Cisco WAN :: 1921 NAT / Remote Access Configuration
Dec 15, 2011
I have to open several ports from the WAN to LAN on a 1921:
For example:
Say I need port 41795 both UDP and TCP to go from the WAN to the LAN, can some provide me the context I have to follow?
Currently I have this in place
Another piece of this is that the devices that will need to be accessed remotely are on VLAN10 - will that cause a problem?
is installed at a clients home for a very complex Crestron network that included 5 Cisco POE GB switches, 2 VLANS, with VLAN10 utilizing QOS and is the AV network (VLAN1 is the computer network), 8 1142 WAP's, and this 1921.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.12.16 19:52:41 =~=~=~=~=~=~=~=~=~=~=~=show runBuilding configuration...
Current configuration : 3340 bytes!! No configuration change since last restartversion 15.1service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname DHOWE_Router!boot-start-markerboot-end-marker!!enable secret 5 $1$JuTn$zn6CnXIm1bJGgPhtRCfB0.enable password ********!no aaa new-model!!no ipv6 cefip source-routeip cef!!ip dhcp excluded-address 192.168.39.0 192.168.39.49ip
[Code] ........
View 3 Replies
ADVERTISEMENT
Feb 11, 2012
ACS 5.2 , and I can't find document about how to configure remote access vpn authentication in ACS 5.2.
View 6 Replies
View Related
Oct 29, 2012
I have a problem relating to remote access VPN configuration on Cisco ASA 5550 verion 8.2(1). I used Cisco VPN client 5.0.03.0560 with a simple topology : laptop(client) -----( Internet) ------- (IP public) ASA. Now, I can ping from laptop to OUTSIDE Interface on ASA from Internet when I connect from Cisco VPN client to ASA , I was notified log on Cisco VPN client as below: [code]
View 1 Replies
View Related
Feb 20, 2013
I'm using SRP527W router at the moment and there are 10 PCs in the office.First of all, I'm not expert on network administration at all.Anyway, I set up remote access for particular PC and it works good.I made it like this.Add "Port Forwarding Entry" in Network Setup > NAT > Port Forwarding menu.
- Type: Single Port Forwarding
- External Port: 3389
- Internal Port: 3389
- Protocol: TCP and UDP
- IP Address: 192.168.0.20
I need to set up another remote access for another PC (IP: 192.168.0.25).I'm not quite sure I can use 3388 port for remote access.However, I added another "Port Forwarding Entry"
- Type: Single Port Forwarding
- External Port: 3388
- Internal Port: 3388
- Protocol: TCP and UDP
- IP Address: 192.168.0.25
However, it doesn't work.when I tested internal network(use private IP -192.168.0.25:3389), it works fine.But when I tried through the Internet (use public IP 202.171.xxx.xxx:3388), it returns "Remote Desktop can't connect to ...." message.How can I open 3388 port in router administration colsole(Services Ready Platform Configuration Utility)?
View 1 Replies
View Related
Apr 29, 2013
We have dns server(only Internal IP) inside our network, right now we have configured Remote Access VPN using Public IP and we connect it using the same Public IP. I need to use FQDN instead using Public IP.
Device : ASA 5520
Configuration Type : IPSec
View 2 Replies
View Related
Apr 29, 2013
We have dns server(only Internal IP) inside our network, right now we have configured Remote Access VPN using Public IP and we connect it using the same Public IP. I need to use FQDN instead using Public IP. What is the configuration for this.
-Device : ASA 5520
-Configuration Type : IPSec
View 1 Replies
View Related
Oct 26, 2012
I would like to use a Cisco 1921 at my house and create a "Easy VPN Remote" connection to our ASA 5510 at work. Can I use the Easy VPN Client with the base license, or do I need the security license to take advantage of the VPN tunnel?
View 4 Replies
View Related
May 31, 2013
Here is a copy of my cisco 881 easy vpn config. What I need to modify so this will work on a cisco 1921.
hostname BTLvpn
boot-start-markerboot system flash:c870-advipservicesk9-mz.124-11.T3.binboot-end-marker
no logging bufferedenable secret 5 XXXXXX
no aaa new-modelclock timezone EASTERN -5
crypto pki trustpoint TP-self-signed-733417695enrollment selfsignedsubject-name cn=IOS-Self-Signed-Certificate-733417695revocation-check nonersakeypair TP-self-signed-733417695
crypto pki certificate chain TP-self-signed-733417695certificate self-signed 01 30820244 308201AD A0030201(code)
View 9 Replies
View Related
Jan 31, 2011
I'm having a problem when configuring this cisco router 1921 with an ip base software. Accordingly with the Cisco software adviser this software allows to configure the l2tp Client Initiated Tunneling. But configuring the router the commands are not recognized:
Router(config)#pseudo wire-class L2TP_PSEUDO
^
% Invalid input detected at '^' marker.
