To configure the GRE tunnel over IPSEC with OSFT via Encryption module from Cisco Router 3845, I have few queries:
1. Does the router 3845 support hot swap for encryption module?
2. Does the router require to be rebooted after plug in encryption module?
3. Any samples configuration for GRE tunnel over IPSEC?
Can the encryption module (DES/ 3DES/AES/SSL VPN Encrytion/compression) for Cisco Router 3845 able to support the external connection from other high end router, for example cisco 7200? What is the maximum bandwidth, load and concurrent connection it can support?
View 1 Replies View RelatedHow to reconcile what I've observed on our routers on a tunnel interface. The maximum amount of data I can get across the tunnel is 1339 bytes, which seems just a little bit too small. Background: we have two 3845 routers with IOS 12.4(3a) advanced ip services. I have tunnel interfaces on both routers, interface configs are below.
crypto ipsec transform-set MY_TSET esp-3des esp-sha-hmac comp-lzs crypto ipsec profile MY_VTIset transform-set MY_TSET
[ Code]..
When I test the mtu of the source destination interfaces I get 1500 bytes, as you would expect from an Ethernet connection to a service providers MPLS network. See output below:
Router1#ping ip 10.252.0.18 df-bit size 1500
[Code]...
When I test the mtu of the tunnels I get 1339 bytes, see the output below.
router1#ping ip 10.1.40.133 df-bit size 1340
Type escape sequence to abort.Sending 5, 1340-byte ICMP Echos to 10.1.40.133, timeout is 2 seconds:Packet sent with the DF bit setM.M.MSuccess rate is 0 percent (0/5)
[Code]...
That comes to a total of 1420, which is 80 bytes short of the mtu of the source/destination interface of the tunnel.
how IPSEC VPN works but i hit a stumbling block understanding symmetric encryption keys.Here is my understanding about the process
1.Peers will negotiate plocies
2.Authenticate using pre-shared or certificates
3.Exchange DH Public Keys
4.Using Public keys encrypt symmetric key and exchange the same key which will be useful for communication
5.maintain sessions
But when we are configuring we will define encryption keys in isakmp phase and ipsec transform set ,i thought we will use the same encryption key for both management and data communication in fact i thought management phase is to give us a securely exchanged encryption key for the data tunnel.But we can use 2 different encryption keys in 2 phase i am bit confused.
I have 2 Cisco 2811 routers that are installed in different locations. I set up a tunnel connection between the two routers.
[code]...
I would like to know if I have only using IKEV2 to connect site to site VPN with Cisco 5505 device to connect few site. Which encryption method is better to choose with faster and stable IPsec encryption proposal,AES256, AES192, AES, 3DES, DES ?? which one is the best in IKEV2 site to site VPN tunnel?
View 4 Replies View RelatedIs there any risk to install an HWIC-2FE card into a production 3845 router while it is in a powered up state? Is it recommended to power it down first, then install it?
View 3 Replies View RelatedWe had a fan fail on our 3845 edge router. No big deal; the other two fans kept the temperature easily within spec, and the module is a two minute hot swap. I opened a ticket, they sent me a replacement. Simple. (In fact, the router install docs note that the fans are essentially a "consumable" part, and will fail within a few years, depending on how hot and dusty your environment is.)
The fan module is actually the whole face plate of the router, blue plastic with a steel backing, status LEDs, and the three fans.That is all fine. But, Cisco won't take the failed part back for refurbishment, which in this case would be simply to replace the fans!
The replacement part came with the standard Cisco return packaging: a sticker with an RMA #, a "manual" paper UPS label, and instructions to use their on-line tool [URL]. But, when I entered the RMA number, I got a pop-up saying it was invalid, and I should call Cisco Asset Recovery, whose 800 number is also on the sticker.
They told me that this part is not returnable; that the RMA is only to ID the shipment so they can confirm I got it. They told me to just throw it out. They would not provide a printable return shipping label.
