Cisco 887va on Eircom ADSL
Hi
I am new to the Cisco routers but am trying to get a Cisco 887va working on a Eircom ADSL2 connection.
I was using the config of an old Cisco router as a guide, basically this has encapsulation aal5snap under the ATM interface, I am unable to set this in the 887va, I did read that this needs to be set under the VDSL controller however it will not take the commands.
Also how can I set the the dsl operating-mode to auto.
Here is my config
Building configuration...
Current configuration : 1958 bytes
! Last configuration change at 13:20:03 UTC Tue Jul 17 2012
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
no logging buffered
enable secret 4 ??????????
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
ip source-route
ip cef
ip name-server 159.134.0.1
ip name-server 159.134.0.2
no ipv6 cef
--More--
Jul 17 13:31:10.871: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di0
Jul 17 13:31:10.875: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Acc
ess1, changed sta! n
multilink bundle-name authenticated
vpdn enable
vpdn-group 1
license udi pid CISCO887VA-SEC-K9 sn FCZ1623C5QY
username admin privilege 15 secret 4 ??????????
g
controller VDSL 0
interface Ethernet0
no ip address
shutdown
no fair-queue
interface ATM0
no ip address
no atm ilmi-keepalive
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Vlan1
ip address X.X.X.X X.X.X.X
ip tcp adjust-mss 1412
interface Dialer0
ip unnumbered Vlan1
ip mtu 1452
encapsulation ppp
dialer pool 1
dialer remote-name redback
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ?????
ppp chap password 0 ?????
ppp pap sent-username ???? password 0 ????
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 Dialer0
dialer-list 1 protocol ip permit
control-plane
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
transport output telnet ssh
end
Here is the output of sh controller VDSL 0
Controller VDSL 0 is UP
Daemon Status: Up
XTU-R (DS) XTU-C (US)
Chip Vendor ID: 'BDCM' 'BDCM'
Chip Vendor Specific: 0x0000 0xA325
Chip Vendor Country: 0xB500 0xB500
Modem Vendor ID: 'CSCO' ' '
Modem Vendor Specific: 0x4602 0x0000
Modem Vendor Country: 0xB500 0x0000
Serial Number Near: FCZ1623C5QY 887VA-SE 15.1(4)M
Serial Number Far:
Modem Version Near: 15.1(4)M
Modem Version Far: 0xa325
Modem Status: TC Sync (Showtime!)
DSL Config Mode: AUTO
Trained Mode: G.992.5 (ADSL2+) Annex A
TC Mode: ATM
Selftest Result: 0x00
DELT configuration: disabled
DELT state: not running
Trellis: ON ON
Line Attenuation: 25.5 dB 14.1 dB
Signal Attenuation: 25.5 dB 13.6 dB
Noise Margin: 8.8 dB 8.9 dB
Attainable Rate: 19176 kbits/s 1214 kbits/s
Actual Power: 18.3 dBm 12.1 dBm
Total FECS: 53332 0
Total ES: 1 0
Total SES: 0 0
Total LOSS: 0 0
Total UAS: 0 0
Total LPRS: 0 0
Total LOFS: 0 0
Total LOLS: 0 0
Bit swap: 0 814
Full inits: 1
Failed full inits: 0
Short inits: 0
Failed short inits: 0
Firmware Source File Name (version)
VDSL embedded VDSL_LINUX_DEV_01212008 (1)
Modem FW Version: 110506_1916-4.02L.03.A2pv6C032b.d23i
Modem PHY Version: A2pv6C032b.d23i
DS Channel1 DS Channel0 US Channel1 US Channel0
Speed (kbps): 0 12286 0 1117
Previous Speed: 0 0 0 0
Total Cells: 0 98006305 0 8900131
User Cells: 0 2115 0 2000
Reed-Solomon EC: 0 53333 0 0
CRC Errors: 0 4 0 0
Header Errors: 0 74 0 0
Interleave (ms): 0.00 10.70 0.00 7.26
Actual INP: 0.00 5.80 0.00 1.61
Training Log : Stopped
Training Log Filename : flash:vdsllog.bin
Hi Paolo
Thank you for taking your time to reply to me basically I adjusted the MTU and set the Dialer ip address to negotiated and it came up, I was given a /32 IP address from the ISP it had a mask of 255.255.255.255, the router kept complaining about this, once I set to negotiated and set the MTU it came up fine.
Many Thanks
Declan
Similar Messages
-
Help with CISCO-887VA adsl over pots and PPPoE with dynamic IP
Hi
I've got problem trying to connect the CISCO-887VDSL/ADSL OVER POTS ROUTER to internet. Only got the LAN part working.
I'm trying to setup PPPoE with dynamic IP
Followed CISCO's documentations but the commands used were not recognized by the router. Any simple working config for me to follow will be enough.
I'll appreciate any help. Thanks a lot!
here's my config.
! Last configuration change at 08:31:51 UTC Sat Feb 11 2012
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname router
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
ip source-route
ip dhcp excluded-address 10.0.0.1 10.0.0.149
ip dhcp excluded-address 10.0.0.199 10.0.0.254
ip dhcp pool sdm-pool
import all
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server x.x.x.x x.x.x.x.x
lease 0 2
ip cef
no ipv6 cef
license udi pid CISCO887VA-K9 sn FGLxxxxxxx
controller VDSL 0
ip ftp username cisco
ip ftp password cisco
interface Ethernet0
pppoe enable group global
pppoe-client dial-pool-number 1
no ip address
shutdown
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/35
pppoe-client dial-pool-number 1
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Vlan1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip directed-broadcast
ip virtual-reassembly in
ip tcp adjust-mss 1452
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxx
ppp chap password 0 xxxx
ppp pap sent-username xxxx password 0 xxxx
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip access-list standard 1
permit 10.0.0.0 0.0.0.255
no cdp run
line con 0
line aux 0
line vty 0 4
login
transport input all
endTry to check with your ISP the modem string to use for VDSL
and some ISP support direct dhcp on Ethernet0 without PPPoE.
