Cisco WAN :: 7609 Dropping Ping Traffic?
Jun 28, 2011
I have a cisco 7609 running IOS version c7600rsp72043-advipservicesk9-mz.122-33.SRE0a.bin with the following modules..
sh mod
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
3 20 7600 ES+ 7600-ES+20G3CXL
[Code]....
The circuit has been tested as clean , so for the moment we have to assume that it is not a circuit issue We also have another idential 7600 in another POP with similar config that does not display the same problem
View 3 Replies
ADVERTISEMENT
May 25, 2013
vrf ping is not happening between two pe devices in 7609 router having VS-S-2T-10G modules with 15.1 SY1 IOS version? Is there any commands need to add? between pe devides ldp is running properly and ibgp too. I am doubtful about VS-S-2T module.
View 2 Replies
View Related
Feb 24, 2012
The top device of my network is cisco router 7609. There are two part subnet of my network, each part use same device type, same running-configs and same network topple: sw6506(to campus)--->sw3560(to buildings)<--->linksys sr324(to offices). IP addresses for manager vlan is 192.168.1.0/24.Suppose we name two part subnet as A and B. the problem is from 7609 I can telnet to every device of part A quickly, but when telnet to each sw3560 of part B,it responses very slowly. And only sw3560 of part B are response slowly, other devices of part B are ok.If I telnet to linksys sr324 first, then from linksys sr324 telnet to the current sw3560, it's ok.I try to capture packets of manage vlan, but there seems no strange things in it.No users of part B report problems, it seems the network is running well. Compare two sw6506s, the only diffirent thing is, there are "overrun" count at each interface in use of part B's sw6506. Each interface traffic is far less than it's capability, but it's "overun" count still increasing at working hours everyday.
View 1 Replies
View Related
May 5, 2013
I am trying to configure traffic policing on a 7609 with ES20 line card - however it doesn't appear to be working. The customer is randomly getting DoS attacked, and the policy doesn't appear to be dropping any exceed/violate traffic.This is an egress policy on a sub-interface.
View 5 Replies
View Related
Nov 11, 2011
I have FWSM v4.0 installed on Cisco 7609 router and when I want to configure FWSM services on it, VLAN traffic is not passing through the FWSM or not Reaching upto fwsm
View 1 Replies
View Related
May 14, 2013
I have a cisco 2021 router and I configured firewall and Site to site VPN on it, but recently Ism experincing and issue with, I have dropping in the connection and this issue, this make the VPN connection to have a slow performance and some time disconnection.
View 3 Replies
View Related
Sep 3, 2012
I have an issue where my customer is only using the ASA as their firewall. When their internal users try to connect to a partner's site using a 3rd party IPSec solution it seems as if the return NAT-T traffic is being dropped. However when looking at the traffic the udp500 communication goes through, but the 4500 traffic hits the outside interface and then gets dropped.
I used the packet tracer command and the output is set to Allow. Also after initiating the vpn connection I see two udp connections (one for 500 and the other for 4500.
I cleared the asp table drop, and didnt see to see anything, I am waiting on the running config, and the customer is running ASA 8.4.
I used the capture tool on both interfaces (inside using the client ip, outside using the interface ip, both destined to the 3rd party vpn Headend). Here are the screeshots for this.
I went ahead and color coded the ip address. Green is the pre-nat inside Red is the destination for the VPN headend, and Blue is the PAT ip going out.
View 10 Replies
View Related
May 14, 2013
I have following issue with RV220W - the router seems to be dropping parts of traffic coming through it. The unit is brand new, the firewall is turned off, there are about 20 computers and 15 VOIP phones connected to it via Zyxel GS1910-48; all IPs are set to static DHCP records, in the last 3 hours the router rebooted about 3 times, then I turned on the log in. The router is producing insane number of warnings, as you may see from the log attached. I found this thread [URL] but no answer regarding this issue.
