Cisco WAN :: Setup New Switch 4506e For Remote Site?

Jun 6, 2010

I'm trying to set up a new switch, a 4506e, for a remote site. Most of our newer remote sites are using a 4506 and this is the first time I'm working with a 4506e. Our standard configuration, which was in use before I started here, has QoS settings. I'm not that familiar with QoS. Most of the QoS commands in our standard config aren't working in the 4506e. Does the 4506e have QoS? Is there some guide as to setting it up? Below are excerpts from the config we're using that are QoS related:
 
qos dblqos map dscp 32 33 34 35 36 37 38 39 to tx-queue 2qos map cos 3 to dscp 26 qos map cos 5 to dscp 46    qos aggregate-policer XYZ_AGG 64 mbps 8 mbyte conform-action transmit exceed-action drop qos!class-map match-all match_XYZ  match access-group 142!policy-map police_XYZ  class match_XYZ police aggregate XYZ_AGG!interface GigabitEthernet4/1 description server qos dscp 48!interface GigabitEthernet4/30  description server  service-policy input police_XYZ!interface GigabitEthernet4/48 description upstream connection qos trust dscp tx-queue 1   shape 98 mbps tx-queue 2   shape 1 mbps tx-queue 3   priority high

View 2 Replies


ADVERTISEMENT

Cisco Routers :: Setup VPN Tunnel Between Linux Machine And RVS4000 At A Remote Site?

Jul 21, 2011

I'm trying to set up a VPN tunnel between a Linux machine and a RVS4000 at a remote site (served via satellite connection). After many efforts, I finally succeeded (based on Openswan). However, while PINGing is OK, big packets (from the RVS4000 LAN to the Linux box) arrive corrupted.
 
I lowered the WAN MTU, with no success. What finally did the trick is to lower the MTU at the RVS4000 LAN interface. Since this is not possible via the Web I/F, I did it via telnet ("ifconfig eth0 mtu 1400"). However, this change is lost after router reboot. How can I make the LAN MTU setting permanent?

View 1 Replies View Related

Cisco Routers :: RV180 To Setup A VPN Tunnel Between Remote Site And Central Office

Aug 18, 2012

I bought 2 RV180 to setup a VPN tunnel between a remote site and central office.The VPN tunnel is established, I can ping from central office to remote site but browsing on that server fails. [code]
 
Seems the routing is not really working through the VPN Tunnel.

View 4 Replies View Related

Cisco VPN :: 5510 Site To Site VPN Access To Servers With Overlapped Remote Site

May 18, 2012

I have a requirement to create a site to site vpn tunnel on ASA 5510 from a remote site to my HO, ihave already other site-to-site tunnels are up and running on the ASA.The issue is my remote site has got the network address which falls in one of the subnet used in HO(192.168.10.0/24).My requirement is only  My remote site need to accees couple of my servers in HO which is in 192.168.200.0/24 subnet.

View 2 Replies View Related

Cisco VPN :: 5520 Requirement To Terminate Site-to-site VPN From Remote Site

Jun 17, 2012

We have ordered a pair of Cisco ASA5520 (ASA5520-BUN-K9).Now there is a requirement to terminate site-to-site VPN from remote site. Do we need VPN plus licence for this and how much it cost?

View 1 Replies View Related

Cisco VPN :: 877 / How To IPsec Site To Site Vpn Port Forwarding To Remote Site

Jun 13, 2012

The scenario where a Site to Site VPN tunnel has been established between Site A and Site B. Lan on Site A can ping Lan on Site B. My problem is a Printer behind Site B needs to be accessed by using the WAN IP address of Site A. Also i could not ping the remote lan or printer from the router.
 
Below are my configure on the Cisco 877 in site A.  
 
Building configuration... 
Current configuration : 5425 bytes
!
! Last configuration change at 15:09:21 PCTime Fri Jun 15 2012 by admin01
!
version 12.4
no service pad

[code]....

View 1 Replies View Related

Cisco VPN :: 5505 - Site To Site Connected But Cannot Ping Remote Site

Oct 11, 2011

cisco products and am struggling getting a VPN going between an ASA 5505 and 5510.  I have a VPN created (using the VPN wizward on both) and it shows the VPN is up, but I can't ping the remote site (from either side).

View 11 Replies View Related

Cisco Switching/Routing :: 4506E Switch Power Supply Upgrade

Dec 8, 2012

I would like to check if it may be possible to hot-upgrade/swap the 4506E power supplies? Based on the configuration guide; I have summarized the steps as follows:

1. Switch has 2 existing power supplies to be upgraded

2. Remove right side/bay 2 power supply and install new power supply

3. At this point; the new power supply will be in err-disabled due to different power supplies on the switch

4. Remove the left side power supply and install new power supply

For item 4; during the removal of the old power supply in bay 1/left side and installation of the new power supply; I am wondering if the switch would lose power even though the new power supply is installed in bay 2?

