I have both a Easy VPN server and a site-to-site VPN on the same outside interface of a 2911 router.
Currently, a Easy VPN client has no route int the router then out the site-to-site VPN to the remote site.
How can I create this route?
[code]...
I am configuring my first 2911 using a SFP card but I dont know the interface name for this module.
show inv shows the card..
What is the interface number for this card or if it needs some config before it will recognize the interface?
Need to confirm about 2911 isr, what interface numbers are given to a 9esw when placed in the far left hwic slots (hwic slot 2+3).
I need to build some configs but its going to be a few more weeks before the kit arrives.
I need to configure a Cisco 2911. I need to give an interface in this module (VWIC3 - 4MFT-T1/E1) an IP address. My question is, how to assign an IP to an interface in this module.
My purpose is to get connectivity via T1 line to another router.
[code] Site-to-site VPNs in place between Site A and Site B and between each site to the DC. Site A and Site B have Cisco 2911 routers, there are ASA’s at the DC. The existing Site-to-site VPNs carry data and voice traffic between the sites (though voice and data is on separate VLANs in separate subnets)
ISP1 currently used for the existing circuits at Sites A and B but we have experienced issues with them recently which has disrupted service. So new circuits are to be installed at each site with ISP2. (See basic diagram attached which shows current set-up with intention to get new circuits via ISP2 installed)
We have 3 ports on our Cisco 2911 routers with 2 ports already in use for the existing connections (1 for the LAN and 1 for the WAN connection to ISP1) Can we simply use the 3rd port for the connection to ISP2 or would it be far more advisable to use a 2nd router (for redundancy, etc)
Would it be feasible to have a set-up where we have e.g. voice traffic go over a site-to-site VPN via ISP1 and data traffic go via site-to-site VPN via ISP2 but each can take over from the other in the event of a failure?
I have been having following situation on my WAN facing interface on Cisco2911 where the same number of broadcast, multicast and unknown protocol drops is happening. Not sure but some applications are struggling to run over on the WAN.
[code]....
I am adding a second external connection to an existing system on an ASA 5510 with ASA V8.2 and ASDM 6.4. I added the new WAN using an other interface (newwan).
The intention is to route most internet traffic over the new route/interface (newwan) but keep our existing VPNs using the former interface (outside).
I used the ASDM GUI to make the changes and most of it works.ie. The default route goes via (newwan). Outgoing VPNs of a site to site nature use the previous route via (outside) as they now have static routes to achieve this.
The only problem is that incomming Remote Access Anyconnect VPNs are not working. I set the default static route to use the new interface (newwan) and the default tunneled route to be via (outside) but this is the point is goes wrong....
I can no longer ping the outside IP address from an external location. It seems the outside interface does not send traffic back to the - outside interface (or at least that's where I think the problem lies). How do I force replies to the incomming VPN remote traffic from unknown IPs to go back out on the outside interface?
The only change I need to make to get everything working on the outside interface again is to make the Default Static route use the outside interface. Which puts all the internet traffic back on the original (outside) connection.
I need a interface v.35 on 2911 router, but it does not have WIC slot, it has EHWIC. Could some one told me if there are a card with V.35 interface that I can install in this model of router?
View 2 Replies View RelatedI've got a setup where we have a wireless connection coming in and using mikrotik router. We have multiple stores coming in via the wireless with a dmvpn.
The vpn's terminate on the cisco c870 and can be seen when running: show dmvpn.The cisco has a default route to the fibre router (10.0.0.252). The wireless router is the default gateway for the network. The failover from wireless to adsl fails. (due to the cisco routing traffic back to the wireless router when wireless fails)
If I change the default route on the cisco to dialer1, the failover works, but none of the vpn's connect. The Branches all have dynamic ip addresses. The HO has a static ip.
My goal: I want to achieve adsl failover for when the wireless goes down and still have the vpn's connected.
Can I have some sort of "Dynamic" route on the cisco. So when the vpn traffic comes in via wireless and hits the cisco, the vpn traffic can then go back out that way via the wireless router, but still have a default gateway on the dialer interface for failover?
We bought a cisoc 2911 Router with an EHWIC-VA-DSL-A Card. I did the Dialer Setup without any problem but if i set the ATM interface with the commands: [code]The Router crashes after some seconds. I didn't connceted the phone line to the DSL card. [code]
View 5 Replies View Relatedhaving some issues with a configuration using a Dialer interface. The interface comes up and the VPN tunnel comes up, but cannot access any network resources or the Internet.
The things that concern me most are my access lists as I have the static IP address that we are assigned via PPPOE - the IP never changes, but not sure if I can define it in the ACL or if I should be using an ANY tag.
Note: I've changed some IPs and username for security reasons.
!version 15.0service tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryptionservice sequence-numbers!hostname C2911-OTO01!boot-start-
[Code].....
During WAN troubleshooting, I did a "clear interface ser0/0/0" on a branch router. It has two WAN links. I lost ssh/telnet connectivity but both WAN links were still replying to pings. We did a manual power off of the router to regain connectivity.Is there a known issue with this command on this IOS version? We're using Cisco 2911 platform with IOS 15.1-1.T2 version.
