Branch Office Connectivity

Similar Messages

• Branch office dial backup design

  I'm having more trouble with this than I think I should.
  I have 10 small branch offices connected to the home office via frame-relay -- it's purely hub-and-spoke, with no PVC's between branch offices, everything goes to the central office. I'm trying to set up a POTS dial scenario to replicate this. Each branch has a 26xx with a two-port serial card, two analog modems and two POTS lines. The central office has an ISDN PRI terminating in a 3725 with MICA modems.
  I can get a branch router to dial on one or both lines (multilink ppp), and the 3725 receives the call. CHAP negotiation works. Where I'm having trouble is in the IP routing. I've tried countless combinations of numbered and unnumbered interfaces, dialer-based ip pool on the 3725, EIGRP and/or floating static routes, etc., etc. Nevertheless, I can't get correct ip routes established, and I feel like I'm banging my head against the wall now. None of the edsign docs I can find on the Web site directly address my scenario in a way I can understand. Any suggestions?

  This is my config for our 3640.
  interface Group-Async1
  ip unnumbered Serial1/0:23
  encapsulation ppp
  no ip mroute-cache
  dialer in-band
  dialer idle-timeout 1200
  dialer map ip 170.1.1.16 name bri01rt01ec
  dialer-group 1
  async mode interactive
  peer default ip address pool default
  ppp authentication pap chap ca
  ip route 192.168.16.0 255.255.255.0 172.17.1.6-----our PIX
  ip route 192.168.16.0 255.255.255.0 170.1.1.16 200---Ip address of modem that dials in from 1750.
  This config looks fine to me..what does everyone think?

• ASA5505 I cannot reach to an outside network from a branch office

  My customer has a HQ office and many Branch offices. In the HQ there is an ASA5510 configured as a default gateway, From HQ customer must access to internet (everythig works fine), from Inside LAN should reach to anyway including special services like Credit Card service provider and others (it works fine). From Branch offices must reach Inside LAN hosts (it works fine), from Branch Offices must reach DMZ (it works fine), from branch offices should reach CC Service provider and here's the point of this Q, From almost all branch offices they reach CCSP fine but branch offices where an ASA5505 is installed (Offices that reach CCSP have a RV042 installed or a TPlink ER6120 installed) but offices with ASA just can ping to LAN side of CCSP's router.
  I think ASA5505 conf is an opened door configuration. Here's the 5505 configuration and also attached the network diagram. Some one can help please

  Hi,
  Are the branch offices connected to the HQ through some ISP MPLS network since I do not see any L2L VPN configurations on the ASA5505?
  I presume this is the case. Since you say that the connections between Branch Office (with ASA5505) and HQ LAN work fine it should tell us that there should be no routing problems between those networks.
  The diagram possibly also suggests that all the Branch Office connections come to your HQ network through the same Router at the edge so if other Branc Offices connections CCSP work then there should be no routing problem between the Branch Offices and the CCSP (atleast regarding your part of the network)
  Now, some questions.
  Does the ISR Router forward traffic destined to CCSP directly to the Router at 192.168.2.249 ?
  Does the Router with the connection to the CCSP use the Internet to reach the CCSP or is there somekind of dedicated connection between these networks?
  If the Router towards CCSP uses Internet then does it lack some NAT configurations for the source network 192.168.27.0/24? Does it perhaps lack a route towards the network 192.168.27.0/24? Or is there any possible errors in the configurations (wrong gateway IP or network mask somewhere?)
  Is there any ACLs configured on the Router that has the connection to the CCSP that might block traffic?
  Does the CCSP have all the required routing information to pass traffic towards the network 192.168.27.0/24? (If were talking about a dedicated connection and not traffic through the Internet) Have they allowed traffic from the mentioned network 192.168.27.0/24 to their servers/network?
  Have you taken "packet-tracer" output from the ASA5505 to confirm that the ASA configurations allow the traffic and dont drop it for some reason?
  For example
  packet-tracer input inside tcp 192.168.27.100 12345 193.168.1.100 80
  You can modify the IP addresses (source/destination) and the used destination port and protocol to match the connections that are actually attempted.
  Have you monitored the connections on the ASA when users attempt them? This should atleast tell you why they are failing or give a hint. You could also configure traffic capture on the ASA5505 if you wanted to make sure if any traffic was coming from the CCSP towards this ASA (return traffic for connection attempt)
  Hope this helps :)
  Let me know if I missunderstood the situation wrong somehow.
  - Jouni

