Help to configure 2911 router

Hi All,
My company recently order a new circuit for our VoIP use and we have a Cisco 2911 router. 
The new circuit is terminated with a ethernet handoff. I have never configure a router direct connect to ISP circuit before, please help!
Following details is give by the ISP:
WAN IP
IPv4 Network Address:   X.X.6.204/30 
IPv4 Customer Address:   X.X.6.206/30  
IPv4 PE Interface Address:   X.X.6.205/30  
LAN IP
IPv4 Static Routing :   X.X.159.0/29 
Default GATEWAY: X.X.159.1 
Available Addresses: X.X.159.2 - X.X.159.6 
Subnetmask: 255.255.255.248 
VLAN Tagging :Transparent
DNS Server: 198.6.100.6, 198.6.1.125

Hi,
On the circuit (interface) connecting to your provider you need to add this IP
X.X.6.206/30
example:
interface f0/0
ip address X.X.6.206 255.255.255.252
no sh
On the interface connecting to your lan you need to add this IP:
X.X.159.1
example:
interface f0/1
ip address X.X.159.1 255.255.255.248
no sh
below range is used for your LAN side (PC, server, etc..) with default gateway being X.X.159.1 255.255.255.248
X.X.159.2 - X.X.159.6
HTH

Similar Messages

  • HELP FOR CONFIGURATION BROADBAND ROUTER TENDA W311...

    I have one BROADBAND ROUTER TENDA W311R, but I can not make the right configuration to use it.
    Could someone help me?

    alekurkova wrote:
    I have one BROADBAND ROUTER TENDA W311R, but I can not make the right configuration to use it.
    Could someone help me?
    That router cannot be used with ADSL, only Infinity, provided you have an Openreach modem.
    There are some useful help pages here, for BT Broadband customers only, on my personal website.
    BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

  • Help required in configuring multicast routing

    Hi,
    We have two 2 servers and 200 clients.
    2 servers are in one vlan, 200 clients are in another vlan.
    first server will send data to second server with multicast address 234.5.6.7
    second server will send data to 200 clients with multicast address 234.5.6.8
    first server is able to send data to second server.
    but second server is not able to send data to clients.
    If we put clients in same vlan, second server is able to send data to clients.
    So we understood that multicast routing needs to be enabled in L3 switch.
    Switch Model: 3550
    IOS version: 12.1(19)EA1a
    Any help in configuration required for this.........
    Regards
    SKRAO

    Hi Skrao,
    Does your client vlan and server vlan exist on same layer 3 switch if yes then perform this config and it should work..
    On global config mode
    ip multicast-routing distributed
    On interface vlan config (for both client vlan and server vlan)
    ip pim sparse-dense-mode
    You can very well fine tune later.Try this and update if it worked.
    HTH
    Ankur

  • Please help me in configuring a router!

    Hi! I have to configure a new router with a static route. No routing protocol will be used. Since, I'm a budding Network aspirant i do not know much about things. My senior Network Engineer has asked me to configure this router. There's an apartment where our Overseas employees stay, earlier this apartment had a broadband connection which was further divided through the APs(Cisco Wireless Access Points) and made usable to around 20 users. Now, they have bought in their own lease line and I have to configure this router. Please help me doing this as I'm not aware of anything else apart from what I have written here. Thanks a ton in advance!

    Hello,
    You should provide some info so that people can figure out what do you want to do. For example, what kind of leased-line is it? L2 or L3? Is it like a cable connecting two sites from your company or is there any router in between from your leased-line provider...?
    For what you say, the easiest thing would be to configure a default route to the other end of the leased line and voilà.
    Otherwise, you can always ask your senior Network Engineer to configure it (him/her)self or ask for help to him/her.
    Regards,
    Reg.

