Cisco WAN :: 1921 / 3560G - Unable To Access List And Ip Route
May 1, 2011
Have cisco router 1921 and 3 cisco switch 3560G i want to configure the cisco router so as network 192.168.4.0/26,192.168.3.0/26,192.168.2.0/26, all to access internet R1921(config)# ip nat inside source list 102 int G0/0 overloadR1921(config)# access-list 102 permit ip ?
I am right to do this below?
R1921(config)# ip route 192.168.4.0/26 10.10.10.2R1921(config)# ip route 192.168.3.0/26 10.10.10.2R1921(config)# ip route 192.168.2.0/26 10.10.10.2
assist on access-list and ip route?
View 20 Replies
ADVERTISEMENT
Jun 16, 2011
I've got an existing Cisco 1841 connecting to a 10Mbps Internet Leased line. With my current setup I've configured PAT for internet access for my users, and we also have some servers on site which are assigned public ip addresses, these can be accessed from the internet. Now we have procured a Cisco 1921 ISR to replace the old 1841, when I connect the 1921 with an identical configuration in place of the old router, 2 things happen.
1) The users accessing the net via the nat are able to work without any inconvenience (good)
2) My servers which have public IP addresses are unable to reach the internet and subsequently I am unable to reach them via the internet (very bad)
View 10 Replies
View Related
Jun 3, 2012
I'm getting this error message on syslog server (Kiwi syslog)access-list logging rate-limited or missed XXXX packets i did the following commands but still I'm getting the error :logging buffered 16386 debugginglogging rate-limit all 5000no logging consoleno logging monitorip access-list logging interval 30000ip access-list log-update threshold 30000 i don't want to report to the console or monitor i want to report direct to syslog server, because I'm monitoring all the traffic (permit ip any any log) !
View 2 Replies
View Related
Aug 16, 2011
I have VPDN running on our Cisco 1921 router running 15.2(1)T. Previously I was using Cisco 2801 router running 12.4(24)T4. I copied the config from the 2801 to the new 1921 router before replacing the router but now the VPDN isn't working.
Basically the users can connect and authenticate to the VPDN, but once they get the IP 192.168.12.10-20 IP, they can't access the internal servers (i.e. 192.168.12.120).
Is there any bug in the 15.2(1)T relating to VPDN?
Here's the VPDN section of the config:
vpdn-group TESTVPDN
! Default PPTP VPDN group
accept-dialin
[Code].....
View 5 Replies
View Related
May 1, 2013
I have a 3560G that I cannot apply a policy route-map to one of the VLAN interfaces. I am running up to date software, c3560-ipservicesk9-mz.150-2.SE2 and it accepts the command, but does not show it in the sh run of the interface. I updated to this code as I had seen previously someone said it needed to be version 15 before you could apply route-maps to VLAN interfaces.
View 4 Replies
View Related
Apr 17, 2012
I am copying files form one server to another using Bightserv ARCserve Backup, now the files copy over however the access control list to the files isn't.Does anybody no away around this?
View 3 Replies
View Related
Apr 24, 2012
Our company had been buying Cisco 1841 routers for years and they have served us well. The 1841 was discontinued and instead we have now purchased a Cisco 1921. It is brand new, running "Version 15.0(1r)M15" of IOS ("usbflash0:c1900-universalk9-mz.SPA.151-4.M4.bin" file).
On our older Cisco 1841 routers, we would always prioritize certain TCP and UDP packets using the priority-list command. However, I have suddenly discovered that priority-list is not available on this brand new router. (?) I am unsure why. I did some reading and according to the document [URL], and priority-group are unsupported in Cisco IOS 15.
Later version of a product isn't as fully-featured as the earlier version. I want to prioritize the following type of network traffic.
UDP ports 8000 through 8063, 2427, 2727, 9300, 9301
TCP port 35300, 60001 through 60010, 2065, 33333, 3065
giving them a higher priority than the rest of other packets. This is necessary for our vendor's VoIP implementation. These packets should be "high" priority; everything else can be "medium."
View 3 Replies
View Related
May 24, 2011
My issue: I have installed a firewall within my network. Currently all my clients default gateway defaults to GW:192.168.1.1. I would like all my internet traffic to route to the firewall ip 192.168.1.30. My Primary switch ip is 192.168.1.10, which is a 3560G running 12.2(25)SEE2 IPBASE-M.
