I need to connect site to MPLS provider and run Cisco GETVPN.Problem:I have been browsing Cisco Feature Navigator Tool and to my surprise when I enter "platform:3745" I can't find an image compatible with GET VPN. there is no workaround (image) I can run GET VPN on 3745? I need IP routing (BGP, OSPF) as well.
View 1 RepliesI've done some tests and it seems that a 7201 supports GETVPN without a VAM, but in the design guide it states that this is needed.Is this needed as the 7201 documentation states that it performs IPSEC encryption in hardware without a VAM.
View 3 Replies View RelatedWhere's the ideal place to put the KS? My current setup is 1 KS, 19 GM. The KS sits BEHIND a GM, so all other GMs have to come through one GM to get to KS.Now, I have purchased two dedicated KS routers. I configured one today, and placed it right on my WAN. My WAN is a L2 Ethernet domain, so i just provisioned a switch port in the WAN vlan, and away we go. I copied RSA keys over from the current KS, configured redundancy and the two hooked up, saw each other and it seems to be good to go. For the ACL, I put in an exclustion for my two KS to talk to each other:
deny ip host 192.168.250.40 host 192.168.250.41 (Old IP, New IP)
deny ip host 192.168.250.41 host 192.168.250.40.
I used a test router and pointed it to the new KS, it registered without a hitch... HOWEVER about two hours later (my 7200 second timeout) I lost ALL my branches. My 18 other GM were still pointed to the OLD IP only, they didnt have the second IP configured yet. In a hurry, I quickly disabled the redundancy configuration on the old KS and had to go to each GM and do a 'clear crypto gdoi' on each one to get them to re-register. There were no log messages about not being able to rekey, no log messages about dropped peerings, nothing. Once I did that, everything returned to normal.
The Question I have...
Would having configured the redundant KS caused this problem? Would having one KS behind a GM and the other Coop KS in the WAN make a difference?
Relevant config from existing KS, 2801:
crypto gdoi group GETVPN_GROUP
identity number 1234
server local
rekey retransmit 60 number 2
rekey authentication mypubkey rsa GETVPN_KEYS
[Code]...
What is the minimum platform that supports GETVPN over DMVPN?
I have been looking around cisco website but couldn't find a document with the supported platforms.
We have branch offices with Cisco 861 routers and i would like to know if we could use GETVPN with these routers.
We have 6 WAN routers connected through ISP MPLS cloud , we need to implement GET VPN between these WAN routers.We have 2 Key servers (1800 routers) , and the WAN routers will act as Group Members (6 GMs)
The attached configuration files are for working configuration for typical GETVPN (crypto map applied on WAN interface)
In Key server configuration , the crypto isakmp command is using the WAN interface IP address of each WAN router (172.16.x.x) , and since that the KS routers are connected to local backbone (VSS) , they should be able to reach 172.16.X.X , and therefore the subnet 172.16.X.X is advertised to the local network (check GM configuration file under eigrp - redist connected )
This is what our customer want to avoid ! they do not want 172.16.X.X to be advertised to the local network .I know It is possible in GETVPN configuration to configure ,the crypto isakmp command to use loopback address's of the WAN routers instead of the WAN IP , but in this case the crypto map must be applied to the loopback address , and this requires all traffic to be encrypted and decrypted to go through the loopback interfaces on all WAN routers .
i was wondering what is the best solution for this case , I though to use the below config on the GM's
Does ASR 1000 Series support DMVPN Hub, and Key Server in GETVPN.
View 2 Replies View Relatedwe've got a pair of old 3745's that are getting upgraded to new 2911's, and I'm trying to run IOS 15.2 on the new routers to get them most current before going into test and production use.The routers are doing BGP, IPv4, and HSRP, and I'm trying to put one in at a time as to not have to big bang everything at once. I'm putting the one that matters least in first, and basically using the same config as the old one, which was running IOS 11.
