Cisco WAN :: 2 ISPs / 2811 Router - Internet Access To LAN / VPN Access To VLANs?
May 31, 2012
I have 2 ISPs terminating on 2 FE ports on my 2811 router.ISP1 had always been here, used for the following:Internet access to LAN usersInternet access with public IP mapping to servers in different security zones (VLANS)Site to Site VPN tunnels to 3rd party partnersRemote VPN access to 3rd party partners We recently got a second ISP, mainly for the following:Internet access and public IP mapping to servers on seperate security zones (VLANS)Site to Site VPN tunnels to 3rd party partners as above, but different hosts So far, ISP1 and all the above service have worked based on the config below. However, having added ISP2, I have not been able to successfully create the site-to-site VPN tunnels.
version 12.4
!
ip source-route
!
ip cef
!
ip name-server 4.2.2.2
ip name-server 137.65.1.1
ip inspect WAAS enable
[code]....
Whenver I try to establish a tunnel on SDM_CMAP_2 and run a test using CCP, I get 2 failure reasons:
1. The peer must be routed through the crypto map interface. The following peer(s) are routed through non-crypto map interface - 4.58.130.130
2. The tunnel traffic destination must be routed through the crypto map interface. The following destinations are routed through non-crypto map interface - 4.58.130.134
The tunnels on SDM_CMAP_1 are all active Do I need to include a default route for the second ISP on the router? If so, how do I get this done? When I tried it, I had loops on the user LAN segment of the network.
View 5 Replies
ADVERTISEMENT
Aug 8, 2012
I have two ISP need to connect them on my router.
The Router that I have is 2811 where it contains two Fa ports only, so I put an access switch between the two ISPs and the Fa0/0 then configured the Interface Fa0/0 with two IPs ISP1 and ISP2 as a secondary.
The problem that I faced that when ISP1 become down the another secondary IP (ISP2) stay down and the internal users have no access to the internet.
View 1 Replies
View Related
Mar 16, 2013
i have one SF300-24p switch where i setup some Vlans and echolife hg8245 ONT router to access internet. the diagram is the following
VLAN1 (Subnet of users) -----> Switch SF300-24p
VLAN2 (Subnet of users) -----> Switch SF300-24p
VLAN3 (HG8245) -----> Switch SF300-24p
VLAN4 (Servers) -----> Switch SF300-24p
i want to control access to internet on VLAN1 and VLAN2 (access on VLAN3), while providing access to VLAN4.My problem is in connecting to internet, i can't find a way to "route back traffic to VLANs 1 and 2 since HG8245 don't seem to provide proper static routing ON LAN interface. Maybe without resorting to changing the HG8245 router ?
View 1 Replies
View Related
Jun 12, 2012
We have cisco 3550 switch i have configured 3 vlans in this switch vlans are not able to accessing internet
View 7 Replies
View Related
Apr 16, 2012
I am trying to setup VLAN's in the company I work for and I am almost there but missing the part when the internet works.I have an SG300 as a L3 Router IP 192.168.0.93.I have created VLAN20 and VLAN40 Assigned VLAN20 192.168.2.1 and VLAN40 192.168.4.1
The static routes have been created and a default router going to the Sonicwall firewall at 192.168.0.1.Port 24 is configured as Untagged VLAN1, Untagged VLAN20 and VLAN40 in trunk mode and going to the Sonicwall NSA 2400. [code]
Working to move all 192.168.0.x network off of VLAN1 and move it a management switch.I have DHCP helper on pointing to the DHCP server.Both VLAN's once the DHCP server is configured to Gateway 192.168.0.93 can get an IP from the correct subnet either 192.168.2.x or 192.168.4.x
All PC's are getting a GW IP of 192.168.2.1 pr 192.168.4.1.All test PC's on both VLAN's can ping each other and any server with the correct GW.When I try to ping google.com or open a web page and try google.com it times out.
View 3 Replies
View Related
Oct 2, 2012
I am trying to provide internet access to public and private SSID's on Cisco AP541n using VLAN's connected directly to ASA5505. VLAN1 is inside interface (private) and VLAN12 is wlan interface (public SSID). The AP541n is plugged into switch port 0/7 on an ASA 5505.Port 0/7 is configured as trunk mode. I have internet access when connected to private SSID but no internet access when connected to public SSID. why I can't access internet on public SSID?
logging class ip history emergencies
mtu inside 1500
mtu outside 1500
[Code].....
