Cisco WAN :: 1941 ADSL Fail Over To 3G HWIC With IPSEC VPN
Jul 23, 2012
The setup is a S2S VPN with failover to 3G HWIC in a Cisco 1941 however the IPSEC tunnel needs to remain up through 3G if ADSL fails.The failover works ok, however when plugging ADSL back in, the - "sh crypto session" shows both dialer 0, and dialer 1 with the crypto map session to the other side of the VPN and either side is now not pingable.The NoIP DDNS updater client runs on a server in the network and all IP resolution to host1,host2 works ok (other side of VPN is Cisco 1921 with ADSL HWIC and 3G HWIC). [code]
View 5 Replies
ADVERTISEMENT
Aug 24, 2012
i have a problem with my adsl line connected on a HWIC-ADSL on router 2901 it was working good until yesterday the atm interface is down but the interface dialer is up .i connected this line into home adsl modem and the line is working good?
View 2 Replies
View Related
Feb 26, 2013
I want to know if I can plug a HWIC-1F on a cisco 1941 router without shut it down?
View 1 Replies
View Related
Aug 4, 2011
We are currently moving from 1841 (EOL) to 1921/1941 routers. According to the module support doc [URL] this HWIC-1DSU-56K4 card is supported. We have tried both the 1921 and 1941 with the cards without any luck.
IOS Verison: c1900-universalk9-mz.SPA.152-1.T.bin
System Version: 15.0(1r)M9
Boot Error: %MAINBOARD-1-UNKNOWN_WIC: wic card in location 0/1 has an unknown id 0xB
Show Diag:
WIC Slot 1:
DSU 56K
WIC module not supported/disabled in this slot
Hardware revision 1.0 Board revision A0
[code].....
View 1 Replies
View Related
May 27, 2012
I have configured eigrp routing on cisco 1941 ISR with two interfaces advertised. However i can not ping the router interface on g 0/0 but can ping the device and computers attached to that network. When i ping from the same network i'm able to ping the interface but not from anyway else. i can also ping the other devices on other network from g 0/0 attached hosts. How can i enable ping to this interface so that i start monitoring the network?
Below i have attached the network configurations for the router;
!boot-start-markerboot-end-marker!!enable secret 5 xxxxxxxxxxx!no aaa new-model!no ipv6 cefip source-routeip cef!!!!!multilink bundle-name authenticated!crypto pki token default removal timeout 0!!license udi pid
[Code].....
View 3 Replies
View Related
May 10, 2011
I have a CISCO 1841 with a HWIC interface to my ISP. I want to make a ADSL connection and my current running-file is: [code] The problem I have is that the ISP connection is established but then goes down.
View 1 Replies
View Related
Jan 3, 2013
I have 2 routers on 1 the internet work fine on the other the internet not work and I see this when I start diagnostic "Testing ADSL Synchronization---fail"
View 4 Replies
View Related
May 3, 2013
I m getting the below debug log and can not get IP from my ISP. It is static IP address and there is modem in bridge mode for the adsl line.
Below Conf and debug out put,interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
end
[Code]....
View 3 Replies
View Related
May 23, 2011
I am trying to configure a Cisco ASA 5505 for Remote Clients.I am using ASDM interface and used the startup and ipsec wizards for my configuration but im hitting a stumbling block.For the last 2 days i have tried a number of configuration changes in attempt to make this work but failed, so i have done a factory reset and gone through the wizards again, so i have a clean configuration. Currently i have a Static Public IP Address 81.137.x.x and i am using a Netgear ADSL router, which is forwarding VPN traffic (UDP 500) to 192.168.171.35 (the wan port on the ASA 5505).The Cisco ASA has a default address of 192.168.1.1 I am using Cisco Client 5.0.06.0160.I have configured the client to use Group Authentication with the same credentials as setup through the wizard and im using Transparent Tunneling IPSec over UDP.I have attached 2 documents running_config.txt - which is shows the current ASA configuration Log-View.txt - showing error messages displayed in the real-time log viewer when i try to connect from the remote client.Im not sure whether i need to do any additional configurations for my setup other than simply run the wizards.