I was using "no ip mroute-cache" on ethernet interfaces, and it says that command is deprecated and I should use the MFIB commands instead. Darn if I know what that means, I believe it was set up so the ethernet interfaces had IP multicast fast switching disabled, which was set up by our vendor 10 years ago so I'm not sure if it matters. It would seem logical to me this would have an impact on HSRP and speed of failover. Does this matter, and if so how in the world do I do this with IOS 15.2?The second one is the use of "no fair-queue" on our serial connection for a T1. This command isn't there either, and I'm not sure if I even need to bother on this. It was set up on the old router on a T1 Frame Relay circuit.
There is no special requirements, just need new hardware with some reserve availability. As for now it's 3745 EOL and I assume to use 3945.
View 4 Replies View RelatedI have two routers I am trying to connect via the WIC-2T port. I can ping from router to router, but not from my PC (192.168.2.122) to the 3745 (10.0.1.3)..
3640:
Current configuration : 1846 bytes
!
version 12.2
[Code].....
i just configured GRE over IPSEC on my Cisco 3745 router with VPN module installed. As soon i hit 25Mbps traffic, my CPU is touching 80%.
What maximum Traffic 3745 with GRE over IPSEC it can support?
Also show process CPU sorted dont show any evidence of which process eating it up.
sh processes cpu sorted
CPU utilization for five seconds: 75%/75%; one minute: 77%; five minutes: 78%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
[Code].....
I have to replace the 3745 which is our edge router (running (C3745-ADVIPSERVICESK9-M), Version 12.4(23), RELEASE SOFTWARE (fc1)) with (I think) a 3900 (drawing from memory, I haven't actually seen the device yet).In an ideal world, I SHOULD be able to just set term length to "0", do a show run, copy that off to a text file, and then paste it into the new one...
View 19 Replies View Relatedhow many NM-32A or NM-16A module can be installed on 3745 and 3640 routers?
View 1 Replies View RelatedOne of my clients has an older 3745 running IOS 12.3 and we are looking at replacing it with a new 3945 that runs IOS 15.0. This router is also configured with CME. Is it possible to migrate the current 12.3 config to load on the new 15.0 IOS? This will be my first encounter with 15.0 so I don't know what I am up against at this time. I am just hoping I don't have to retype all the ephone config, dial-peers, etc
View 2 Replies View RelatedOur 3745 router goes into Rommon mode . I am trying to upload the ios using x modem & tftpdnld , but it giving error " monitor: command 'copy not found" for x modem & " monitor: command"tftpdnld" not found" for tftpdnld.
View 3 Replies View Relatedi have Cisco 7200 VXR in which OC3 circuit is terminated. Module installed in VXR is PA-POS-2OC3 Now i have to move this connection to 3745 Router.
What i need to know which card is required to connect OC3 in cisco 3745, as per online search this module NM-1A-OC3SMI will work, but i am confused with term ATM OC3 module, so is this the right card to connect same OC3 circit on 3745?
I intend to deploy a voice+data network using some old 3745 and 2811. The network in effect has six 3745 in a hybrid topology at different locations and each having three WIC-2T, one WIC-4T, three NMHDV-2E1. That's pretty much juicing out the maximum from these routers These will serve as my core routers and for access I will be using my 2811s with more VWICs and lesser WIC-2T to give voice and data to subscribers. The 2811s will have links to multiple 3745s. The NMHDV-2E1 will serve for the voice needs at the 3745 locations. All the WAN links will be E1. All my telephones will be on analog voice using traditional EPABX with CEPT/ PRI E1 cards for connecting to the routers. And for data, ethernet ports.Two of the routers will have E1 links to the PSTN and Internet which has to be extended to all my folks. Now, for the tricky part, all my network modules are refurbished stuff from ebay and all the ports will have links on them. I intend to use OSPF with only the backbone area.
View 7 Replies View RelatedI have a Cisco 3745 Router with 1 Subrate T3/E3 port card installed on it. We want to add another T3/E3 card,
Q1- Can i add another card in this model? Q2- Can we multilink bundle up two T3/E3 cards? (current we have a single DS3 P2P connection between two office, so want to increase the bandwidth)
We have a 3745 LNS router, currently there are less number of users connected.when a user dials request authenticated and one virtual-access interface is formed in LNS router.Now the user is disconnected the vpn and connected to VPN again in this case, whether the user is connected to the same virtual-access interface which was assigned before disconnecting or different virtual-access interface is created.
