Cisco WAN :: Deploy 881 3G Router - VPN Tunnel
Aug 10, 2011
I'm looking to deploy the Cisco 881 3G routers for a few mobile assets. The assets will use WIFI / WIMAX as their primary communications via the Ethernet interface and roll over to a 3G cellular connection when traveling outside of the WIFI / WI MAX coverage area. The WIFI / WI MAX network will solely be for the corporate network and will not required any VPN tunnels. When outside of the WIFI / WI MAX network, the asset will use the 3G cellular network via an IPSEC VPN tunnel.
My question - is it possible fire up the VPN tunnel only when connectivity failing over to the 3G connection and not when utilizing the Ethernet interface?
View 1 Replies
ADVERTISEMENT
Dec 31, 2011
I have broadband connection on a wired DSL Modem. Now I want to create a wireless networking environment at my home so to work with my laptop and WLAN enabled phone. I do not like to buy a new Wireless router.
Is is possible to deploy my existing modem/router with some extra equipments to build a wifi hotspot?
View 5 Replies
View Related
Sep 23, 2012
I'm in process of purchasing a new Cisco routers for our branches that will be used primary to enable IPSec virtual tunnel interfce with "tunnel mode ipsec ipv4". does the default IOS IP Base supports this feature? or i need to purchase DATA license or SECURITY license?
View 4 Replies
View Related
Apr 25, 2012
The client is interested to deploy 2x new ACS 5.x and interested to setup split deployment between two ACS in two separate locations for load sharing, and configuration replication. At the same the client want an ability to make configuration changes on both ACS servers. According to Cisco ACS 5.x deployment notes all
Configurations must me make to a primary ACS servers and secondary servers will obtain configuration from the primary server which defeat the client requirements of the ability and capability to make changes to both server.
Question:
If I deploy two ACS servers in two different location as an independent servers, can I still replicate information between two servers? I know ACS 4.2 I can do replication between two servers.
View 3 Replies
View Related
Jan 17, 2011
is there a way for pre deploying the new ap images? We have around 500 APs and my inspection windows isnt long enough to upgrade via controller......
View 6 Replies
View Related
Apr 11, 2013
deploying a large wireless network (about 14 access points) spread across 9 buildings that are in relative close proximity to each other. I have included a picture with a rough scale (it's editable, so feel free to play around with it). Anyways, here is the basic idea. I do basic IT consulting for small businesses and some friends of mine work for an apartment complex in my local area. They came to me with this idea of deploying a wireless network on the campus to provide their tenants with "free" basic wireless internet. Basic meaning, not intended to be a replacement for a private connection. But suitable for basic web browsing, school work (I live in a university town), and email. So I got to scratching my head and quickly realized that I need to dome some learning and refresh on my skills.
View 4 Replies
View Related
Jan 24, 2013
We want to deploy NAC for 500-600 users across WAN. We are planning for L3-OOB-Real Gateway central deployment Solution.We are having two NAC Server (3355) two NAC manger (3355) at HQ and 6 NAC Server(3315) at branch. We deployed NAC under VRF.How we can deploy NAC over WAN without NAC Server, need step by step configuration under VRF.
View 1 Replies
View Related
Sep 26, 2012
Is a CA/CS required to deploy 802.1x? Google searches is confusing me with multiple answers. Im currently trying to test without a CA/CS and im having no luck.
Lab
2008 R2 DC
2008 R2 NPS
Juniper EX4200
User Win 7 PC
This is for a wired connection
View 3 Replies
View Related
Jan 13, 2013
Attempting to upgrade from ASA 8.3.2, ASDM 6.3.4, Any Connect 2.5.1 to ASA 8.4(4)1, ASDM 6.4(9) and Any Connect 3.1.00495 using ASA 5505.
Client is Windows XP SP3 w/ IE7. Can log into the ASA web portal and starts to install via ActiveX. I get past the IE7 message bar to authorize installing the ActiveX control. I briefly see a message that says "ActiveX could not be launched" (I think. It is very fast) and then the install hangs w/ the message in the web connect dialog about the IE7 message bar. If I let the timer expire, the java install also fails. If I download the installer via the web portal, and install Any Connect via the downloaded installer, everything works fine.
