Cisco WAN :: ASR1006 Log NAT Translations
Feb 24, 2013
We have:
ASR1000-RP2
ASR1000-ESP40
ASR1000-SIP40
SPA-10X1GE-V2
SPA-10X1GE-V2
!
Kiwi Syslog Server
ASR performs the function of ISG. The number of subscribers until 10000. This number is constantly growing. Because of the economic address space subscribers surf the Internet through NAT.
Now the task to keep logs of all translations or binds. Need to store the information about what time, certain internal IP address using the external IP.
I've tried:
!
ip nat log translations syslog
!
logging trap debugging
logging host xx.xx.xx.xx transport UDP port xxx
no logging console (so as not to load the CPU)
!
Error stopped publishing but logs do not come. I think of the huge number of translation per second, it can not send them as fast. How can this problem be solved or otherwise obtain and store information about a translations?
View 1 Replies
ADVERTISEMENT
Jan 4, 2011
ASR performs the function of ISG. The number of subscribers until 10000. This number is constantly growing.Because of the economic address space subscribers surf the Internet through NAT.Now the task to keep logs of all translations or binds. Need to store the information about what time, certain internal IP address using the external IP.
View 19 Replies
View Related
May 17, 2011
I have a problem with configuring brach router 891 (with IOS v15.0(1)M).I want to connect to HQ via EasyVPN connection (split-tunnel) and allow the local traffic to go directly to the Internet via NAT (PAT).When the VPN connection goes up, NAT stops working and NAT translations don't appear in show ip nat translations. When the VPN connection goes down, NAT begins to work again.
View 1 Replies
View Related
Aug 15, 2011
I am at a loss on configuring a new ASA5505 for multiple static port translations.I would have expected to simply add several service command to a network object to complete the task, however, the service command overrides the previous and replaces rather than adds to the translations. [code] However, if entered in that order the 8443 overwrites the 8080 static translation.What is the correct procedure to establish multiple translations? If someone could also provide the "old" style for pre 8.2 release, I'd like to compare because I thought I used to do this with an access-list somewhere.
View 4 Replies
View Related
Jan 19, 2013
I'm using a 2601X router connecting to a broadband connections. The following NAT connections is working but I need to do NAT exemptions to set up my VPN appliance on the DMZ. I see a lot of documentation on how to use a pool of public addresses to do that, but I only have the one dhcp address from my isp.
!
boot system flash:c2600-adventerprisek9-mz.124-25d.bin
!
!
!
interface FastEthernet0/0
[code]....
View 5 Replies
View Related
Feb 15, 2012
In a 6500 or 7600 a 'show module' gives a run down on all the modules in the slots, their HW and SW versions and status. But I can't find a similar command in the ASR1006.
View 1 Replies
View Related
Jun 7, 2011
I'm trying to configure and DMVPN architecture with two routers ASR1006 to server a bank remote offices, one ASR in CO building and the other in CA building (CO: Operational Center; CA: Recovery Center).Each ASR have two LAN connections to internal network and two WAN links to remote office. Each WAN links belongs to differents provider.Each remote office has a router with two WAN links connected to that WAN providers.We are configuring the DMVPN considering two primary tunnels in the CO building and two failover tunnels in CA building.We made the configuration (schemas and configuration attached) but we only get two tunnels up at a time. We cannot ping from office router to four tunnels interfaces in both hubs.
We made some test disabling some tunnels and we could get communication only with two tunnels interfaces. We got communication through tunnels when we have just two.We want to have the four tunnels for high availability. We would like to know how to troubleshoot and make a design review because the examples and documentations are very limited.
View 1 Replies
View Related
Jan 8, 2011
my ASR1006 router with the IOS ver:
Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISE-M), Version 12.2(33)XNE, RELEASE SOFTWARE (fc1)
is restarting again and again when I try to write the configuration.
View 2 Replies
View Related
Nov 12, 2011
I would like to know if Cisco Collector Engine 6.0 can recive and reading the sent address traslation logging of router ASR1006. Using Netflow v9.
View 4 Replies
View Related
May 5, 2011
why I would see packet loss when BGP comes back up.We have 2 ASR1006's both running full tables of BGP to the same upstream ISP. We load balance the 2 links to them. the ASR's have an OSPF connection between them.When one pipe goes down we see not packet loss; however, when that pipe comes back up we see packet loss until the BGP table fully loads in that router again.
View 1 Replies
View Related
Aug 29, 2012
I want to do something with IP SLA and started by estabilishing a baseline.
I'm trying to check history on an ASR. I tested same config on a 3845 and was forgetting the "history filter all". After this I could see history table on 3845 but still history is empty on the ASR1006. The operation started because I can see information with "show ip sla statistics".
know if i missed something or maybe this is not supported in ASR1006?
re-ld-tcc-02_ASR1006#show vers
Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVIPSERVICESK9-M), Version 15.2(1)S2, RELEASE SOFTWARE (fc1)
[Code]......
View 5 Replies
View Related
Sep 28, 2011
We have an ASR1006 and I'm just discovering net flow aggregation cache.
