Cisco WAN :: Routing With 3 Public IP Net On 1800 Router
Nov 28, 2011
I don't know much about routers, but lately I've been playing around with router configuration and getting better but I am kind of stuck now.
The scenario is this.
I have 3 ip net from the ISP:
178.249.51.0/255.255.255.248 Gateway 178.249.51.1
178.249.51.8/255.255.255.248 Gateway 178.249.51.9
178.249.51.16/255.255.255.248 Gateway 178.249.51.17
[Code]....
I am also wondering - when we get more public IP net from the ISP, is this the correct way to do it?
I am new user of cisco router i can access the hardware and login in the account but the problem is if i use the command "enable" asking for a password, old I.T. personnel who setup this router already resign.
I have strange problem with 1800 router , I can't see any debug messaging , the ping from PC to this router is Ok , but no icmp debug appears , even I enable "debug ip icmp " the version of router is : C181X Software (C181X-ADVENTERPRISEK9-M), Version 12.4(6)T6
I have aaa new model configured on a number of isr's(1800, 1900, 2900, 3800 etc). When i have aaa configured, the telnet logins use that authentication and not the password in the line vty portion. Is this by design. would disabling aaa enable both telnet and aaa authentications, essentially making it a dual login.
I have an 1800 isr that is running with port forwarding only. It is running a series of ip nat inside source static address port address port commands. It does not have an access list bound to the outside interface. This is working fine, but i am wondering if this is a security concern?
I've just started out playing with a Cisco 1800 router to gain some knowledge of Cisco devices before taking a CCNA. I also have a 2950 switch but will start with the router.
I'm using an Android phone as a wireless Internet access point. This issues IP addresses by DHCP in the 192.168.43.x range with 255.255.255.0 subnet.
Also I have a Linksys WRT54G router running DD-WRT firmware acting as a wireless bridge to the Android phone, and it has 4 LAN ports.
This bridge is up and running and I have successfully connected my laptop to the Linksys for testing and can use the Internet provided by the phone.
Connected to the Linksys is a Cisco 1800 router. Connected to the router is my Citrix XenServer PC and a NAS box.
The XenServer and NAS are on another network 07.05.19.x range with 255.0.0.0 subnet using their own static IPs. One of the virtual clients on the XenServer will be a DHCP server to service other virtual clients. All still in the 07.05.19.x range.
Basically I want the devices on the 07.05.19.x IP range to be able to use the Internet gateway at 192.168.43.1 to access the Internet.
How would I set up my 1800 to achieve this?
Also, am I right in understanding that the 1800 will ignore DHCP leases from the Android phone due to it being a Layer 3 device.
I try to setup a ASA5510, but without success. Actually, I have Cisco1800(192.168.96.1/21) from my ISP connected to a Cisco 3825 (via port with IP 192.168.96.2) all is working good. Now I want to insert a asa firewall between ISP router and 3825.
For that, I tried a more simple config : ISProuter (192.168.96.1/21) ---- ASA outside port(192.168.96.2/255.255.255.248) ASA INSIDE port (192.168.100.1/255.255.255.0) --- a pc with IP 192.168.100.2, netsmask 255.255.255.0, gateway 192.168.100.1 From my ASA, I can ping 192.168.96.1. but a "ping INSIDE 192.168.96.1" fail from py pc, can ping 192.168.100.1, but not 192.168.96.1 Here, my ASA config :
ASA Version 7.0(8)host name cisco asa enable password 8Ry2YjIyt7RRXU24 encrypted password 2KFQnbNIdI.2KYOU encrypted names dns-guard ! interface Ethernet0/0 shutdown no nameif no security-level no ip address [code]....
the cisco 2921 Router has a default ip hhtp access class command found in it. Just i changed the default IP to the new ip i will use.The Router is accessable from the LAN only but not from the internet configured the Public ip . I think this is due to the standard access list 23 . how will i access the Router from the Internet using the Public IP.
I have an existing 1800 router that is using NAT and VPN to HQ. I now have a new ISP provider and so now i need to chane the Fastethernet1 IP address. I know how to do that but what else do I need to change to make everything continue to work?
I'm troubleshooting an issue with a new site-to-site vpn setup between 1800 series routers. The tunnel is up but not encrypting traffic on one router, when IP CEF is disabled traffic is encrypted and decrypted!
I have the following network connected and configured to a single Cisco 1800 router.
VLAN 2 (10.1.20.0/24) | int vlan2, ip address 10.1.20.1 | Cisco 1800 ----- int fa0, public ip address ---- Internet | int vlan3, ip address 10.1.30.1 | VLAN 3 (10.1.30.0/24)
VLAN 2 is server vlan with a webserver. VLAN 3 is clients.
NAT configuration: VLAN 2 and VLAN 3 is using NAT to access the internet, and both is configured as inside interfaces.fa0 is configured as outside interface. Now I don't know if this is about NAT, but I've tried several things without luck.
Problem: A client in VLAN 3 tries to access a domain on the webserver in VLAN 2.It starts by sending a DNS query to a DNS server located at the ISP, and gets the ip address for the domain, which is of course a public ip address. Then nothing happens because the client tries to access the domain on the webserver using the public ip address, and the webserver have a local ip address 10.1.20.20 which is on the local LAN (VLAN 2).
I've tried NAT because I have to change the destination ip address, but I can't seem to get it right.
I will have this one router. Its f0/0 will be for the Internet connection with bandwidth of 30Mbps. Its f0/1 will be connected to a switch for internal networks. This link will be separated to 3 VLANs for 3 internal networks. I'm wondering if there is a way to gurantee 10Mbps for each VLAN but allow use up to 30Mbps when another two VLANs are not using any Internet bandwidth? I only worry about download bandwidth from internet.The 3 internal networks will all have public IPs and they belong to their own subnets. There won't be NAT/PAT.
I have been given a task, where I need to create a failover setup from a 1800 Cisco router to a LAN network 2 hobs away (see topology).The reason I have been given this task is because the wireless links are not so realiably, but necessary.I'm thinking of doing this failover task with IP SLA on the routers fiber 1 and fiber 2 link, so when/if one off the links goes down, it instantly chooses the other link.I have also been thinking about implementing STP instead, and replace the router with a switch, but i'm not sure exactly how to implement it. Unfortunately I'm not able to test anything, as we are still waiting for the fiber lines, but I want to be prepared as much as possible.
Leased line is between dammam to dubai and the dammam office is getting internet from dubai.The ip address of Dammam office is class A (Public IP) x.x.x.x and for dubai it is y.y.y.y which we are using as proxy for accessing internet.I purchase the local DSL direct line connection through cable from Local Provider and this ip address range is 192.168.1.0 - 192.168.1.254.Is it possible to use the DSL line as failover, so if one line goes down the user should remove proxy and can use local internet.The router which is using is cisco 1800.
I believe that failover is possible, 100%, but would like to know how I can do it and requesting for sharing more inputs about failover in this case.
I have configured PBR on my 1800 series router, it is working perfect. Now I am changing my router from 1800 to 2901 router with the same config, so the PBR stop working and I am not getting hits in the second WAN interface. [code]
Currently I have a 4510-48g HP3COM switch as a core switch for my 4 VLAN network (which I hope to send back cause it doesn't do what I wanted it to do... PBR, which is what I need to route specific VLAN's to specific interfaces on the sonicwall,.. cause sonicwall dont understand trunk or spanning tree,. meh!) This may not happen so I've dug out an old CISCO 1800 sdsl router that has 1 FE0 port and 8 other ports, FE 1-8.
The first thing I need to do is get everything to talk to each other. So I plugged the switch into it via its configured trunk port, and configured 4 sub interfaces on the router 1800 and all seemed happy as larry and working. The problem I have is I dont seem to be able to create sub interfaces on the other ports!?
We have 2.5 Mbps connection from an ISP at our branch routers (1800 series)with single physical link terminated on FE0 but have two subinterfaces with separate subnets.
I have applied the following policy-map outbount under physical Interface FastEthernet 0. Show poliocymap output is as follows
Policy Map QoS-OUT Class Email priority 512 (kbps) Class SQL priority 512 (kbps) Class File-Copy police cir 1024000 bc 32000 conform-action transmit exceed-action drop Class CCTV police cir 384000 bc 12000 conform-action transmit exceed-action drop
But it seems that sometimes( not all the time ) the CCTV traffic seems to exceed the 384k and chokes the entire link(2.5 mbps).
I apologize in advance if this is a novice inquiry, but our company just switched from Point-to-Point T1's to Metro Ethernet.
On one point-to-point, from our main office to one of our high profile locations, we had two bonded T1's. Now this site has a 3 Mbps Metro-E link, but it's being over-saturated. I don't know what type of QOS implementation our T1 provider had, but it prevented flooding. Now, I'm getting horrendous latency as the office peak hours approach since there is no QOS on the mesh by our Metro-E providers.