My main problem is, I do not have access to the gateway, so I am trying to route internet traffic from within my switch to the firewall. I have already tried Route-Map, but seems this version of the OS does not support. I have already tried Policy-Map, but same as above. I have also tried IP ROUT command, but it did not work either.
And remember, I would like to perform the routing from the switch, because I do not have access to the default gateway which is a router to perform forward internet traffic to the firewall.
View 4 Replies
View Related
May 25, 2013
I am trying to implement static route tracking on a Catalyst 3560G ( WS-C3560G-48PS, IOS version 12.2(35)SE5 and SW image C3560-IPBASE-M). The configuration is as follows:
track 101 rtr 1 reachability
!
rtr 1
type echo protocol ipIcmpEcho 10.199.101.2
rtr schedule 1 life forever start-time now
!
IP address 10.199.101.2 is reachable via ICMP (its the next-hop router).
The static routes configured are the following:
ip route 0.0.0.0 0.0.0.0 10.199.101.2 track 101
ip route 0.0.0.0 0.0.0.0 10.200.52.1 20
But only the secondary route(ip route 0.0.0.0 0.0.0.0 10.200.52.1 20) its being installed on the routing table by the switch.
View 8 Replies
View Related
Mar 22, 2012
I am unable to remove an access list. Currently this this access list contains 4 lines of remarks. I was unsure if I was entering the command correctly and now I have 4 lines of "trash" that needs to be removed.
Symptoms:
The "sh run" command shows that I have access-list 100 defined.
The "sh access-list" returns nothing.
Process I have tried: config t
no access-list 100
no access-list remark Test (just trying anything at this point)
clear configure access-list 100 (This returns "Invalid input detected at '^' marker" and the '^' is under the 'e' in clear.)
So the "clear configure" command is not working. The "no access-list" commands does not return an error but does not remove anything.
What step am I missing? Let me know if I can provide any more information.
View 2 Replies
View Related
Apr 11, 2012
I have a 3560G and an ASA FW, for which I am trying to use PBR to append the next hop. The gateway is the switch VLAN address and the amended net hop is the same VLAN interface on the ASA. Trouble is, I can ping the FW from a client, but not the switch. If I remove the route map, I can ping both. Even more strange is this is the case for some VLANs, but not all!
Config:
HOST ON VLAN 96
IP 10.11.120.99
S/M 255.255.255.240
[Code].....
View 2 Replies
View Related
Nov 28, 2012
I am trying to get the Cisco 1921 to route between 2 LANs. I can ping from the router itself, but cannot ping across either, is there something I am doing wrong here:
version 15.1
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
[code]....
View 10 Replies
View Related
Jul 7, 2011
I have a Cisco 1921 and it has 2 VPN IP-sec site-to-site tunnels up and running. Lets say the tunnels goes from the Cisco to Site A and Site B.
Now i want Site A to reach Site B through the existing tunnels. I'm guessing that static routes maybe the answer but i cant seem to get it working.
The LAN networks is as follows:
Cisco: 192.168.15.0/24Site A: 192.168.0.0/24Site B: 10.27.27.0/24
At Site A i have set up a static route as follows:
Traffic destined for 10.27.27.0/24 Go to gateway 192.168.15.1 (the default gateway of Cisco LAN)
At Site B i have set up a static route as follows:
Traffic destined for 192.168.0.0/24 Go to gateway 192.168.15.1 (the default gateway of Cisco LAN)
View 9 Replies
View Related
Feb 18, 2012
The router passes the Interface test for the WAN port in CCP but it still we cannot access the internet. Here is my configuration:
Building configuration...
Current configuration : 3663 bytes
!
! Last configuration change at 09:29:52 Chicago Mon Feb 20 2012 by fbcpekin
version 15.1
[Code].......
View 5 Replies
View Related
Sep 30, 2012
We have Cisco 1921 routers that a provider is using for MPLS. They have it configured so that all internet trafic is passed to an internal ip address that is our proxy server. However, they are pushing all of the routing rules down to the workstation which is causing the local route tables to grow to be massive in a very short time.
For example, the second I ping a website, the ip address is resolved and then the route is added for the source ip address with the default gateway of the proxy server.
Is this normal? I would have thought that all the rules would have been handled by the router and let it keep the table entries.
View 1 Replies
View Related
Apr 20, 2011
We are using a CISCO1921-SEC (ISR) with IOS 15.1 and we configured a "crypto isakmp client configuration group". We can connect with the "Cisco System VPN Client Version 5.0.07.0410" via IPSec/UDP.
