Cisco WAN :: 2851 How To Make Spoke Going To Hub To Get To Internet
Mar 23, 2011
Imagine MPLS network. Total of 4 sites.
HQ-HUB is the only site with access to the Internet.
So if Site1 or Site2 or Site3 need to access the Internet, traffic will have to go through HQ-HUB and from there reach the Internet.I have routes 2851's on the spoke sites. Which command or mechanism you would explore in this case to make the spoke sites point to the HQ-HUB to reach the Internet?
Would you do this based on DNS settings or getting an access-list & static route defining when the spoke routers traffic need to go the internet, point to the HUB-HQ as the default?
View 3 Replies
ADVERTISEMENT
Nov 6, 2012
I am setting up a lab network to emulate our production network and am using a single 2851 to emulate both my MPLS provider (only running BGP, not actually running MPLS) and our ISP that we use for our DMVPN secondary network.
Because I am using one router to function as both service providers I am running VRF's to keep the routing tables separated. So far basic connectivity works fine, I can ping from the PE 'MPLS' VRF to the data center CE interface and the ISP side is working as well.
Pinging across the ISP VRF
lab-isp#ping vrf TW 66.193.134.46Type escape sequence to abort.Sending 5, 100-byte ICMP [code]...
BGP is up from both the data center MPLS CE and the data center internet router. BGP on the data center internet router:
lab-dc1-inet#sh ip bgp summ
BGP router identifier 66.193.134.46, local AS number 33415
BGP table version is 4, main routing table version 4
[code]...
BGP on the data center MPLS CE
lab-dc1-1#sh ip bgp summ
BGP router identifier 10.152.1.250, local AS number 65000
BGP table version is 2, main routing table version 2
[code]....
This is my first attempt at using VRF's in this fashion and could have easily missed something or used a config that is not necessary.
Here is the configuration on the MPLS PE/Internet router.
ip vrf CL
rd 1:1
route-target export 1:1
route-target import 1:1
[code]....
View 1 Replies
View Related
Feb 18, 2012
I'm setting up a L2L VPN Hub and Spoke. I have 3 sites (1 HUB and 2 SPOKES).
HUB-----------SPOKE1
|
|
|
SPOKE 2
HUB and SPOKE 1 is okay. My problem was the communication between HUB and SPOKE 2. PING failed on both directions. BTW, I am simulating this only in GNS3. :-). The configuration for HUB and SPOKE 1 are the same also for HUB and SPOKE 2.
Here is my show isakmp sa and ipsec sa on HUB
ciscoasa# sh isakmp sa
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
[Code].....
View 4 Replies
View Related
Nov 19, 2011
suppose i have 2 hub location and one spoke and i want to config DMVPN between them and want to keep 1 HUB as active and 2nd HUb as passive then how its possible.
View 2 Replies
View Related
Aug 12, 2012
I currently have a "hub" ASA 5505 that links to 4 sites running 877 routers. From the hub network i can connect to all sites fine but what i would like to do is to almost compartmentalise the various VPN links into little clusters.The hub ASA 5505 basically provides IP telephony through the VPN's from a PBX allowing the users at the other end of the VPN to make outgoing calls and recieve incoming calls. However, a couple of the sites would like to be able to call between eachother internally via the hub. This obviously requires traffic to be allowed between their various networks. Currently when you attempt an internal call it rings but there is no audio either way. I assume this is due to access list restrictions. I am not even sure whether what I am trying to achieve is possible. I've attached the hub and 2 spokes below. The ideal end result would be interconnectivity between the two spokes via the hub, from reading up it would seem that its possible but i can't quite get my head around it! Would it involve using different subnet masks at the hub?