Wed May 15 13:03:10 2013(GMT) [rv220w][Kernel][KERNEL] cvm_ipfwd_cache_flow: Failed to allocate flow info buffer
Wed May 15 13:03:10 2013(GMT) [rv220w][Kernel][KERNEL] WARNING:cvmx_ptr_to_phys() passed a NULL pointer
Wed May 15 13:03:10 2013(GMT) [rv220w][Kernel][KERNEL] cvm_ipfwd_cache_flow: Failed to allocate flow info buffer
[Code]....
View 5 Replies
View Related
Dec 29, 2010
We are testing a new 1Gbps WAN circuit between 2 sites. We have cisco 3750 and 4507 on each end. Every time we run extended ping sweep ranging from 36 to 18024 bytes the packets are being dropped randomly once the size goes above 1500 bytes. Our ISP claims Demark to Demark test are clean and they don't want to acknowledge the problem, they blame our switches. To prove the problem is not on our end we've put different switches at each end, still facing the same issue. Ping success rate is around 98 to 99 percent.
View 11 Replies
View Related
Jul 21, 2012
We have a Cisco ASA 5505 (v7.2(3)) with a "fairly" normal configuration yet we have a problem where it appears UDP/53 traffic is denied on our inside network.
here is output from our sys log:
SyslogID Source IP Dest IP Description
305006 172.18.22.3 portmap translation creation failed for udp src inside:172.18.22.156/42013 dst inside:172.18.22.3/53
To give some clarification:
172.18.22.3 is one of our DNS servers
172.18.22.156 is a device we're experimenting with.
We've bypassed the Cisco by using a 4G wireless router with this same device - and it works flawlessly.Here is a [scrubbed] copy of our config. It is what I inherited from the previous admin - I'm not sure of all its finer points (I'm not Cisco certified -- perhaps I'm just certifiable.)
: Saved
:
ASA Version 7.2(3)
!
hostname [redacted]
[code].....
View 5 Replies
View Related
May 10, 2012
Networking is not my gig, but it has to be at this very moment. We have an ASA 5505. Let me explain what's going on.
On Tuesday I wanted to be able to use the ASDM since there is less room for error. But we only had a console set up. So I ran the following commands...
in ($config)
http of course didn't do anything incomplete command
http 192.168.1.2 255.255.255.255 didn't anything incomplete command
http 192.168.200.254 255.255.255.255 inside
[Code]....
Everything started working after that. Everything worked fine all of wednesday and thursday. Then this morning it stopped processing again. When I traceroute it gets to the machine that is hooked up to the console and stops. So I'm guessing its actually getting to the ASA router and being swallowed up again...
View 23 Replies
View Related
Aug 21, 2011
A recently added outbound rule has left my SMTP communications broken. I have since removed the rule, and had Cisco do some damage control, but it's still dropping some of the SMTP traffic. I get a number of NDR messages each day like the one below:Your message did not reach some or all of the intended recipients. Subject: RE: Christopher, Curt Sent: 8/19/2011 9:38 AM The following recipient(s) could not be reached:
[URL]
on 8/21/2011 9:49 AM
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
<630.SM.Local #4.4.7>
Your message did not reach some or all of the intended recipients. Subject: RE: Christopher Curd Sent: 8/19/2011 9:38 AM The following recipient(s) could not be reached: JWillar@email.com on 8/21/2011 9:49 AM Could not deliver the message in the time limit specified. Please retry or contact your administrator. <630.SM.Local #4.4.7>
I've attached an image of my configuration (ASDM GUI). The part of the image highlighted in green are the SMTP rules. The part highlighted in yellow is another rule that I added about a month ago to block a SYN attack. This rule may be part of the problem because of the order it is in the list. Not sure, though.
I have had two Cisco techs Putty into my ASA to check things out. I think they've done all they can. I wonder at this point if it be wise to just reload the last good running-config I have prior to the Outbound rule being added.
