I am getting ready to deploy a 3945 ISR to serve as an internet and core router for and remote site. I will be terminating a site-to-site VPN tunnel on it and also configuring a zone based firewall config between my "outside" (internet link) and "inside" (all internal nets). My question is about how to approach securing the WAN interface with the Zone based FW in place?what kind of ACL do I need beyond those allowing and restricting remote access to the outside ip?
I've been trying to configured Websense urlfiltering using ZFW feature on my Cisco 881G router. The router is running on IOS 15.0(1)M with Advanced IP Services. And I have confirmed it supports urlfilter feature.
This is what I tried to accomplish but IOS version 15.0x seems to have different command set. ----------------------- class-map type inspect httptraffic match protocol http parameter-map type urlfilter param server vendor websense 10.20.30.40 [Code]...
I have come across articles mentioning that URL Filtering can be implemented by using ASA 5505 with URL Filtering Servers. But Websense and other Web Filtering Servers are paid ones ? Are there any free solutions available ? What exactly is N2H2 ? The reason is I don 't want to increase the CPU utilization of ASA by implementing URL filtering within the device. If I have around 30 nodes which connects to the internet via a 2Mbps line through ASA 5505 and if I want to block around say 10 or 15 URLs , will it increase CU utilization beyond permissible limits ? Currently the CPU Utilization is around 10 - 15 . Here's the infrastructure setup .
I am trying to find out what the 'normal' operating temperature of the CPU in a 3945 router is? We have just replaced some 2800 routers for 3945's and the NMS server initially complained about the new router CPU temperature being too high. Compared to the 2800 the CPU temperature is much hotter - 50 degrees celcius as opposed to 20-smothing degrees. I have searched but can't find what are considered 'normal'?
This is the output:
router#sho environment allSYSTEM POWER SUPPLY STATUS==========================Internal Power Supply 1 Type: DCInternal Power Supply 1 12V Output Status: Normal
I reported a really strange issue on a Cisco Router 3945. Here below info about release software used: [code] Please look at a brief extract of router running configuration file: [code] It’s an easy configuration of Extended ACL and the application on an Ethernet interface. The expected result is:
- The interface works properly (because access list is permitting every kind of data traffic in input) - Checking “show access-list 180”, the counter of matched packets increments for all the packets that are forwarded inside the fa0/0/1.
But actually the Fastethernet 0/0/1 drops all the packets as if all the packets don’t match with access list (And this behavior is really incredible). The interface couldn't be used anymore because any kind of data traffic is denied.
When I try to configure a voice port (like voice-port 0/0/0:15) after doing a conf t, it gives me an error of invalid input detected.We are using a Cisco 3945. We have successfully setup 3825 and 2851 in the past.
I have a Cisco 3945 Router and when we try to add the same into the Cisco Works it gives me an error saying " CM0056 Config fetch failed for 192.168.xx.xx Cause: CM0204 Could not create DeviceContext for 1238 Cause: CM0206 Could not get the config transport implementation for 192.168.xx.xx Cause: UNKNOWN Action: Check if required device packages are available in RME. Action: Check if protocol is supported by device and required device package is installed.
We are using LMS version 2.6. Any info on the latest router 3945 with support or not.
On a 3945 voicegateway,I want to remove a wave file (announcement), with the purpose that a new one can be automaticaly downloaden from UCCE to the box.Is there a way to do that automaticaly with SNMPSET <voicegateway> <MIB OID> <??wave file name??> <reload>
EDIT: or clear the cache, which it should be I think. (all wave file cache, or only one file, not sure what should be used and/or what is possible
We just recently purchased a 3945 ISR G2 router and have a SRE-910 module (with two hard drives) configured in a Raid 1. We are running a stand-alone version of ESXi on the service module and I'm trying to figure out how to monitor the status of the Raid on the drives (along with other health issues). SNMP has revealed nothing so far and even opening a support case for which MIB's to use has proved fruitless. All the documents I find on monitoring the modules say to use LMS which is now Cisco Prime. I've downloaded the trial copy, put in the SNMP settings and scanned the router. I get device results and it shows that I have the SRE-910 module installed, but I get no other configuration / device informaiton from the module itself.
