.
Building configuration...
Current configuration : 3649 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
[code]...
View 10 Replies
View Related
May 16, 2012
I want to configure my Cisco 1811 router for 1 Internet link, The router is already connected to my main site via site to site vpn . Voice + VPN + Internet traffic is going through only 1 WAN interface,
I want to dedicate 512 kbps for VPN and voice traffic. I want to dedicate 512 kbps for Internet traffic.
View 1 Replies
View Related
Jun 26, 2007
I've configured SSL VPN on an 1811 router running 12.4(9) IOS. I'm using the full SSL VPN client and do not want to split tunnel the traffic. I can reach my inside resources just fine, but I can not reach sites on the Internet. I want to tunnel my Internet traffic to the router and then have it hairpin out the same interface.
I've successfully configured this type of hairpinning on an ASA for SSL VPN, but have yet to find a way to do it in IOS.
View 4 Replies
View Related