View 1 Replies View Related

Cisco Switching/Routing :: HSRP Group Limit In 4506E Switch?

Oct 31, 2012

I have two cisco 4506-E series switches ..
 
We are planning to go for HSRP redundancy for 32 VLANs. Means In a Cisco 4506-E switch , we will configure 32 vlans and among them 16 vlans will be primary and 16VLANs will be standby ans it is viceversa in another core-switch
 
My querie is How many standby groups can we create in Cisco 4506-E switch,
Is there any limitation..
 
If there is any limitation , can we go ahead with VRRP,GLBP? Are there any limitation in VRRP/GLBP? Is there any design related issue can we face if we use same group number to all VLANs?
 
Product details :
 
Model : Cisco 4506-E
Sup Model : WS-X45-SUP6L-E
IOS  : S45EIPBK9-12254SG

View 2 Replies View Related

Cisco VPN :: ASA 5505 Site To Site Connection / Remote Site?

Mar 6, 2011

i have 2 router asa 5505 with base license i wanna make site to site vpn connection and remote site using vpn client to connect first i have hdsl router with 5 public ip i wanna try it by giving 1 public ip to each router and try the vpn but nothing work?

View 1 Replies View Related

Cisco Switching/Routing :: Catalyst 4506E Switch - Running L2 Metro Features

Sep 10, 2012

I think choose this SWITCH 4506-E and I need running only features L2 Metro, but Idont known what IOS for this!

View 1 Replies View Related

Cisco Switching/Routing :: 4506E After Reload Switch / Found That Clock Is Getting Reset

Apr 22, 2012

I have one 4506E switch working in Lan setup as a core switch with WS-X45-SUP6L-E running ipbase IOS 12.2(54)SG1. Each time after reload the switch we found that the clock is getting reset ( time is getting changed ) where as day, date & year is unchanged.

View 2 Replies View Related

Cisco Switching/Routing :: Limit Bandwidth On A Gig Port Of 2960 Or 4506e Switch?

Apr 4, 2012

how can i limit bandwidth on a gig port of 2960 or 4506e switch?

View 9 Replies View Related

Cisco VPN :: ASA 5510 - AnyConnect Users Cannot Access Remote Office Over Site-to-site

Jul 15, 2012

we have two ASA 5510s one in 8.4(4) and one in 8.2(5) in a site-to-site VPN setup. All internal traffic is working smoothly.Site/Subnet A: 192.160.0.0 - local (8.4(4)) Site/Subnet B: 192.260.0.0 - remote (8.2(5)) VPN Users: 192.160.40.0 - assigned by ASA When you VPN into the network, all traffic hits Site A, and everything on subnet A is accessible.

Site B however, is completely inaccessible for VPN users. All machines on subnet B, the firewall itself, etc... is not reachable by ping or otherwise.There are also some weird NAT rules that I am not happy with that were created after I upgraded Site A ASA to 8.4

Site A internal: 192.160.x.x     External: 55.55.555.201(main)/202(mail)
Site B (over site-to-site) is 192.260.x.x     External: 66.66.666.54(all)

I pretty much just have the basic NAT rules for VPN, Email, Internet and the site-to-site.What do I need to add for the VPN to be able to access the site-to-site network?

Here is my NAT config:

nat (inside,Outside) source static DOMAIN_LOCAL DOMAIN_LOCAL destination static VPN_Network VPN_Network no-proxy-arp route-lookup
nat (inside,Outside) source static DOMAIN_LOCAL DOMAIN_LOCAL destination static DOMAIN_REMOTE DOMAIN_REMOTE no-proxy-arp route-lookup
!
object network DMZ_Network
nat (DMZ,Outside) dynamic interface
object network DOMAIN_LOCAL

[code]....

View 3 Replies View Related

Cisco VPN :: Remote Client Cannot Connect To Local Network Or Site To Site ASA 5510

Jul 21, 2011

I setup RA-VPN under local asa 5510 IP pool (192.168.127.0/24) and all was working fine. I got internet and local network access.
Then i have 5 site to site VPN working fine but when im traying to access to those L2L VPNs from the remote acces client im not able to do that. So after that i decided to obtain IP addresses from my DHCP server so i can obtain IPs from my local network (172.17.16.0/16) and then access normally to the VPN site to site. But the surprise was that the VPN cisco client is getting local IP address (172.17.16.222) perfectly but im not able to access even to my local network.