Same problem w/ ASA 9.1.1, ASDM 7.1(1) and Any Connect 3.1.02026. I have added the web page address to the trusted zone, and checked all the zones for permissions to install ActiveX controls, etc. Worked w/ the older/original software when I remove the kill bit for Microsoft KB2736233. Have not installed any custom Any Connect profile to use transforms. I did see in the release notes some information on NO INSTALL ACTIVEX=0, but I think this applies to the per-install package only.
View 2 Replies
View Related
Jul 21, 2011
Need to deploy ms office compatibility pack via a gpo to a network I work on. I've extracted the exe and have the msi and cab files which I've placed in a network share and given full control permissions to everyone (I did this after it not working a few times with modify), everyone has full control on the 2 files as well.
I've created a new gpo "software deploy" under computer configuration, software, I've assigned a new package and typed the path in the following format \servershareo12.msi. I've moved a test pc into a test ou in ad and back in group policy management I've linked the software deploy gpo to this test ou. I've ran gpupdate /force on both ends.I've restarted the test box, nothing, repeatedly, I even edited the gpo to deploy the software under user and moved a test user into this test ou, same thing, nothing. I then went back to the config above using the computer config instead of user.
View 2 Replies
View Related
Apr 7, 2013
im currenly configuring a 4500X with 16 port. All sfp are 1Gig, but when I input show ip int brief, it shows that the interfaces are on 10 Gig. Does Catalyst 4500X already support the 1Gig SFP without inputting a command or do I have to configure it to activate the 1Gig interface?
View 6 Replies
View Related
Mar 11, 2013
I need deploy a BGP with two ISPs exchanging routes with the Internet.My company has a Switch 3550 as follow specification below
Cisco WS-C3550-48 (PowerPC) processor (revision E0) with 65526K/8192K bytes of memory.
Processor board ID CHK0629V0F1
Last reset from warm-reset
Running Layer2/3 Switching Image
Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(25)SEB4, RELEASE SOFTWARE (fc1)
I Should like a tip about that switch going be support that implementation. for exemplo it has 64MB as showed above.
View 2 Replies
View Related
Apr 9, 2013
deploy OTV using ASR 1001 between 2 data-centers? We want to acquire HSRP localization there, but at this moment I can only see lots docs are saying how to do this on N7K, not ASR. I saw it has a FHRP filtering enabled by default when the OTV configuration is done, and also see there is a access-list created by default call otv_filter_fhrp, Im just wondering besides this IP ACL there should be MAC ACL applied?
View 3 Replies
View Related
Oct 2, 2011
I`d like to know if that antenna AIR-ANT24120 works with the LAP 1252 in a Mesh deploy.
View 8 Replies
View Related
Apr 9, 2012
Currently we have a CISCO 3020 VPN Concentrator to terminate Lan-to-Lan tunnels and have our mobile workers connect via CISCO VPN client (300 users-employees and contractors-). Since this device is coming to an EOL this year we purchased a CISCO 5520 (below are the current licenses on it)
The licensing seems rather complicated, therefore this is my question:
- What VPN solution do you recommend for our users and contractors? it is my understanding the CISCO VPN client does not work with ASA 5500 series devices
- Is there a license needed to deploy VPN solutions for our remote users(employees/contractors)?
View 3 Replies
View Related
Aug 10, 2011
We are looking to deploy an indoor mesh deployment in an area where radar might be an issue.know that when using 1500 series APs you cannot choose UNII-1 channels even if they are deployed indoors.My question is if you can use a UNII-1 backhaul with indoor APs (3600 series for example) in an indoor mesh deployment.
View 8 Replies
View Related
Aug 8, 2012
We've got a doubt about the uplink ports of this supervisor. I've read that you have to use the four ports in 10G mode or in 1G mode, but not use for example 1 port in 10G mode and 1 port in 1G mode:
But, you can read in another sentence: " Beginning with Cisco IOS Release 12.2(25)SG, you could simultaneously deploy the dual 10-Gigabit.Ethernet ports and the four Gigabit Ethernet SFP ports on the Catalyst 4503, Catalyst 4506, and Catalyst 4507R chassis." Is it posible deploy simultaneously both type of ports?