An equivalent config is working for me in Switzerland with Swisscom.
N.B. "modem" under VDSL controller is enable using service internal !
service internal
controller VDSL 0
operating mode vdsl2
modem co5
ip source-route
ip cef
ip dhcp excluded-address 10.0.0.1 10.0.0.149
ip dhcp excluded-address 10.0.0.199 10.0.0.254
ip dhcp pool sdm-pool
import all
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 8.8.8.8
lease 0 2
interface Ethernet0
ip address dhcp
ip nat outside
interface Vlan1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
ip nat inside source list 23 interface Ethernet0 overload
access-list 23 permit 10.0.0.0 0.0.0.255
end -
Cisco 878 router for ADSL connectivity
Hi All,
I got a Cisco 878-k9 G.SHDSL router. I am trying to configure to get connectivity to my Service Provider.
Earlier i have configured Cisco 877 router serval times. But Cisco 878 for the first time. There is a DSL
controller in 878 rtr. I think i m missing something somewhere.
Below is the config that i have done
controller DSL 0
mode atm
loopback digital
dsl-mode shdsl symmetric annex A
line-rate auto
line-term cpe
line-mode 2-wire line-one
ip cef
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp pool INSIDE-Pool
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 212.77.192.59 212.77.192.60
lease 8
interface ATM0
description (Outside Public Interface)
no shutdown
no ip address
load-interval 30
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer0
ip address negotiated
no ip redirects
no ip proxy-arp
no ip unreachables
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname p4411XXXX
ppp chap password qatarXXXX
ppp pap sent-username p44114032 password 0 qatarXXXX
no sh
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
ip nat inside source list 101 interface Dialer0 overload
access-list 1 permit any
access-list 101 deny ip 192.168.0.0 0.0.255.255 10.10.0.0 0.0.255.255
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
dialer-list 1 protocol ip permiti have an adsl line
i try to configure the router 878
but no connection ,, kann u tel me how do u have resolve the probleme please
this is the running config
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname cisco2
boot-start-marker
boot-end-marker
no logging buffered
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
resource policy
clock timezone EST -5
clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
ip subnet-zero
ip cef
ip name-server 212.217.0.1
ip name-server 212.217.0.12
ip name-server 212.217.1.1
ip ddns update method sdm_ddns1
DDNS both
vpdn enable
vpdn-group pppoe
crypto pki trustpoint TP-self-signed-201735762
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-201735762
revocation-check none
rsakeypair TP-self-signed-201735762
crypto pki certificate chain TP-self-signed-201735762
certificate self-signed 01
3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32303137 33353736 32301E17 0D303230 33303130 32353235
375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3230 31373335
37363230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
A62304BC 27194971 2A4FAEB3 9D57240E 26EDED2A 1674FF9A 7CBBB8F2 85245C3B
C4DDBBF8 F8A67D31 5FDCBD11 72A2735D 9E8FC84B 17B55C71 43C10E41 ACC50BEC
FCE8D9EE 6D2B0B55 9BD5B62C 3981506F 04B92C25 CA4C307E BC6A6A5F 4FBEF0EE
05FEFA57 C7D879FD 79EF442F 121D6393 57E96F31 5414D1D5 4FADFBC0 95C9EAB3
02030100 01A36730 65300F06 03551D13 0101FF04 05300301 01FF3012 0603551D
11040B30 09820763 6973636F 322E301F 0603551D 23041830 16801418 6C8FED13
FFD7B2FB F6FA47E7 682B0093 FAE2AC30 1D060355 1D0E0416 0414186C 8FED13FF
D7B2FBF6 FA47E768 2B0093FA E2AC300D 06092A86 4886F70D 01010405 00038181
007C867C AC28A7F0 4BDD261C 81A71F1D E0671C28 F4724F5D ED1FE702 BCE234D9
1F85FE90 4D0AD23E 9904CBF9 D44A8CD5 0F5515BB 8FEEE4BB FF9795E1 7770B60A
E37455CC D6606EAF E0EAEEA4 932F55E6 91C6F87F 1D022203 08AD7C78 4DCF5AEA
819D2367 2B5054CC 695A4EF5 BC9ADA26 F7803106 E94BD666 179EB3DF 4CDE4CB8 1C
quit
username xxxxx privilege 15 password 0 xxxxx
controller DSL 0
mode atm
line-term co
line-mode 4-wire standard
dsl-mode shdsl symmetric annex B
ignore-error-duration 15
line-rate 4608
interface BRI0
no ip address
encapsulation hdlc
shutdown
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly
no atm ilmi-keepalive
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Vlan1
description lan
ip address 192.168.1.5 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
interface Dialer1
ip ddns update hostname xxxx.dyndns.org
ip ddns update sdm_ddns1
ip address negotiated
ip mtu 1452
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxxx
ppp pap sent-username xxxxx password 0 xxxxx
interface Dialer0
no ip address
ip classless
ip http server
ip http access-class 24
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip access-list extended to-sip-servers
remark --- traffic to any sip server
permit udp 192.168.1.0 0.0.0.255 any eq 5060
access-list 1 permit 0.0.0.0 255.255.255.0
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server community public RO
no cdp run
control-plane
banner motd ^CINE welcome
banner ^C
line con 0
no modem enable
line aux 0
line vty 0 4
password cisco
scheduler max-task-time 5000
end -
Cisco 887va-w wireless stop working suddently
Hi,
I have a problem with my router, several time it stop working.
My SSID is not broadcasted but I can't connect to it thru wireless.
