I've setup a NTP service by using Cisco 2811 routers. This works fine at the moment, but in the end there are some questions left.
1. I'm using two 2811 Routers, one for primary, which is resceiving the time from PUBLIC NTP 1, and one for backup, which is resceiving the time from PUBLIC NTP 2. Is it possible to compare these to times an check if the match? And if not, generate an alarm via e.g. SNMP
2. Is it possible to check via SNMP, if the routers are reaching PUBLIC NTP 1 and PUBLIC NTP 2 for sync?
i have a branch router that connects to mpls WAN. Also has a second interface that is used for dmvpn failover in case WAN goes down.We want to use this second interface also as the primary internet circuit for the branch. I changed the default route to the next hop address on the other side of the second interface and expected this to work.But i was told i need to set up NAT for this to work, and set up an ACL for NAT to use. how to set up NAT?
I'm trying to setup a SSL VPN on a 2811. I believe I have the SSL VPN portion understood, but I can't tell because I keep getting stuck on the Certificate Server, ca trustpoint and identity trustpoint configuration.
guide that walks you through the CA cert, Cert Server, ca trustpoint and identitiy trustpoint to ios SSL VPN?
I am pretty new to the configuration of a DMZ and I have the task of setting one up.I have a Cisco 2811 Router running Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(24)T1, RELEASE SOFTWARE (fc3), 2 FE interfaces.One FE is connected to the WAN, with a loop back interface configured with the public IP for Internet access in the office.The other FE has 2 sub interfaces configured, one for data and the other for voice traffic.Users within the office are configured to use the data VLAN to access the internet through the WAN.
Now we are setting up some new services and we require to have DMZs setup.I want to setup 3 zones now that the different servers would reside in. How can i achieve this using the existing infrastructure I have?I have an idea to create more subinterfaces and assign them to the zones, but I am still not sure how this would play out. I have been on this for the whole day and unable to make significant progress.
I got connected ASA ----- ROUTER 2811) to metroethernet switch from my ISP , with a 4MB of bandwidth but the internet connections to all my LAN has been frozen and we lost connection to the internet, to restart the internet service I need to boot the ROUTER 2811 - and ISP switch to rollback the internet operation,My ISP support tell me if is possible to set up the traffic bandwidth in one or both borders devices, ( ASA 5510 or ROUTER 2811)
I am trying to setup a L2L IPSec VPN between cisco VPN3020 concentrator and Cisco 2811 something is not working and I don't understand why.I describe my situation in detail my router has 2 interfaces
External interface Fa 0/1 ip 193.P.Q.R Internal interface Fa 0/0 141.G.H.254 Lan on internal interface is 141.G.H.0/24
remote VPN concentrator has 2 interfaces
Public interface 131.A.B.C Private interface 131.A.I.E
I have to set up L2L so that host 141.G.H.10 can talk to host 131.A.H.D whici is behind the VPN concentrator my router config:
crypto isakmp policy 3 encr 3des hash md5 authentication pre-share group 2crypto isakmp key * address 131.A.B.C!crypto ipsec transform-set presid-set esp-3des esp-md5-hmac !crypto map presid-map 5 ipsec-isakmp set peer 131.A.B.C set transform-set presid-set match address presid!interface FastEthernet0/1 ip address 193.P.Q.R 255.255.255.252 duplex full speed 100 crypto map presid-map!interface FastEthernet0/0 ip address 141.G.H.254 255.255.255.0 duplex auto speed auto! ip access-list extended presid permit ip host 141.G.H.10 host 131.A.H.D ip route 0.0.0.0 0.0.0.0 193.P.Q.S
Then I configured VPN3020 accordingly creating a lan to lan profile with the proper IKE proposals ecc ecc when interesting traffic is matched by VPN acl (presid) I see this messages in the VPN concentrator logs:
57101 02/23/2011 15:49:05.310 SEV=4 IKE/119 RPT=4033 193.P.Q.R Group [193.P.Q.R]PHASE 1 COMPLETED 57102 02/23/2011 15:49:05.310 SEV=4 AUTH/22 RPT=3935 193.P.Q.R User [193.P.Q.R] Group [193.P.Q.R] connected, Session Type: IPSec/LAN-to-LAN 57104 02/23/2011 15:49:05.310 SEV=4 AUTH/84 RPT=11 LAN-to-LAN tunnel to headend device 193.P.Q.R connected 57110 02/23/2011 15:49:54.820 SEV=4 IKE/123 RPT=1093 193.P.Q.R Group [193.P.Q.R]IKE lost contact with remote peer, deleting connection (keepalive type: DPD) 57112 02/23/2011 15:49:54.820 SEV=5 IKE/194 RPT=3778 193.P.Q.R Group [193.P.Q.R]Sending IKE Delete With Reason message: Connectivity to Client Lost. 57114 02/23/2011 15:49:54.820 SEV=4 AUTH/23 RPT=14 193.P.Q.R User [193.P.Q.R] Group [193.P.Q.R] disconnected: duration: 0:00:49 57115 02/23/2011 15:49:54.820 SEV=4 AUTH/85 RPT=11 LAN-to-LAN tunnel to headend device 193.P.Q.R disconnected: duration: 0:00:49
and from router side I See this with show crypto isakmp sa
131.A.B.C 193.P.Q.R CONF_XAUTH 5 0 ACTIVE
but the status got stuck in CONF_XAUTH state and then disconnects?
