Cisco WAN :: 2901 To ASA 5510 Via Leased Line Poor Throughput
Feb 16, 2012
I have two sites connected via 2901 routers to a head end with an ASA 5510, the WAN circuits are LES running at 100MB and at the head end we have a 100MB leased line. All WAN circuits are provided wires onlyby another supplier. I have setup the two 2901 routers with inside IP addresses on GE0/0 and a /30 subnet for the GE0/1 interfaces to the ASA over the LES circuit.
The LES circuits are set to 100MB but the problem I am having is that one of the 2901s will only negotiate at 10MBps Half Duplex with the ASA at 100MB Half Duplex, the other will negotiate at 100MBps Full Duplex at both ends. My WAN provider tells me both LES circuits are the same so I cannot work out why one will negotiate at 100MB Full and the other at only 10Mb Half.
At the head end I have and ASA 5510 connected to the WAN providers 100MB circuit but testing from my end sites I can only get 6MB download and 0.5MB upload on an Internet Speedtest.
I used Wireshark when downloading from my end sites and I can see lots of TCP retries and duplicates so I think this is a duplexing issue, my question is, my WAN provider is stating the issue is nothing to do with them and it is my 2901 and ASA that is at fault, they state if they connect a laptop to the LES circuit and then their leased line they get 100MB up and down.
View 4 Replies
ADVERTISEMENT
Jun 11, 2012
We have configured ASA 5510. We have configure Ethernet 0/0 ( Outside ) connected with ADSL line and Ethernet 0/1 ( Inside ) Local LAN. we have configured NAT and all the traffic is passing through outside interface. Now we have connected ethernet 0/3 ( leasedline ) interface with static public IP. Now we want to allow SMTP traffic to pass through from this interface.
How to configure it if we want our local lan SMTP traffic sending through new leased line ( Static Public IP ).
View 2 Replies
View Related
Mar 27, 2012
The reason is i want to know the difference between the leased line and the DSL line. The whole thing behind the confusion is, We plan to have a high speed internet connection in our office. We will don't have a branch office or some thing like that. I preffered to have high speed internet in our office. I found in some website that Lease line will have high speed connectivity(Upto 10Gbps). Can i use the lease line or DSL is enough for our office. Our office contains of 82 user who will use internet.
View 2 Replies
View Related
Mar 31, 2011
my company has a 4mbps leased line from TTSL . we are getting 2 WAN IP and 2 LAN IP. in Addition we are also getting 12 additional IPs .-what is additional IP, their uses?-how are the 2 wan ips configured? & how they are distributed in network? -is 1 IP from the ISP sufficient if i have a 1:1 internet bandwidth connection?
View 9 Replies
View Related
Dec 28, 2011
I got following IP address from BSNL to configure Internet leased line.OFC cable was terminated at our premises. it has to connect Ethernet port.Say eg.Wan IP : 192.168.1.6 255.255.255.252Public address pool : 172.168.10.6 to 12if i configure one address on Ethernet port1 as nat outside 192.168.1.6 255.255.255.252.the ip address given for wan & pool are different.Then how can i configure pool and how to configure nat inside eg 185.168.10.1 to 255the above ip are not actual ips just given for example.
View 6 Replies
View Related
Aug 3, 2012
I have a cisco 2911 set up at one of my sites and it is configured with sub-interfaces as this provides a default gateway to each of the offices.I have just had a 100mb leased line put in and i have a couple of questions regarding the config.let me start by telling you how it is set up .I have 3 HP Procurve switches connected together then that connects to the Cisco and the Cisco connects to a Zywall
HP Switches > Cisco 2911 > Zywall > Internet
We are wanting to remove the Zywall and connect the Cisco to the Leased line box
HP Switches > Cisco 2911 > Leased Line > Internet
The config of the cisco is
G0/0 - is up but no cable connected as this holds the sub-interfaces
G0/1 - Connects the Zywall - 192.168.1.1 (this has firewall rules to forward traffic through)
G0/2 - Leased Line
The way i have configured the sub interfaces is with its own DHCP pool and default router, some of the offices have there own ADSL router and hold there own Internet connection and the default gateway for that is 192.168.xxx.253 and the offices that use the Cisco use default gateway of 192.168.xxx.254
Now my question is how would I move everyone onto the Leased line and get rid of the Zywall ? Would it be as simple as giving the leased line an address and put in a static route to forward all traffic through that connection ? Or am i missing a trick or 2.
