Cisco WAN :: 2901 / 2 Firewalls Parallel On A Single Drop?
Jan 19, 2012
Our ISP will give us a single drop with two public IP blocks - one primary, one secondary. I would like to configure and run 2 firewalls:
firewallA will have a public ip from primary interface
firewallB will have a public ip from secondary interface
I'm very new to networking, and trying to find out how I can do it. We have a cisco 2901 router.
I'm considering
connect the drop to the WAN side of a router (2901)
configure both the primary and secondary interfaces on the router
configure the router in bridge mode
assign the public ips to the firewalls and connect them to the LAN interfaces of the router
(I know I can use 1 firewall and configure both interfaces on it without the router, but I would like to know if the above setup will work).
View 1 Replies
ADVERTISEMENT
Feb 12, 2013
I'm a college professor and was assigned a new course called Distributed Operating Systems. I'ts new material for me. And in research for class I have found that several machines can be connected together to build a bigger computer like a supercomputer. How could I connect several PC's and make them work together like parallel computing, o something likea super computer?
View 3 Replies
View Related
Oct 17, 2011
I'm trying to estimate the potential throughput I will be able to achieve on a network we are building. The core ring of the network will be composed of ruggedized industrial ethernet Cisco IE 3000-8TC-E, possibly each equipped with a IE 3000-8TM expansion module. We will be using 1000BASE-BX SFPs on the IE-3000s to form a 1Gbps backbone on a single fiber. The issue is that I want to establish branch connections out from each IE-3000 node on my ring to routers which can support 1Gbps, but I have no 1Gbps downlink ports available on my IE-3000's. Therefore, I was thinking of paralleling as many 100BASE-TX copper links from the IE-3000 to my routers, so as to emulate a 1Gbps link and achieve maximum throughput. Both sides will have 16x 100BASE-TX connections available... but what is the maximum number I can parallel together and what achievable real throughput can I assume given the innefficieny of paralleling multiple connections?
View 3 Replies
View Related
Mar 28, 2011
Obviously you do not want your cat6 lines running too close to your power lines especially when in parallel. The question though is how close can it be without causing interference?In my situation the wall I want to connect my main router to has a power outlet in the middle of it which honestly is where I would have preferred my network ports. Will I be OK if I run my cat6 in the wall channel directly next to the channel that contains the power line? It would be a standard U.S. interior wall residential power line. I should be able to get from 12 to 24 inches of distance between my cat6 and power line while still keeping my network outlet in a semi-central location.
View 1 Replies
View Related
Jul 14, 2012
Currently my setup works fine except that I need another ethernet port.I have a E4200V2 with a HP laserjet 4000N printer connected via JetDirect ethernet and I am able to print with any of my devices.However, because I have need of another ethernet port, I am wondering if anybody has tried using a parallel to usb cable? The parallel side of the cable being connect to the printer and the usb side to the router.
Or if I really want that port made available, will I have to get some type of external print server?
I know that HP makes a JetDirect Card with a USB port, however, I don't want to spend the $80 on ebay to get a used one if a $10 new cable will work.
View 9 Replies
View Related
Mar 3, 2011
I have a customer with active/standby on a pair of 5510's with the CSC modules. They were inquiring about the AIP/ASA, and since this would NOT work in their current setup, would getting a pair of 5510/AIP configured for transparent failover work placed in front fo the existing units? Would I need to have a switch placed between the AIP and CSC ASA's? Or would I setup the ASA's for context based Active/Active failover to interconnect the ASA's to the existing units, but I still see a need for a switch.
View 1 Replies
View Related
Nov 9, 2011
What ISO do I need to purchase to get Cisco IOS Firewall on a Cisco 2901 - is it just IP Base or do I need one of the Security IOSs?
View 1 Replies
View Related
May 24, 2011
I have a 1-Port 3rd Gen Multiflex Trunk Voice/WAN Int. Card - T1/E1 in a 2901 that I want to configure for data only (T1 connection to the Internet)I don't see any options in the IOS for using this thing as a serial interface (data), only options for configuring PRI/ISDN.
View 5 Replies
View Related
May 25, 2011
The license has been installed onto the router. Here is the relevant out from the show license all:
License Store: Primary License StorageStoreIndex: 0 Feature: ipbasek9 Version: 1.0 License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: MediumStoreIndex: 1 Feature: WAAS_Express Version: 1.0 License Type: Permanent License State: Active, Not in Use License Count: Non-Counted License Priority: Medium
WAAS license as it says that this is not in use, WAAS under the interface is not possible.