Router(config)#interface Virtual-PPP1.
View 1 Replies
View Related
May 18, 2011
Since Cisco 2511 is out of sale now and Cisco 1900 series are recommended to replace for the purpose of terminal/comm server. How to configure terminal server on HWIC-8A module?
View 3 Replies
View Related
Dec 15, 2011
I have a Cisco 1921 in place with the security IOS so it is also acting as a firewall.
I am wondering if I can enable the GUI so I can configure it remotely.
View 3 Replies
View Related
Oct 15, 2012
I am attempting to bring up a remote router using a pppoe connection by replacing the current Tenda 308R router with a Cisco 1921 using the Ethernet connection on the WAN side. The connection works fine with the Tenda in place but when I put the Cisco in I get no connection and no answer for my PADI queries.I always get padi timer expired. I do not think it is even getting to the ppp authentication. [code]
View 5 Replies
View Related
Mar 27, 2012
I have recently configured a cisco 1921 router for internal routing on my network. Here is what i am trying to accomplish:
Main network 10.65.1.0 mask 255.255.255.0- all office devies and computers.
Second network 10.65.2.0 mask 255.255.255.0 - All plant equipment machinery and production lines
i have configure gig 0/0 for my company network and gig 0/1 for my plant network. I can ping the router from both networks but am unable to route traffic betwenn them. what am i missing?
View 8 Replies
View Related
Sep 22, 2011
sample configuration for internet failover . i have 2 ISPs with one coming in thought a serial cable and another through internet and would wish one take over after the other has failed .The router is Cisco 1921 .
View 4 Replies
View Related
Apr 28, 2013
I've recently received this new Cisco 1921 routers with Cisco CP loaded, so it comes up with the annoying change username and password at first access. I've removed all of those files from the flash memory, and rebooted it, and it came up with the proper initial configuration dialog, which is what I wanted. But, whenever I configure the router with a set of basic configuration, like interface, routing, and snmp loggings, and hit wr mem, it doesn't display at all when I do "sh run". It's weird cause when I do sh run | sec rip or any other stuff that I have configured, it shows up , but not in sh run at all.
What's the deal with the new routers? Even sh version doesn't show the config-register or memory allocation details.
xxxxx#sh ver
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
Technical Support: [URL]
[Code].....
View 5 Replies
View Related
Feb 24, 2013
We have frame relay T1 circuit at one of our remote site. Which is connected to our core frame relay router which have DS3 circuit.Now we bought second T1 line at remote site and now I have to configure Bounded T1 with Cisco 1921 router.good config example or document on how to configure frame relay bounded T1 ?
View 1 Replies
View Related
May 20, 2012
i'm having some trouble setting up the correct NAT configuration of a Cisco 1921 router. The NAT is not working as I want - I think my configuration is wrong somewhere. All clients in 172.16.0.0/24 have the correct outgoing address of 1.1.1.3. But the NAT for 10.10.0.4 (and 10.10.0.5, 10.10.0.6) is partially broken: Ping and ssh from the outside world to 1.1.1.4 is "natted" to 10.10.0.4 and works as expected. But from inside (172.16.0.0/24) ssh to 1.1.1.4 should be "natted" to 10.10.0.4, but doesn't work (ping works). ssh from 172.16.0.0/24 to 10.10.0.4 (without doing NAT) works.
network design:
===============
172.16.0.0/16: network for normal use
192.168.64.0/24: network for specific clients and servers
[Code].....
View 1 Replies
View Related
Mar 9, 2011
I am try to configure ASA 5510 with 8.3 IOS version.My internal users are 192.168.2.0/24 and i configured dynamic PAT and are all internet .
i want configure identity NAT for remote access VPN.Remote users IP pool is 10.10.10.0 to 10.10.10.10
i know to configure NAT exemption in IOS 7.2 version. But here IOS 8.3 version. configure NAT exemption for 192.168.2.0/24 to my remote pool( 10.10.10.0 to 10.10.10.10).