View 1 Replies View Relatedhave been tasked with completing a Cisco config update on an ISR.Client is running a Cisco 2911 running IOS version is 15.0(1)M6.They have added a new WAN interface to GigabitEthernet0/2 and are looking to setup a basic failover configuration to augment their current 0/0 Fiber connection.
View 7 Replies View RelatedWe have a 2911 Router running 15.0(1)M4. G 0/0 is our LAN interface, and it has three subinterfacesG0/0.1 is our data LAN, and the gateway for our Windows machines. This is the interface this question concerns.G0/0.23 is a separate LAN for various equipmentG0/0.192 is another LAN for equipmentG 0/1 is connected to the internet, and has a public address.S 0/0/0 is a T1 PPP, connected to our core data centerS 0/1/0 is a backup T1 PPP, again, connected to our core data center.There are three static routes entered:ip route 0.0.0.0 0.0.0.0 10.12.1.1 100 This is the first PPPip route 0.0.0.0 0.0.0.0 10.13.1.1 200 This is the secondary PPPip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 255 It currently has a cost of 255 while i figure this one out. xxx.xxx.xxx.xxx represents the cable company gateway, which I can ping properly. I've also used "gigabitethernet 0/1" in place of the next hop ip with the same results. The public interface is properly connected, and can ping it's next hop (the cable company gateway). When I change the static route for gigabitethernet 0/1 to a cost of "0", the router can properly ping DNS names, such as google.com through the public interface.
However, devices on the data LAN cannot reach any public addresses except for the router's public interface, let alone DNS names (I am using 8.8.8.8 as my test IP). If I revert the cost back to 255, making the PPP the gateway of last resort, these devices can again connect. (they travel through the PPP to our Data center's internet)
This confuses me. If our server, on the same LAN as the router can ping the public interface (it's definitley not leaving the 2911, as latency is less than 1ms), and the router itself can ping outside addresses, what is preventing the router's public interface from passing traffic to the internet from any source other than itself? I have attached our running config in the hopes that there is something obvious I'm missing (the public ip addresses have been changed so they are not exposed). I simply want clients on our 10.23.0.0 LAN to get to the internet via the public interface of the local router, and still connect to corporate resources using the PPP links. MAS_2911#sho run
Building configuration...
Current configuration : 5666 bytes
!
! Last configuration change at 01:47:50 eastern Sat Sep 24 2011 by redacted
[Code].....
I have a 2911 router connected to two different ISP. Is it posible to route traffic based on what interface the traffic came first?Lets say I have the deault route to use interface gig0/0(ISP1), but a certain ip packet reach the router by interface gig0/1(ISP2). Is there any way (if possible without using source NAT) that I could route traffic back to that ip address using interface gig0/1. The source Ip addresses are not fixed, so I can not use Policy Based Routing.
View 1 Replies View RelatedI have configured Priority Queueing in my Cisco 2911 Router. I have set queue list high, medium, normal and Low. But when I put show interface gi0/2, it is showing the queueing strategy is priority queueing but it is not showing the (size/max/drops) values.
View 1 Replies View RelatedI have configured multicast (ip pim dense-mode) on two 2911 routers that are connected by a Multilink (3Mbps) Wan connection.The configuration work fine for awhile and sometimes all day but at some point one of the Multilink interfaces stop passing multicast traffic.I perform a sh multilink 1 on the interfaces and one interfaces show the multicast packets incrementing and the other does not, it just stops.The only fix for this is to hard reboot both routers and the multicast traffic begins to flow once again.
View 3 Replies View Relatedi will going to buy a router 2911 but i want know if support a interface ADSL modulo like backup in case that my primary link WAN Ethernet down and up the adsl link with a module HWIC ADSL pots.
View 1 Replies View RelatedWe are in the process of switching our infrastructure of our routing/firewalls/vpns over to cisco. We are switching our first location and one of the issues I'm struggling with is windows authentication pass-through for internally hosted web pages. Meaning, user inside our network has the 2921 as their default gateway, they try to access a web page that is hosted on the internal network but is secured with windows authentication. In the past, because they are logged into the domain internally, the website authenticates and loads. After switching to the Cisco, it asks for a password even though they are logged in.
Because its the web server that actually authenticates I'm not sure why the router isn't allowing that to happen, but I can't think of anything else that could be causing this behavior.
I'm working with a client who has a site to site VPN between the main office and a branch office. The main office is 192.168.200.0/24 and the branch office is 192.168.1.0/24. The issue is when the branch office users use the VPN in they receive a 192.168.200.x address, however, they cannot access a server or any other resources at the branch office.
They have a SSL-VPN 2000 connected to a TZ100 at the main office and a Juniper device at the branch office. I did try setting the Tunnel All mode on the NetExtender but that does not allow me to access the resources at the branch office. Additionally, those users at the main office can access the resources at the branch office without getting on the VPN.
I have a Cisco ASA 5505 and I have my internal and external interfaces configured but I currently cannot ping from the inside to an IP Address on the outside. I had this setup and working and I have another set of equirement that I am replacing that is working with my service provider so I know it is a configuration issue. When I ping 4.2.2.2 for example I get:
Destination host unreachable
Do I need to add a static route from my inside interface to my outside interfaces?
: Saved
:
ASA Version 8.2(5)
!
hostname pxasa
[Code].....
I am using Cisco 2911 & IOS version is 15.1. My problem is that after some days (e.g. 15-20 days), the routing table suddenly stops updating & then I have to enter the default route again to make it up. I am using Track 1 to track default route here. After primary link goes down, the Track is also going down but after coming the primary link up, the track is not coming up. So, I have to add the default route again to make it up.
View 2 Replies View RelatedI am having one router CISCO2911/K9 (Cisco 2911 w/3 GE,4 EHWIC,2 DSP,1 SM,256MB CF,512MB DRAM,IPB). But now my management asking me to upgrade this router as CISCO2911-SEC/K9.
What will be the BOM for this up gradation.
i have problem with a router 2900 with a card switch 16 ports (sm-es2-16p) that does not doing the intervlan routing. i have attached 2 show tech one of the router and one of the card switch 16 ports (sm-es2-16p). I connected physically the switch card to a router interface and it seem to be working because i can do a ping from my pc ( in user vlan 26) to my gateway on the router (172.20.26.1) but i can not do ping to the others vlan like (172.10.26.1) or others. .. i want to know what is happening and if it there is a way to do the trunk conectivity between the switch card and the router internally without a phyisical connection.
View 4 Replies View Relatedi downloaded and transfered the new ios to the 2911, but no install routine started.
View 3 Replies View RelatedI have setup a basic PBR config to route Http and Https out of a different interface (fa0/0/0) but for some reason http traffic is still going out of the Gi0/1 interface.
Config attached minus the crypto stuff and the publics have been changed.
We recently installed a 2911 sec router.On this device there are three Ipsec GRE Tunnnels which are working fine and an Easy VPN Server.The problem is that when clients connect to the easy vpn server they cannot ping anything inside , the configuration regarding protected networks is fine.After restarting the router the first client conneced works but when disconnected all the others are authenticating and the cant see anythining in the internal network . By checking the routing table i realized that the route to the virtual access interface is missing for no reason. i used the #debug ip routing detail command and i got the following during the client connection
Mar 31 09:51:37.875: RT: interface Virtual-Access5 removed from routing tableMar 31 09:51:37.875: RT: delete route to 192.168.20.9 via 79.xxx.xxx.xxx, Virtual-Access5
why is this route getting deleted?
after installation of demo versions of 2900-SEC-TEMP & 2911-2921-SSLVPN-TEMP & rebooting the 2911 router I do not have access SSL commands.Show license indicates that 2900-SEC-TEMP & 2911-2921-SSL-TEMP licenses are active but NOT IN USE.
View 1 Replies View RelatedI am putting an pre-labbed DMVPN Hub config onto a production 1841. We had to upgrade the IOS to support protection with NAT so the current IOS we're running is c1841-adventerprisek9-mz.124-25g.bin.I can paste the configuration in fine (via the tunnel interfaces) and the router accepts it however the 'show dmvpn', 'debug dmvpn' and other related commands don't work. I have checked the IOS feature navigator and it definitely shows that DMVPN phase 1 and 2 are supported in this image.
View 5 Replies View RelatedI have a 2911 router. One interface is configured external (WAN) and two interfaces are configured on separate internal private subnets. What is the configuration to allow all traffic in both directions between the two internal subnets?
View 21 Replies View RelatedI have a Cisco 2911 that I am configuring for a remote site. I have configured a IPSec Tunnel from our main site ( ASA 5510 ). The Tunnel is up and I can connect from the main site LAN to the address of the 2911 through the IPSec Tunnel. The 2911 is equipped with a 16port switch service module. The switch is configured with an address and I can open a telnet session to the switch. From that session, I am able to reach hosts on the LAN across the IPSec tunnel. However, when I open a telnet session to the 2911 router, I cannot reach hosts on the main site LAN from that address. When I do, the traffic is sent outside of the tunnel instead of inside it. It works from the service module as traffic between the interfaces have the ACL for insteresting traffic applied, but traffic generated from the address of the 2911 router does not seem to get picked up by the ACL on the IPSec tunnel and it is getting the default route applied and going directly to the outside interface instead of to the tunnel. how to make this work?
View 3 Replies View RelatedI have installed a cisco 2911 router and the cisco usb console drivers on my pc, win 7 64 bit.however when I use putty and open the com port assigned it just goes blank, I am using the usb port on my laptop to connect and using the cisco usb console cable provided
View 1 Replies View RelatedI've got two routers, Cisco 2911's with 15.1(4)M1 on one and 15.0(1)M5 on another.
I'm trying to set up ip sla for vrrp tracking but the commands seem gimped? I don't even have an option for ip sla <operation number>. All I've got is ip sla responder/server/key-chain.