View 1 Replies
View Related
Feb 23, 2011
I am trying to come up with a config for implementing QoS over a 512 kbps WAN link that will traverse voice and data traffic for now. I am using a Cisco 2901 router with 15.1(3)T IOS on it. my config is below
class-map match-any DATA-PRIORITY match protocol citrix match protocol sshclass-map match-any VOICE-CONTROL match protocol skinny match protocol mgcp match protocol h323class-map match-any VOICE match protocol rtp audio class-map match-any ANY match any [ code]...
THE ISSUE IS : when i add in the service-policy output WAN- QOS- POLICY command , i get the error " insufficient bandwidth 256kbps for bandwidth guarantee (180)". if i take out the " bandwidth 512 " command out then i get no issues adding the above command on interface g0/1
View 3 Replies
View Related
Jun 9, 2013
I have a Cisco ASA and a 2901 Cisco Router connected via site-to-site VPN. The ASA can ping over the VPN to computers behind the router, but the router can not always ping to computers in the ASA network. When i ping from a computer in the IOS router's 10.100.36.0 network the requests times out most the time; although every few minutes, i will get about 10 pings back, then stops working again.
I uploaded their two configurations.
The ASAs public IP is 20.20.20.5 and local (inside) network of 10.101.36.0/24
The IOS routers public IP is 20.20.20.10
There are many internal networks, but 10.100.36.0/24 is the one with issues.
View 1 Replies
View Related
Nov 6, 2012
I try to make a gre tunnel with 2 cisco routers 2901, ping responds between tunnel ip's ends, but I don't have pings from the pc's inside the networks. [code]
View 7 Replies
View Related
Feb 7, 2012
How do I disable fragmentation on a 2901 router? I want it to simply drop packets oversized packets.In my lab, I am trying to test various MTU issues. I'm trying to use a 2901 router to simulate the WAN equipment that my WAN provider would deploy in production. In production i'm expecting the WAN to only support an MTU of 1320 with no fragmentation at all.
View 2 Replies
View Related
Jan 1, 2012
Physical devices are a Cisco 2901 (CISCO2901/K9) with GE0/0 configured as 192.168.1.1
Connected through a D-Link DGS-1210-24 configured as 192.168.1.202
Running on a domain with an HP domain server as 192.168.1.2
The 2901 was an EHWIC (VA-DSL-A oPoTS) on EHWIC 0/0/0
GE 0/0 on the 2901 is physically connected to the DGS-1210 which is physically connected to the server.
VDSL 0/0/0 is physically connected to the DSL jack.
So far the configuration reports all is connected, and I can ping the gateway of our ISP (using CLI or Cisco CP); however the server reports no internet connection and no workstations can access the 'net.
Once connected; I'd also like to allow ports through for use on the network (25, 80, 110, 443, 987, 1723) - but not sure on how to do that just yet!
Our IP is 202.27.19x.19x
Our Gateway is 202.27.217.5
[Code] ......
View 11 Replies
View Related
Jan 27, 2013
I have recently bought cisco 2901 in order to replace it with our 1811W that we have at the moment.When I try to set a failover / backup with rtr; it seems like the function is not valid.Once I select rtr and set the object #, the reachability command is not available.Does that mean this function is not a part from the license package I have?
View 6 Replies
View Related
Oct 4, 2011
I have inherited a setup for a custom application and would like to know if this is the only way this could be set up. How would you do it?The application uses dedicated T1 links to our vendors. There is a Cisco 2901 router in the middle providing the connections. Traffic to specific vendor's IP's are routed to their prospective connections. I have attached a network diagram and a config for the 2901. The way my predecessor(s) set this up, each different vendor uses a different private IP address for the internal links. This seems odd to me. Shouldn't there be a way to have only one subnet on the inside and have the links NAT depending on which route it takes? The servers have persistent routes built in them to send vendor traffic to the associated IP on the router. E.g., traffic to Vendor 1 is routed to 192.168.50.1, the 2901's IP address for the Vendor 1 network. That traffic is then NAT'd to an IP address associated with Vendor 1's link and the 2901 then routes the traffic to the Vendor's end of the link.
I would think that I should be able to revamp this so that internally we're only using one subnet and the traffic could NAT at the link associated with the Vendor. I recently had to add the 3rd vendor connection, and wound up having to duplicate what was done for the other two in order to get it working quickly. I didn't have the time to wrap my head around the best way to revamp the whole thing.