I tried to create a new Monitoring template using the NAM health as the base template (which I'm assuming this is the correct template). Unfortunately, when I actually try to deploy the template against the discovered router, I get an 'Unexpected end of list' error which makes me assume I'm still doing something wrong.
CISCO 3945 Routers - Are the 3945 Router power supplies load balanced by default? We are trying to determine if our switch/server rack at our remote location has maxed out it's power load requirements. I just need to know if the 3945 power supplies load balance by default or if the redundant power supply is ON but not really providing the router with power and is just there incase the other power supply fails .
We are having problems with a two router 3945 in HSRP and a switch 2960.The two routers are connected to the switch 2960 through differentes ports. The problem is that we loose connection between the router and the switch.When we excute the command: show cdp neighbor at router, it shows nothing.If we try to make ping to the 2960 switch it is no reachable.If we make ping to the other router 3945 it is not reachable.All other function of the router are o.k.We are attaching the IOS of the routers and switch 2960 and a document in which make reference to a BUG in which mention about arp overwrite due arp attack which produce DoS.
I am using DHCP/TFTP to autoconfigure a 3945 router. The router properly obtains an IP address and finds the correct TFTP server. The issue lies in the download of the configuration file from the TFTP server. The router downloads the file, gives the "Ok" message, and prompts you to press Return to get started. When I view the running-config, several commands are missing from the Serial 0/0/0 section (HWIC-2T). If I modify the config file on the TFTP server to use Serial 0/0/1 instead and repeat the process, the configuration file loads without any issues and Serial 0/0/1 has all of the commands.
I also tried moving syntax around in my config file, but the end result is still the same. If I use Serial0/0/0 - I don't get all of the commands. If I use Serial 0/0/1, I do.
Application is that need to configure the VOIP with the existing Frame relay network ,where VOFR command is not shown in the router when type yhe command router config#dial-peer voice 123 need vofr On the 3945 router where in the router it is not accepting the above command,
I have a Cisco SR-520 router which I am trying to configure and install the IOS content filter. I have read many of the documents on this but some of the lines do not work, from using the pages belowURL you are supposed to enter parameter maps as follows:-
parameter-map type trend-global global-param-map server trps.trendmicro.com cache-size maximum-memory 256 cache-entry-lifetime 1
The router has 12.4 (20) T4, which is supposed to be supported, the only other way of configuring is using CCP which is not compatible with SR-520's you recieve hardware not supported message's.
Just got my new E4200 v2 router. Set up mac filtering for one device and after saving the change the router was refreshing and disconnected all my devices and could not log in to the router wired or wirelessly and had to do a factory reset. Have the latest firmware. Is this a defect in the router?
Since I have this router E4200 my network undergoes changes alone. I have a MAC filtering as I had in my previous WNRL 160N and had no problems but here the overnight me are the 14 that I have enabled MAC, put another 3 that are not from where I changed the settings WiFi network, I've put in hidden, change encryption type and others and continues to happen randomly, and I added the router directly to the list of allowed MAC. I have remote management disabled in the Cisco Network Magic are not those MAC. not because it adds the MAC and I removed some that I have put the single.
I have Zone Based Firewall running on a 2821 router and would like to configure Url Filtering with Websence . IOS running on that device is c2800nm-adverterprisek9-mz.150-1.M7.bin . Once you have ZBF config you cant configure url-filtering using classic way ( ip inspect ) and this has to be done using class , policy maps .For this to to happen it is required to have match protocol http command under the class map , it wont work using the match access-group command.[code]
Once I put match protocol http command browsing becomes dead slow , also without using match protocol command I cant continue to configure Url Filtering . Is this a problem related to IOS where match protocol command isnt working fine . I have checked CPU utlization of Router and it was roughly near 7 percent .