View 2 Replies
View Related
Jul 29, 2012
How to configure leased line from the ONT connection on Cisco 1841 router . there have public IPs on the interfaces fa0/0 & fa0/1.
View 4 Replies
View Related
Feb 4, 2013
Leased line is between dammam to dubai and the dammam office is getting internet from dubai.The ip address of Dammam office is class A (Public IP) x.x.x.x and for dubai it is y.y.y.y which we are using as proxy for accessing internet.I purchase the local DSL direct line connection through cable from Local Provider and this ip address range is 192.168.1.0 - 192.168.1.254.Is it possible to use the DSL line as failover, so if one line goes down the user should remove proxy and can use local internet.The router which is using is cisco 1800.
I believe that failover is possible, 100%, but would like to know how I can do it and requesting for sharing more inputs about failover in this case.
View 2 Replies
View Related
Jul 15, 2011
I am going to design one network. I had queries with this design.Let me explain scenario first( it was attached below).I have two sites, Site-A and Site-B, repectively.
In site-A i have one Cisco 1841 router, one Cisco ASA 5510 firewall and One cisco 3560 layer 3 switch.
in site-B i have one Cisco 1841 router, one Cisco ASA 5505 firewall and One Cisco 3560 layer 3 switch.
From ISP side
I have point-to-point leased line between sites A and B. And both sites have internet connectivity from another ISP.
I planned to terminate leased line in cisco 1841 router in both branches for branch to branch connectivity.
I will configure site to site VPN between two sites, A and B.
Here my query was i want make VPN as failover connectivity if leased line fails. In both the cases, i need internet to the inside users in both sides.
Summary requirement:Leased line is Primary and VPN is Back-up, if leased line fails. In both cases internet is needed to inside users.
View 3 Replies
View Related
Feb 7, 2012
I am a total new comer for Cisco Router. All I know is plug the console cable to a serial port on a PC, fire-up HyperTerminal to view and that's it. I don't know any command or scripts.
I am trying to setup my client connection, I already receive the required configuration settings from ISP. It is a Leased Line Serial connection.
How to setup the router with the below configuration.
Serial IP : 1.X.XX.222
Serial Netmask : 255.255.255.XXX
LAN IP : 1.X.XXX.1 to 1.X.XXX.31
LAN Netmask : 255.255.255.XXX
[Code] ....
View 5 Replies
View Related
Oct 3, 2012
What are the commands for Configuring Cisco 1921 Route's Gigabit Port G0/0 or G0/1 for Leased Line termination having Ethernet Hands Off
Modem Provided by ISP (BSNL ) is CTR-U
View 10 Replies
View Related
Oct 11, 2012
We plan migrate an old existing WAN architecture based on legacy data serial links. These links will be consolidated on a E1 channalized card.
My question :
Is the HWIC-2CE1T1-PRI need a PDVM DSP ressources on router to oparate for data leased lines or no?
The VWIC3-1MFT-T1/E1 will be used for the backup dial in ISDN connexions? this type of cards a PVDM DSP ressources for data connexions or no?
ISR router are 2911.
View 5 Replies
View Related
Feb 20, 2012
I have configured cisco 1751 router for internet with nating. Internet browsing working fine. But We have polycom hdx 6000 conference system to connect from remote site.
1. While calling remote ip it is ringing and connecting but not displaying any thing on the screen but their side is displaying.