View 0 Replies View Relatedtrying to establish a connection on an ibm 3745 controller via two IBM 5822 modems to a cisco 2600 router using sdlc encapsulation secondary bridging data from the serial port to the E/Net port to run the 3270 client ???
View 19 Replies View RelatedI have created a PPTP VPN on a cisco 3745 router, and a pool of addresses for the VPN clients. Now i want to find a way to reserve the addresses in the pool for specific machines, for example, if machine A connects to the VPN it should always be given the IP address a.a.a.a and that address should never be assigned to any other machine even if machine A is not connected to the VPN.
View 1 Replies View RelatedHave an ADSL router (887) at a site which has a GRE tunnel to to a 3745.The GRE tunnel is setup with default ip mtu of 1476.If I ping from the 3745 to the ADSL router (or in the reverse direction)with a packet size of 1500 bytes this works fine.However if I ping from a router (R1) that is directly connected to 3745 to the ADSL router with a pkt size of1500 bytes then the first ping succeeds while the subsequent pings fail.Pkt sizes less than or equal to 1476 work okay.Pinging between R1 and the 3745 with a packet size of 1500 bytes works fine.If I set the tunnel ip mtu size to 1500 bytes then it works.This is obviously something to do with fragmentation, but I don't undertsand why itdoesn't work with the default mtu set to 1476.
View 11 Replies View RelatedI have a couple of these routers in the lab with a very basic MPLS configuration on them. Everything works fine on the fixed interfaces but I cannot get the ldp neighborship to form between the 1FE2W interfaces on each router. Does this module support MPLS?
View 3 Replies View RelatedI have a Cisco 3745 that is my internet router, I have a domain that directs the web address to the WAN IP address...Can I set up my 3745 to forward incoming connections to my server?
View 3 Replies View RelatedI have a subnet (vlan 104) working great across a WAN. At site 1, Router A (3745) has the L2TPv3 tunnel configured while Router B (7204) has a routed interface on vlan 104.
The only thing router A is doing is the tunnel, so I'd like put the tunnel on Router B and eliminate Router A.
The trouble is, when I move the configs to Router B, the tunnel comes up, but the far side does not receive traffic over the tunnel.
Router B shows sending and receiving packets (per the 'sh l2tun session all' command). The far end router shows sending packets but receiving 0.
Is it a problem to have both the vlan 104's L2TPv3 xconnect interface and the vlan 104's routed inteface on the SAME router?
I am really new to this and studiying so I know that I am doing something dumb. Anyway, I purchased an ASA 5505 and placed it between my Cable Modem and Cisco 3745 router. The outside interface on the ASA is dhcp, the inside interface is 192.168.100.1. The outside interface of the 3745 is 192.168.100.2 and the inside is 192.168.1.1. The VPN pool is 192.168.200.10 - 192.168.200.10.
Here's are the problems...
1. When I establish a VPN session to the ASA, I can ping and access any resources dierectly connected to the ASA's interfaces and on the ASA's internal 192.168.100.0 network. However, I cannot access any resources behind the 3745. I cannot even ping 192.168.1.1.
2. Although I believe that I sent up split-tunnel, I cannot U-Turn back to the internet once connected to the VPN.
I am having problems accessing our internal network via VPN. We have an ASA at the perimeter that connects to a 3745 router and all of our networks come of that router. I can establish a VPN connection to the ASA but I can’t ping any of our internal host.
The internal network I need to access is 172.18.0.0. When I connect to the ASA I get a dhcp address from a pool created in the ASA, the pool is 172.200.1.x. I can’t ping from the ASA to the connected vpn host and I can’t ping from the host to the ASA ip address or to 3745 connected to it.
ASA config:
group-policy NAMEOFPOLICY internal
group-policy NAMEOFPOLICY attributes
dns-server value 172.18.2.2 172.18.2.23
[Code]....
route inside 172.18.0.0 255.255.0.0 172.18.255.1 1 Route on the 3745 back to the ASA ip route 0.0.0.0 0.0.0.0 172.18.255.2 I can’t see anything on the internal network, I can’t even ping the dns servers and so on.
