Cisco WAN :: 3925 Router Not Routing IP Traffic Between Two GB Interfaces?
Jan 14, 2013
We currently installed a 100Mbps fiber line with Ethernet hand-off. I purchased a Cisco 3925 ISR to be the gateway for this connection. I am not going to use it for any security purposes. I have an ASA5520 that will do that work. Right now I am currently just trying to get the router online.
I know the following
Laptop <--->GB 0/1((()))GB0/0<---->Ethern
et handoff from ISP.
I can ping and SSH to the outside interface of the router from outside the network. I can also ping and SSH to the router from the laptop that is directly attached to the routers GB0/1 port. From the Router's CLI I can ping IP addresses on the internet. From the laptop I can not. I can not access the internet through the router though. Here is my config.Building configuration...
Current configuration : 3724 bytes!! Last configuration change at 02:17:03 UTC Tue Jan 15 2013 by ggsis! NVRAM config last updated at 02:09:33 UTC Tue Jan 15 2013 by ggsis! NVRAM config last updated at 02:09:33 UTC Tue Jan 15 2013 by ggsisversion 15.1service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname XXXNAMEXXX!boot-start-markerboot-end-marker!!logging buffered 51200 warningsenable secret 4 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX!no aaa new-modelmemory-size iomem 20!no ipv6 cefip source-routeip cef!!!!!no ip domain lookupip domain name XXXXXXXXXXXXXXDomainXXXXXXXXXXXmultilink bundle-name authenticated!!crypto pki token default removal timeout 0!crypto pki trustpoint TP-self-signed-XXXXXXXXXXXXXXXXenrollment selfsignedsubject-name cn=IOS-Self-Signed-Certificate-XXXXXXXXXXXXXrevocation-check nonersakeypair TP-self-signed-XXXXXXXXXXXXXX!!crypto pki certificate chain TP-self-signed-XXXXXXXXXXXXXXcertificate self-signed
I have a new 3925 router and it came with 1 VWIC3-4MFT-T1/E1 card installed. I added a 2nd one and although it shows up in inventory, the interfaces do not show up in configuration in any form, interface or controllers. I used to just install a card and it would be recognized, is that no longer supported and is it platform specific or IOS specific?
I would like to ask a question about the setup that I'm trying to implement.I've got two WICs, 3G and LTE, in the router, one has its static IP address using 3G network, and another one has negotiated IP address using LTE network.There is no physical circuit/connection coming in to this place.Let say 3G network is (A.A.A.A|Cellular 0/0/0), and LTE network is (Negotiated IP|Cellular 0/1/0).There are two different network coming to the router. Let say they are 10.1.1.0/24, and 10.1.2.0/24,I want to route 10.1.1.0/24 traffic using 3G Network A.A.A.A Cell0/0/0,and route 10.1.2.0/24 traffic using LTE network, Negotiated IP Cell0/1/0. We're talking about only the default routes here.
I have a 2911 router. One interface is configured external (WAN) and two interfaces are configured on separate internal private subnets. What is the configuration to allow all traffic in both directions between the two internal subnets?
I've just started a CCNA course and my lack of knowledge has me a bit stuck. My network is comprised of Cisco components and I'm semi familiar with them just from reading and looking through options. I currently am using a Cisco ASA 5520 on my network and I am trying to join another network via one of the interfaces. My network is 192.168.0.0 255.255.0.0 and my inside interface is 192.168.1.1 255.255.0.0. I enabled a second interface using a static ip of 10.0.0.1 with a subnet of 255.255.255.128. Connected to that interface, I have a Fortigate firewall at 10.0.0.2 255.255.255.128. I can ping just fine from the Fortigate network to the 10.0.0.1 interface on the Cisco ASA 5520 network, but I can not ping the 10.0.0.1 interface (or anything past it) on the ASA 5520 from any computer on the Cisco network. I've read that ACL's and NAT have to be done as well as enabling traffic between interfaces with the same security levels. (both interfaces have security levels of 100 and the option is checked to allow traffic).
