Cisco WAN :: 3900 - Getting LAN Network To Communicate With WAN Gateway?
Mar 12, 2013
I have a cisco 3900 integrated services router. I am a little new to the cisco IOS. I am having an issue getting my LAN network to communicate with the WAN gateway. From hosts I can ping the interface IP address but not the gateway. I have used the default route command of IP route 0.0.0.0 0.0.0.0 [wan gateway from ISP] I have already set up NAT, DHCP, I just cant seem to get the internet working, the following is my config.
I have one router and four switch one switch in server mode reset of them all in client mode. Four pc located in native vlan(default) and other 4pc connect in vlan20 now the problem is vlan10 pc cannot communicate with router (192.168.100.1). I try router on stick but I can't assign same ip in sub interface is there any way to access 100.1 ???
I've been tasked with designing a network consisting of 3 separate broadcast domains with each one representing a separate business accross 3 separate floors. None of the companies should be able to communicate with each other.I've been told that the design should only represent the first 3 layers of the OSI model so I'm only looking at Cabling, Switching and Routing.
I don't expect you all to tell me exactly how I should do this, however I just need a starting point. My main issue is with routing. I'm aware that each port on a router represents a broadcast domain so if I use one router, 3 broadcast domains, does that means that none of the domains will be able to communicate with each other? Should I use more than one router or can i get away with one? Also just so you are aware I've been told not to use VLans and each broadcast domain must have its own ip address schema.
I have two ASA 5515 configured in failover (active / standby).I used the ASDM wizard to create connections through ipsec cisco client.Currently users are able to connect but can not do a ping to anywhere inside the network.
The ping request is received from the internal client but the internal client can not communicate with the remote user.The ping fail also directly from the ASA.
When the remote client is connected an entry is added to the routing table:
S 192.168.10.130 255 255 255 255 [1/0] via <ip of the ISP>, "WAN"
as if that IP was reachable directly from the Internet.I tried changing the settings of the NAT but in no way I can make them communicate.The ultimate goal would be to create different users with different access permissions to the LAN and the other subnets in the company.
I have a Cisco2811 SRST/K9 router with a four port FXO that is part of our phone system. It won't ping to anything on the network except for one particular switch. I can ping that switch (but nothing else) and that switch can ping the router and telnet into the router; however, when I plug the router into any other switch on my network, it will still only successfully ping that one switch. It won't ping the switch that it's physically attached to. I can see the router from the switch when I do a Show CDP Neighbor. And I can see the switch when I do a Show CDP Neighbor from the router. But it won't ping. When I do a Show Adjacency from the router, it returns only that one switch. I've tried a Clear ARP on both the switch and the router. I've also compared the config from the router to the config of a working router on the network and everthing looks the same. I can ping anything on my network from these switches - except that router. I even tried changing the default gateway of the router to be the ip address of the switch with which it can successfully communicate.
Implement the procedures required so that machine 1 and machine 2 can communicate statically with one another. Outline the TCP/IP settings to be used on each of the machines and set this machine up accordingly.
Me and my wife just moved into a new apartment and got subscribed to a new broadband provider. They sent us through a cisco router (model no.epc2425) and we created a WPA2-Personel secure network, with encryption type TKIP. I have connected my macbook to it, my iPhone to it, and my wifes samsung netbook (running Windows 7) but I cannot connect my laptop running vista to the internet. I've tried playing around with different network security and could connect to it on WEP but I didn't want to keep it on that and I couldn't connect the net-book. The rest of the security types and encryption types have the same response.The computer connects to the network with an excellent signal, but it is the only computer that cannot connect to the internet through this network. I never had a problem like this with this computer and have tried it on other networks.When I run windows network diagnostics it says 'Cannot communicate with Primary DNS Server (188.8.131.52)'Network diagnostics pinged the remote but did not receive a response.'
When I try to automatically get a new IP setting for network adapter it tries to repair but then says 'there still seems to be a problem with your connection'. Likewise when i click 'reset the network adapter' the repair leads back to cannot communicate with primary DNS server.I have tried a wired connection, router to computer, but as soon as I plug it in I get the message 'Windows has detected and IP address conflict' - and it once again connects to the network but not to the internet.I don't know if this makes any difference, but this is a British computer and I moved to Sweden, obviously using a Swedish ISP..i used to have this problem, you need to set the network adaptor to all automatic, your new cisco router uses uPnP so your IP conflict is probably a result of your unconnected laptop trying to connect to the same IP address as another PC on your network (eg/ 192.168.0.5 would be used by your iPhone, but your laptop has reserved that IP address for itself), to fix this, go to network and sharing center, navigate to adaptor settings on the left pane, right click the wireless card and choose properties>IPv4 properties, set everything to automatic, including all things in other tabs and click advanced and make sure DHCP is enabled on that card.Then reboot and try again.''I had a look at the wireless card (it's Atheros AR5007EG Wireless Network Adapter) and on the IPv4 properties it's already on 'obtain and IP address automatically & obtain DNS server automatically' as well as 'automatic private IP address' in one of the tabs.
