Cisco WAN :: 2921 How To Access Firewall From Command Line
Jun 11, 2012
we just bought a 2921 with the following modules: 4 port clear channel T1/E1 HWICSM-ES3G-24-P: EtherSwitch.I read some CISCO documents, and not be able to find what I need. I would prefer all instructions from you are for CLI interface.This is my first time to deal directly with T1, WIC and 2921 etc. The following is what I get from ATT, IP masked IP Address Block IP Address: 20.20.20.136/29 WAN Link Details: WAN Link IP Address:13.13.13.92 AR Serial INT IP Address:13.13.13.93 CR Serial INT IP Address:13.13.13.94 WAN Link Subnet Mask:255.255.255.252
A: how do I configure T1, what does "AR, CR" stands for, and do I need to use both IP addresses? What is the WAN Link IP for?
B: We have two T1 lines, so I should plug them both to the WIC, say port 0 and port 1, how to configure them?
C: how do I access the firewall from the command line?
D: I followed T1/E1 HWIC installation guide, and as soon as I add channel-group to the controller t1, the serial interface went down?
View 2 Replies
ADVERTISEMENT
Oct 14, 2012
On my old 2511 access server, I could issue "clear line x" to close a session on an existing line.this doesn't seem to work on my new 2600XM with NM-16A access server (12.3(20)IOS), any command in newer IOS?
View 4 Replies
View Related
Apr 30, 2012
i would like to configure the wireless access on the cisco 877 router either on command line or gui -also, does the wireless authentication and SSID has to be local or can i put the cisco 877 on h-reap mode and connect back to my controllers in head office and use the same SSID as in my head office ?
View 8 Replies
View Related
Apr 20, 2011
I have a sitecom 3G ready wireless router but does not support the local telephone company. i would like to know how to access its modem config from a command line inorder to configure the modem commands with local company settings. Its model no is WL-326v1001
View 1 Replies
View Related
Oct 3, 2011
I am having some difficulties on finding information on how to setup two Cisco 1252 autonomous access points, via the command line. I am not having any luck finding steps on how to go about doing this and was curious if any one would be willing to give some insight. I am working on taking two of them setting one up as the root bridge and the other as non-root.
View 3 Replies
View Related
Jul 1, 2011
I need to configure the access list on the outbound internet port to accept the following:
ip access list 10
access-list 10 permit PPTP vpn any xxx.xxx.xxx.xxx
access-list 10 permit RDP any xxx.xxx.xxx.xxx
access-list 10 permit FTP any xxx.xxx.xxx.xxx
access-list 10 permit Postgresql any xxx.xxx.xxx.xxx
access-list 10 permit MacARD any xxx.xxx.xxx.xxx
This method does not work on the Cisco 2921 router with FW
View 1 Replies
View Related
Apr 14, 2011
My grandma has a PC with Windows XP, she uses it only for Skype calls. can go in to her PC using command line from my PC? What commands should I use and what modifications to do on my grandma's PC? Should I ask permission from grandma's ISP (which is the same as mine)?
View 3 Replies
View Related
Apr 25, 2011
I am not able to configure Service policy output command in Cisco 2921 router.While configuring I am getting below error.Same config is working fine in Cisco 3845 router.I am suspectting the problem with license in IOS.
View 3 Replies
View Related
Mar 11, 2013
My 3550 is always 2 characters short on the command line. So my global configuration mode will look like this:Switch3550(config Say I wanted to enabled ftp, it would look like:Switch3550(config)# ftp enab.
View 2 Replies
View Related
Aug 13, 2011
Im trying to get my head around my new cisco SG 300 switch. I have used the Linksys SRW range before and configured it using teraterm and method described in the link below:
[URL]
As im fimilar with this method and the commands ideally I'd like to use this on the SG 300 range as well. Failing that, is it possible to use another method which uses the same commands which can be easily copy and pasted for setting up multiple switches with the configuration?
View 1 Replies
View Related
Apr 22, 2013
I'm an ASDM 6.4 command line novice & I'm looking for the command to delete an unused vpn key, e.g. 'key1'.Or if there's a GUI method?
View 2 Replies
View Related
Jul 13, 2011
command to get running config of Cisco VPN 3000 concentrator.
View 3 Replies
View Related
Jul 21, 2011
I want to telnet a router (say) 1.1.1.1 with usename "user" and password "pass" in command line. i tried using....telnet 1.1.1.1 -l user ..........but not working
View 3 Replies
View Related
Apr 15, 2012
12 users, 3 servers, 5 smartphones/tables on the WiFi (existing AP), future VPN server (maybe 5 simultaneous inbound VPN connections at the most with at least one client using a Mac), Cisco Gigabit small business switch.Internet access, VPN connectivity, and firewall (reporting, close/open ports for custom applications as needed)I was originally going to select an ASA5505-50 user device for the above client. The device is highly regarded on the Internet, offers a command line interface, priced right for the budget and should perform all duties required by the client.However, the addition of the RV180W to the Cisco product line has me questioning my choice.
