Cisco WAN :: 891-K9 Dual Wan Configuration Using PFR
Mar 30, 2012
The basic setup Newly installed redundant ISP, thus setting up the 891 with dual WAN Using PFR to load balance between the two. Did initial config through CCP (not express), but I am familiar with the basics of IOS CLI (not used to the new zone based firewall yet, managed aour old Pix for too long, but that is a different subject)
I cannot seem to get anything but Gi0 to be accepted as a WAN interface. I go through the entire setup in CCP, test each connection, etc, and it all looks good until I exit out of CCP and go back in. At that point, I get squat out of Fa8. CCP won't let me test the connection, won't let me edit the connection, wont let me delete the connection. The wizard for a new WAN connection becomes available again (Wanting to set up a "second" WAN on Fa7...)
Again, I have verified connections to each ISP line independently, either one works just fine on Gi0, neither ever works on Fa8. This is my first real foray into PfR.
Building configuration...
Current configuration : 21486 bytes
Last configuration change at 18:59:43 UTC Mon Mar 26 2012 by admin
[URL]....
View 4 Replies
ADVERTISEMENT
Feb 21, 2013
I run 2 RV042 V1 for home and office with Gateway to Gateway VPN connection with single WAN connection in use. Everything works like a charm!
I was even able to create VPN connection with 2 WAN connection on one Router and 1 WAN connection on another with Smart link failover and VPN Tunel Backup.
I got problem though when i tried more complex connection diagram. [URL]
So basically I now have 2 ISP connections on each point with Static IPs and I'd like VPN Connection to be alive for ALL 4 options automatically with failovers (smart links) And tunel backups but i'm not sure if that's ever possible with my equipment.
View 2 Replies
View Related
Apr 18, 2012
What I currently have is a Cisco 891W Router as well as two ISP's (both with dynamic IP's) in. I'm currently just running one of my modems into the 891 through the FE8 port and then if for some reason I have an internet failure switching the ISP modems. What I'm wondering is if there is a fairly simple way to configure (and attach) both modems to this router and then set it up to handle this failover automatically?
View 1 Replies
View Related
Jul 13, 2011
I have existing Sonic FW in my company we are moving from sonic FW to ASA 5510 Security plus lice. I have two ISP currently connected to sonic Firewall I am planning to implement Dual ISP configuration on ASA5510.
View 12 Replies
View Related
Jan 31, 2012
I've a RV082 with 2 internet connections.The idea is to permit external connections to my server and if one Internet line falls, automatically switch to the other.
We have configured the router in Smart Link backup.We try to connect with WAN1 and WAN2 enabled and all works fine.
We try to connect with WAN1 disabled and automatically WAN2 is activated.The problem start here...if WAN1 is activated while there are connections using WAN2, these connections falls!
How I must configure the router to permit that active connections are not disconnected from WAN2 even when WAN1 connection come back?
View 1 Replies
View Related
Jun 12, 2012
RV082 configured for Dual WAN [Code]....
(2) identical DSL connections, configured as Static IP (not PPPoE) with modems in bridged mode. Static IP's are /25 subnet and same gateway ** this may be a problem? Dual WAN set for Load Balance, network service detection is OFF
We have a 2003 terminal server running and successfully receiving connections through both WAN connections. Depending on location, half the users are connecting to WAN1 IP and the other half to WAN2 IP. We are getting sporadic disconnects of the remote users when they are idle for a couple minutes and automatic reconnection of the session takes over a minute. If they close the (locked up) session and reconnect manually it will let them in right away.
Could the handling of the Dual-WAN be the culprit? Could the same gateway for both WAN's create this issue upstream (out of my control)?I am going to move everyone to connecting through WAN1 and then change to Smart Link Backup and see if the issues persist.
Another thought is to use a secondary IP on the terminal server and use Protocol Binding to match "All traffic" for IP1 to WAN1 and IP2 to WAN2, which theoretically would stabilize the situation?