I have the same-security-traffic permit inter-interface same-security-traffic permit intra-interface enable.

View 6 Replies View Related

Cisco WAN :: 2911 - Site-to-site IPsec Vpn / Unable To Ping Remote Network

Apr 3, 2013

I have two Cisco routers - 2911 in HQ and RV180 in branch office. Because in HQ LAN network I have some development servers, to which guys from branch office need to have acces, I decided to setup VPN site-to-site between HQ and branch office. Everything went quite smoothly, on both devices I see, that ipsec connection is established. Unfortunately I am not able to ping resources from one network to other one and vice versa. Below is the configuration of 2911 router (I skipped som unimportant (imho) configuration directives) :
  
crypto isakmp policy 1
encr 3des
hash md5

[Code].....

View 9 Replies View Related

Cisco Firewall :: ASA 5510 Identity NAT Configuration For Remote Access VPN And Site-to-Site

Mar 9, 2011

I am try to configure ASA 5510 with 8.3 IOS version.My internal users are 192.168.2.0/24 and i configured dynamic PAT and are all internet .

i want configure identity NAT for remote access VPN.Remote users IP pool is 10.10.10.0 to 10.10.10.10
 
i know to configure NAT exemption in IOS 7.2 version. But here IOS 8.3 version. configure NAT exemption for 192.168.2.0/24 to my remote pool( 10.10.10.0 to 10.10.10.10).

View 6 Replies View Related

Cisco VPN :: ASA 5510 - ISP Site To Site Failover With Single Remote Peer Address

Apr 16, 2011

I have a ASA 5510 actve/standby and create one site to site VPN with remote peer ip address xx.xx.xx.xx, Our VPN traffic running on 6 mb internet link for video conferancing traffic.Now client give another link 2 mb internet and client told to us our data traffic runnig on 2 mb link but this data traffic running on the same remote peer IP xx.xx.xx.xx.
 
Secondly request also they need failover over the ISP link.
 
how we immplement the same on ASA 5510.

View 0 Replies View Related

Cisco VPN :: 506 Firewall 6.3(4) PDM 1.0 / Broke Remote VPN After Site To Site VPN Tunnel Created?

May 19, 2011

It's been a long time since I played in Cisco CLI.Using a Cisco 506 Firewall 6.3(4) PDM 1.0?Problem is I created a site to site tunnnel with a vendor and since then our remote VPN does not work. Completely times out so I am sure I broke something in the crypto map or something similar.
 
Tunnel is policy 10 using access-list 101
Remote VPN is Policy 20

Config Below:

: Saved:PIX Version 6.3(4)interface ethernet0 10fullinterface ethernet1 10fullnameif ethernet0 outside security0nameif ethernet1 inside security100enable password XLk0qAaMaA6kjvA6 encryptedpasswd VeCrsQbWdIFPwnny encryptedhostname RMS-DR-PIXdomain-name RMS.Localfixup protocol dns maximum-length 512fixup protocol ftp 21fixup protocol h323 h225 1720fixup protocol h323 ras 1718-1719fixup protocol http 80fixup protocol rsh 514fixup protocol rtsp 554fixup protocol sip 5060fixup protocol sip udp 5060fixup protocol skinny 2000fixup protocol smtp 25fixup protocol sqlnet 1521fixup protocol tftp 69namesobject-group network FTP_Clients description FTP Client PCs network-object host 192.168.xxx.xxx network-object host

[code]....

View 4 Replies View Related

Cisco VPN :: ASA 5510 - Remote Subnet Group To Access Other Site-site VPN?

Feb 14, 2011

I have a cisco ASA 5510 at the branch here. It terminates about 8 vpn tunnels and also it supports remote access clients. I just have a quick question. Can my remote sub-net group access the other remote access site-site VPN subnet group. If yes then how should i configure it.

View 6 Replies View Related

Cisco AAA/Identity/Nac :: Configure Radius Authentication Across Site-to-site VPN For ASA 5510-01 For Remote Access?

Jun 28, 2012

I am attempting to configure Radius authentication accross a site-to-site VPN for my ASA 5510-01 for remote access.
 
 ASA5510-1 currently has a live site to site to ASA5510-2.
 
ASA 5510-1 - 10.192.0.253
 
ASA 5510-2 - 172.16.102.1
 
DC - 172.16.102.10
 
ASA5510-01 can ping the DC and vica versa but is unable to authticate when i perform a test. ASA5510-01 can authenticate to a DC on it;s own LAN but not on the remote LAN that DC sits on.
 