View 3 Replies
View Related
Jul 6, 2012
I recently obtained a 2901 router running 15.2(2)T to replace my old 877 which was running 15.1(4)M1. The 2901 is humming along quite nicely but I have had difficulty configuring one feature which was working fine on the 877. The router needs to be a PPTP client to a hosted VPN service. On the 877, I had it configured like this: [code] I then had a dialer interface to actually set up the connection, and some PBR to control what went over the VPN. All well and good, and it worked fine. But on the 2901, when I try to configure the same thing, there is no such command as "protocol pptp" -- the only option is protocol l2tp.Was PPTP support deprecated somwhere between 15.1 and 15.2, or does the 2901 itself not support it for some reason? Obviously I understand that l2tp is superior to pptp, but at the moment this is my only option.
View 2 Replies
View Related
Mar 17, 2011
I have one router 1841 in which i configured PBR for internet traffic from LAN. I hv two ISPs few server are configured for ISP1 and few for ISP2.I planned to shift my existing setup at 2901 G2 router. when I am configuring the same config on this router so traffic is passing through only from one ISP not from other, if I troubleshoot so I see that the interface which is connected with ISP2 is not getting any input/output packet.
Config is here:
==========
interface FastEthernet0/0
description ****** ISP2 ******
ip address 203.xx.xx.110 255.255.255.248
[Code].......
View 1 Replies
View Related
Nov 5, 2012
I try to make a gre tunnel with 2 cisco routers 2901, ping responds between tunnel ip's ends, but I don't have pings from the pc's inside the networks.
[code]....
View 5 Replies
View Related
Jun 2, 2012
Why I cant correctly use ip sla command. I only have on my 2901 such commands: ip sla ?
key-chain Use MD5 Authentication for IP SLAs Control Messages
responder Enable IP SLAs Responder
server IPPM server configuration
There is my "sh ver"
ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)
And...What should i do. if i want to create a failover with to WANs
View 2 Replies
View Related
Jul 2, 2012
Where's the ideal place to put the KS? My current setup is 1 KS, 19 GM. The KS sits BEHIND a GM, so all other GMs have to come through one GM to get to KS.Now, I have purchased two dedicated KS routers. I configured one today, and placed it right on my WAN. My WAN is a L2 Ethernet domain, so i just provisioned a switch port in the WAN vlan, and away we go. I copied RSA keys over from the current KS, configured redundancy and the two hooked up, saw each other and it seems to be good to go. For the ACL, I put in an exclustion for my two KS to talk to each other:
deny ip host 192.168.250.40 host 192.168.250.41 (Old IP, New IP)
deny ip host 192.168.250.41 host 192.168.250.40.
I used a test router and pointed it to the new KS, it registered without a hitch... HOWEVER about two hours later (my 7200 second timeout) I lost ALL my branches. My 18 other GM were still pointed to the OLD IP only, they didnt have the second IP configured yet. In a hurry, I quickly disabled the redundancy configuration on the old KS and had to go to each GM and do a 'clear crypto gdoi' on each one to get them to re-register. There were no log messages about not being able to rekey, no log messages about dropped peerings, nothing. Once I did that, everything returned to normal.
The Question I have...
Would having configured the redundant KS caused this problem? Would having one KS behind a GM and the other Coop KS in the WAN make a difference?
Relevant config from existing KS, 2801:
crypto gdoi group GETVPN_GROUP
identity number 1234
server local
rekey retransmit 60 number 2
rekey authentication mypubkey rsa GETVPN_KEYS
[Code]...
View 2 Replies
View Related
Apr 18, 2011
I have a 2901 ISR G2 router, with IOS 15.0.1M3 , this router is not working with static NATing, I have tried to configure this router with one internet link and make few static translations with it. But this configuration is perfectly working with 1841 ISR router.
View 2 Replies
View Related
Jun 9, 2013
We've have a client who had a ordered 2 units of 2901 router to have site to site connectivity. User has bought a leased line of 256kbps from service provider in between two sites, but the issue is the service provider has layed a rj11 cable and there is no rj11 interface on 2901 router it only has two rj45.
View 5 Replies
View Related
Aug 7, 2012
Need to know if I have 2 type of license on my 2901 router: ipbase and uc, will the 2 type of fuctions of this license work at the same time. Another words will i have route and nat functions work with voip having to type of license on my 2901?
View 3 Replies
View Related
Sep 15, 2011
I been working with PPTP server on cisco IOS since a log time ago. Up to release 15.0 seems is just stopped working. I mean external users can log in the pptp but after logged in there no traffic flow. A simple downgrade to 12.4 solves the problem.