View 2 Replies
View Related
Jan 9, 2011
i have a 7201 router with NPE-G2. i have a design which i have the option to send all the traffic through a GRE tunnel or a L2TPV3 tunnel.which method is more CPU consumption ?
View 1 Replies
View Related
Jun 1, 2012
WE have to deploy ASA5585 in between User vlans & server vlans. we have to find all the ports that needs to be opened on firewall. any tools to do same.
View 2 Replies
View Related
Oct 17, 2012
I am using a Cisco RV110W (Firmware 1.2.09) in a branch and I would like to create a VPN Tunnel to another site that has a Cisco RV042 (firmware v4.2.1.02)
What would be the correct Configuration? the current configuration I am using is
in the RV042 i am using
Check Enable
Local Group Setup
Local Security Gateway Type : IP Only
IP Address : RV042 Pulbic IP address
[Code].....
View 3 Replies
View Related
Feb 13, 2012
What is the best way to deploy the IOS firewall feature?I have a Cisco 1841 router running 12.4.
View 4 Replies
View Related
Jul 24, 2012
Environment :linksys wrt300n v1.1 which can have ddwrt-mega. Willing to tunnel all lan's outbound traffic through an ssh tunnel.
View 2 Replies
View Related
Jan 23, 2012
There are a few situations were I'd like to be able to use the locally configured account on a device but still have ACS in place.I want to complete this WITHOUT adding the locally configured account into ACS.I have tried setting the advanced option under Identity for if an account is not found to "Continue" however this causes the account to be allowed as long as a password is typed (any password, as long as its not blank).
View 2 Replies
View Related
Feb 6, 2012
We are going to deploy a site to site VPN using two ASA5505. The network I'm going to traverse has a max MTU of 1320. I determined this by experimenting with pings of different sizes. How should I configure MTU on my ASAs?I'm thinking of using these two commands but I don't know if there are any implications to this...
ip mtu outside 1320
ip mtu inside 1280
View 1 Replies
View Related
May 16, 2011
I m trying to make the vpn session using m GRE tunnel between cisco 891/k9 and 1841 router.. there is the fixed ip add with the 1841 router, and another one doesnt have the static ip from the ISP, In this case, im going to use DMVPN, The problem is , after completing the configuration, the tunnel inteface of the 1841 router will be seen like this.
-status: reset
-protocol: down
View 1 Replies
View Related
May 13, 2012
I woulke like to know is it possible to create a VTI tunnel from my 877 router to my ASA, rather than creating a cryptomap on the router ?
View 1 Replies
View Related
Mar 3, 2011
I have been struggling for a few days with getting site-to-site traffic working across a L2L IPSec tunnel. At this point, I have the tunnel up, and I see packets being decrypted on the correct IPSec SA's when I ping from a local network computer on the ASA side to a local network computer on the router side. I cannot ping from one side to the other, but those packets are getting through. We have another L2L tunnel that is from that ASA to another remote site's ASA, and that is functional. I have mirrored the configuration for ACLs, etc. from that site, so I believe that the issue is with the packets getting incorrectly translated by the NAT/NONAT statements/ACLs on the router side.
View 8 Replies
View Related
Nov 28, 2012
I need to setup GRE Tunnel1 between Windows XP 10.0.0.1 and HQ Cisco router 10.0.0.2 on HQ Cisco side I have:
!
interface Tunnel0
ip address 10.0.0.2 255.255.255.252
tunnel source Ethernet0
tunnel destination 83.242.251.30
!
!
But how to configue another point on Windows XP 10.0.0.1 side?