I would like to set up a POTS Dial connection between 2 Cisco routers, using the modem card WIC-1AM-V2. I'd like to use this as an out-of-band connection to a remote site, if the primary internet connection fails. So, this setup will only be used in one direction, 1 router placing calls, the other one receiving calls.Here's my config of the receiving router:
chat-script dial "" ATZ AT OK "ATX3D T" ATS0=8 TIMEOUT 120 CONNECT C interface Async0/2/0 description out of band for network no ip address encapsulation slip async mode interactive line 0/2/0 session-timeout 5 absolute-timeout 10 script connection dial login local modem InOut transport input all escape-character BREAK autoselect ppp stopbits 1 speed 115200 flowcontrol hardware
This config is working fine, when dialing in via a Windows Hyperterminal Dial connection. After a while of dialing I get the login prompt of the router.Now I want to have a router placing calls instead of a Windows Server. I can't figure out how to tell a router to place calls to a POTS phone number.
i trying to set up a terminal server, 2811 with an HWIC-16A und two octo cables. [code] connect and sometimes not. It seems the connection is established but i don't get a prompt von the target device.The target devices are cisco 2811 and cisco catalysts 3560.
I'm am wanting to know how to configure Easy VPN server with downloadable ACLs on a cisco router 2811.
Indeed, I would like to set up a remote access vpn that uses radius for authentication of VPN clients. The radius server is connected to an Active Directory server that contains the log in / password. I would like to on the basis of the user who connects to the VPN, the ACL that define the services or servers to which this user can access is automatically applied on the router and define the rights of the users.
The Exchange can receieve emails but it will not send them. It cannot make connection to any of the smart hosts on port 25 or can't even send mail using DNS. When I run telnet my.smarthost.com 25 it will not connect but if I run that from the router then it connects fine.
I running site-to-site IPsec VPN in Cisco 2811 IOS 12.4 both site. Here I encounter a problem to access server on Site A from Site B
Site A having Leased Line connected to router with Public IP. I have done static mapping 1 web server to Public IP (NAT). This to allow external users to access the server via Public IP. At the same time, users at Site B would need to access to same server via Internal IP since they have Site-to-Site VPN established. But once I done Static Mapping (NAT), user at Site B unable to access the server at Site A using its internal IP. But external user can access server via Public IP. What went wrong here. Do i need to add extra command to get this done?
i've been using a VPN to connect to my home network from elsewhere for a few months. It's set up as follows:
PPTP Maximum Strength Encryption EAP-MSCHAP-v2 Authentication
Now I find out that MSCHAPv2 authentication has been broken and is no longer considered secure (even by Microsoft), so I want to change the protocol I'm using to make it secure.
However, I've spent 3 hours now researching this and I cannot for the life of me figure out how to use a better protocol on my Windows Server 2012 home server. I've tried setting up PEAP authentication (still PPTP) a la Microsoft's recommendation document, but it requires a certificate. I've created a self-signed certificate but it seems I can't issue certificates (via this method) without being a member of a domain, so I'm stuck. I can't even get started with L2TP since I can't find the option for it.