I have to reload it to make it work again...
here is my config:
running ap802-k9w7-mx.152-2.JB
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
hostname AP-1
logging rate-limit console 9
enable secret 5
no aaa new-model
no ip routing
no ip domain lookup
ip domain name jbtech.local
dot11 syslog
dot11 ssid JBTech
vlan 1
authentication open
authentication key-management wpa version 2
infrastructure-ssid optional
wpa-psk ascii 7 mykey
dot11 ssid Noob Land
vlan 2
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 mykey
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-324430270
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-324430270
revocation-check none
rsakeypair TP-self-signed-324430270
crypto pki certificate chain TP-self-signed-324430270
quit
username jon privilege 15 secret 5
ip ssh version 2
ip scp server enable
bridge irb
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip route-cache
encryption mode ciphers aes-ccm
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 2 mode ciphers aes-ccm
ssid JBTech
ssid Noob Land
antenna gain 0
mbssid
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m8. m9. m10. m11. m12. m13. m14. m15.
packet retries 64 drop-packet
no preamble-short
channel 2427
station-role root
no cdp enable
infrastructure-client
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
interface GigabitEthernet0
description The embedded AP GigabitEthernet0 is an internal interface connecting ap to the host Router
no ip address
no ip route-cache
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 spanning-disabled
no bridge-group 2 source-learning
interface BVI1
ip address 192.168.2.252 255.255.255.0
no ip route-cache
ip default-gateway 192.168.2.254
no ip http server
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
logging trap debugging
logging 192.168.2.10
access-list 20 permit 192.168.2.0 0.0.0.255
bridge 1 protocol ieee
bridge 1 route ip
line con 0
access-class 20 in
exec-timeout 0 0
privilege level 15
password 7 mypass
logging synchronous
login local
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
login local
length 0
transport input all
transport output telnet
sntp server 134.214.100.6 version 3
endrunning ap802-k9w7-mx.152-2.JB
The 15.2 IOS is not very stable. Downgrade to the latest 12.4. -
Cisco Linksys E900 to adsl modem
hello friends
can u please guide me how to connect E900 with a ADSL modem? i am new in this and cudnt make out from the jargons...can u please help?
Thnx!
~Sayantan...@sayantansen, you can follow the instructions on this link:
How to set up your Linksys Wi-Fi Router for the first time using Linksys Connect
http://kb.linksys.com/Linksys/ukp.aspx?pid=80&vw=1&articleid=21463
If that doesn't work for you, you can explore more on how to set up the router here:
Different ways in setting up your Linksys wireless router
http://kb.linksys.com/Linksys/GetArticle.aspx?docid=83217d7598ad44d68d9cc60f1cea9887_Different_ways_... -
Cisco 1921 Dual ADSL Load Balancing/Failover?
Hello,
We have purchased a Cisco 1921 with twin ADSL after advice from a Cisco sales rep. However I am having trouble working out the load balancing/fail over config for the device.
I would like traffic to balance over both ADSL lines and if one goes down not to interrupt connectivity.
I had a look at ppp multilink but I am unsure our ISP (BT) support this?
This is my current config which I think only one ADSL line is being used. Some input would be appreciated
Robbie
! Last configuration change at 13:18:34 UTC Tue Mar 29 2011
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname xxxxxx
boot-start-marker
boot-end-marker
no logging buffered
enable secret 5 xxxxx
enable password xxxx
no aaa new-model
no ipv6 cef
ip source-route
ip cef
ip name-server 194.74.65.68
ip name-server 194.72.0.114
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-xxxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxxxx0
revocation-check none
rsakeypair TP-self-signed-xxxxx!
crypto pki certificate chain TP-self-signed-xxxxxx
certificate self-signed 02 nvram:IOS-Self-Sig#4.cer
license udi pid CISCO1921/K9 xxxxx
username admin privilege 15 secret 5 xxxxxxxxxx/
interface GigabitEthernet0/0
description lan$ETH-LAN$
ip address 10.0.8.1 255.255.248.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
dsl operating-mode adsl2
interface ATM0/0/0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip flow ingress
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
dsl operating-mode adsl2
interface ATM0/1/0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip flow ingress
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer0
mtu 1483
ip address negotiated
ip access-group spalding in
ip access-group spalding out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxxx
ppp multilink
ppp multilink links minimum 2
ppp multilink fragment disable
ppp timeout multilink link add 2
no cdp enable
interface Dialer1
mtu 1483
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxxx
ppp link reorders
ppp multilink
ppp multilink links minimum 2
ppp multilink fragment disable
ppp timeout multilink link add 2
no cdp enable
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.0.15.201 3389 interface Dialer0 3389
ip nat outside source static tcp 195.194.75.218 3389 10.0.15.200 3389 extendable
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 1 remark INSIDE_IF=GigabitEthernet0/0
access-list 1 permit 10.0.0.0 0.254.255.255
dialer-list 1 protocol ip permit
control-plane
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
scheduler allocate 20000 1000
endHi,
Can anyone help me with this config? not very reliable.
Building configuration...
Current configuration : 17349 bytes
! Last configuration change at 06:08:06 UTC Sun Apr 5 2015 by Shawn
version 15.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname Router
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.154-3.M2.bin
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$sNeA$GB6.SMrcsxPf51tK2Eo9Z.
