Cisco WAN :: Broken Pat / Overload After Upgrade From 1711 To 891
Apr 26, 2011Broken Pat/Overload after upgrade from 1711 to 891
View 7 RepliesBroken Pat/Overload after upgrade from 1711 to 891
View 7 RepliesI have a TAC case open, but it doesn't seem to be making any progress.I upgraded my 5508 controller from 7.2.111.3 up to 7.4.100.0..Most of my APs are fine. 3500s, 1100s etc.except for 602i APs. The APs associate, they update software etc, but they won't broadcast the WLAN.An interesting thing, on the 602 AP, in the log, I see this:*Mar 06 15:08:12.667: SSID remote, WLAN Profile Name: RemoteOEAP, added to the slot[0], disabled..So the AP is definately talking to the WLC and being pushed the correct WLAN profile.On the controller, the AP shows the the Admin status of the radios is showing DOWN, but the Admin status on the AP itself shows UP
I've done a factory reset on the APs to no avail. I have a 2504 WLC as well that i'm in the process of implementing in a DMZ specificially for these APs, and for testing purposes, I associated the 602 Ap to that WLC as well. This one is running 7.4.100.0 too, same results. It would appear to be a problem with this version of software?
Before upgrading to 8.4(4)1 I was able to ping our inside interface accross the VPN. Now I cannot. Because ping is not working, my SNMP server thinks that the device is offline however I know the VPN tunnel is still up and the remote branch office is working fine. Here is the config of the branch office ASA 5505 in question. How to get icmp working again?
ASA Version 8.4(4)1
!
hostname BranchASA5505
domain-name houston.deh
[Code].....
I found a Cisco 1711 router in our storage room and I want to factory restore it so we can mess around with it or use it as a backup.
I connected a console cable to it and in Hyperterminal on a Windows XP box I want to try the CTRL+BREAK sequence to clear it out. I'm not concerned with the current config or finding the password, I just want to wipe it like it's never been used before.
This is what I get:
System Bootstrap, Version 12.2(7r)XM4, RELEASE SOFTWARE (fc1)
TAC Support: [URL]
Copyright (c) 2003 by cisco Systems, Inc.
C1700 platform with 131072 Kbytes of main memory
[Code]....
Im new to cisco routes, Im traing to configure a 1711 routes with a dsl 2wire routes, my problem is that Im able to ping anywhere in the routes, but when Im on my computer I can only ping the interfaces on the router but no the 2wire route that gives me access to the internet.
Cisco 1711 2wire
f0 192.168.200.1(Inside NAT) e0 192.168.1.76( 2wire Nat) 192.168.1.254 (Internet)
My computer is getting ip addres 192.168.200.100 when I ping th 192.168.1.76 is fine, but when I try to ping the 192.168.1.254 does not work, Im assuming the cisco has activated a dinamic route from .76 to .254, but it is not working, why?
Here is the router configuration
Router#show runBuilding configuration...
Current configuration : 1183 bytes!version 12.3service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Router!boot-start-markerboot-end-marker!!no aaa new-model!resource policy!memory-size iomem 25ip subnet-zero!!no ip dhcp [Code]....
Im new to cisco routes, Im traing to configure a 1711 routes with a dsl 2wire routes, my problem is that Im able to ping anywhere in the routes, but when Im on my computer I can only ping the interfaces on the router but no the 2wire route that gives me access to the internet.
View 2 Replies View RelatedI have a 1711 Catalyst router hooked up behind a cable modem. I configured the router, copied running-config to start up-config then wrote it to memory with "write mem". I unplugged router to move it and when I plugged it back in, I had to start from scratch.
Is this normal, or should router be able to save configuration if powered down?
BTW, I'm using Putty to access router console. Is that the hot setup for Windows 7 or is there something better?
Since upgrading some of computers in my LAN to Windows 7 they all experience upload issues. I have narrowed it down to CBAC inspection on my Cisco 1711 router, I am running IOS 12.3 I have a simple CBAC inspection set for TCP/UDP only without any application-specific inspects. Download works fine however upload does not seem to work atl all- unless I disable the ip inspection. It is all working fine for any Windows XP but not for Windows 7 machines. Is this a known issue, I am not sure how I can go about this - I don't want to build ACLs now for outside interface and disable stateful inspection mechanisms because CBAC has been working fine for me until recently.
View 7 Replies View RelatedMy collegue and I have been trying to figure out why we are unable to get this ASA to NAT Overload correctly. I'm sure it is something stupid, and the config may have gotten a little dirty as we tried to change options and make it work. FYI, we can ssh from the WAN into the device to configure it. It is communicating externally, but it isn't natting.
