Cisco CSS ICS via DWDM
We are currently splitting up a campus installation (2 datacenters with < 300m cable distance).
One datacenter remains on the campus, the other one is moved to another part of the town, approx. 30km away.
The two datacenters are interconnected using DWDM (don't have the exact specs at the moment, but I think we have got the equivalent of 16 duplexed 4Gb/s conenctions between the two data centers)
So far we have been able to move most of the equipment (including several members of Oracle RAC clusters on Linux and OpenVMS, VPN server farms, ESX cluster members and similar services), but we do not seem to bei able to get the Cisco CSS ICS link up on the DWDM.
Is there anything we can ask the DWDM provider to check, or is there no chance to get the ICS link up over DWDM?
Hi Martin,
I guess you are referring to ISC port, right?
As per CSS documentation: You must connect the ISC ports directly to the two CSSs. You cannot use Layer 2 devices on the ISC links between the two CSSs. Also, the ISC links must be dedicated to passing only ISC traffic.
For that reason I believe you need to reconsider your plan.
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20_v8.10/configuration/redundancy/guide/ASR.html#wp1038263
Best regards,
Ahmad
Similar Messages
-
Cisco css http keepalive is not working with GET command
Dear all
i have Cisco Css connected to Dell Server (via switch)
Cisco CSS - 192.168.1.3 and Dell Server - 192.168.1.5
Dell server is setup with windows 2009R2 and Apache HTTPD is version 2.2
This server is dedicated to host multiple doamins with Apache lik
www.abc.co.uk
www.xyz.co.uk
Now the clinet wants to setup the http keepalive with specfic web page like /testpage.html for all these domains. i have teseed with single URI. it is working the comamnds are
config)# service serv1
(config-service[serv1])# ip address 192.168.1.5
(config-service[serv1])# keepalive type http
(config-service[serv1])# keepalive method head ( get i have not used due to hash mismatch with apche server, if i use GET it is not working)
(config-service[serv1])# keepalive uri "/testpage.html"
(config-service[serv1])# active
It is working with single URI. but how can i do the same thing for multiple doamins ?
for multiple doamins do i need use script ? or can i use with commands ?
if i need to use script the script is
!no echo
! Filename: httptag-test
! Parameters: HostName WebPage HostTag
! Description:
! This script will connect to the remote host and do an HTTP
! GET method upon the web page that the user has asked for.
! This script also adds a host tag to the GET request.
! Failure Upon:
! 1. Not establishing a connection with the host.
! 2. Not receiving an HTTP status "200 OK"
if ${ARGS}[#] "NEQ" "3"
echo "Usage: httptag-test \'Hostname WebPage HostTag\'"
exit script 1
endbranch
! Defines:
set HostName "${ARGS}[1]"
set WebPage "${ARGS}[2]"
set HostTag "${ARGS}[3]"
! Connect to the remote Host
set EXIT_MSG "Connection Failure"
socket connect host ${HostName} port 80 tcp
! Send the GET request for the web page
set EXIT_MSG "Send: Failed"
socket send ${SOCKET} "GET ${WebPage} HTTP/1.1\nHost: ${HostTag}\n\n"
! Send the HEAD request for the web page
set EXIT_MSG "Send: Failed"
socket send ${SOCKET} "HEAD ${WebPage} HTTP/1.1\nHost: ${HostTag}\n\n"
! Wait for a good status code
set EXIT_MSG "Waitfor: Failed"
socket waitfor ${SOCKET} "200 OK"
no set EXIT_MSG
socket disconnect ${SOCKET}sh w
exit script 0
in the script i have not used GET becasue, when CSS send GET request to apache it use hash, but apache is not able to respond with same hash and it shows that website is down. more information- click below url
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.40/command/reference/CmdKeepC.html#wp1139668
(config-keepalive) method
I have uploaded in CSS with httptag-test file and applied these commands
service comp.brit.co.uk-80
keepalive port 80
ip address 192.168.1.5
keepalive frequency 10
keepalive maxfailure 2
keepalive retryperiod 10
keepalive type script httptag-test "192.168.1.5 /testpage.html www.abc.co.uk
keepalive type script httptag-test "192.168.1.5 /testpage.html www.xyz.co.uk
but this script is not working
my question is:
1.do i need use script only to setup http keepalvie with webpage for multiple domains ?