  • Ip SLA failover config not working need help urgent cisco 2911 K9 router

    Hi,
    I am setting up failover wan for one of my cient and seems everything i have configured correctly but its not working. For track i am using google DNS ip 8.8.8.8 and 8.8.4.4 where if i ping 8.8.8.8 from router it pings but not 8.8.4.4. I I think because 8.8.4.4 no pinging so router does not jump if primary gigabitethernet0/0 down.
    Not sure what i am doing wrong. Please find below config details:
    -------------------------------------------config-----
    username admin privilege 15 password 7 XXXXX
    redundancy
    track 10 ip sla 1 reachability
     delay down 5 up 5
    track 20 ip sla 2 reachability
     delay down 5 up 5
    interface GigabitEthernet0/0
     ip address 122.160.79.18 255.0.0.0
     ip nat outside
     ip virtual-reassembly
     duplex auto
     speed auto
    interface GigabitEthernet0/1
     ip address 182.71.34.71 255.255.255.248
    ip nat outside
     ip virtual-reassembly
     duplex auto
     speed auto
    interface GigabitEthernet0/2
     description $ES_LAN$
     ip address 200.200.201.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly
     duplex auto
     speed auto
    ip forward-protocol nd
    no ip http server
    no ip http secure-server
    ip nat inside source route-map giga0 interface GigabitEthernet0/0 overload
    ip nat inside source route-map giga0 interface GigabitEthernet0/0 overload
    ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 track 10
    ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 track 20
    ip route 8.8.4.4 255.255.255.255 GigabitEthernet0/1 permanent
    ip route 8.8.8.8 255.255.255.255 GigabitEthernet0/0 permanent
    ip sla 1  
     icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0
     frequency 10
    ip sla schedule 1 life forever start-time now
    ip sla 2  
     icmp-echo 8.8.4.4 source-interface GigabitEthernet0/1
     frequency 10
    ip sla schedule 2 life forever start-time now
    access-list 100 permit ip any any
    access-list 101 permit ip any any
    route-map giga0 permit 10
     match ip address 100
     match interface GigabitEthernet0/0
    route-map giga1 permit 10
     match ip address 101
     match interface GigabitEthernet0/1
    control-plane
    ------------------------------------------config end

    Hello,
    as Richard Burts state correct the nat configuration is not right. But the ICMP echo request for the IP SLA is traffic, which is generated from the router with a source-interface specified. There shouldn't be any NAT operation at all, or? Iam using IP SLA  for two WAN connections too, but I can't recall  ever seen an entry for the icmp operation in the output of sh ip nat trans.
    To me the static route configuration looks wrong too. As far as I remember it's necessary to specify a next-hop address (Subnet/mask via x.x.x.x) on Multiple Access Broadcast Networks like ethernet, otherwise the Subnet appears as directly connected on the routing table. The configuration "ip route subnet mask <outgoing interface> only works correct for p2p links. With the configuration above i would say there is no routing at all possible except for "real" direct attached networks. Vibs said it's possible to reach the google dns 8.8.8.8 but not the second one 8.8.4.4. I verified that 8.8.4.4 usually answers to ICMP echo-request.
    My guess is that the next hop for the gig 0/0 interface has proxy arp enabled but the next hop for the gig0/1 interface hasn't proxy arp turned on.
    kind regards
    Lukasz

  • 2911 router - Netflow V5 through GRE Tunnels

    Hi All,
    Does the 2911 router support the ability for Netflow V5 to pass through GRE tunnels? I can't seem to find any documentation that indicates this.
    Thanks,
    Gurjinder

    If you are going to use a GRE tunnel as the flow export interface from the router exporting NetFlow, it will not work. Cisco bug IDs for this issue are CSCsk25481 and CSCef28662 and is applicable to both traditional and flexible NetFlow.
    To allow NetFlow export from a device through an encrypted tunnel on the same device, enable Flexible NetFlow and use the command output-features when configuring your flow exporter. That will allow NetFlow export over encrypted tunnels.
    Regards,
    Don Thomas Jacob
    http://www.solarwinds.com/netflow-traffic-analyzer.aspx
    NOTE: Please rate posts and close questions if you have found the answers helpful.