View 5 Replies
View Related
Apr 27, 2013
They have a locked Cisco Router which is from the ISP and its confed on a fa 0/0 interface to share Internet access on the network. The ip on that interface is 195.198.11.217 255.255.255.252 and i tried it with a PC (set my personal ip to .218 and entered their dns info (195.67.199.27) and it is working. The question is now. My friend found a 3550 laying around and since the ISP wont let them conf their router he wants to use the 3550 to create 2 vlans with internet access and without access to eachother. Vlan 10 for the desktops and Vlan 20 for the wireless (Moving on to some netgear wireless switches) How would you configure the 3550 for this to work?
View 23 Replies
View Related
Apr 5, 2013
i am trying to set up a cisco 2950 with a vlan to seperate all of the pos machines on the network (4 of them) from all other machnes in the building (3 hard wired and wi-fi). i was going to use vlan 1 as a trunk to allow internet access to go from fa0/1 to both vlans (vlan 10 and vlan 20). i have read things about the acl having an explicit deny at the end, so i'm thinking that is my problem. i am testing it at my house before deploying it to the network. i have 1 laptop setup with an ip of 192.168.0.50, and the other is .60. my router is 192.168.0.1. i have the ethernet from the router plugged into fa0/1, the 1st laptop on fa0/2 and the other at fa0/3. before i set the vlans up, i checked the communication by just plugging them in and trying to ping, they could both ping each other, the router and 8.8.8.8. when i finished setting up the test vlans, they could not ping each other(what i wanted) and laptop 1 can ping the router, and 8.8.8.8. laptop 2 cannot ping anything.
the only thing i did was create vlan 10 and 20, set port fa0/2 to vlan 10 and no sh, fa03 to vlan 20 and no sh, fa0/1 to vlan 1 and no sh. then i did switchport mode trunk on fa0/1, and switchport native vlan 1. this seems to be how i was supposed to do it, but it's been a while since i have worked with switches. i'm sure it's simple, but after searching the internet and poring over my cisco books for 5 hours, it is turning out not to be the case. here are some details:
greenhouse#sh int fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
[code]...
View 10 Replies
View Related
Feb 22, 2012
I have a small cisco switch cluster (seven different 2924, 3524cisco switches) with 3550 as a cluster control which does all the inter vlan routing that works fine.
This cluster is in semi production PBX interop testing lab. This is a closed network without internet access and not connected to our corporate network.However now I have to add this capability so some equipment in the lab can get Microsoft updates over the internet.
I've created a port on a 3550 (fa0/19) and connected it to another network that has internet access. It picked an ip address and when I'm logged in to the 3550 I can ping hosts on the outside network. However I can't ping any hosts on that network from any hosts that are connected to my vlans.I've tried a few different things, but still can't make it to work.
Here is a short version of my 3550 configuration:
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
[code]....
View 13 Replies
View Related
Feb 23, 2012
I have configured vlans in 3560G switch but vlans notable to accessing Internet
View 6 Replies
View Related
Nov 1, 2011
does cisco 2811 support?if no, can i make it work for BGP?also, i want to know the configuration of bGP for twoo ISPs for link failover.it will be google if u tell me step by step approach for configuring it
View 1 Replies
View Related
Feb 17, 2013
We need to give differentiated internet access to three VLANs. Each one of this VLANs is used for totally different purposes, so traffic between the VLANs is not allowed. Each VLAN has its own internet access provided for the data center using one fast ethernet connection.
We're thinking about using cisco 2911 for Internet access, VPN and firewall. I suppose that best option for VLANs is using Catalyst 2960S or a swithing module for the 2911, but these two options are too expensive for us. We're thinking about using swtiches from the SB series (maybe a SG-200).
We're totaly newbies to VLANs so we have many doubts. This are our questions:
1) The 2911 has three on board ethernet interfaces; we have three VLANs and three internet connections, so we need to use HWICs to get three more ethernet ports. That's right?
2) We need three HWICs or there is some kind of HWIC with more that one ethernet interface?
3) The routing solution is to assign static routes in the 2911 for each interface connected to a VLAN through a 2911's interface connected to internet?
4) Simply connecting three different router interfaces with three different switch ports, each one of them assigned to one of the three different VLAN, are we going to get internet access for all devices in those VLANs? or do we need to configure something else like trunking, VSIs...?
5) Can we achieve our goals using the SG-200 switch?