• Windows 8.1 laptop not connecting to domain in branch office

  We have a problem with a laptop. 
  It is installed in our Head office (The Netherlands), just like all other laptops by using an image.
  Tested and working on the domain.
  The user had to go to one of our branch offices (China) and when he connected there, the laptop just won't connect to the domain.
  When he plugged in the laptop, it keeps trying to connect it's directaccess.
  Other laptops (same image) immediately recognize the domain network, but this laptop just won't.
  I am able to ping everything on the local network (MPLS connection), from HQ to all Branch offices but not access them.
  I've tried changing the DNS settings, but without any result.
  Any suggestions?

  Hi,
  According to this tool's description, I think it should be helpful to check system current enviroment, such as network, certificates, etc. problem. Actually according to your description, I doubt it probably network enviroment of ISP problem, but we should
  find a way to verify our suspect. Then this tool would be convenient, it also would generate a trace log and it would be helpful with troubleshooting.
  The DirectAccess Client Troubleshooting Tool is a graphical application, based on the .NET Framework, which checks the health of a DirectAccess client by running various tests.  Built-in health tests: The following tests are currently implemented:
  Network interfaces Network location (NLS and NRPT DNS) IP connectivity (6to4, Teredo, IPHTTPS, entry point in a multisite setup, DNS) Windows Firewall (applied profile, Firewall outbound rules) Certificates (EKU Client Authentication, trust chain for AIA and
  CRL) IPsec infrastructure tunnel (Domain SysVol share) IPsec intranet tunnel (PING and HTTP probes) Additional features Run post-check script (PowerShell, VBScript, BAT or CMD file)
  Roger Lu
  TechNet Community Support

• Branch Office DC Demand Dial VPN connection keeps failing

  here is me issue
  Our Branch Office DC is connected to Main Office DC with a Demand Dial Connection in RRAS Everything is connected fine for a little bit then its like the connection just gives out, it stays connected but i cannot ping the branch office DC with the local
  IP from the Main Office or access any network shares on it. When this happens i have to disconnect the server at the remote office and wait for it to reconnect im currently baffled as there are no Error LOGS to help me along and there doesnt seem to be anything
  that would be causing the issue for now until i get some answers as to what is going on i opened a command prompt on the DC here at the main office and i typed "ping 10.141.70.25 -t100" to monitor the connection more or less and when i see it timeout
  i reconnect it, i also have the networking tab open in task manager to monitor the LAN and RAS (Dial-In) Interface  the LAN doesnt seem too active but the RAS Interface does its got a constant network utilization of 0.28% and the Demand Dial interface
  on the remote office DC has a Utilization of 0.38% (Server Just disconnected as i was typing this and the utilization on the VPN connections on both servers went through the roof) heres the troubleshooting i have tried so far
  1. Rebooted both office DC`s at the same time
  2. Rebooted the branch office DC alone (this helped a little because the connection is staying active longer without fail)
  3. looked through all RRAS configuration on both servers to see if theres any mistakes by any other administrators (None Were Found)
  4. Used wireshark to see if there was anything interfering or that would cause this to happen (Nothing found)
  5. manually connected to the server in multiple ways like accessing network shares and remote management via MMC and manually making the servers replicate to see if any of that was causing issues and it wasnt
  My thoughts: im starting to think it may be a switch or something causing the connection issue at the branch office because the main office has all new routers and switches and just recently got a 100.00MBPS connection but nothing was affected for a good
  month so im not thinking it is the new connection or anything at the main office if theres something im overlooking here please let me know if some ipconfig /all results are needed i can provide them
  Viper Technologies Computer Repair Putting The Venomus Bite Back In Your Computer We Are Located In Antigonish ,NS Canada Check Us Out HTTP://WWW.VIPERTECHNOLOGIES.TK

