Cisco WAN :: 2500 - No Matching Route To Delete Error
May 15, 2012
I am trying to remove a static route I added: [code]
I was practicing setting up static routing on three routers r2 (2600xm) connected to r1(2600xm) via T1 module cards on the serial ports. connected to r1 is an old 2500 router called PC.
I removed the static routes off r2 and PC but when I get to r2 which I am connecting to via console cable from another 2500 that I use for an access server I get the above error. all the IPs are just generic subnets I created to play around with static routing. I
View 4 Replies
ADVERTISEMENT
Jan 12, 2012
I'm performing tests with following desired scenario: We have several remote offices, connected to our HQ via MPLS. In these remote offices, we have several vlan's. Each vlan has it's own ip-range. The MPLS cloud is routed, so we cannot switch our HQ vlan's to the remote offices. In this case, the client pc is in a guest vlan which allows him internet access. The uplink for this internet access is hosted in our HQ datacenter.
basic scheme:
client pc --> MPLS cloud (managed by ISP) --> 6500 switch LAN --> Checkpoint Firewall --> 6500 switch DMZ --> ASA Firewall
My test scheme:
Client pc is in a subnet A (guest vlan range office).
We receive this traffic on our first LAN 6500.
[Code].....
View 29 Replies
View Related
Nov 23, 2012
On 1811W Router i have OSPF running and i do not need this static route.ip route 192.168.20.0 255.255.255.0 192.168.20.3,when i try to delete i get error ,1811w#,config t,Enter configuration commands, one per line. End with CNTL/Z.,1811w(config)#no ip route 192.168.20.0 255.255.255.0 192.168.20.3,%No matching route to delete,1811w(config)#.
View 7 Replies
View Related
Sep 30, 2012
We have Cisco 1921 routers that a provider is using for MPLS. They have it configured so that all internet trafic is passed to an internal ip address that is our proxy server. However, they are pushing all of the routing rules down to the workstation which is causing the local route tables to grow to be massive in a very short time.
For example, the second I ping a website, the ip address is resolved and then the route is added for the source ip address with the default gateway of the proxy server.
Is this normal? I would have thought that all the rules would have been handled by the router and let it keep the table entries.
View 1 Replies
View Related
Jun 6, 2011
I have problem with icmp traceroute configuration. When I enabling icmp error inspection in global policy, my traceroute results through ASA 8.2.4 looks like this: My traceroute [v0.75]
icmp inspection and ttl decrement on ASA is enabled. Also I configured ACL on outside interface to permit ICMP completely.
View 14 Replies
View Related
Dec 7, 2012
I believe that the Cisco Unified Communications Manager Express matches the outbound VoIP dial peer digit-by-digit, because:
1. when using the debug command it shows how it works digit-by-digit till it match a pattern
2. It says in the study guide ( If a match is found, the router immediately processes the call - chapter 6) so I understand its not en bloc
View 3 Replies
View Related
Aug 15, 2011
my config and all the show's ive run sofar tryign to figure this out, but the policy map isnt matching the traffic for some reason
View 9 Replies
View Related
Oct 3, 2012
I have a Cisco ASA running 8.2 in routed mode.The ASA has three interfaces, inside, outside and DMZ. They connect to the following three networks:
Inside: 10.1.1.0/24
Outside: 10.1.2.0/24
DMZ: 100.1.1.0/24
I have the following dynamic PAT configuration:
nat (inside) 1 10.1.1.0 255.255.255.0
global (outside) 100.1.1.1
nat control is turned off.
By my understanding any traffic from the inside to outside interface will be PATted to 100.1.1.1. However, communications between inside and the DMZ will not be PATted, and should work with no problems.This seems to be corroborated by this document: [URL]Which states:"The adaptive security appliance translates an address when a NAT rule matches the traffic. If no NAT rule matches, processing for the packet continues."EDIT: I may have misunderstood the above statement.I found this guide to configuring NAT/PAT: [URL]It states:"When you specify a group of IP address(es) in a nat command, then you must perform NAT on that group of addresses when they access any lower or same security level interface; you must apply a global command with the same NAT ID on each interface, or use a static command. NAT is not required for that group when it accesses a higher security interface because to perform NAT from outside to inside you must create a separate nat command using the outside keyword. If you do apply outside NAT, then the NAT requirements preceding come into effect for that group of addresses when they access all higher security interfaces. Traffic identified by a static command is not affected."My problem is that packet tracer does not seem to bear me out. It tells me the packet is dropped due to "no matching global" when I source traffic from the inside interface and send it to the DMZ.
