Cisco WAN :: 3900 The Actual Limit On The Number Of IPSEC
Nov 16, 2010
Any actual limit on the number of IPSEC SAs that can be negotiated on the crypto module of a 3900 series G2 router? When I issue the command on a 2900 G2,This implies the 2900 series can handle 1800 IPSEC tunnels with an SA used for each direction. All of the documentation and support requests have stated that the crypto module is better than the AIM module in the older series routers but I have been unable to get a concrete answer to the limit.
View 21 Replies
ADVERTISEMENT
May 18, 2011
I have a hub and spoke network with over 100 remote sites that connect to me via ipsec vpn. One of these locations, the only one using FIOS coincidently, is initiating 200+ tunnels back to my side which is causing saturation issues on my DS3. (I can post config if requested), and how can I limit the number of active tunnels it's establishing?
View 1 Replies
View Related
Nov 16, 2011
how can i discover product actual part number from the device through console.I have a bought a cisco ASA5540-AIP20-K9 and i want to check either is the product is shipped us as a right product.And i want to check total BoM requriements from entering the ASA console through any CLI Command.Below My Cisco ASA BoM which i purchased.
ASA5540-AIP20-K9ASA 5540 Appliance w/ AIP-SSM-20, SW, HA, 4GE+1FE, 3DES/AES1CAB-ACUAC Power Cord (UK), C13, BS 1363, 2.5m1SF-ASA-8.3-K8ASA 5500 Series Software v8.31SF-ASA-AIP-7.0-K9ASA 5500 Series AIP Sofware 7.0 for Security Service Modules1ASA-VPN-CLNT-K9Cisco VPN Client Software (Windows, Solaris, Linux, Mac)1Included: ASA5540-VPN-PRASA 5540 VPN Premium 5000 IPsec User License (7.0 Only)1Included: ASA5500-ENCR-K9ASA 5500 Strong Encryption License (3DES/AES)1Included: ASA-AIP-20-INC-K9ASA 5500 AIP Security Services Module-20 included w/ bundles1Included: ASA-180W-PWR-ACASA 180W AC Power Supply1Included: ASA-ANYCONN-CSD-K9ASA 5500 AnyConnect Client + Cisco Security Desktop Software1CON-SU1-AS4A20K9IPS SVC, AR NBD ASA5540 w AIP-SSM-20,4GE + 1FE,3DES/AES1
View 6 Replies
View Related
Feb 16, 2012
I run streaming multicast video cameras on my network. I stumbled upon the command ip multicast rate-limit. When I configured a test setup in my lab (multicast camera source and a few routers) and tried the command it simply did not work. Moreover, when I went to use the command on a 3900 router in my lab, it was not there.
I take it this command has been deprecated?
View 3 Replies
View Related
Jul 30, 2011
How many ipsec tunnels are supported in Cisco 3900 routers(with & without the hardware processors)?How much is the throughput of the 3900 routers?
View 1 Replies
View Related
Feb 20, 2013
I have 25 APs 1141 located in ten floor building and connected to WLC 5508 ver 7.4.100.0. After upgrade from wcl 7.0.116.0 few clients start to complain that there are affected by periodic disconnection from wirreless network. It happens twice an hour. In WLC log I noticed some errors on almost every AP:AP with MAC: c4:0a:yy:yy:zz:xx(AP1) radio 0: Associated Clients falls below max limit number:200. Failure Cause:Clear Maximum Client Limit Reached in WLAN..What does it exactly mean? I have no limit per WLAN (it is set to 0), but in WLC 7.4 i must put some limit for numbers of clients per AP and the max is 200. It is not possible that i have 200 users connected to one AP as in 10 floors there are like 150 users maybe. Number of all connected clients right now is 120.
View 7 Replies
View Related
Feb 28, 2012
Is it possible to configure WLC so that only one user can connect to wireless network at a time with one login? We have WLC5508 (7.2.103.0) web authentication with LDAP (Active Directory).
View 2 Replies
View Related
Nov 15, 2011
a number of vlan on trunk is 4096, can I limit this number? I need trunk pass only 10 vlans.
View 1 Replies
View Related
May 2, 2012
I am trying to replace a 1751 IPSec VPN that connects a single LAN behind the 1751 to ~45 remote networks behind a single peer. There are a small number of workstations (~50) and low throughput (< 1MBps) across this VPN, the biggest trouble is the number of remote networks needed.