View 36 Replies
View Related
Dec 6, 2012
I recently configured WCCP with a Sophos Web Filter on my network it works good but the problem I am having is I have two 5520s so I am directing the device to look at 2 different IP addresses and since the devices are in an Active/Passive failover. The problem is because the second device is in a passive failover it is not responding which is throwing connection errors to my Sophos device. I know you can have a single management connection for the ASA's but is there a way to have a single IP for the ASAs for the WCCP?
View 1 Replies
View Related
Oct 15, 2012
I have recently implimented an RV016 device into our network. We have a bonded T1 service with Paetec/Windstream (5 static IPs) and also a cable connection with Comcast (no static IP). The T1 has been our primary connection, and our MX and A records all use this IP address. I have the rules set and using a one-to-one NAT setup with our 5 IPs. Everything is working great with the T1 in place and email is flowing with no problems, however when I connect the cable into the WAN2 port and try to send email, its using that outbound connection, rather then the T1 and our spam filter is blocking it. So the email is rejected and we get this message below.
---------------------------------------------------------------------------
Delivery has failed to these recipients or groups:
xxxx@gmail.com (xxxx@gmail.com)Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.
The following organization rejected your message: (our smtp spam relay)
-------------------------------------------------------------------------
The reason for being rejected is just because it doesn't recongnize the IP address/gateway it is coming from.
My question is, how do I define that all email is sent out through our T1 connections IP address in the router?I see options for Advanced Routing or Bandwidth Management, but not sure what one I need to configure as I am not too familiar with these settings. I have Intelligent Balancer(Auto Mode) enabled as well by default.
The reason for adding the second internet connection is strictly for load balencing and getting some more bandwidth in our location.
View 3 Replies
View Related
Nov 13, 2011
I'm trying to configure cisco 1811 with dual isp internet connections. Everything is working fine till i get to setting up port forwards.The port forwards for 2nd ISP do not work while connection to 1st isp is active. If if shutdown the connection to isp1 the port forwards work fine.
here's relevant section of the config
Code:
track 123 ip sla 1 reachability
delay down 15 up 10
!
track 456 ip sla 2 reachability
delay down 15 up 10
[code]....
I can access the 192.168.2.131 web server using the ISP1 ip but not ISP2 ip If i shutdown ISP1 interface the server becomes accessible through ISP2.Also while ISP1 is active I can't remote desktop to 192.168.1.210There are no acls, firewall zones or anything else.
View 3 Replies
View Related
Dec 9, 2011
Will 2811 Router with 4 switch port module, How to do dual ISP configuration on this router.
View 10 Replies
View Related
Mar 6, 2007
In the LAN network 4507R as core switch configured with several vlans.One vlan connects to the dual homed routers which in turn connecting to the single isp. I need to configure the HSRP for the internal vlans and the same time to use the load balancing or failover using the dual homed routers to the isp.
View 7 Replies
View Related
Jun 24, 2012
In IOS verson 12.X there was a Bidirectional Forwarding Detection configuration however in IOS 15.0 this isn't available at least not with the same syntax. Is this feature not available in 15.0?
In 12.X this was the syntax of the command:switch virtual domain <number>.
View 1 Replies
View Related
Oct 16, 2012
I have recently implimented an RV016 device into our network. We have a bonded T1 service with Paetec/Windstream (5 static IPs) and also a cable connection with Comcast (no static IP). The T1 has been our primary connection, and our MX and A records all use this IP address. I have the rules set and using a one-to-one NAT setup with our 5 IPs. Everything is working great with the T1 in place and email is flowing with no problems, however when I connect the cable into the WAN2 port and try to send email, its using that outbound connection, rather then the T1 and our spam filter is blocking it. So the email is rejected and we get this message below.
View 1 Replies
View Related
Feb 8, 2013
Region : UnitedStates
Model : TL-WDR3600
Hardware Version : V1
Firmware Version :
ISP :
I recently bought wdr3600 and just trying to configure bridge through WDS configuration. I just enabled WDS and picked my initial wireless router after clicking the Survey button, then save it. After the reboot, I cant seem to ping/access 192.168.0.1 and the wireless SSID cant be seen any longer. I tried doing the reset button for 30secs but looks like nothing is working and not resetting. And I am still getting 169.254.x.x
View 5 Replies
View Related
Apr 4, 2013
Region : Australia
Model : TL-WDR4300
Hardware Version : V1
Firmware Version : 3.13.23 Build 121225 Rel.37950n
ISP : Optusnet
I've had a recent problem where I turn off my router computer etc every night and the next day the router has reset to original configuration. I lose SSID, password, region etc and have to do a quick setup or restore a back up config each time.