View 13 Replies
View Related
Jan 10, 2013
we have a Cisco 2901 as a router on a stick for several vlans. Everything on the segment routes fine and accesses the internet just as they should. The 2901 connects to an ASA5505 on port 0/1. Any host connected to the ASA5505 can access the internet, but can not ping into any of the vlans off of the 2901. The strange thing is on either segement of the network I can ping all of the gateways. What is even more strange is when I run wireshark from behind the firewall going into the 2901 I can not see the packet on another wireshark instance behind the 2901. However if I start a ping for a host host behind the asa I can see the packet in wireshark on the host, which I am trying to ping, hit the gateway.
View 15 Replies
View Related
Mar 11, 2012
Cannot get the SG200-8 to mirror any traffic other than ping (icmp).
Factory default settings, with port 7 src to port 1 dst on session 1.
Pings mirror just fine. But other traffic. such as web and ssh, is not being mirrored.
FW version 1.0.2.0
View 3 Replies
View Related
Jun 13, 2011
I have a a firewall policy on a Cisco 2911 - the zone policy from OutZone>InZone basically drops everything apart from inspected traffic on the opposite direction and a few essential traffic generated externally (such as Outlook web access and E-mail exchanging). However, I seem to be getting a lot of firewall drops coming from the immediate gateway of the ADSL WAN address to the internal IP range on port 3. I get about 10 hits every 5 seconds.
Policy:
policy-map type inspect FWPol_Out-In
class type inspect CCP_PPTP
pass
class type inspect FCMAP_In-Email
pass
class type inspect FCMAP_In-OutlookWebAccess
inspect(code)
%FW-6-LOG_SUMMARY: 1 packet were dropped from IMMEDIATE WAN GATEWAY:0 => INTERNAL IP ADDRESS:3 (target:class)-(FWPair_Out-In:class-default), the immediate gateway would ping an internal IP address? Keepalive? Could this be stemming from another problem? The traffic wasn't generated internally as all InZone>OutZone is inspected.
View 1 Replies
View Related
Jul 24, 2012
I have, what I believe to be, a simple issue - I must be missing something. Site to Site VPN with Cisco ASA's. VPN is up, and remote hosts can ping the inside int of ASA (10.51.253.209). There is a PC (10.51.253.210) plugged into e0/1.
I know the PC is configured correctly with Windows firewall tuned off. The PC cannot get to the ouside world, and the ASA cannot ping 10.51.253.210.
I have seen this before, and I deleted VLAN 1, recreated it, and I could ping the local host without issue. Basically, the VPN is up and running but PC 10.51.253.210 cannot get out
ASA Version 7.2(4)
!
hostname *****
domain-name *****
enable password N7FecZuSHJlVZC2P encrypted
[Code]...
View 2 Replies
View Related
Apr 17, 2012
I've just started a CCNA course and my lack of knowledge has me a bit stuck. My network is comprised of Cisco components and I'm semi familiar with them just from reading and looking through options. I currently am using a Cisco ASA 5520 on my network and I am trying to join another network via one of the interfaces. My network is 192.168.0.0 255.255.0.0 and my inside interface is 192.168.1.1 255.255.0.0. I enabled a second interface using a static ip of 10.0.0.1 with a subnet of 255.255.255.128. Connected to that interface, I have a Fortigate firewall at 10.0.0.2 255.255.255.128. I can ping just fine from the Fortigate network to the 10.0.0.1 interface on the Cisco ASA 5520 network, but I can not ping the 10.0.0.1 interface (or anything past it) on the ASA 5520 from any computer on the Cisco network. I've read that ACL's and NAT have to be done as well as enabling traffic between interfaces with the same security levels. (both interfaces have security levels of 100 and the option is checked to allow traffic).
Note: each network has it's own internet connection. The connection is to share information on servers on both networks with each other.
View 1 Replies
View Related
Sep 13, 2011
I configured ASA5520 and RV042 for site-to-site IPSec VPN tunnel.Tunnel get connected, but no ping, no traffic between both end network.