aaa new-model
aaa authentication login local_authen local
aaa authorization exec local_author local
aaa session-id common
no ip source-route
ip port-map user-protocol--8 port udp 3392
ip port-map user-protocol--9 port tcp 3397
ip port-map user-protocol--2 port udp 3391
ip port-map user-protocol--3 port tcp 14000
ip port-map user-protocol--1 port tcp 3391
ip port-map user-protocol--6 port udp 3394
ip port-map user-protocol--7 port tcp 3392
ip port-map user-protocol--4 port udp 14100
ip port-map user-protocol--5 port tcp 3394
ip port-map user-protocol--10 port udp 3397
ip dhcp excluded-address 192.168.1.1 192.168.1.49
ip dhcp excluded-address 192.168.10.1 192.168.10.49
ip dhcp pool DHCP_POOL1
import all
network 192.168.1.0 255.255.255.0
dns-server 139.130.4.4 203.50.2.71
default-router 192.168.1.1
lease infinite
ip dhcp pool ccp-pool1
import all
network 192.168.10.0 255.255.255.0
dns-server 139.130.4.4 203.50.2.71
default-router 192.168.10.1
lease infinite
no ip bootp server
ip host SHAWN-PC 192.168.1.10
ip host DIAG 192.168.1.5
ip host MSERV 192.168.1.13
ip name-server 139.130.4.4
ip name-server 203.50.2.71
ip cef
ip cef load-sharing algorithm include-ports source destination
no ipv6 cef
multilink bundle-name authenticated
cts logging verbose
crypto pki trustpoint TP-self-signed-1982477479
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1982477479
revocation-check none
rsakeypair TP-self-signed-1982477479
license udi pid
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
redundancy
controller VDSL 0/0/0
operating mode adsl2+
controller VDSL 0/1/0
operating mode adsl2+
no cdp run
track timer interface 5
track 1 interface Dialer0 ip routing
delay down 15 up 10
track 2 interface Dialer1 ip routing
delay down 15 up 10
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
class-map type inspect match-all sdm-nat-user-protocol--7-1
match access-group 104
match protocol user-protocol--7
match access-group 102
class-map type inspect match-all sdm-nat-user-protocol--4-2
match access-group 101
match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--6-1
match access-group 103
match protocol user-protocol--6
class-map type inspect match-all sdm-nat-user-protocol--5-1
match access-group 103
match protocol user-protocol--5
class-map type inspect match-all sdm-nat-user-protocol--4-1
match access-group 102
match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--7-2
match access-group 101
match protocol user-protocol--7
class-map type inspect match-all sdm-nat-user-protocol--3-1
match access-group 102
match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--2-1
match access-group 101
match protocol user-protocol--2
class-map type inspect match-all sdm-nat-user-protocol--1-2
match access-group 102
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 101
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-user-protocol--2-2
match access-group 102
match protocol user-protocol--2
class-map type inspect match-all sdm-nat-user-protocol--3-2
match access-group 101
match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--8-2
match access-group 101
match protocol user-protocol--8
class-map type inspect match-all sdm-nat-user-protocol--9-2
match access-group 104
match protocol user-protocol--9
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-all sdm-nat-user-protocol--9-1
match access-group 101
match protocol user-protocol--9
match access-group 104
class-map type inspect match-all sdm-nat-user-protocol--8-1
match access-group 104
match protocol user-protocol--8
match access-group 102
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-nat-user-protocol--10-2
match access-group 104
match protocol user-protocol--10
class-map type inspect match-all sdm-nat-user-protocol--10-1
match access-group 101
match protocol user-protocol--10
match access-group 104
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any ccp-cls-insp-traffic
match protocol pptp
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all SDM_GRE
match access-group name SDM_GRE
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all ccp-protocol-http
match protocol http
class-map type inspect match-any CCP_PPTP
match class-map SDM_GRE
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-user-protocol--1-1
inspect
class type inspect sdm-nat-user-protocol--2-1
inspect
class type inspect sdm-nat-user-protocol--3-1
inspect
class type inspect sdm-nat-user-protocol--4-1
inspect
class type inspect sdm-nat-user-protocol--5-1
inspect
class type inspect sdm-nat-user-protocol--6-1
inspect
class type inspect sdm-nat-user-protocol--7-1
inspect
class type inspect sdm-nat-user-protocol--8-1
inspect
class type inspect sdm-nat-user-protocol--9-1
inspect
class type inspect sdm-nat-user-protocol--10-1
inspect
class type inspect CCP_PPTP
pass
class type inspect sdm-nat-user-protocol--7-2
inspect
class type inspect sdm-nat-user-protocol--8-2
inspect
class type inspect sdm-nat-user-protocol--1-2
inspect
class type inspect sdm-nat-user-protocol--2-2
inspect
class type inspect sdm-nat-user-protocol--9-2
inspect
class type inspect sdm-nat-user-protocol--10-2
inspect
class type inspect sdm-nat-user-protocol--3-2
inspect
class type inspect sdm-nat-user-protocol--4-2
inspect
class class-default
drop log
policy-map type inspect ccp-permit
class class-default
drop
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
interface Null0
no ip unreachables
interface Embedded-Service-Engine0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
interface GigabitEthernet0/0
description $ETH-LAN$
ip address 192.168.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
no mop enabled
interface GigabitEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
no mop enabled
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
interface ATM0/0/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface ATM0/0/0.2 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
interface Ethernet0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no mop enabled
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
interface ATM0/1/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 2
interface Ethernet0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no mop enabled
interface GigabitEthernet0/3/0
no ip address
interface GigabitEthernet0/3/1
no ip address
interface GigabitEthernet0/3/2
no ip address
interface GigabitEthernet0/3/3
no ip address
interface GigabitEthernet0/3/4
no ip address
interface GigabitEthernet0/3/5
no ip address
interface GigabitEthernet0/3/6
no ip address
interface GigabitEthernet0/3/7
no ip address
interface Vlan1
description $FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 7 1444405858557A
ppp pap sent-username [email protected] password 7 135645415F5D54
