Cisco WAN :: 1921 - Disable DNS Doctoring
Apr 26, 2011
How can i disable dns doctoring on my Cisco 1921 router? Even if i use an external DNS my router facilitates me when i try to resolv addresses that are accessible externally and NATed through my router to the appropriate host. The router looks at its own NAT table and sees the IP i am trying to access and sends me right to the local IP. In my situation this is not good and i would like to disable this feature so that i can take the "outside" to this website.
View 5 Replies
ADVERTISEMENT
Aug 1, 2012
I am looking to simply monitor Port-Security , Error-Disable and HSRP. I would like to receive an email when any of these are triggered.
Port Security - Port Is shut down
Err-Disable - Port goes into err-disable state (securedown)
HSRP - When HSRP standyby changes are detected
I need to receive emails with any of the able are triggered. What is the easiest way to do this? I know SNMP is the main option but I have never worked with SNMP and dont understand it too much.
Equipment:
2x Cisco 1921 series routers
3x Cisco 2960 POE switches stacked
View 1 Replies
View Related
May 28, 2013
I have email server which has private IP address 192.168.50.10 and Public IP 87.39.240.239.From inside I can ping 192.168.50.10 but can not ping 87.39.240.239.But from internet I can ping 87.39.240.239 and can access email server.
I have allowed "permit ip any any" on inside and outside interface for testing. I have below entries
static (inside,outside) 87.39.240.238 192.168.50.10 netmask 255.255.255.255 dns
static (inside,inside) 87.39.240.238 192.168.50.10 netmask 255.255.255.255 dns
I removed dns key word and test it, still not working from outside email server is working fine.
How I can access email server via public IP address.( Internal DNS server is configured for email url with Public IP address 87.39.240.239)?
View 2 Replies
View Related
Oct 5, 2012
We want to puchase new Cisco ISR 1921/K9 . i want to know does it support the following sample IP-SLA commands
ip sla 2icmp-echo 172.16.1.2timeout 500frequency 1ip sla schedule 2 life forever start-time now
track 10 rtr 1 reachability
delay down 1 up 1
!
track 20 rtr 2 reachability
delay down 1 up 1
ip route 0.0.0.0 0.0.0.0 192.168.1.2 track 10ip route 0.0.0.0 0.0.0.0 172.16.1.2 track 20
Im asking above question because we will need to enable ip-sla on the mentioned router. as i read on the cisco webside, it says Cisco-ISR-1921/K9-IP Base support only IP-SLA RESPONDER feature nothing else. If Cisco-921/K9 does not support the above commands , should i go for ordering Cisco-1921-SEC/K9 ?
View 4 Replies
View Related
Oct 27, 2011
We are a small business that just bought a Cisco 1921 ISR. I am trying to set it up right now but I cannot get CCP to discover it. I am new to Cisco products and IOS.The router is currently set up in a test environment with a USB connection to a Win7 PC for console management. I also have the PC connected to gigabit ethernet port 0/1. I am using putty to access the console which I did with no problem for the initial configuration. After that I thought I would be okay to discover the router with CCP using the IP address I specified but then it prompted me for a username/password which I didn't see in the initial configuration. After this I did some research and found out I needed to set up a few more things so I ran the following commands: [code]
After this the video I was watching said to go in to CCP and specify the IP address or hostname of the router and use the login info that was just created admin/pw. When I ran the discovery I got the failure message: Connection to the device could not be established. Either the device is not eachable or the HTTP service is not enabled.When I run 'show ip interface' I notice 'Router Discovery disabled" is this why it is not working? How can I enable this or what else am I missing here? Am I not connecting to the router correctly? Oh and just for reference our plan is to have this router set up as a VPN gateway and firewall with 2 WANs for redundancy and connecting to our switch via an HWIC SFP for fiber.
View 14 Replies
View Related
May 18, 2011
I have installed a Cisco 1921 router in our company and i have stumbled upon an issue with the DNS.
We have a internal DNS server and an internal WEB server. In the DNS server there are records pointing to sites on the WEB server, this is working just fine.
The thing is when i use a public DNS such as 8.8.8.8 (googles public DNS) i cannot resolv the external IP of those sites. I do not want to access the sites and i do not want to send any packets to the sites. All i want is to query the public DNS and resolv the public IP where the site is.
View 1 Replies
View Related
Jul 3, 2012
where can i find this ios for free CISCO1921-SEC/K9 ?
