Cisco WAN :: 3800 - Failover Internet Traffic Router
Mar 27, 2013
I wanted to configure failover internet between two routers Cisco 3800 Series. Each router is connected to an ISP. I have configured HSRP protocol on my interfaces and my HSRP configuration works well. I want to configure my routers to switch my internet traffic in case of failure. For example,if the first ISP internet connection fails, traffic will switch at the second ISP. I want to know how I should proceed to do this.
View 4 Replies
ADVERTISEMENT
Nov 19, 2011
I have a client who has Cisco 3800 series routers in their data centre with which they have QoS/CoS policies implemented. They wish to further manage traffic by limiting outbound traffic to their branch sites in line with the network access bandwidth each site has available. Is this possible whilst leaving the QoS policies in place? If so how?
View 1 Replies
View Related
Jan 16, 2013
Need the clarity on IKE version 1 with aggressive mode, I assume this is used for remote site VPN and not for site to site VPN.
Correct me I am wrong and also share the inputs on this.
Also required the inputs for disabling in Cisco 3800 series router.
View 18 Replies
View Related
Mar 3, 2011
I have been struggling for a few days with getting site-to-site traffic working across a L2L IPSec tunnel. At this point, I have the tunnel up, and I see packets being decrypted on the correct IPSec SA's when I ping from a local network computer on the ASA side to a local network computer on the router side. I cannot ping from one side to the other, but those packets are getting through. We have another L2L tunnel that is from that ASA to another remote site's ASA, and that is functional. I have mirrored the configuration for ACLs, etc. from that site, so I believe that the issue is with the packets getting incorrectly translated by the NAT/NONAT statements/ACLs on the router side.
View 8 Replies
View Related
Jul 14, 2012
I need to upgrade compact flash memory card for a 3800 router. Basically i want to upgrade code on this router and the current flash size (64Mb) cannot hold new image. I wanted to check if i swap the old flash (64 Mb) with a new one 256 mb, i will loose vlan.dat file since it's stored in flash. Is there a way i can copy vlan.dat to new flash which has new code before i change the boot statements and reload the router?
View 1 Replies
View Related
Jul 10, 2012
Is there a way to be able to check from one computer on a network to another computer on the same network when both have been set up with NAT?
For example, computer 10.0.0.10 cannot ping 10.0.0.20 because NAT has been set up. Port forwarding does not seem to be an answer. Is it possible for NATted computers to be able to ping each other or not?
View 1 Replies
View Related
Mar 2, 2011
I have been struggling for a few days with getting site-to-site traffic working across a L2L IPSec tunnel. At this point, I have the tunnel up, and I see packets being decrypted on the correct IPSec SA's when I ping from a local network computer on the ASA side to a local network computer on the router side. I cannot ping from one side to the other, but those packets are getting through. We have another L2L tunnel that is from that ASA to another remote site's ASA, and that is functional. I have mirrored the configuration for ACLs, etc. from that site, so I believe that the issue is with the packets getting incorrectly translated by the NAT/NONAT statements/ACLs on the router side.
The ASA is: Cisco Adaptive Security Appliance Software Version 8.2(2)Hardware:
ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz The router is:Cisco IOS Software, 3800 Software (C3845-ADVENTERPRISEK9_SNA-M), Version 12.4(20)YA3, RELEASE SOFTWARE (fc2) Router Config:!version 12.4!card type t1 0 0!no ip cef!ip multicast-routing no ipv6 cef!crypto isakmp policy 10 encr 3des authentication pre-share group 2crypto isakmp key xxxxxxx address nn.nn.12.130!crypto ipsec security-association lifetime seconds 86400!crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac !crypto map NOLA 11 ipsec-isakmp set peer nn.nn.12.130 set transform-set 3DES-SHA set pfs group2 match address VPN-ACL!controller T1 0/0/0 fdl both cablelength long 0db channel-group 1 timeslots 1-24!interface Loopback0 ip address 1.1.1.1 255.255.255.252 ip virtual-reassembly no ip route-cache crypto map NOLA!interface GigabitEthernet0/0 no ip address duplex auto speed auto media-type rj45!interface
[code]....
View 15 Replies
View Related
Jun 13, 2012
Currently I'm looking for a way to failover our internet connection from one site to another site over our MPLS line, should that internet connection go down.