2.with out using script is there any solution like CICSCO CSS commands to setup http uril for multiple domains which are on 1 singl server.
please help me asapHello Muhammad,
If you wish to use multiple domains for a URI keep-alive check, and perform a HEAD request what Daniel mentioned is correct. You have to use a scripted keep-alive check on the service. However, you should not use the default "ap-kal-httptag" script to do so as it's limited to only 1 website (unless you modify the script). You're best bet would be using the "ap-kal-httplist" script on the CSS as it allows the checking of 2 different websites along with a webpage to check for each site using HTTP HEAD method.
!no echo
! Filename: ap-kal-httplist
! Parameters: Site1 WebPage1 Site2 WebPage2 [...]
! Description:
! This script will connect a list of sites/webpage pairs. The
! user must simply supply the site, and then the webpage and
! we'll attempt to do an HTTP HEAD on that page.
! Failure Upon:
! 1. Not establishing a connection with the host.
! 2. Not receiving a status code 200 on the HEAD request on any
! one site. If one fails, the script fails.
! Make sure the user has a qualified number of arguments
if ${ARGS}[#] "LT" "2"
echo "Usage: ap-kal-httplist \'WebSite1 WebPage1 WebSite2 WebPage2 ...'"
exit script 1
endbranch
while ${ARGS}[#] "GT" "0"
set Site "${ARGS}[1]"
var-shift ARGS
if ${ARGS}[#] "==" "0"
set EXIT_MSG "Parameter mismatch: hostname present but webpage was not"
exit script 1
endbranch
set Page "${ARGS}[1]"
var-shift ARGS
no set EXIT_MSG
function HeadUrl call "${Site} ${Page}"
endbranch
exit script 0
function HeadUrl begin
! Connect to the remote Host
set EXIT_MSG "Connect: Failed to connect to ${ARGS}[1]"
socket connect host ${ARGS}[1] port 80 tcp 2000
! Send the head request
set EXIT_MSG "Send: Failed to send to ${ARGS}[1]"
socket send ${SOCKET} "HEAD ${ARGS}[2] HTTP/1.0\n\n"
! Wait for the status code 200 to be given to us
set EXIT_MSG "Waitfor: Failed to wait for '200' on ${ARGS}[1]"
socket waitfor ${SOCKET} " 200 " 2000
no set EXIT_MSG
socket disconnect ${SOCKET}
function HeadUrl end
Rather then modify the default "ap-kal-httplist" script on the CSS I would simply define the arguments within the service configuration itself. Something like the following (using your service example):
service dell-192.168.1.5
ip address 192.168.1.5
keepalive type script ap-kal-httplist "www.abc.co.uk /testpage.html www.xyz.co.uk /testpage.html"
active
As long as the server is configured to reply to host headers, and the page is configured to retuen a "200 OK" the above service configuration should work. If there are any errors simply run "show service " to view why there was a failure. If there is a failure, and the output from the command specified shows a line number run the following command against the script to view at what point (line) did the failure occur:
show script ap-kal-httplist line-numbers
Hope this helps!
- Jason Espino -
i'm forced to use a xoom for work. Is there any way of installing android ICS via virtual machine or any other mechanism?
On the iPad? No.
-
How to authenticate Cisco IP Phones via ISE
Hello
Has anybody an idea or official link to a Cisco instruction, how to configure a Cisco ISE to authenticate Cisco IP Telephony via EAP-TLS (802.1x)?
Can anybody help?
Thanks!
MarcoHEre you go.
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_auth_pol.html#wp1146222
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
Cisco CSS 11501 - High-Availabilty
We have a single CSS 11501 and were thinking about just buying a new one and putting it online as the standby with statefull (hopefully) failover, but weren't sure that this would work.
Does anyone know what is needed to create a high-availability Cisco CSS 11501 environment?
Do you only need 2 CSS 11501 and then configure them with one being active and the other being in a standby mode, like a PIX?
Is there a HA Cable that would need to be connected between the 2 CSS's?
Thanks in Advanced.
JoeDaniel,
There is a new stateful failover mechanism for the Cisco CSS 11500.
