Cisco 2821 router IOS and Ipsec
Hi all.I was wondering can you create VPN tunnels using Ipsec on a 2821 router if you have only the IPBASE image(the basic image 2821 router comes with) on the router or do you need some other version of IOS?
I've gone totally nuts trying to find out but can't seem to find an answer.Thanks in advance.
Igor
You can not create IPSec tunnels if the 2821 is running the IP BASE image. You need a feature set that supports crypto to do IPSec. In general image names that include k9 in the image name will support crypto. You probably would want the Advanced Security feature set or the Advanced IP Services feature set, both of which do support crypto and do support IPSec tunnels.
HTH
Rick
Similar Messages
-
Connecting Cisco 2821 Router, Switch, and Cable Modem
Hey everyone,
I am currently in the Cisco Network Academy at my school and just finished CCNA 1. I have a few questions though.
I am purchasing new equipment and that equipment includes:
1-Cisco 2821 2-port Gigabit Router
1-Linksys SE3016 16-Port Gigabit Switch (unmanaged)
1-Cisco WAP4410n Wireless Access Point
1-Motorla SurfBoard Gigabit Cable Modem (no router built in-Just standalone Modem used with Comcast Xfinity High Speed Internet)
1-12U Network Rack (not enclosed)
I am confused on how I will connect the cable modem to the router and the router to the switch and the WAP so that I still have WiFi. Since the router only has 2 Ge Ports, how would I cable this up?
If my assumptions are correct, would I do the following set up?
Take the Cable Modem and run a Straight Thru to Port 1 of the Router.
Connect the Switch Port 1 to Port 2 of the Router using a Straight Thru cable (I believe I will most likely have to Subnet a network, won't I?).
Connect Switch Port 2 to WAP using Straight Thru Cable (so I still have WiFi in my home).
Connect all my computers and other devices to the Switch (this includes several PC's/Laptops, two printers that are ethernet, two TV's that are ethernet, an AppleTV and a Blue Ray Player that are both ethernet, and some Cisco Powerline Network Adapters).
Will that set up work?
Also, how would I configure the router to work with my cable modem AND act as a DHCP Server so that all of my devices get IP Addresses? I have the Cisco Command Guide Book, but it is confusing to me as of now.
Thanks!
ChrisA good start but a few points I would make.
If you set the clock manually, you may find it resets itself after a router reboot. I would look at pointing it at an NTP server:
#ntp server x.x.x.x
#clock timezone GMT (Assuming you are UK based)
Although not required, I would put a description on each of the interfaces as it may help identify them later if you are not physically in front of the Router.
#interface gi0/0
#description WAN
Same for LAN
You have set up your LAN subnet with a /16 subnet mask which is effectively 10.0.0.1 - 10.0.255.254. This is a large subnet allowing over 65k hosts which is not best practice on enterprise networks. It probably won't cause you any issues but I doubt you will have any more than 254 hosts so personally I would use a /24 subnet (255.255.255.0)
The only major thing missing is NAT which needs to be configured on the router to translate the LAN IP addresses from their 10.* private range to the Public IP address on the Gi0/0 WAN Interface.
Firstly you need to define the 'inside' and 'outside' NAT interfaces which is fairly self explanatory:
#interface gi0/0
#ip nat outside
#interface gi0/1
#ip nat inside
Gi0/0 is your outside interface because its facing the Outside world (i.e the internet) and Gi0/1 is your inside interface because its facing Inside your LAN.
Then you need to tell the router which addresses to translate against by first creating an access list:
#ip access-list standard LAN-Addresses
#permit 10.0.0.0 0.0.255.255
Finally you need to tell the router to start translating:
#ip nat inside source list LAN-Addresses interface gi0/0 overload
Oh, I have just noticed that you do not have a 'default route' configured. A router forwards packets by first looking up the destination IP address of the packet (i.e where its going) in it's own routing table. Obviously home routers are not going to have an entry for every Public IP subnet on the internet so they use something called a default route which effectively says 'If I cannot find an entry for this packet in my routing table, use the default route'.
As you are on DHCP and your IP address (and even default gateway) could change on your WAN interface, I would not bother with the next hop address in the default route but rather use the outgoing interface as below:
#ip route 0.0.0.0 0.0.0.0 gi0/0
Hope this helps! -
How to view Log on the cisco 2821 Router
Hi,
can any one help me to view the Log on the Cisco 2821 router for any issue occur.