I am having two small issues....First on my 3745 i get the following message:
*Mar 2 12:13:13.615: IP-EIGRP(Default-IP-Routing-Table:1): Neighbor 192.168.3.1 not on common subnet for FastEthernet0/1
*Mar 2 12:13:25.811: IP-EIGRP(Default-IP-Routing-Table:1): Neighbor 192.168.2.1 not on common subnet for FastEthernet0/1
Second problem is that I have my internet connection going to the 3640 on FE0/0 and it works just fine....I want to change over and have the 3745 be the internet router, but when I configure it, I get no connection.
3745 -
Current configuration : 1624 bytes
!
version 12.4
service timestamps debug datetime msec
LD version 0x10
GIO ASIC version 0x127
[Code]...
Receiving syslog message :%SIP-3-UNSUPPORTED: Unsupported ptime value. But we have no SIP-related commands in our config. We reloaded router Friday eve 1/15 but two more %SIP-3-UNSUPPORTED: Unsupported ptime value messages re-appeared on 1/18. The router in question is a 3745 running c3745-a3jk9s-mz.123-14.t7.bin. This router does have one interface facing an ISP.
View 4 Replies View RelatedI have a cisco 3745 router ,It has been working OK till this morning when it failed to boot this is the error that i get:
%ERR-1-GT64120 (PCI-0): Fatal error, CPU out of range error
GT=0x24000000, cause=0x0900E083, mask=0x0ED01F00, real_cause=0x08000000
--------------------------------------------------------------------
Possible software fault. Upon reccurence, please collect
crashinfo, "show tech" and contact Cisco Technical Support.
--------------------------------------------------------------------
bus_err_high=0x00000000, bus_err_low=0x083259C0, addr_decode_err=0x00000470
r0 = FFFFFFFF r1 = FFFFFFFF r2 = 0 r3 = 658A0000 r4 = 0
r5 = 1 r6 = 0 r7 = 0 r8 = 0 r9 = 4ECAB4A0
r10 = 0 r11 = 200 r12 = 0 r13 = 668BDF84 r14 = 0
[code]....
System returned to ROM by error - a System Error, PC 0x607DD5C0 at 11:06:37 ARG Fri Jun 15 2012 System image file is "flash:c3745-adventerprisek9_ivs-mz.124-15.T5.bin" Possible RAM fault?? not performed any modification.
I need to make sure I have a router available to work with DS3 circuit on remote site. A remote field technician tells me there is a 3745 router with "HSSI" and external Adtran CSU/DSU available. Is that an indication this can work with DS-3 circuit?Which specific Adtran CSU/DSU do I need in order to make it work with DS3?
View 1 Replies View Relatedam using GNS3, and have the 16port switching module. I have created a PC instance and connecting to f/0/0 which is a layer 3 port, I can connect via layer 3 IPs. I then reconfigured and connected the PC instance via a layer 2 port f2/0 which is part of the 16port switch module. All 16 ports are by default in vlan 1. I assigned an IP of 10.1.9.1/24 to the VLAN and gave the PC 10.1.9.2/24. I cannot ping and I cannot even ping 10.1.9.1, the VLAN 1 IP. [code]
View 5 Replies View RelatedI just got my PIX515e configured and thought I had it working correctly, but on my 3745 router, the line protocol is down, I've looked through the configs for bot the PIX and the 3745 and can't seem to figure out why I don't have access.
Pix515E config:
pixfirewall# show run
: Saved
:
PIX Version 8.0(4)32
!
hostname pixfirewall
domain-name home.jkkcc.com
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
I've came across a very odd topology to deal with where everything is connected to everything, without proper utilization of VLANs.
- I've an L3 SW and a 3745 RTR at core
- Both are carrying same subnet to an L2 distribution switch that connects server farm within the same subnet (i.e. 1.1.3.x subnet)
- The L2 switch works as a passive switch, hence another network say, 1.1.2.x has been plugged into it as well.
- This L2 switch extends to other switches without configuration of any VLANs or STP and distributes 1.1.3.x network.
Periodically and unexpectedly, the router starts hanging and utilization goes beyond 80%, and there's nothing at all that is observed in "sh proc cpu" to be eating router resources. Its quite difficult to observe the pattern, as its random.