I'm trying to figure out the best design for my network. I currently have a setup like this:Internet - Cable Modem - Pix 515E (doing NAT) - 2621 - Internal Network.Now, should I have the 2621 as my edge device or the Pix?
View 6 RepliesWe just switched over from a T1 line to 50/4 Mbps cable Internet. The speed was fine with the T1, but when we switched over to cable, the download speeds didn't increase. I'm getting 2-3 Mbps up and still only 1.5 Mbps down. I inherited this network a few years ago, so I didn't configure the Pix initially but I have been managing it and can't find a setting limiting the bandwidth for the liffe of me. I know it's not the Internet because when I connect a computer straight to the modem, the speed is great. As soon as I put it through the Pix though, it slows way down.
View 8 Replies View RelatedI have completed my CCNA qualification and i am doing some volunteering for a none proffit eletronics recyciling company they receved some cisco pix 515e firewalls and i was aloud to keep one so i can learn how hardwaire firewalls work and how to set them up but i can not seem to connect to it is there a way to completely reset the device to factory settings without any ip address or passwords i do not have any cables for the device but i have made a straight and cross over cable and there is a box of cables at the recyciling company from diffrent places if i need a specialist cable i may be able to find one
View 6 Replies View RelatedI need to redo the configuration on the new one?
View 11 Replies View Relatedi have spent a few hours trying to NAT out a few intenal 192.168.x.x hosts through both my ethernet1/0 interface and also tryed using another IP from the range.
View 5 Replies View RelatedI've got a Cisco 2621 with this IOS image in flash: c2600-i-mz.120-7.bin (the only IOS in flash). When I power up the router, the following errors occur:
open: file "n" not found
open(): Open Error = -1
loadprog: error - fileopen
boot: cannot load "flash:n"
I have to press "Ctr l" and "break" to enter Roman, there i can use the boot command to start the IOS. Configuration register is set to 0x2102, all running config should be factory default.
What I have to do to boot the IOS directly when i power up my router (without entering Roman mode...)?
tell me the IOS (c2600-???) needed to be able to do MPLS on the 2621 XM router?
View 2 Replies View RelatedI have a 2621 with a WIC-1ADSL that connects to my ISP. Since the 2621 has 2 ethernet ports, I wanted to setup a network on the second ethernet port for testing things such as VPN into my network via my ASA5505. I have a DHCP pool set on the particular network but cannot get a client to get an address from the router. I think I might have an ACL that is blocking or need an ACL to allow bootp on the interface. Here is the config:
Building configuration...
Current configuration : 4144 bytes!version 12.3no service padservice tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug datetime msec localtime show-timezoneservice timestamps log datetime msec localtime show-timezoneservice password-encryptionservice sequence-numbers!hostname r01!boot-start-markerboot-end-marker!security authentication failure rate 10 logsecurity passwords min-length 6logging buffered 4096 debugginglogging console criticalenable secret 5 SECRET
enable password 7 password
[code]...
When I try to get an ip address from a client, I never receive one. But when I issue dhcp server statistics, I can see packets hitting the interface:
r01#sh ip dhcp server statisticsMemory usage 14050Address pools 1Database agents 0Automatic bindings 0Manual bindings 0Expired bindings 0Malformed messages 0Secure arp entries 0
Message ReceivedBOOTREQUEST 0DHCPDISCOVER 68DHCPREQUEST 5DHCPDECLINE 0DHCPRELEASE 0DHCPINFORM 0
Message SentBOOTREPLY 0DHCPOFFER 0DHCPACK 0DHCPNAK 5
I purchased a Cisco 2621 with IOS Version 12.3(26) on it. When I went through the commands, I couldn't find any VLAN or VTP available. I need to make sure I can see this on the device in order for me be able configure VLAN on my network and get ready for my CCNA exam.
Below is the version on the device and I also attached the available commands:
Version: IOS (tm) C2600 Software (C2600-I-M), Version 12.3(26), RELEASE SOFTWARE (fc2)
Which version of IOS for the 2621 supports NAT?
View 1 Replies View RelatedI have a 2621 router, because I want an image of about 21M, I upgraded as follows:
IOS = 32M
RAM = 64M
ROM VERSION = 12.2
However, when I power up my router, it goes into a boot loop, and I see the following messages:
NOT ENOUGH MEMORY IN THE SYSTEM TO RUN THIS IMAGE
***SYSTEM RECEIVED A SOFTWARE FORCED CRASH***
how to overcome this error, and successfully upgrade, so I could load my new image?
I need to add another fast Ethernet port to an old 2621 router, I need a NM-1FE-TX OR NM-1FE-FX-V2 ??