This description is a bit "salesy" I know, but it covers the question asked :-)
The Cisco CSS 11500 delivers ASRthe industry's first stateful Layer 5 session redundancy feature that enables failover of important flows while maximizing performance. Some flowssuch as a long-lived File Transfer Protocol (FTP) or a database session may be mission critical, but many are not. Most solutions on the market today require all trafficimportant or notto be backed up from one box to another. If the majority of flows are not critical, then most of system performance is wasted on unnecessary back
ups. With ASR, the Cisco CSS 11500 may be configured so critical flows are marked as replication worthy, whereas others do not need to be so marked. ASR focuses traffic management resources precisely where needed.
Better yet, have a look at the following link focusing on the section on Stateless Redundancy.
http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_510/advcfggd/redndncy.htm
Regards
Pete.. -
I have a Cisco CSS 11501s attached to a Cisco 6000. I am using the CSS in an on arm design, which is basically a router on a stick. The Cisco 6000 only provides layer 2 switching. It utilizes 1 Ethernet interface on a single vlan.
I configure 3 VIPs for client connection.
- VIP 1 for SSL
- VIP 2 is for the clear text traffic from the
VIP1/proxy list.
- VIP 3 is for redirecting clear text traffic from
the client.
- All VIPs use the same address, but differing
ports.
I have a source group for all outbound traffic to the server farm. I tried to block traffic to the clear text interface, but I blocked all traffic. Is there an issue with one security of VIPs in a one-arm design?
Any design ideas?
Thank youHi,
If I understand correctly, you want to block the traffic destined to the VIP which is actually meant for the back-end traffic with the server once it is off the proxy-list. I understnad you use the VIP2 for this purpose as per your question and is same as the client side IP range.
Here is the solution just use a config what is known as "full-proxy" configuration by Cisco on the CSS. To do this you would need two different IP ranges. One would be for your client side (the one resolved by dns) and the other could be a different IP range preferably the non-routable private ip rnage like 192.168.x.x for the back-end server segment. You will now pick-up a VIP from server segment and assign it in the proxy-list with the 'cipher' specs.
In essence, this way you wouldn't be forced using the same VIP range for the servers and for the clients as well. You can have a private range on the back-end. This prevents traffic being targeted to your server segment from the client segment in the clear http in your case.
thanks -
Nortel Alteon rules conversion to Cisco CSS
We currently have some servers that are being load serviced by an Alteon content switch. The rules were not written or are supported by our group. We have a printout of the config but it is a bear to translate. Are there any tools to translate the config to Cisco CSS style?
Thanks,
JohnJohn,
There are no tools to translate Alteon to Cisco CSS. For long configs, it can be a tedious process.
I have seen in the past tools to convert configs from one Cisco load balancer to another type, but never for conversion of configs between vendors.
-Steve -
Getting logs for DOS Attack:Sync Attack on cisco CSS 11501 frequently.
Hi ,
Since couple of weeks , i am getting below DOS attack logs on cisco CSS.Can anyone help me out about how can we avoid this? and how to deal with it.
04/23/2011 17:27:28:Enterprise:DOS Attack:SYN Attack -> 10 times
04/23/2011 17:30:15:Enterprise:DOS Attack:SYN Attack -> 10 times
04/24/2011 11:20:32:Enterprise:DOS Attack:SYN Attack -> 11 times
04/24/2011 11:24:48:Enterprise:DOS Attack:SYN Attack -> 12 times
04/24/2011 15:30:42:Enterprise:DOS Attack:SYN Attack -> 10 times
Thanks
ManishHi Nicolas,
Why i am asking about DOS attack as i am facing some issues for the 2 VIPs configured in cisco CSS 11501.
Can you help me troubleshooting the issue?
I have coming across some Load Balancing issues for the 2 VIPS configured on Cisco CSS11501.
We have cisco CSS 11501. We have 2 VIPs configured on it for FE and BE servers.Now Client calls to FE VIP and LB forwarding it to server and then FE server calls the BE VIP which goes through the same LB and forward to BE server under the VIP.When we start load test, we have observed after 2 hour test, application team getting HTTP timeout.As this application is used by Call center so getting timeout is bad.
Need to troubleshoot this issue if there is any problem from LB End.
Please find the attached file for VIP configs. -
Cisco CSS as non-HTTPS SSL-traffic terminator
Hi!