View 3 Replies
View Related
Jan 17, 2013
I need to unlock IPSec to my 1941 router but I'm not sure which license(s) to purchase.
View 1 Replies
View Related
Aug 26, 2012
I am trying to set up a pair of 1941 routers in a HA configuration to act as L2L VPN gateways. The active router of the pair should distribute routes to the remote destinations using OSPF to internal routers. The VPN part is working fine and the routers are correctly advertising routes to internal hosts, however my problem is that when an IPsec sessions disconnect, the routes disappear and therefore internal hosts cannot reestablish a connection. If the remote end establishes a connection, the routes appear again and connectivity is restored.
My setup is as follows: (ASA) --> (pvpn01 & pvpn02 HA pair) --> (internet) --> (remote peer)
The other router in the pair has exactly the same config except with different interface IPs. The remote end is configured to talk to the HA address
91.216.255.248.The VPN routers are both running IOS version 15.0(1r)M9.
When I initially boot the routers, the route for 192.168.66.0/24 appears in 'show crypto route', and is advertised to neighboring routers. If I ping an address on that network an SA is established and stays active as long as there is traffic flowing. pvpn02#show crypto route
If I then stop traffic flowing over the tunnel and wait until the IPsec SA lifetime is expired, the route is deleted from the system routing table and therefore not distributed by OSPF. The result is that internal hosts cannot reestablish the tunnel as the other routers have no route to the 192.168.66.0/24 network.
Is this a bug, or is there another way to get the RRI routes to persist on the active router?
View 2 Replies
View Related
May 17, 2011
I'm trying to configure a Cisco 1941 to connect to multiple Amazon VPC instances. Each VPC instance brings up 2 x IPsec over GRE tunnels with BGP in to the EC2 cloud and enables flat extension of the corporate LAN. Basically. you can spin up EC2 instances in a private subnet and route to them across the VPC link from the corporate LAN.
The Amazon configuration is templated and not designed to support multiple instances on one customer access gateway - however, I want to overcome this and find a technical solution around bringing up a second physical router. I've got VRF configured and working for the first instance, but when we add a second VRF to the configuration IPsec fails. The second VRF is essentially identical to the first.
We're potentially looking at a licensing issue with IOS 15.x, the version we're running is...
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
data None None None
[Code]....
However, the IPsec configuration is complete and all keychains etc. are in place as they should be.
View 13 Replies
View Related
Oct 10, 2012
I did purchase a router 1941 universal k9 but i can not do ipsec on it, i took a smart net for that router in order to have or download ipsec on it.
View 1 Replies
View Related
Oct 10, 2012
I did have a router cisco 1941 but can not do ipsec with it,i did take a smart net.
View 3 Replies
View Related
Mar 7, 2013
I have an IPSec tunnel configured on my Cisco 1941. The other device is an ZyXEL router.I can see the tunnel is up but there is no traffic.This comes out the show crypto ipsec sa
interface: Dialer1
Crypto map tag: CMAP_AVW, local addr 10.10.10.89
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.200.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.150.0/255.255.255.0/0/0)
current_peer 20.20.20.161 port 500
[code]....
View 3 Replies
View Related
Apr 9, 2013
I'm trying to set up an IPSec tunnel between 2 3845 routers that each sit in a private LAN behind an ADSL modem. Each modem does have a static public IP address from the ISP.
Thus:
Cisco 3845-1 <-> ADSL modem <-> WAN <-> ADSL modem <-> Cisco 3845-2
3845-1
Gi 0/0 - private ip
l
NAT
[code]....
So I would like to set up IPSEC between the GI 0/0 interfaces on the 3845's.
View 1 Replies
View Related
Jun 18, 2012
We have an ASA5520 configured with a IPSec VPN, from any ADSL home/office our VPN clients can connect without any problem, but when we use our cellular phones in tetering mode (as an accesspoint) our VPN clients are impossible to connect. Same machines,same software, same operating system, same remote IP (ASA5520 external IP) only change Wifi connection (ADSL to cellular phone). The signal of cellular phones is not the problem we was doing the tests with different phones (IPHONE & ANDROID), different locations (all in spain) and differents providers (vodafone, orange and movistar) of internet by cellular phone.We think that perhaps the problem is the licenses that our ASA5520 has..