Network:
=======
192.168.113.0/24----------192.168.113.6 -ASA--------public, static IP address------Cisco 2821--------Internet
192.168.10.0/24-----------192.168.10.1 -RV042-----public, static IP address------Cisco 2821--------Internet
ASA5520 config:
----------------------
name 192.168.10.0 VPN
!
interface GigabitEthernet0/1
nameif NET
security-level 100
ip address 192.168.113.6 255.255.255.0
[code]....
View 5 Replies
View Related
Oct 28, 2011
I have recently purchased a E4200 i have flashed it with the latest Firmware 1.0.03 and Hard Reset the Router so the Media issue was resolved i was having. After upgrading the firmware to the latest version my Nortel VPN IPSEC Client no longer will work. The tunnel is connected and it passes traffic for about 15 seconds then nothing. The connection remains connected but no traffic passes cant ping across tunnel. I have checked all the settings and VPN - IPSEC - Passthru is enabled. I have put the client in DMZ mode and tried that same thing.
View 7 Replies
View Related
May 9, 2012
I am testing out some inspection options on an ASA 5505, and I am running into a situation in which applying a http inspection is dropping all outbound http traffic. I get a "protocol violation" error in the logs.
Here is the setup: I'm not sure why the web traffic is getting dropped.
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
[Code].....
View 2 Replies
View Related
Jul 11, 2011
I have a scenario with 2 7609s connected through a MPLS service with 10 GE. In each7609 we have a 24 port channelized T1 Circuit Emulation Over Card.
The requirement is in 2 parts. First, we need to provide a T1 emulation service between the 2 7609s T1 cards.
The second requirement is that in one end there is an OC3 port, so the customer wants to send the traffic from this emulated T1 onto the OC3.
View 3 Replies
View Related
Aug 30, 2012
I am currently setting up a new VRF on a Cisco 7609 which is advertising (as a RR-Client) an iBGP route to a Juniper MX960. This route is then getting sent back to the default route table on the 7609 but rejected due to the cluster-id loop prevention. Although not ideal I need this route to be visible in both tables.Is there a way of changing the bgp cluster-id per VRF rather than just globally?
View 2 Replies
View Related
Jan 15, 2012
What are the prerequisites before doing this? I have to upgrade a router this week if there is an opportunity to move it to a code that is more current that the one the client is currently running which is 12.2(33)SRD4. I see on the Cisco Support site that after this code, everything moves to 15.
View 2 Replies
View Related
Feb 20, 2011
We have a router 7609 with Supervisor Engine 720 (WS-SUP720-3B) (Policy Feature Card 3 and MSFC3 Daughterboard) and We have to configure QoS over a FastEthernet interface on a WS-X6148-RJ-45. When I try to apply the policy command I get the next log:
#service-policy output TEST_QOSbandwidth percent command is not supported in output direction for this interfaceConfiguration failed on: FastEthernet1/2 What kind of hardware and software requirements I need on my router to perfom QoS over ethernet interfaces?
View 1 Replies
View Related
May 7, 2008
Configuring MPLS over GRE tunnels. I did not find any proper configuration example. I need to do this for encrypt the traffic between two PE routers. I have 7609 routers.
View 20 Replies
View Related
Aug 10, 2011
I have a hight CPU utilisation problem in my CISCO7609-S routers. the cpu utilisation can rise 99% et this is usually. In the moment of hight CPU the the process CPU give the following:
the show processe cpu history give: show version
View 1 Replies
View Related
Sep 6, 2011
i have a problem of high cpu on my CISCO 7609 cased by LMS 3.2. I have captured the trafic flowing between LMS and the router,
View 2 Replies
View Related
Dec 12, 2011
First and foremost, what I have are 2 x 7204VXR (Gateways), 1 x 4507R-E (Coreswitch), and our ISP have 7609.Got some issues with redundancy with our ISP.