Does anybody know is it real to use Cisco CSS as SSL-traffic terminator. I need to terminate non-HTTPS SSL-traffic on this device (i.e. SSL-encrypted sessions of any particular TCP-based application-layer protocol, not https)? If not, is there any CISCO device capable of doing such a job?
Regards, AmirHi!
Thank you very much for your reply.
I know about the S model - as per my post - but unfortunately I have realized after making the purchase.
Can you please help me with the following issue: my unit is not able to boot from FTP, even if I follow up the CISCO official documentation for that version (I issue all the commands as in the manual). More than that, if I setup the Primary Boot Configuration and then I want to check it up there is nothing in that field. The Secondary Boot Configuration keeps its settings and after the Primary failure it will try the Network Booting but with Failed status - returning me to the OffDM.
I mention that I am using the OffDM because the unit I bought has no Flash Card.
Also I am not sure how can I have a "network mounted filesystem" and in the meantime to use the FTP protocol; setting up a NFS server wont provide me with Windows style absolute path like k:/.... as per CISCO official guide. Is that a plain-ftp generically called as Network File System??? "First, create these subdirectories on the FTP server, then copy the files from the boot image to the subdirectories"
Is this linked with the fact that I am using a Linux box for my FTP Server? Can you please help me to understand what the following line from CISCO official guide means "A network boot is not supported on UNIX workstations"
Thank you! -
Dear NetPros:
Does anyone know that does Cisco CSS 11500 Series Content Services Switch support 'Session Caching of RDP Clients? session for roaming of disconnected sessions' features?
Thanks
BernardThe Cisco CSS 11500 is a compact modular platform, specifically designed to provide robust Layer 4-7 traffic management services for e-business applications in Internet and intranet data centers.
This URl should help you:
http://www.cisco.com/en/US/netsol/ns340/ns394/ns50/ns254/networking_solutions_package.html -
Has anyone added a Cisco CSS to MARS as a reporting device?
If so what did you select as your "device type."?
And did you create custom parsers?I have a CSS in MARS but its listed as a generic router. The logs dont get parsed but I have some alerts setup for specific messages.
-
Hi,
Im ready to kick start Cisco CSS and ACE load balancers. I found that 642-972 DCASD and 642-975 DCASI are the relevant exams for that. But, they are expired now. And, I couldn't even find the old materials for those. Could you please anyone assist me in getting started with this?Hi Kanwal,
Thanks for your reply. BTW, wasn't there any specific study guides for 642-972 DCASD and 642-975 DCASI from Cisco? The reason behind this question is, I want to go step by step starting from how load balancing works, the basics and terminologies of load balancing and its various options and operations etc. I have been working with Network Security and just stepping in to DC operations. -
Load Balance TMG with Cisco CSS
I am working with a Customer that is using Cisco CSS to load balance Microsoft TMG 2010.
From the Microsoft TMG, I can see the https probes hitting the TMG Servers. The TMG 2010 recongnizes that the Cisco is trying to establish a 3-way handshake and is dropping every 3rd connection with the following error: "non-SYN packet was dropped because it was sent by a source that does not hane an established connection with the Forefron TMG computer." Since the Microsoft Forefront TMG 2010 Server is Stateful packet inspection firewall, what is the best load balance method for this service? TCP or even worst ICMP.
Below is a snipet of the configuration:
Thank You
Avery
CSS-A# show service Server1-ssl
Name: Server1-ssl Index: 70
Type: Local State: Alive
Rule ( x.x.x.x TCP 443 )
Session Redundancy: Enabled
Redundancy Global Index: 206
Redirect Domain:
Redirect String:
Keepalive: (SSL-443 5 3 5 )
Keepalive Encryption: Disabled
Last Clearing of Stats Counters: 03/05/2012 16:33:14
Mtu: 1500 State Transitions: 4
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0 Weight Reporting: None
Weight: 1 Load: 2
CSS-A#
CSS-A# show service Server2-ssl
Name: Server2-ssl Index: 71
Type: Local State: Alive
Rule ( x.x.x.x TCP 443 )
Session Redundancy: Enabled
Redundancy Global Index: 207
Redirect Domain:
Redirect String:
Keepalive: (SSL-443 5 3 5 )
Keepalive Encryption: Disabled
Last Clearing of Stats Counters: 03/05/2012 16:53:49
Mtu: 1500 State Transitions: 6
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0 Weight Reporting: None
Weight: 1 Load: 2Hi,
It would good to have a capture from the server itself, the TCP keepalive is really simple, as you explained, it is just a 3-way-handshake on port 443.