View 1 Replies
View Related
Jan 12, 2012
i am trying to set up a tunnel connection between twO 2800 routers A<->B
1) destination ip is-204.x.x.x-ROUTER A2) source ip is 166.x.x.22-ROUTER B The router B has the modem connected to GE0/1 whose interface ip is 166.x.x.22 The ip-forward-protocol nd is configured as below
ip route 204.x.x.x 255.255.255.255 166.x.x.21
Also tunnel 1 configuration,isakmp policy are configured properly when i run show crypto isakmp sa it shows MM_NO_STATE,i checked the preshared key on both ends and they are same.whenever i remove the ip address of the interface Ge0/0 and ip route i can ping the 166.x.x.21 which is the modem gateway.when i revert back the configuration to the above ,the ip 166.x.x.21 cannot be pinged,the dsl connection is live though.ways to fix this so that i can make this tunnel state to QM_IDLE?
View 1 Replies
View Related
Jul 11, 2011
I want to build a "hub and spoke" topology for one of my clients. For the "HUB" , I'm planning to use an SA540, with a static public IP provided by a 4Mb SDSL. For the "spokes" (21 at the moment), I'm planning to use RV120. They will be behind a NAT, provided by a "SAGEM LIVEBOX", and a static public IP. The boss will connect to the HUB using Cisco VPN client, or quickVPN, and get access to all the spokes. Some spokes will have to connect to each other, via the HUB. I searched a long time on this forum and reading documentation, but I didn't find at the moment the answer to my question : is this topology suitable with the choosen hardwares ?
View 7 Replies
View Related
Apr 7, 2011
I am having real problems trying to build resiliency into a hub and spoke frame relay scenario. I know the hub is a single point of failure. Is there any way to put some resilience into the network? There is 4 attached branch offices.
View 8 Replies
View Related
Mar 26, 2012
I'm trying to set-up 3 remote access groups on an ASA5520 running version 8.4(3) software so that remote clients connected via Cisco VPN Client can also access spoke networks which are also connected to the ASA. I've previously set this up on ASAs running v7.2 software without issue but don't seem to be able to do the same here and can't for the life of me figure out what's wrong!
I have set-up the 3 remote access groups:
Group 1 - subnet 192.168.1.48/28Group 2 - subnet 192.168.2.0/25Group 3 - subnet 192.168.3.0/25
My remote access user groups can all connect to the head office subnet (10.0.0.0/8) without issue. But only one of the groups (192.168.1.48/28) appears to be able to access the spoke sites (172.30.10.0/24 and 172.30.20.0/24) that I have set-up. However, I can't see what the difference is between the 3 groups I have configured so can't understand why it works ok for one group and not the others?
When I use the packet tracer, it tells me that the flow is being dropped at the VPN encryption phase but why is that? How can I find out more? Here's the relevant config on my ASA:
!same-security-traffic permit intra-interface!crypto dynamic-map remoteuser 5 set transform-set ESP-3DES-MD5crypto dynamic-map remoteuser 5 set security-association lifetime seconds 28800crypto dynamic-map remoteuser 5 set security-association lifetime kilobytes 4608000!crypto map outside_map 65000 ipsec-isakmp dynamic remoteuser!ip local pool pool1clients 192.168.1.49-192.168.50.54ip local pool pool2clients 192.168.2.1-192.168.2.126ip local pool pool3clients 192.168.3.1-192.168.3.126!access-list split-tunnel-pool1 standard permit 10.0.0.0 255.0.0.0 access-list split-tunnel-pool1 standard permit 172.30.10.0 255.255.255.0 access-list split-tunnel-pool1 standard permit 172.30.20.0 255.255.255.0 !access-list split-tunnel-pool2 standard permit 10.0.0.0 255.0.0.0 access-list split-tunnel-pool2 standard permit 172.30.10.0 255.255.255.0access-list split-tunnel-pool2 standard permit 172.30.20.0 255.255.255.0 !access-list
[code].....
View 12 Replies
View Related
Aug 9, 2011
Is there any suggested upper limit to a single EIGRP hub-and-spoke design (i.e. with a single central router)?
Router is a 2900 ISR
I'm vaguely aware of a similar design limitation with OSPF areas where no single area should contain more than 40 - 80 routers. Could be heresay...
