I configured a 1841 router that connects to a DSL modem. This DSL connection is our Internet connection for vendor and IT testing. I have connectivity to the Internet using nat and have configured the router to act as a DHCP server. It seems to be working fine. I just want to configure some best practices for securing the device from the outside access. Is there some standard best practices I should be configuring?
View 2 RepliesI recently changed the entire configuration on two 6509 switches, and the fibre modules on slot 7 and 8 have gone down on BOTH switches. It would be easy to say that its a hardware fault but I cannot understand how module 7 and 8 can go down on both switches. Initially I thought it maybe due to IOS bug 22-33.SXI2a.bin" so I upgraded it to s72033-advipservicesk9_wan-mz.122-18.SXF12a.bin but it still down.These are the actions I have carrried out to try resolve the issue:
- Reverted back to orginal configs but no luck
- Tried to use "power enable" command but the status light on both modules seems to turn red and then go off again.
- I have also tried to put one of the fibre modules into a different slot but no joy
- Upgraded the IOS from 22-33.SXI2a. to 122-18.SXF12a
I am sure that hardware fault cannot occur on BOTH modules 7 & 8 on BOTH switches after config change.The error in the log shows that modules "failed to bring online because of registration timer event". I understand this means that it is unable to download the image within the allocated time. [code]
I have a sitecom 3G ready wireless router but does not support the local telephone company. i would like to know how to access its modem config from a command line inorder to configure the modem commands with local company settings. Its model no is WL-326v1001
View 1 Replies View RelatedOn a number of 6500 chassis it appears that linecard 3 did exist at somepoint, but was removed.Problem is that when issuing the 'show int desc' or 'show ip int brie' the ports for the still appear, and indeed same with 'show run' and 'show conf'.
View 1 Replies View RelatedHow to configure leased line from the ONT connection on Cisco 1841 router . there have public IPs on the interfaces fa0/0 & fa0/1.
View 4 Replies View RelatedI have a cisco 1841 whose LAN interface is showing status as "Fastethernet 0/1 is up , line protocol is down" the duplex and speed settings in the Router are in Auto mode and the Router was working fine till now , when i changed the duplex settings to duplex full , speed 100 the ping replies comes back with 5-6 replies then the link dies again..
View 1 Replies View RelatedI am going to design one network. I had queries with this design.Let me explain scenario first( it was attached below).I have two sites, Site-A and Site-B, repectively.
In site-A i have one Cisco 1841 router, one Cisco ASA 5510 firewall and One cisco 3560 layer 3 switch.
in site-B i have one Cisco 1841 router, one Cisco ASA 5505 firewall and One Cisco 3560 layer 3 switch.
From ISP side
I have point-to-point leased line between sites A and B. And both sites have internet connectivity from another ISP.
I planned to terminate leased line in cisco 1841 router in both branches for branch to branch connectivity.
I will configure site to site VPN between two sites, A and B.
Here my query was i want make VPN as failover connectivity if leased line fails. In both the cases, i need internet to the inside users in both sides.
Summary requirement:Leased line is Primary and VPN is Back-up, if leased line fails. In both cases internet is needed to inside users.
I've moved a Cisco 887 router from a site where it was used to dial up on an ADSL line to a new site where we have a EFM circuit which terminates at a Cisco 1841 router managed by our ISP. I therefore need to re-configure our 887 router to work as a conduit from our servers back to the Cisco 1841 as its gateway.
I have asked from our ISP and they told me that i need to configure the 887 to use IP address 176.35.140.65 255.255.255.248 and its gateway should be 176.35.140.70. That's great advice in theory but I don't know how to configure this correctly
Our internal network is using subnet 192.168.42.XX which will need to be retained for local devices.
I've just want to confirm if I can protect a router (telnet and ssh) putting 2 ACL's (one IPv4 and other IPv6) on the same line vty. Something like:
line vty 0 4
access-class hostsIPv4 in
ipv6 access-class hostsIPv6 in
Do I have to use named ACLs?
I have a brand new TMG Installed and setup some rules. But i need to have one wireless router for a special office which should not be filtered by TMG. How can i setup TMG rule and the wireless rounter to not be filtered on TMG ? The linksys wireless rounter should also NOT ask for domain authentication.. it should allow directly access to outside without any authentication.
View 1 Replies View Relatedmy Cisco ASA 5510 doesn't save the configuration to the disk.