  • Need help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 8.2(1)

    Need urgent help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 - 8.2(1).
    The following is the Layout:
    There are two Leased Lines for Internet access - 1.1.1.1 & 2.2.2.2, the latter being the Standard Default route, the former one is for backup.
    I have been able to configure  Client to Site IPSec VPN
    1) With access from Outside to only the Internal Network (172.16.0.0/24) behind the asa
    2) With Split tunnel with simultaneous assess to internal LAN and Outside Internet.
    But I have not been able to make tradiotional Hairpinng model work in this scenario.
    I followed every possible sugestions made in this regard in many Discussion Topics but still no luck. Can someone please help me out here???
    Following is the Running-Conf with Normal Client to Site IPSec VPN configured with No internat Access:
    LIMITATION: Can't Boot into any other ios image for some unavoidable reason, must use 8.2(1)
    running-conf  --- Working  normal Client to Site VPN without internet access/split tunnel
    ASA Version 8.2(1)
    hostname ciscoasa
    domain-name cisco.campus.com
    enable password xxxxxxxxxxxxxx encrypted
    passwd xxxxxxxxxxxxxx encrypted
    names
    interface GigabitEthernet0/0
    nameif internet1-outside
    security-level 0
    ip address 1.1.1.1 255.255.255.240
    interface GigabitEthernet0/1
    nameif internet2-outside
    security-level 0
    ip address 2.2.2.2 255.255.255.224
    interface GigabitEthernet0/2
    nameif dmz-interface
    security-level 0
    ip address 10.0.1.1 255.255.255.0
    interface GigabitEthernet0/3
    nameif campus-lan
    security-level 0
    ip address 172.16.0.1 255.255.0.0
    interface Management0/0
    nameif CSC-MGMT
    security-level 100
    ip address 10.0.0.4 255.255.255.0
    boot system disk0:/asa821-k8.bin
    boot system disk0:/asa843-k8.bin
    ftp mode passive
    dns server-group DefaultDNS
    domain-name cisco.campus.com
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object-group network cmps-lan
    object-group network csc-ip
    object-group network www-inside
    object-group network www-outside
    object-group service tcp-80
    object-group service udp-53
    object-group service https
    object-group service pop3
    object-group service smtp
    object-group service tcp80
    object-group service http-s
    object-group service pop3-110
    object-group service smtp25
    object-group service udp53
    object-group service ssh
    object-group service tcp-port
    object-group service udp-port
    object-group service ftp
    object-group service ftp-data
    object-group network csc1-ip
    object-group service all-tcp-udp
    access-list INTERNET1-IN extended permit ip host 1.2.2.2 host 2.2.2.3
    access-list CSC-OUT extended permit ip host 10.0.0.5 any
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq www
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq https
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ssh
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ftp
    access-list CAMPUS-LAN extended permit udp 172.16.0.0 255.255.0.0 any eq domain
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq smtp
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq pop3
    access-list CAMPUS-LAN extended permit ip any any
    access-list csc-acl remark scan web and mail traffic
    access-list csc-acl extended permit tcp any any eq smtp
    access-list csc-acl extended permit tcp any any eq pop3
    access-list csc-acl remark scan web and mail traffic
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 993
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq imap4
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 465
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq www
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq https
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq smtp
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq pop3
    access-list INTERNET2-IN extended permit ip any host 1.1.1.2
    access-list nonat extended permit ip 172.16.0.0 255.255.0.0 172.16.0.0 255.255.0.0
    access-list DNS-inspect extended permit tcp any any eq domain
    access-list DNS-inspect extended permit udp any any eq domain
    access-list capin extended permit ip host 172.16.1.234 any
    access-list capin extended permit ip host 172.16.1.52 any
    access-list capin extended permit ip any host 172.16.1.52