View 13 Replies
View Related
Mar 25, 2013
Is there any suggested upper limit to a single EIGRP hub-and-spoke design (i.e. with a single central router)?Router is a 2900 ISR,I'm vaguely aware of a similar design limitation with OSPF areas where no single area should contain more than 40 - 80 routers.
View 8 Replies
View Related
Apr 14, 2013
I'm working on a new DMVPN configuration with one 3745 at the hub site and a 1941 the spoke. I have internet through gsm for the primary line at the spoke and a dsl line for backup on spoke.I have one tunnel interfaces on both the hub and the spoke.Currently my VPN tunnel is coming up fine , however we are planing to do an ISP failover at spoke side . since in the tunnel interface i can only define one "tunnel source interface" which is gsm cellular interface , i don;t know how to use my another ISP for the same tunnel interface as it will always initiate traffic from gsm.
do i have to create another tunnel interface with same hub site , or do i need another hub as backup? is their any other way to create loopback interface and initiate the traffic from that loopback?
View 1 Replies
View Related
Sep 4, 2012
Wanted to know how i could make my usb internet dongle into a wifi device, so that i could use the same usb internet connection on other devices VIA Wifi
View 3 Replies
View Related
Aug 20, 2011
I want to know that how to make a usb internet through dsl connection.
View 3 Replies
View Related
May 25, 2012
I am completing a project as part of my 2nd year studies and I am at the stage of testing on the network but before I go ahead with this stage, I would like some feedback on what I could do to make my network more efficient and secure.passwords are: ciscothe link is the packet tracer file I am working on.url
View 6 Replies
View Related
Jun 28, 2011
I have a Motorola Affix and am using the app printershare to print from my phone to a network printer at home.. it works great.. but I want to know if there is a way to make the printer accesable from the internet so I can print from pt phone when im not home and connected to the network...accessible
View 2 Replies
View Related
Nov 25, 2011
I am connected to the internet, but the only thing that I am able to connect to are TeamSpeak servers, Avast Updater and Window Updater. No browsers or other types of software can make connections.
View 3 Replies
View Related
Oct 26, 2011
how can i make a 2 km wirless network for dsl internet. my friend lives 2 km far from my home,he has a dsl connection.but there is no facility of dsl availble to my side.how can we make a wireless network?
View 3 Replies
View Related
Sep 15, 2011
I am using my LAN Connection for file sharing and internet on my Office Pc (Windows XP). I have a wireless external adapter (Alfa) which I use for WAN Connection. But my PC doesn't use the internet from WAN Connection till I disconnect the LAN Cable. I want to use LAN Connection for file sharing and database in the office only and Internet on WAN Connection.
how can I make the WAN Connection as default and to guide the OS to use this while the LAN Cable is still plugged in. I am using AVG Internet Security 2011 & it's firewall.
View 2 Replies
View Related
Jan 1, 2012
How to make my internet connection becomes faster?
View 5 Replies
View Related
Jun 8, 2012
Would it be possible to make a printer accessible from internet? Need to print a lot of batch printing from my cloud application , in that case can we direct this print job to a specific printer over internet ?
View 1 Replies
View Related
Nov 18, 2011
My Internet is very slow, It makes me impatient, I can't stand waiting and I'm afraid to do some stupid clicks.
View 4 Replies
View Related
Nov 26, 2012
It seems like my internet connection constantly disconnects and I have to restart my computer to get it to work again. I don't think its the internet connection because I've lived in 4 different apartments and this has happened. I'm having to restart my computer at least 4 times a day.Another thing I wanted to add is that it especially happens when I do something that is 'internet intensive' such as youtube or when I am using skype or msn video call.
View 1 Replies
View Related
Jan 4, 2012
I dont know how to set this Netgear router to make my internet wireless
View 1 Replies
View Related
Apr 11, 2013
First of all, is there a document on the SG300 that explains everything in plain english?Here is what I am trying to do...I have a Charter Communications connection to the internet through their modem.This modem has a static IP.I would like to make this internet connection the source for the SG300 and all the other ports be DHCP.I was told when I purchased it that being a layer 3 device.