Our ASA5520 comes with this licenses:
------------------------------------------------------------------------------------------
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 150 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
[code]....
View 8 Replies
View Related
Nov 4, 2011
I need to create multiple ip-sec vpn tunnels on A Cisco 837 ADSL Router. I am able to create one tunnel but the second connection is asking for the outside interface which is atm and already taken by the first tunnel. How can i create more tunnels?
Secondly, after creating the first tunnel i am able to access the remote lan network but when i tried tracert "remote lan ip of a pc" from my pc i got "request timed out" after passing my 837 but succeeded to reach the target. Does tracert needs something to be opened in the router?
View 2 Replies
View Related
Sep 12, 2012
We have two ASA 5500 series Firewalls running 8.4(1). One in New York, another in Atlanta.They are configured identically for simple IPSecV1 remote access for clients. Authentication is performed by an Radius server local to each site.
There are multiple IPSec Site-to-Site tunnels on these ASA's as well but those are not affected by the issues we're having.First, let me start with the famous last words, NOTHING WAS CHANGED.
All of a sudden, we were getting reports of remote users to the Atlanta ASA timing out when trying to bring up the tunnel. They would get prompted for their ID/Password, then nothing until it times out.Sames users going to the NY ASA are fine.After extensive troubleshooting, here is what I've discovered. Remote clients will authenticate fine to the Atlanta Firewall ONLY IF THEY ARE USING A WIRED CONNECTION.
If they are using the wireless adapter for their client machine, they will get stuck trying to login to Atlanta.These same clients will get into the New York ASA with no problems using wired or wireless connections.Windows 7 clients use the Shrewsoft VPN client and Mac clients use the Cisco VPN client. They BOTH BEHAVE the same way and fail to connect to the Atlanta ASA if they use their wireless adapter to initiate the connection.
Using myself as an example.
1. On my home Win 7 laptop using wireless, I can connect to the NY ASA with no issues.
2. The same creditials USED to work for Atlanta as well but have now stopped working. I get stuck until it times out.
3. I run a wire from my laptop to the FiOS router, then try again using the same credentials to Atlanta and I get RIGHT IN.
This makes absolutely no sense to me. Why would the far end of the cloud care if I have a wired or wireless network adapter? I should just be an IP address right? Again, this is beyond my scope of knowledge.We've rebuilt and moved the Radius server to another host in Atlanta in our attempts to troubleshoot to no avail. We've also rebooted the Atlanta Firewall and nothing changed.
We've tried all sorts of remote client combinations. Wireless Internet access points from different carriers (Clear, Verizon, Sprint) all exhibit the same behavior. Once I plug the laptops into a wired connection, BAM, they work connecting to Atlanta. The New York ASA is fine for wired and wireless connections. Same with some other remote office locations that we have.
Below I've detailed the syslog sequence on the Atlanta ASA for both a working wired remote connection and a failed wireless connection. At first we thought the AAA/Radius server was rejecting us but is shows the same reject message for the working connection. Again, both MAC and Windows clients show the same sequence.Where the connection fails is the "IKE Phase 1" process.
-------------------------------------------------------------------------------------------------------------------------
WORKING CONNECTION
-------------------------------------------------------------------------------------------------------------------------
%ASA-6-713172: Automatic NAT Detection Status: Remote end is|is not behind a NAT device This end is|is not behind a NAT device
NAT-Traversal auto-detected NAT.
%ASA-6-113004: AAA user aaa_type Successful: server = server_IP_address, User = user
%ASA-6-113005: AAA user authentication Rejected: reason = string: server = server_IP_address, User = user
[code]...
View 1 Replies
View Related
Jul 12, 2012
I am trying to set up a site to site ipsec connection. AT site A, I have Vlan's 652-10.55.216.0/24, Vlan653 -10.55.217.0/24, Vlan 654-10.55.217.0/24 and Vlan655-10.55.219.0/24 and at site B, Vlan650-10.55.214.0/24 and Vlan651-10.55.215.0/24.The problem is that I am unable to get any associations when i do a "sh crypto isakmp sa"/"sh crypto ipsec sa" on either router at each site.I am also unable to ping by pluging in a laptop into the site at each site. Laptop at site A is set to access vlan 655 and laptop at site B is set to acess vlan 651. I can ping all the devices from one end to the other.I have turned on debug crypto isakmp, debug crypto ipsec, debug crypto ipsec errors but dont get anything at all as output.I have attached the sh run for each router Cisco (1941/K9) and switch (Catalyst 3750) at each site.