View 4 Replies View RelatedI have a cisco router 2621 when i install the module cisco NM4T it is not detectetd. following are the outputs.i have tried IOS 12.2.15T15 & 12.3
booting up:
smart init is sizing iomem
ID MEMORY_REQ TYPE
0000A2 0X00103980 C2600 Dual Fast Ethernet
[Code]......
I have a 2621 router - old. but works well.Need to put in an ACL to limit the inbound SMTP traffic to be FROM a specific set of IP's, and deny all others.
I have tried various combinations with no luck. Something obvious, I am sure.
When I do a show access lists 160 it shows all SMTP traffic being snagged by the SMTP deny statement. All other traffic works correctly.
Here is my config so far...
Current configuration : 3093 bytes!version 12.2no service single-slot-reload-enableservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname xxxxxxxxxx!logging rate-limit console 10 except errorsenable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx!ip subnet-
[Code] ....
The config I am posting is from a 2621 router. This routers Int fa0/0 connects to AT&Ts OPTEMAN 10Mbs Ethernet interface. The other end connects to our HQ router. At HQ is our PRIs and phone switches. I have configured QoS for this router, but don't I have to link them to the ingress interfacce (Int FA0/0)?
View 9 Replies View RelatedOPTEMAN: 3 routers connected via a private subnet (/29) over the OPTEMAN: Site A, Site B, and HQ. Site A is a 3560 that is the gateway for two subnets: siteA1 and siteA2. SiteB is a 2621, and HQ is a 6509 w/ MFSC.
HQ also connects to 4 other sites via MPLS: SiteC, SiteD, SiteE, and Site F.
HQ has the server subnet, Internet connection, and connection to other services via MPLS.
I have basic EIGRP setup on HQ, SiteA, and SiteB. So far only siteA and HQ are updating each other. Not sure why. I am looking for the best practice example of how I should setup my enterprise EIGRP. I currently use static routes between the sites. I would prefer to be able to setup EIGRP in parallel, the remove the static routes.
I have a spare 2621 sitting on my desk and i would like to run a little experiment. i had two LAN segments that are seperated right now, but would like to stick this router between them and route traffic between them?
Current configuration : 1221 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption(code)
our customer has a server farm in a data center.At the moment the farm has connectivity with only one ISP but sometimes it has service discontinuity.Customer wants to become AS and having two ISP connectivity for backup purposes.He needs to evaluete two cisco routers to use at AS edge with BGP.At the moment he says that the throughputh with the server farm is max 15Mbps and in the future he thinks that it will not increase.We think about cisco2951 routers with 2GB ram.Is cisco 2951 adeguate for this task ?
View 3 Replies View RelatedI have a cisco 2811 router doing nat on my home network and it works fine.I've connected a cisco 2621 router to the 2811 both have serial T1 cards, I have enabled IP routing on both and have eigrp 1 process running. I can ping and telnet to each router and they are advertising the networks on each other. when i do a traceroute on the 2621 to an outside address or name example [URL]I get no reply.
View 4 Replies View RelatedI have some internet users who listen to online vedio music and and other streamin program so my network goes very slow and bandwidth consumtion is goes very high.in this situation i have no any firewall, how i can stop vedio streaming by cisco 2621 router.i have been configured to stop the bittorrent and it successfully done class-map match-any peer-to-peer match protocol gnutella match protocol kazaa2 match protocol fasttrack match protocol novadigm match protocol edonkey match protocol bittorrent match protocol rtp match protocol rtsp!!policy-map peer-to-peer class peer-to-peer drop?
View 2 Replies View RelatedHow would I go about only allowing the traffic that I have acl's set for and blocking any other traffic?
Just as an example say I have an acl that allows traffic from 192.168.1.0 to 192.168.2.10,How would I go about setting it up so that no other traffic can occur such as http traffic from 192.168.3.20 to 192.168.1.10
I'm hoping there's a way to deny everything and then only allow what I want. It would seem crazy if I would have to deny every single protocol from every possible action.
I have a 2621 that I am configuring on the internet. My ISP gives me a static DHCP assigned address and then two more static addresses that are not part of the same block. (e.g. 1.2.3.4 is static via dhcp and then they give me 5.6.7.8/30).
I have fa0/0 getting 1.2.3.4 ia dhcp. I have 5.6.7.8 on a loopback interface for PAT/NAT as I have the main one on fa0/0 doing vpn to a remote ASA. The problem is that I have yet another device that needs a public IP, mainly 5.6.7.9... I want to hook that device up to fa0/2 (this box has three fa interfaces). How do I setup fa0/2 if I want to give the device on it a real live public IP address? I have done this before, but it must have been 10 years back on an even older CISCO and I can not remember how I did it.