I've had the unit for about 1 1/2 months and all was ok until recently when I switch the wireless switch at the back of the unit so my kids couldn't access the router and internet. I switched it back on after a while and all was ok and later shut down for the night. The next day when I turned it all on again the SSID password etc had reset.
Anyhow I contacted TP-link and was told to disable the WPS for both 2.4Ghz and 5Ghz. That seemed to fix the problem for a couple of days but it has now returned.Should I try the 30/30/30 reset??
View 1 Replies
View Related
Feb 24, 2013
I have a two fiber connection from our Central Office(6513) to Remote office (6509). I have a requirement that on the remote office if one of the fiber goes down, the second fiber should work as a failover. I am planning to use SUP720-3B SFP to connect to the CO.
Can I connet one fiber to Sup720-3b G5/1 & another fiber connection to G5/2? or Can I connet one fiber to Sup720-3b G5/1 & another fiber connection to G6/2? I am running EIGRP between sites. Any sample config.
sup-bootflash:s72033-pk9sv-mz.122-18.SXD7b.bin"
View 4 Replies
View Related
Feb 13, 2013
Region : UnitedKingdom
Model : TL-WDR4300
Hardware Version : V1
Firmware Version :
ISP :
After setting up the newly arrived router, renaming the SSID and changing password for 2.4 GHZ AND 5 GHZ and also renaming the default router username and password, I decided to update the firmware.The procedure wiped all configuration I've made forcing me to do all over again.
View 3 Replies
View Related
Feb 19, 2012
I would like to make a design with 4 Nexus 5596UP. 2 of them equipped with Layer 3 Expansion Module so they can serve as core layer and the other 2 Nexus used as Layer 2 for aggregation server layer.The 2 Nexus in the core layer will run HSRP and will peer with ISP via BGP for Internet connection The 2 Nexus in the aggregation layer will be configured as layer 2 device and have FEX and switches connected to them.What I am ensure of is how the vpc and port-channel configuration should look like between the 4 nexus. What I was thinking is to run vpc between the 2 Nexus in the aggregation layer and between the 2 Nexus in the core layer. Than I was thinking of connecting each Nexus in the aggragtion layer to both Nexus in the core layer using port-channel and vice-versa.
View 3 Replies
View Related
Dec 17, 2012
how to change our wireless setup. Currently, we have 2 Cisco AiroNet 1130 WAP's in the office that go directly into the 2 POE ports on our Cisco ASA 5500. These WAP's have 1 SSID and are using WEP for security. After demonstrating the flaws of WEP to my boss, he has agreed that we should use something more secure and I've suggested WPA. We want visitors to our office to be able to hop on our wireless but on a separate guest SSID with WEP.
I'd like the internal SSID to route to the ASA and take the default route to the internet (it will be our new fiber connection once it's installed in a couple weeks). The default route is whichever connection is working since our ASA 5500 will fail over when it detects an outage.
I'd like the guest SSID to route to the ASA and then go over our existing cable connection. This connection will be our backup once the fiber connection is installed. Since we won't be using it very often, but will be paying for it, I advised that we send all guest wireless traffic over this connection since 50/5 is plenty for guests.
The current SSID (which will be the internal SSID) has no VLAN. We do currently have a few VLANS on our network, one for voice (.42) and one for data (.100) and the default (.0). What device to I create the VLAN on (Cisco 5500?) and how to I setup the WAP? I need very basic instructions to start and I'm also trying to do this without causing downtime if possible.
I've attached a diagram of what it should look like. Red indicates our internal network and Blue indicates the guest network. I can send screenshots as well.