View 1 Replies View RelatedIs it possible to generate CSR using SH1 instead of md5 on Cisco 1841 for SSL VPN, because the provider that I try to use doesn't accept md5. Also tried to import there private key and got an error "Error: invalid PEM boundary"
View 4 Replies View Relatedwhenever I setup URL filtering in 1841 router with policy-map type http and zone-pair command, I experience 100% CPU spike. is there any workaround?
View 1 Replies View RelatedI have a 1841 with 12.4(16) IOS.In my configuration I have to interfaces for internet access, without vrf:
interface ATM0/0/0
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
[code]....
This two interfaces are in the global route table because there is no vrf indication. These are for internet access (a simple adsl connection) Then, I have this interface in VRF named "lan123"
interface FastEthernet0/1.23
encapsulation dot1Q 123
ip vrf forwarding lan123
ip address 192.168.143.254 255.255.255.0
ip nat enable
Now the issue.If I write:
ip route vrf lan123 0.0.0.0 0.0.0.0 Dialer0
this works and, with nat, internet works. The question is why this works without the "global" keyword? I'm going from the vrf named "lan123" routing table to global table without the using of "global" keyword.
If I try to use:
ip route vrf lan123 0.0.0.0 0.0.0.0 Dialer0 global
there is an error indication.
If i connected the latop to brand new out of the box ASA 5505 through consloe cable and i have a config file on this laptop from other ASA5505, is there anyway i can upload that config file into startup-config of this new ASA5505 through console cable, without using TFTP or FTP?
View 5 Replies View RelatedI have a Cisco 2811 router and when I turn of the router the running config is lost. I have to the following to get the router running of the start-up config settings.
router#copy start-up running-config
Cisco 2500 series access servers show line usage with the "show line" command:
View 2 Replies View RelatedThe reason is i want to know the difference between the leased line and the DSL line. The whole thing behind the confusion is, We plan to have a high speed internet connection in our office. We will don't have a branch office or some thing like that. I preffered to have high speed internet in our office. I found in some website that Lease line will have high speed connectivity(Upto 10Gbps). Can i use the lease line or DSL is enough for our office. Our office contains of 82 user who will use internet.
View 2 Replies View RelatedI'm studying for CCNA Sec exam and looking for any security labs for GNS3 or Packet Tracer.
View 3 Replies View RelatedMy company ordered NAC and ACS 1120 My question is Can i configure 802.1X security through ACS server and NAC in layer 2 Inband Virtual Gateway.for campus switches.Is it the good design to have double security for switch ports. 1st is 802.1X and 2nd is NAC in layer 2 INBAND VG?
View 1 Replies View RelatedASA 5510 security plus edition will it support active/active failover. and does it support context with securiyt plsu edition. and how many default context do we get with asa 5510 security plus edition.
View 3 Replies View RelatedI'm running into and interesting issue concerning a twice NAT config.
We have a remote site that needs to connect to a server cluster on our end. Using ASDM I have created a NAT rule that uses PAT to map our server addresses to a single IP (this is due to constraints placed on us by the remote site). This in and of itself shouldn't be a problem. The issue is that the VPN tunnel won't come up unless I also map an address to the remote site's sever.
Example:
Appliance: ASA 5510
ASA Version: 8.4(2)
ASDM Version: 6.4(5)
Original Packet:
Source Interface: inside
Destination Interface: outside
Source Address: Server_Cluster
Destination Address: Remote_Server
Service: any
Translated Packet:
Source NAT Type: Dynamic PAT (Hide)
Source Address: Mapped_Server_Cluster_Address
Destination Address: Mapped_Remote_Server_Address
Service: -- Original --
Within the Translated Packet section, if I set Destination Address to the actual remote server address nothing happens when I attempt to bring up the tunnel. However, if I map an address to the remote server, the tunnel begins to come up and then fails during phase two (as the mapped address doesn't match the addressing that has been defined in the remote end's connection profile).
Initially I thought the issue may be due to an IP addressing overlap since both sites are running similar numbers, but the default route statement on our ASA, should contend with this issue. Also, each time I change the NAT rule, I change the connection profile to match those changes.
So, ultimately, what I wish to accomplish is to allow connectivity between my site and the remote site without having to map another address to their remote server. How may I do this?
I have 2 office buildings using Cisco 800 series routers with a L2L VPN between both. I'm upgrading the router to an ASA5505 at one of the offices but can't figure out the L2L VPN on the ASA. Specifically, can't figure out how to set the pre-shared key. On the Cisco 800 it's:That doesn't seem to work on the ASA. Here is my current config on the Cisco 800. [code]
View 9 Replies View RelatedI am converting one PIX config (in 6.2) format to 8.4 format manually.I am stuck at the following statements.