ASA Version 8.6(1)2
!
hostname ASA5512-X-Remote
enable password ********** encrypted
passwd ********** encrypted
names(code)
There is a new office which is going to be on a separate internal subnet (192.168.254.x), and need this to be port address translated to one public address (212.23.51.108). Ive given it a go on the ASA5510, but not sure if Im doing this right.
3 of the internal addresses need port redirection:
192.168.254.10 - public port 33510 - private port 3389
192.168.254.11 - public port 9940 - private port 443
192.168.254.173 - public port 3390 - private port 3389
port 80 and 443 opened for 192.168.254.10
I have a test pc setup and connected to the internal 192.168.254.0 network (gave it static of 192.168.254.10), it is reaching the internet, and its public IP is seen as 212.23.51.108, however how do I test to see if port 80 or 443 is open for this ip?
Tried using the cli but gave up and looked at doing int in ASDM, however cant see the option in ASDM for NAT overload, so ive tried configuring this with Dynamic NAT which looks about right.....
This is the relevant config so far as far as I can see.
global (outside) 2 212.23.51.108
nat (inside) 2 192.168.254.0 255.255.255.0
nat (inside) 2 access-list inside_nat_outbound
[code]....
I have 3 routers all running OSPF. each of the three routers have 2 networks they are advertising..NAT Overload breaks OSPF Adjacency
[code]...
I have the folowing nat configuration on my catalyst 6509-E with a sup720-10G that does not work, and gives a erros messague:
ip vrf testes
rd 6900:5
interface Vlan1111
description liga
ip vrf forwarding testes
ip address 192.168.63.91 255.255.255.248
ip nat inside
[code]....
This configuration generates the folowing error:
NAT: translation failed (A), dropping packet s=128.2.21.21 d=192.168.63.185
If i change the nat overload to a static nat, everything? Is there any wrong with this configuration ?
I am attempting to configure a Cisco 2901 router using IOS 15 to properly perform NAT/PAT translation between LAN and the internet connection. I've configured DHCP pool for the local interface (GigabitEthernet0/1), which works properly. The WAN interface (GigabitEthernet0/0) is configured to obtain its own IP by DHCP from the ISP. I can work on the LAN computers and I can access the internet directly from the router (using, for example, telnet and router's ping commands). The problem is, NAT does not work properly and connection from the LAN interface does not reach the WAN interface.
View 1 Replies View RelatedWe have an ASA 5505 and we keep getting short bursts of ICMP packets (5000 in one second) They will do this and it just simply overloads the ASA and it crashes.Is this since it is 1000 past the 4000 connections per second capacity of the ASA 5505 or do we have a setting wrong some place that could prevent this type of overload from happening? We are looking to prevent DoS and other attacks that prevent even a short loss of connection since the servers are getting attacked daily and we have voice streaming on through the ASA. [code]
View 2 Replies View RelatedI have a cisco 2821 router. I currently have it setup to accept vpn connections from a cisco client which uses the 172.16.4.0 subjet for vpn connections. I also have nat overload setup for my local lan of the router so my internal servers on the 172.16.3.0 subnet can reach the internet. Every thing works great for that setup.However I have tried several methods I found for split tunneling and they have weird problems with the nat overload in place. If I take away nat overload the split tunneling works. If I take away split tunneling the nat overload works. I can't seem to get them to work at the same time.Config is below. This is the vpn/nat overload config with no split tunnel.
Current configuration : 2236 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
[code]....
I use a C892 router with the IOS c890-universalk9-mz.152-1.T.bin. I just ran the command "debug ip packet 151 detail" and then the router stopped to work because it was overloaded. The ACL151 I used is as follow:
Extended IP access list 151
10 permit ip host 10.1.1.1 host 91.1.1.1
In the syslog then I got hundred of messages from IPSec:
Jan 11 09:43:35.677: IP: s=10.80.10.254, d=10.64.19.99, pak 8A7453CC consumed in output feature , packet consumed, IPSec: to crypto engine(70), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
[code]....
For me it seems just like that this ACL is not applied and that I have a debug then for the whole traffic.
I have a cisco router 2612 where NAT is defined ip nat inside source static tcp 192.168.1.63 80 175.x.x.x 80 extendable It appears that after sometime (may be in few hours) the NAT is broken and I no longer can access the server over port 80 externally.
View 3 Replies View RelatedI recently upgraded an AP802GN-E-K9 to version 15.2(2)JB (ap802-k9w7-mx.152-2.JB), which broke the web interface. The http server is still running, however the web interface is not available. The following is displayed instead Navigating to /ap_home.shtml etc shows the correct pages. Extracting the "tar" file from the Cisco site and looking in the /html/level/15/ directory in both the tar and flash shows files missing that I'd expect to exist ( frameHome.html , navHome.html etc ).
