Cisco 871 and 881 routers PCI Compliant?

Similar Messages

• Are RTMPE and RTMPS both PCI Compliant?

  Need to know to be compliant to the Payment Cards Industry security standard.

  The short answer is no - not by itself, because PCI means many many things beyond simply a network protocol.  You can use RTMPS in lieu of OpenSSL to build a system that is PCI compliant in eventuality, but that must be verified by a PCI audit.  RTMPE cannot be used in this way.

• Cisco 871 and throughput with QOS

  Considering an 871 to carry out CBWFQ on circa 4Mbits of bandwidth allocated by a provider.
  Will the platform handle that sort of throughput? Any experiences?

  Thanks Paresh,
  Had never encountered that guide before - certainly useful.
  I still wonder whether anyone has experience of the throughput that can be achieved with QOS features enabled such as a CBWFQ applied to 4Mbps. I doubt such a figure will exist in the literature, it would probably have to be a field measurement. Has anyone got any such field measurements - especially with the 871 but also with any other SMB platform.
  regards

• VPN between ASA 5500 and Cisco 871

  Hello.
  I recently bought a Cisco 871 and an ASA 5500 device. I would like to configure a VPN connection (LAN-to-LAN), and I would like some help about the ports that need to be opened into both firewalls, ASA and 871.
  Thank you.

  Thank you. The routers where not syncronized.
  I have installed on my CA server also an NTP server and everything works now.
  I have one more question: how can I connect the CA server to separate zone on my ASA device? Let's say a DMZ zone?
  I have 2 public IPs and I want to use one (let's say PRIMARY_IP) for the VPN tunnels, and the other one (let's call it SECONDARY_IP) for the CA server...In other words I want the SECONDARY_IP to be ?assigned? to the CA server; if someone wants to make requests for NTP, or SCEP, or ...let's say TFTP to the SECONDARY_IP, those requests to be forwarded behind the ASA, to the CA.
  Can you help me?

• Cisco Architectures for 2950/2960 Switches and 2800 Routers

  Hello,
  I have a question regarding the architectures of these three series, i.e. the type of switch fabric they use and the general architecture (first, second, or third generation regarding the sharing of the bus, memory and the type of switch fabric). We have so far learned these three generation and our assumption is that the only generation being produced now is the third (crossbar) generation, but so far we have to information to back up this claim. We are doing a study on buffer sizing in edge routers/switches so knowing the exact architecture of each model is our priority.
  Thank you for reading and thanks in advance for the answers. 

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  Exact details on Cisco switch and/or router architecture can be hard to come by, as much of the information, Cisco appears to consider proprietary.
  Most switches have some kind of cross bar architecture.  Overall bandwidth tends to be higher in later variants (to support higher port densities and/or higher bandwidth ports).  Later switch architectures are less likely to block at ports.  However, there are often other architecture changes which may improve or worsen performance.  For example, 2960 tends to have more fabric bandwidth than the 2950, but the 2960 has different port buffer management (I believe) from the 2950, often resulting in more port drops with bursty traffic.
  True routers, like the 2800 series, I believe use a PCI bus, with additional bandwidth restrictions to the modules.  They will well support the WAN bandwidths they are recommended for, but they do not well support LAN port bandwidths.  Again, specific architecture details can be hard to come by.

• MIB Required for Bandwidth Monitoring on Cisco 3800 and 3900 series Routers

  Hi Team,
  Need your help here.
  I am planning to do Bandwidth Monitoring on Cisco 3800 and 3900 series Routers. I want to know the exact MIB which I need to use for getting this done.
  Thanks,
  Karthik Anbumani

  Matt, based on feature navigator GLBP is supportted on 3800 series.
  Go to this link and search by feature (GLBP)
  http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
  HTH
  Jorge

• List of PCI Compliant devices?

  Hello,
  I was wondering if there was a list of PCI compliant devices available? I've tried searching the internet and even calling Cisco to ask directly but for some reason it's very hard to get clear answers on my questions. The only answer I got was a product that cost nearly $2,000. The cost of this item for over 20 locations is astronomical. We are currently using the RV042 but failed our PCI Trustwave scan due to the SSL key being too weak. 
  Is there anyone here that could help me compile a list of small business routers that can help our business pass our PCI scan?
  Thanks in advance. 

  You're correct that the RV042 router's implementation of SSL is weak.
  Stepping back, why do you need an SSL key on your router? Assuming there's a good reason that can't be met via other techniques, can you implement a compensating control (such as an ACL) to mitigate the risk and thus meet that compliance requirements?
  If not, then you would need to move the function to a more secure device - the new ASA 5506 might be one such candidate. Your local Cisco partner should be able to help you with product selection based on a more in-depth analysis of your environment and requirements

• Configuration Issue with my Cisco 871 Router

  Hi all,
  I am a newbie to the Cisco IOS.
  I got a Cisco 871 Router that I'd like to use for internet connection. My LAN network is 192.168.1.0/24 and the ISP has assigned us the IP 41.212.79.108/24 and gateway 41.212.79.1.
  With my current configuration, I can hit the router - 192.168.1.1 - and it's WAN port - 41.212.79.108 - but not the gateway.
  Below is my current config:
  Hoggers#show config
  Using 4414 out of 131072 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Hoggers
  boot-start-marker
  boot-end-marker
  logging buffered 51200 warnings
  enable secret 5 **********************.
  no aaa new-model
  crypto pki trustpoint TP-self-signed-568493463
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-568493463
  revocation-check none
  rsakeypair TP-self-signed-568493463
  crypto pki certificate chain TP-self-signed-568493463
  certificate self-signed 01 nvram:IOS-Self-Sig#7.cer
  dot11 syslog
  ip cef
  no ip dhcp use vrf connected
  ip dhcp excluded-address 10.10.10.1
  ip dhcp excluded-address 192.168.1.1
  ip dhcp excluded-address 192.168.1.2
  ip dhcp excluded-address 192.168.1.3
  ip dhcp excluded-address 192.168.1.4
  ip dhcp excluded-address 192.168.1.5
  ip dhcp excluded-address 192.168.1.6
  ip dhcp excluded-address 192.168.1.7
  ip dhcp excluded-address 192.168.1.8
  ip dhcp excluded-address 192.168.1.9
  ip dhcp excluded-address 192.168.1.10
  ip dhcp excluded-address 192.168.1.100
  ip dhcp excluded-address 192.168.1.90
  ip dhcp pool ccp-pool
     import all
     network 10.10.10.0 255.255.255.248
     default-router 10.10.10.1
     lease 0 2
  ip dhcp pool LANPOOL
     network 192.168.1.0 255.255.255.0
     default-router 192.168.1.1
     dns-server 41.212.3.2 41.212.3.253
  ip domain name yourdomain.com
  ip name-server 41.212.3.2
  ip name-server 41.212.3.253
  archive
  log config
    hidekeys
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  description Wan to Outside World
  ip address 41.212.79.108 255.255.255.0
  duplex auto
  speed auto
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
  ip address 192.168.1.1 255.255.255.0
  ip tcp adjust-mss 1452
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 41.212.79.1
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip dns server
  ip nat inside source static tcp 192.168.1.31 80 interface FastEthernet4 80
  access-list 23 permit 10.10.10.0 0.0.0.7
  no cdp run
  control-plane
  scheduler max-task-time 5000
  end
  I'll appreciate any light you can shed on what am missing.

  2 wireless routers can not communicate wirelessly with each other.
  You need to connect cable between 2 routers and use the second wireless router as access point.
  Follow this link to connect Linksys router to another router.
  Some of your devices are getting same IP address. This might be the issue with DHCP server of the router. You can try DHCP reservation on the router so that each device will get unique IP address.

• How do you change the MTU size in a Cisco 871?

  This 871 is at a remote site and is an ezvpn IPsec client (network extension mode) back to a 3030 headend.
  We're having problems with a PC trying to connect through the IPsec tunnel and we think it may be an MTU size problem.
  Int F4 is the outside interface.
  We are using a virtual-template associated with the crypto ipsec client ezvpn statement.
  When I go into any of the 871 interfaces and type 'mtu 1370' it errors out with 'The F4 (or whatever interface) does not allow manual MTU size configuration.
  If I type 'ip mtu 1370' on F4 (or vlan1 or virtual-template 1) this is accepted, but when I do a 'show int f 4', it still shows MTU of 1514 - even after a reload.
  What is the correct way to set the MTU size in the 871 router - and is it best set on the F4 interface, the vlan, or the virtual-template interface?

  Hi
  As per the supporting doc Cisco 871 has one want ethernet interface and 2 switch ports.
  I feel you are trying to change the mtu under the switch port which may not be possible.
  You can refer the below link for more info..
  http://www.cisco.com/en/US/products/hw/routers/ps380/products_data_sheet0900aecd8028a976.html
  regds

• Cisco 871 to Cisco ASA 5545 Site-to-Site VPN Split Tunnel not working.

