Cisco WAN :: Tunnel Interfaces On 2951 Router
Apr 11, 2011
We have just installed our first 2951 router, and were suprised to see in our Netflow collector that Tunnel interfaces appeared even though we did not configure any, I have seen other posts talking about PIM tunnel when using Multicast, but we dont use multicast and the tunnel is GRE questions are, where do these interfaces come from? how do they pick up an IP address? can we shut them down? IOS is 150-1.M4 loopback interface ip address is 172.16.224.238 ( tunnel source) see output from sh int below
Tunnel0 is up, line protocol is up Hardware is Tunnel Interface is unnumbered. Using address of Tunnel1 (172.16.0.1) MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec, reliability 255/255, txload 99/255, rxload 1/255 Encapsulation TUNNEL, loopback not
[Code]......
View 6 Replies
ADVERTISEMENT
Dec 27, 2011
configuring my Cisco 2951 router. There are three routed interfaces that I need to configure: one for the internal LAN, the second for another private subnet that connects to a Data Centre and the third for the WAN connection. I have configured the Ge0/0 interface as the LAN interface with the internal network 10.17.0.0/24. I have also configured my WAN interface Ge0/1 for internet connectivity. Now, I need to configure the third interface Ge0/2 that will connect to the Data Centre. This will be a private point to point switched ethernet link. The Data Centre will host a secondary domain controlller. So, I want it to be on the same network as the internal LAN, i.e., 10.17.0.0/24. I want to be able to see all other devices that will be located at the Data Centre just like I would see all devices connected to the internal LAN.The problem I am facing is that Cisco 2951 does not allow me to configure two routed interfaces to be on the same subnet. Is there any way to work around this problem and configure both the internal LAN and the Data Centre private network to be on the same subnet.
View 6 Replies
View Related
Aug 17, 2011
Cisco 2951 w/ HWIC-4ESW
IOS 15.0(1)M5
#sh ip flow int
Vlan533
ip flow ingress
ip flow egress
#
The SVI sends the flow data just fine, however I also continue to receive flow data from most other interfaces.
I have attached a screenshot of one of our netflow collectors indicating that many of the interfaces are sending flow data even though not configured to do so. We have two different netflow collectors, from different vendors and both confirm the same interfaces sending flow data.
Normally I wouldn't care and ignore it, however one of them uses a license limit by interface and is a bit problematic.
View 2 Replies
View Related
Jan 7, 2013
We have approx. 40 branch offices that connect to our core IOS Firewall (2951) over ipsec VPN Tunnel. One particular site has been facing issues over the past few days. This site will sporadically drop it's VPN Tunnel and reestablish after a few seconds. If I run debug crypto ipsec and crypto isakmp on the site that is dropping, it is constantly going through the DPD process. If I run these same commands on another site, they seem to run DPD at all.
Here is some of the output I am seeing on the site that is failing.
Jan 8 11:18:38.873 AST: %FW-6-DROP_PKT: Dropping tcp session 111.222.3.106:50083 96.16.47.144:80 due to Stray Segment with ip ident 54856 tcpflags 0x5004 seq.no 2154004347 ack 0
Jan 8 11:18:46.061 AST: ISAKMP (4028): received packet from 111.222.255.106 dport 500 sport 500 Global (I) QM_IDLE
Jan 8 11:18:46.061 AST: ISAKMP: set new node -1497488895 to QM_IDLE
Jan 8 11:18:46.061 AST: ISAKMP:(4028): processing HASH payload. message ID = 2797478401
Jan 8 11:18:46.061 AST: ISAKMP:(4028): processing SA payload. message ID = 2797478401
[code]....
View 2 Replies
View Related
Jul 16, 2012
what is a maximum number of configurable gre tunnel interfaces on CISCO2921-HSEC+/K9 router?
View 2 Replies
View Related
Aug 31, 2011
I want to implement QoS on our Core router but the core router makes use of GRE Tunnels to remote branch locations.so far all QoS techniques i want to use cannot be implemented using tunnel interfaces.
the core router is a cisco 7604 router with IOS version 12.2 (33)SRE while the remote locations have ISRs (2821).