Note: each network has it's own internet connection. The connection is to share information on servers on both networks with each other.
I was trying to give the following host name to my 3925 router.Iht comes up with the following error. DRT0(config)#hostname DRT#0 % Hostname contains one or more illegal characters.% Hostname "DRT#0" is not a legal LAT node name, Using "CISCO_000000" DRT#0(config)#
I was trying to enable AutoQoS on my router 3925 GE interfaces, but failed to do so !! But I was able to do so on FE interfaces !! I have Security/K9 and Data/K9 license on this router. Or do I still miss out anything ?? I am on IOS 150-1(M4).
I was able to enable AutoQoS on all my Cisco 2811 and 1841 routers !
I currently have a site to site VPN running connecting a branch office and the Main office using a ASA5510 and ASA 5505. currently PC's at the branch can access the network in the main office using interface 0/1, but we have added another ip range using interface 0/2 and I can't seem to route the traffic to both interfaces. I currently have 0/1 as inside 192.168.10.1 which works, and have added 0/2 as Inside2 192.168.20.1. I know I am forgetting something, any commands to route incoming VPN traffic so PC's at the branch office can connect to both IP ranges?
Our ASA 5520 firewall is running 8.0(4) IOS.I have an internal L2L VPN terminating on my firewall (from an internal remote site) on ENG interface.With the default "sysopt connection permit-vpn" command enabled, VPN traffic is allowed to bypass the ENG interface acl.The security level on the ENG interface is set at 50.The security level on the destination interface PRODUCTION is set at 40.Inbound VPN traffic bypasses ENG interface acl and since higher-to-lower security level allows VPN traffic to flow freely from ENG to PRODUCTION, it seems the only place to check/filter VPN traffic is an ACL placed on the PRODCTTION interface and set at INBOUND (outbound VPN traffic).
I am fairly new to configuring ASA's. I have an ASA 5505 with one outside interface and three inside interfaces (inside1, inside2, and management). I need inside1 and inside2 to be able to talk to eachother but cannot work out how to make this happen. They are both configured to the same security level and the 'Enable traffic between interfaces with same security level' box is ticked. I have also tried adding appropriate NAT and Access rules. The packet tracer suggests the rules are correct for allowing traffic flow between interfaces but obviosly this may not be the case.
I trying to allow traffic between 2 inside interfaces with the same security level. VLAN1 and VLAN15. The are on different physical ports on the ASA. I tried to configure this through the GUI Web interface and checked ' enable traffic between two or more interfaces with the same security levels'. With this ASA version, I do not need NAT to allow this, correct?
When pinging the public IP of ASA F3.2 from the internet a reply is never received because the default route on the 1811 points to ASA F3.1.
How do I get the replies from the 1811 to go back out the same interface from whence it entered ? I am sure the answer is policy-based routing, but not sure how to write the config.
I need to route to sub nets form 2 different ASA interfaces. The ASA also has an outside interface works like gateway for internet access. Here is my configuration:
ASA Version 8.2(1) host name ICE3 names interface Ethernet0/0 name if outside security-level 0 ip address 201.199.xxx.xx 255.255.255.248 [Code]....
I've been trying to figure this one out for quite a while. I currently have 2 inside interfaces (data, phone) and I am moving to 3 inside interfaces (servers, workstations, phones). I have not been able to get any traffic between the interfaces. With the current setup it was not a major problem. With the new setup it will be a major problem.
I'm going nuts with this ASA5505. This is a secondary firewall used only in emergencies when the primary Checkpoint failes.
The basics, it has two trusted interfaces, E0/1 and E0/2-6. E0/1, inside2 has 192.168.01/29 and inside is 192.168.200.1/24. I'd like any traffic to be allowed from inside and inside2 to outside and any traffic from the inside interfaces should be routed. No restrictions should apply between the two interfaces.
inside works just fine but no traffic is going out of inside2, not to outside or to inside.