7609
I I
I I
7204-A 7204-B
| |
| vrrp |
| |
-4507R-E-
|
|
internal network
Both outside interfaces of 7204 gateways are connecting to 7609 with different public ip block. I used VRRP for my internal nework and failover have been tested working.
Even tried to remove link of 7204-A and 7609, the failover works perfect. If I shutdown/ remove the link between my 4507R-E and 7204-A (primary gw_higher vrrp priority), vrrp redundancy/failover still works, but pings from internal network to internet is only 50% success....alternate 4 ping reply and 4 time out.
View 6 Replies
View Related
Jan 30, 2011
I have to do a migration of sup32 to RSP720 for which I need to know if you can operate the equipment connected with the 2 supervisors at the same time??? and it still working ?
View 1 Replies
View Related
Jan 17, 2012
I have a router CISCO 7609-S with two RSP 720 engines,and other cards are 7600-ES+20G3C,7600-ES+40G3C.One day it has a error cord " %XDR-6-XDRIPCNOTIFY: Message not sent to slot 4/0 (4) because of IPC error queue flush. Disabling linecard. (Expected during linecard OIR)" and the card resets.Cisco TAC told us it is a bug which is CSCtj05576.and I want to upgrade the ios from c7600rsp72043-advipservices-mz.122-33.SRD4.bin to c7600 rsp 72043-advipservices-mz.122-33.SRE5.bin.Now I want to know this:1, Is it right to upgrade to this new ios? Is the new ios suitable for the cards?2,I want to know the right way to upgrade ios in two engines.
Atfer I copy the new ios to the master engine and slave engine,and then change the bootvar and save config.Is it auto copy the config to de slave engine?Atfer do this ,I want to know how to apply the new ios,Does it reload the slave engine first and then force-switchover the master engine to slave engine. Or Atfer do this,I reload the router on active engine directly?
View 1 Replies
View Related
Feb 3, 2013
In my existing production router 7609 of my company, sup-engine already fixed in slot 5 with SRC2 12.2(33) IOS and I need to insert another sup engine in slot 6 with SRE7 IOS code image and after this, again sup engine in slot 5 must be with SRE7 IOS image...(also I have extra sup engines with SRE 7 code image ready with me) Query:i am going to offload router before proceed for this activity?i will insert new sup engine in slot 6 with SRE 7 ios image and now i need to re-install spare sup engine with SRE 7 code readily available with me by removing existing sup engine from slot 5 (Active) so what will be the proceedure to insert new sup engine with SRE 7 code in slot 5 and slot 6 with minimum downtime of router?
existing setup sup engine in slot 5 with SRC2 12.3 (old hardware) slot 6 is EMPTY
final result should be like this: sup engine in slot 6 with SRE 7 (new hardware)
sup engine in slot 5 with SRE 7 (new hardware)
View 3 Replies
View Related
Feb 4, 2012
Yesterday, myself and local support team has been engaged to perform troubleshooting the issue of some web site accessing .Mos of this case is cased by MTU issue, So, I've tried to configure the following configuration on interface tunnel 0.Device: Cisco 7609 with IOS s72033-adventerprisek9_wan-mz.122-18.SXF8.bin
I've tried to figure out what the supporting command after 'ip tcp' in tunnel 0 and following likes..ip tcp ?compression-connections Maximum number of compressed connectionsheader-compression Enable TCP header compression.there is no such command about 'ip tcp adjust-mss.So, my questions is that what is the replace command for 'ip tcp adjust-mss' ? Is this only support on Router? such as Cisco 7200. or not, to take effect same functional on C7609, what is the command for that?
View 3 Replies
View Related
Mar 25, 2012
I have a 7609 with a Flexwan module with a PA-POS-1OC3. Is there a command to determine they type of SFP in the module ? sho controllers POS didn't provide the SFP type.
View 2 Replies
View Related