I have double checked the 'Server Secret Key' and ports as well as various users which all work locallly. ASA5510-02 authenticates to DC with no problems.

View 3 Replies View Related

Cisco VPN :: ASA 5505 - Users Aren't Able To Reach Remote Network Through Site-to-site Tunnel

May 21, 2011

Remote-access users aren't able to reach our remote network through a site-to-site VPN tunnel between two ASA 5505's.
 
I've seen several threads about that here, I've run through the walkthrough at [URL] I've taken a stab at setting split tunnelling and nat exemption, but it seems I'm still missing something. Remote-access users can reach the main site, but not the remote site.
 
Remote-access (vpn-houston) uses 192.168.69.0/24.
The main site (houston) uses 10.0.0.0/24
The remote site (lugoff) uses 10.0.1.0/24

View 5 Replies View Related

Cisco Wireless :: Configuring 5508 At Remote Site To Tunnel Traffic From WLC At Main Site?

Sep 20, 2012

At the main site, I have 3 5508 WLCs each part of a mobility group (wlcMain-MG).  In NCS, under "System/Mobility Groups" for each controller, I see each controller listed as "local" with the other Controllers listed with the group name "wlcMain-MG".  None of the SSIDs are "anchored".
 
I have a new site with a 2500 series WLC that I would like to push out 2 SSIDs.  This site contains two customers.  One customer is the Main customer with the second customer leasing space.
 
I have the Cust2 WLAN at the remote site set to have traffic egress out of a local interface on the 2500 WLC (this traffic is then tunnelled back to their Main location via an ASA which houses the DHCP scope for that vlan).    I can connect to this SSID, obtain an IP Address off the ASA and am tunnelling without issue.
 
For the Cust1 WLAN at the remote site, I would like to broadcast an SSID from the Main location on those same APs which are registered to the 2500.  It is my understanding, that I anchor the SSID at the Main site and identically configure the SSID at the remote site.  This will allow the end user to authenticate to the RADIUS server at the Main site and be placed upon the correct vlan (we are using DOT1x and dynamic vlans).
 
For my test, I am starting simple.  I have created a test WLAN with no authentication. At the main site, on 5508 WLC3, I have created the test WLAN, and placed the interface into a low security vlan (call it VLAN-low).  I have anchored this test WLAN to that controller.  At the remote site, I have created the same WLAN (but placed it into the management interface for now - the VLAN-low does not exist at the remote site) and configured that WLAN to anchor back to the WLC3 at the main site.  I am unable to obtain an IP address from the remote site.  I have placed the remote site WLC in the wlcMain-MG as well. How close does the code need to be on the controllers - the 5508s are at 7.0.116.0 and the 2500 is at 7.0.220.0? What could I be missing?

View 5 Replies View Related

Cisco Routers :: RV180 - Site-to-site VPN And Remote User

Dec 6, 2012

We have successfully establish a site-to-site vpn, but we have some difficulties when PPTP users try to access the remote network linked by this tunnel. LAN users can access the remote network without problem, but users who are connected remotly to the lan (PPTP) can't access computer on the remote network. Is there a way to allow PPTP user to access the remote network ? Adding a route ?

View 1 Replies View Related

Cisco VPN :: ASA5505 Blocking Remote Network / Site-to-site Vpn

Jun 28, 2011

I have a site-to-site VPN already established, everything is working as it should.  I'm trying to block the remote network from accessing our network since we only need to access theirs.  I'm sure this is something very easy to implement with an ACL but I'm not sure where this rule needs to go. The VPN is on ASA 5505. 

View 5 Replies View Related

Cisco VPN :: 876 ISR / Traffic From Easy VPN Client To Remote End Of Site-to-site?

Apr 27, 2011

A user with Easy VPN client connects to a 876 ISR (router A). This router also has a site-to-site VPN to another 876 ISR (router B). What I want to achieve is that the user dials in to router A and can access the network on the remote end of the site-to-site tunnel (router B) In diagram:
 
user (192.168.18.x) - Easy VPN - Router A (192.168.16.x) - sitetosite - Router B (192.168.17.x)
 
I have added routes in router B to the 192.168.18.x network with router A as next hop, but I can't reach the other segment.

View 1 Replies View Related

Cisco VPN :: ASA5505 Site-To-Site And Remote Access On Same Device

Jun 3, 2012

I'm attempting to configure an for both site-to-site and remote access VPNs.  The site-to-site is working fine, however when I connect using the Cisco client, after initial connection and password prompt I get a "not connected" status.  The log states that a policy map match could not be found.  I have successfully set the unit up for remote access with no site-to-site and ran into another host of issues when adding the site-to-site to the working remote access config, so I started over setting up site-to-site first.  I've attempted this through ADSM (hate it) - the current configuration is via CLI.  I'm certain I'm just missing a piece or two.