6) We have the chance to use older routers, is this possible? We're specially interested in knowing if a 1841 or a 2801 router could be used for this setup.
7) This is not a production environment so we can use refurbished equipment.
View 4 Replies
View Related
Aug 3, 2012
I have a Cisco C3560CG which is running C3560c405ex-UNIVERSALK9-M), Version 12.2(55)EX2.The switch has vlan 1 and vlan 50 configured, vlan 50 should have access to a limited number of host in vlan 1.The following acl has been applied on the inbound to vlan 50:
10 permit tcp 10.16.30.0 0.0.0.255 host 192.168.15.243 eq 137 138 139 445
20 permit udp 10.16.30.0 0.0.0.255 host 192.168.15.243 eq netbios-ns netbios-dgm netbios-ss 445
25 permit icmp 10.16.30.0 0.0.0.255 host 192.168.1.243
26 permit ip 10.16.30.0 0.0.0.255 host 10.16.30.254
30 permit ip 10.16.30.0 0.0.0.255 host 192.168.15.254
[code]....
I sure the above would work, but for some reason some of the packet counter are not incrementing but the traffic is being blocked. But I would like to see the counter increment.Also I have that I may beed to use VACL wouls this be the case?
View 26 Replies
View Related
Jul 7, 2012
i have two public IPs on ASA5510 + Remote Access VPN Client, what i want to achieve is, i want VPN client users to be able to login using any of the two ISP's IP to remote connection to the ASA. what is the command to use to achieve this.
Secondly, i have setup the primary link VPN through ASDM but thinking i should do the same thing and add the "backup" interface.
View 1 Replies
View Related
Mar 21, 2013
We have two 2811 router with configured interfaces:
Router1
interface FastEthernet0/0.380 encapsulation dot1Q 380 ip address 192.168.232.18 255.255.255.248 no snmp trap link-status crypto map clientmap!
interface FastEthernet0/0.382 encapsulation dot1Q 382 ip address 10.132.1.126 255.255.255.252 no snmp trap link-status
interface Vlan1 ip address 192.168.5.1 255.255.255.128 ip nat inside ip virtual-reassembly
ip route 0.0.0.0 0.0.0.0 192.168.232.17
ip route 10.132.254.35 255.255.255.255 10.132.1.125
Router2
interface FastEthernet0/0.197 encapsulation dot1Q 197 ip address 192.168.222.2 255.255.255.248 ip nat inside ip virtual-reassembly no cdp enable
interface Vlan1 ip address 192.168.1.1 255.255.255.128 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452
So my case is: computer from router1's network can ping 192.168.222.2 (router2 -FastEthernet0/0.197 )computer from router2 network can ping 192.168.232.18 (router1- FastEthernet0/0.380),but can't ping 10.132.1.126 (router1- FastEthernet0/0.382).
How can i connect vlan 380 and vlan382.I want the three vlan to see each other.Is this happen with IRB or not?
View 4 Replies
View Related
Jun 2, 2011
my problem is this:we have two 2811 router with configured interfaces:
Router1
interface FastEthernet0/0.380 encapsulation dot1Q 380 ip address 192.168.232.18 255.255.255.248 no snmp trap link-status crypto map clientmap!
interface FastEthernet0/0.382 encapsulation dot1Q 382 ip address 10.132.1.126 255.255.255.252 no snmp trap link-status
interface Vlan1 ip address 192.168.5.1 255.255.255.128 ip nat inside ip virtual-reassembly
ip route 0.0.0.0 0.0.0.0 192.168.232.17
ip route 10.132.254.35 255.255.255.255 10.132.1.125
Router2
interface FastEthernet0/0.197 encapsulation dot1Q 197 ip address 192.168.222.2 255.255.255.248 ip nat inside ip virtual-reassembly no cdp enable
interface Vlan1 ip address 192.168.1.1 255.255.255.128 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452
so my case is:computer from router1's network can ping 192.168.222.2 (router2 -FastEthernet0/0.197 )computer from router2 network can ping 192.168.232.18 (router1- FastEthernet0/0.380),but can't ping 10.132.1.126 (router1- FastEthernet0/0.382)How can i connect vlan 380 and vlan382.I want the three vlan to see each other.Is this happen with IRB or not?