Thanks,
SarojCisco devices use the syslog to manage system logs and alerts. But in Cisco devices there is lack of large internal storage space for storing these kinds of logs.So to overcome Cisco devices has the following two options:
1) internanal buffer — That is a small part of memory buffers to collect log the most recent messages. The buffer size is limited and , when the device reboots, these syslog messages are lost.by default it is on
(If not follow this steps
conf t
logging on
logging console.....console logs
logging buffer size ......set the size of buffer
terminal monitor.......to gets logs on the remote terminal like telnet,ssh etc.
sh logging.........to see buffer logs.)
2) Syslog server— By using this we can send messages to an external device for storing this logs and the storage size does depend on the available disk space of the external syslog server. This option is not enabled by default.
If you have any syslog server please find the below simple config .
conf t
logging host x.x.x.x
logging traps (i.e 0 1 2 3 4 5 .. according to your requirement)
before enabling logging be sure that your router is properly configure to collect proper time from any NTP server or manually configure to get time
command to set time manually on router is (set clock ) or to use ntp server use ntp server x.x.x.x to sync clock to router router.
Hop thant is informative ,
Regards,
Ashish -
Cisco 2821 router won't keep config
Hi
I have a cisco 2821 router that i'm trying to load a config on and for some reason it will not stay once i reboot it.
I can get the config on and give it a host name and everything that i need but when i reboot it goes back to
router> as the host name and no config on it.What would be causing this problem as this is my first time seeing
this before and thanks for your help in advance.Check your config-registry using the "sh version" command. It should be 0x2102 and you can change this using the command "config-registry 0x2102" and a reboot.
-
Hi everyone,
I am currently going to upgrade the Cisco 2821 IOS to version 15. Do I need to apply any licences for advice ip service after the upgrade. thanks for the help in advance.
Kind Regards,
LeiISR G1 doesn't have any "licenses". Just make sure you are upgrading to the same Feature Set as your old IOS.
Read the Release Notes carefully. Make sure you have adequate DRAM and Flash. -
Cisco 3620 Router IOS CCIE lab
Dear Sir,
I procured one Cisco 3620 Router for CCIE R&S Lab.
Which IOS should I download from www.cisco.com to support 12.2T and IPV6.
Waiting for reply..
Thanks/Regards
AtulHi Atul,
This link may help you with the same
http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
Regards,
Ankur -
Traffic Shaping on Cisco 2821 router
I have two sites and connected with MPLS links of 2MB with Cisco 2821 routers. Now a requirement came that two sites will have additional server ( one each location - for data replication purpose) and 75% of the bandwidth needs to be allocated to data replication servers on each site and rest of 25% bandwidth will be utilize for both sides normal traffic.
Is there any additional modules to be added on each router to isolate the traffic. Please let me know.
Thanks,To expand on the information that Collin provided . . .
If you really want to cap the bandwidth to a class of traffic, i.e. truly limit replication to 75%, you can add a policer or shaper to a class, similar to what Collin shows.
e.g.
policy-map RestrictAltiris
class Altiris
bandwidth percent 20
shape average 1500000
However, like Collin, since CBWFQ guarantees bandwidth allocations, you rarely need to cap bandwidth if you, for instance, insure your other traffic gets the other 25% (i.e. 100% less 75% for replication).
e.g.
policy-map RestrictAltiris
class Altiris
bandwidth percent 75
(NB: BTW, there are other rules pertaining to bandwidth reservations, but prior examples, both Collin's and mine, should suffice.)
Also BTW, since you mention MPLS, and since MPLS often allows multisite communication, if there are more than just these two sites that can communicate with these two sites across their 2 Mbps links, other considerations apply for dealing with such a situation.
PS:
Although software based QoS should meet your stated requirements, there are optional modules to provide "WAN optimization", see http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/product_data_sheet0900aecd8058218c.html.
PPS:
BTW, when Collin describes:
". . . but when the link gets congested the router will limit the traffic for this host to 20% of the total interface bandwidth, and all the remaining traffic to 80%.", this might be just a bit misleading since when the link is congested individual classes aren't really limited they are instead guaranteed their bandwidths as a minimum, not precisely the same thing. For example with 20% and 80% guarantees, either class could still obtain unused bandwidth from the other class while the link is congested.