  Hi,
  Are there any error messages on the event log ?
  Meanwhile, it is more network issue, i think you may ask in network forums:
  http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverNIS
  Regards.
  Vivian Wang

• Branch Office - Mobile Server connection problem

  Branch Office is successfully installed on a XP-PC inclusive the services are started, Mobile -Server is installed on a remote Server. After login with user and password in http://localhost/webtogo/ "Branch Office Web" it takes a while (we think in case of synchronization) but then we get the message at the left side of the browser "javax.servlet.ServletException: Could not get Automatic Sync Status"
  We think its a problem of the connection to the Mobile-Server but we have no Idea, how we can solve this problem because we can't verify the problem. There is no firewall and no restriction in our network.
  We hope that anybody has an idea!

  BTW. How may concurrent user can be support by Oracle9iLite?

• TMG 2010 to connect Branch Office

  We have TMG 2010 installed for proxy solution. Recently we opened new branch office but they are unable to internet through proxy. I have added the route add command in TMG Server.
  route add 10.24.84.0 mask 255.255.255.224 10.24.30.20 -p           - Branch 1
  route add 10.24.86.0 mask 255.255.255.224 10.24.30.20 -p                           - Branch 2
  10.24.30.20 is our core router IP...
  Is there any configuration required in core router and branch office router...Branch office users can access all server service except proxy solution.Please advice

  HI
  In your branch office,
  YOu need to ensure that internal Branch office subnet is able to reach TMG server. Need route to TMG networ from branch office on branch office Router,
  TMG should have route to reach Branch office network.
  Add branch office subnet as internal in TMG network range

• Simulating small branch office in lab network

  Hi,
  I have to setup what seems to be a very basic configuration, but it doesn't work.
  In our lab there is a cluster of switches with a 3550 that does all the routing for vlans.
  I need to simulate a sort of a small branch office that has one connection
  to the outside world (the lab network).
  Here is my design:
  Vlan 230 (the internet)
  A port on 3550 is in vlan 230 and is connected to e0/0 (172.26.230.150) on 2611 router.
  e0/1 interface on a 2611 is (192.168.1.1).
  A PC is connected to e0/1 (192.168.1.12).
  From the router I can ping any host on vlan 230 and other vlans,
  I can also ping the pc connected to e0/1.
  However from the PC I can only ping 192.168.1.1(e0/1) and 172.26.230.150 (e0/0)
  Below is my configuration
  Thanks for your help.
  R2611-1#sh run
  Building configuration...
  Current configuration:
  version 12.0
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  hostname R2611-1
  ip subnet-zero
  ip dhcp excluded-address 192.168.1.1 192.168.1.9
  ip dhcp pool 192.168.1
     network 192.168.1.0 255.255.255.0
     default-router 192.168.1.1
  interface Ethernet0/0
  ip address 172.26.230.150 255.255.255.0
  no ip directed-broadcast
  no ip mroute-cache
  no mop enabled
  interface Ethernet0/1
  ip address 192.168.1.1 255.255.255.0
  no ip directed-broadcast
  no ip mroute-cache
  ip classless
  ip route 0.0.0.0 0.0.0.0 172.26.230.1
  ip http server
  no scheduler allocate
  end

  You are not performing nat on the router.
  This is typically required on a box which provides internet connectivity.
  Probably the other hosts on vlan 230 have no route back to the pc on 192.168.1.1
  Configuring nat on the router will resolve this problem.
  regards,
  Leo