  Tunnel comes up and can see and access protected traffic but cannot access web (Split Tunnel). Don't know if access problem or route issue.
  Listed below is configuration for Cisco 871, any help very much appreciated.
  crypto isakmp policy 1
   encr 3des
   authentication pre-share
   group 2  
  crypto isakmp key test address x.x.x.x
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
  crypto map SDM_CMAP_1 1 ipsec-isakmp 
   description Tunnel to x.x.x.x
   set peer x.x.x.x
   set transform-set ESP-3DES-SHA 
   match address 100
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
   ip address 4.34.195.193 255.255.255.192
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip route-cache flow
   duplex auto
   speed auto
   crypto map SDM_CMAP_1
  interface Vlan1
   description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
   ip address 172.200.1.1 255.255.255.0
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip route-cache flow
   ip tcp adjust-mss 1452
  ip route 0.0.0.0 0.0.0.0 4.34.195.193 permanent
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  logging trap debugging
  access-list 100 remark SDM_ACL Category=4
  access-list 100 remark IPSec Rule
  access-list 100 permit ip 172.200.1.0 0.0.0.255 172.16.2.0 0.0.0.255

  I don't see any NAT configuration above. Check you can PING out to the internet (8.8.8.8 for example) from the router itself as it won't need NAT to PING from the outside interface.
  Have a look at this document on setting up NAT for your inside devices:
  http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html

• Cisco 891 and Vitek DVR via iPhone

  Fellow Cisco Experts,
  I have pretty much googled my brains out trying to figure out why we can't access our Vitek DVR on our iPhones.  It seems as if the TCP ports for 554 and 8081 work, but UDP ports do not. The public IP is 70.175.15.103 and the private DVR ip is 192.168.43.96. I'm fairly new to Cisco CLI, and I've opened ports on normal routers with ease. This, however, has got me beat. Can someone please help me out? The config is attached. 
  Thanks
  Kris

  Hi kris
  dont see any access list entries mentioning UDP.
  test to see if access list is the issue , by removing the access list from fastEthernet 8
  no ip access-group wan-in in
  do this for a couple and see if you can then access the DVR.
  regard Dave

• HT1595 Cisco's RV Series Routers as guest with apple tv?

  Im on a Cisco’s RV Series Routers as guest and it connects with my new apple tv but I cant download content from the net. As a guest you dont need a password to connect however if you open a webbrowser it then asks for a password. As apple tv doesn't have a browser there must be a work around.

  It isn't connecting to the network as it requires password via the webpage. As you are aware the Apple TV doesn't support this method since there isn't a browser on the device. There is no workaround.

• Cisco 867w and Advanced IP Services

  Can anybody tell me if the Cisco 867w ISR router has an IOS with the Advanced IP Services? I need to use this router with Amazon VPC and BGP is required, where the Universal IOS does not accomodate BGP.
  Any help is very much appreciated.

  Rose,
  Thank you for the reply. I am a little confused by your response as the Cisco website contradicts your advice about BGP on the Advanced IP Services IOS for the 880 & 870 routers
  http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78_459542_ps380_Products_Data_Sheet.html (Table 7)
  And also on the 870 Series
  http://www.cisco.com/en/US/prod/collateral/routers/ps380/ps6200/product_data_sheet0900aecd8028a976.html (Table 5)
  Are you talking from experience on these devices and have tried to get BGP working on them. It is important i get the right device as i am trying to connect to the Amazon VPC system and these routers have been recommended.
  Regards,
  Craig Pickering.

• S2S with Cisco 871

  Can I do a BorderManager 3.8 S2S VPN with a BM3.8 server as the master and a
  Cisco 871 as the slave at the other end?

  Hi,
  Mark Moorhead wrote:
  >
  > Can I do a BorderManager 3.8 S2S VPN with a BM3.8 server as the master and a
  > Cisco 871 as the slave at the other end?
  I don't see a reason why not. Basically all Ciscos that support VPN I've
  tried so far worked just fine.
  CU,
  Massimo Rosen
  Novell Product Support Forum Sysop
  No emails please!
  http://www.cfc-it.de

• Application Security Tab in Cisco 871 SDM

  Hi,
  in the manual of SDM v2.5, an "Application Security" is mentioned that should be in the "Firewall / ACL" section. However, my SDM interface only shows "Create Firewall" and the "Edit...." tabs. Does anyone of you know where I can find this tab?

  Hi davistan,
  thanks for your reply. According to the SDM v2.5 manual it should indeed be located in the place you indicate. However, it isn't shown in my SDM interface. I have a Cisco 871 with Advanced IP Services.