    access-list capin extended permit ip host 172.16.0.82 host 172.16.0.61
    access-list capin extended permit ip host 172.16.0.61 host 172.16.0.82
    access-list capout extended permit ip host 2.2.2.2 any
    access-list capout extended permit ip any host 2.2.2.2
    access-list campus-lan_nat0_outbound extended permit ip 172.16.0.0 255.255.0.0 192.168.150.0 255.255.255.0
    pager lines 24
    logging enable
    logging buffered debugging
    logging asdm informational
    mtu internet1-outside 1500
    mtu internet2-outside 1500
    mtu dmz-interface 1500
    mtu campus-lan 1500
    mtu CSC-MGMT 1500
    ip local pool vpnpool1 192.168.150.2-192.168.150.250 mask 255.255.255.0
    ip verify reverse-path interface internet2-outside
    ip verify reverse-path interface dmz-interface
    ip verify reverse-path interface campus-lan
    ip verify reverse-path interface CSC-MGMT
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-621.bin
    no asdm history enable
    arp timeout 14400
    global (internet1-outside) 1 interface
    global (internet2-outside) 1 interface
    nat (campus-lan) 0 access-list campus-lan_nat0_outbound
    nat (campus-lan) 1 0.0.0.0 0.0.0.0
    nat (CSC-MGMT) 1 10.0.0.5 255.255.255.255
    static (CSC-MGMT,internet2-outside) 2.2.2.3 10.0.0.5 netmask 255.255.255.255
    access-group INTERNET2-IN in interface internet1-outside
    access-group INTERNET1-IN in interface internet2-outside
    access-group CAMPUS-LAN in interface campus-lan
    access-group CSC-OUT in interface CSC-MGMT
    route internet2-outside 0.0.0.0 0.0.0.0 2.2.2.5 1
    route internet1-outside 0.0.0.0 0.0.0.0 1.1.1.5 2
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication ssh console LOCAL
    aaa authentication enable console LOCAL
    http server enable
    http 10.0.0.2 255.255.255.255 CSC-MGMT
    http 10.0.0.8 255.255.255.255 CSC-MGMT
    http 1.2.2.2 255.255.255.255 internet2-outside
    http 1.2.2.2 255.255.255.255 internet1-outside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map internet2-outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map internet2-outside_map interface internet2-outside
    crypto ca trustpoint _SmartCallHome_ServerCA
    crl configure
    crypto ca certificate chain _SmartCallHome_ServerCA
    certificate ca xyzxyzxyzyxzxyzxyzxyzxxyzyxzyxzy
            a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as
      quit
    crypto isakmp enable internet2-outside
    crypto isakmp policy 10
    authentication pre-share
    encryption aes
    hash md5
    group 2
    lifetime 86400
    telnet 10.0.0.2 255.255.255.255 CSC-MGMT
    telnet 10.0.0.8 255.255.255.255 CSC-MGMT
    telnet timeout 5
    ssh 1.2.3.3 255.255.255.240 internet1-outside
    ssh 1.2.2.2 255.255.255.255 internet1-outside
    ssh 1.2.2.2 255.255.255.255 internet2-outside
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    group-policy VPN_TG_1 internal
    group-policy VPN_TG_1 attributes
    vpn-tunnel-protocol IPSec
    username ssochelpdesk password xxxxxxxxxxxxxx encrypted privilege 15
    username administrator password xxxxxxxxxxxxxx encrypted privilege 15
    username vpnuser1 password xxxxxxxxxxxxxx encrypted privilege 0
    username vpnuser1 attributes
    vpn-group-policy VPN_TG_1
    tunnel-group VPN_TG_1 type remote-access
    tunnel-group VPN_TG_1 general-attributes
    address-pool vpnpool1
    default-group-policy VPN_TG_1
    tunnel-group VPN_TG_1 ipsec-attributes
    pre-shared-key *
    class-map cmap-DNS
    match access-list DNS-inspect
    class-map csc-class
    match access-list csc-acl
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class csc-class
      csc fail-open
    class cmap-DNS
      inspect dns preset_dns_map
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum: y0y0y0y0y0y0y0y0y0y0y0y0y0y
    : end
    Neither Adding dynamic NAT for 192.168.150.0/24 on outside interface works, nor does the sysopt connection permit-vpn works
    Please tell what needs to be done here, to hairpin all the traffic to internet comming from VPN Clients.
    That is I need clients conected via VPN tunnel, when connected to internet, should have their IP's NAT'ted  against the internet2-outside interface address 2.2.2.2, as it happens for the Campus Clients (172.16.0.0/16)
    I'm not much conversant with everything involved in here, therefore please be elaborative in your replies. Please let me know if you need any more information regarding this setup to answer my query.
    Thanks & Regards
    maxs