I have some simple rules on 2 extended lists:ip access-list extended FWINpermit tcp any host 184.108.40.206 eq ftp-data ftp 22 www 443 516 666 671 672 2222permit tcp any host 220.127.116.11 eq 4500 8008 8443permit tcp any host 18.104.22.168 range 5900 5950permit tcp any host 22.214.171.124 range 33434 33550permit tcp any host 126.96.36.199 eq ftp-data ftp 22 www 1935 2195 3306 8888permit tcp any host 188.8.131.52 range 8080 8090permit tcp any host 184.108.40.206 range 33434 33550ip access-list extended FWOUTpermit tcp host 220.127.116.11 any eq ftp-data ftp 22 www 443 516 666 671 672 2222permit tcp host 18.104.22.168 any eq 4500 8008 8443permit tcp host 22.214.171.124 any range 5900 5950,The issue is that 126.96.36.199 can access internet, and 188.8.131.52 can not.Is there a way to troubleshoot 184.108.40.206's connection/packets flow?
The datasheets indicate that the 39xx series ISR G2 routers support AES, but they don't indicate if they handle both AES128 and AES256 in hardware. Via our account manager, we've heard that they only support AES128 in hardware, but not AES256. Given there's no equivalent of an AIM-VPN/SSL-3 module for a 39xx router, this could be a problem for a deployment we're looking at doing.
I can find no document anywhere on cisco.com that confirms that AES256 specifically is supported IN HARDWARE on, say, a 3945E router.
And, if it is supported, are there any performance numbers available for throughput? We're trying to find out if a 3945E is appropriate, or if we need to go with a 7206VXR w/NPE-G2 and VAM2+ module.
I just replaced 2800 router this did not have a VPN hardware accelerator with a 3925 that does have a VPN accelerator built in. I copied the same VPN (ISPEC/ISAKMP) config from the 2800 to the 3925 and it works. Is there something special I have to do to enable the hardware acceleration or is it automatically used for every VPN session?
i have a cisco router (3900 series) and a add on module (4 x 1 Gig port module). For some reason i cant seem to port channel them and cant do routing (can set an ip address on those ports). I can do port channel and routing on on-board ports. Do i have to enable any commands to do this ?
I am setting up a DMVPN between several dozen sites using 2800, 2900 and 3900 series ISRs. The DMVPN Design Guide recommends current 12.4 or 12.4T IOS, but the DG was last updated in July 2008. I cannot seem to find any recommendations newer than this. I'm hoping Cisco or the community can give me an updated recommendation.
I run streaming multicast video cameras on my network. I stumbled upon the command ip multicast rate-limit. When I configured a test setup in my lab (multicast camera source and a few routers) and tried the command it simply did not work. Moreover, when I went to use the command on a 3900 router in my lab, it was not there.
I've been trying to find the right information on Cisco's site, and I'm not having success.
We have a 3900 router that we would like to do authentication via a local userdatabase. We want ssh access and console access using a local user on the router. I've been working on the console piece and everytime I try it, I get prompted for a username, but it is not accepted.
i have a gateway router going to the internet....using public IP addresses on both interfaces. starting on Monday, traffic would suddenly stop flowing from the inside of the network going out, though i can still ping the outside interface , but when I log in to the router I am able to ping to the internet. so its like traffic is not passing from the outside int to the inside int. I have a 3900 router. other thing is, when i restart the router it will work for some time and then just stop again....
Any actual limit on the number of IPSEC SAs that can be negotiated on the crypto module of a 3900 series G2 router? When I issue the command on a 2900 G2,This implies the 2900 series can handle 1800 IPSEC tunnels with an SA used for each direction. All of the documentation and support requests have stated that the crypto module is better than the AIM module in the older series routers but I have been unable to get a concrete answer to the limit.
I am in search of a 1 Gig Ethernet WAN module for 2900, 3900 series router.I want to terminate 230mbps link on this module.I found EHWIC-1GE-SFP-CU option but as per service provider it will not support to 230mbps link.
Am trying to do a dynamic configuration of a 3900 series router (3925 to be precise).For the software and licenses, under the IOS technology Package Licenses, what's the significant of SL-39-DATA-K9 and SL-39-SECNPE-K9? Are they really necessary for the router?
We currently have a single data centre with 2 x 100Mbps internet links from a single ISP. The 2 links are routed and terminate on separate ISP switches/routers with a /30 IP address, the links terminate on 2 Cisco 3900 series routers in the DC. eBGP and iBGP has been configured to provide high availability. We are currently using a private BGP ASN from the ISP and /24 subnet which is routed to the primary 3900 router and to the backup 3900 router in the event of a primary router failure.