View 2 Replies
View Related
Mar 29, 2012
I wanted to ask a question about the diagram I have included. We are bringing up 2 MPLS WAN connections and would like some specifics on the best design. We are using BGP to the providers. From there we have big questions. We can run BGP internal and are licensed to do so on the N5K's. The N5Ks are currently using HSRP for inside LAN clients as default gateway. We want to load balance and provide redundant routes using a dynamic approach. Should we use BGP internal utilizing the connections between the routers? Should we use HSRP on the routers? How best to get the routes to the N5K and should we be considering this?
View 5 Replies
View Related
Jul 17, 2012
I am position to migrate from CatOS 6509 switch to native IOS 6509 switch. long time ago, there was some site to convert automatically based on copy and paste onto the tool, but i can not find.
Does anybody know how to convert CatOS configuration to Native IOS configuration ? It is not IOS change, but it is configuration convert.
View 1 Replies
View Related
Dec 14, 2012
I have webcams that need port 8081 opened and I did that, everything worked fine until my DIR655 jammed up and power cycling it and the modem 3-4 times DID not make it work: no internet access and it was definitely a DIR655 problem. So, out with the paperclip to do the big reset, causing me to lose my configuration. When "most" of it came back up with my new config (I had screen prints), all was okay EXCEPT the webcams. Addresses and ports were all configured properly, address was fixed too on the client computer rather than use DHCP. I had a DNS relocation service running (DYNDNS) for the WAN side, but that address (My IP) didn't change either. I tried EVERYTHING. Finally, I realized in all my screwing around that I had enabled UPnP in my application, something I hadn't done before, but did this time as a desperation move. UPnP had always been checked off in the router. So.....I REMOVED my port forwarding and virtual server settings (either one worked before), and voila, everything working, Is this a normal occurrence, that if you have UPnP running, that this auto configuration overrides any manual configuration?
View 2 Replies
View Related
Feb 20, 2013
Basically, he has an office he's supporting on a contract basis, they have a cable modem uplink. They move very large (100MB or so) EXCEL files to/from a server "somewhere out there"...The place has 19 users on cable modem (presumably commercial level). They're having "severe latency due to all the users". They're also using VOIP (not sure what product, shouldn't really matter)this doesn't pass the sniff test to me- I have 70+ users on 4 T1s and don't have the problems they claim to be having. Suspect they should be doing some packet sniffing to see who's camping on Youtube, but this is not an option....They're adding in a second cable modem line and want to bind both together. I immediately figured they should do QOS, dedicate the mission-critical traffic to 1 line and let it bleed over onto the other and take precedence if necessary. They have a Cisco 1811 router. I haven't messed with those before, but what I am seeing is they are a "fixed-configuration router". Obviously there has to be SOME config changeable- if for nothing other than IP assignment to interface and such. So what does Cisco mean by "fixed-config"? Is this basically a dumbed-down Linksys router?
View 19 Replies
View Related
Dec 13, 2012
i am trying to configure Dual NAT (source and destination) with multiple subnets in the source, i am trying to figure out how to accomplish this with 8.2 ASA ,
Original source
172.21.113.0/24
10.233.0.0/24
[Code].....
View 6 Replies
View Related
Mar 23, 2011
I would like to configure my Cisco 881 enabling Dual Wan (load balancing and failover). First link: HTTP, FTP, SMTP,...Second link: DATA inter-site (VPN), VoIP,Does the configuration seem OK?What does the command line "track 1 rtr 1 reachability delay down 1 up 1" mean?To send the different flow on one or the other port, do i have to configure it on the ACL1 and ACL2 ?
View 9 Replies
View Related
Nov 17, 2011
I have an ASA 5505 with the Security License running 8.4 and 6.4.5 software, I have a fully working VPN solution on there using a ISP IP - works fine. My boss wants to split the lines/bandwidth to another ISP we have coming into the office. So what I want to acheieve if possible is this Say my current isp is 5.5.5.5, my internal network is 192.168.2.x and my other ISP is 6.6.6.6 - is it possible to use the ASA to accept VPN clients from both ISP's and use the internal network?