ppp multilink
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 7 01475E540E5D55
ppp pap sent-username [email protected] password 7 055F5E5F741A1D
ppp multilink
router eigrp as#
router eigrp 10
network 192.168.1.1 0.0.0.0
router rip
version 2
network 192.168.1.0
no auto-summary
ip forward-protocol nd
ip http server
ip http access-class 3
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source static tcp 192.168.1.10 3392 interface Dialer1 3392
ip nat inside source static udp 192.168.1.10 3392 interface Dialer1 3392
ip nat inside source static tcp 192.168.1.35 3391 interface Dialer0 3391
ip nat inside source static udp 192.168.1.35 3391 interface Dialer0 3391
ip nat inside source static tcp 192.168.1.5 3394 interface Dialer0 3394
ip nat inside source static udp 192.168.1.5 3394 interface Dialer0 3394
ip nat inside source static tcp 192.168.1.17 3397 interface Dialer0 3397
ip nat inside source static udp 192.168.1.17 3397 interface Dialer0 3397
ip nat inside source static tcp 192.168.1.10 14000 interface Dialer0 14000
ip nat inside source static udp 192.168.1.10 14100 interface Dialer0 14100
ip nat inside source route-map ADSL0 interface Dialer0 overload
ip nat inside source route-map ADSL1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer0 track 1
ip route 0.0.0.0 0.0.0.0 Dialer1 track 2
ip access-list extended NAT
remark CCP_ACL Category=18
permit ip 192.0.0.0 0.255.255.255 any
ip access-list extended SDM_GRE
remark CCP_ACL Category=1
permit gre any any
remark CCP_ACL Category=1
ip access-list extended STATIC-NAT-SERVICES
permit ip host 192.168.1.35 any
permit ip host 192.168.1.5 any
permit ip host 192.168.1.10 any
permit ip host 192.168.1.17 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
route-map ADSL0 permit 10
match ip address NAT
match interface Dialer0
route-map ADSL1 permit 10
match ip address NAT
match interface Dialer1
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark CCP_ACL Category=1
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny any
access-list 2 remark HTTP Access-class list
access-list 2 remark CCP_ACL Category=1
access-list 3 remark HTTP Access-class list
access-list 3 remark CCP_ACL Category=1
access-list 3 permit 192.168.1.0 0.0.0.255
access-list 3 deny any
access-list 10 remark INSIDE_IF=NAT
access-list 10 remark CCP_ACL Category=2
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 139.130.227.0 0.0.0.255 any
access-list 100 permit ip 203.45.106.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.1.10
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.1.35
access-list 101 permit tcp any any eq www
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.1.35
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.1.10
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 192.168.1.5
access-list 104 remark CCP_ACL Category=0
access-list 104 permit ip any host 192.168.1.17
control-plane
banner login ^CCE-Rescue Systems^C
line con 0
login authentication local_authen
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
authorization exec local_author
login authentication local_authen
transport input telnet ssh
line vty 5 15
authorization exec local_author
login authentication local_authen
transport input telnet ssh
scheduler allocate 20000 1000
end
Thanks
Shawn -
VPN client connect to CISCO 887 VPN Server bat they stop at router!!
Hi
my scenario is as follows
SERVER1 on lan (192.168.5.2/24)
|
|
CISCO-887 (192.168.5.4) with VPN server
|
|
INTERNET
|
|
VPN Cisco client on xp machine
My connection have public ip address assegned by ISP, after ppp login.
I've just configured (with Cisco Configuration Professional) the ADSL connection and VPN Server (Easy VPN).
All the PC on LAN surf internet and remote PC connect to VPN Cisco server via cisco VPN client.
But all remote PC after connection to Cisco VPN server don't ping SERVER1 in lan and therefore don't see SERVER1 and every other resource in LAN.
They can ping only router!!!
They are configured with Cisco VPN client (V5.0.007) with "Enabled Trasparent Tunnelling" and "IPSec over UDP NAT/PAT".
What is wrong in my attached configuration? (I've alspo tried to bind Virtual-Template1 both to unnambered Dialer0 and to Loopback0 but without luck)
Peraps ACL problem?
Building configuration...
Current configuration : 5019 bytes
! Last configuration change at 05:20:37 UTC Tue Apr 24 2012 by adm
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname gate
boot-start-marker
boot-end-marker
no logging buffered
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_2 local
aaa session-id common
memory-size iomem 10
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-453216506
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-453216506
revocation-check none
rsakeypair TP-self-signed-453216506
crypto pki certificate chain TP-self-signed-453216506
certificate self-signed 01
quit
ip name-server 212.216.112.222
ip cef
no ipv6 cef
password encryption aes
license udi pid CISCO887VA-K9 sn ********
username adm privilege 15 secret 5 *****************
username user1 secret 5 ******************
controller VDSL 0
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group EXTERNALS
key 6 *********\*******
dns 192.168.5.2
wins 192.168.5.2
domain domain.local
pool SDM_POOL_1
save-password
crypto isakmp profile ciscocp-ike-profile-1
match identity group EXTERNALS
client authentication list ciscocp_vpn_xauth_ml_2
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA1
set isakmp-profile ciscocp-ike-profile-1
interface Loopback0
ip address 10.10.10.10 255.255.255.0
interface Ethernet0
no ip address
shutdown
interface ATM0
no ip address
no atm ilmi-keepalive
interface ATM0.1 point-to-point
pvc 8/35
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface Vlan1
ip address 192.168.5.4 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ******@*******.****
ppp chap password 0 alicenewag
ppp pap sent-username ******@*******.**** password 0 *********
ip local pool SDM_POOL_1 192.168.5.20 192.168.5.50
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
dialer-list 1 protocol ip permit
line con 0
line aux 0
line vty 0 4
transport input all
endHello,
Your pool of VPN addresses is overlapping with the interface vlan1.
Since proxy-arp is disabled on that interface, it will never work
2 solutions
1- Pool uses a different network than 192.168.5
2- Enable ip proxy-arp on interface vlan1
Cheers,
Olivier -
VPN client connect to CISCO 887 VPN Server but I can't ping Local LAN
Hi
my scenario is as follows
SERVER1 on lan (192.168.1.4)
|
|
CISCO-887 (192.168.1.254)
|
|
INTERNET
|
|
VPN Cisco client on windows 7 machine
My connection have public ip address assegned by ISP, after ppp login.