1. Is it possible to push routing informations to the System running the VPN Client ? A the moment all traffic is routed to the tunnel but we like only one route to the network permitted with "pool ..." in the "crypto isakmp client configuration group NAME" section.
2. We searched for changing from upd connection to tcp connection via special port. Is it possible with IOS 15.1 on the CISCO1921-SEC ? Is there something possible like "iskamp ipsec-over-tcp port 10000" ?
View 8 Replies
View Related
May 12, 2011
i have configured SSL VPN on Cisco ASA5510 which is working fine .My Users connected the VPN and access the servers remotely. But now i face one challange my users use PPTP VPN of the customer now a days configured at the Customer Network. When they Connect the PPTP VPN unable to Access the servers remotely defined on the SSL VPN Route.
View 1 Replies
View Related
May 28, 2013
Have a 1921 that has 3 eth connections (1 LAN, and 2 WAN) - I have 2 seperate OSPF processes (2 areas) on the WAN Ints - both upstream WAN's are sending defaults back to the 1921, and the 1921 is sending it's LAN range to them.
I have ip ospf cost 150 set on the "failover" WAN connection interface (Both on the 1921 and upstream), but the 1921 is preferring the default route from the "failover"?
The default routes are both being received by the 1921, but it's preferring the "failover" Int with the ip ospf cost 150 configured?
View 14 Replies
View Related
Apr 26, 2012
I'm trying to create a route-map for an EIGRP Distribute list on a N7K, the goal is to not advertise a 10.0.0.0/8 and 172.31.30.20/32 networks out a link to a remote site while permitting all other traffic to the internet (default). I configured the ACL/route-maps below and applied them outbound on the N7K interface but no subnets at all are being received on the remote site router.
ip access-list DENY_10.0.0.0
10 permit ip any 10.244.244.20/30 <<--WAN interface network
20 deny ip any 10.0.0.0/8
25 deny ip any 172.31.30.20/32
30 permit ip any any
[code]....
View 0 Replies
View Related
Aug 20, 2012
I have a C3825, and have been using standard ACLs and a PBR to route certain HTTP traffic via an alternative default gateway:
route-map RTRMAP-OfficeLAN permit 10
match ip address RTRMAP-OfficeLAN-toADSL
set ip next-hop x.x.x.x
This is working absolutely fine, and as expected, all traffic matching the ACL is being sent to x.x.x.x However, we have recently expanded our network, and I am now receiving various networks via BGP from various sources. All BGP incoming via iBGP is tagged in communities:
Community (expanded) access list 100
permit 37xxx:100
Community (expanded) access list 200
permit 37xxx:200
Community (expanded) access list 300
permit 37xxx:300
[code].....
All communities are also matching prefixes when executing either 'sh ip bgp community 37xxx:100' or 'sh ip bgp community-list 100' What I am trying to achieve, is create an EXCEPTION for the policy route. Traffic matching the community lists, must be forwarded based on the routers routing table, whilst traffic maching the ACL, must be sent via the policy route...
route-map RTRMAP-OfficeLAN permit 5
match community 100 200 300 400 500
!
route-map RTRMAP-OfficeLAN permit 10
match ip address RTRMAP-OfficeLAN-toADSL
set ip next-hop x.x.x.x
My logic dictates to me that the above should work, but looking at the route-map, I get matches on seq 5 and pacets are exiting the route-map as expected (first matched). However no traffic that does NOT match community 100,200,300,400 or 500 and that DOES match the RTRMAP-OfficeLAN-toADSL never matches.
The counters on the route-map for seq 5 is increasing, but no counters are increasing at seq 10.. It's almost as if seq 5 is matching all traffic.
View 1 Replies
View Related
Jan 13, 2013
I have configured DHCP snooping on a WS-3560G-48PS running IOS 12.2(58)SE2 ipservicesk9 variant.When I enable DHCP snooping clients don't get IP addresses, when DHCP snooping is disabled, everything works fine.I have set up a SPAN port and run a capture (attached) on the traffic. Wireshark notes the Seconds elapsed field appeared to be encoded in little-endian but only on some packets. Apart from that, I can see nothing wrong with the DHCP Offer responses from my DHCP server.Attachment config.txt contains the interesting parts of the configuration. Please note g0/32 has been set to ARP inspection trust as without working DHCP snooping it would require a static bind.Is there any way of figuring out which option can't be parsed? Is there a way to force forwarding of unparsable DHCP packets while still running DHCP snooping?