We have an existing Cisco 2621 XM router with an ADSL interface connected to BT Broadband. Basic layout below:
Internet------ADSL on Cisco 2621 ------ Pix 506e ---- 3600 switch with inter VLAN routing to multiple VLANS
There are 5 static IP addresses. The internal FE port on the 2621 has one external assigned to it. The outside int of the PIX has another external IP assigned from the 5. The other 3 are NATd through to internal IPs via the PIX to internal servers etc.
The ADSL is being upgraded to BT Infinity. This new service comes with a separate VDSL modem and a separate BT router. Ideally I want to ignore the BT router and use the Cisco 2621 as it has 2 FE ports and I suspect I could do something using PPPOE.
So New layout would look like
Internet ----- BT VDSL modem------ Cisco 2621 ----- Pix 506e ---- 3600 switch with interVLAN routing to multiple VLANS
I think it is a bit strange the way it is setup as 2 static IPs cant be used. There is an opportunity to use a ASA 5505 which may become available.
I'm moving into a new data center. I don't consider myself a network engineer or anything but I do understand the basics. The new data center I am moving into routes my network to me a bit differently than my old data center. The IOS on the Cisco 2621 is: c2600-i-mz.123-26.bin
I am assigned a /29 block which they configure as the routing network, it looks like this: Routing Network: A.A.A.0Routing Network Sub net Mask: 255.255.255.248Routing Network Def Gateway: A.A.A.1Customer Usable Address: A.A.A.4
I've been assigned a /28 block which is B.B.B.240/28. They stated that in order for me to use my allocated blocks, I had to act as my own gateway, routing the traffic through the routing network. This goes just a bit beyond my networking knowledge, though I still understand it, I just don't know exactly how to execute. I'm assuming my 2621 with 2 Fast Ethernet interfaces should be able to handle this routing scenario.
Any sample configs, or possible a link to a how to to get this setup? I was going to use FreeBSD to do the routing, but a appliance based Cisco router is much more attractive of an option to me.
If my ISP brings ethernet into the building via duplex LC multimode fiber can I use the ASA5550 as the first device from the WAN or do I need some type of router for this? I realize I'll need an SFP to get to duplex LC, but I'm not sure if I need a router, or if the ASA can function as a router for this application.
View 3 Replies View RelatedIf my ISP brings ethernet into the building via duplex LC multimode fiber can I use the ASA5550 as the first device from the WAN or do I need some type of router for this? I realize I'll need an SFP to get to duplex LC, but I'm not sure if I need a router, or if the ASA can function as a router for this application.
View 9 Replies View RelatedMy main issue was trying to connect virtuelly via GNS3 and my router setup on it. I have three Cisco 2621 XM routers set up. They all came with 2 Fast Ethernet ports. However, only one of them has a Serial port. So, what I'm doing is connecting the routers together with the fast ethernet ports using crossover cables. So, I baselined two routers to start with. Very simple AAA, set up IP HTTP server, IP HTTP Secure Server, etc. Privledge lvl 15 access, etc.
I then set my Router A's inside Fa0/1 port with a 192.168.1.0/24 network. The outside port Fa0/0 is 10.0.0.0/30 network.Router B is set up similar, 192. 168. 2. 0/24 insice Fa0/1, Fa0/0 is 10.0.0.0/30 network outside. So, three networks 192.168.1.0, 192.168.2.0, 10.0.0.0 network. [code] I then repeated the same on Router B, just transposing 2.0 network for interesting traffic, and Peer 10.0.0.2 for the Fa0/0 interface on Router A.When I "test" the tunnel, I get an error message. So, since I'm connected to Router B (which was working, had routing, and had Router A's network 1.0 in it's routing table), the error msg says that I need to add a route into the routing table (192.168.1.0). It was there up until I attempted to put the VPN in place. It's like it stopped the routing.
At face value, it looks like this should be working! But when I debug the ospf process, it looks like hello packets aren't tranversing across to the other side. Is it because I just have the 192.xxx.xxx.xxx networks as "interesting" traffic? Can I have multiple networks marked as "interesting"? I thought that's what the peer statements were doing to allow the tunnel to be established.
I have a Cisco ASA5505 with Frontier ADSL. I broke into their crappy little modem and obtained the settings needed to replace their modem with a 2621 router with a WIC-1ADSL module. I have a static IP from Frontier which is on my ASA5505 and the Dialer interface on the 2621 gets its address from Frontier via DHCP. There are devices behind the ASA which I need access while in the field, IP Cameras, Seed Treater, etc., so I have Anyconnect running on the ASA and can access everything from my laptop, iPhone and iPad from whereever. The issue arises when my laptop is in house and communicating with my parent company and I try to make a cell phone call off the network extender. The call is choppy since there is no QoS and the data is strangling the voice. Since I have control over the 2621, I added another network and NAT it into Frontier without them knowing. I have since placed the network extender on this network as well as a WAP200 that is wide open for my customers when they are in the office. Doesn't fix the problem but...