I've just configured (with Cisco Configuration Professional) the ADSL connection and VPN Server (Easy VPN).
All the PC on LAN surf internet and remote PC connect to VPN Cisco server via cisco VPN client.
But all remote PC after connection to Cisco VPN server don't ping SERVER1 in lan and therefore don't see SERVER1 and every other resource in LAN. I can't even ping the gateway 192.168.1.254
I'm using Cisco VPN client (V5.0.07) with "IPSec over UDP NAT/PAT".
What is wrong in my attached configuration? (I've alspo tried to bind Virtual-Template1 both to unnambered Dialer0 and to Loopback0 but without luck)
Perhaps ACL problem?
Building configuration...
Current configuration : 4921 bytes
! Last configuration change at 14:33:06 UTC Sun Jan 26 2014 by NetasTest
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname TestLab
boot-start-marker
boot-end-marker
enable secret 4 5ioUNqNjoCPaFZIVNAyYuHFA2e9v8Ivuc7a7UlyQ3Zw
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_2 local
aaa session-id common
memory-size iomem 10
crypto pki trustpoint TP-self-signed-3013130599
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3013130599
revocation-check none
rsakeypair TP-self-signed-3013130599
crypto pki certificate chain TP-self-signed-3013130599
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33303133 31333035 3939301E 170D3134 30313236 31333333
35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30313331
33303539 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A873 940DE7B9 112D7C1E CEF53553 ED09B479 24721449 DBD6F559 1B9702B7
9087E94B 50CBB29F 6FE9C3EC A244357F 287E932F 4AB30518 08C2EAC1 1DF0C521
8D0931F7 6E7F7511 7A66FBF1 A355BB2A 26DAD318 5A5A7B0D A261EE22 1FB70FD1
C20F1073 BF055A86 D621F905 E96BD966 A4E87C95 8222F1EE C3627B9A B5963DCE
AE7F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14E37481 4AAFF252 197AC35C A6C1E8E1 E9DF5B35 27301D06
03551D0E 04160414 E374814A AFF25219 7AC35CA6 C1E8E1E9 DF5B3527 300D0609
2A864886 F70D0101 05050003 81810082 FEE61317 43C08637 F840D6F8 E8FA11D5
AA5E49D4 BA720ECB 534D1D6B 1A912547 59FED1B1 2B68296C A28F1CD7 FB697048
B7BF52B8 08827BC6 20B7EA59 E029D785 2E9E11DB 8EAF8FB4 D821C7F5 1AB39B0D
B599ECC1 F38B733A 5E46FFA8 F0920CD8 DBD0984F 2A05B7A0 478A1FC5 952B0DCC
CBB28E7A E91A090D 53DAD1A0 3F66A3
quit
no ip domain lookup
ip cef
no ipv6 cef
license udi pid CISCO887VA-K9 sn ***********
username ******* secret 4 5ioUNqNjoCPaFZIVNAyYuHFA2e9v8Ivuc7a7UlyQ3Zw
username ******* secret 4 Qf/16YMe96arcCpYI46YRa.3.7HcUGTBeJB3ZyRxMtE
controller VDSL 0
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group EXTERNALS
key NetasTest
dns 8.8.4.4
pool VPN-Pool
acl 120
crypto isakmp profile ciscocp-ike-profile-1
match identity group EXTERNALS
client authentication list ciscocp_vpn_xauth_ml_2
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode tunnel
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
mode tunnel
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA1
set isakmp-profile ciscocp-ike-profile-1
interface Ethernet0
no ip address
shutdown
interface ATM0
no ip address
no atm ilmi-keepalive
hold-queue 224 in
pvc 8/35
pppoe-client dial-pool-number 1
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Virtual-Template1 type tunnel
ip address 192.168.2.1 255.255.255.0
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface Vlan1
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ****
ppp chap password 0 *********
ppp pap sent-username ****** password 0 *******
no cdp enable
ip local pool VPN-Pool 192.168.2.210 192.168.2.215
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 100 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 100 remark
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 remark
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 120 remark
access-list 120 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
line con 0
exec-timeout 5 30
password ******
no modem enable
line aux 0
line vty 0 4
password ******
transport input all
end
Best Regards,I've updated ios to c870-advipservicesk9-mz.124-24.T8.bin and tried to ping from rv320 to 871 and vice versa. Ping stil not working.
router#sh crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
X - IKE Extended Authentication, F - IKE Fragmentation
Interface: Dialer0
Uptime: 00:40:37
Session status: UP-ACTIVE
Peer: 93.190.178.205 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 192.168.1.100
Desc: (none)
IKE SA: local 93.190.177.103/500 remote 93.190.178.205/500 Active
Capabilities:(none) connid:2001 lifetime:07:19:22
IPSEC FLOW: permit ip 10.1.1.0/255.255.255.0 10.1.2.0/255.255.255.0
Active SAs: 4, origin: dynamic crypto map
Inbound: #pkts dec'ed 0 drop 30 life (KB/Sec) 4500544/1162
Outbound: #pkts enc'ed 5 drop 0 life (KB/Sec) 4500549/1162 -
HTTP and SMB over Cisco LAN-to-LAN IPSec-VPN
we are connecting Cisco 887VA router with various other Non-Cisco routers.
VPN tunnels are up and we can ping devices on the remote network through the VPN.
However, we have a few devices (on the Cisco lan) that provide a web interface (NAS etc) and these are not accessible over the VPN, the connection seems to just hang like its waiting for a response but it never gets one and eventually the browser times out.
Strangely, if I request a page that does not exist from the NAS (eg. http://192.168.3.x/test) I will receive a 404 error so it is kind of working.
Similar problems with SMB, if I access \\192.168.3.x I can list the content (4 items) but if I go into one of those folders (containing 10+ items) it hangs and eventually gives up.
I have tried adjusting MTU and MSS with no change.