But now i have all my infrastructure with ISR2 2901 and all IOS are 15.
View 5 Replies
View Related
Feb 28, 2013
I'm trying to run the ISM-VPN-29 in a 2901 router. Cisco says that the SECK9 and HSECK9 licenses are needed to operate this ISM. However, they also say that the HSECK9 license is not available on the 2901. I'm running the SECK9 license but it's still not working.
This link, table 5 states that the HSECK9 feature license is for 2921 and 2951 only:[URL]This link states that it is a requirement to run the card, and also that the card works on the 2901:[URL]
I am running 15.3(1)T IOS.
View 3 Replies
View Related
Sep 15, 2012
As per CISCO QoS document URL, IOS from 12.2(13)T support drop command in policy map. But our CISCO ASR 1013 having IOS of Version 15.2(1)S1 doesn't have drop syntax.How can we drop specific application using QoS in ASR 1013 of IOS version 15.2 and higher?,Can I allow few users for a particular application (like P2P) and drop other users based on users source IP?
View 2 Replies
View Related
May 22, 2012
I having a basic query in troubleshooting E1 link , here im facing packet drop in the link and we are testing by providing local loop and remote loop from the CSU/DSU at local point and at remote point . I have tried ping test while the loop is given at local point and remote point ie i have pinged my local serial interface IP address (eg 10.0.0.1 -local & 10.0.0.2 -remote ) in Remote Loop i could see no errors and drops and also the traffic on the interface output and input is the same(eg input rate 1000bps and output rate 1000bps) .My query is that when i am pinging the local interface IP does the icmp packet travels till the loop point and comes to the same interface(like a boomerang) .
ICMP packet
->->->->->->->->->->->->->->->
R1 Local CSU/DSU | Remote CSU/DSU (remote loop given )
O-----------O------------------------------O |--------------------------------------O R2
<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-|
View 5 Replies
View Related
May 8, 2013
We've had Cisco 1252 APs running on PoE (3750E gives the port 20W of power) for well over 3 years with no problems. These have not been touched, moved or configured since they went in.
All of sudden we're seeing these APs drop off the network and investigations reveal that they show as IEEE PD when you do a show power inline.
Some of these are slated to be replaced after the ports were changed, the cables replaced and port reset (also an old spare 1252 was inserted in to one of these ports and it came up fine, indicating an issue with these APs).
If it was one or two then maybe I could believe that the APs are at fault, but with so many (10 so far) I'm struggling to believe it. Could it be the code we are running on the switches? We are running 12.2(50)SE3.
View 6 Replies
View Related
Jul 18, 2011
my Cisco anyconnect VPN clients are able to access all of my internal networks accept to another site which has a IPSEC VPN site-to-site. The Cisco ASA forwards the packets destined to this remote site to a Cisco router which NATS the source addresses (pool 10.17.252.0/24) to a 192.168.46.0 range. The remote network is 155.x.x.x which I have included in my internal subnets object-group and added a route on the ASA to route it inside.
I have configured NAT so that it does not NAT anything from the anyconnect client range to the internal subnets. I am using version 8.3(2) and the NAT rule is:
nat (outside,inside) source static SSLPOOL SSLPOOL destination static INSIDE_NETS INSIDE_NETS
I can still not connect to the remote side via the VPN; when I run this throught packet-tracer, I get a failure on phase 6:
Type: WEBVPN-SVC
Subtype: in
Result: DROP
Result:Drop reason: (acl-drop) Flow is denied by configured rule
I cant seem to work out what it is that is blocking it. The NAT rule above is rule 1 in case some other NAT rule is causing the issue..
View 1 Replies
View Related
Apr 2, 2012
i see that the wifi on the SRP Freezes. If i am connected via lan, i can still surf the net or connect to another access point on the network and surf. But the wiress devides connected to the SRP loose connectivity even though it shows that the wifi connection is connected. I am running on the latest firmware. this problem has started occcuring only recently
View 3 Replies
View Related
Dec 24, 2012
how to install VIC3-2E/M in cisco router 2901 & what precaution should have to be taken.
View 2 Replies
View Related
Jun 10, 2013
I wonder if I can build a NTP Stratum 0 device using a GPS and a Cisco router.Preferred would be a CISCO819 as it has a build in GPS, alternative a CISCO2901 + EHWIC-3G-HSPA+7.
View 1 Replies
View Related