View 4 Replies
View Related
Jan 11, 2013
I have been playing around with a 1921/K9 router in our dev environment. It's been about 24 hours and I just can't seem to get it to work. My DHCP Server is working hence my internal network is getting IP address as desired. But Router doesn't seem to connect to internet for some reason.
I am trying to make it a internet facing router with static IP address (67.210.209.113). LAN side of this router will be our .11 Network which is our Dev Network.
Here is some network information:
WAN:
Interface IP: 67.210.111.111
Default Gateway: 67.210.111.222 (I can ping this address through router)
tlm1921A-11A#ping 67.210.111.222
[Code]......
View 7 Replies
View Related
Mar 31, 2013
Any issues upgrading the IOS on a 921 router.How can i create a certificate for the new IOS? I've never had to do this for other IOS 15 upgrade?I've confirmed the IOS is not corrupt and if i upgrade the router in ROMMON the router boots correctly.
View 1 Replies
View Related
Sep 6, 2011
I have purchased a PAK for my 2 cisco 1921 routers .I would like to to configure IP SEC or SSL for VPN connectivity on the routers. How do i convert the PAK into a license?
View 1 Replies
View Related
May 3, 2013
I am really stuck with router requirement for one of our client. I need 891 SEC router. I think this comes with advanced IP services. What I have is 1921, with IP Base. can I upgrade 1921, so it will become alternative to 891 SEC.
View 1 Replies
View Related
Feb 23, 2011
I'm attempting to set up a Cisco 1921 router running IOS15, and am having trouble with the NAT - it might be that what I am attempting is not possible. The only traffic going across the router is UDP, and the outside of the network canot be changed.
View 1 Replies
View Related
Nov 28, 2012
I am trying to get the Cisco 1921 to route between 2 LANs. I can ping from the router itself, but cannot ping across either, is there something I am doing wrong here:
version 15.1
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
[code]....
View 10 Replies
View Related
Oct 25, 2012
I am fairly new to Cisco, but am trying to configure a 1921 router to give higher priority to SIP/VoIP traffic (Port 5060) than everything else.The connection is only 4Mb and is getting hit hard by video streaming, I don't want to block this, just make a lower priority.Any ideas where I am going wrong?My current config is as below.The IP addresses have been changed for security reasons, but in reality are both in the same range, i.e. are both external IPs, so I am not sure if this is causing the problem. Do I need NAT for QoS to work?
View 6 Replies
View Related
May 12, 2013
how install a .lic file onto the new Cisco ISR G2 1921?
I know how to install via tftp, however I need to know how to install from USB.
View 4 Replies
View Related
Apr 9, 2012
I asked this in the LAN forum but I don't think people understood what I was asking. I want to know if I can route VLAN's across my T1 point to point connection using 1921 routers. I currently have AdTran 3205's and although I found info on the internet saying you can make them do this I could not after many hours of trying. I also found this article: [URL] that also seems to say I can do what I want but I just want to verify.
We have two main locations currently connected by a point to point T1 (1.54Mbps) through the AdTran 3205's. We are running out of IP addresses as we just have a single subnet on each end. I want to move to a VLAN setup for a couple reasons including security and QoS for our voice system. Each location has it's own dedicated internet and proxy server. Here is my planned layout:
ISP 1 ISP 2 | | | | | | | 10.0.0.0/30 | Layer-3 Switch 1 -- 1921-1 ---------- 1921-2 -- Layer-3 Switch 2 | | | .1 .2 | | | | VLAN 20 | | VLAN 20 | | 10.1.20.0/24 | | 10.2.20.0/24 | | | | | VLAN 10 VLAN 30 VLAN 10 VLAN 3010.1.10.0/24 10.1.30.0/24 10.2.10.0/24 10.2.30.0/24 Building #1 Building #2
Can I do this with the 1921s? Is there a better design for what I want to accomplish (seperate our users, servers, and phones onto seperate VLAN's)?
View 6 Replies
View Related
Aug 8, 2011
We have Cisco 1921 router with two ADSL connections on it. both ADSL public ip address working fine, they both send and receive packets. we can ping both ADSL public ip from inside but
we cannot ping both ADSL ip from outside it is some times with one ip and some times with another ip.
View 12 Replies
View Related
Apr 18, 2012
I have cisco router model 1921 , how can i terminate my existing pppoe connection to 1921, so that my other LAN users can use internet.
1- One cable (RJ45) which is comming from ONT has connected with Integrated WAN Port on router.