1)Does the RV180W offer a command-line interface?
2)Is the RV180W limited in the number of users it can support without having to purchase additional user licenses?
3)How are firmware/software upgrades handled with the RV180W?
4)What will the client be giving up if they choose the RV180W vs. the ASA5505?
View 1 Replies
View Related
Dec 12, 2012
We have lots of new lap1041 need be set static IP Adress, hostname, Controller Adress via command line, but when use command (capwap ap hostname) to set hostname , always give us command disabled, we used command:clear capwap private-config, but it does not work, why?
View 4 Replies
View Related
Feb 29, 2012
I want to know if WAG325N supports cisco's IOS so that i can configure it using command line interface? Is it possible?If not, how would i change ethernet interface speed setting so that it can support 100 mbps of speed. Because when i connect through LAN i'm always getting a full dulplex 10 mbps LAN connection automatically.
View 1 Replies
View Related
Dec 10, 2011
I am trying to remove a line in a particular access-list configured in a FWSM module using this command "no access-list <acl> line 19 x x x x" but it doesn't work. See below:
FWSM/xxx03(config)# no access-list ?
configure mode commands/options:
alert-interval Specify the alert interval for generating syslog message
106001 which alerts that the system has reached a deny
[code]...
How can I remove a line from the access-list without clearing the entire access-list?
View 3 Replies
View Related
Jan 6, 2012
how to open the Linksys E4200 command line interface? Ive tried using telnet but i get this message:Could not open connection to the host, on port 23.
View 3 Replies
View Related
Apr 24, 2012
Today i received FWSM from cisco (RMA), I need to configure it as standby unit for existing FWSM active/standby setup.
IOS on RMAed FWSM is 2.3.4 and cisco VSS supports FWSM IOS 4.0.4 and later.My issue is, I cannot access FWSM (IOS 2.3.4) via session command from cisco 6513 but could successfully consoled it without any problem. I have reloaded it twice and also tried to disable and enable power on it.
VSS#sh module switch 2
Switch Number: 2 Role: Virtual Switch Standby
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
2 6 Firewall Module WS-SVC-FWM-1 -----------
[code]....
why I cannot access FWSM through session command ?Whether this is because of older IOS ? If yes then how to upgrade its IOS ?Is it possible to upgrade IOS via FWSM console ? if yes, Do i need to test on different slot ?
View 2 Replies
View Related
Sep 20, 2012
we just received 5 new SF200-48 Smart Switches for small business. I noticed only way I can configure them is by using the web gui. Is there a way to enable good old CLI?
View 6 Replies
View Related
Jul 5, 2012
I am configuring a 2921 with enhanced security using the CCP. I have found a behavior that seems strange to me and I'm not sure if I'm misunderstanding something or missing a setting. It seems that if I create a firewall rule to "allow" traffic through, that traffic gets dropped, but if I set the action to "Inspect", the traffic comes through fine. I can actually reproduce this at will by setting up a rule from out-zone to self to allow traffic and I cannot telnet into it from an external ip, but if I change that rule to "inspect" i can connect fine (i dont want that rule set up permanently, was just using it to test the firewall).
If I set the allow rule to log, I see the following line in the application security log:
(target:class)-(ccp-zp-out-self:user-fw-ccp) Passing telnet pkt 1.1.1.1:58141 => 2.2.2.2:23 with ip ident 0
(where 1.1.1.1 is the external laptop and 2.2.2.2 is my WAN IP address of the 2921)
So it looks to be passing the traffic, but that traffic is getting dropped somewhere because the connection is unsuccessful.
Is this the expected behavior of "Allow" action? Is there something I can do to make sure "allow" traffic actually gets through?
View 1 Replies
View Related
Jun 7, 2013
I'm designing a new topology to access to the Internet using Cisco2921 NAT and MS ISA Firewall. I'm going to use ISA as a proxy to public some internal services and to provide internet access for my users. ISA won’t use NAT. It will route traffic. Cisco 2921 will handle NAT, ISP Failover and IPSec VPN to datacenters.
Cisco 3750 will route outbound internal traffic.My routing for internal users on Cisco 3750 will look like this: [code] My question is about route from Cisco 2921 to my local network 192.168.0.0/22.If I use this route, I'll restrict my traffic from datacenter to go through ISA server BUT all responses from the Internet will go directly to 3750 too.I doubt about security and functionality of such solution. Of course I will public my internal resources to internet that way. It is on Cisco 2921
ip nat inside source static tcp 172.16.0.2 80 (my external IP) 80.I could use PBR to divide my traffic from datacenter and other traffic, but I don't know how to use PBR with IPSec VPN traffic.
View 1 Replies
View Related
Jun 27, 2011
I just purchased thie Cisco 2921 router and have all the configuration completed except the Firewall and NAT. We have 4 supnets at our location on the router each with a DHCP handed from the router to our network. Any examples for the Firewall and Nat configurations?
