In my network we have 2 ISPs connections 2mbps from different service providers are terminated in two different routers (Cisco 3845).Now i want to achive if one router fails(ISP down) next router has to up and if both the links is up i need to achive load balance for both the routers(ISPS).i need 100% uptime.
How can I configure the routers, any examples to achieve the HW failover.
I have an issue with configuring the VPN Stateful failover between two cisco routers 3845. The stateful HA is not up.
Below is the topology
Configuration on HA-1
interface GigabitEthernet0/0
ip address 194.170.9.183 255.255.255.240
ip accounting output-packets
duplex auto
speed auto
[code]....
Below is the config has done on my 881g but the dual NAT failover is not working.I have a easy vpn over NAT (easy vpn firewall: 10.10.10.2 behind the router).
1. After completed the config, I shut down the FastEthernet4, cleared the nat translations, found that nat translations are happening on to Cellular0 with error ( Incomplete ESP translations: 0 esp_conn=0x85A91FF0, hanging off nat entry 0x85A7D1D0)But still the easy vpn is not up as I am not able to ping the remote devices.
2. If I reboot the router then the nat translations are happening with no above error and easy vpn is up and I am able to ping the remote servers. Below is the config, what needs to be done to achieve the NAT failover and easy VPN up.
interface FastEthernet4 bandwidth 2048 ip address 206.206.206.2 255.255.255.240 ip flow ingress ip nat outside ip virtual-reassembly duplex auto speed auto interface Cellular0 ip address negotiated ip nat outside ip virtual-reassembly encapsulation ppp dialer in-band dialer string gsm dialer-group 1 async mode interactive ppp chap hostname. [code]
What I currently have is a Cisco 891W Router as well as two ISP's (both with dynamic IP's) in. I'm currently just running one of my modems into the 891 through the FE8 port and then if for some reason I have an internet failure switching the ISP modems. What I'm wondering is if there is a fairly simple way to configure (and attach) both modems to this router and then set it up to handle this failover automatically?
View 1 Replies View RelatedI'm trying to see if I can use both ethernet ports on a 2811 to run hsrp for non-stacked dual switch fail over. Then link the the NM-32A ports to L0, so the remote access server trying to use them can use the l0 ip and failover much faster (it's programming is limited). This is on IOS 12.4(25)f, though we are moving to 15 soon.
View 2 Replies View RelatedWe had an interesting situation after an electrical storm moved through where a few of our dual WAN clients didn't have any Internet connectivity. Generally speaking, they are on a wireless broadband and something like DSL/cable/T1. One customer in particular has a cisco 1941 router setup for dual WAN which tested fine during install (pull either connection, external IP changes dynamically and no difference is noticed by user). Well, this storm knocked the wireless broadband out enough that it wasn't usable, but would respond to pings randomly. Because the wireless is the fastest of the two connections it has a higher priority but because it was down but still responded to some pings, the traffic didn't go through the DSL that didn't go down. how to make the dual WAN more reliable in these partial-down situations? I thought about playing with the network service detection (we have a customer on an RV042 who experienced the same problem) but am not real sure what I could change that would make the connection more reliable, especially on the 1941 router.
View 1 Replies View RelatedI am having a hard time getting tunnel fail over working. My setup is illustrated below:
I derive my default route on the border routers. The 6513 peers with the 7206's using BGP to get the default route from each ISP into the core. On the core I use BGP weighting to get my primary default to point to ISP1. So far so good. When I look at my core I see to defaults with ISP1 preferred.
Each ASA has an IP Sec tunnel to the head end site configured (Not shown). The head end site has a crypto map entry with ISP1 and ISP2 defined (in that order) using the "set peer" command.
Fail over works great if an ISP drops the connection or my 7206 or ASA fails, but... While testing fail over I had an issue where both tunnels would be active and there were issues with traffic between sites. I could not determine the root cause. I can only guess that some traffic was going out one tunnel and when trying to come back across the other tunnel was dropped from the firewall because there was no connection built for it. After reading I found that in order to use multiple peers in the "set peer" statement, I needed to configure my head end as "originate-only". I have not done this yet as I have concerns. If the head end site is "originate-only" and the tunnel, for whatever reason drops, I cannot wait for interesting traffic at the head end site bound for this site to bring up the tunnel as most of the traffic originates at this site.