2- One cable (RJ45) which going to my LAN switch has connected with Integrated LAN Port on router.
Now i need to configure my router, so that i can give internet access to my LAN users. I red cisco's guides but not clear regarding configurations, because in guides they use modules to configure pppoe. But i am not using any module, i am simply connecting one cable for WAN and one for LAN.
View 1 Replies
View Related
Jul 7, 2011
I have a Cisco 1921 and it has 2 VPN IP-sec site-to-site tunnels up and running. Lets say the tunnels goes from the Cisco to Site A and Site B.
Now i want Site A to reach Site B through the existing tunnels. I'm guessing that static routes maybe the answer but i cant seem to get it working.
The LAN networks is as follows:
Cisco: 192.168.15.0/24Site A: 192.168.0.0/24Site B: 10.27.27.0/24
At Site A i have set up a static route as follows:
Traffic destined for 10.27.27.0/24 Go to gateway 192.168.15.1 (the default gateway of Cisco LAN)
At Site B i have set up a static route as follows:
Traffic destined for 192.168.0.0/24 Go to gateway 192.168.15.1 (the default gateway of Cisco LAN)
View 9 Replies
View Related
Jul 9, 2011
I can telnet to the router and ping places on the inside and outside. However when I connect a laptop to the inside interface I can ping to the outside for a bit but can't open a web page and then connectivity is gone all together. At first I thought it was a NAT issue but I know I am good on that front. I have attempted to change the speeds and duplex settings on the outside interface but it does not seem to work. Again if I take the cable from the outside interface and plug it into a laptop it works fine. The thing that makes me wonder is why can I connect to the outside interface and configure it just fine?
View 4 Replies
View Related
Aug 8, 2012
I am looking to transfer 3 VLANS (10, 20, and 30) over a T1 point to point using Cisco 1921 routers. I do not want to "Bridge" the connection, one location has a 10.1.0.0/16 subnet and the other location has a 10.2.0.0/16 subnet because we don't want to saturate the already slow link.
I tried the instructions here: [URL] With these routers couldn't I create the three VLAN's then tell the GigabitEthernet0/0 interface it's a trunk port? Or do I setup sub interfaces (.10, .20, and .30) for each vlan? I've tried all of the above and I can't get it to work. I can directly plug into the router and ping the other router on the other side of the T1 but I can get the info coming from my Dell PowerConnect 6248 (plugged into a trunk port) to go through to the router which is why I think it's a vlan issue.
View 17 Replies
View Related
Apr 30, 2013
I just purchased Comcast Fiber EDI service. Comcast delivers this service on a /30 network and a /27 network. The customer (me) has to route the /27 network through the /30 network .
Here’s an example of the IP’s they gave me:
10.202.187.128/30 Sub net Mask: 255.255.255.252 Gateway: (.129) Customer Layer 3 (.130 10.202.187.160/27 255.255.255.224
I have a Cisco 1921 router with 2 on board Gigabit Ethernet interfaces. Would I be correct if I put 10.202.187.130 on GigabitEthernet0/1 and 10.202.187.161 on GigabitEthernet0/0 and then do a static route 0.0.0.0 0.0.0.0 10.202.187.130 ?
Obviously I have very little Cisco router knowledge and I’m doing this with the Cisco Configuration Professional software.
View 1 Replies
View Related
May 31, 2013
Here is a copy of my cisco 881 easy vpn config. What I need to modify so this will work on a cisco 1921.
hostname BTLvpn
boot-start-markerboot system flash:c870-advipservicesk9-mz.124-11.T3.binboot-end-marker
no logging bufferedenable secret 5 XXXXXX
no aaa new-modelclock timezone EASTERN -5
crypto pki trustpoint TP-self-signed-733417695enrollment selfsignedsubject-name cn=IOS-Self-Signed-Certificate-733417695revocation-check nonersakeypair TP-self-signed-733417695
crypto pki certificate chain TP-self-signed-733417695certificate self-signed 01 30820244 308201AD A0030201(code)
View 9 Replies
View Related
Dec 11, 2012
I purchased several 1921 routers and the last two I setup get the following error during bootup:
%SYS-6-READ_BOOTFILE_FAIL: tftp://255.255.255.255/1:aaa1386.bin No usable interfaces.
%SYS-6-BOOT_MESSAGES: Messages above this line are from the boot loader.