• Small branch office network

  We have a small branch office (7 users) that will be moving to a building that has a Wireless Residential Gateway (Model: DPC3829).  This device provides wifi for 2 other tenants on the same floor.  Can we connect another wireless router to this wireless residential gateway device and create our own SSID so that we don't have to use the wifi settings that the other 2 tenants connect to?  
  I've attached a picture of what the back of the DPC3829 currently looks like.  I am thinking I can plug that yellow network cable into another wireless router and create our own wireless network (obviously off of their internet connection) for our 7 users. 
  Thank you for your help.

  u may but any plane wireless device and run it in bridge mode (shouldd run by default i beleive). Then connect one of its lan port to any one of the lan ports available on the DPC3829 thing.
  you are correct in what you want to do, and it can be done no problem.
  Regards
  Please mark answer as correct if it helps.

• VPN CLient TO access HO through BRanch office

  We have a branch office using cisco 1841 , which makes vpn to HO (ASA 5505)
  , both (1841 and asa )have VPN CLient Configured .we need Branch office VPN software client users to Connect to HO netword.i have tried but iam missimg out some where. I've attached some configs of both devices.can any one help ASAP.

  Here is the URL for the Configuring and Managing Connection Entries for the VPN follow the steps for configuration which will help you :
  http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_user_guide_chapter09186a008015e271.html

• Branch Office VOIPs do not register.

  Hi:
  I've been breaking my head on this for a few weeks and nothing seems to be working.
  I have three PIX 515e, one at each office.
  ALL VOIPs are Polycom 300IP phones.
  We have a main office (called PB) with 15 VOIP phones.
  We have a branch office (called JAX) with 2 VOIP phones.
  We have a branch office (called JADE) with 2 VOIP phones.
  All site VOIPs must register with a hosted PBX outside of all three offices (called TN).
  All 15 VOIPs at PB are registering and working with TN.
  Only one of two VOIPs at JAX is registering with TN.
  No VOIPs at JADE are registering with TN.
  VPN Tunnels are up and functioning between PB and JAX and PB and JADE. Able to ping both ways and users in both branch sites are able to map folders to our servers.
  I have opened UDP 5060 (SIP) on all interfaces. It seems there is initial conversation between TN and JAX and JADE but receiving following errors at both branches.
  Pre-allocate SIP for secondary channel blah blah blah and followed immediately with a
  Teardown UDP connection blah blah blah
  I have attached configs for all three PIX 515e boxes (edited for security).
  Could somebody take a gander at this and help me out. I'm at a complete loss.
  Thank you so much in advance and have a great day!

  Thank you for the feedback and suggestion GTG! I went ahead and posted it on the "security" bb and I'm going to look into SIP inspection.
  Can you please MOVE this thread to the Security section and delete the duplicate post you've created?
  Here's the link to your duplicate post:  https://supportforums.cisco.com/thread/2260989

• Branch Office Communication

  Hi,
  Supposingly we have many branch offices with good internet speed but no dedicated bandwidth between individual locations.
  We need to enable VoIP calling using Internet, can we use any skype product to tie all standalone EPABX system for branch office communications. 
  Can we have SIP trunks on skype gateway from each location and enable interoffice calling.
  Please suggest