I have been reading about IKE keep alives and DPD but that doesn't sound like it will re-initiate the tunnel. Is this correct? If so I'm looking for a way to make this work.
I have a 1921 router with two wan interface configured, one is primary and the other is standby or backup in case the primary goes down, I was able to configure links to failover from primary to backup once there primary is down, but how do I configure to make sure when primary is up it failbak to to it. [code]
View 3 Replies View RelatedI am putting together a solution for a client. The client has an MPLS circuit and internet as a backup circuit. I understand that we can do WAN failover using ASA5510 appliance.Now, if i am adding dual ASA5510 active/standby mode, How do i automatically failover WAN circuits to standby firewall if both MPLS and Internet circuits are connecting to primary ASA5510. Should i connect MPLS circuit to ASA1 and Internet circuit to ASA2? Ideally, i want both circuits to connect to primary ASA5510 for automatic WAN failover. My concern is , if the primary ASA5510 fails which has WAN and Internet circuits connected , do i need to manually switch connection from primary to standy? The goal is to fully automate wan failover and asa failover .
View 5 Replies View RelatedWe have purchased a Cisco 1921 with twin ADSL after advice from a Cisco sales rep. However I am having trouble working out the load balancing/fail over config for the device.
I would like traffic to balance over both ADSL lines and if one goes down not to interrupt connectivity.
I had a look at ppp multilink but I am unsure our ISP (BT) support this?
!! Last configuration change at 13:18:34 UTC Tue Mar 29 2011!version 15.0service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname xxxxxx
[Code]......
I have a two fiber connection from our Central Office(6513) to Remote office (6509). I have a requirement that on the remote office if one of the fiber goes down, the second fiber should work as a failover. I am planning to use SUP720-3B SFP to connect to the CO.
Can I connet one fiber to Sup720-3b G5/1 & another fiber connection to G5/2? or Can I connet one fiber to Sup720-3b G5/1 & another fiber connection to G6/2? I am running EIGRP between sites. Any sample config.
sup-bootflash:s72033-pk9sv-mz.122-18.SXD7b.bin"
I have an ASA5520 in location A with an ISP connection and a matching ASA5520 in location B with a separate ISP connection. We have fiber connecting the two locations and vlans passing back and forth so I will be able to configure the failover via a vlan as well as extend the ISP's to each location via vlans. The Active/Active configuration with the multiple security contexts does not seem to be an issue but how is a redundant ISP configured in this mode?We want to have context A using the ASA in location A with ISP1 as the primary and failing over to ISP 2 in locaiton B We also want to have context B using the ASA in location B with ISP 2 as the primary and failing over to ISP1 in location A Would route tracking provide the desired result? Is there a better option?
View 1 Replies View RelatedIs there any physical or technical diferrences between PWR-3845 AC/2 and PWR-3845 AC? We are trying to order replacement parts and wondering if PWR-3845 AC is for one power supply and AC/2 means you get two with one order?
View 1 Replies View RelatedIs there any physical or technical diferrences between PWR-3845 AC/2 and PWR-3845 AC? We are trying to order replacement parts and if PWR-3845 AC is for one power supply and AC/2 means you get two with one order.
View 1 Replies View RelatedI would like to make a design with 4 Nexus 5596UP. 2 of them equipped with Layer 3 Expansion Module so they can serve as core layer and the other 2 Nexus used as Layer 2 for aggregation server layer.The 2 Nexus in the core layer will run HSRP and will peer with ISP via BGP for Internet connection The 2 Nexus in the aggregation layer will be configured as layer 2 device and have FEX and switches connected to them.What I am ensure of is how the vpc and port-channel configuration should look like between the 4 nexus. What I was thinking is to run vpc between the 2 Nexus in the aggregation layer and between the 2 Nexus in the core layer. Than I was thinking of connecting each Nexus in the aggragtion layer to both Nexus in the core layer using port-channel and vice-versa.
View 3 Replies View Relatedhow to change our wireless setup. Currently, we have 2 Cisco AiroNet 1130 WAP's in the office that go directly into the 2 POE ports on our Cisco ASA 5500. These WAP's have 1 SSID and are using WEP for security. After demonstrating the flaws of WEP to my boss, he has agreed that we should use something more secure and I've suggested WPA. We want visitors to our office to be able to hop on our wireless but on a separate guest SSID with WEP.