Any ideas cause I'm running out of hair
My config is attached, it is most likely a mess as this is my first Cisco device so please go easyHi,
i can get you a example VPN config (Cisco 1841) that works:
//192.168.49.0 INSIDE IP | 192.168.0.0/16 and 172.20.0.0/24 RemoteSite IP
access-list 102 permit ip 192.168.49.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 102 permit ip 192.168.49.0 0.0.0.255 172.20.0.0 0.0.0.255
access-list 150 deny ip 192.168.49.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 150 deny ip 192.168.49.0 0.0.0.255 172.20.0.0 0.0.0.255
access-list 150 permit ip 192.168.49.0 0.0.0.255 any
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp key CRYPTOKEYHERE address REMOTEWANIP
crypto isakmp keepalive 30
crypto ipsec transform-set SETNAME esp-aes esp-sha-hmac
crypto map B2B 10 ipsec-isakmp
description b2b-fw
set peer PEERWANIP
set security-association lifetime seconds 86400
set transform-set SETNAME
match address 102
interface FastEthernet0/0
description wan_primary
crypto map B2B
ip nat outside
interface FastEthernet0/1
ip nat inside
route-map nonat permit 10
match ip address 150
ip nat inside source route-map nonat interface FastEthernet0/0 overload
Regards
Markus -
2 x 2911 HSEC router 3 ADSL connections each Site ti Site VPN Load Balancing Failover
Hello,
My senario is as described in Title.
Site A Headquarters. The router is Cisco 2911HSEC with 3 ADSL connections
Site B Remote Office. The router is Cisco 2911HSEC with 3 ADSL connections and 10 Users.
All ADSL connections have static IPs and belong to same ISP.
Need - Site to Site VPN between the routers.
Client requests to load balance the traffic, due to poor ADSL speed and have a failover senarion in case an ADSL line goes down.
Any help will be appreciated.I don't believe you will find a One solution for this.
An idea would be to have all three ADSLs paired with ADSL on the other side.
Have 3 VTI (or GRE) tunnels up all the time (VRF-lite anybody?) and advertise routes to the other side with same metric.
This will cause IOS to load balance natively.
Potential problem: return path might not be the same as forward path, but it should not matter much for most applications.
Potential cool thing you can do: All the "magical" things in routing world (Did I head PfR?). FlexVPN on top to make it more flexible.
Benefit: Rely on IKE to bring down connections which are going down. Little-to-no management once it's up and running. -
Cisco-Linksys Router and no PPPOA Option for Conne...
Hi all!
New here and just hoping to get some here!
We are using a BT Business hub Router and it is having a few issues with wireless connectivity, so I would like to use another router to see if it is our equipment or if it is the router itself.
I have a Cisco Linksys E1000 Router and after looking at the BT router I can see that the connection type is set to PPPOA with a username and password. I do know the username and password so that isnt an issue, however on the Cisco router there is no option for PPPOA, the only options are:
Static IP, DHCP, PPPoE, PPTP, L2TP, and BigPond
There is a connection in the back of the cisco router for the ADSL cable, I was just wondering if there is a way to work around this?
Thanks very much!!I am sure you will get help there when someone has time.
You can always find the latest postings on the Business Forum using this link.
http://business.forums.bt.com/t5/forums/recentpostspage/post-type/message
There are some useful help pages here, for BT Broadband customers only, on my personal website.
BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones. -
Add a simple wireless config to a Cisco 877 wireless?
Hi, I have a working Cisco 877w on an ADSL line. I'm trying to find out how I can add a simple wireless network to it? I can't find any instructions or examples on how to do this either in CLI mode or SDM.
Hope you can helpHere is a useful document which explains in detail how to setup a wireless connection using the 870 series wireless router.
http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/wireless.html -
Hi
Does my router 892 support Voip?
I wanted to create a ccna voice lab. Any advice would be great as regarding router 892 supporting Voip with CME
I have found 1 doc it states 892 router supports CME
http://ptgmedia.pearsoncmg.com/images/9781587132995/samplepages/1587132990.pdf
892 doesn't support DSP but then how it will support CME ?
Any advice will be great
Regards
Aateek Singh
Network engineer
Spooster IT ServicesHi.
That comes from my experience.
I have a 887VA (non Cube) which originally mounts 256 MB of ram.
I purchased a 512MB module and loaded an 880-voice image and now i have a fully operative CUCME .
This is my Router
Cisco 887VA (MPC8300) processor (revision 1.0) with 708608K/77824K bytes of memory.
Processor board ID FCZ1618C5KG
1 DSL controller
1 Ethernet interface
4 FastEthernet interfaces
1 ATM interface
1 Virtual Private Network (VPN) Module
256K bytes of non-volatile configuration memory.
125496K bytes of ATA CompactFlash (Read/Write)
System image file is "flash:c880voice-universalk9-mz.154-3.M1.bin"
HTH
Regards
Carlo -
64bit machine VPN to 887VA access
Hi Guys,
I have a remote access VPN solution in place running from a Cisco 887VA router.
Until recently all remote users have been OSX or WinXP users and as such the native VPN client and Cisco VPN Client 5.x were working perfectly. Now I have a user who is attempting to connect using a 64bit Windows 7 machine which it apprers is not supported by this client type and the documentation I can find says there is no alternative other than the AnyConnect platform.
I have run up a Windows 7 machine to configure an AnyConnnect client which is failing on connection.
After further reading through the AnyConnect administration guide I see that it says this will only allow access to an ASA type device with no mention of an IOS device.
Is this the case? If so how does someone connect a 64bit machine to an IOS based Remote Access vpn?
I am confused and concerned that I am not going to be able to let 64bit users onto the VPN network.
Any guidance is appreciated.
Thanks
BrunoYes, you can still use IPSec VPN Client (version 5.0.7(440)) to connect, however, yes, IPSec VPN Client is going EOL soon.