View 3 Replies
View Related
Sep 20, 2011
I have a command line from ASA 5505 like below :
nat (inside) 0 access-list NO_NAT
The problem is I cannot see any matching ID of 0 at the (outside) like :
nat (outside) 0 xxxxxxxxxxxxx
Another problem is there is also no any access list with the name of NO_NAT.
View 2 Replies
View Related
Jun 24, 2011
Got to set up a site to site VPN to one in a clients office and we're struggling to get Phase 2 working, just seems to loop around saying "Received encrypted packet with no matching SA, dropping" which to me means the ACLs arent mirrored correctly?
View 3 Replies
View Related
Mar 29, 2012
i have firwall ASA5400, and the outside interface connected to internet router but i noticed that the interface speed in the outside interface is 1000M, but on the internet router is 115 M. so the interface in the router is highly utilized and also the firwall cpu highly utilized. [code]
View 0 Replies
View Related
Jun 23, 2011
I am trying to set up remote access vpn on an asa 5520 running 8.4.1. I have the ipsec group, policies, and ip pool set up. When I try and connect with the cisco vpn client I see the following in the logs. Deny icmp src outside:214.67.39.42 dst outside:24.252.51.73 (type 3, code 3) by access-group "acl_inbound". Do I need to put in some firewall rules to allow this traffice so that the VPN can connect?
View 9 Replies
View Related
Jul 14, 2011
ASA is the server, 2651 is the client. Phase 1 is negotiating, after entering XAUTH on the 2651, the ASA is showing:
Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 10.250.2.0/255.255.255.0/0/0 local proxy 10.10.3.0/255.255.255.0/0/0 on interface Outside
Not sure what this means in this instance, the maps are setup the same as the article below. I guess I more expected that sort of error if this was a static tunnel and there was an ACL issue. I don't have a lot of knowledge on the Easy VPN with the ASA. [code]
View 1 Replies
View Related
Aug 23, 2012
We are configuring a twice-nat to send traffic for scansafe, its on a asa5505 ve 8.4(3) on a remote location for the customes. The nat redirecion is working but we also have a VPN tunnel to the corporate network. Through the tunnel we need to reach a http server. The problem we are having is that when we add the scan-safe nat, all http traffic gets redirected to scansafe, includind the traffic to the http server on the corporate network.
10.2.1.0 ---<ASA5505> ---Internet,scansafe ---- <Corporate> --- 10.1.1.0
the http server is 10.1.1.75
the remote location network is 10.2.1.0/24
[Code].....
View 9 Replies
View Related
Sep 18, 2012
My company is composed of three different campuses, all with a similar network topology. We currently are experiencing high bandwidth on our serial interface at one of the campuses in particular. The network is composed of about 20 VLANS routed internally using a Cisco 6509. Traffic to the outside is PAT’d by an ASA 5510 and then forwarded through our edge router interface. Each VLAN is PAT’d to a specific public address.Due to the PAT, how would you recommend determining what specific private addresses are consuming our resources on the serial interface. When I look at our NMS, it reports the public address, but that only narrows it down to a VLAN. For example, all the devices in VLAN 6 are translated to 146.34.118.245, and 146.34.11.245 is a top talker.
View 1 Replies
View Related
May 15, 2012
RV220W - I'm trying to create a one-to-one NAT connection to a PC on my network. I have 5 static IP's assigned by my ISP. I've gone through the step of 'registering' each IP in turn on the WAN port, and pinging that IP from an external device until it starts to respond, then I set the WAN IP back to the one I want to use to manage the device.
I think what I want to do is simple. I simply want to NAT ALL traffic hitting my 2nd IP address, let's call it 24.15.120.73 (not the real value) to 192.168.1.10 internally. I want ALL ports both UDP and TCP to be forwarded. This Server is then going to be one end of a VPN tunnel going to another site, but I don't want to complicate things with that for now. So I can't even seem to get one-to-one NAT working! I created the one-to-one NAT on the Advanced tab of the firewall and created rules for all ports for UDP and TCP, but I can still never 'see' the internal server from the Internet. Also, the server will not get out to the Internet (can't hit Google, etc).