[edit]
This being true, for something like what you describe, I would recommend using the least amount of bandwidth guarantee that data replication needs. Assuming your other traffic, on average, doesn't consume more than 25% of the bandwidth, you might find even providing replication only 1% for a bandwidth guarantee works fine. Why you would want to do this, by lowering the bandwidth guarantee for replication, you allow other traffic to burst. Such bursting capability normally improves any kind of transactional or conversational applications and doesn't (usually) unduly delay replication. -
Cisco 2821 Router as a NTP Server
We are using a 2821 Router as our boundary router. It has installed into it a 9 port HWIC for layer 2 switching as well as allowing the router to communicate on the Network Management VLAN. All of the devices on the Network Management VLAN are segregated from the managed traffic, which unfortunately also doesn't allow them external NTP services. Can the router be programmed as a NTP server so that all of the network appliances can utilize it for NTP from either it's NM Vlan IP address or from a loopback address? Thanks in advance for the help.
What are the commands needed in the router for it to provide time to other appliances?
If your router has successfully synchronized with an authoritative NTP server? NOT A THING.
In my network, only the site's distribution switch is allowed to go out and get NTP. All other access switch goes to the distribution switch by using the command "ntp server ". You can have multiple NTP server IP address and if you prefer to have a "favorite" you can append your command with the "prefer" option: ntp server prefer.
If you have clients then point their NTP to your router. For troubleshooting, I prefer the command "sh ntp associate". If your NTP server IP address starts with a "*" this is good and means that your NTP is synchronized.
Hope this answers your question. -
Is Cisco 2821 Router a Fax gateway?
Hi experts,
I have 2811 router with pvdm2 card on it. I want to know if it is possible to configure 2811 as a fax gateway.
Thank youWhat are the commands needed in the router for it to provide time to other appliances?
If your router has successfully synchronized with an authoritative NTP server? NOT A THING.
In my network, only the site's distribution switch is allowed to go out and get NTP. All other access switch goes to the distribution switch by using the command "ntp server ". You can have multiple NTP server IP address and if you prefer to have a "favorite" you can append your command with the "prefer" option: ntp server prefer.
If you have clients then point their NTP to your router. For troubleshooting, I prefer the command "sh ntp associate". If your NTP server IP address starts with a "*" this is good and means that your NTP is synchronized.
Hope this answers your question. -
RPS 2300 together with 3750 - 48 PoE and Cisco 2821
Hi,
I'm wondering what kind of power modules to include in RPS 2300 (750 or 1150 Watt) to provide redundant power supply for 1 x Cisco 2821 router (standart power supply) and Catalyst 3750 with PoE 48 ports.
ThanksI am not qualified to answer your question... I would like to mention to be careful when calculating power for phones, because some of the phones (especially color) will take more power than others. We ended up only being able to support 24-ish phones on a 3750 due to power limitations.
-
Hello,
a question or more a problem with netflow exports on Cisco 2821's.
I configured netflow export on a Cisco 2821 with IOS Version 12.4(24)T
ip cef
interface FastEthernet0/0/0
description to XXX
ip address XXX
ip flow ingress
ip flow egress
duplex full
speed 10
ip flow-cache timeout active 1
ip flow-export source GigabitEthernet0/0
ip flow-export version 5
ip flow-export destination XXX XXX
The netflow collector shows "only ingoing traffic" on interface FastEthernet0/0/0 and
"only outgoing traffic" on interface GigabitEthernet0/0.
Same problem with an IOS Version 12.4(20)T1 on other Cisco 2821's.
But same configuration on other Cisco 2821's with IOS Version 12.4(11)XJ4 work well.
Any references/suggestions or explanations?#It's surprising to me that it's even possible to configure both directions on a single interface.
#It's generally not a good idea to configure both directions among interfaces on a single router.
--> It is possible. ;-) I need QoS (DSCP information) for ingoing traffic and
--> and for outgoing traffic of this interface FastEthernet0/0/0.
#How's g0/0 configured "ip flow" wise?
--> There's no netfow configuration on this interface, only on Fa0/0/0.
-->#sh ip flow interface
--> FastEthernet0/0/0
--> ip flow ingress
--> ip flow egress
#Maybe you're seeing "only outgoing traffic" on
#interface GigabitEthernet0/0, because those are incoming traffic through fa0/0/0
#(where IOS ignores the "ip flow egress" part) and flowing out through g0/0?