I tried prefix aggregation and worked fine. But i cant get any information when checking AS aggregation. All I get is 0 in source and destionation AS. [code]
View 1 Replies
View Related
Jan 10, 2011
I have cisco router ASR 1006 .... i need to create PPPOE connection via Ethernet ... and can do that on the management port ???? and what is the type of adapter that use in the Giga Ethernt interface to connect it to fiber ???? hint :- my interface hardware SPA-10X1GE-V2
View 7 Replies
View Related
Mar 18, 2012
When trying to configure ERSPAN on a ASR1006, I'm not getting any traffic on the destination port. ERSPAN flavour is LOCAL SPAN, as described in:
[URL]
Configuration used, is the following:
monitor session 1 type erspan-source
no shut
source interface GigabitEthernet0/0/2
destination
erspan-id 10
ip address 10.10.10.1
[code].....
Apparently everything is configured in the proper way, however I’m not getting any traffic in the destination port. Also I’ve noticed the following in the details from ‘Session 1’:
Destination IP Address : 10.10.10.1
how to configure Local SPAN using ERSPAN?
View 2 Replies
View Related
Nov 10, 2011
I have problems in exporting translations of NAT from my router through NetFlow v9 ASR1006, to my server nfdump, any opensource or licensed software (collector) that I recommend.
ip nat log translations flow-export v9 udp destination 10.1.1.15 1181
View 2 Replies
View Related
Dec 3, 2012
There is an ASR1006 Router in the network that serves as an Intelligent Service Gateway (ISG). Subscribers are layer 2 connected and subscriber sessions are initiated on a DHCP request. ISG is configured as a DHCP relay agent. Wi-Fi clients connect to the WLAN using Open SSID and are being redirected to a Web Portal where they enter their login info. This info is sent to RADIUS server which checks if the user is allowed to use Internet service. All the APs are connected o WLC using CAPWAP. The question is the following: there is a requirement to track from which AP a particular Wi-Fi clients is connected. In this case ISG needs somehow to obtain AP’s mac address and send it to the Radius server (probably using attribute 30 – Called-station-id). One possible way for ISG to obtain AP’s mac is via WLC. But the thing is that when WLC is configured as DHCP proxy and Option 82 is set, a wireless client does not obtain IP address via DHCP. In this particular case there two DHCP relay/proxy in the network path between client and DHCP server. Is there any other away for ISG to obtain AP’s mac address?
View 8 Replies
View Related
Jul 20, 2011
I'm trying to test fast roaming using a Cisco 2100 Series controller and 2 1140 APs. The initial authentication succeeds fine and the wireless connection works ok using WPA2+CCKM and LEAP with a Cisco ACS radius server.The problem is that the client does not attempt to preauthenticate with the other AP because the RSN Capabilities IE in the AP beacons and probe responses do not set the RSN Preauthentication capable bit. I can't figure out what it takes to get the APs to indicate to clients that it can do preauthentication. I'm been crawling through all the documentation I can find, to no avail.
View 1 Replies
View Related
Aug 22, 2011
We are about to share a 10 MBit ISP connection with 2 others companies, and they are going to split the bill up into 3,3 and 4 Mbit, so we where thinking that we could setup a switch before their and ours router and provide them with a static IP from our ISP. But is it possible to set a bandwidth limit on the ports of a Cisco Catalyst 2960-8TC, so that we can set a limit of 3,3 and 4 on 3 ports.
View 1 Replies
View Related
Dec 3, 2011
I want to PAT my project of WLAN and i attached the document, how I create the Testing Criteria of the said scenarios, PAT document includes WCS 7.0, WLC 5508, MSE 3310, Cisco AP 3502e and ACS 4.2.
View 0 Replies
View Related
Jul 12, 2012
I have cisco ASA5510 firewall using in my network but unable to bolck Url's unwanted. can i block the [URL] on the asa by using regular exp.
View 3 Replies
View Related
Mar 1, 2012
I have 7 POE switches that have ESI IP phones attached. I have two VLANS, 1 and 2. VLAN 2 is used for voice and is defined in each switch.The ESI IP phones connect to my POE switch ports and the pc attaches through the ESI IP phone.
I have had voice quality issue between floors in my building. Talking to others on my floor via the IP phone, there are no voice quality issues. [code]
View 1 Replies
View Related
Nov 18, 2012
is it possible to connect Cisco Ap-1242AG with non-cisco wireless router to work as repeater?
View 1 Replies
View Related
May 1, 2012
I am looking at a config on a 5550 FW, and am trying to make sense of the syntax of the following rules. I have been to the Cisco site, but can't find much on the syntax.