Alas, I have no SmartNet on this device (embeded into my 887VA-W) as it's for home
I turned unplugged it and plugged it back in. Now its blinking green power LED. Is it dead?
View 2 Replies View RelatedI have searched the forums and found that there have been others with the same problem as me,but none of the solution offered was working for me so I decided to start this thread.I have an Acer laptop that wont recognize my ethernet cable, it says that there is no cable connected.
View 1 Replies View RelatedI can't find the problem in firewall..
View 3 Replies View RelatedYesterday I was on my toshiba satelite L550-OCD and the wireless wasn't working then it started working again. I closed my laptop and when I went back to it it wasn't working again and hasn't since. It says there's no wireless connection to plug in Ethernet cable now I have tried Fn F8 and it doesn't do anything. So I went into my toshiba assist and opened optimize. Then toshiba hardware settings and clicked LAN and it says it's turned on. But when I click radar it shows it is not connected and the light is off.
View 6 Replies View RelatedI recently swapped a router out for an old one to check an internet problem (to rule it out basically) and when I tried swapping the newer (better) one back in it networks fine (ie computers can see/stream off each other) but it doesnt recognize as being plugged into the internet.
After doing a factory reset via routerlogin.net I still have the same problem. The only thing I can think of is maybe the port got damaged? (The ethernet cables all work fine).
My process for hooking up the new router in case I was doing something wrong:
Unplug cable modem power, swap all the cords, on router while cable modem was rebooting and then once modem connected I turn on router. Did I need to restart the PC as well? Is that why this is screwing up?
i have already installed this, but it stop working so i unplugged it, now cant find the CD
View 1 Replies View RelatedI have a WLC5508 and 25 LAP 1041. I use two wifi, one with RADIUS for data and other with wpa-psk for voip. The problem is the voip conectivity is broken.How can i improve the handover?
View 11 Replies View RelatedThis feature is not working on our LMS installation. I have tried different browsers but is always giving the same error. It seems to be Java related.
View 0 Replies View RelatedI can't seem to reset my switch and realized the reset button is missing/broken off. Is there an alternate method to reset the switch to factory settings? If not, how do I figure out the IP of the web interface, it is not the default.
View 8 Replies View RelatedCurrently we do not have multicat routing enabled on either of our 2x Sup720-10G 6509 Switches. We have no intention of doing so either. I am looking for clarification on how mutlicasting operates within a Vlan.
IOS: s72033-ipservicesk9_wan-mz.122-33.SXH2a.bin
Our Vlan has IGMP snooping enabled. Here is the output.
6509Switch#sh ip igmp inter vlan 25
Vlan25 is up, line protocol is up
Internet address is 10.1.1.254/24
IGMP is disabled on interface
we do not want to disable IGMP due to this one concern that I can't find documented. If we disable IGMP snooping on the vlan, what happens to multicast packets with a TTL > 1. Do they get flooded to the entire switch and all Vlans? Or does it stay within the Vlan?
I have tried to upgrade from 2.0.2.1 ever since 2.0.3.3 was released back in July. The firmware image file has remained the same, so I don't think they've ever changed it from the original July release.The download and installation go fine, I even reset to factory defaults. The problem is that several menu selections are broken, and don't allow you to save your choices, i.e, you can't even rename your SSID. You can type it in a Apply, but the fields just reset. I figured this would be fixed with a minor update to 2.0.3.3, but we are now several months since original release and nothing has changed. I have tried this firmware at least three times now. I have not bothered lately, because I don't want to waste another 30 minutes trying it and reverting back to 2.0.2.1 if this newest firmware is not going to work.
View 3 Replies View RelatedI have an acer aspire 5552 laptop that wont connect to the internet. When I tried troubleshooting I get the message "network cable not properly plugged in or may be broken". When I go through the control panel/system devices/network adapter the only thing that shows is pdanet. Right now the only way I can connect is through my cell phone using pdanet. How can I get my network adapters to show back up?
View 1 Replies View RelatedSame problem on Dell Inspiron 530. Thinking about inserting a new network card.
View 3 Replies View RelatedI have a new wireless router (new network, entirely). I used to get intermittent "network access denied" messages. Now, I get intermittent connectivity loss: "No internet access." I typically just right click and troubleshoot. The problem is solved and I get the following message: "Problem with wireless adapter or access point." Once fixed, things go on well for a random time (never more then a day). Then, however, they just fall apart.
View 9 Replies View RelatedWe can not get on line with our home computer (dial-up). The computer dials out, the modem at our ISP picks up and then hangs up - Error 720.[code] The last two were installed by Avira Antivirus, a program which we have uninstalled.Can I download support files for a network adapter? Windows XP SP3
View 3 Replies View Related