Which QoS technique to use with respect to GRE Tunnels as there are times of congestion due to heavy network traffic to those remote locations.
View 16 Replies
View Related
Dec 12, 2012
We have approx 40 branch offices - all of which are connected to a single core site over VPN Tunnels using various gear. At one particular site, we are having issues with the tunnel dropping sporadically throughout the day - some days it happens 10 times, some days it happens none. This just randomly started happening two weeks ago, without any changes taking place. Since it started happening, I have upgraded the code to latest versions, but still the issue persists. This particular site has a 2901 and connects back to a 2951.
Below is the output from:
debug crypto ipsec
debug crypto isakmp
[code].....
View 1 Replies
View Related
Oct 1, 2012
I have two Cisco 2941's going over a IPSEC VPN. I need to push the same network over this connection. For example i need 192.168.255.0 / 25 on my side and i need to plug in a laptop on the far end 2941 with the same network. I have built GRE tunnels before and i found a configuration online to brdige interfaces over a GRE tunnel.
when i get to adding the bridging to the configuration which i will show below i get an error. Please see below. Also when i try to add the same briding command on the GRE tunnel which is needed it doesnt show the bridging command as being available. The Cisco 2941's are both using version: mwr 2941-iprank9-mz.124-20.MRb1.bin.As i stated the only end result i need is to be able to configure a path from point A and B and have the same network on each end.
View 1 Replies
View Related
Apr 23, 2012
So in our DMVPN network, we have this Cisco 3845 hub router that is connected via a DS3 to the Internet, and our spoke sites usually have a broadband connection that typically have a maximum of 1Mbps upload capacity. We are getting ready to add a few more sites to our network that are connected to the Internet with 10Mbps upload speeds (and 50Mbps download). Spoke site routers are usually 800 series ISRs. We have seen spikes of 8-10Mbps on the hub router so far. So the question is that a site with 10Mbps upload speed transmit to the full capacity over a DMVPN tunnel or is it limited by other factors? What are those factors?
View 4 Replies
View Related
Sep 23, 2012
I'm in process of purchasing a new Cisco routers for our branches that will be used primary to enable IPSec virtual tunnel interfce with "tunnel mode ipsec ipv4". does the default IOS IP Base supports this feature? or i need to purchase DATA license or SECURITY license?
View 4 Replies
View Related
Oct 17, 2012
I currently have a 50Mbps Internet Connection provided by an ethernet handoff for hosting some webservers. We are looking at adding an additional 10Mbps Internetn connection and route BGP between the two. For the 50Mbps connection, i'm using a Cisco 2951 router. I also have another 2951 router to terminate the 10Mbps connection. Does these router have enough horsepower to fully route BGP?
View 1 Replies
View Related
Jun 29, 2012
One of the route maps doesnt want to work, all the other are fine -
route-map vlan23-out permit 40
match ip address 123
set ip next-hop 87.194.168.1
If it take the ip policy off interface gi0/0.123 the client can access the internet OK but over the wrong ISP?As soon as i add the policy all internet stops
View 3 Replies
View Related
Nov 28, 2012
Can Cisco2951 work as an MPLS router. If yes what will be needed to make it function as an MPLS router? Else which alternative router can function as an MPLS router.
View 1 Replies
View Related
Jul 25, 2011
I have talked to two Cisco Reps via our distributor and explained our network to them both and asked for suggested equipment. Our infrastructure has 4 circuits coming into the data center from our remote sites. Two of the circuits are cat5 and two are DS3. I want to use two routers to support two circuits each (cat5 and DS3). Each circuit is around 30Mb servicing around 13 locations with T1 connections, 55 locations in total. They suggested at a minimum the cisco 2951 model because we are utilizing one NM-1T3/E3 module in each router, and suggested getting the cisco 3925 model to cover future growth. I asked for a data sheet that has suggested models of routers for the bandwidth of the incoming pipes. The technicians said they would email this information over but twice now I have not received it and cannot find this information anywhere online. We currently have a cisco 2851 utilizing one NM-1T3/E3 module and they purchased a cisco 2911 to replace this unit.