View 2 Replies
View Related
Feb 8, 2012
At the moment I'm running a T1 to a Cisco ASA 5505 device. I'm in the process of getting a backup ISP. My question is, is it possible to configure this firewall with two ISPs so that the same internal webserver can be accessed via backup ISP?
View 6 Replies
View Related
Dec 30, 2012
I configured dual ISP on ASA 5520 following cisco doc below. Now I would like to configure SSL VPN to work with this for failover? I tried to find an article regarding this but I could not. [URL]
View 3 Replies
View Related
Aug 30, 2012
I would like to configure & utilize the dual WAN / ISP to which we have subscribed. At present we are serving web-pages through our primary ISP which is working fine.
View 3 Replies
View Related
Dec 24, 2012
We have two internet connections with 2mbps each. I would like to go for Wireless Dual WAN Router. know the +ve and -ve of this usage. know the best modals. We have 30 macs in my company.
View 3 Replies
View Related
Nov 29, 2011
Context:1- My company has one ASA 5510 configured with Site-to-site VPN, Ip sec Cisco VPN and Any Connect VPN.2- We use ASA to connect to the single ISP (ISP 1) for internet access. ASA does all the Na Ting for internal users to go out.3- A second link is coming in and we will be using ISP 2 to load balance traffic to internet (i.e. business traffic will go via ISP1 and “other” traffic will go via ISP2).4- A router will be deployed in front of the ASA to terminate internet links.5- No BGP should be used to implement policy (traffic X goes via ISP1, traffic Y goes via ISP2). Questions:How do I get this done, particularly, how do I tell the router, for traffic X use ISP1 and for traffic Y use ISP2? PBR is my friend?Since I will be having 2 public Ip Addresses from the 2 ISPs, how do I NAT internal users to the 2 public Ip addresses ?. Finally, which device should be doing the Na Ting? The ASA just like now or move Na Ting to the Router?
View 9 Replies
View Related
Nov 9, 2011
i have two branch offices A & B both connected by a vpn. i am planning to add another isp on both the locations and have it just for the vpn. i.e have the second isp do just vpn and all other traffic go through the older ISP.. what are my options ? am not planning to add any extra hardware and also am not planning on acheiving any fail-over or load-balancing because i know ASA 5510 does not do load-balancing.
View 1 Replies
View Related
Nov 25, 2012
I have a DMVPN network with 2 hubs (2821's). This setup is used for VoIP applications over the Internet for teleworkers. At the main hub site I used to have only 1 Internet feed which was DSL with a static IP. Now I have 2 WAN feeds for this site - 1 FTTB w/ PPPoE & the DSL with static IP. Since this site also hosts a PRI, I want all voice communications to go through the FTTB link instead of the DSL for obvious reasons, but keep the DSL as DMVPN Hub for all NHRP lookups as this link has a static IP address & is very stable. We originally put the PRI router as a DMVPN spoke which connected through the FTTB link, with another router acting as the DMVPN hub on the DSL link. This was obviously a waste of machinery. I want to combine both routers into one. So I tried something like this (don't laugh):
Gi0/0 to FTTB (Dialer1 connects to Internet)
Gi0/1 to DSL (Public IP towards 877 demarc)
Tun0 attaches to Dialer1 public IP and connects to other spokes, no VRF
Tun1 attaches to Gi0/1 public IP and acts as DMVPN hub (ip nhrp map multicast dynamic) under VRF "Hub"
EIGRP AS 1 is set up twice, once under router eigrp 1, and the other using router eigrp 2 using an address-family under the Hub VRF.This kinda works but obviously Tun0 & Tun1 do not speak to each other. I also had to remove the ip nhrp map instruction that pointed to Hub1 on Tun0, as this was causing a weird condition in the router where it was repeatedly trying to connect a tunnel to itself, and crash the router because the NHRP process would go haywire. So my users must rely on the Hub2 to get a NHRP lookup for the PRI site. If Hub2 goes down, everything works in the network except for tunnel connections to the FTTB link. I'd rather not have to configure 2 tunnels on each spoke router unless I really have to.
View 2 Replies
View Related
