Cisco WAN :: 2951 / MPLS Branch Site Setup On T3 Line
May 24, 2013
setting up MPLS on a single T3 line. A client has contacted us to set up a 2951 at a branch location. There are 5 locations connected with MPLS.They will split off 4meg of the T3 for mpls. The rest of the 45meg would go to the internet.They have two 1841's currently set up with a T1 line in each. One 1841 connects to the MPLS and the other to the internet.When the T3 is turned up by the provider, everything, internet and MPLS, will go through it. I asked for the current configurations, but I have not received them yet and this setup is due in a couple days.Given I've never configured MPLS before and I have a rudimentary understanding of how it works, any tips or configurations? I'd hate to be stuck on site and not equipped to complete the job.
View 3 Replies
ADVERTISEMENT
Sep 13, 2011
We recently switched two of our branches to point-to-point fiber connections to our corporate office. Previously they were using MPLS connections. For branch A, the ethernet handoff of the fiber is connected directly to a Catalyst 3750 gigabit port. That port has no configuration on it. The other end of that fiber is connected to a gigabit port on the 3750 switch at our corporate office. That port is configured with an IP address that is within the subnet of branch A, and is operating at layer 3 due to the no switchport command.
Branch B currently has a Cisco Express 500 ethernet port (with no configuration on it) connected to the fiber hand off there. At first we setup a port on the 3750 at our corporate office that is connected to Branch B via the fiber in the same manner. This resulted in us receiving DCHP leases at Branch B from Branch A. Obviously not desired. Now we have the port on the corporate 3750 that is connected to Branch B's fiber configured with switchport vlan 64. I also configured interface vlan 64 on that switch at corporate with an IP address from the branch B subnet. We then set that IP address as the default IP address for devices at Branch B.
We are having trouble with both an ATM and a phone system not communicating properly at Branch B. At Branch A we are experiencing the same oddity with the phone system, but the ATM is able to communicate fully. At branch B, when configuring a Windows Vista or Windows 7 laptop with a static IP address that is known to be available, you get transit failures when trying to ping. Essentially everything seems to be able to route fine, but some traffic even after a full tcp hand shake seems to not transmit properly.
When you configure a point-to-point fiber connection from a layer 2 switch at a location without a router to a location with a Cisco Catalyst 3750 switch as the endpoint, what is the best way to configure both sides?
Currently we only have vlan 64 configured on the port mentioned on our switch at corporate, and then the switch at Branch B is essentially operating as an unmanaged switch at the moment with all ports in vlan 1.
View 4 Replies
View Related
Mar 6, 2013
Our Headquarter (asa 5510) is running a site to site vpn connection with a Branch office (router 2811). All remote users are accesing the internet through the VPN and also accesing headquarter file servers.I want to know if there is a way for some remote users to be able to use the vpn for accesing the file servers but to access the internet through the branch office. The rest of the remote users will be still accessing the internet through VPN.
View 2 Replies
View Related
Feb 29, 2012
I'm looking for Routing Design scenarios to complete our configuration needs for remote branches. We will have two 1921 routers in each location, one with a T1 from our MPLS carrier, the other with a DSL connection from an ISP. The T1 router will have an assigned AS and use BGP to router back to head quarters. The DSL router will have an IPSec tunnel back to an ASA 5510 at head quarters. I envisions a GRE tunnel from the DSL router back to head end routers connecting to MPLS at head quarters. Not sure yet how to manipuate the routing between head quarters and the branches such that the T1 router is the primary route to and from the branches and the DSL router is for failover/backup.
View 1 Replies
View Related
Sep 7, 2011
What are my best options to secure branch office connection to HQ over Provider MPLS cloud. Our existing Setup
<<HeadQuarter>> :: DataCenter hosting Email, ERP, Intranet, Voice Services 10mb link to Service Provider over MPLS CloudMPLS is terminated on a 3825 Router running advance Services
<<BrancOffice>>::Total 10 In Country Branch Offices2mb Link to Service Provider over MPLS CloudTotal users in each branch : 20 MPLS is terminated on a 2811 Router running advance Services
View 1 Replies
View Related
Nov 28, 2012
Can Cisco2951 work as an MPLS router. If yes what will be needed to make it function as an MPLS router? Else which alternative router can function as an MPLS router.
View 1 Replies
View Related
Dec 15, 2011
Purchased and configured 2951 router based on Telco specs that required T3/DS3 card with coax connection for MPLS. When telco showed up to install DS3 they handed me a UTP copper connection.... Can I use one of the Gigabit ethernet connections on the 2951 as my MPLS interface into the provider's cloud?
View 2 Replies
View Related
Aug 28, 2011
I want a router to terminate 100Mbps MPLS link on it. Can Cisco 2951 will be suitable for this or i have to go on to 3900 series or 7200 series
View 2 Replies
View Related
Dec 12, 2012
We have approx 40 branch offices - all of which are connected to a single core site over VPN Tunnels using various gear. At one particular site, we are having issues with the tunnel dropping sporadically throughout the day - some days it happens 10 times, some days it happens none. This just randomly started happening two weeks ago, without any changes taking place. Since it started happening, I have upgraded the code to latest versions, but still the issue persists. This particular site has a 2901 and connects back to a 2951.
Below is the output from:
debug crypto ipsec
debug crypto isakmp
[code].....
View 1 Replies
View Related
Feb 18, 2013
Installation of 2 x 4 Mbps MPLS circuit on primary router (CISCO 2951) and 1 x 8 Mbps Ethernet link on secondary router (Cisco 2951). We have successfully implement the primary router with 2 x 4 Mbps MPLS circuit. Site is having two computer room CR1 and CR2 and distance between both room is 200mts. CR1 is having primary core router and primary core switch where the service provider terminated the new MPLS circuit and we have done the successful implementation. CR2 is having Secondary core router and secondary core switch where we needs to have the termination of Ethernet link but service provider has delivered the Ethernet link on the CR1 which is incorrect DMARC Location.
Both the computer rooms are connected via optical copper can we use that copper to connect the circuit on CR2, as per my understanding we can use the optical fiber to connect the wind circuit on secondary router on CR2 by using the media connector.
View 1 Replies
View Related
Apr 23, 2013
I have a problem with a branch office setup, and I can't for the life of me think of what the problem is.I have a remote office setup, using an ASA 5505 that is set up to establish an easy vpn connection to the central network. The connection at the branch office is a 20/5 cable modem, the central network has a 25/25 fiber connection.
The issue I have is this. Wired clients work fine at this branch office, at least 95% of the time. I have a lightweight AP there that can come up and join the controllers at the central network, no problem. I haven't done anything with H-REAP because there are really no resources locally they need that would allow them to do their work, so all traffic is tunneled back to the WLC.
Wireless clients can authenticate to the AP, and I can get 15-20ms ping responses from them all day. Latency never comes close to the 600ms proposed limit with CAPWAP. Yet, for some reason the performance of the clients is problematic. Webpages will frequently not load correctly, they experience some freezing, and with one application we use - it refuses to load completely.If we bring these same computers to an AP connected to our central network, on the same SSID, they work flawlessly.
Something about this particular location is causing a lot of grief for our users.For what it's worth, we are running WCS 7.0.230.0 and the WLCs are on 7.0.116.0. The ASA is running a pretty basic configuration, pretty much out of the box with the easy vpn configuration entered.
View 7 Replies
View Related
Jan 26, 2013
I have got two 1841 and one 881 cisco router. I can keep any one of this router at HO and remaining at branch office. I have got a static internet IP at HO but dynamic IP at branch office. I want to setup a VPN to connect to HO from branch office through router. The branch connects through a private IP for internet purpose. Which VPN is the most secure and best for this purpose.
View 1 Replies
View Related
Jun 6, 2012
I have senario where 15 branches via bri connection to central ISDN E1 Pri Head office.The setup is working before and suddenly branches not able to dial head office.Below is the debug q931 logs from branch router and i am getting continous "channel not avalible message on Head office
Branch router logs
*********************************************************************************************
hmc#isdn test call interface bri 0/0/0 44492999
hmc#
007049: Jun 6 14:41:39.497 gmt: ISDN BR0/0/0 **ERROR**: handle_l2d_srq_mail: Layer 1 inactive
007050: Jun 6 14:41:39.721 gmt: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0/0/0, TEI 78 changed to up
007051: Jun 6 14:41:39.721 gmt: ISDN BR0/0/0 Q931: Sending SETUP callref = 0x002E callID = 0x84BC switch = basic-net3 interface = User
007052: Jun 6 14:41:39.721 gmt: ISDN BR0/0/0 Q931: TX -> SETUP pd = 8 callref = 0x2E
[code].....
View 1 Replies
View Related
Aug 20, 2012
I am looking to setup a solution for backing up a Metro Ethernet connection on a 2951 using an 1841 and 2 T1's in a Multilink. The Metro E will be primary, and if the BGP peer goes down, I want it to switchover to the 1841. Can it be done and is there an example of the BGP setup to work off of?
View 1 Replies
View Related
Aug 8, 2011
im drawing a blank trying to setup a site to site connection with a 5505 ASA using ipsec and isakmp.i have the pre shared key as well as the external address of the other end of the tunnel but do not remember what the commands are to setup the crypto map and isakmp.
View 7 Replies
View Related
Sep 4, 2011
I need a configuration example of MPLS with VPN as a backup Router cisco 2851
View 3 Replies
View Related
Sep 20, 2011
Any step by step guide to setup syslog for site to site VPN.(in ASA 5520)Just send me the step to monitor site to site vpn using that in ASA 5520.
View 2 Replies
View Related
Nov 13, 2012
I have a 5505 asa code version 8.3(2). Trying to set up a site to site tunnel with someone and he is asking if I can use ike v2. How do I go about setting up the tunnel to use ikev2? Is ikev2 an option with site to site tunnels?
View 5 Replies
View Related
Feb 8, 2011
How can I set up a Cisco 831 router (branch location) so that it will accept inbound VPN Client connections and initiate a site-to-site IPSec tunnel to our hub location that uses a VPN 3005 Concentrator? I could get the tunnel to work by configuring it in a dynamic crypto map but interesting traffic on the Cisco 831 side would not bring the tunnel up.
View 5 Replies
View Related
Jan 10, 2012
I have been asked to setup a site to site VPN link between two 877-w routers.Not yet had a chance to look at the actual pieces of hardware as they are overseas.
View 3 Replies
View Related
Dec 17, 2012
In a site-to-site vpn environment, can I accomplish the setup using one asa5505 on one end and one 1811 router on the other end or do I need to have two asa 5505 or two 1811 routers? Another word, can I mix and match the devices and still accomplish a site-to-site vpn setup or do I have to have the same devices on both end?
View 2 Replies
View Related
Jun 6, 2011
i am trying to setup a hq to 2 remote office vpn connections, all have Cisco 877 ADSL routers.so far to test I tried to setup a site to site vpn between hq and remote 1.
I setup 2 routers with the following settings:
Router 1:
!
!
ip ssh port 3536 rotary 1
ip ssh version 2
!
!
crypto isakmp policy 1
[code]....
View 2 Replies
View Related
May 2, 2011
I am trying to set up 2 cisco rv 120w routers for a site to site vpn.
View 1 Replies
View Related
Mar 20, 2013
I need to setup a site to site VPN. Site A has a 5505 running ASA v7.2(4), this has been in place for a few years and is also used regularly for client remote access. For site B i have a brand new 5505 running ASA 8.4(3).Is the ASA version miss match an issue, or should i upgrade site A to the same version as site B? Assuming they should run the same version, which is the best choice to use? There is a choice of 9.0.2 under latest releases, then 9.1.1 ED, and 9.1.1(4) interim.
View 1 Replies
View Related
May 26, 2011
I've been struggling to get a site-to-site VPN going as I am new to Cisco firewalls (but not firewalls in general). Before going too deep in the config, whether it's possible to restore a backup config from one ASA to another ASA and simply modify some settings? Or is a backup config unique to a device and that might mess up my site-to-site VPN config?
View 7 Replies
View Related
Nov 9, 2012
I've moved a Cisco 887 router from a site where it was used to dial up on an ADSL line to a new site where we have a EFM circuit which terminates at a Cisco 1841 router managed by our ISP. I therefore need to re-configure our 887 router to work as a conduit from our servers back to the Cisco 1841 as its gateway.
I have asked from our ISP and they told me that i need to configure the 887 to use IP address 176.35.140.65 255.255.255.248 and its gateway should be 176.35.140.70. That's great advice in theory but I don't know how to configure this correctly
Our internal network is using subnet 192.168.42.XX which will need to be retained for local devices.
View 7 Replies
View Related
Jul 11, 2012
I have P router (7206VXR) and I need to export netflow from its MPLS interfaces to the netflow software.
View 2 Replies
View Related
Dec 28, 2011
We have multiple computers (most Win7), game console, iPad,iPod etc on our network, networking was really never a problem.We switched a few weeks ago to mobile Internet, which uses the Netgear MBR1210 modem/router as network access point for all devices. All network users, except two or three, are wireless. Prior to getting the mobile Internet we were on Satellite ISP and used the Linksys 3200 router as access point/network router for our home network (behind the ISP modem).The Netgear modem/router is too far away from my work area in the home, things like my printer, a desktop tower need to be plugged into a router because they are not wireless. The plan is to have the netgear router set up just as a modem/server, turn the wireless off on it, pull one network cable to my Linksys 3200 and use the Linksys as network access point for all devices. Which settings do I have to have on each router to do this? Where do I plug the network cable in between the routers? Do I go from a Lan port on the Netgear to the Wan port on the Linksys?
Which IP settings do I specify? How do I turn the automatic configuration of the Linksys off? Needless to say, I'm a bit lost here. I had contacted a Netgear forum prior, they gave me a little picture on how everything should be hooked up and the settings, but the Linksys router just did not want to work with these settings at all. Secondly, because of all this screwing around with the settings of the Linksys.I uninstalled the cisco connect program for the linksys and removed the original network we had with the linksys. Now the program refuses to install again, cisco connect that is.
View 2 Replies
View Related
Aug 13, 2011
Im trying to get my head around my new cisco SG 300 switch. I have used the Linksys SRW range before and configured it using teraterm and method described in the link below:
[URL]
As im fimilar with this method and the commands ideally I'd like to use this on the SG 300 range as well. Failing that, is it possible to use another method which uses the same commands which can be easily copy and pasted for setting up multiple switches with the configuration?
View 1 Replies
View Related
Oct 3, 2011
I am having some difficulties on finding information on how to setup two Cisco 1252 autonomous access points, via the command line. I am not having any luck finding steps on how to go about doing this and was curious if any one would be willing to give some insight. I am working on taking two of them setting one up as the root bridge and the other as non-root.
View 3 Replies
View Related
Oct 10, 2012
Cisco 2500 series access servers show line usage with the "show line" command:
View 2 Replies
View Related
Jun 6, 2010
I'm trying to set up a new switch, a 4506e, for a remote site. Most of our newer remote sites are using a 4506 and this is the first time I'm working with a 4506e. Our standard configuration, which was in use before I started here, has QoS settings. I'm not that familiar with QoS. Most of the QoS commands in our standard config aren't working in the 4506e. Does the 4506e have QoS? Is there some guide as to setting it up? Below are excerpts from the config we're using that are QoS related:
qos dblqos map dscp 32 33 34 35 36 37 38 39 to tx-queue 2qos map cos 3 to dscp 26 qos map cos 5 to dscp 46 qos aggregate-policer XYZ_AGG 64 mbps 8 mbyte conform-action transmit exceed-action drop qos!class-map match-all match_XYZ match access-group 142!policy-map police_XYZ class match_XYZ police aggregate XYZ_AGG!interface GigabitEthernet4/1 description server qos dscp 48!interface GigabitEthernet4/30 description server service-policy input police_XYZ!interface GigabitEthernet4/48 description upstream connection qos trust dscp tx-queue 1 shape 98 mbps tx-queue 2 shape 1 mbps tx-queue 3 priority high
View 2 Replies
View Related
May 18, 2012
I have a requirement to create a site to site vpn tunnel on ASA 5510 from a remote site to my HO, ihave already other site-to-site tunnels are up and running on the ASA.The issue is my remote site has got the network address which falls in one of the subnet used in HO(192.168.10.0/24).My requirement is only My remote site need to accees couple of my servers in HO which is in 192.168.200.0/24 subnet.
View 2 Replies
View Related