    Hi Jouni,
    Thanks again for your help, got it working. Actually the problem was ASA needed some time after configuring to work properly ( ?????? ). I configured and tested several times within a short period, during the day and was not working initially, GUI packet tracer was showing some problems (IPSEC Spoof detected) and also there was this left out dns. Its working fine now.
    But my problem is not solved fully here.
    Does hairpinning model allow access to the campus LAN behind ASA also?. Coz the setup is working now as i needed, and I can access Internet with the NAT'ed ip address (outside-interface). So far so good. But now I cannot access the Campus LAN behind the asa.
    Here the packet tracer output for the traffic:
    packet-tracer output
    asa# packet-tracer input internet2-outside tcp 192.168.150.1 56482 172.16.1.249 22
    Phase: 1
    Type: ACCESS-LIST
    Subtype:
    Result: ALLOW
    Config:
    Implicit Rule
    Additional Information:
    MAC Access list
    Phase: 2
    Type: FLOW-LOOKUP
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Found no matching flow, creating a new flow
    Phase: 3
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   172.16.0.0      255.255.0.0     campus-lan
    Phase: 4
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   192.168.150.1   255.255.255.255 internet2-outside
    Phase: 5
    Type: ACCESS-LIST
    Subtype: log
    Result: ALLOW
    Config:
    access-group internnet1-in in interface internet2-outside
    access-list internnet1-in extended permit ip 192.168.150.0 255.255.255.0 any
    Additional Information:
    Phase: 6
    Type: IP-OPTIONS
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 7
    Type: CP-PUNT
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 8
    Type: VPN
    Subtype: ipsec-tunnel-flow
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 9
    Type: NAT-EXEMPT
    Subtype: rpf-check
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 10
    Type: NAT
    Subtype:     
    Result: DROP
    Config:
    nat (internet2-outside) 1 192.168.150.0 255.255.255.0
      match ip internet2-outside 192.168.150.0 255.255.255.0 campus-lan any
        dynamic translation to pool 1 (No matching global)
        translate_hits = 14, untranslate_hits = 0
    Additional Information:
    Result:
    input-interface: internet2-outside
    input-status: up
    input-line-status: up
    output-interface: internet2-outside
    output-status: up
    output-line-status: up
    Action: drop
    Drop-reason: (acl-drop) Flow is denied by configured rule
    The problem here as you can see is the Rule for dynamic nat that I added to make hairpin work at first place
    dynamic nat
    asa(config)#nat (internet2-outside) 1 192.168.150.0 255.255.255.0
    Is it possible to access both
    1)LAN behind ASA
    2)INTERNET via HAIRPINNING  
    simultaneously via a single tunnel-group?
    If it can be done, how do I do it. What changes do I need to make here to get simultaneous access to my LAN also?
    Thanks & Regards
    Abhijit