View 2 Replies
View Related
Apr 29, 2012
on-plus see the device and allows CPE( imbedded) to start then never opens,,,tried genera connection and used that address supplied to open CCP no discovery.also seems onplus doesn't see a service contract or firmware, etc
View 1 Replies
View Related
Sep 24, 2012
I recently received these routers and after the first reboot I changed the user id and password so it does not lock out...After configuring my routers for installation, upon bootup I am getting this message scroll down my screen
monitor: command "
View 1 Replies
View Related
Jan 22, 2012
Is this module supported in the CISCO2900 routers?I have come across two documents that seem to contradict each other:In this one says:
Cisco 8-Port Channelized T1/E1 and ISDN PRI High-Speed WAN Network Module
#
–Part number: NM-8CE1T1-PRI
#
–Provides channelized T1 or E1 connections or ISDN PRI connection
#
–Supported on Cisco 3800, Cisco 2900, and Cisco 3900 series routers
[code].....
View 2 Replies
View Related
Dec 29, 2011
Me to a 2951 router with fireawall featureset. Ive begun to move the ACLs that where in the pix. However some of the rules are allowed to be typed in bur when i look at the ACL afterwards they are not what i typed in.
View 2 Replies
View Related
Oct 22, 2012
CNA version is 7.5(6)
router: Cisco 2951
error: unable to connect
are able to connect to other switches, such as 2970 questions:
1. is there any configuration needs to be done to connect to 2951 though CNA?
2. is 2951 supported device in CNA?
View 2 Replies
View Related
Aug 28, 2011
I want a router to terminate 100Mbps MPLS link on it. Can Cisco 2951 will be suitable for this or i have to go on to 3900 series or 7200 series
View 2 Replies
View Related
Jan 11, 2012
We have purchased a new 2951 router with IOS version 2951-universalk9-mz.SPA.150-1 and we would like to upgrade to c2951-universalk9-mz.SPA.152-2.T.bin.
View 1 Replies
View Related
Oct 7, 2012
I configure HSRP on Router 2951 as a primary router, and Router 2811 as backup router. But when I am switching off my Primary router the backup router is taking 2 mins to take over form primary router.
[code]....
View 4 Replies
View Related
Feb 14, 2012
I have a question, it is possible to have two WAN interfaces to configure a cisco 892 router with an ip 255.255.240.0 84.197.167.111 adderess of the first interface and a different ip address 84.197.174.182 255.255.240.0 on the second interface
View 5 Replies
View Related
Jan 9, 2011
i have a 7201 router with NPE-G2. i have a design which i have the option to send all the traffic through a GRE tunnel or a L2TPV3 tunnel.which method is more CPU consumption ?
View 1 Replies
View Related
Oct 19, 2011
I'm trying to set up an 1801 router with two WAN interfaces, fastethernet0 and fastethernet1. On the LAN side, I have two subnets. One subnet's internet traffic should be routed over fastethernet0, the other over fastethernet1.I've setup some route maps to accomplish this. I can surf the internet using subnet 192.168.2.0/24 fine, all traffic goes out of fastethernet0. However, and this is where the problem is, if I try to reach the internet using subnet 192.168.3.0/24, all packets go out interface fastethernet0 with the source address of fastethernet1!When I'm surfing the internet, from subnet 192.168.3.0/24, packets should be going out fastethernet1, now they're going out fastethernet0.
View 8 Replies
View Related
Oct 11, 2012
Customer has three 881 routers. FE0 connects to their WAN, FE4 connects to their LANs. Two VLANs are configured on FE4. Class-maps and Policy-map created to detect voice traffic:
class-map match-any VoIP-RTP-Trust
match ip dscp ef
class-map match-any VoIP-Control-Trust
[Code]....
View 5 Replies
View Related
Mar 17, 2013
I have a 1921 with 3 interfaces. One for the LAN and the other 2 are wan each with a public address. The 2 wan interfaces are used for redundancy. I would like to know how I can static nat the same port and inside address on both wan interfaces.So if the request comes in on one or the other it works. I know if I do a static nat to one of the wan interfaces and then add the same port and inside address to the other wan interface it replaces the previous configure.