View 6 Replies
View Related
Apr 22, 2013
OK, I have a 2921 on 15.3-2T. ZBFW is working from the inside to the outside, but the DMZ is not being blocked at all to the inside. I am currently running with subinterfaces. All interfaces have zones attached. I have policies from inside to outside and DMZ to outside, those work fine. Without any policy from DMZ to inside, it can pass traffic freely from DMZ to inside. I have tried making an explicit policy to drop all to inside, still passes. I ended up just having to put an ACL on the interface
I already tried upgrading the IOS, that is how I ended up on the newest version. This is connected to a 2960S with a trunk port. Everything else works perfectly except for the DMZ security. I haven't had time to try to lab it up yet, but wanted to see if any reasons this shouldn't work, as all documentation says it should drop all traffic unless you make a policy to pass traffic.
View 5 Replies
View Related
Sep 15, 2012
I have a 2921, and I have 4 network segments. In segment 172.16.0.0./27 I wand to "pair" somehow connections. I mean IP 172.16.0.x has to have MAC aaaa.bbbb.cccc and so on, and not accept connections otherwise.How can I do that?
View 7 Replies
View Related
Aug 22, 2012
I have a netwokr in which users are getting ip address from DHCP server that is window server.i want to block some users to access interent by using their device mac address.i have these devices in my network...
2921 cisco cme router
cisco 2960 switches
cisco 892 cisco internet router
internet ADSL that cnnected with cisco 892...
wireless AP 1142...
i have no firewall or any asa...how can i block some users for accessing internet but they can access internal network...for file sharing and prinitng,...
View 15 Replies
View Related
Feb 22, 2012
I have a IOS firewall on a 2921 router, zone-based config. The remote and main sites have Cisco WAAS , running 4.4.1 software. I am using WCCP redirection on the WAAS/router combination. If I leave it off the firewall passes SSH correctly to the devices on the other side of the firewall. If I enable WCCP the SSH connections fail. The SSH to the router itself is fine, I am not using the self zone for router protection. I had seen a few posts on WAAS but the only one mentioning a config statement in the firewall was on 4.0 WAAS and the command is no longer on the IOS firewall. Is this supposed to work transparently or am I missing a config?
View 2 Replies
View Related
Nov 21, 2012
the cisco 2921 Router has a default ip hhtp access class command found in it. Just i changed the default IP to the new ip i will use.The Router is accessable from the LAN only but not from the internet configured the Public ip . I think this is due to the standard access list 23 . how will i access the Router from the Internet using the Public IP.
View 6 Replies
View Related
Apr 18, 2013
We are setting up an old office building as an offsite data center. The network cosists on a PIX 501 firewall and a 2811 router. I am attempting to setup a GRE tunnel over IPsec back to the main office. The main office consists of a PIX515, a 2821 router, and a 2921 router.
There is also an ASA5510 in our main office that is used as our primary connection for all of our external services and as a GRE endpoint for our other offices. The PIX515 is used to connect our main office clients to the internet and we would like traffic between it and our offsite data center to go across it as well. The default route is to use the ASA. We used policy based routing on the 2821 and 2921 routers to direct the appropriate traffic to the PIX515. Right now I am not able to get the tunnel setup. It appears that the offsite datacenter is sending packets but is not receiving any when I issue the “show crypto ipsec sa” commands on both firewalls. I will show the output of that command below.
Main Office The external address 198.40.227.50. The loopback address 10.254.10.6 The tunnel address 10.2.60.1
Offsite Datacenter The external address 198.40.254.178 The loopback address 10.254.60.6 The tunnel address 10.2.60.2
The main office PIX515 Config :
PIX Version 7.2(2)
!
interface Ethernet0
mac-address 5475.d0ba.5012
nameif outside
security-level 0
ip address 198.40.227.50 255.255.255.240
[code]....
View 2 Replies
View Related
Oct 10, 2012
Cisco 2500 series access servers show line usage with the "show line" command:
View 2 Replies
View Related
Sep 23, 2012
we have noted the automatically removing of the only "nat (inside,any)" line, during the upgrade of ASA 5540 from 8.4(3) to 8.4(4) 1: why ?
View 1 Replies
View Related
Oct 1, 2012
iam having two PC's which are not connected through LAN. in our office we are having a private telephone network and both the locations are connected with this telephone network (MAX) connection. Is it possible to connect the both PCs through remote desktop connection through this telephone network we are having ?. we are provided with internet conncetion for one PC.
View 2 Replies
View Related
Mar 26, 2013
As part of our PCI compliance, we were required to add a line to all of our ACLs in our ASA 5520 running version 8.2(3). Though there is an implicit deny all, we had to add a line to deny from any source to any destination.We had no problems in adding the additional deny all statements except for our NAT access-list. This NAT access list is used for our internet connection.Currently, the NAT ACL has 4 entries to permit from a specified source to destination any. This ACL is then called on our NAT statement.nat (inside) 1 access-list NAT,Also, note that NAT control is in place and we also have NAT zero statements for our VPN connections.So to fulfill our requirements, we just had to add another line to our ACL entries. But we encountered an issue with our NAT acl.
View 10 Replies
View Related