I have a question regarding the 3925 router. In the past on my old 3660's, in order to add a new line to an ACL, I would have to remove the entire ACL and readd it when adding new ACL lines to the list. Is this required on the 3925's, or is it like the ASA 5520's where you can just add an ACL any 'ol time without having to remove/add the entire ACL list?
I have a an ASA 5520 connected to a Layer 3 (3750) switch (Inside) and a connection to a 2960 switch (Outside) to get to the internet. . I have created vlan interfaces on the 3750 switch and enabled ip routing on the switch to enable the vlans to communicate with each other.
Vlan Interfaces on the switch: Vlan 100 172.17.1 Vlan 200 172.18.1 Vlan 300 192.168.3.1
I want the devices connected to the 3 vlans to be able to pass through the firewall and get out to the internet.I have connected the ASA to the 3750 by routed interfaces (10.10.10.1) --------- (10.10.10.2) and they are able to ping each other.I have also put a default route on the 3750 sending all traffic from the switch to the ASA inside interface (10.10.10.1)The issue that i am having is that the ASA also connects to a 2960 which has a connection to the Internet, and they are handing off an ethernet connection from the 2960 that sits in VLAN 55 (Vlan 55 is the Internet accessible vlan).How do I configure my ASA to send all traffic from my (3) vlans to the interfaces that connects to the 2960 switch?
I have a new Cisco 3925 router. I have 2 network segments 10.0.1.X with net mask 255.255.255.0 and 10.0.2.x woith netmask 255.255.255.0. I have an internet gateway router at 10.0.1.21. I have set GBethernet 0/0 to 10.0.1.1 / 255.255.255.0 and GBethernet 0/1 to 10.0.2.1 / 255.255.255.0. I have set a static route 0.0.0.0 / 0.0.0.0 to 10.0.1.21 for gateway of last resort.
When I setup a workstation on the 10.0.2.X segment at 10.0.2.100 wirh a gateway of 10.0.2.1, I can ping 10.0.2.1 and 10.0.1.1 but can not ping anything else on the 10.0.1.X network or on the internet. When I am connected to the console port on the router I can ping 10.0.1.1 and 10.0.2.1 and 10.0.1.21 and any address in the internet but I can not ping 10.0.2.100.
When I am on a network connected to the 10.0.1.x network af 10.0.1.100 I can ping 10.0.1.1 and 10.0.2.1 and 10.0.1.21 and anywhere on the internet but can not ping 10.0.2.100 or any other address on the 10.0.2.x network other than 10.0.2.1. What Do I need to do on the 3925 to get to all address on each segment and to get to the 10.0.1.21 gateway from the 10.0.2.x addresses?
I just receive a new Cisco 3925 with a etherswitch module 24 port :
SM-ES3G-24-P,I successfully boot the switch module and gain access to it.
I found some documentation on CCO but I don't sorted out this small information :,
Switch#sh cdp neig Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac Relay Device ID Local Intrfce Holdtme Capability Platform Port IDRouter Gig 0/26 143 R S I CISCO3925 Gig 2/0Switch#
The Router is connected to the switch module via a HIMI :
The Cisco enhanced EtherSwitch service modules also provide a physical Gigabit Ethernet serializer/deserializer integrated circuit transceiver (HIMI) interface. In the Cisco 2900 series and Cisco 3900 series routers, the HIMI link on the Cisco enhanced EtherSwitch service modules is connected to the router internal Gigabit Ethernet backplane. This link is used for interconnection between other interface cards or network modules attached to the router Gigabit Ethernet backplane bypassing the router host CPU; thus, increasing CPU performance by decreasing CPU processing.