2. When they call our side ip it cannot connecting.
I have connected netgear router then video conference is working fine (with out port forwarding also). If I configured that router between 2 local sites (not on internet line) its working fine where i did not configured any thing just given routing. Configure same situation using internet leased line.
View 1 Replies
View Related
Nov 22, 2012
we have one OC-24 private line between our data centers. we are looking to get best throughput but we get max. avg throughput of 300Mbps with peaks of 800Mbps throughput. i.e. we transfered 2TB of data over this link and we got average throughput of 300Mbps with peaks of 800Mbps.
we should at least be getting 800Mbps throughput since we have OC-24 (1244Mbps) private line. we contacted our ISP but they said there isn't any problem in private line from ISP side. what can we do to increase average throughput?
View 10 Replies
View Related
Dec 6, 2012
We have a remote site connected to ADSL line with a Cisco 887VA router attached. This has been working fine for the last couple of months. However, recently, the site have started to complain of performance issues (network slow, applications disconnecting, etc)Looking on the router, we can see evidence of packet loss/timeouts from a simple ping to the internet e.g. [code]
However, we have logged the fault with our service provider and they return all line tests as clear but what is particularly strange is that they also report “and the SNR Margins are well within threshold levels (Upstream 11.5 and Downstream 15.0)” which, unless I’m misunderstanding something, seems to be completely different from what the router itself is reporting.Is there a reason why the service provider’s stats for Noise Margin would appear to be so different from what the router is reporting?
View 2 Replies
View Related
Aug 24, 2012
i have a problem with my adsl line connected on a HWIC-ADSL on router 2901 it was working good until yesterday the atm interface is down but the interface dialer is up .i connected this line into home adsl modem and the line is working good?
View 2 Replies
View Related
Jun 18, 2011
The issue was about Cisco ASA5510 Sec Plus.2 Interfaces, LAN and DMZ.Both 1000 FD, no interface errors like CRC or something similar.If I start a data transfer (like FTP) or a data stream test (like Netperf), from DMZ to INSIDE I get a theoughput.If I start the same from INSIDE to DMZ (same hosts), i get a troughput almost ten times slower.If i do the same using netperf in UDP (not TCP) I get the same in both directions.
View 9 Replies
View Related
Mar 3, 2013
I'm new to the Networking world and am trying to establish a base for my network. I'm running ASA 5510 8.4(4), how can I measrue throughput ? In the ASDM, there is a nice feature for CPU, and the command show CLI also provides good info about CPU, but how can I get the throughput on a port basis ?
View 8 Replies
View Related
Feb 4, 2013
I'm not clear about the capabilities of the ASA 5510 GigE interfaces (eth0/0 and eth0/1) with an without IPSEC tunnels enabled.
This page [URL] shows a figure of 170Mbps 'Maximum 3DES/AES VPN Throughput'. Does that mean per IPSEC tunnel or for the whole interface if it is IPSEC-enabled?
View 3 Replies
View Related
Jan 19, 2012
Looking at the ASA spec sheets, the ASA 5510 has a firewall throughput of 300Mbps. Does this mean 300Mbps half duplex or full duplex?
We are looking to replace our current firewall. Peak traffic at the moment is 250Mbps upstream and 20Mbps downstream, max concurrent sessions is 24K. Will I need to look at a ASA 5520 for the replacement?
View 1 Replies
View Related
Jul 6, 2011
I've been looking to see if its possible to create a GRE tunnel between a Cisco 2901 with 3 adsl WIC cards and a Cisco ASA.The Cisco 2901 is at our remote office and we have 3 adsl lines for resillience as they tend to go down alot.The Cisco ASA is at our Head Office sitting behind our ISP's managed router.
The desired end result would be to have three GRE tunnels, 1 for each DSL line terminating on the ASA at head office and use EIGRP routing protocol to move traffic across to another tunnel should one fail, and encapsulate all of that with IPSEC.