View 3 Replies
View Related
Jan 27, 2011
I have three VLANS set up on my Catalyst 3560G switch. Each VLAN has its own subnet and I have enabled IP routing and set up my VLANS so that clients on VLANS 1 and 3 can get to VLAN 2 because they share a server located on VLAN 2. However, now they can also see and get to each others VLANS! How I can allow my clients on VLANS 1 and 3 access a server on VLAN 2 but not access the other VLANS? I don't want VLAN 1 to get to VLAN 3 or VLAN 3 to get to VLAN 1.
View 17 Replies
View Related
Apr 2, 2012
The Cisco 1921 router has two routed adapters. One is GE0/0 which I am using for my WAN interface. It is working properly. The 2nd interface is GE0/1 which is being used as my internal adapter. It is running NAT. When I attempt to reach the internet it fails while checking the exit interface. Here is the report.
AttributeValueRouter ModelCISCO1921/K9Image Namec1900-universalk9-mz.SPA.151-3.T.binIOS Version15.1(3)THostnameBulldog
Interface Details
AttributeValueInterfaceGigabitEthernet0/1IP address192.168.1.1DescriptionNOC Link Test Activity Summary
[Code].....
View 1 Replies
View Related
Aug 4, 2011
We are currently moving from 1841 (EOL) to 1921/1941 routers. According to the module support doc [URL] this HWIC-1DSU-56K4 card is supported. We have tried both the 1921 and 1941 with the cards without any luck.
IOS Verison: c1900-universalk9-mz.SPA.152-1.T.bin
System Version: 15.0(1r)M9
Boot Error: %MAINBOARD-1-UNKNOWN_WIC: wic card in location 0/1 has an unknown id 0xB
Show Diag:
WIC Slot 1:
DSU 56K
WIC module not supported/disabled in this slot
Hardware revision 1.0 Board revision A0
[code].....
View 1 Replies
View Related
Feb 21, 2012
cant assign cisco switch 3560G port g0/1to access vlan 10
main-switch(config-if)#switchport access vlan 10 Command rejected: Gi0/1 not a switching port.
View 5 Replies
View Related
Nov 29, 2010
I am trying to allow telnet to port 551 but i couldn't get it to work.I am using a cisco 1720 router running on IOS 12.2.I am using the below commands to set the access list to allow access to port 551 using remote telnet to the Cisco router.hostname R1!interface ethernet0ip access-group 102 in!access-list 102 permit tcp any any eq 551.After i enter the above command the router will disconnect me and i will not be able to connect to it for awhile. Once the router is up i am still unable to telnet to port 551.
View 14 Replies
View Related
Oct 5, 2012
We want to puchase new Cisco ISR 1921/K9 . i want to know does it support the following sample IP-SLA commands
ip sla 2icmp-echo 172.16.1.2timeout 500frequency 1ip sla schedule 2 life forever start-time now
track 10 rtr 1 reachability
delay down 1 up 1
!
track 20 rtr 2 reachability
delay down 1 up 1
ip route 0.0.0.0 0.0.0.0 192.168.1.2 track 10ip route 0.0.0.0 0.0.0.0 172.16.1.2 track 20
Im asking above question because we will need to enable ip-sla on the mentioned router. as i read on the cisco webside, it says Cisco-ISR-1921/K9-IP Base support only IP-SLA RESPONDER feature nothing else. If Cisco-921/K9 does not support the above commands , should i go for ordering Cisco-1921-SEC/K9 ?
View 4 Replies
View Related
Feb 12, 2012
I'm trying to get IPSec VPN working onto a new Cisco ASA5505. Pretty standard configuration.Setup:
* Cisco VPN client on Windows 7 (v5.0.07.0290 x64 on Laptop1 and v5.0.07.0440 x64 on Laptop2)
* PPPoE/NAT and internal DHCP on the ASA were configured with the Startup Wizard in ASDM
NATting is working fine - internal PCs get an IP address in the 192.168.2.0/24 range and can all access the Internet.I wanted to be able to connect from anywhere to the ASA in order to reach one of the internal servers. Should be pretty basic.First I tried with the built-in ASDM IPSec Wizard, instructions found here.VPN clients can connect to the ASA, are connected (until they're manually disconnected), but cannot reach the internal network nor the Internet. Note VPN client can connect fine to a different VPN site (not administered by myself). [code]
Unfortunately I'm getting the same "AddRoute failed to add a route with metric of 0: code 160" error message.I'm very confused as this should be a pretty standard setup. I tried to follow the instructions on the Cisco site to the letter...The only "differences" in my setup are an internal network of 192.168.2.0 (with ASA IP address 192.168.2.254) and PPPoE with DHCP instead of no PPPoE at all.