We are looking to add a second data centre for DR and we need the /24 to failover over to the DR data centre in the event that the primary DC fails. The second DC will only have a single 100Mbps internet connection as resiliency in DR is not required. I understand how eBGP/iBGP willl be setup and configured for both sites but I would like to know the pros/cons and peoples experiences of using a single ISP to provide internet connectivity for both Data Centres? I understand that I will need a public ASN if I use separate ISPs.
Is using a single ISP for all 3 internet connections acceptable? The circuits will be connected to resilient parts of the ISPs network. If we decide to use a second ISP, would it be recommend to use ISP1 for the Primary and DR data centre primary links and ISP2 for the Primary data centre backup link?
I am looking for the procedure of the router 3900 series failover. I have got two 3900 series router with the same ISO and other interface cards. What are the main things that I should watch ? Does the standby router takes the same ip of active router if the active router fails ? How should I configure it.
I would like to configure the policy base routing (PBR) on router (3900) base on the "specific tcp port" (TCP port 16255) to re-direct the traffic to another FE port.
From cisco web portal, CAT 4500 should support PBR as below:"Policies can be based on IP address, port numbers, or protocols. For a simple policy, use any one of these descriptors; for a complicated policy, use all of them." url...
Does 3900 router has the same features on the PBR? if yes, can it support "source tcp port" and/or "destination TCP port"?
I recently upgraded from a Cisco 3900 series router to a Cisco ASR1k router. Since the upgrade, I have internal clients who claim they cannot connect to external VPNs. These internal clients are behind a NAT that routes a public IP address to a group of clients with private IP addresses.
How can I ensure that all VPN traffic is able to pass through the NAT?
I've got two RV082's connected. Each has a dynamic IP (changes typically every few weeks). I've configured the tunnels on both ends with a local and remote "Remote/Local Security Gateway Type" of "Dynamic IP + Domain Name(FQDN) Authentication".If I look at the VPN Summary tunnel status, it shows an IP address of "mydomain.dyndns.org 0.0.0.0" under the "Remote Gateway" column heading. The Tunnel Test "Connect" button is N/A.I can resolve both of the mydomain.dyndns.org entries on both sides of each VPN using the Diagnostic DNS lookup tool within each router. If I hardwire a fixed IP address for the Local and Remote Gateway everything works just fine. VPN is good.
I just can't seem to get the "mydomain.dyndns.org" function to work. It appears the router can't resolve the dynamic IP from the domain names on each of the routers.
I replace our aging rv082 routers with wireless rv220w routers. The gateway to gateway vpn works great, however I am no longer able to manage our print servers port 80 management page. I can ping any host with success, and I can manage hosts that have a port 10000 or 8000 web interface - but no port 80 ones... I had no issues when using the old rv082 routers...
I picked up a pair of RV220W's and before I spent loads of time at a remote site, I figured I'd go through some VPN testing at home to make sure I could get it setup properly. What this means is I've plugged the Internet uplink into a switch, then from the switch into both routers & configured them (using unique static IP's for each) from there. For what its worth: While I have some IT experience, I don't have strong networking experience.
I setup several VLAN's on the local RV220W, and the end result is to make it so that an asset at the remote site with an IP in any of the ranges (192.168.121.0/24, 192.168.131.0/24, 192.168.141.0/24 and any future VLANs) can communicate with/access resouces at the local site. Likewise, an asset at the local site with an IP in any of the ranges (.121, .131, .141 + any future VLANs) should be able to reach the remote resources (currently just 192.168.181.0/24, but future VLANs as well).
This evening I tried to focus on the relevant VPN pages of the Administration Guide to get the VPN up. Leaving the defaults I got as far as establishing a link between both sites and it seems that things are working right: From the remote site (.181) I can access the local site (.121, .131, .141); and from the local site I can at least ping resources (a laptop) on the remote site. (Yay!)
However, when I physically connected an asset that had a 192.168.121.X, 192.168.131.X and 192.168.141.X IP addresses to the remote RV220W (which is 192.168.181.0/24), I couldn't see it from the remote or local sites.I assume this is expected. But I'm reaching out to the community to see what other possibilities might be available becuase networking is a weak area for me. I figured it might be something like a Static [or Dynamic] Route but I really am not 100% sure.
Local Router LAN/WAN Settings: LAN IP: 192.168.121.1 on default VLAN (1) VLAN 13 defined 192.168.131.1 with DHCP enabled; Reservations created outside of DHCP scope VLAN 14 defined 192.168.141.1 with DHCP enabled, Reservations created outside of DHCP scope Inter VLAN Routing enabled for all VLANs