I'd like the internal SSID to route to the ASA and take the default route to the internet (it will be our new fiber connection once it's installed in a couple weeks). The default route is whichever connection is working since our ASA 5500 will fail over when it detects an outage.
I'd like the guest SSID to route to the ASA and then go over our existing cable connection. This connection will be our backup once the fiber connection is installed. Since we won't be using it very often, but will be paying for it, I advised that we send all guest wireless traffic over this connection since 50/5 is plenty for guests.
The current SSID (which will be the internal SSID) has no VLAN. We do currently have a few VLANS on our network, one for voice (.42) and one for data (.100) and the default (.0). What device to I create the VLAN on (Cisco 5500?) and how to I setup the WAP? I need very basic instructions to start and I'm also trying to do this without causing downtime if possible.
I've attached a diagram of what it should look like. Red indicates our internal network and Blue indicates the guest network. I can send screenshots as well.
I wanted to ask a question about the diagram I have included. We are bringing up 2 MPLS WAN connections and would like some specifics on the best design. We are using BGP to the providers. From there we have big questions. We can run BGP internal and are licensed to do so on the N5K's. The N5Ks are currently using HSRP for inside LAN clients as default gateway. We want to load balance and provide redundant routes using a dynamic approach. Should we use BGP internal utilizing the connections between the routers? Should we use HSRP on the routers? How best to get the routes to the N5K and should we be considering this?
View 5 Replies View RelatedI run 2 RV042 V1 for home and office with Gateway to Gateway VPN connection with single WAN connection in use. Everything works like a charm!
I was even able to create VPN connection with 2 WAN connection on one Router and 1 WAN connection on another with Smart link failover and VPN Tunel Backup.
I got problem though when i tried more complex connection diagram. [URL]
So basically I now have 2 ISP connections on each point with Static IPs and I'd like VPN Connection to be alive for ALL 4 options automatically with failovers (smart links) And tunel backups but i'm not sure if that's ever possible with my equipment.
I have cisco 3845 on my network now its working fine.Now one of my client is asking to they want to connect their network through my router ethernet interface.
now my doubt is 3845 router will support two different gateways.
how can i route their network they have bring new router.
I have 2 x Cisco 3845 each one with a DS3 circuit, both running c3845-spservicesk9-mz.124-15.T3. In each of them I have one pvc provided by my carrier and I received the following info to configure:
vc-class atm ATM
vbr-nrt 44096 44096 1
oam-pvc manage
oam retry 3 10 1
encapsulation aal5mux ip
That worked fine for the first one with the NM-ATM-DS3, however, using NM-1A-T3/E3, it seems that I'm restricted up to 40700 kbps PCR/SCR:
router(config-vc-class)#vbr-nrt ?
I tried to look for some reference but couldn't find... Is there a way I can have a full DS3 with this card?
We have 3845 Router which is using for only Internet connectivity with one ISP(X) Customer has only one Vlan, Public AS number, and Public IP pool.Scenario:User--> L2Access-SW--> L3 (6500) SW--> Firewall (5520) --> IPS--> 3845Router.Now we have another ASR Router, which also has Internet connectivity from another ISP(Y).Now the issue is we would like to use both ISP in active/active scenario.
View 1 Replies View RelatedI have two routers 3845 and HSRP is configured properly. Currently we are using default route to ISP and right now I want to use BGP as I have 3 Public pools and that's why I want to advertise in the public network. How I can configure that in my Router.
View 1 Replies View RelatedI am replacing our core router, which is a very old 7204VXR, with a T3 card in it. We are using it to terminate about 10 point to point T1's. It is also the central gateway for our entire network.
I am planning on replacing it with a 3845, and an NM-1T3/E3 card for my DS3. I think I've got that part worked out.
My real question is concerning future upgrades. We are trying to convert many of these point to point connections to Metro Ethernet, and get rid of the huge DS3 cost. When that happens, I'll probably have a handful of point to point T1's left over (maybe 2-6 of them). So, what I need is a good solution to terminate those 2-6 PTP T1's in my 3845. In the past I have just been using the old WIC-1DSU-T1-V2 cards to terminate my T1's. I am looking for a solution that won't break the bank. I looked at both the HWIC-4T1/E1 and the NM-8CE1T1-PRI cards (which terminate 4 and 8 T1's), but they are like $4,500 and $8,500 respectively. That's way beyond my budget for these. I definitley don't need a card that will do PRI's (DSP's etc.). I just need it to terminate plain old point to point T1's.