View 5 Replies
View Related
Jan 11, 2013
I have been playing around with a 1921/K9 router in our dev environment. It's been about 24 hours and I just can't seem to get it to work. My DHCP Server is working hence my internal network is getting IP address as desired. But Router doesn't seem to connect to internet for some reason.
I am trying to make it a internet facing router with static IP address (67.210.209.113). LAN side of this router will be our .11 Network which is our Dev Network.
Here is some network information:
WAN:
Interface IP: 67.210.111.111
Default Gateway: 67.210.111.222 (I can ping this address through router)
tlm1921A-11A#ping 67.210.111.222
[Code]......
View 7 Replies
View Related
Mar 17, 2011
We have a VPN setup and here's the configuration on the Cisco ASA 5505: [code] The problem is that i'm able to ping the otherside of the tunnel i.e. 192.168.23.14 from the dmz IP 172.16.1.2 but i'm unable to ping from the hosts behind the ASA.Also the other side is able to ping 172.16.1.2 IP but no IP's behind the ASA.
View 9 Replies
View Related
Feb 28, 2011
I am running ASR1002 with latest XE IOS version asr1000rp1-adventerprisek9.03.02.01.S.151-1.S1.bin configuration bellow
router bgp 65000 bgp router-id 1.1.1.1 bgp log-neighbor-changes timers bgp 5 15 ! address-family ipv4 vrf LABR01-VRF bgp router-id 1.1.1.1 neighbor bgprrclient peer-group neighbor bgprrclient remote-as 65001 neighbor bgprrclient password 7 1234 neighbor bgprrclient update-source Loopback0 neighbor bgprrclient version 4 neighbor bgprrclient route-reflector-client neighbor bgprrclient route-map set_weight in I then tried to create new route-map and get error that match next-hop can not be used on inbound
route-map set_weight permit 10 match ip next-hop prefix-list thirdparty match as-path 1 set weight 1000
LAB-ASR1002(config)#route-map set_weight permit 10LAB-ASR1002(config-route-map)# match ip next-hop prefix-list thirdparty% "set_weight" used as BGP inbound route-map, nexthop match not supported% not supported match will behave as route-map with no match% "set_weight" used as BGP inbound route-map, nexthop match not supported% not supported match will behave as route-map with no match% "set_weight" used as BGP inbound route-map, nexthop match not supported% not supported match will behave as route-map with no match% "set_weight" used as BGP inbound route-map, nexthop match not supported% not supported match will behave as route-map with no match% "set_weight" used as BGP inbound route-map, nexthop match not supported% not supported match will behave as route-map with no match Not sure why Cisco is not supporting a pretty basic feature for BGP route maps.I tried looking into matching other variables but I am unable to get same result as I have same routes on bgp table from multible inbound peers.
I also get this message when configuring tacacs. I looked for "new" cli but no luck:LAB-ASR1002(config)#tacacs-server host 2.2.2.2 This cli will be deprecated soon. Use new server cli
View 1 Replies
View Related
Feb 24, 2012
I have the same 1921 router that I am trying to install at a facility with a Static IP address and Static DNS information to get on the internet and I cannot get the 1921 to access the internet!
Here is my config:
Building configuration...
Current configuration : 4072 bytes
!
! Last configuration change at 09:51:57 Chicago Sun Feb 26 2012 by fbcpekin
! NVRAM config last updated at 09:51:58 Chicago Sun Feb 26 2012 by fbcpekin
[Code]....
View 2 Replies
View Related
Dec 17, 2012
How do I access the router's web gui management? I already enabled the ip http server and ip https commands. I have a username and password configured
I open a browser session with the ip address:URL, But I do not get the management GUI. I haven't used the GUI in many years,
Cisco Systems
Accessing Cisco CISCO1921/K9 "my-router"
Show diagnostic log - display the diagnostic log.
Monitor the router - HTML access to the command line interface at level 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
Show tech-support - display information commonly needed by tech support.
Extended Ping - Send extended ping commands.
View 3 Replies
View Related