I'd feel bad throwing out even the substantial cardboard and foam packaging of this part, let alone the assembled unit!
Hasn't Cisco heard that there is a general industry movement to cut down on electronic waste? With the removal of six screws, I could swap the failed fan out of this assembly and replace only the fan. I'm glad Cisco didn't ask me to do that level of repair, but I certainly think they should -- I'd assumed that the replacement unit I'd received was a return "refurbished" with new fans.It seems a complete waste to just chuck out this whole thing.
Heck, even the tiny power supply bricks for the Aeronet APs have a little "no trash" sticker on them, with a link to [URL]. Why do they just dispose of router faceplace assemblies when the only issue is a fan that was expected to fail in the first place?
Attached photo shows the 3845 front piece, which is the fan assembly, and the package the replacement came in, which could be used to return this part, and then be reused. For comparison, the little black thing in front is an Aeronet 1131 power module, which has a Cisco Recycles sticker.
I'm trying to set up an IPSec tunnel between 2 3845 routers that each sit in a private LAN behind an ADSL modem. Each modem does have a static public IP address from the ISP.
Thus:
Cisco 3845-1 <-> ADSL modem <-> WAN <-> ADSL modem <-> Cisco 3845-2
3845-1
Gi 0/0 - private ip
l
NAT
[code]....
So I would like to set up IPSEC between the GI 0/0 interfaces on the 3845's.
We want to use cisco 3845 and pick up IPSec, with remote side. But I am afraid that cisco 3845 can't handle 155 Mbits over IPsec. We will buy AIM- VPN/ SSL3 card. Is this sufficient?
View 3 Replies View Relatedi just configured GRE over IPSEC on my Cisco 3745 router with VPN module installed. As soon i hit 25Mbps traffic, my CPU is touching 80%.
What maximum Traffic 3745 with GRE over IPSEC it can support?
Also show process CPU sorted dont show any evidence of which process eating it up.
sh processes cpu sorted
CPU utilization for five seconds: 75%/75%; one minute: 77%; five minutes: 78%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
[Code].....
We have 7606 router without any ipsec module on it,so i check the ios and it has all commands in interface tunnel for configuring the dmvpn multipoint tunnel and also protection profile for ipsec! so i have this question: do we can run dmvpn between this router and our wan routers wich are 3845.
View 2 Replies View RelatedNeed to remove the IPSec VPN SPA module from the 6509 chassis. Does the module is hot swappable or does the 6509 need to be turned off prior to removal.
View 2 Replies View RelatedCan i know cisco 2800 router can support how many site-to-site ipsec tunnel without vpn module?
View 2 Replies View RelatedIs there any physical or technical diferrences between PWR-3845 AC/2 and PWR-3845 AC? We are trying to order replacement parts and wondering if PWR-3845 AC is for one power supply and AC/2 means you get two with one order?
View 1 Replies View RelatedIs there any physical or technical diferrences between PWR-3845 AC/2 and PWR-3845 AC? We are trying to order replacement parts and if PWR-3845 AC is for one power supply and AC/2 means you get two with one order.
View 1 Replies View RelatedI tried any type of combination and just couldn't make it works. Only PPTP works well. Whether Apple iOS IPSec VPN is supported or not?
View 11 Replies View RelatedWhere can i find my wep encryption key?
View 1 Replies View RelatedIs it possible to have a 64 bit and 128 bit encryption key activated on the same router at the same time - one for laptop and one for wireless printer
View 1 Replies View RelatedI need to locate my encryption key.
View 1 Replies View RelatedIs 3DES on ISAKMP considered to be secured for your average site (other options are AES/DES)? I'd imagine AES should be much stronger but what about DES, is that considered adequate or broken? Is there any proof of concept attack against 3DES on ISAKMP (or ISAKMP in general)?
View 2 Replies View RelatedA wlan on my controller is configured for WPA2, AES encryption and a PSK. A vendor will supply me with a wireless device for this wlan. The vendor asks if we use AES 128 or AES 256. I had always believed we use AES256 but I can't verify this. How can I verify this to the vendor?