  Hello Rahul,
  I see you are asking about connecting your offices together for calling and comminucations.
  Well,  Connecting the offices together will require a Communication Server of some sort.  Manufacturers like Nortel, Avaya, Cisco, and many others have these type of devices available to accomplish the "link" between your offices, as long as the equipment is all compliant with the Communication Server.   I suggest you contact a local agent for these manufacturers and have them take a look at what you have. They will provide you with a quote to get you connected.
  As for Skype, making and receiving calls is a snap for us.  We provide these services 24/7. We can get you connected in miinutes and have you making cheap calls all day long.  The cost just depends on where in the world you are calling.  Our "minutes" bundles are very cost effective to use.  And, all of your incoming calls are free. All you would need, would be a Skype Online Number, a Managed User for the Skype Clients that want to call you, and SIP Channels to connect to your PBX to talk on.
  That's pretty much it.  I hope this helps you in your research to get your offices connected and to start using Skype.  I have provided  a few links for you to look at below.
  http://www.skype.com/intl/en-us/business/skype-connect/
  http://www.skype.com/intl/en-us/business/skype-manager/
  http://download.skype.com/share/business/guides/skype-connect-rates.pdf
  http://skypeconnect.voxygen.com/#stage1
  Thank You for considering Skype and using the Skype Community Forums.
  Regards,
  Victor S.
  Skype Enterprise Support

• Branch Office + Pocket pc - Is this possible?

  Hi all,
  I'm trying to use Pocket PC with Branch Office, but I heard that that is impossible, Branch Office works only with desktop pc.
  Is this information true?
  Tks,
  Everson

  Hi Rekounas,
  Thanks for your attention.
  Okay, so are you trying to bring down the amount of bandwidth you use?- Yes
  For shared data, is it updateable?- Yes
  For initial syncs I always recommend the user is located where then have a good connection. Incremental syncs aren't nearly as intense so it usually only takes a few seconds or minutes depending on your application. But this usually doesn't take long.- I'll make some tests, because independ of branch office, the application must be developed.
  Tks,
  Everson

• Branch office web-to-go is not starting

  Hi,
  I have downloaded and installed the Oracle Lite Branch Office setup from server's webtogo/setup. But the webtogo in branch office PC is not starting. The htttp://localhost/webtogo and listener are not started even after executing the executables manually.
  The PATH variable is set correctly. The branch office PC has Windows XP.
  Regards,
  Aneesh

