Cisco WAN :: 877 - Virtual Interface Goes Down But Not Physical Interface
Apr 5, 2011
I have five 877 routers connected to ADSL circuits provided by Vodafone. Each has a VPN tunnel back to a PIX.
Occasionally one of the sites will lose it's connection to the PIX.
When we check the log, we find entries like these:-
Apr 5 01:31:54.085 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to downApr 5 01:33:19.344 UTC: %CRYPTO-
[Code].....
As you can see, the physical interface (ATM0) is not being reported as changing state to down, neither is the Dialer interface.
When the router is in this state we have to SSL to the public IP address of it and manually restart the ISAKMP SA.
When the router sees the ATM interface go down and subsequently come back up, the VPN connection to the PIX also recovers.
So - in a long winded way I think I'm asking....why does the Virtual interface go down and is there anything I can do to stop it happening?
View 3 Replies
ADVERTISEMENT
Feb 28, 2012
What are the pros and cons of configuring a Switch Virtual Interface (SVI) versus a routed physical port between layer 3 switches?For example, if I have two 4506s and have a need to run HSRP and route between them which feature is better and why?
switch_a
!
interface vlan 25
ip address 10.10.10.1 255.255.255.0
!
interface fa0/1
switchport mode trunk
[code].....
View 1 Replies
View Related
Feb 15, 2012
I have my wan connection on the eth0. The bandwidth is 2mbps. I am running qos on that interface saying 192.168.200.0/24 can use 80% of the bandwidth and 192.168.201.0/24 can use 20% of the bandwidth. I Also have vtun VPN inteface to our branch office. I also wan to run some qos on that interface. How do i go about allocating the bandwidth on this interface? it is actually going via the eth0 interface, but the system actually see's it a an independent interface on its own right, so it requires it's own qos policy.
View 3 Replies
View Related
Feb 3, 2011
I have a network with Two 3800 Cisco Routers as Central and many Cisco 2811 Router as Branches. Now I set two Tunnel on each router connection Interface FastEthernet from each 2811 to SubInterface Fastethernet on 3800. I set OSPF as Routing Protocol and I configure QOS on Tunnel connections. Then I have a safe connection with backup connection between 3800 Router and each 2811 Router. Now I want to set VPN with IPSEC and Certification Authentication with CA Server for Security all connection. I set IPSEC and ISAKMP and Certificate on each Router and Set Dynamic VPN on Cisco 3800 Router and Static VPN on each Cisco 2811 Router. Now when if I configure tunnel with Crypto map, it works correct and all packets are encrypt. But if I try to set crypto on physical Interface(because I want to set qos on tunnel then protect packets on physical interface) however all packets are routed but crypto and encrypt d o not work. Set qos on tunnels and crypto on fastethernet interface.
View 4 Replies
View Related
Jun 5, 2012
I am preparing configuration (currently in lab) for Per-Tunnel QoS in DMVPN on ASR 1002F for one of our customers, and I came across one issue. According to restrictions for this feature, I cannot apply per-tunnel QoS in conjunction with interface based QoS. This means, I can provide shaping with hierarchical CBWFQ for each spoke, but I cannot guarantee anything on physical interface! What if there are services in native MPLS? I am also unable give reservations for BGP which is used on PE-CE link! How about monitoring spoke PE-CE links natively? I can only apply policy-map with class-default on physical interface. When I add anything related to queuing for that class (or any other non-default class) I get the message:
R1(config- pmap)class routing
R1(config- pmap-c)#bandwidth 16
service-policy with queuing features on sessions is not allowed in conjunction with interface based
[Code] ........
View 8 Replies
View Related
May 30, 2011
I enabled snmp config ASA 5505 with Version 7.2(4), the NMS/reporting system can give graphs for CPU & Memory usages. But I can't see any elements about physical interfaces.
View 1 Replies
View Related
Oct 25, 2012
I have a pair of router Cisco 2800 running in HSRP, now I want to configure one sub interface with another sub net, Will my current IP on physical interface work or do I need to create two Sub interfaces for each network. Do i must need encapsulation on sub interface
Current Config:-
Router 1:-
interface FastEthernet0/1description Connect to LAN_SW1 Gi1/0/1ip address 192.168.1.13 255.255.255.0no ip redirectsduplex autospeed autostandby 1 ip 192.168.1.1standby 1 priority 90standby 1 preempt
Router 2:-
interface FastEthernet0/1description Connect to LAN_SW2 Gi1/0/1ip address 192.168.1.3 255.255.255.0no ip redirectsduplex autospeed autostandby 1 ip 192.168.1.1standby 1 priority 110standby 1 preempt
For second network I do not require HSRP
Router 1:-
interface FastEthernet0/0description Connect to LAN_SW1 Gi1/0/1no ip addressduplex fullspeed 100
[ code]...
Router 2:-
interface FastEthernet0/0description Connect to LAN_SW2 Gi1/0/1no ip addressduplex fullspeed 100
[Code]...