View 8 Replies
View Related
Jan 15, 2012
I have a subnet for guest network access, both wired and wireless. We have a Netgear ProSafe that is trunked to a Cisco 2901 performing 'Router-on-a-Stick'. For most internal traffic, it all stays behind the ASA. But for guest traffic, I have a route-map that sets the next-hop address as the outside interface of the ASA. The question is, how can I still permit those users to access our internal DNS servers? Do I need any particular NAT translations, exemptions, DNS doctoring, hairpinning, etc.? I have an ACL on the inside interface that permits traffic from the guest networks to our internal DNS servers, and then the next ACL line denies any other traffic from the guest networks to any of our internal networks.
View 7 Replies
View Related
Jan 8, 2013
I am experiencing slow throughput on a L2L IPsec tunnel that we have between one of our offices on the west coast (WC) US and another on the east coast (EC) US. The tunnel endpoint on the WC resides on a 5510 and a 5545x on the EC. The DIA circuit speed on the WC is 45 Mbps and 200 Mbps on the EC. The throughput of this IPsec tunnel is maxing out at approx. 4 – 5 Mbps. The utilization of the DIA circuits at both offices is under 5% when running various FTP test transfers. Both devices have low memory and CPU utilization.
We have a 2nd office on the EC (45 Mbps DIA) which I built a tunnel on a 5510 with the WC office and it is experiencing the same slow throughput. In covering all my bases we have a colocation facility on the WC and in building a tunnel between the 2 WC offices I WAS seeing close to full line rate speeds over the tunnel. Additionally, I built a tunnel between the 2 EC offices and I saw full line rate speeds. With the physical distance between the WC & EC offices I would expect some loss in throughput speeds but I would not expect it to drop as low as 4 – 5 Mbps. In thinking something may be up with the 5510 in our WC office we shipped a 5505 to the WC office and we built the same IPsec tunnels on it and it is experiencing the same.
In working with our support vendor to try and solve the WC <-> EC throughput issue they had me change the MTU, TCP mss, DF-bit, types of encryption/hash on the IPsec tunnel but nothing has resolved it. We are not showing fragmentation or PMTU issues on the tunnel. In contacting the ISP of our WC office they mentioned that they do not have any type or rate limiting in place. Our WC ISP had a CCIE review our configurations but nothing was found.
View 1 Replies
View Related
Oct 10, 2012
Cisco 2500 series access servers show line usage with the "show line" command:
View 2 Replies
View Related
Oct 19, 2011
I have remote access as I work at home on a government laptop that has Entrust( for security). My IP lapse time is set for 1 hour and every hour I am losing full connection due to having to sign back into Entrust. I need to be able to lenghten my lapse time on my work computer. My other two personal computers are fine with 1 hour as there is no Entrust on either of those laptops.....is it possible for me to change the lapse time to say 12 hours, 1 weeks, whatever??
View 4 Replies
View Related
Oct 24, 2011
My current setup.
Layout:
Line01 Line02
| |
Cisco 2951 Cisco 2951
---------------------
|
Cisco 3750G - Server #1 & #2 for domain controller, sharepoint, etc
|
---------------------
| |
Cisco 2960 Cisco 2960
| | | | | | | ... | | | | |
workstation #1, #2, .... #70
And I would like to ask some opinion on the best configuration for the above layout:
1. Configuration #1 - Using load sharing and automatic failover So I want to ask whether there's any link/url that provides details/guides on how to setup the load sharing and failover?
2. Configuration #2 - Workstations 1 - 35 will be routed through Line01 gateway and workstations 36 - 70 will be routed through Line02 As for this configuration, it's done now. However, I want to know whether there's any software (preferred web based application which allows me to change the gateway from line #1 to line #2 for all 70 computers instead of having to go to each workstation to update the gateway).
View 1 Replies
View Related
Jul 2, 2012
I'm trying to configure policing and/or shaping on a setup of 2 x ASA 5505 Sec Plus. The units are placed in office A and office B and each have a ISP connection to the internet and a leased line with a capacity of 4/4 Mbit/s for interoffice communication.