--> You're right. The outgoing traffic at Gi0/0 is the ingoing traffic at Fa0/0/0.
--> But I don't think thath the configuration is wrong and I think that the
--> "ip flow egress" command on an single interface is not so special.
--> I really looks like that the command "ip flow egress" on interface Fa0/0/0
--> is being ignored. But why?
--> May be I should start an other discussion with a link to this posting in the
--> router forum. -
Configuring lines 1 60 on Cisco 2821
Hi all,
I'd like to know what is necessary to configure the parameter line 1 60 in a Cisco 2821 router with a two E1's direct connected in a interfaca VWIC2-MFT-E1 and two PVDM's modules installed.
When I try to enter the line "router(config)#line 1 60" the ios returns an error message that there are no physical hardware to support "line 2". I just can enter line 1.
Which is necessary to do this?
My best Regards,
Adrianotry to do a show of the interface using the following example and see the output.
#sh voice po 1/1 -
Need reference of CCME on cisco 2821
Hello;
I have a router cisco2821-sec/k9 and I want to install the CCME (Cisco Call Manager Express) with 40 users license
What is the reference (to purchase) of the CCME software with 40 users license for the router cisco2821-sec/k9
The IP phone CP-521SG and CP-524SG can operate with a CCME installed on the Cisco 2821?
If not what kinds of the most cheap cisco IP phone can operate with a CCME installed on the Cisco 2821 router
Thank you in advance/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Tableau Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Finally I choose to buy this element in the table
I already have the router cisco2821-sec/k9 and one cisco switch poe
Please the system will work or do I need additional requirement ?
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Tableau Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Tableau Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Reference
Quantity
FL-CCME-48
01
VIC2-4FXO
01
7945G
05
7911G
25 -
Valcom 2001A single zone paging system with a Cisco 2821 FXS port
I am new at troubleshooting the Valcom paging system with Cisco 2821 router. I recently installed a Valcom 2001A that is connecting to FXS port on the Cisco router. The paging works but the ringing does not stop when the page extension is dialed (you can talk over the ringing). I was told to use the Valcom 9970 to work with the FXS port on my router. Will the V9970 worth with the 2001A or in place of it? Is there anything else I need to know to perfect this install? Thank you!
Put the command 'forward-digits extra ,,,,01' on the outgoing POTS dial-peer. Each comma is one second of delay.
-
Hi,
I want to set up a VOIP environment in my company. The topology is like this:
PBX1-75xx-WAN-2821-PBX2-phone
PBX2 is a panasonic TD88 Model.
The dial plan will be (from phone-set):
1.dial 8 for PSTN access direct to PBX2
2.dial 9 for accessing branch office under PBX1.
I want to know which module/card shall I choose on cisco 2821 router?
Thanks
JoeyHi Ivan,
I know little about telephony. But I think the interface is analog. Because it seems using RJ-11 interface on PBX.
Actually,TD 88 get 8-port for connectiing to telecom company. Now we just used 4 of them. I want to use the other 4 interface for voip that may be connected the Cisco 2821.
Do you have any recommendation?
Thanks
Joey
Maybe you are looking for
-
Need Help with Photo albums in iPhone 4s!!
Help! Just synced my new iphone 4s, but now I have three albums in my photos! Not only do I have the "camera roll," I also have "photo library, " and "internal storage." The internal storage album duplicated all my photos , so now they appear twice
-
Migration of company code from one server to another
Dear Sir/Madam, We are in the process of migrating company code from one server to another server. We have activated the company code with ewt in old server on 01.10.10. We have to migrate the same company w.e.f. 01.11.10 to new server. we have two o
-
I'd like to coninue this thread, because I believe it's important: Acrobat and Acrobat Reader are strongly missing the MDI feature. Probably the biggest share of "common" users will only open a single document at a time. But there are others around t
-
Hi, Anybody worked in a retail scenario? In case of Trade-In Sales, where sales (eg. Rs.100) & purchase of goods (buy-back Rs.5) ) are booked simultaneously, can we have a booking of purchases & sales simultaneously & only 1 net invoice generated? or
-
Error converting CSV file into internal table
Hi, I have to convert a large CSV file (>20.000 entries) into an internal table. I used FM GUI_UPLOAD to get a raw data table then convert this table using FM TEXT_CONVERT_CSV_TO_SAP. But this does not seem to work properly: after 16.000 or so, the F