View 11 Replies
View Related
May 1, 2012
I have a cisco Swtich SGH 300-20 Gigabit switch i configure 2 vlan one is default and one is vlan 10
Vlan 1 ip range 172.16.0.0/23
Vlan 10 ip range 172.16.2.0/24
Client on Vlan getting Proper IP from DHCP Server all i need is to distribute internet bandwidth we have 6/3 mb and i want to give 4/2 mb to vlan 1 and 2/1 mb to Vlan 10
Int Gi16 on switch is configured as trunk port and is connected to cisco 2811 router
what are the command used to distribute bandwidth between these 2 vlans
View 3 Replies
View Related
Sep 3, 2012
I have a router 2811 that it's configured with VPN remote access and I'm trying to block clients based on their MAC address, I tried configuring access interface as routing/bridging, configured an ACL 750 for 48-bit MAC address access list and enable "bridge-group 1 input-address-list 750" command on bridged interface, but the only match I got when VPN clients access the LAN is from router interface.
Internet(VPN) ---> Router1 (FE 0/1) ---> Router1 (FE 0/0) --> Router2 (FE 0/0) --> Router2 (FE 0/1) --> LAN
I tried configuring on Router1 (FE 0/0) interface and also on Router2 (FE 0/0) interface with same behaviour. Router2 is used for internal NAT.
bridge irb
bridge 1 protocol ieee
bridge 1 route ip
[Code].....
View 4 Replies
View Related
Jun 1, 2012
I am trying to configure router on a stick with 2811 and 3750, but I just cannot get it to work - vlans are not getting propagated from 3750 to 2811: 3750:
Code...
View 1 Replies
View Related
May 18, 2011
Abruptly internet access disappeared. It's a router issue, none of the computers here can connect. Further, I can't access the router through a browser - 192.168.0.1 results in a "Firefox cannot connect" message. I've tried resetting the DNS to no avail. I'm typing via cell phone and it's annoying, but I'm willing to try about anything.
View 4 Replies
View Related
Apr 21, 2011
We suffer some problems with our remote 2811, that has two WAN links (two different ISP) - we cannot get access to both of WAN at the same time.
At first, the aim was to load balance the traffic between wan links: at first we tried to use OER, but users complained about instable internet connectionthen we tried PBR + NAT Generelly we have just the same scheme as [URL] : dual WAN linksPPTPPPPoE over ADSLequal static routesNAT using route map The problem itself: When both links are up, the 1st WAN is pingable, and the 2nd is notWhen the 1st link goes down the 2nd becomes pingable and accessible and vice versa. When I disabled the CEF, the 1st was still pingable and the 2nd became pingable too, but very unstable
View 3 Replies
View Related
Jan 30, 2012
Trunk from 3500 going into SF300-8 #1 QNQTrunk from SF300-8 #1 going into trunk SF300-8 #2QNQ from SF300-08#2 going into Trunk SF300-24, All Vlans from Network 1 seem to be communicating properly between the 3550 and SF300-24 and is isolated from the Transport Network by QnQ. I am having one problem, I can not ping the SF300-24 or get to the management interface. I am able to access other devices on the SF300-24 Vlan1 from devices on the 3550 Vlan1 and vice versa.
View 1 Replies
View Related
Apr 2, 2013
I have a 2811 Router (config below) with VPN configured. I can connect through the VPN and access devices on the native VLAN but I can't access the 10.77.5.0 (VLAN 5) network (I don't care to access the 10.77.10.0 - VLAN 10 network). This issue has been plagueing me for quite a while. I believe it's a NAT or ACL issue. VPN client IP pool is 192.168.77.1 - 192.168.77.10. [code]
View 4 Replies
View Related
Mar 1, 2011
Is it possible to have a WLAN only be active during set times of the day?.I have a WLCM in a 2811 router but I can't find any type of setting that will let me enabe a WLAN at 6pm and disable it at 7am.
View 3 Replies
View Related
Aug 22, 2011
I have a Cisco 2811 router with C288nm-advsecuruityk9-mz.151-4-4.M.bin IOS version.The router has two LAN interface FE 0/0 and FE 0/1.The router have too, two interfaces ADSL ATM0.0.0 and ATM 0.0.1, both are connect to internet..I need the next configuration.The interface FE 0/0 is directly connect to a Switch A.The interface FE 0/1 is directly connect to a Access Point Cisco.The Access Point and the Switch is not connecting between.The subnet of Switch A and AP are different (Switch A 192.168.180.0/24 and AP 192.168.181.0/24)The devices in the switch A have dynamic IP address, the router must be a DHCP pool to assign theses IP.The device in the AP have dynamic IP address, the router must be a DHCP pool to assign theses IP.I created two DHCP pools in the router, one for the subnet 192.168.180.0 and other for 192.168.181.0, but the devices of FE 0/0 assign IP of 192.168.180.0 or 192.168.181. 0, but not only in the 192.168.180.0.