I have tried to connect an ASA5505 Security Plus in place of the 1751 and am able to get Phase 1 and Phase 2 up, except I don't get all of my ipsec sa's and can only pass traffic to some of the remote networks. Does the 25 IPSec limit apply to multiple sa's one one peer, I've only ever seen it spoken of as a 25 peer limit?
View 4 Replies
View Related
Nov 22, 2012
Is there anyway to limit a user's traffic volume on ASA8.4? if there is, how?
View 3 Replies
View Related
Apr 14, 2011
I have several questions:
1. what are the actual functions/roles of a router firmware? Does the firmware work at routing or forwarding?
2. does the firmware automatically processes data? or...can he do that?
3. if a person connects to the internet through the router...does he came in contact with the firmware functions?
4. is the firmware accessed only when the user enters the configuration panel of the router?
View 6 Replies
View Related
Apr 7, 2012
I'm having what's probably one of the strangest computer problems I've ever dealt with. The computer I have set up as my media server (Running Windows 7 Home Premium 64 bit) is randomly losing network/internet communication. Now, I say communication and not connectivity, because I can still ping it from other computers on my network and I can still ping websites from it (via IP address or name so it doesn't appear to be a DNS problem). But I can't pull up any actual webpages when this problem is going on and none of my media services will connect to the PC. I can't even pull up my routers admin page from the PC while this problem is going on (but I CAN ping the router).
View 1 Replies
View Related
Jan 9, 2012
I'm currently in the process of doing a bandwidth analysis on 2 WAN links at my current HQ / remote sites. The topology is pretty straightforward, two 3845 routers at HQ, and two 3845 routers at my remote site, both with P2P DS3 interfaces between them. From each router we then connect directly into a 6509 at the HQ, and a 4506 at my remote site where we are using equal cost load sharing (EIGRP) to split the load / give us redundancy between the sites.
I'm just looking for a good test for how well the circuits are performing. I've done some basic file transfer tests, but they're only showing about 4MBPS, which seems quite slow. I also know that this isn't a true measurement because there are amny different factors involved, like hard drive write speeds, network congestion, etc, that may influence the test.
View 15 Replies
View Related
Mar 26, 2011
I have some tunnels which terminate to my home router. I'm allowing the other ends of the tunnels to use my voice setup. I need to prepend *67 to all called numbers which don't originate from my house. I don't want people calling my home number based on the caller-id number they see when someone across one of the tunnels calls.
So if 5008 calls 212-333-4444 I want it sent to my provider as *672123334444. If 5001 calls a number, I don't want it touched. Can I do this? I can use IOS or CUCM here.
View 13 Replies
View Related
Feb 12, 2013
Lets say i have 2 3750 switches stacked via backend stack cables. Now if a packet needs to go from 1 switch in the stack to second switch in the stack, will it travel via stack cable or do we need to connect both switches via uplink ports (ethernet or sfp). I tried reading datasheet but it no wheres mention the actual frame path between switches in stack.
View 3 Replies
View Related
Mar 3, 2013
I have a 5520 in production at a customer's site between an outside 802.11 network and an inside server. The server can get to outside hosts OK, and the traffic is being NATed properly, and sockets initiated by the server on the inside can pass data both ways, but I need to allow outside hosts the ability to send 'announcement' UDP packets to the inside server. I thought this might be an outside-NAT-required issue to get the traffic routed, but I need the inside server to see the actual outside host source IP in the UDP packet, so I basically set the outside host up similar to the inside host, just without the NAT table on the firewall -- it's subnet is outside the destination (inside server) subnet, and its gateway is the outside interface of the ASA, the same way the inside server is able to get to hosts outside. The firewall should just route the packet with a destination of the inside subnet once it sees that it hits a 'permit' ACL.
I have the appropriate ACL's set up, and when I do 'show access-list' I see policy hits for the 'permit' statements where the outside host is generating the announcement and it's hitting the ACL. I even duplicated the ACL into list 101 and 102, and applied 101 for inbound traffic on the outside int, and applied 102 for outbound traffic on the inside int, and I'm seeing policy hits on both permit statements outside and inside, so it looks like the traffic is being passed on to the inside interface and permitted, but the server isn't seeing the packets.
I can ping the outside interface from the outside, but cannot ping the inside interface or any inside hosts from the outside, even though I have 'permit icmp any any' enabled on the ACL on both ints. When I remove the firewall and put the outside clients on the same subnet, the server sees the packets just fine.
I set up the same scenario in my lab with an ASA 5505, with the same results. Below is the running config from the 5505 in the lab. The production firewall is running a slightly older version of ASA, so I made the configuration as basic as possible on the 5505 to match the config in the field:
: Saved
:
ASA Version 8.3(1)
!
hostname ciscoasa
enable password Guh9Xxhb9mcC8lV1 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan2
description Outside WAN Interface
nameif outside
security-level 0
ip address 192.168.10.1 255.255.255.0
!
interface Vlan3
description Inside LAN Interface
nameif inside(code)
View 6 Replies
View Related
Apr 5, 2013
Region : Argentina
Model : TL-WR740N
Hardware Version : V4
Firmware Version :
ISP :
Region : UnitedStates
Model : TL-WR702N
Hardware Version : V1
Firmware Version :
ISP :
I know that the 150Mps is peak speed. I wonder how to test the actual through speed of the router. Like what average speed do I get for 10 minutes of continuos streaming Speedtest.net is not useful because is just giving me the ISP speed instead of the router speed
View 1 Replies
View Related
May 2, 2011
Soon my town will be getting fiber to the home, so I've already upgraded my home network to handle this. One of the changes is that I'll no longer use my powerline adapters to stream video, but to transfer the IPTV data. For streaming I wanted to switch to Wifi, so I bought the E4200 and compatible adapters and bridges (see subject).The powerline adapters have a bandwidth of 200Mbps, of which I get an actual 120. This works fine except for full 1080p, that stutters. The E4200 has a maximum of 450Mbps, but the adapters and bridge only do 300, but that should be sufficient. So after replugging my network, I tested it last night by playing a 350MB 45 minute episode of a TV series... And it stuttered!
Doing the math, that would mean the connection was less that 1Mbps! The WUSB600N and E3200 were (direct line) about 4 meters apart, separated by a concrete floor. What is the best way to measure the actual connection speed?And more important; since the E3200 does both 2.4GHz and 5GHz, how can I tell which band the adapter is using? I want to use the 5Ghz band, since that is fairly empty compared to the 2.4Ghz. However, I've configured both with the same ID, as the E4200 manual instructs, but I think it may be better to separate them?
View 6 Replies
View Related
Nov 8, 2012
I have 2 cisco Aironet 1252 setup as a point to point link using an external antenna (one radio is setup as the root bridge the other is setup as the non-root bridge). Now I see that the connection between the radios is established at a speed of 54 Mbps. However when I perform a speedtest on the link I see that the my actual download speed does not exceed the 2,5 Mbps. what can cause my actual speed to be far lower than the 54 Mbps? And what can I do to improve it?
View 16 Replies
View Related
Oct 28, 2012
I am planning to buy a router for my hotel and I would like to know is it possible to limit the bandwidth limit to the guests? And the admin computer can utilize the maximum speed? it it possible to create a login page paper when some one enters my wifi connection?
View 7 Replies
View Related
Dec 26, 2011
I have some simple rules on 2 extended lists:ip access-list extended FWINpermit tcp any host 192.36.86.231 eq ftp-data ftp 22 www 443 516 666 671 672 2222permit tcp any host 192.36.86.231 eq 4500 8008 8443permit tcp any host 192.36.86.231 range 5900 5950permit tcp any host 192.36.86.231 range 33434 33550permit tcp any host 192.36.86.241 eq ftp-data ftp 22 www 1935 2195 3306 8888permit tcp any host 192.36.86.241 range 8080 8090permit tcp any host 192.36.86.241 range 33434 33550ip access-list extended FWOUTpermit tcp host 192.36.86.231 any eq ftp-data ftp 22 www 443 516 666 671 672 2222permit tcp host 192.36.86.231 any eq 4500 8008 8443permit tcp host 192.36.86.231 any range 5900 5950,The issue is that 192.36.86.231 can access internet, and 192.36.86.241 can not.Is there a way to troubleshoot 192.36.86.241's connection/packets flow?
View 1 Replies
View Related
Oct 9, 2012
Wat will be the default memory and hard disk for SM-SRE-710-K9 and wat will be the maximum support for this module.