I have now added Evertek Wireless internet with a static IP also but they use a reservation based on the MAC Address of my interface of the ASA. This plugs directly intot the ASA via ethernet (I would assume their antenna is just a wireless bridge). I set route tracking on the Evertek side and use the Frontier as a backup and all devices on my NAT network still funcion on Frontier DSL and all my nornal data traffic is out Evertek. The issue is that the Evertek Wireless is not very fast or reliable (today in during a snow storm, it could barely keep an internet connection). And I had a problem with Anyconnect using either connection. I got that working. But think that the "ip address x.x.x.x y.y.y.y dhcp setroute" on the Evertek side messed things up from a routing standpoint when I would connect from the outside on the Frontier side. For testing, I switched the tracking around and now the connection on the Frontier side does not work but that is besides the point.
Frontier is going to try out an ADSL/2 connection next week which brings up another issue; all Frontier connections come into my buidling on a single 4-pair wire so if they go down, all my internet except the Evertek goes down. I have a Raven Slingshot coming for installation shortly that cannot go down; it will provide RTK (sub-inch accuracy GPS) to my customers that have auto-steer and auto-shutoff capabilities in their tractors via cellular data modem. So, while they are planting their crops in the field, if my connection goes down, their tractor will not function.
I also had a Cisco UC320W but it died a few days after it went off warranty so I replaced it with a Dell Server running 3CX IP PBX that supports Cisco SPA525G2 and SPA501G IP Phones. There is a 3CX iPhone app that allows me to receive calls while in the field, it uses a proprietary tunnel that I have open on the ASA. With 4-pair coming into my building, I will be left with a single 1-pair for phones so I am considering a SIP provider instead.
Can/should I move the Evertek ethernet to the third ethernet interface on the 2621 and track the Frontier DSL against the Evertek (backup) on the 2621 side and use the ASA to track the ADSL/2 against the 2621? Should I acquire an 1841 (or some other device that suppports the HWIC) with a ADSL/2 card and use HSRP between the 2621 and 1841? Is that even possible?
My company's spent the last few weeks struggling with an issue with their VPN backups where select packets were being lost.
View 7 Replies View RelatedHow to configure an Asa that will have a default gateway to an edge router that will be doing PBR? We would like Internet surfing to go out one ISP while internally hosted services in the Asa DMZ would go through the other ISP. configuration examples for both the edge router and the Asa?
View 3 Replies View RelatedI have a 2504 WLC with a 1042 AP and I have it placed on my edge Cisco 3750 switch. I have the management interface of the WLC set on my WAN IP 71.x.x.x subnet range, and I have the WLC doing DHCP duties with a DHCP scope of 192.168.X.0. I have my DNS servers set on external DNS servers out on the Internet.I have two Cisco 3845 Routers on my edge network - one for each ISP with BGP protocol.
Since my native VLAN is 71.x.x.x, I added a sub interface on my main core router and gave it a 192.168.x.1 255.255.255.0 address for the gateway. Also, I added ip prefix-list iBGP seq 10 permit 192.168.x.0/24 le 32 to my main core router. On my secondary ISP router I added ip prefix-list iBGP seq 10 permit 192.168.X.0/24 le 32, and ip prefix-list OUT seq 10 permit 192.168.x.0/24 statements.
I added VLAN 10 to my edge switch and gave it IP 192.168.x.2 255.255.255.0, and the switchports that my core router and my WLC are connected to the edge switch, are in trunk mode with encapsulation dot1q 10. The switchport on my edge switch that the AP is connected to is in switchport access mode.
I can connect to the wifi with a 192.168.x.x IP address on my laptop, but I cannot get any Internet access. Is it possible to have the DHCP scope be in a different subnet than my WAN IP subnet, and allow guests to get to the external Internet only? Do I need to put the WLC somewhere internal on my network i.e. the DMZ and then tunnel the traffic out to the Internet with no Internal network access?
We have two 6509 will active/passive sup 720-3BXL cards in each and 1GB DRAM. Each handles full bgp routing table with 4-5 ISP(eBGP) connections. The problem we are facing is.. 6509 were meant for core/aggregation and seam to be wasted are edge devices. With each ISP added the DRAM creeps up to a point were is it 80% utilized.
I am looking to replace both 6509's with routers which were meant to work on the edge. As mentioned earlier, it will have 4-6 external bgp peers per router. Handle full bgp tables. Should be capable of policy based routing.
setup the Physical connectively of IPS 4240 on the Internet edge with the ASA 5520, how the topology will be
f this a good design with IPS Appliance at nternet Edge