View 2 Replies
View Related
Jul 2, 2012
My router password is "55xxxxx"
But when I want to change the router password in CCC, it warns me "Current password is not match"
View 1 Replies
View Related
Sep 6, 2012
Im having a (from google-fu) seemingly unique issue with load balancing. So for background, I am running the ACE 4710 device in "on a stick" mode, so I am using NAT and all that good stuff. I am also utilizing class maps and host header matching so I can save on IP space. [code]
Basically, as soon as I add that ACL_CLASS_beta.mainsite.com class map, all I get back from the ACE is RST packets and it comes back with an L7 LB Policy Miss.
It SEEMS like it should work, but it doesnt seem to like matching on those source addresses at all.
View 1 Replies
View Related
Jun 24, 2011
I've enabled antispoof on all interfaces on asa 5510.If you start a traceroute to a network on the default route, everything works, since replies comes to an interface with route 0.0.0.0/0 defined.If you start a tracer route to a network that is NOT on the default route (let's assume coporate MPLS), you only get response from first carrier router, the other are discarded because of anti spoof violation.
I have ICMP inspection and icmp-error inspection enabled.
View 1 Replies
View Related
Jul 26, 2011
I have been trying to delete unwanted contacts from my contact list. I have done all of the things on your list and nothing works. Your old system was so much better'than this new yahoo mail. Why did you change something that worked, and was so much easier to understand?
View 1 Replies
View Related
Aug 5, 2012
i created a new wireless network by going to network instrastructure and right clicking on pk5000z ap and configure. then set up a network pop up asking for 8 digit pin from the router label i typed the pin in. now that i made a new network the new network shows up instead of my old network.i cant connet to my old network even if i type it in manually. ive tried to delete the new network in manage wireless networks. but it still shows up.
View 5 Replies
View Related
Apr 24, 2011
I get error message like "can't delete old iTunes downloader or something like that.
View 5 Replies
View Related
Sep 19, 2011
How to delete non existent domain
View 1 Replies
View Related
Nov 13, 2012
I recently cleared out a router. I did that by typing confreg 0x2142 in rommon mode. Once I was in enable mode
[code]...
View 3 Replies
View Related
Dec 22, 2011
I'm trying to automate our rollout process with kiwi cat tools. I want to copy a file via TFTP or FTP: Cisco tftp menu knows the latest ip address which it was connected to.
View 3 Replies
View Related
Jun 28, 2011
I've inherited some ACS appliances from another part of my organization. I need to keep most of the settings but want to remove all the AAA clients; and preferably not one-by-one. I don't see a way in the documentation and web searches have proven fruitless.
View 1 Replies
View Related
Mar 10, 2005
I was given a 510 PIX Ver 6.3(1)to reconfigure but have no information on the existing configuration and need to wipe it clean and start over how can I do this to get back to the factory default settings. I have tried the "monitor>" but I don't know the IP address of the PIX interface.and am not sure how to do the setup for recovering the password.
View 7 Replies
View Related
Oct 23, 2011
We are evaluating Cisco ACS 5.2 and I can not delete a service policy that was created. The message we receive is " the item that you are trying to delete is being referenced by other items". I am new to ACS, but I did go through each tab in the manager multiple times.
View 5 Replies
View Related
Oct 17, 2011
I had install third party CA cert and device cert into the WLC. I would like to ask is there any command can delete these certificate?
View 2 Replies
View Related
Mar 28, 2011
delete a lease from a DHCP scope on a WLC 5508? I'm using that unit as the dhcp server, no relay. I am unable to find anything either through the web or cli.
View 2 Replies
View Related
Dec 5, 2011
i'm at the moment not able to delete a licence from a 4710 Balancer. The Problem: We've this ACE from our Service-Partner, and on the chassis was a SSL-7500 licence installed. The file was deleted from the partner, but NOT uninstalled!
Now, the ACE works with this licence:
#show license status
Licensed Feature Count
[Code].....
View 6 Replies
View Related
Jun 25, 2012
on the acs 5.2 , how to delete specific log for user X, ?
View 3 Replies
View Related
Dec 3, 2011
Discovery got a little messed up when importing from LMS 3.1
Basically I want to flush all devices from all the different LMS modules. If I delete all devices from Device Management they seem to stay in Topology Services / Device Discovery / Data Collection etc.. They keeps the old device in their own database.
Is there a way of flushing all devices from all these different modules. I'm going to re-import them with a clean CSV import file.
View 5 Replies
View Related