On each ASA there's four subnets. VLAN 200 is used to connect the offices through the leased line.
Subnets:
Outside = 2
Data = 10
Voice = 100
Linknet = 200
I've read a lot of articles and posts about shaping and policing on the ASA but still can't get it to work like I wan't to. I'm trying to limit all traffic besides IP-telephony traffic to 3 Mbit/s and thus reserving 900 Kbit/s for voice traffic. I tried setting a service-policy on the linknet interface on each ASA and set Traffic match to Any traffic and QoS settings for both input and output.
I can see traffic passing the policy when I run the "show service-policy police" command but it never seems to be high enough to be policed which is strange since the ASDM monitoring shows that I'm pushing 3900 kbit/s. I file transfers verifies that policing does'nt work.
View 2 Replies
View Related
Jan 18, 2012
We have 1841 router with HWIC-4ESW we need to config point to point data Dual leased lines failover concept please find attached diagram.
View 3 Replies
View Related
May 3, 2013
I'm experiencing poor udp speed on my sg-200-08. I'm running a nfs share on Ubuntu server 12.04 to a Ubuntu 11.10 client connected through udp protocol . If I use an un managed site com (plastic ****) I get about 50MB/s transfers, with sg-200-08 I can't get over 12/13 MBs transfers.
I've tried to set on both server and client MTU = 1492 and I've changed firmware from 1.0.3.3 to 1.0.5.1 (I've not tested 1.0.6 because of some posts here regarding udp problems).
View 3 Replies
View Related
Feb 5, 2011
I run a DIR-825 as an access point on my home network and I upgraded the firmware from 2.03Na to 2.05NA and it looks like it was a poor flash. Orange Amber power light, no wireless radios, unable to access it via its configured ip or default (192.168.0.1). It will not respond to pings, give arps, or obviously the web browser session.Is there any way to reflash these things manually or do I have to send it in?
View 2 Replies
View Related
Nov 21, 2010
I have purchased two WAP200 units to act as access point and repeater. AP and repeater functionality works fine.
The issue I am having is extremely poor signal from both units. Even when very close to the WAP200, I get poor signal quality. The range before loosing connection is only a few feet.
I'm using the antennas that came with the box and have tried multiple placements both in my house and in other locations. I have also tried changing several of the configurations without any effect on the signal strength. Older D-link and Linksys routers provide good reception to most of my house from the same location.
View 1 Replies
View Related
Aug 5, 2012
i have a 541N running the latest firmware 2.0.2.It has 3 SSIDs for the 3 vlans that it has.I have configured b/g/n.The power is fullIt is powered via POE.The end customer tells me that the range it covers is very very small!Comparing to traditional low budget APs the power is very very low.It does not cover 30-40m in free space where other APs do.Do i need to configure something more in the radio settings?
View 2 Replies
View Related
May 1, 2011
having a very strange problem with a Cisco 1861 running - Cisco IOS Software, C1861 Software (C1861-ADVENTERPRISEK9-M), Version 12.4(24)T5
The issue -I have suddenly started to get performance issues with downloads and access through the ZBF. Without the firewall enabled and just having NAT enabled and routing , downloads perform as expected - ( have been using Itunes download as test file ) - with the ZBF enabled , and the necessary rules installed to inspect & allow traffic - downloads stall - and the only way to get the downlaod to start again is to pause , then resume. The stalls are anything between the first 25 - 120 secs.
I have debugged and performed packet traces - but cant see anything untoward. I have also placed another router ( just a cheap Belkin ) on the ADSL service and again , the downloads work as expected.
one further thing to add is that when im tunneling through the firewall ( VPN ) , then downloads do work as expected - suggesting that the issue is with native HTTP(s) traffic.
I have upgraded from T4 to T5 - and the symptons still remain - I am thinking that these may have been introduced when i upgraded to T4 a few monthes ago.
View 3 Replies
View Related