View 5 Replies
View Related
May 26, 2013
I have a Cisco 2811 router with 2 ADSL interfaces and we have 2 internet lines associated with it. One is with Telstra and one is with iiNet. All internet traffic from inside the office is routed through Telstra line. The iiNet line is used for incoming emails, establishing VPN etc. The problem is that we are not able to "PING" the iiNet's IP address from the outside world however, PING works for Telstra IP. What do I need to configure on the router if I want to PING and Putty in the router using both Telstra's and iiNet's IP from outside world?
View 1 Replies
View Related
Oct 17, 2012
I am using a Cisco RV110W (Firmware 1.2.09) in a branch and I would like to create a VPN Tunnel to another site that has a Cisco RV042 (firmware v4.2.1.02)
What would be the correct Configuration? the current configuration I am using is
in the RV042 i am using
Check Enable
Local Group Setup
Local Security Gateway Type : IP Only
IP Address : RV042 Pulbic IP address
[Code].....
View 3 Replies
View Related
Jan 14, 2013
We currently installed a 100Mbps fiber line with Ethernet hand-off. I purchased a Cisco 3925 ISR to be the gateway for this connection. I am not going to use it for any security purposes. I have an ASA5520 that will do that work. Right now I am currently just trying to get the router online.
I know the following
Laptop <--->GB 0/1((()))GB0/0<---->Ethern
et handoff from ISP.
I can ping and SSH to the outside interface of the router from outside the network. I can also ping and SSH to the router from the laptop that is directly attached to the routers GB0/1 port. From the Router's CLI I can ping IP addresses on the internet. From the laptop I can not. I can not access the internet through the router though. Here is my config.Building configuration...
Current configuration : 3724 bytes!! Last configuration change at 02:17:03 UTC Tue Jan 15 2013 by ggsis! NVRAM config last updated at 02:09:33 UTC Tue Jan 15 2013 by ggsis! NVRAM config last updated at 02:09:33 UTC Tue Jan 15 2013 by ggsisversion 15.1service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname XXXNAMEXXX!boot-start-markerboot-end-marker!!logging buffered 51200 warningsenable secret 4 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX!no aaa new-modelmemory-size iomem 20!no ipv6 cefip source-routeip cef!!!!!no ip domain lookupip domain name XXXXXXXXXXXXXXDomainXXXXXXXXXXXmultilink bundle-name authenticated!!crypto pki token default removal timeout 0!crypto pki trustpoint TP-self-signed-XXXXXXXXXXXXXXXXenrollment selfsignedsubject-name cn=IOS-Self-Signed-Certificate-XXXXXXXXXXXXXrevocation-check nonersakeypair TP-self-signed-XXXXXXXXXXXXXX!!crypto pki certificate chain TP-self-signed-XXXXXXXXXXXXXXcertificate self-signed
[code]...
View 10 Replies
View Related
Mar 6, 2012
our customer has a server farm in a data center.At the moment the farm has connectivity with only one ISP but sometimes it has service discontinuity.Customer wants to become AS and having two ISP connectivity for backup purposes.He needs to evaluete two cisco routers to use at AS edge with BGP.At the moment he says that the throughputh with the server farm is max 15Mbps and in the future he thinks that it will not increase.We think about cisco2951 routers with 2GB ram.Is cisco 2951 adeguate for this task ?
View 3 Replies
View Related
Jan 25, 2011
I have the situation with my new Cisco 2951 router. It has only one module on board - SM-D-ES3-48-P. I don't know what is wrong but I can't see any information about this module. When I connect my laptop to any port it's become green, but it's still green even after I disconnect PC from this port. Sh ip int brief command shows only built-in gigabit interfaces. I also connect my second PC to the router by console to monitor any changes when I connect or disconnect laptop to the module's ports. [code]
View 3 Replies
View Related
Mar 22, 2011
I'm setting up IPsec for a DMVPN between a 2811 and 2951s in a test lab. I have enabled IPsec on the hub (2811) but I am unable to do so on either of the 2951s. After researching, it seems that I may have the incorrect IOS for this, but I am at a loss which IOS I should be using. Currently the 2951s are on "c2951-universalk9-mz.SPA.151-2.T2.bin".
View 1 Replies
View Related