View 4 Replies
View Related
Sep 23, 2012
I'm in process of purchasing a new Cisco routers for our branches that will be used primary to enable IPSec virtual tunnel interfce with "tunnel mode ipsec ipv4". does the default IOS IP Base supports this feature? or i need to purchase DATA license or SECURITY license?
View 4 Replies
View Related
Feb 22, 2012
We have two Cisco 2960 TT-L switches. I'd like to reduce single points of failure and have dual servers for most tasks. For example, two firewall servers and two web servers. Should one server fail the other will act as a failover.I'd like to extend the redundancy to the switches, and am thinking of connecting one web server to one switch, and one to the other. In the event a switch failed a set of servers would still run, and be able to talk to each other.I'd like to run two VLANs, one for the LAN, and one of the WAN, and connect the two VLANs on each of the switches with the associated VLAN on the other switch.
View 3 Replies
View Related
Jun 12, 2013
What is the difference between HWIC-1ADSL-M and HWIC-1ADSL without the "-M"?Can either of the above ADSL cards be used in Cisco 3845 router? We are using HWIC-1ADSL-M in our Cisco 3845 routers everywhere?
View 1 Replies
View Related
Apr 29, 2013
I tried any type of combination and just couldn't make it works. Only PPTP works well. Whether Apple iOS IPSec VPN is supported or not?
View 11 Replies
View Related
Mar 27, 2013
I have an existing C2821 router (2 onboard GE + 1 HWIC-2FE) currently. Like to add another 1 HWIC-2FE. Saw this doc on Cisco website which states Max of 2 HWIC-2FE for Cisco2821. Want to confirm this is indeed so as another link states max of 1 HWIC-2FE.
View 3 Replies
View Related
Jun 24, 2012
I am looking for a way to use a 3G connexion on ASR1000.Is it possible to install HWIC module of ISR2 in SPA slot or use an USB modem on the RP?
View 2 Replies
View Related
Apr 4, 2013
I want a low cost solution router with 16 10/100 routed ports...The idea is to club 16 different segments on ofc to this router via media convertor and there will be dynamic protocols such as EIGRP or higher running between these segments.
The router needs to be security enabled...the equipments needs to be a router by defination (not a layer 3 switch)..As per my understanding there is limitation on number of HWIC-2 FE that can be put in ISR G2 series due to which I cannot reach that figure...
Kindly let me know if i can use SM-ES3-16-P in the place of HWIC-2FE for this kind of requirement.
View 5 Replies
View Related
Nov 15, 2011
Does the ASR-1000 accept an HWIC module, or must one go to a SIP/SPA for all modules?
View 1 Replies
View Related
Dec 5, 2011
if the card HWIC-1SER is the equivalent card HWIC-1T for 1861 router?
View 3 Replies
View Related
Oct 3, 2009
I have cisco 3845 router with 4 HWIC-2FE card none of them is detected the message displayed is [code]
View 7 Replies
View Related
Mar 26, 2013
I just added an HWIC-16A to a Cisco 2911 router for use as a Terminal Server.[URL]I've installed and configured the card properly. However, I receive the following error message:Attempt from Cisco CLI
View 2 Replies
View Related
Jun 12, 2011
I have a Cisco 2811 router with c2800nm-adventerprisek9_sna-mz.124-2.T6.bin as IOS and i wsh to install this HWIC 4port to increase available ports on my router. Wish to know if this is going to work,that is, if i installed it the IOS available will recognise this card
View 4 Replies
View Related
Dec 20, 2012
I have cisco router 3925 and i add install HWIC-4ESW, as i sew on cisco documents you can hot swap the hwic without reload the router but i it's not working at all. How to do it ?
View 1 Replies
View Related