Here is the filename that you can download that support Windows 7 64-bit: vpnclient-winx64-msi-5.0.07.0440-k9.exe.
Here is the EOL notification for VPN Client:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5743/ps5699/ps2308/end_of_life_c51-680819.html
you can also use AnyConnect to remote access to IOS router, however, you would need to purchase the SSL VPN license to be able to connect using AnyConnect client.
Hope that helps. -
Hi,
I bought nearly a year ago two WAP321 and I'm having some problems with one of them. A couple of months ago I bought a WAP121 to increase coverage area of my WAP321 and I set up a WDS between 321 and 121. It works fine and the interfaces are up. The problem is that between 2 days to a couple of weeks, the WAP321 crashes and wds link goes down, and Ethernet so does. (Ethernet is active but no response to ping is given and web cli doesn't responds too). The only way to solve this is restarting the AP.
The topology is the following
CISCO SG300 -----------(trunk)------------DLINK-----------ADSL ->Internet
| |
| |
| |
| |
| |
WAP321 <- (this one crashes) WAP321
|
|
|(WDS)
|
WAP121
I tried multiple versions of the software. I'm currently with 1.0.3.4. I have the feeling that is more stable than 1.0.4.2. With both versions, the same problem.
Also notice that there are 2 VLANs on the network.
Here is an extract from the crash dump:
crashdumps:
crashdump1:
Software Version: 1.0.3.4
Crash Log:
Uptime of the AP: 0 Days, 10 Hours, 25 Minutes and 23 Seconds
CPU Unable to handle kernel paging request for process = swapper and pid = 0
epc == c0518fe0, ra == c054d604
Stack Trace:
[<00000000c054d604>] - wlc_scbfree+0xe8/0x3b4 [wl]
[<00000000c054e0d0>] - wlc_userscb_alloc+0x2c8/0x2d0 [wl]
[<00000000c054e87c>] - wlc_scblookup+0x11c/0x1c0 [wl]
[<00000000c057c024>] - wlc_ap_authresp+0x68c/0x9d0 [wl]
[<00000000c0535264>] - wlc_recvctl+0x1158/0x28b8 [wl]
[<00000000c0676ae4>] - wlc_recv+0x5f8/0x808 [wl]
[<00000000c067f7f8>] - wlc_dpc+0x6c8/0xb30 [wl]
[<00000000c06794c0>] - wl_dpc+0x50/0x164 [wl]
[<000000008002f09c>] - tasklet_action+0x70/0xf4
[<000000008002ea20>] - __do_softirq+0x80/0x110
[<000000008002eb18>] - do_softirq+0x68/0x70
crashdump2:
Software Version: 1.0.3.4
Crash Log:
Uptime of the AP: 0 Days, 14 Hours, 47 Minutes and 50 Seconds
CPU Unable to handle kernel paging request for process = swapper and pid = 0
epc == c0518fe0, ra == c054d604
Stack Trace:
[<00000000c054d604>] - wlc_scbfree+0xe8/0x3b4 [wl]
[<00000000c054e0d0>] - wlc_userscb_alloc+0x2c8/0x2d0 [wl]
[<00000000c054e87c>] - wlc_scblookup+0x11c/0x1c0 [wl]
[<00000000c057c024>] - wlc_ap_authresp+0x68c/0x9d0 [wl]
[<00000000c0535264>] - wlc_recvctl+0x1158/0x28b8 [wl]
[<00000000c0676ae4>] - wlc_recv+0x5f8/0x808 [wl]
[<00000000c067f7f8>] - wlc_dpc+0x6c8/0xb30 [wl]
[<00000000c06794c0>] - wl_dpc+0x50/0x164 [wl]
[<000000008002f09c>] - tasklet_action+0x70/0xf4
[<000000008002ea20>] - __do_softirq+0x80/0x110
[<000000008002eb18>] - do_softirq+0x68/0x70
Thanks in advance,
Àlex RoigHi Nicolas,
I still have problems with one of my WAP321. I haven't discovered anything else so far. What I have observed the last days, is that the AP restarts itself after crash or whatever. A couple times I have logged in the web interface I have seen uptime around 5 hours with noone having restarted the AP. Really strange.
The one that runs properly, is at version 1.0.4.2 and I've had any problems with it. Their configuration is the same except from the WDS.
There's quite a lot of people with similar problems. Hope that Cisco solves this via software update the sooner. The last software version dates from August...
I will have to do a bigger deployment and I'm seriously thinking to go with Aironet 1600. They are much more expensive but its stability and performance should be better. I don't want to have stability problems and this Small Business series are giving me too much headache.
This holidays I will have time to do some different tests to the AP and try do discover what makes it crash. I'll post everything relevant I find! If someone knows something, please, help!
Sincerely,
Àlex Roig
Maybe you are looking for
-
Can someone explain why I'm no longer an Adobe customer?
For additional help, reach us at http://helpx.adobe.com/contact.html General Info Chat start time Mar 11, 2015 7:10:17 AM PST Chat end time Mar 11, 2015 7:45:25 AM PST Duration (actual chatting time) 00:35:07 Operator Santosh Kumar Chat Transcript in
-
[TEM] Creation of Multi - Lingual Appraisal Models
Hi Experts! (Zsolt? ) We need Multi- Language Appraisal models so that end-user in the ESS portal can choose what language they prefer during maintenance of appraisal form for BEs. In our Appraisal Catalog, there are already created identical Apprais
-
Hello All, I have a requirement to generate dynamic column in the PDF. I have got the same running using the below code HEADER : <?split-column-header:XXX_TIME?><?split-column-width:@width?><?XXX_TIME_FROM?> DATA : <?split-column-data:XXX_START?><?EM
-
Hi all, i want to retrive no of column present in a table in a sql query..don't use desc command thanks pratap
-
New to Apex, but is there a way to have two updated report regions on one page. -bill