  Hi,
  webtogo -d option is giving following error.
  E:\mobileclient\bin>webtogo -d
  log9: [LOADING wtgos.dll BOAdminToolNative]
  log9: [BOAdminToolNative wtgos Loaded Successfully]
  log9: MODE_BRANCH CONNECT_STRING =jdbc:polite@:1160:
  log1: Translated JDK:'Cp1252' to IANA: 'WINDOWS-1252'
  log1: Mount point jdbc:polite@:1160:WEBTOGO oracle.lite.web.ifs.OMFS@145d068
  log9: java.sql.SQLException: [ODBC 08001] unable to connect to data source
  log9: at oracle.lite.poljdbc.LiteEmbJDBCConnection.jniDriverConnect(Native Met
  hod)
  log9: at oracle.lite.poljdbc.LiteEmbJDBCConnection.connect(Unknown Source)
  log9: at oracle.lite.poljdbc.LiteType2JDBCFactory.createConnection(Unknown Sou
  rce)
  log9: at oracle.lite.poljdbc.POLJDBCConnection.<init>(Unknown Source)
  log9: at oracle.lite.poljdbc.OracleConnection.<init>(Unknown Source)
  log9: at oracle.lite.poljdbc.POLJDBCDriver.connect(Unknown Source)
  log9: at java.sql.DriverManager.getConnection(Unknown Source)
  log9: at java.sql.DriverManager.getConnection(Unknown Source)
  log9: at oracle.lite.web.JupConnection.<init>(Unknown Source)
  log9: at oracle.lite.web.JupConfig.createConnection(Unknown Source)
  log9: at oracle.lite.web.JupConfig.getConnection(Unknown Source)
  log9: at oracle.lite.web.JupConfig.getStatement(Unknown Source)
  log9: at oracle.lite.web.JupServer.loadMimes(Unknown Source)
  log9: at oracle.lite.web.JupConfig.reload(Unknown Source)
  log9: at oracle.lite.web.JupConfig.initializeRM(Unknown Source)
  log9: at oracle.lite.web.JupConfig.initializeRM(Unknown Source)
  log9: at oracle.lite.web.JupServer.initialize(Unknown Source)
  log9: at oracle.lite.web.JupServer.listen(Unknown Source)
  log9: at oracle.lite.web.JupServer.main(Unknown Source)
  log-1: ============== Server Exception - Begin ==================
  java.sql.SQLException: [ODBC 08001] unable to connect to data source
  at oracle.lite.poljdbc.LiteEmbJDBCConnection.jniDriverConnect(Native Met
  hod)
  at oracle.lite.poljdbc.LiteEmbJDBCConnection.connect(Unknown Source)
  at oracle.lite.poljdbc.LiteType2JDBCFactory.createConnection(Unknown Sou
  rce)
  at oracle.lite.poljdbc.POLJDBCConnection.<init>(Unknown Source)
  at oracle.lite.poljdbc.OracleConnection.<init>(Unknown Source)
  at oracle.lite.poljdbc.POLJDBCDriver.connect(Unknown Source)
  at java.sql.DriverManager.getConnection(Unknown Source)
  at java.sql.DriverManager.getConnection(Unknown Source)
  at oracle.lite.web.JupConnection.<init>(Unknown Source)
  at oracle.lite.web.JupConfig.createConnection(Unknown Source)
  at oracle.lite.web.JupConfig.getConnection(Unknown Source)
  at oracle.lite.web.FileHandlerUtil.<init>(Unknown Source)
  at oracle.mobile.job.Scheduler.<init>(Unknown Source)
  at oracle.lite.web.JupConfig.initializeRM(Unknown Source)
  at oracle.lite.web.JupConfig.initializeRM(Unknown Source)
  at oracle.lite.web.JupServer.initialize(Unknown Source)
  at oracle.lite.web.JupServer.listen(Unknown Source)
  at oracle.lite.web.JupServer.main(Unknown Source)
  ================== Server Exception - End ====================
  Noticed that listener is not getting started,
  E:\mobileclient\bin>olsv2040 /start
  OliteService reports the following error:
  OliteService failed, Error Code: (0x5), Message: Access is denied.
  Internal message: StartService failed in CmdStartService function.
  Forgot to mention earlier,
  During installation of branch office client, I recieved following Warnings,
  1. Operating system message: Password doesnot meet minimum security requirements. Check the password length, complexity and history.
  2. No mapping between accounts and security ID was done.
  Thanks,
  Regards,
  Aneesh

• Branch Office CME design Verification

  Hi All,
  Please refer to the attached network diagram.
  I need to verify this can be implemented and would work.
  We have a branch office moving to a new location and they intend to keep their existing CME (for business reasons),  provided by their local service provider with ISDN line for calls to the PSTN. This is managed by the service provider and we have no access to it. However we would like to grant them connectivity to the existing corporate voice network via an IP VPN connection, which shall be put in place soon. This will enable  the branch make site to site calls within the corporate network
  With a SIP trunk between the internal and external CME, I intend to make all the phones register with the Call Manager, however on the call manager , set a route pattern for calls going out to the PSTN from this branch back to the internal CME and this will then be matched by a SIP dial peer  directing the call to the external CME out to the PSTN.
  My worry is with the delay  that might be introduced when making a PSTN call as the internal CME has to first contact the call manager in order to know where to send the call.
  So my questions are as follows,
  1. Is this solution feasible especially in terms of delay? If not,
  2. Are there any other ways to achieve the same scenario
  Thanks,
  Yomi

  Are the phones at the branch office going to register to the Internal CME? If so, all configuration for outbound dialing will be done on the Internal CME, not on UCM. ie. dial-peer on the Internal CME for outbound dialing. For phone connectivity back to UCM, you will have a SIP trunk between UCM and internal CME and that is perfectly acceptable. You "might" see some quality degradation but that is to be expected from Internet based WAN connectivity. If your RTT delay is greater than 150ms, then you might see some quality issues.