View 3 Replies
View Related
Nov 29, 2012
We have to enable FIPS 140-2 on our ASA5520's for all our IPSEC VPN connections. We currently have failover on our 5520's. I found a lot of information out there but some seems to conflict one another.What are the things I need to look out for - caveats? Does the clients that connect to the VPN had to use different clients once the FIPS was enabled.Do we need to recreate logical interfaces for each physical interface we have?
View 1 Replies
View Related
May 2, 2013
ASA have two context groups say admin and and x. Its interface gi0/2 has 6 subinterfaces from 1 to 6.3 subinterfaces ----0/2.1 to 3 are in admin and last 3 are in context x.when i went to system context it does not show where interface gi0/2 belongs to it only shows up up.how can i find which context group physical interface gi0/2 belongs?
View 4 Replies
View Related
Dec 9, 2012
vlan interface and physical interface (that is serving for this vlan ) have different input/output counters, there is only one physical interface in this vlan .
sh int vlan 64
30 second input rate 9000 bits/sec, 9 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
[Code]....
View 5 Replies
View Related
Jan 12, 2012
how to configure this. I did it in the past but kind of forgot how I did it.I have a stacked 3750 (two physical switches) connecting to a 2960.
I am creating trunk ports with limited access to VLAN 300, 600, and 700.
There is two interfaces connected from the 3750's(one on each physical stack member) to the 2960.I have the physical interfaces configured exactly the same.
3750 Config:
interface Port-channel2
!
interface FastEthernet1/0/46
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1, 300,600,700
switchport mode trunk
speed 100
[code]....
Should I keep the configuration on the physical ports and not configure the Port-Channel Interfaces? Do I need to configure port-channel load balancing? Is the channel-group mode sufficient? Goal is to basically create 2 links to the 2960 to double the bandwidth and provide redundancy.
View 7 Replies
View Related
Dec 22, 2010
I have a problem in my Cisco 1841 in Virtual-Access Interface all interfaces is UP Except Virtual Access is Down . [code]
when i want recover the virtual access to up ,should i do shut & no shut to the ATM interface.What is the cause of the problem, and how I can solve this issue?
View 2 Replies
View Related
Feb 11, 2012
We have a 3745 LNS router, currently there are less number of users connected.when a user dials request authenticated and one virtual-access interface is formed in LNS router.Now the user is disconnected the vpn and connected to VPN again in this case, whether the user is connected to the same virtual-access interface which was assigned before disconnecting or different virtual-access interface is created.
View 0 Replies
View Related
May 1, 2012
I have got new cisco ASA 5580 running 7.2(4) on it when i am trying to configured Virtual interface on vlan 400 in Gi0/0.400 to LBASE.now the problem is from my MZ zone 10.242.107.17 to Lbase virtual interface 10.242.103.1 iam not able to ping.
View 2 Replies
View Related
Mar 24, 2013
I have a switch from SG 500 Series the works as Layer 3 Routing Switch with the Firmeware 1.2.7.76. I have create some diferent VLAN´s and have defined one ACL for each VLAN. Now i try to do a binding from the ACl to a VLAN but i have only the option to bind the ACL to a phys. Interface or a LAG.is the a possibility to bind the ACL to a virtual interface like in other Cisco serieses and how it works ? the Backround is i have connectetd 2 Hyper-V Server where the Guests are in different VLAN´s and the server is connectetd with a 10Gb Trunk to the Switch now the switch routed the different VLAN´s and i must have some restrictions between the VLAN´s.
View 2 Replies
View Related
Feb 21, 2012
We want to achieve a load balancing scenario using Virtual IP on DMZ interface on a Cisco ASA 5520.
The IPs we are going to use on DMZ are 10.15.1.2 and 10.15.1.3
These IPs are going to be NATted to all inside IPs.
Lets say our outside IP is X.X.X.X
This IP points to 10.15.1.2 and 10.15.1.3 with .2 being the primary and .3 being the secondary. When I hit the outside IP, it should point me to .2 and that .2 should take me to the inside IPs.
View 1 Replies
View Related
May 3, 2012
one of my SNMP server 10.242.103.42 sits in MZ zone,and ACE 4710 is connected to core switch,coreswitch is connected to firewall asa.
Now iam trying to ping from MZ zone SNMP server to loadbalancer ip 10.242.105.1,iam unable to ping my LB interface to discover SLB on my SNMP server.
View 1 Replies
View Related
Jul 22, 2012
We recently had a contractor deploy a 4500 catalyst switch with a WS-x45-SUP7-E. After installation and configurations, HP openview is detecting a "downed" interface on the 4500 chassis that is not in the configuration. I have attached an image with the interface circled. We assumed that it may be a configuration issue with openview, however after running diagnostics with a network analyzer, the same ip address for the down interface is still detected. Is this some sort of internal virtual interface on the SUP7?