View 2 Replies View Related

Cisco VPN :: ASA 5520 / Routing Site-to-Site VPN To Remote Users?

Oct 29, 2011

We have a site-site and remote vpn configured in same interface in ASA 5520 ( software version 8.3  ). When Remote vpn users try to connect to computers located on the distant end of site-site VPN, their request failed. I tried No-Nat between  remote vpn private IP to the remote site private IP, also stated the same in Split tunneling. I cant find even the tracert, ping also timed out.

View 7 Replies View Related

Cisco VPN :: ASA 5505 8.2.1 - Site-to-Site VPN NAT - Add Wireless To Remote Location?

Oct 18, 2012

On one of our branch locations ASA, I have a L2L VPN setup we are adding wireless to this remote location, and the AP's will talk back to the controller at HQ. The AP's are on the downstream L3 switch, and they have been placed on the mgmt network. It's definitely not ideal to have these AP's on the mgmt network, but for now that is how it is setup.

From HQ (163.122.x.x) I can ping and reach the ASA (10.200.2.1, and the downstream L3 switch 10.200.2.100, but when I ping one of the AP's, I get timeouts and and the following error on the ASA:%ASA-3-305005: No translation group found for icmp src outside:10.205.216.73 dst mgmt:10.200.2.152 (type 8, code 0)
 
It appears it's a NAT issue on the ASA, but I'm confused on what I need to change. Why can I ping the ASA and the switch from HQ, but not the AP's which reside on the same mgmt network? I don't really need it to NAT, just to pass the connections. I currently only have the following two NAT statements in the configure

[code]...

View 1 Replies View Related

Cisco VPN :: ASA 5510 - Remote Clients To Site To Site Tunnel

Feb 20, 2013

I have a situation where I need to have remote users vpn into my ASA 5510 and then turn around and hit a site to site tunnel.  Now when I am in our office I can hit the site to site vpn fine.  When I am at home and vpn to the asa I can not get to the site to site resources. Do you see where my config is incorrect? result of the command: "show run"
 
ASA Version 9.1(1)
!
hostname xxxxx
domain-name xxxx
enable password xxxxx
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
[ code]....

View 3 Replies View Related

Cisco VPN :: PIX 515 Accessing Remote Network Over Site-To-Site VPN

Sep 14, 2011

I have a PIX 515 and am working with a Site-to-Site VPN.  When I do not specify a filter on the Group Policy I can successfully access the remote network and the remote network can access my local network.  However this by itself poses a securty risk for my local servers.  I need to be able to access the remote network fully, however only one or two workstations on the remote network need to access mine.
 
If I add access-list vpn-remote-site extended permit ip host remote-wkstn1 any then only the remote workstation can access my remote network.  This gets me a step closer as now only the remote workstation can access my network effectively denying everything else.  However, from my local network I can now only access the remote workstation and not all of the other devices. I do not have any control over the remote firewall and would like to make sure it is secured on my end.

View 1 Replies View Related

Cisco VPN :: ASA 8.4 Fixed IP Site - Site VPN Remote Has Dynamic IP?

Jan 12, 2012

Scenario using ASA V8.4
 
RemoteLan - Router Dynamic WAN IP  ----------- site to site VPN --------------ASA - ASA Lan 192.168.1.0/24
10.1.1.0/24
 
I am trying to get my head round configuring an ASA with V8.4 code where things have changed especially NAT.In earlier ASA 7/8.x code I belive the crypto map below would have allowed a properly configured remote router to connect irrespective of its WAN IP
 
I am struggling to get my head round how I achieve the same in ASA V8.4 . I have searched the web and found plenty of examples for earlier code but specificlly am trying to learn about how to achieve it with v8.4
 
access-list outside_cryptomap_20.1 extended permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0
nat (inside) 0 access-list outside_crypto_map_20.1
crypto ipsec transform-set myset esp-des esp-sha-hmac
crypto dynamic-map cisco 1 match address outside_crypto_map_20.1
crypto dynamic-map cisco 1 set transform-set myset

[code]....

View 12 Replies View Related

Cisco VPN :: 5510 - VPN Site-To-Site And Remote Access

Aug 8, 2011

can I configure Site-To-Site VPN and Remote Access VPN at the same time in one ASA 5510?

View 8 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved