Cisco 891 configuration Details: [code] I could connect to the Giga bite thernet wan, based on above configuration.When I test on FastEthernet8 for the secondary ISP connection it will not go through the internet.
View 17 RepliesI have to configure failover on both router. if one get fail then the other router should be dial.Physical connection
•1. Two routers (Cisco 2801) are connecting with splitter through RJ 11 port.
•2.Only one ISP link is coming in splitter.
Requirement: As per as customer requirement. He wants redundancy with in both 2 routers. If one goes down then the other router come up. And same configuration on 2801_R2 router. I am planing to do HSRP on our lan network (2801R1,2801R2 ehternet interface which connected to switch). from switch i will create two default route with (next hope) virtual ip address.
I have been having an annoying issue for the past few weeks with my ASA setup. We are using the ASA as our Remote Access Gateway and originally had it setup in a Active/Standby failover configuration using 2 x 5520 ASA's.The original setup of the devices was that the 2 x ASA were setup in a failover configuration, with both of them connecting back to the internal network via a 6500 device. Because of using failover I created a VLAN on the 6500 and put the two ports that connect the ASA's into that VLAN. I then configured the VLAN interface to be the EIGRP interface for the neighbour relationship to the ASA's.
The problem I am seeing is that the EIGRP neighbour relationship between the Active ASA and the 6500 keeps flapping. It occurs abour 4-5 times every day at randmon intervals. Sometimes the neighbour relationship will stay up for 6-7 hours, other times it flaps every 1-2 hours. I initially thought it was due to the failover configuration so I removed one of the ASA's and removed all of the failover configuration, but the EIGRP neighbour flapping problem still exisits. [code] Since removing the failvoer configuration I am thinking it could be a physical cable problem?
We have two Cisco 2960 TT-L switches. I'd like to reduce single points of failure and have dual servers for most tasks. For example, two firewall servers and two web servers. Should one server fail the other will act as a failover.I'd like to extend the redundancy to the switches, and am thinking of connecting one web server to one switch, and one to the other. In the event a switch failed a set of servers would still run, and be able to talk to each other.I'd like to run two VLANs, one for the LAN, and one of the WAN, and connect the two VLANs on each of the switches with the associated VLAN on the other switch.
View 3 Replies View RelatedWe have a customer who has a network consisting of two ISPs, one as a primary and the other as a backup. We are trying to create a configuration that would allow the primary link to fail and the secondary link to automatically pick up traffic and begin routing .how to set something like this up. Both routers are non Cisco routers and there for HSRP is out.
View 14 Replies View RelatedI tried to backup ACS 5.1 but i found error messages as below
acs backup25Nov11 repository 25Nov11Repository
% Repository not found
% Error: Invalid repository name 25Nov11Respository
Please use a configured repository.
I have just started my installation of Prime 1.2. I have the OVA loaded (NCS-APL.1.2.1.12-K9) and I went through all of the setup. I have the webpage loaded but unable to get past the Root login. I then tried to change the password using the "ncs password root password password" command but get the error message "Execution failed: Cannot find user: root". I have seen some people talking about the wrong OVA file but that was for Version 1.1 I think.
View 1 Replies View Relatedwe installed a new CPI 1.3. Both machines are in the same subnet and close to each other. Everything looks fine and is installed as we see in the config guide.When we halt the VM of the primary Server, the backup takes over but with errors. I'm also not able to login! [code] my colleauges did the same a few days ago also with problems or similar problems and restore the server from backup.
View 2 Replies View Related I am attempting to register QPM 4.1.5 into LMS 3.2.1 Portal, under Home Page Admin - Application Registration but It fails.It seems to be a bug where it puts the details in the wrong place when submitting the info.
This is the output that it tries to submit obviously - Description, host name, port number and protocol are mixed up.You have selected the following application to be imported from the remote server. [code]
I'm not sure where to find the Tomcat logs or how much use they would be.
My client has two ASA-5500 in failover (8.4.4.1).To create AnyConnectVPN, the package must be uploaded on both machines - uncomfortable, but it can be accepted. The REAL problem is that the profiles (.xml file) are not synchronized.When I make a change of any of the parameters, after failover switching I loos alle the change.
View 1 Replies View RelatedI just set up a new Linksys/Cisco RV082 router with the intent to get VPN working from outside the building. I have gone through the setup and while everything looks good, I have not been able to connect yet. I have tried everything that I know how, and am now hoping to get the answer from some pros.
Here's my setup. We use Comcast Business class internet. The modem is plugged into WAN port 1 on the RV082. I'm using the router as a DHCP server, that is working fine. My local subnet is 192.168.0.0/220
Right now all I want is to be able to log in as a client using QuickVPN. I set up one user and a client to VPN tunnel using the router's config page. Here's the settings I have:
Tunnel Interface is setup on WAN1, checkbox is enabled.