%MAINBOARD_GE-3-SHUTDOWN: FPA PKT pool holding 512 particles.boot of "1:aaa1386.
bin" using boot helper "usbflash0:c1900-universalk9-mz.SPA.151-4.M4.bin" failed
error returned: No usable interfaces
loadprog: error - on file open
boot: cannot load "1:aaa1386.bin"
The router moves on and eventually comes up fine and is operational. What this error is an if I can get rid of it?
View 5 Replies
View Related
Feb 6, 2013
So I can fail over my NAT and IPSEC VPN (DPD). I am curious can I load balance my WAN links too?
I have a route map that is used for fail over, I just can't quite think how I would load balance the links
ip nat inside source route-map 10mb interface GigabitEthernet0/1 overload
ip nat inside source route-map efm interface Vlan3 overload
ip route 0.0.0.0 0.0.0.0 213.38.xx.xx
ip route 0.0.0.0 0.0.0.0 46.226.xx.xx 10
access-list 175 deny ip 172.16.20.0 0.0.0.255 172.31.114.0 0.0.0.255
[code]....
View 2 Replies
View Related
Mar 3, 2013
I have an 1921 that I use for L2TPv3 tunnel connection with 2 sides. I need to add others 2 sides and I thought to add an EHWIC-4ESG on my router. Can I configure different xconnections with this module? I would like to configure my router as below: [code]
View 1 Replies
View Related
Jun 4, 2012
I wish to use a 1921/k9 as a router on a stick. Inside interface interconnects up to 9 VLAN, and performs the routing. Does the 1921/k9 supports trunking and VLANs (I think it should support 16 VLAN, but I am not shure) or I should choose 1921-SEC-k9? Routing performance is the same both on 1921/k9 and 1921-SEC-k9? (I think I'll use static routes or RIP, it is not a large network)
View 1 Replies
View Related
Mar 6, 2013
I have a Cisco 1921 which has a IPSec connection to the outside, but despite this, it seems the hw accelerator module is not used because the stats are all zeros (see below). Also, I can see that the module is enabled ( using show crypto engine brief ), but the connection are router to the sw module ( using show crypto engine connections flow )
gw#show crypto engine accelerator statistic
Device: Onboard VPN
Location: Onboard: 0
:Statistics for encryption device since the last clear
[Code].....
View 8 Replies
View Related
Oct 5, 2012
We want to puchase new Cisco ISR 1921/K9 . i want to know does it support the following sample IP-SLA commands
ip sla 2icmp-echo 172.16.1.2timeout 500frequency 1ip sla schedule 2 life forever start-time now
track 10 rtr 1 reachability
delay down 1 up 1
!
track 20 rtr 2 reachability
delay down 1 up 1
ip route 0.0.0.0 0.0.0.0 192.168.1.2 track 10ip route 0.0.0.0 0.0.0.0 172.16.1.2 track 20
Im asking above question because we will need to enable ip-sla on the mentioned router. as i read on the cisco webside, it says Cisco-ISR-1921/K9-IP Base support only IP-SLA RESPONDER feature nothing else.If Cisco-1921/K9 does not support the above commands , should i go for ordering Cisco-1921-SEC/K9 ?
View 2 Replies
View Related
Jan 29, 2012
I have a Cisco 1921 router and it uses 99% of CPU and i cant seem to spot wich process that is taking up the cpu. I have an interface with several sub-interfaces and i am moving data between two of those subnets, i tried the "ip route-cache same-interface"-command on giga bit ethernet 0/1 with all the sub-interfaces like gigabitethernet 0/1.18 and so on. That did not work.
View 1 Replies
View Related
Jan 31, 2011
I'm having a problem when configuring this cisco router 1921 with an ip base software. Accordingly with the Cisco software adviser this software allows to configure the l2tp Client Initiated Tunneling. But configuring the router the commands are not recognized:
Router(config)#pseudo wire-class L2TP_PSEUDO
^
% Invalid input detected at '^' marker.
Router(config)#interface Virtual-PPP1.
View 1 Replies
View Related
May 18, 2011
Since Cisco 2511 is out of sale now and Cisco 1900 series are recommended to replace for the purpose of terminal/comm server. How to configure terminal server on HWIC-8A module?
View 3 Replies
View Related
Feb 18, 2012
The router passes the Interface test for the WAN port in CCP but it still we cannot access the internet. Here is my configuration:
Building configuration...
Current configuration : 3663 bytes
!
! Last configuration change at 09:29:52 Chicago Mon Feb 20 2012 by fbcpekin
version 15.1
[Code].......
View 5 Replies
View Related