View 1 Replies View RelatedI have a Cisco 877 router and I configured it to act as a VPN server, supporting both PPTP and L2TP VPNs. I can succesfully connect to it from Windows computers using the built-in VPN software.There is only one problem: when using a PPTP VPN, encryption doesn't work. If I configure the client to require encryption (default setting), the connection fails with an error about the remote endpoint not supporting it. If I remove the encryption requirement, the connection succeeds. I've also tried tweaking the encryption settings (40/128 bits), but this didn't work either. [code]
The router's IOS version is 15, and it fully supports encryption. The strangest thing is, encryption is actually required in the router config; but not only the router doesn't seem to offer it... it also accepts unencrypted connections, which it shouldn't. It's like the ppp encrypt mppe auto required command is completely ignored.
I've some VPN encryption method questions.Is it recommended to use different encryption algorithms for both VPN phases (phase 1 and phase 2)?I’ve read once that it is much secure to use different encryption algorithms for each phase.In my opinion, I would go for the AES256 algorithm in both phases. But maybe it is a better idea to use AES128 or AES192 in the first phase and AES-256 in the second phase… I don't know.After saying this, I’m also wondering about the best VPN encryption setup for a site-to-site VPN (IKEv2) when using a Cisco ASA like the 5510, 5520 or the 5515.Which encryption method is recommended for phase 1 and phase 2Which PFS / DH-group should be used (considering CPU load and security)
View 2 Replies View Relatedthe guy who set the key for WPA-PSK and another one for WEP left... Anyway we can figure out what the key was?
View 5 Replies View RelatedI have two cisco airenet 1252 autonamous access point that are configured as point to point bridge. Now I want to confiure AES encryption or WPA2 using a pre-shared key however I do not see the option to do this . The only option I see under ciphers are:
wep 128
wep 40
TKIP
[Code].....
Is it possible to use either AES or WPA2 using a pre-shared key on the 1252 autonamous access point? preferably using the web interface.
Due to network security audit we are interesded in encryption algorithm used for authentication of administrator and operators in Starent Networks ST40 Intelligent Mobile Gateway. To be more clearly, we need to know what type of hash is used for password storing when "showsecrets" command is omitted.
View 2 Replies View RelatedI have a Cisco 877 router at home, and I'm trying to configure it to act as a VPN server in order to be able to connect to my home network when I'm outside; I want it to work with standard Microsoft VPN client software (which supports PPTP and L2TP).
This is the output of the "show version" command:
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 15.0(1)M, RELEASE SOFTWARE (fc2)Technical Support: [URL] Copyright (c) 1986-2009 by Cisco Systems, Inc.Compiled Wed 30-Sep-09 08:42 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)YI6, RELEASE SOFTWARE
The router has quite a basic setup: a single username with privilege level 15, a single VLAN comprising all four Ethernet ports, an ADSL connection to my ISP, an internal IP address of 192.168.42.1/24, an external IP address assigned by my ISP, NAT enabled.
This is my current configuration (stripped of non-relevant or private information):
service password-encryption
aaa new-model
aaa authentication login default local aaa authorization console aaa authorization exec default local
aaa session-id common
[Code]...
I want to change my encrytion password-How do I do it?
View 2 Replies View RelatedI have laptop, mac and xbox 360 all working, just got ps3 and cannot connect it, cannot find wep key for wifi 12 hours plus trying to get this done.
View 2 Replies View RelatedHow do I change my wi-fi password?
View 2 Replies View Relatedattempting to connect a blu-ray player and it asks for encryption key for the network.
View 1 Replies View RelatedI can't find information about two features in 1524PS and 1552E/EU:
1. Does it have WEP encryption ?
2. Does it have SNMPv3 protocol for monitoring and remote managing ?
I guess, that software is similar in both, so answer will be the same in 1524PS and 1552E/EU.
How to confirm this features in 1524PS ?