View 3 Replies
View Related
Mar 28, 2012
I want to terminate the IP Sec VPN tunnel on the Cisco ASR 1002 router, but it shouldn't have be bedirectional traffic to the other end., and it should be answer only, We don't run tunnle over GRE (no IPSec profile), just IPSec only. I found there is a command "crypto map *** client configuration address respond" but it looks it is global command and we have lots of VPN terminated on the Cisco ASR 1002 router, How can we configure the "Answer Only" for only one specific VPN tunnel and it won't impact the others?
View 2 Replies
View Related
Apr 11, 2011
We have just installed our first 2951 router, and were suprised to see in our Netflow collector that Tunnel interfaces appeared even though we did not configure any, I have seen other posts talking about PIM tunnel when using Multicast, but we dont use multicast and the tunnel is GRE questions are, where do these interfaces come from? how do they pick up an IP address? can we shut them down? IOS is 150-1.M4 loopback interface ip address is 172.16.224.238 ( tunnel source) see output from sh int below
Tunnel0 is up, line protocol is up Hardware is Tunnel Interface is unnumbered. Using address of Tunnel1 (172.16.0.1) MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec, reliability 255/255, txload 99/255, rxload 1/255 Encapsulation TUNNEL, loopback not
[Code]......
View 6 Replies
View Related
Oct 1, 2011
We've created an ipsec VPN tunnel between our ASA5510 (8.3) and a Pix firewall (not sure of the specific version, etc).
The tunnel works fine, except for timing at times (traffic only goes through a few times a day), and a wierd problem with all traffic being allowed even though I'm only allowing specific ports (SFTP, SQL Server 1433) from a network at the client site to a specific server in our Data center.
I was surprised that I could RDP into the server, as well as telnet any other port exposed on this server from the client site. Now as I write this i realize that I did not check whether any of our other data center servers can be reached via the tunnel.....
Not having set up many VPN tunnels before using ASA (only Checkpoint - Checkpoint before this), I'm wondering whether i need to include another rule in the VPN tunnel cryptomap to deny all other traffic from their network to our network, or whether there's a global config I need to add a rule to.
I am moderately conversant in the command line, but because of my lack of Cisco VPN tunnel experience I did use the ASDM site-to-site VPN tunnel wizard to set the tunnel up. Not sure if there were any defaults i would have to override using that method.
View 5 Replies
View Related
Feb 21, 2012
To have GRE tunnel support in a Cisco3925 do I need any specific license (DATA, SEC, etc) or it is include in the UNIVERSAL IOS?
View 1 Replies
View Related
Mar 2, 2011
I have been struggling for a few days with getting site-to-site traffic working across a L2L IPSec tunnel. At this point, I have the tunnel up, and I see packets being decrypted on the correct IPSec SA's when I ping from a local network computer on the ASA side to a local network computer on the router side. I cannot ping from one side to the other, but those packets are getting through. We have another L2L tunnel that is from that ASA to another remote site's ASA, and that is functional. I have mirrored the configuration for ACLs, etc. from that site, so I believe that the issue is with the packets getting incorrectly translated by the NAT/NONAT statements/ACLs on the router side.
The ASA is: Cisco Adaptive Security Appliance Software Version 8.2(2)Hardware:
ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz The router is:Cisco IOS Software, 3800 Software (C3845-ADVENTERPRISEK9_SNA-M), Version 12.4(20)YA3, RELEASE SOFTWARE (fc2) Router Config:!version 12.4!card type t1 0 0!no ip cef!ip multicast-routing no ipv6 cef!crypto isakmp policy 10 encr 3des authentication pre-share group 2crypto isakmp key xxxxxxx address nn.nn.12.130!crypto ipsec security-association lifetime seconds 86400!crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac !crypto map NOLA 11 ipsec-isakmp set peer nn.nn.12.130 set transform-set 3DES-SHA set pfs group2 match address VPN-ACL!controller T1 0/0/0 fdl both cablelength long 0db channel-group 1 timeslots 1-24!interface Loopback0 ip address 1.1.1.1 255.255.255.252 ip virtual-reassembly no ip route-cache crypto map NOLA!interface GigabitEthernet0/0 no ip address duplex auto speed auto media-type rj45!interface
[code]....
View 15 Replies
View Related