View 3 Replies
View Related
Sep 6, 2011
When I try and connect to the Internet, it doesn't connect. Windows Network Diagnostics give me this message:"There might be a problem with one or more network adapters on this computer- The network adapter "Realtek RTL8102E/8103E Family PCI-E FE NIC" is experiencing driver or hardware related issues- Make sure your Internet Protocol Bindings are correct. Also, I took a look at my Device Manager and there seems to be a problem with almost every one of them.
View 1 Replies
View Related
Dec 8, 2011
-I have a 10 mbps subscription.
-I use a router and connect two pcs on it,they use internet at the same time.
Q:will the speed be 5mbps on each computer? if so,is there a way to make it 10mbps each while they are both using the internet at the same time?
View 4 Replies
View Related
Sep 30, 2011
I'm currently switching from a certain internet provider to another and I'm forced to get another router. What I wanted to do is since the initial router has to be on the first floor, I'd like to have the second one on the top floor closer to my computer whereas they would share a dedicated connection between each other wirelessly so it would make my connection faster rather than just having my pc connect directly wirelessly to the initial router on the first floor. Is that possible?
View 4 Replies
View Related
Feb 15, 2013
My question is how can i turn this adapter that i get internet from for my desktop INTO wifi so i can use my tablet?right now the desktop is the only computer with internet since it has an adapter.what do i need to make a WIFI signal from the computer? is there a usb stick or router i can buy?
View 2 Replies
View Related
Feb 6, 2013
Can I make my old XPS 210 wireless internet with either a card or an adapter? If so, which ones.
View 1 Replies
View Related
Jul 13, 2012
Canon T3i hooked up to a laptop running ExtraWebcam and Yawcam.Yawcam running an HTML and Stream output to the network/web.I would like people to be able to access that video from the [the internet + network or internet or network] (those are the options/possibilities and the order in which I'd prefer).I am able to get people to access it via the network, but not the net. I'm using my Samsung Galaxy SIII on Sprint to tether (obviously not tethering if I'm only going to the network). Unfortunately, not only can I not access the stream via the internet, I can't even ping the phone.I'm pretty sure I need to open up/forward some ports, but I understand that that's not possible seeing as it's Sprint's network and not mine.
I will also have access to a local wifi network if there's a way to 'piggyback' off of that for web access to the stream even if I don't have access to the router control panel. I'm not sure if I'll have a hard wire connection to a router or not. I can, however, change the ports that the stream is set to.(also, I can bring a separate wireless router to connect to my tethered computer to open up the internet enabled stream to the network?)Given a laptop with a wifi card, a phone that can tether, a wifi network, and, if necessary, an extra wireless router, how can I stream from Yawcam and make it available to the internet if I DON'T have access to the wifi network's port forwarding? Note that I CAN edit the ports in Yawcam.
View 1 Replies
View Related
Mar 10, 2012
I have AG241v2 LinkSys router. my problem is when I had started to download anything, I found that no internet connection so I couldn't make internet browsing or any other activity. This problem is also occurred when more than one user connect to the internet, the others can't make browsing. I made firmware upgrade but still the problem occurred.
View 6 Replies
View Related
Apr 24, 2011
I have a Windows XP SP3 desktop with a NetGear WG111v2 USB wireless adapter and I get my internet connection from my Blackberry 8320 (I connect my BBerry device to my PC and start Blackberry Desktop Manager and choose to use internet access of my phone for my PC). I want to be able to make this internet connection available to other devices on the network wirelesly. I also have a nook ebook reader and a laptop which I would occassionaly like to connect to internet via the connection described above. How to go about making Blackberry internet connection shared accross the network? I tried Internet Connection Sharing Wizard, but I ended up with nothing to show up for.
View 3 Replies
View Related