---------------------------
global (outside) 1 192.168.21.100-192.168.21.150 netmask 255.255.255.0
global (outside) 1 192.168.21.44 netmask 255.255.255.255
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-list 101 permit ip host 10.130.101.2 10.132.102.0 255.255.255.0
-----------------------------
My understanding from the old config file was that any traffic coming from source 10.130.101.2 to destination 10.132.102.0 would NOT be translated and this shall remain the same in 8.4.How can I rewrote the NAT commands?
I have a Linksys WRT610N wireless system with WPA-PSK security and this works fine with several computers but now one computer detects the wireless security as WEP and can thus not connect to the router. I have tried to manually connect to the router with correct security WPA-Personal (TKIP) and correct password but then the computer says "settings saved on this computer for the network do not match the requirements of the network".How can I get the computer to detect the correct security? The computer is running Windows 7 home premium.
View 7 Replies View RelatedIs it true that the FCC is investigating the Pogo game site because of poor security? Is Java the cause of this problem?I'm very leery of getting on the Pogo site because I've been told that my computer could get a virus and crash.
View 1 Replies View RelatedI'm new to IT, and have been put in charge of managing our servers hile my boss is on vacation.We currently have a Sonicwall Network Security Appliance that handles our Firewall/VPN and have web content filtering set in place.I have a user who belongs to 2 CFS policy groups that we have set up. I've double checked with Active Directory, and he is a member of both groups.
This person SHOULD have access to Job searches/ and Restaurants,but receives a "content blocked" message on his browser.It appears to me that the settings in Sonicwall are correct, as well with AD member groups.
I am trying to connect to a Security-enabled wireless netowork. I have the key. My problem is that I can't seem to figure out how to enter it. When I try to connect I open the "view available networks"window. I see the network name and it shows a strong signal (all 5 green bars).
View 3 Replies View RelatedHow do I turn off "logging esm config"? I tried conft no logging esm config and that worked for the moment, but when the switch reboots, or I run reload, it comes back.What does that do anyway? This switch was giving an out of memory error and seemed to be flooded with messages, so I trying to turn logging off/lower the log level.
View 5 Replies View Relatedmy config and all the show's ive run sofar tryign to figure this out, but the policy map isnt matching the traffic for some reason
View 9 Replies View RelatedI have tried the config-register command and it is not available. Here is part of the show ver command. I want to change the config-reg from 0xF to 0x2102.I have run into this before but don't remember how to correct it.....I think I have to use the boot command but not sure. Here it the output show ver Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)FX, RELEASE SOFTWARE (fc1)
ROM: Bootstrap program is C2960 boot loader
BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)FX, RELEASE SOFTWARE (fc4)
System returned to ROM by power-on?System image file is "flash:c2960-lanbase-mz.122-25.FX/c2960-lanbase-mz.122-25.FX.bin"cisco WS-C2960-24TT-L (PowerPC405) processor (revision A0) with 61440K/4088K bytes of memory.last reset from power-on
4 Virtual Ethernet interfaces
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.64K bytes of flash-simulated non-volatile configuration memory.
Model number : WS-C2960-24TT-L
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 26 WS-C2960-24TT-L 12.2(25)FX C2960-LANBASE-M
Configuration register is 0xF
We have two offices in the US and one in Mexico. Our site in Mexico connects to our headquarters in the US over an AVPN/ MPLS circuit .Mexico has a separate Internet connection through TelMex. There is an ASA 5510 at headquarters and an ASA 5505 in Mexico. We have a fail over VPN set up in the ASAs for times when the MPLS circuit goes down. All Internet traffic in Mexico is supposed to be routed to the TelMex connection. All company traffic is supposed to be routed to the Cisco router. ASA is supposed to be last resort route. We have a fail over VPN set up in the ASAs for times when the MPLS circuit goes down. (Or at least we did until I had someone work on the configuration) Everything had been working fine for the last 4 years.
Yesterday when the MPLS went down, so did their Internet connection. I realized the Internet traffic is now coming through the MPLs circuit to head quarters and out our ASA. Obviously there is a problem with the configuration. I do not have enough experience to figure this out. I have attached the configs and the routes for both the ASA and the router.
I tried to deploy configuration templates with Cisco LMS Template Center, due to the 10 Cool LMS Tricks to better manage your network i am able to do it now.Just i don't know why, after deploying these templates the configuration is not save to the startup-config.another problem i have with the snmp-server location configuration. It seems my template does not support spaces in the textbox. Any way to put spaces in the snmp location?
<parameter name="snmp-location">
<description>SNMP Server Location</description>