View 5 Replies
View Related
May 27, 2012
I have an issue where my vpn clients are unable to access certain vlans in my network.I have configured an ASA 5520 with VPN access using the wizard and using the ASA as a dhcp server for VPN clients. I find that this allows the clients to access server resources such as the Exchange and Domain Controller but I find that these vpn clients are unable to ping each other as well as certain vlans that I have.Is there a way to configure the ASA to use a particular vlan that is already configured on the core switches?If I create a vlan interface and set the IP of it to 10.50.x.x then the vpn clients are suddenly unable to connect to any network resources...
View 1 Replies
View Related
May 29, 2012
I has 4 VLANs and I want a MAC address has access to a VLAN, but not to another.
I used ACLs, but this will block the access to the access point, How to get the mac address will have access to a VLAN, eg no other Vlan? I has 4 VLANs and I want a MAC address has access to a VLAN, but not to another.
I used ACLs, but this will block the access to the access point, How to get the mac address will have access to a VLAN, eg no other Vlan?
View 6 Replies
View Related
Nov 22, 2011
I running site-to-site IPsec VPN in Cisco 2811 IOS 12.4 both site. Here I encounter a problem to access server on Site A from Site B
Site A having Leased Line connected to router with Public IP. I have done static mapping 1 web server to Public IP (NAT). This to allow external users to access the server via Public IP. At the same time, users at Site B would need to access to same server via Internal IP since they have Site-to-Site VPN established. But once I done Static Mapping (NAT), user at Site B unable to access the server at Site A using its internal IP. But external user can access server via Public IP. What went wrong here. Do i need to add extra command to get this done?
View 3 Replies
View Related
Jul 9, 2012
I supplied 3 numbers of SG300 series switches for the sole reason to have inter-vlan routing. I created 4 VLANs in the switches and made one switch as Layer 3 switch and other 2 as Layer 2 switch. Inter-Vlan routing is working fine. I am able to ping PCs from different VLANs. But I am not to access shared folders. Customer has installed Window 2003 server installed and it is in VLAN 1. There are some folders created in this server and it is very important for users to have access to the folders.Also, I am not able to access shared folders in other VLANs. I have created a case with Cisco small business and I got a reply saying that the switches will not support shared folder feature, which I think is not real. I am getting a very time to implement this solution in the network. I have a Sonicwall firewall after Core switch which is connected to ISP.
View 1 Replies
View Related
Sep 27, 2010
I have the following configurations in cisco CISCO7606 (R7000). Its meaningful to have the below configuration, wherein , we are allowing multiple vlans on the access port?
interface FastEthernet4/45
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 124-127,423,478,493,578,699,751,787,895,987,1981
switchport mode access
end
interface FastEthernet4/46switchportswitchport trunk allowed vlan 124-127,423,478,493,578,699,751,787,895,987,1981switchport mode accessend
View 3 Replies
View Related
Apr 19, 2013
I am facing problem in configuration with SF-200-24P Switch . I am failed to configure two vlans on same access port i.e. data vlan and voice vlan. there is an option of auto voice vlan with vlan 1 and i changed to our voice vlan i.e. vlan 101 but didnt work. I tried many options. when i assign single vlan on each
access port it works . I have to configure like to work both data vlan and voice vlan with one access port. I worked on enterprise cisco switches its simple but on small business switch first time i am working.
View 1 Replies
View Related
Jan 4, 2012
ASA 5505 vlans routing & access-list?
View 4 Replies
View Related
Dec 25, 2012
I have been trying to figure out a NAT issue on my 2811 and the inspect engine.I have 'ip inspect FW out' on my outside interface. If I turn it off, I also have to remove the access-list applying to inbound traffic on that same interface. Why is that? This whole thing centered around SIP registrations from devices on my LAN to my provider. The provieder is showing that I am registering from a high end port (1024 or something crazy). He said that it sounds like some type of SIP ALG or something on my router. For the life of me, I can't figure out what would be causing it. I am just using a standard route-map that points to the outside interface using 'overload'.
View 6 Replies
View Related