Local Group Setup
Local Security Gatewaytpe: IP Only
Local Security Group Type: Subnet
[Code]....
It seems like something is blocking the connection, but seeing that I have tried this after disabling the firewall completely it doesn't make sense to me. I also went into the config page for the modem and set up the router as a DMZ. I have also tried connecting with the client built into Windows 7, but that doesn't work either, I just get "connection failed with error 619"
I have the port in QuickVPN set to auto, but have tried both 443 and 60443 with same results.
I ran a port scan at [URL] and it shows I have 3 ports open...80,443, and 1723
We've recently sold and implemented a wireless solution using a WLC, WCS and 1140 APs.
There is a HQ site where the WLC, WCS, DNS and DHCP reside. Active Directory and a RADIUS server are also located there. There is then a WAN link to remote sites which sometimes fails. At the remote sites you'll just have a router, switches and the APs. The intention is for the APs to work in lightweight mode, falling back to H-REAP when the WAN link fails.That works fine, but what doesn't work fine is the APs rejoining once the WAN link is restored.
They just don't. Even days later, the APs are still all disassociated from the controller despite the WAN link being up. I've 'hardcoded' the controller IP into the AP configuration, while the APs initally get the IP for the WLC from DHCP using Option 43. Despite the APs therefore knowing where WLC is, once they're disassociated from it (WAN link failed) they will not reassociate by themselves. Restarting the APs is the only way to get them to rejoin.
With hundreds of APs and in excess of 30 switches, restarting all the APs each time the WAN link fails is pretty ridiculous.
I've logged a TAC case and gone through the whole rigmarole, this is an offical bug and Cisco have informed us that it's due to be fixed sometime early 2011, but besides that there is nothing they can do. So to be perfectly clear, Cisco have sold and shipped a product that doesn't work as advertised and they best they can offer us is a promise to fix it soon. I'm pretty shocked, I've never had this experience with Cisco in the past.
Ok, so now I've got to come up with a decent workaround until we get a firmware release where this is fixed. I'm looking at using CNA to automate the reloading of all the switches, I guess when an outage is reported I'll just write a procedure for the client to follow to reload all their APs.
A script that can query the associated status of APs and reload them as needed, automatically, would be pretty cool. Perhaps that can be done with SNMP.
I am running a home configuration where there are 2 PC's each using a different ISP. If one of those ISP's goes down, I would like both PC's to switch over to the working ISP.
View 5 Replies View RelatedI can't tracert or ping certain websites or servers for games.Before I go on, no I wasn't doing this because of DDoS-ing. I was doing this so that I could find an exact latency number for a gaming server. Now, to continue.What I mean is if I try to ping this server, the session will timeout no matter what the millisecond limit is (using CMD)
Ping: Pinging (IP Host Name) [IP] with 32 bytes of data
Request Timed Out
Request Timed Out
Request Timed Out
Request Timed Out
[code].....
Why does this happen? I am pretty sure this is a security tactic used to stop DDoS-ing, but why does it not matter how long I allow the tracert or ping to run? I really want to understand this so I can understand how people don't get traced as well as don't get DDoS-ed. I didn't put any of the IP's just to keep it anonymous. If you really need the host IP, I will supply it, but I will not supply the tracert IP's.
fail to connect with net through wifi
View 1 Replies View RelatedHow do you monitor ASA firewall fail over events?
We had a firewall fail over, didn't know it, the configs were out of sync and the customer went down we want to avoid this is the future.
I have a Question i am testing mobility group with Failover for redundend connection between 2 Cisco 5500 Wlc.On both the controllers i got the mobility working And both the controllers have the same version.And configuration. But when i unplug the main controller the access-Points don't convers to the second one .The just keep on creaming can't find the main controllerAlso with this thus the second wlc need to have the same.Interface ip address like management.
View 8 Replies View RelatedI am trying to configure a Cisco ASA 5505 for Remote Clients.I am using ASDM interface and used the startup and ipsec wizards for my configuration but im hitting a stumbling block.For the last 2 days i have tried a number of configuration changes in attempt to make this work but failed, so i have done a factory reset and gone through the wizards again, so i have a clean configuration. Currently i have a Static Public IP Address 81.137.x.x and i am using a Netgear ADSL router, which is forwarding VPN traffic (UDP 500) to 192.168.171.35 (the wan port on the ASA 5505).The Cisco ASA has a default address of 192.168.1.1 I am using Cisco Client 5.0.06.0160.I have configured the client to use Group Authentication with the same credentials as setup through the wizard and im using Transparent Tunneling IPSec over UDP.I have attached 2 documents running_config.txt - which is shows the current ASA configuration Log-View.txt - showing error messages displayed in the real-time log viewer when i try to connect from the remote client.Im not sure whether i need to do any additional configurations for my setup other than simply run the wizards.