My question is this: Is there a way to setup a secure VPN server using Windows Server 2012 without a domain? If so, how do I do this?
I'm trying to connect a Cisco 2811 using an octal cable to a Juniper MX480 console port.Since the distance between Cisco 2811 and router is 20ft, im using couplers and a straight-through cable for the lack of slack. This wiring doesnt work, however in another city it works going straight from the Cisco 2811 octal cable to the router since they are in the same rack.
I want to setup a quick and simple VPN server on my ASA. I want to do local authentication and, once authenticated, I want to allow all internal access. I only have 1 WAN IP. I'm finding a ton of conflicting info online. The ASA is already setup and is operational. I just need the correct commands to setup the VPN.
I have setup a VPN server on cisco 1841 and dialed through pc, it worked fine. But when I dial through another ISP it is not working. It can establish VPN but it can't pass traffic through VPN, what may be the problem. The configuration is same and I can access Internet through this ISP.
I am trying to configure a Cisco 871 to act as a PPTP VPN server on my home network. I have referenced Cisco's documentation regarding this which I will include below as well as a copy of my current running configuration and terminal monitor information from when I attempt to establish a connection.
When I attempt to connect from a Windows machine I receive the following error: 'Error 807: The network connection between your computer and the VPN server was interrupted.' 'The remote device won't accept the connection.'When I attempt to connect VIA my mobile, I get 'The server has hung up'.The 871 does detect the incoming connection which can be seen from the terminal monitor output: url...
How would I set up my own anonymous proxy server with my own ip address without having to go on a proxy list site? I don't care how complicated or time consuming it may be, I'm a very fast learner and I do things extremely quickly.
I need to setup a syslog server for PIX w/ 6.2 and was hoping to get detailed instruction how to go about it. I would like exact syntax w/ an example on the pix and any configuration on the computer that will be receiving the log info. I have downloaded tftpd32 onto computer
we are having some trouble setting up our router (Cisco 861W) webserver on the LAN so that it can be accessed from outside (http via port 80). When we try to access it via the web address, we just get the login window of the Cisco router software?
I've made hotspot ad hoc and then my client try to connect my hotspot but it must setting manually...how to my client connect to my hotspot automatically not manually??? and how to install and setup dhcp server i windows 7...
About my internet setup, I receive internet from my ISP via the LAN cable. The IP is static, provided by the ISP. To use the internet, I have to login to their server using a username and password.Earlier, I did not have a router. So, to see if the ISP server was up, I could just ping the IP of the ISP server from my computer using the command prompt, and it would show whether it was up.However, since I got a router, I find that I cannot ping the ISP server from the computer directly as before. To ping the ISP server, I have to open the router administration page using the browser, then use its diagnostics feature to ping the ISP server. It shows only a few pings, and is not like the continuous ping that can be seen when you run ping from the command prompt. So, it's difficult to see the pings, and also diagnose. Also, sometimes the router pages do not open and get stuck, even after being refreshed.Is there any way, or any setting, by which I can ping the ISP server from the command prompt on the computer? Do I have to make changes in firewall settings of computer, or any settings in the router?Why can't I ping the ISP server directly from the computer?I am using Windows 8. The firewall of Windows 8 is on, and the hardware firewall on the router is off.
How i should setup my network to include a DNS Server. I have 2008R2 running on a VM on my main desktop machine (this will soon be moved to a dedicated VM Server) with my Virgin Superhub acting as the primary router / modem. I also have a Belkin N+ router in AP mode and a dedicated AP for wireless around the home.I have a few options on how to configure the network adaptor for the VM Server. [code] On my host machine i have the two default VM Network adaptors for "Host only" and "NAT".Im not really sure on how the IPv4 should be configured on these adaptors in order than the VM server is on the same network as my physical machine without conflicting IP's. If i leave it default the VM server gets a default IP of 192.168.13.138.
I am attempting to setup an Apache Server 2.2 for Windows, everything is set up but the server will not start, I heard it may be caused by my virus protector using Port 80 but I cannot find the httpd.conf file for it in the directories they say it should be in, I even did a tree/f with CMD DOS?
I managed to setup a 1721 router as a vpn server connecting to it using a cisco vpn client however altough I am obtaining an ip address as defined in the dhcp pool I am unable to communicate with both the remote network and also I have no internet as soon as I connect.