My layout: Internet > Cable internet modem (Site B) > ASA 5510 (Site B) > 2821 Router (Site B) > MPLS Line > 2821 Router (Site A) > ASA5510 (Site A) > ISP provider internet router (Site A) > Internet
Facts:Site B is the one with the internet issues.The MPLS line is routed using BGP. [URL]
View 46 Replies
View Related
Jun 27, 2012
I have Cisco 3800 series router it needs user name and password to access through terminal I don't have the user name and password. Need To reset the password.
Terminal screen shot is attached here you can see that.
View 3 Replies
View Related
Feb 26, 2013
I have a working 3800 router which runs on bgp pretty well. Existing setup has 2 serial ports for the bgp and 1 gigabit port for the LAN.Now, i want to add another 3800 as a standby router making it clustered - ACTIVE/STANDBY via hsrp protocol.
1.) What are the implications in adding another 3800. Do i need to reconfigure the ip addresses on my serial? or just the LAN
2.) Are there any additional requirements like firmware versions etc?
View 1 Replies
View Related
Oct 24, 2011
We're having some numbers ported over to us and we'd like to verify that we are in fact receiving all of the numbers at our SIP gateway. Since we have been getting more and more activity on this router, I'm becoming more concerned about using certain debug's for fear that the router maxes out CPU and drops.
What the best debug command would give me this information with minimal impact on CPU? In the past I've used 'debug ccapi inout' and a couple of others similar to that. With so much activity though sometimes it bombs the router. Also I am logging to the console directly, maybe there is a better method with less CPU impact. I just don't want to have to go back and forth to look for stuff 50 times either if I write out to a file or something, it could work though I suppose.
View 1 Replies
View Related
Apr 6, 2013
configure a router 1812 as failover, I walk with fixed ip internet link in Fe0 (need to determine the mac) and a dynamic ip link in FE1, other ports with a single vlan dhcp 172.20.16.1
I managed to do DHCP, connect to internet, to make nat vlan. But I could not do failover and load balance neither.
View 10 Replies
View Related
Jul 22, 2012
I've got a Gateway 2wire 3800 HGV-B router which works fine wirelessly, but when using an ethernet cable to connect to the internet, it doesn't even recognize the computer. My laptop runs wirelessly all the time, and I recently picked up a desktop PC for home here, and it's the first wired connection I'm using, but for some reason the wired connection isn't connecting to my network, but instead it's own Unidentified Network.
View 2 Replies
View Related
Apr 2, 2012
We're in the process of swapping in a new pair of ASA5520s and Catalyst 3750s to support two separate business units. We want Firewall A and Switch A to handle traffic for Org A (VLAN 100). Similarly, firewall B and Switch B should handle traffic for Org B (VLAN200). But we want to be able to fail traffic over in case of firewall or switch failure. Traffic between the two Orgs is being routed at the switch level. [code]
The uplink interface on each switch is currently a routed port with a static address on the uplink subnet. This works fine in a normal state. However, when we fail over one of the firewall contexts to the other chassis, this results in the inability to route internal traffic because the internal interface is now physically connected to a different switch with a different IP port address (obvious in hindsight). The question is, rather than a routed port, what would be the proper way to handle traffic between the switches and firewalls in a failover scenario? If I make the uplink ports into trunks, won't this cause all packets destined for either firewall to hit both both? Seems like that's not the way to go either? [code]
View 0 Replies
View Related
Dec 27, 2012
We have a customer who has a network consisting of two ISPs, one as a primary and the other as a backup. We are trying to create a configuration that would allow the primary link to fail and the secondary link to automatically pick up traffic and begin routing .how to set something like this up. Both routers are non Cisco routers and there for HSRP is out.
View 14 Replies
View Related
Nov 27, 2012
I am testing limit bandwith using my ASA 8.2, i am trying to limit internet access for certains users , i order to save Bandwith for the important things but i can´t get any limitation
My configuration is the following, the acces list is just for my pc in order to test, and the service policy is applied to outside interface (called internet in my case) for incoming traffic
access-list Internet_mpc_1 extended permit ip host 172.16.127.70 any class-map Internet-class-TEST match access-list Internet_mpc_1 policy-map Internet-policy-web class Internet-class-TEST police output 1024000 1500
service-policy Internet-policy-web interface Internet
With show service policy i can´t see any activity on the policy , but if i do a similar configuration for inside interface outgoing traffic i can see packets allowed and dropped
View 3 Replies
View Related
Apr 29, 2012
I have an ASA 5520 with the below config
Gi0/0: outside (Internet)
Gi0/1: inside (Internal users)
Gi0/2: DMZ (web servers, ftp, Mail etc..)
I have a SMTP relay deployed on the DMZ for mailing. I have also a mail servers installed in the internal lan,
I want to allow trafic from dmz to reach internal lan, and i want normally also allow stmp relay from dmz to reach Internet.
How can i block trafic from DMZ to reach Internal Lan (instead of smtp) if the to allow trafic from dmz to internet i must put ANY in the policy?
For allowing trafic from DMZ to reach Internet, the policy must be DMZ -----> ANY ----->Services., this policy means DMZ can implicity reach Internal Lan?
View 2 Replies
View Related
Dec 5, 2011
I thought that the best option to do that in my Cisco 861 router, IOS v. 15.0 is to used NVI (Nat Virtual Interface)[url]...
I tried the solution given in this page, but is does not work.
I give you the running-config for my router before and after the modifications proposed in this page
[code]....
View 3 Replies
View Related
Sep 30, 2012
I'm trying to configure a Cisco 3800 with a WIC-2AM-V2 to do DDR. I've gotten it to work before, but it was a while and now the config doesn't seem to work. I'm using an Lo0 interface and ip unnumbered on the Dialer interface. Using debug dialer and debug ppp and see nothing at all trying to dial out.
##############################################################
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname DDR
[code].....
View 1 Replies
View Related
Sep 1, 2011
I am trying to configure cisco 3800 as NTP server for all Juniper MX router clients. Purpose is to server the clock to all Juniper routers. But i m facing weird issue.. All Juniper routers are getting synch with Cisco 3800 but there is difference of 30 min between client and server time.
Cisco config
ntp authentication-key 100 md5 11201D00163B0C1E 7
ntp trusted-key 100
ntp source Loopback1
ntp master
end
View 5 Replies
View Related
Jun 12, 2011
I'm having a problem on which i cannot find an answer. I have a VPN router 3800 series (DMVPN) with 2 VRF on it, we also use dual Nat to reach our data center behind the 3800 series isr.
I created the Nat rules and the acl's , but the Nat is just not working, is there a special configuration needed for Nat and VRF's?
View 1 Replies
View Related
Sep 25, 2011
I have a problem with my new Galaxy S2 and getting Internet connection trough my Linksys-router. I can connect to the router and my S2 shows and says my WIFI-connection is OK. But still I can't get any Internet-traffic to my S2.The wireless router is working OK for my old IPhone and MacBook Pro, but not for my S2. I have tried the S2 on other wireless access points, and it is working fine.I have tried a lot of different wireless settings, but nothing seems to fix the problem.From my S2 I can ping the IP-addresses of the router, all DNS, gateway and IP-address of the router. I can also ping the phones IP-address from my router. But I can't ping anything "outside" the router.Here are some data:
Router: WRT54G
Hardware-version: 2.2
Firmware Version: v4.21.4
View 3 Replies
View Related
Mar 2, 2011
We have multiple cisco routers and most of them have dual WAN connections thru different ISPs. So, we use IP SLA monitor with tracking object s to monitor each ISP availability/reliability and switch routing accordingly ( by IOS). So far, it has been working ok. However, recently, we had some ISP high latency and the connection to one ISP will be so slow but the IOS keep seeing it as UP, thus sending traffic thru it. So, I tried to change around the threshold numbers around with no luck. Is there any configuration/commands or tricks that can do the job here? I don't want the users to be the one to detect the Internet slowness and have me manually shut down an interface or change the static routes metrics. here is a sample of my config:
ip sla 1 type echo protocol ipIcmpEcho x.x.x.x isp 1 gateway threshold 3 frequency 5ip sla monitor schedule 1 life forever start-time now
ip sla 2 type echo protocol ipIcmpEcho x.x.x.x isp 2 gateway threshold 3 frequency 5ip sla monitor schedule 2 life forever start-time now
[Code]......
View 1 Replies
View Related
Sep 26, 2011
I was just configured a 3800 router with this command. I cannot get to the ROMMON mode anymore. Cisco says you should press Break key within 5 seconds after the image decompresses during the boot. But mine is ignoring it and going to load running config directly.
View 7 Replies
View Related
Dec 22, 2010
I inherited a 3845 router. I am hopeful that I can use it for my home practice lab and connect it to a Cablevision (Optimum Online) Cable Modem. If it is possible what interface card/config I would need? It currently has a T3/E3 card with 2 coaxial connections (was used with a Cogent DS3 connection). I'm guessing I would need to replace it with an Ethernet one (?). Granted - I suspect it may cost a pretty penny, nonetheless I'd like to look into it.It also has 2 dual-port vwic2-2mft-t1/e1 card installed. I am an absolute beginner with Cisco and networking.
View 2 Replies
View Related
Dec 10, 2012
I am using a Cisco ME 3800 switch with 24 Gig and 2 Tengigabit interface. But after configuring the Tengig int with ip add and negotiation it is no know visible in the switch. Instead TenGig I am seeing two (Gi0/1 and G0/2). Not even showing the Tengig in the running config.
View 3 Replies
View Related
May 4, 2012
I have a 3800 running 12.4 with a outbound shaped nest Qos tied to a subinterface G0/0.12 which is trunk downstream to a 3500. I am getting drops on the "sh policy-manager inter g0/0.12 so know that shaping which is 1.5mbps is dropping my packets. The 3500 looks clean
3800:
policy-map A
class-map A
bandwidth 30% etc..
[Code]....
the routing is that host goes up to the 3800 and out a wan link but if wan is down, it hairpins back down from 3800 to 3500 which has a backup link on one of the ports. when we test wan down, or even when it is up, I see shape dropping packets
View 4 Replies
View Related
Oct 28, 2011
I just got optical fiber installed in my place which gives me great download speeds. Now my ISP has a monthly download limit of 120GB, after that I gotta pay overages.Now my setup is like this: Fiber modem (1 port) -> Linksys E3000 router (4 ports + wifi).All my gear is hooked up to the Linksys router (xbox, ps3, media center, office pc & 2 laptops).I would like to keep track of the total "internet" bandwidth use of all devices, but exclude the normal network traffic, as that of course I don't pay for.Is there something that I can install on the Linksys router that can keep track of that kinda of information? router (4 ports + wifi).
View 6 Replies
View Related
Sep 22, 2011
sample configuration for internet failover . i have 2 ISPs with one coming in thought a serial cable and another through internet and would wish one take over after the other has failed .The router is Cisco 1921 .
View 4 Replies
View Related
Oct 16, 2012
There are four figures(A,B,C,D) shown in attached diagram.my aim to achieve wan side failover, mean to say, if one ISP or Router goes down, the other should still be reachable.
Cisco 2960 = L2 Switch
Cisco 3560 = L3 Switch
Here I am discussing only two redundancy methods i.e Floating Static route and IP SLA. There are following questionnaires related to attached diagram given below
Figure A:
1. Floating static route (Yes or No)
2. IP SLA (Yes or No)
Figure B:
1. Floating static route (Yes or No)
2. IP SLA ( Yes or No)
Figure C:
1. Floating static route (Yes or No)
2. IP SLA ( Yes or No)
[code].....
View 6 Replies
View Related
Feb 6, 2013
I have two Cisco Routers 3800 series for my internet traffic (2 ISP). I configure HSRP on the interfaces gigabitethernet and at the main router I put the multilink interface to track. When the connection drops to the main router traffic does not switch on my second router.
View 1 Replies
View Related
Feb 3, 2011
I have a network with Two 3800 Cisco Routers as Central and many Cisco 2811 Router as Branches. Now I set two Tunnel on each router connection Interface FastEthernet from each 2811 to SubInterface Fastethernet on 3800. I set OSPF as Routing Protocol and I configure QOS on Tunnel connections. Then I have a safe connection with backup connection between 3800 Router and each 2811 Router. Now I want to set VPN with IPSEC and Certification Authentication with CA Server for Security all connection. I set IPSEC and ISAKMP and Certificate on each Router and Set Dynamic VPN on Cisco 3800 Router and Static VPN on each Cisco 2811 Router. Now when if I configure tunnel with Crypto map, it works correct and all packets are encrypt. But if I try to set crypto on physical Interface(because I want to set qos on tunnel then protect packets on physical interface) however all packets are routed but crypto and encrypt d o not work. Set qos on tunnels and crypto on fastethernet interface.
View 4 Replies
View Related
Jan 17, 2013
I have a question about ACLs on Cisco 3800 router. I tried to configure extended IP access-list. However, I couldn't add more rules into some of the ACLs when the number of rules increase to about 120 rules. These extended IP access-lists are assigned to gigabit ethernet interface and sub-interface (VLAN interface).
Is this caused by some kind of maximum number of rules supported?
View 3 Replies
View Related