View 4 Replies
View Related
Sep 8, 2004
I had the 2 circuits go down at the same time from our ISP and I had to power cycle the router and when it came back up I went from VA # 2 to now VA 3#....I know what is what but it is confusing for my counterpart and I can not remove the old entry for VA#1 and VA#2. [code]
View 3 Replies
View Related
Oct 17, 2011
can we create VRF on Cisco 3550 EMI switch so that we can create mutiple virtual switch on physical switch.
View 4 Replies
View Related
Sep 23, 2012
I'm in process of purchasing a new Cisco routers for our branches that will be used primary to enable IPSec virtual tunnel interfce with "tunnel mode ipsec ipv4". does the default IOS IP Base supports this feature? or i need to purchase DATA license or SECURITY license?
View 4 Replies
View Related
May 9, 2012
i have a 1841 cisco router and i recently purchased a 1 port HWIC wan interface card. My problem is that I cannot see the interface in my config file. Is there something i am missing?
View 8 Replies
View Related
May 1, 2012
I have a Cisco ASA 5505 and I have my internal and external interfaces configured but I currently cannot ping from the inside to an IP Address on the outside. I had this setup and working and I have another set of equirement that I am replacing that is working with my service provider so I know it is a configuration issue. When I ping 4.2.2.2 for example I get:
Destination host unreachable
Do I need to add a static route from my inside interface to my outside interfaces?
: Saved
:
ASA Version 8.2(5)
!
hostname pxasa
[Code].....
View 2 Replies
View Related
Apr 9, 2011
Is it possible to set up a WAN interface on a FastEthernet interface of a Cisco 877 Adsl Router ?Due to my ISP, i've to use an external VDSL modem and must connect it to my cisco 877 router (and leave it's adsl interface unused).But i don't know how to set up a wan port, other than the adsl interface itself (dialer0), on my cisco.
View 7 Replies
View Related
May 28, 2013
We are having Cisco ASA 5540 having Cisco Adaptive Security Appliance Software Version 8.0(5)23 at certain time of moment daily wer are facing latency and packetdrop wherin when I checked for ASA Interface which gives me " Input Errors" on outside interface ,so can any one tell me what are the causes to get input errors on cisco asa outisde interface.
View 2 Replies
View Related
Oct 31, 2011
I share a modem and router with my building, and connect to the internet using an ethernet cable which plus right into the wall in my apartment. When I hover over the network/internet icon it tells me that I have a local connection only and can't get online. No changes were made to my computer between it working and not working - I have not installed any new software and the modem+router have not been changed.
When I try ipconfig/release is says it can't perform the operation while the media is disconnected. It also tells me that "an error occurred while releasing interface Loopback Pseudo-Interface 1: The system cannot find the fie specified".
[code]...
View 1 Replies
View Related
Feb 13, 2012
I have a 1t3/e3 card in a new 2951. When I statred the router, I found no interface corresponding to this module when do "show ip interface brief"
View 3 Replies
View Related
Oct 9, 2011
I have Pix 501 firewall and I'm just configuring the device for "Email Server" to allowing POP/SMTP.
Inside Interface Address: 132.147.162.14/255.255.0.0
Outside Interface Address: ISP provided IP address
My question is can my traffic goes from inside interface to outside interface? (because the inside interface address not from 10.0/172./192.168 private address)Also I'm allowing internet from this email server (132.147.162.14) so what my access list to be configured? and what my subnet mask shoud be there?
Pix(config)#access-list outbound permit tcp 132.147.162.14 255.255.0.0 any eq 80
Pix(config)#access-list outbound permit udp 132.147.162.14 255.255.0.0 any eq 53
Pix(config)#access-group outbound in interface inside
View 7 Replies
View Related
Mar 18, 2013
I've got a ASA 5550 firewall interface failover issue. (File attached).
when I shut down the inside interface Gi 1/1 of the left firewall(Active firewall), It failed to failover. but when I shut down the Gi 1/12 of the Core 1 switch, The firewall failover very well.
I followed this guide but I was not able to failover. [URL]
how can I configure so that when the Gi 1/1 or Gi 1/0 interface goes down, it can failover ? Code...
View 6 Replies
View Related
Apr 22, 2012
Needing to bridge from my wic interface to an ethernet interface on a 2900 series router so that I can pass through the ip address given to the WIC, to my ASA so that I don't have to give my ASA a private range address. (Just like a service provider might do when bringing a T1 with managed router in to my prem)
View 1 Replies
View Related
Mar 3, 2013
what difference is between these two ports?
I have a router with ISDN/BRI interface and i am planning to buy router with E1/PRI interface. Will i be able to connect them?
View 2 Replies
View Related
May 10, 2012
I need to have some (maybe four) virtual network interfaces, one face of them connected to my laptop and another face bridged to one of my physical network interfaces.How can i do that?Ive tried VirtNet and Microsoft Loopback Adapter but no success.
View 1 Replies
View Related
Jun 13, 2012
Does the ACS Express have the same GUI interface that the full ACS appliance? I mean if I know one I know the other?
View 4 Replies
View Related