View 8 Replies
View Related
Mar 10, 2011
I currently use a device called the Access Enforcer which runs OpenBSD. I have 3 stable, working VPN tunnel's where the other side's device is a Cisco ASA 5520 or 5540. I was setting up my 4th VPN where the other side used a Cisco ASA 5520 and ran into issue's. The Cisco side can bring up the tunnel. Once the tunnel is up each side can talk to the other side. However, when the tunnel is dropped, the OpenBSD side cannot bring up the tunnel. The error received is on the OpenBSD device is "isakmpd[29581]: transport_send_messages: giving up on exchange from-XX.X.X.0/24-to-XX.XXX.XXX.240, no response from peer XX.XX.XXX.141:4500". I have been trying to figure this out for weeks now and can't seem to find the cause.
View 3 Replies
View Related
Dec 5, 2011
I am trying to configure a 3750G that has been sitting on the shelf for several months and am getting the following error -
% Error: Unable to create flash:/microcode_update% Error: It must not already exist
Normally, getting an error during POST isnt a good thing. My first thought was that flash was corrupted or flagged RO somehow. I did fsck flash: with no change. I next tried fsck /test flash:. It tested 77 blocks and performed 0 erasures. It had been running for about 15 minutes with no problems reported so far. Multiple reboots of the switch still report the same error.
I have reviewed the history of what I have done on this switch and finally think I found the problem. I noticed a microcode_update directory that I am not used to see on a 3750. Deleted the directory using the rmdir command and rebooted the switch. On reboot, I noticed that a front_end/ directory was listed as being created as well as fe_type_1 and fe_type_2 were created. The switch now boots up without any errors.
View 3 Replies
View Related
Jan 3, 2013
I have two Cisco Aironets 1401 connected to a Cisco Catalyst 3560 Switch. When users log onto the Wifi the APs authenticate with a Freeradius that then authenticates with LDAP.
Recently users have been getting kicked off of the network but I'm not sure why.If so how do I set these APs to roam with my setupd?For all I know there could be an issue with the switch I'm just not sure where to start when it comes to troubleshooting this issue.
View 17 Replies
View Related
Dec 29, 2012
Guys I am using a cisco 2911 router with three interfaces: Gi0/0 connected through a switch to all my servers and Gi0/2 which will connect to another server, and Gi0/1 is my outside interface connecting through a switch to two ISP's.I have webservers and Terminal servers/File Servers with 10.0.0.0 network address connected throught My Gi0/0 interface.Now I want to implement a Cisco Advanced firewall for security on my router using CCP.I want the firewall to work such that it allows external users to access the servers on Gi0/0 through ports 0,23,25,20,21,53, 110,3389. and to access the SIP server on Gi0/2. My issue is can i just create two DMZ's for both interface Gi0/0 and Gi0/2 without creating an inside zone and Gi0/1 as outside zone as my internal traffic is mostly server based and the users connect remotely through terminal server to access resourcess using RDP, secondly how do I open the relevant ports.I have checked alot and all I have seen is just basic process on using the wizard I have no idea how to go about this issue.
View 19 Replies
View Related
Mar 30, 2011
I bought a new cisco 3550 switch to prepare for my Cisco certification prepration. Actually i dont know how to connect the cisco switch to a laptop with only usb ports....... earlier i used to do my practise using Cisco packet tracer but i think for CCNP switch that is not enough thats y i bought second hand switch. how can i connect that switch with my toshiba laptop which has only USB ports. do i need to buy some sort of convertor or other hardware. And if so what does u call it and how much does it cost?
View 5 Replies
View Related
Apr 14, 2013
I am struggling to have my PPTP traffic to get routed through NAT to reach other Server LAN segment. I am using Cisco 2921 router as a PPTP server.This Cisco 2921 router is working as PPTP server and doing NAT also to reach Server LAN segment (LAN-B).My problem is after PPTP connection establishes I cannot reach any of the LAN segment, but after connecting PPTP I can browse Internet without any issue, but none of the LAN element is reachable. Please have a look on the configuration I am posting 2921 router configuration to suggest something, I have also attached the network setup for better understanding…Just to update Clients in LAN-A can access Internet as well as servers (LAN-B). [code]
View 2 Replies
View Related
Dec 8, 2011
I would like to know the IOS which supports :ACL Support for Filtering on TTL Value feature on my Cisco 7600 device. I check on cisco and found the Cisco 12.4T release but this software doesn't fit onto my chasis. which software should I upgrade to on my cisco 7600 to have this feature.
View 5 Replies
View Related
Feb 27, 2012
I have a cisco router I would like to reset the password for. Its the first password that is entered. for exampleUser access verificationPassword:I have changed the en password using this command:router(config)#enable secret cisco123 <---example password
View 5 Replies
View Related
Jul 19, 2012
I finally got the Site to Site Vpn from our corporate to remote site. Is there a way to connect a cisco phone over that network. Since both Voice Vlans are exempt from acl I would imagine all traffic is clear to go accross? and if so I just have to set the phone to our tftp/ccme. Will that work.
View 2 Replies
View Related
Nov 6, 2011
I want to create a user who only has access to "router>" prompt on the CLI. this user should not be able to do enable command and by no other means be able to go to global configuration mode. I know the command router(conf t)# username ABC privilege 1 password ABCPASS, but even with this command, this user gets privilege 15 access.
View 2 Replies
View Related