View 1 Replies
View Related
Oct 31, 2012
need to know the OSPF best design. I have a customer currently running their OSPF only in two area. Area 0 is provider reside and area 1 reside 700 hundred over of router including HQ router and remote branch router connecting to metro-E 10Mbps networks. Is this design have any weakness? Area 1 about 800 hundred router reside in, the HQ model is cisco router 7200 and remote end is cisco router 1841.Let's say they want a solution, for 3G remote router connect back to the HQ using Lease line with a fixed IP. Using DMVPN and OSPF communicating back to HQ. What should we aware when designing and implementing for the OSPF best practice. They have 700 hundred over remote branch need to terminate back to their HQ. I read cisco recommend an area should not be more than 50 router and per-area no more than 28 area.
View 4 Replies
View Related
Jun 20, 2012
provide my some (official) info regarding the MBTF for the C2900 and C3900 routers (2911 and 3945)? This info is currently not part of the data sheets.
View 0 Replies
View Related
May 8, 2011
On my 3900 Router my port seen to be shutting themselves off, they are connected antenna.
View 2 Replies
View Related
Jan 29, 2011
The datasheets indicate that the 39xx series ISR G2 routers support AES, but they don't indicate if they handle both AES128 and AES256 in hardware. Via our account manager, we've heard that they only support AES128 in hardware, but not AES256. Given there's no equivalent of an AIM-VPN/SSL-3 module for a 39xx router, this could be a problem for a deployment we're looking at doing.
I can find no document anywhere on cisco.com that confirms that AES256 specifically is supported IN HARDWARE on, say, a 3945E router.
And, if it is supported, are there any performance numbers available for throughput? We're trying to find out if a 3945E is appropriate, or if we need to go with a 7206VXR w/NPE-G2 and VAM2+ module.
View 3 Replies
View Related
Apr 6, 2011
I just replaced 2800 router this did not have a VPN hardware accelerator with a 3925 that does have a VPN accelerator built in. I copied the same VPN (ISPEC/ISAKMP) config from the 2800 to the 3925 and it works. Is there something special I have to do to enable the hardware acceleration or is it automatically used for every VPN session?
View 1 Replies
View Related
Mar 12, 2013
I have a cisco 3900 integrated services router. I am a little new to the cisco IOS. I am having an issue getting my LAN network to communicate with the WAN gateway. From hosts I can ping the interface IP address but not the gateway. I have used the default route command of IP route 0.0.0.0 0.0.0.0 [wan gateway from ISP] I have already set up NAT, DHCP, I just cant seem to get the internet working, the following is my config.
Code...
View 9 Replies
View Related
Jun 10, 2013
i have a cisco router (3900 series) and a add on module (4 x 1 Gig port module). For some reason i cant seem to port channel them and cant do routing (can set an ip address on those ports). I can do port channel and routing on on-board ports. Do i have to enable any commands to do this ?
View 3 Replies
View Related
Feb 20, 2012
I am trying to configure ISP failover using IP SLA tracking in Cisco 3900 router(C3900-SPE100/K9).
I want to configure below commands:
R1(config)# ip sla 1
R1(config)# icmp-echo 2.2.2.2 source-interface FastEthernet0/0
R1(config)# timeout 1000
[Code].....
configure IP sla static route tracking in Cisco 3900 series router.
View 3 Replies
View Related
Jan 1, 2013
I am setting up a DMVPN between several dozen sites using 2800, 2900 and 3900 series ISRs. The DMVPN Design Guide recommends current 12.4 or 12.4T IOS, but the DG was last updated in July 2008. I cannot seem to find any recommendations newer than this. I'm hoping Cisco or the community can give me an updated recommendation.
View 5 Replies
View Related
Apr 3, 2012
I've been trying to find the right information on Cisco's site, and I'm not having success.
We have a 3900 router that we would like to do authentication via a local userdatabase. We want ssh access and console access using a local user on the router. I've been working on the console piece and everytime I try it, I get prompted for a username, but it is not accepted.
View 2 Replies
View Related
Jun 13, 2013
i have a gateway router going to the internet....using public IP addresses on both interfaces. starting on Monday, traffic would suddenly stop flowing from the inside of the network going out, though i can still ping the outside interface , but when I log in to the router I am able to ping to the internet. so its like traffic is not passing from the outside int to the inside int. I have a 3900 router. other thing is, when i restart the router it will work for some time and then just stop again....
View 6 Replies
View Related