View 6 Replies
View Related
Jun 19, 2012
This is IOS 15.1(4)M3 on a 1921 router. The LAN is 192.168.42.1/24. (DHCP config is further down.) We have a small range that we want to assign via DHCP to devices; .200 through .220 . At the same time, we have a handful of Macintosh systems to which we want to assign a specific address that is not in that 200-220 range. I don't want to configure the assignment based on the Ethernet MAC addresses because these systems might connect via UTP or wireless; that is to say, they have more than one MAC address. They only ever connect using one interface/MAC address at a time, but it's their choice; in some areas wi-fi is available, and in some areas they have to cable-up.
The Mac OSX network settings has a field for "DHCP Client ID". It would be much easier to tell the users of these systems to put their Mac's name in the Client ID field for both their wired and wireless DHCP configs. (As opposed to having them all lookup, and then give me their Ethernet MAC addresses for both of their interfaces.) I tried this with my Mac's (named "shrike") wi-fi interface, but I don't get the 192.168.42.14 address that I expected. I get an address from the .200 to .220 range.
Here's the DHCP-related config from the router:
router#sh run | s dhcp
ip dhcp excluded-address 192.168.42.1 192.168.42.199
ip dhcp excluded-address 192.168.42.221 192.168.42.254
ip dhcp pool OurOffice
network 192.168.42.0 255.255.255.0
[code]....
Is "client-name" the wrong place to configure the DHCP Client ID?
View 3 Replies
View Related
Oct 5, 2012
We want to puchase new Cisco ISR 1921/K9 . i want to know does it support the following sample IP-SLA commands
ip sla 2icmp-echo 172.16.1.2timeout 500frequency 1ip sla schedule 2 life forever start-time now
track 10 rtr 1 reachability
delay down 1 up 1
!
track 20 rtr 2 reachability
delay down 1 up 1
ip route 0.0.0.0 0.0.0.0 192.168.1.2 track 10ip route 0.0.0.0 0.0.0.0 172.16.1.2 track 20
Im asking above question because we will need to enable ip-sla on the mentioned router. as i read on the cisco webside, it says Cisco-ISR-1921/K9-IP Base support only IP-SLA RESPONDER feature nothing else. If Cisco-921/K9 does not support the above commands , should i go for ordering Cisco-1921-SEC/K9 ?
View 4 Replies
View Related
Jan 11, 2013
I have been playing around with a 1921/K9 router in our dev environment. It's been about 24 hours and I just can't seem to get it to work. My DHCP Server is working hence my internal network is getting IP address as desired. But Router doesn't seem to connect to internet for some reason.
I am trying to make it a internet facing router with static IP address (67.210.209.113). LAN side of this router will be our .11 Network which is our Dev Network.
Here is some network information:
WAN:
Interface IP: 67.210.111.111
Default Gateway: 67.210.111.222 (I can ping this address through router)
tlm1921A-11A#ping 67.210.111.222
[Code]......
View 7 Replies
View Related
Feb 24, 2012
I have the same 1921 router that I am trying to install at a facility with a Static IP address and Static DNS information to get on the internet and I cannot get the 1921 to access the internet!
Here is my config:
Building configuration...
Current configuration : 4072 bytes
!
! Last configuration change at 09:51:57 Chicago Sun Feb 26 2012 by fbcpekin
! NVRAM config last updated at 09:51:58 Chicago Sun Feb 26 2012 by fbcpekin
[Code]....
View 2 Replies
View Related
Dec 17, 2012
How do I access the router's web gui management? I already enabled the ip http server and ip https commands. I have a username and password configured
I open a browser session with the ip address:URL, But I do not get the management GUI. I haven't used the GUI in many years,
Cisco Systems
Accessing Cisco CISCO1921/K9 "my-router"
Show diagnostic log - display the diagnostic log.
Monitor the router - HTML access to the command line interface at level 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
Show tech-support - display information commonly needed by tech support.
Extended Ping - Send extended ping commands.
View 3 Replies
View Related
Jun 5, 2011
we use the Cisco VPN-Client to connect to our CISCO1921 Router and want to go out again on the same interface to the internet. We configured the connection with the IOS scurity package, have no split tunneling - so the client is forced with it's default gateway to our router - we also have pushed our local dns-server to the client and he gets dns results. Now I think we have to got out with some kind of NAT, because our client has a private IP from the IPSec Client pool. At the moment we have no NAT inside/outside, bacause we only use official IP addres in- and ouside (data-room usage).