View 3 Replies View RelatedI have an ASA 5520 running, user web trafic, incoming VPN and systems NAT for DMZ services. Nothing new for a standard firewall. I have upgraded the memory in it to 2GB, per Cisco so that I could install and run IOS 8.41. I have uploaded the both the IOS bn image and the ASDM 645 image and set it as the primary boot file. When I reload the ASA, everything boots fine, no errors and all traffic appears to be working fine.But here is my problem:ALL the previously configured VPN sessions will connect to the ASA and show that they are passing traffice (TX and RX increments through the monitor) but if I try to access a device on the other side of the VPN or they try to access services in the corporate network, the connection fails. Ping works, So I know I can reach the devices and the tunnel has been correctly created, but nothing else, . I did not change anything in the configurations for the VPN connectors.But, if I reload the ASA with the 8.21 version image, everything works just as before and all connections are good.
View 3 Replies View RelatedI have configured eigrp routing on cisco 1941 ISR with two interfaces advertised. However i can not ping the router interface on g 0/0 but can ping the device and computers attached to that network. When i ping from the same network i'm able to ping the interface but not from anyway else. i can also ping the other devices on other network from g 0/0 attached hosts. How can i enable ping to this interface so that i start monitoring the network?
Below i have attached the network configurations for the router;
!boot-start-markerboot-end-marker!!enable secret 5 xxxxxxxxxxx!no aaa new-model!no ipv6 cefip source-routeip cef!!!!!multilink bundle-name authenticated!crypto pki token default removal timeout 0!!license udi pid
[Code].....
I have a lab network setup at my house with similar equipment to our office that I use for testing different features and functionality. Since I have had this installed (~ 2 years) I've had an intermittent but recurring problem with connectivity to various wireless devices that I have never been able to fully resolve.I have a 5508 Wireless controller with a handful of 3502i APs spread throughout my house. The controller is connected to a 3560X switch. And I have an ASA 5510 firewall as my Firewall/Internet Gateway. When I work from home I most often work from a desktop computer in my office and have a Windows RDP session to a laptop located in another room in my house on one of my monitors as a working space (I know this is weird but there is a good reason). This laptop is connected via WiFi at all times.Occasionally, I will lose connectivity to this laptop (or not be able to connect back to my desktop from it) and have to start an extended ping from the laptop to the desktop to re-establish connectivity. A while ago I performed some deeper analysis on what was happening and what I found is that when the connectivity breaks the problem is that the desktop is unable to resolve the MAC address of the laptop. It sends out ARP requests but never receives any reply back.
Why would the controller stop replying to ARP requests for the IP address of the laptop?If I log into the controller while this is happening it shows the laptop as a connected client, and has its IP address and MAC address listed fine in the clients section. In order to avoid getting up every time I need to reconnect, I normally hop to a system I control across one of my VPN tunnels via RDP, then connect BACK to the laptop and start the ping to re-establish connectivity back to my main desktop machine. This works because the firewalls ARP cache hasn't cleared yet. And then everything works fine again... unless I manually clear my ARP cache. Sometimes clearing the ARP cache will result in the exact same problem again and I will lose connection. Other times it seems to repopulate almost immediately and the connection doesn't drop.
A wireshark debug from the desktop reveals that ARP requests simply go out with no reply, confirming what is happening.As a note, I have set both the User Idle Timeout and the ARP timeout to 24 hours to try but this has not had any effect.This problem seems to go away and then come back. In fact, I havent been experiencing this issue for probably a couple months recently and then it just started again in the last few days which is why I am back to posting here. No changes to the network were made in the meantime that could account for this change in behavior. I am currently running version 7.2.111.3 but this behavior has persisted through at least four software upgrades so I don't think it's an issue with a specific version but I don't really know.I occasionally epxerience connectivity issues in my house to other devices as well that I use less often like a printer, network camera, apple tv so I now feel like these issues are likely all related.
We have a second ASA 5510 that is suppose to be a hot standby. I need to find out that, as a hot standby, does it have to have the same licenses as the ASA that it backs up. We purchased 50 SSL VPN licenses for that unit. If it fails over, we need to make sure the failover asa can allow SSL VPN connections.
View 3 Replies View RelatedI have configured Site-to-Site IPSec VPN and it works. Our clients have access to inside network and Internet ("hairpinning").How can I configure access to Internet on remote networks clients if VPN tunnel fail?Remote devices is ASA5505 and Cisco 861.When VPN works i have access to Internet over central office gateway.In case when VPN fail i need still have access to Internet over local (remote device) gateway.
View 2 Replies View RelatedI migrate 1310 APs from Autonomous to Lightweight. Migration is OK with Cisco Upgrade Tool, and AP are registered on my 2504 WLC.
Previously, a 802.1x network was broadcasted by autonomous APs, supplicants were identified on a freeradius server with MSCHAPv2/PEAP method.
But on the WLC, supplicants can't auth on Radius server.I configured a WLAN with WPA/TKIP/802.1x with my radius server in AAA tab.When clients try to authenticate, I get these messages where xxx is login:
-AAA Authentication Failure for UserName:821 User Type: WLAN USER
-AAA Authentication Failure for UserName:200 User Type: WLAN USER
-AAA Authentication Failure for UserName:209 User Type: WLAN USER
Security info on client page is:
Security Policy CompletedNo ###Policy TypeWPA###Encryption CipherTKIP-MIC###EAP TypePEAPSNMP NAC State Access ###Radius NAC State8021X_REQD .
What is strange, there are some clients which are OK in RUN State, and 50 other % which are not.
I have HQ and Branch router
HQ = 2811
Branch = 2801
Connection type Freme-relay between HQ and Branch
CDP enable on interface
The Branch router show in UNCONNECTED DEVICE VIEW of Topology
i have 1262 LAP which is fail to boot and went to rommon mode
here are the logs
ap: boot
Loading ""...: permission denied
Error loading ""
[Code].....
I'm configuring ACS for the first time and the config is complete and working, except backups of the view database. I've created a TFTP repositiory and if I perform a manual backup or wait for a scheduled one to occur it fails. I do get a .tar.gpg file in the TFTP server (but can not restore from it as it's not listed in "Restore" as a backup).
It works fine if I create and use a local disk repository. I get a .tar.gpg but also a catalog.xml and repolock.cfg file (which I don't in TFTP). Looking at the logs on the TFTP server I can see it tries repeatedly to read the catalog.xml file but fails:
Read request for file <DB/catalog.xml>. Mode netascii [15/07 16:05:52.167]
File <DBcatalog.xml> : error 2 in system call CreateFile The system cannot find the file specified. [15/07 16:05:52.167]
That seems correct, the file doesn't exist. However it never seems to try and create it.
i have a problem with a cisco 857-K9 router. We can access internet but if we ping a web server, every first ping fail but all others works...
View 15 Replies View RelatedI have four rservers. I have found that if the first listed server in my serverfarm is off line, the entire farm quits working. How did I come to this conclusion? You see as part of "serverfarm host PORTAL-FARM" rservers "SISPOAS1 through 4". I can shut down any server except SISPOAS1 and all is well. The load balancer sees the probes have failed to that given server and continuses to load balance to the others. However, If I shut down SISPOAS1, nothing works. I confirmed this by eliminating SISPOAS1 from the configuration completely. After doing so, I could reproduce the exact same problem using SISPOAS2 since it is now the first rserver in the list after I removed SISPOAS1. I'm stumped! Looking at the configuration below, what am I missing???
access-list TRAFFIC line 8 extended permit ip any anyaccess-list TRAFFIC line 16 extended permit icmp any any
probe tcp 389 port 389 interval 2 passdetect interval 2 passdetect count 1 open 1probe tcp 636 port 636 interval 2 passdetect interval 2 passdetect count 1 open 1probe tcp 7777 port 7777 interval 2 passdetect interval 2 passdetect count 1 open 1probe tcp 7778 port 7778 interval 2 passdetect interval 2 passdetect count 1 open 1probe tcp 7780 port 7780 interval 2 passdetect interval 2 passdetect count 1 open 1probe tcp [Code]...
I have the a problem, when I do a upgrade of a SMB RV042 and the PC that contain the upgrade file is in the same segment of the RV042 the upgrades is succesfull, but when the PC is in another subnet, upgrade fails. There are conectivity betwen the two subnets and there are not a firewall.
View 3 Replies View RelatedI have problems in the following scenario. I attached an image with a summary diagram of the network in question. The problem is that on the 3rd floor of the site users connect via wireless fail to connect and receive an IP. But they can not navigate. The second and first floor itself. As you see in the diagram are 3 routers, one per floor. The first is the only router that provides DHCP the other two routers are as simple Access Points.
View 13 Replies View Relatedmy computer cannot access Internet at all. It finds all the wireless routers and can connect to them, but says that the router cannot access Internet. However, it can. All other devices connected to the router have full Internet access. I've tries rebooting computer, rebooting router, reconnecting to router, reinstalling wireless Internet driver, but still nothing
View 4 Replies View RelatedI have 2 routers on 1 the internet work fine on the other the internet not work and I see this when I start diagnostic "Testing ADSL Synchronization---fail"
View 4 Replies View Related