So it may be that I'm just looking at the wrong cards. Or maybe the make cards that will go in the back of the 3845 that will house 2, 4 or more WIC slots, and I could just use WIC-1DSU-T1-V2 cards?
I am upgrading from an old 7204VXR to a 3845. I am running a DS3 in the 7200, channelized into 28 point to point T1's. I need to break them all out into individual Serial interfaces on the new 3845, like I have on the 7200, but I don't know the correct commands.
[code]...
I am installing Cisco blank CF upgrades (double the capacity of the CF that came with the router) in Cisco 3845 routers and I cannot get the IOS to load.
Network security requires tftp be disabled, so I am limited to xmodem. Slow, but it works. I know the IOS download is good, because I can load it on the CF that came with the router.
I can install, format and read the new flash. But the download locks up and bombs about 1/3 of the way through.
Note: CF that came with the router was "C" so I used the format flash: command. The new flash reads the same as the old, except that there is no file IOS loaded.
I've never had an issue upgrading an IOS, but this is my first shot at installing on a new CF.
1841 & 3845 router. We send 30 GB data on 100 Mbps link. First time we use 3845 router for sending the data and 47 Min are required to complete the data, during this link utilization was 100%. After that we send same data through 1841 router & 46 Min are required for the same. Only difference in data transfer is CPU Utilization of 1841 router goes 30% & 5 % of 3845 router Can we use 1841 router instead of 3845 router ? .
View 2 Replies View RelatedI have 3845 router where 200 branches are connect. Ho have database server where branch are synch interval period.some of days observation cpu load average 70 % and sometimes it reaches 100 %.yesterday when I give command clear arp then instant cpu load reduce and 20 % yesterday cpu load 12-20 %. Today morning when I give command Cpu proc history then I found cpu load 60 % and at night it was 3 times reaches 100 %. so my question is after clear arp command at least 10 hours cpu utilization 20 % but after that it increase.so for any LAN broadcast it happend ? how i understand cpu high for Broadcasting or anything else.
View 2 Replies View RelatedI have a 3845 Router with three connected interfaces, one to my WAN, one to my LAN and another to my wifi zone. I want to limit the amount of WAN bandwidth the WIFI zone can take to say a max of one third and not restrict WAN bandwidth from the LAN at all.
View 7 Replies View RelatedI have a router 3845 connected to a LAN and other routers and providing internet through a link on an ethernet interface
Gi0/0
LAN connection
GI0/1
WAN connection
fa0/0
Internet connection
I received a syslog message on my cisco 3845 router, what is that message mean. 11 13:36:06.265 UTC: ASSERTION FAILED: file "../les/if_ng_dslsar_tx.c", line 385
View 2 Replies View RelatedI wanted to confirm if the NM-2W is compatible with 3845 (says it is compatible) and 3945.I wanted increase WIC density in these routers to install ISDN HWIC-4B-S/T 4-port ISDN BRI High-Speed WAN Interface Card.However, i am not sure if these cards are compatible on the NM-2W. Is there any other NM* module that can extend WIC density on those routers.
View 1 Replies View RelatedI am using cisco (C3845-ADVIPSERVICESK9-M), Version 12.4(11). some static nat is configured. Now i want to remove all nat and configure again? i am using router# clear ip nat translation * router (conf) # no ip nat ...... but no enty is beign delating. How to detate all nat or single nat?
View 5 Replies View RelatedI am facing a issue on Cisco 3845 router, IOS is :c3845-adventerprisek9-mz.124-22.YB8.bin
I have changed the IOS as well as the Hardware but again the router is restarting. I have put the show tech-support and crash-info in Output interpreter, result is below:
ERROR MESSAGE NOTIFICATIONS (if any)
%PAR-1-FATAL (x): [chars]
Explanation: A parity error has occurred. The problem might be caused either
by a motherboard that has failed or motherboard settings that are incorrectly
set.
[Code].....