The CSS is going to use it's vlan IP to generate this keepalive.
So if the server is dropping the connection, it would be good to se the actual behavior of the keepalive.
ICMP is just a ping, and lets say port 443 is not longer open on the server, at the point that the CSS gets the ICMP reply back from the server, the service is going to remain as alive, but the traffic is not going to work, so ICMP is not a good option.
Thanks! -
How to reset password on Cisco CSS 11501?
Hi,
I have changed the password for the Admin user (which was SuperUser) but when I changed it I forgot to add "SuperUser" at the end, now I don't have SuperUser access to the CSS 11501.
Can anyone shade some light on this problem and explain how can I reset the password for a SuperUser?
Thanks in Advance,
ShaiHi Shai,
You need to reboot the CSS. When prompt, hit any key to go into the Offline Diagnostic Menu.
When you get in the menu, you will go to Administrative options and create an additional Admin user. When you do this, DO NOT use "admin", use something totally different.
Get out of the Offline DM and reboot the CSS. When the CSS comes up, login as the new user (which will have Superuser rights) and run the "username" cli to change the password of "admin" and add the superuser part this time.
Regards
Pete Knoops
Cisco Systems -
Help with Remote access VPN on Cisco router 3925 via Dialer Interface
Hi Everybody,
I need help for my work now, I appreciate if someone can fix my problem.I have a Cisco router 3925 and access Internet via PPPoE link. I want config VPN Remote Access and using software Cisco VPN client. But it doesn't work.. Here my config router :
HUNRE#show running-config
Building configuration...
Current configuration : 5515 bytes
! No configuration change since last restart
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname HUNRE
boot-start-marker
boot-end-marker
enable secret 5 $1$vEFw$rLfvLglzUgddCVwXDx03K.
enable password cisco
aaa new-model
aaa session-id common
crypto pki trustpoint TP-self-signed-1050416327
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1050416327
revocation-check none
rsakeypair TP-self-signed-1050416327
crypto pki certificate chain TP-self-signed-1050416327
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303530 34313633 3237301E 170D3134 30393235 31313534
31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30353034
31363332 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CC79 74FCFABE 81183B70 5A9F4A53 EB609754 7D5F8587 9150B76E 3207A86E
5B65F9E9 6CDAC21A 6D69221D 1FF61632 14763308 43B2A1CC 8EE5ABAC EF07530E
3F0D35FE F08C955B 60B52B92 F8F54D53 DD6DD623 01F83493 02F9C49A F0C3483D
3B48A008 8D96700E 88924BFE DE00201B DE5965DE 32898CAD 9012AB55 76B6F39B
2D470203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14C3418C BC35F3D9 B26B2475 2BB5F826 060525AB B3301D06
03551D0E 04160414 C3418CBC 35F3D9B2 6B24752B B5F82606 0525ABB3 300D0609
2A864886 F70D0101 05050003 81810070 AC7C26C6 4606A551 1A3FD6C5 2A5AEAE8
35DAC86E F8885E26 51F6EEAE 7565D3AA D532C8F3 55F6656F D103F38C 8FBDE7F1
83E77143 76469040 7FEA41E8 14963DB3 F7F28EA0 C5F2F42C B186B75C AAB04900
15F9CB38 A16964F5 4E7B4378 35041AA8 AE8EC181 D58D6A62 676E286A 7B9D80E6
35A0B9FB FB76E976 3D2A19D7 006078
quit
ip name-server 210.245.1.253
ip name-server 210.245.1.254
ip cef
no ipv6 cef
multilink bundle-name authenticated
vpdn enable
vpdn-group 1
vpdn-group 2
license udi pid C3900-SPE100/K9 sn FOC1823839B
license boot module c3900 technology-package securityk9
username cisco privilege 15 secret 5 $1$aAjB$D3iLyPFTE7O1bHPnKSJcH0
username kdhong privilege 15 secret 5 $1$nfyX$FO1BPTabCUaE6uKQwpLT.1
redundancy
track 1 ip sla 1 reachability
track 2 ip sla 2 reachability
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group VPN-HUNRE
key hunre
dns 8.8.8.8
domain hunre
pool IP-VPN
acl 199
max-users 100
crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
mode tunnel
crypto dynamic-map DYNMAP 1
set transform-set encrypt-method-1
crypto map VPN client configuration address respond
crypto map VPN 65535 ipsec-isakmp dynamic DYNMAP
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip mtu 1492