- Is it possible to get the NAT function going in and out on the same interface with crypto_map IPSec user comming in and going out to the internet ?
- Is it more secure to configure this with vrf ?
- Has some a link to example configurations for this ?
View 4 Replies
View Related
Oct 31, 2011
i cant resolve one problem in may 1921 isr router, i have a web server in my internal lan , i set up static nat for accessing that web server from outside and it woks fine but i cannot view that site from internal workstations can you suggest me what to do. as i know when request gets to router it performs static nat and sends packet to the web server, but the server responds with its private source address instead the public address witch workstation expects and connection cannot established.
View 3 Replies
View Related
Aug 16, 2011
I have VPDN running on our Cisco 1921 router running 15.2(1)T. Previously I was using Cisco 2801 router running 12.4(24)T4. I copied the config from the 2801 to the new 1921 router before replacing the router but now the VPDN isn't working.
Basically the users can connect and authenticate to the VPDN, but once they get the IP 192.168.12.10-20 IP, they can't access the internal servers (i.e. 192.168.12.120).
Is there any bug in the 15.2(1)T relating to VPDN?
Here's the VPDN section of the config:
vpdn-group TESTVPDN
! Default PPTP VPDN group
accept-dialin
[Code].....
View 5 Replies
View Related
May 1, 2011
Have cisco router 1921 and 3 cisco switch 3560G i want to configure the cisco router so as network 192.168.4.0/26,192.168.3.0/26,192.168.2.0/26, all to access internet R1921(config)# ip nat inside source list 102 int G0/0 overloadR1921(config)# access-list 102 permit ip ?
I am right to do this below?
R1921(config)# ip route 192.168.4.0/26 10.10.10.2R1921(config)# ip route 192.168.3.0/26 10.10.10.2R1921(config)# ip route 192.168.2.0/26 10.10.10.2
assist on access-list and ip route?
View 20 Replies
View Related
Feb 6, 2013
I've been trying to set up my new Cisco 1921 Router to provide internet access to my local network but with no success. I've been reading guides and looking at videos and I have to be missing something becaouse I can't access internet (ping/tracert) from my local network.
The DHCP server works fine and the clients on my local network gets ip-adresses from the router but can't ping or tracert outside the local network.
[code]....
View 2 Replies
View Related
Apr 16, 2012
City A is the data center with 2 WLC (CT2504-K9) and a number of AP. City B is a branch with MPLS between A and B. Right now the APs at City B has joined the controller. Users at B is getting ip's assigned from DHCP at City A. How do I configure the WLC so users can get ip's assigned from DHCP server present at B. Option 43 is enabled.
View 2 Replies
View Related
Nov 9, 2011
The day before yesterday, I bought the dir-615.
I had set an admin password and user's password. It was not same password. In this setting, there was no problem. Sure, no problem at connect from private IP, internet IP or just reboot and anywhere. The problem is the next.
If you got an electronic timer-switch and apply the DIR-615 then you cannot obtain an admin privilege from a remote. It just general user's permission even if I put the admin password.
I have been DIr-615 E4 hardware and 5.10 firmware. It does not happens at local IP address(i.e. 192.168.0.1) but it happen as trying connect from a remote IP address after AC plug re-powered.
I am doing use the AC timer for the remote internet managing at every day. It useful things for the router and IP camera. I need a admin privilege from a internet for the router managing.
View 16 Replies
View Related
Mar 17, 2011
I have DHCP server running in windows 2003. Presently its unable to provide Ip address for VPN clients who connect remotely. What I should do / reconfigure in DHCP, so that the DHCP server provides address for VPN clients.
View 4 Replies
View Related
Aug 22, 2011
We have an RVS4000 router at two ends of a VPN tunnel. The VPN tunnel is working fine, however a phone at the remote site drops calls, even though they sound clear and unblemished. I have set highest priority on the port the phone is hooked up to at the remote site, and have set a priority for upload traffic on both routers, but the phone stills drops calls after 2 to 3 minutes.
View 3 Replies
View Related
May 7, 2012
I have created remote access vpn in my ASA 5505. The tunnel is established but i am not able to access the internal network.
View 3 Replies
View Related