Ultimately, my question is: what's the best way to set a Fast Ethernet port on a Cisco 1800 series router to limit all bandwidth to 3 Mbps? At the moment, I don't have a preference in which traffic takes priority. I tried the rate-limit command, along with a speed calculator I found online, but that slowed the network down immensely.
I recently formatted the flash drive of an 1800 router and replaced it with an updated image. However, the new features within the new image aren't reflected in the router. I believe that this is because a reboot would be required for the updates in the new image to be reflected in the router i.e. the image needs to be added to the system. How to get the image to the system without a reboot and if by doing so I would get all the new features from the image.For example, the show version below shows the old image in the system as [code]
I have two 1800 routers running VRRP. Also I have two sub interface configured on both router and both router connected to swith through thunk link. My goal is to limit inbound traffic to 3Mbps for both VLANs on router's inside interface which is connected to switch.
We have an ethernet port on Cisco router 1800 connected to the ADSL modem. The router does ip nat translation, but users complained it is slow when they access to internet. [code]
Im getting really poor performance on my 1841, my intial thoughts was a duplex mismatch however although im getting a few CRC errors (root cause unknown at this point) not enough to suggest that the this is the issue.
Heres the config:
Building configuration.Current configuration : 5274 bytesLast configuration change at 20:31:01 PCTime Sun Dec 18 2011 by admin_xversion 15.1no service padservice tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug datetime msec localtime show-timezoneservice timestamps log datetime msec localtime show-timezoneservice password-encryptionservice sequence-numbers!hostname xxxxxx!boot-start-markerboot-end-marker!!security authentication failure rate 10 log
I have a quick query which i need ratified before proceeding. I have the following scenario -
Two Cisco 3750v2 switches with stackwiseISP allocated block of /26 (64 addresses)8 customers each with a VLAN and SVIInternet facing VLAN and SVIDefault route to ISP router Lets say the ISP has given me the network range 10.10.10.0/26 (we'll assume this is routable on the internet for the purposes of this example) and a default gateway to the internet of 10.10.10.1 within this range. I have configured a public facing VLAN as follows -
VLAN 300 name PUBLIC int VLAN 300 IP Address 10.10.10.2 255.255.255.252
I have then created a default route as follows -
ip route 0.0.0.0 0.0.0.0 10.10.10.1
With this configured, the switch can successfully route upstream to the internet with no problems. I have then moved onto the customers and depending on what service they have purchased, I have subnetted the 10.10.10.0/26 range into smaller subnets. See as follows -
Customer A - 10.10.10.4/30 Gateway IP - 10.10.10.5 Useable IPs - 10.10.10.6 Customer B - 10.10.10.8/29 Gateway IP - 10.10.10.9 Useable IPs - 10.10.10.10 - 10.10.10.14
This continues for each customer depending on how many IP's the have purchased. I have then assigned these IP ranges to a customer VLAN and SVI as follows -
Customer A VLAN 10 name CUST-A-VLAN int VLAN 10 ip address 10.10.10.5 255.255.255.252
[code].....
It is then up to the customer as to what equipment they use and how they NAT or firewall their internal networks.
One of our vendors requires using a public ip address to setup a site-to-site IPSEC vpn. We only have one public ip address and that will be used for the vpn endpoint and for internet access for the local network. I've setup policy NAT from our local network to the outside interface. I'm also using the outside ip address for the crypto map. The tunnel setups successfully and the Tx count increases anytime I try to ping the remote network, but the ping fails and the Rx count does not increase. According to our vendor, we should be able to ping the remote network and connect using port 443. When trying to connect using port 443, I see a SYN timeout in the logs. I'm not sure if the problem is on their end and they're rejecting our traffic, or if something is misconfigured on our end. I'd like to make sure that I have everything configured correctly before I go and point fingers at them.
Local Network - 10.10.9.0/24 Remote Network - 20.20.41.0/24 Remote Peer - 20.20.60.193 .ASA Version 8.2(5) ! hostname ciscoasa
I have a Cisco 2821 Router. Its ethernet Interface(E1) is connected to an ISP's Gateway.The outside interface IP is 207.x.x.1, The ISP has given 6 public IPs (202.x.x.1- 202.x.x.6) to use in LAN.
I have configured the router`s Internal Interface(E0) with a public IP address. (i.e. 202.x.x.1)
My Internal LAN PCs are in a private range of 192.168.1.0/24 subnet. Now I wanted my PC users to access the Internet while the Routers public IP remains on internal interface. How can I do the same?
i need to allow https traffic to a server in the DMZ that will have a routable IP address will just an ACL suffice ?which interface do i apply it to ? wan or dmz ?i dont need a NAT since the DMZ is a routable space?