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
duplex auto
speed auto
interface GigabitEthernet0/1
description FPT
no ip address
ip tcp adjust-mss 1412
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface GigabitEthernet0/2
description Connect to CMC
no ip address
ip mtu 1442
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1412
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
no cdp enable
interface Dialer1
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname [USERNAME]
ppp chap password 0 [PASSWORD]
ppp pap sent-username [USERNAME] password 0 [PASSWORD]
ppp ipcp dns request
crypto map VPN
interface Dialer2
description Logical ADSL Interface 2
ip address negotiated
ip mtu 1442
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1344
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname [USERNAME]
ppp chap password 0 [PASSWORD]
ppp pap sent-username [USERNAME] password 0 [PASSWORD]
ppp ipcp address accept
no cdp enable
ip local pool IP-VPN 10.252.252.2 10.252.252.245
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source list 11 interface Dialer2 overload
ip nat inside source static 10.159.217.10 interface Dialer1
ip nat inside source list 199 interface Dialer1 overload
ip nat inside source static tcp 10.159.217.10 80 210.245.54.49 80 extendable
ip nat inside source static tcp 10.159.217.10 3389 210.245.54.49 3389 extendable
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.159.217.0 255.255.255.0 192.168.1.8
ip sla auto discovery
ip sla responder
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
access-list 10 permit any
access-list 11 permit any
access-list 101 permit icmp any any
access-list 199 permit ip any any
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
transport input all
line vty 5 15
password cisco
transport input all
scheduler allocate 20000 1000
ntp master
end
However, I cannot ping interfac Dialer 1. I using Cisco vpn client software ver 5.0.07.0290.
Hopeful for your answers !
ThanksHi David Castro,
Thanks for your answer,
I configed following your guide, but it have not worked yet. I saw that I cannot ping IP gateway Internet . I using ADSL Internet and config PPPoE and my router receive IP from ISP. Here show ip int brief :
GigabitEthernet0/0 192.168.1.1 YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM up up
GigabitEthernet0/2 unassigned YES NVRAM up up
Dialer1 210.245.54.49 YES IPCP up up
Dialer2 101.99.7.73 YES IPCP up up
NVI0 192.168.1.1 YES unset up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
Virtual-Access3 unassigned YES unset up up
But I cannot ping Interface Dialer 1, so may be VPN is does not worked. Do you have some ideal ?
Thanks very much !
Maybe you are looking for
-
Any camcorder recommendations?
Hi experts. Have bad experience with Sony (DVD Camcorder). Was not compartible with iMovie (tried really everything!!!). Sold it now. Could anybody recommend one? Do the new ones (with harddisk) work or will I get the same problems as with the dvd's?
-
PERFORMANCE of this REPORT object
Hi Experts I have a REPORT object, having a few SELECT Queries in it. I need to analyze the PERFORMANCE of this REPORT object. How can I analyze the performance of a SELECT Query alone in it - that is time taken to execute this SELECT Query alone? Ho
-
Intel imac (white) will not start up, please help.
I have a 20" intel imac (white not silver) running 10.6.4. I can not get it to boot up on its own, the farthest it gets is to the Silver Apple with spinning gear. I have tried: 1. safe restart - the result is - I get a circle with slash and the a fol
-
Using PCF to create booklets with pages
Before I updated to Lion I could used the create booklet software to print out booklets for church. After installing Lion I am being told this application is not universal and I need an update. None appears to be available. Any ideas?
-
How do I go about moving forward on transactional licensing program?
Our higher ed department is interested in purchasing options for the transactional licensing program. The TLP info points to sales inquiry number who in turn pointed one of our techs back to the TLP website for information on purchasing. How do we ge