If I do a sh ip int brief on the switch, I have 26 interface but only 24 are physicaly present on the front.The type of the 0/25 and 0/26 are the same : media type is 1000BaseXThe interface gi 0/26 is up up but the 0/25 is down down.
I just barely put in a Cisco 3925 on our network. I've configured gigabitethernet 0/2 to live on our management VLAN with an IP address of 10.129.0.31/16. I did a "no shut" on the interface. Everything should be ready to allow me to ping and/or SSH to that interface but I can't. It's really weird because I've done this a thousand times (at least on ASAs). I must be missing something. At any rate, the default gateway of the management VLAN is 10.129.0.1. I can ping that from the router. I can also ping that from my laptop (which lives on a completely different VLAN). But I can't ping the router from my laptop or vice versa.
Building configuration...
Current configuration : 1360 bytes ! ! Last configuration change at 19:05:13 UTC Thu Jan 10 2013 !
I am trying to research the possiblity of backing up IOS and configurations from an Etherswitch module, and being able to store the files onto the Host Router's flash (3925 ISR). and then being able to recover that IOS and configuration, in case I have to replace the Etherswitch Module.
I need to bridge 2 subinterfaces; F0/0.301 and F0/0.302 on a single router.The router interfaces with a Cisco 2960 (LAYER-2) switch.QUESTION is, does a Cisco router support bridging on subinterfaces on the same physical interface?Currently this is NOT operational Spaiing-tree on F0/0.301 and F0/0.302 is down, switch side is forwarding for both Vlans.show ip interface brief shows up/down status of F0/0.301, F0/0.301 and BVI6 is down/down?
: SETUP: bridge irb ! ! Interface F0/0 no ip address
I am trying to add WCCP to be configured for websense. My first option seems to be either purchase an IPServices license for the stack of 3750E switches, but i am thinking this will require us to license all three switches in the stack. The second option i am looking at is to do the WCCP configuration on the 2800 router we have on the edge. The problem is both Gig ports are in use, one going to the firewall and the second going to the ISP. My first question would be, which option is better in terms of manging as well as cost of implementing it.The second question is, if WCCP on the router is a better option, what is the add on module i should be looking to get to add the additional ports to hook up the Websense cache.
i have a question about multiple TACACS Groups. I want to archive the following:
A Cisco 888 is managed by me and a Provider Support Team. Since we both want to access our own TACACS Server, i want to create two TACACS Groups. Is it possible to me, to bind a Tacacs Group to one Interface, and the second TACACS Group to another ? Means that our stuff is connecting to the LAN Interface FastEthernet0 that is applied to the SVI in V LAN 1.
The service technicians from the Provider are connecting to the external Interface or through a possible Lo. (another IP). I do not want to mix our 2 TACACS+ Server and theirs together in one Group. So have anybody tried this before ?
I have a 3925 Router with a 48 port switch module (part number SM-D-ES3G-48-P). I have no problem accessing the 3925 Router, but when I go into the 48 port, I get an error that reads
Error Hardware not supported by firmware. Try loading a newer software instead. System Resetting...
I know that the wrong IOS is installed on the switch, but the problem is that this is an endless loop. The switch resets then comes back to the same error. How to get the switch out of this loop so that I can load the correct IOS.
I have a task of setting up bandwidth limit on the 2811 router Fastethernet interfaces.The scenario is:We have a 4MB Internet connection and would like to allocate bandwidth usage to users.
Fastethernet 0/0 needs to be set with 256KB output and 2048 input. This is going to be connected to a wireless router. Fastethernet 0/1 needs to be configured with 2048 output.I could also use SDM if that's easier than using CLI.
I have spend half day to look up this question in cisco official web site, but get nothing . Any infomation about vpn performance of 3925 router?Produce : cisco 3925 ( Cisco 3925 Security Bundle w/SEC license PAK )Question is , how much ipsec vpn tunnels can be carried as a vpn server of this bundle ? if more licenses may be bought, how much most tunnels can be held?