  • Can Anyone Help Me Configure My Verizon (D-Link) DSL-2750B "Traffic Shaping" (QoS)?

    Well ... I just spent a wonderful hour and a half (not) bouncing around VZ technical support, etc. trying to get assistance regarding configuring my DSL router.* Between the low-quality Skype connection to India and my lack of success, I'm a little bummed out right now.
    Could one of you perhaps help me? I'm trying to configure a single, wire-attached network node (port 4 of the router) so that it can only consume up to 320 Kbps of my 750 Kbps (7.5 Mbps) DSL bandwidth ... no matter what. This results from this node consuming virtually all of the circuit's bandwidth when streaming or during bulk file transfers.
    I have tried to remedy the problem using priority with no discernible impact.
    The Quality of Service (QoS) element called Traffic Shaping (Services | QoS | Traffic Shaping), described on Page 51 of the VZ DSL-2750B User Manual , appears to be the ideal solution to my problem. Repeated attempts at activating this QoS have all resulted in no throttling of bandwidth consumption.
    My most recent attempt was to define the device on Port 4 as the DMZ host ... and then apply a new rule (320 TX, 320 RX) to this interface. Again, no joy.
    Does anyone have any experience with this service on this router?
    Am I chasing my tail trying to configure the router without validating that my circuit is not configured with "Fastpath (PSE) inactive"?
    If the circuit configuration is a potential problem, which office should I ask for at VZ customer service?
    Here is the information from the System page of the Router Control Panel:
      Gateway ID: PX2M1BC000000
      Software Version: 5.4.12.1.44
      Release Date: Feb 19 2012
      Platform: D-Link DSL-2750B
      Board Tag:... Ntag-5_4_12_1_44
      Compilation Flags:... LIC=/home/bat/bat/dlink_bcm96328_5_4_12_1/20120219_1343/conf/jpkg_bcm9636x_dlink.lic CONFIG_RG_PROD_IMG=y DIST=DLINK_DSL2750B
    I'll note that the Router provides a notification that "RX QOS might not operate when Fastpath (PSE) is active" when I update the router configuration page concerning Traffic Shaping. Because Fastpath is not mentioned in the User Manual, I'm guessing that Fastpath (PSE) might be a configurable attribute of the circuit servicing my PoP, but I have no idea if this is the case.
    I searched for relevant messages on this board ... without success. If this has already been addressed, please provide a link, and accept my apologies. (My Google-Fu tends to be weak.)

    The asterisk in the first post refers to the following summary of events:
    10:40 - Attempt to solve my configuration question using VZ chat begins.
    10:49 - VZ chat agent Danish refers me to phone support.  (Chat ID number is 020813176471 if you're with VZ and are interested.)
    10:50 - Call VZ phone support.
    11:02 - Talk with Angel.  Because she has not heard of, nor received training in, "traffic shaping," she says my question about configuring this VZ DSL modem must be addressed by "Premium Technical Support."  She transfers me.
    11:13 - Talk with Pamela.  Premium Technical Support only responds to questions about 3d party products.  Because my question concerns a VZ DSL modem, Basic Technical Support is responsible.  She transfers me.
    11:17 - Talk with Joe.  He says either the vendor (D-Link) or premium technical support is required.  Because I had already tried with D-Link (they referred me to Verizon, as this modem was built exclusively for VZ), I explained what I had already experienced, and described how I wanted "assistance configuring my VZ DSL modem, specifically a feature described on page 51 of the User Manual."  He transfers me.
    11:23 - The automated phone system asks for my 12-digit customer ID.  I wasn't able to find it fast enough, and rolled through to Financial Services.  Eventually Trig picked up, listened to my story, and transferred me to "Technical Support" providing the direct dial number, just in case (866.945.79xx).
    11:32 - Entered the phone queue.  Lots of hissing and clicks.
    11:35 - Talk with Monika.  (The voice clarity from this point onward was on the order of 1st-generation Skype.  Between the horrible language problem -- Monika is in India don'cha know -- and the lousy line quality, this was the most frustrating.)  No matter what I said, I couldn't convey the reason for my call.  I asked to talk with a supervisor, which Monika related was not possible.  She also related that she could not transfer me to an American POC or supervisor.
    12:01 - Hung up the phone ... and started down the path that led to my post immediately above.
    I was repeatedly queried about the account name and number throughout the process.  Conveying this information was especially challenging during the Indian call segment.

  • I have a PC and a need help to configure my external hard disk on my network. Thanks

    I have a PC and a need help to configure my external hard disk on my network. Thanks

    If you mean you wish to plug a USB drive into the Airport Extreme router (or TC not express) that is easy..
    The disk must be formatted FAT32.. as if.. stay away from FAT .. or HFS+ ie Mac OS extended Journaled.
    Format the disk on a Mac is best.. and even use GUID partition scheme not MBR.
    The PC has no issue writing and reading files because this is a network drive.. The PC does not write to the drive.. it writes files to the Airport OS which writes and reads the disk and passes the info using standard windows SMB.. To the windows computer it will be a Windows NT server.. FAT32 setup.
    If your setup is different.. to my hugely guessed assumptions.. give details.. always helps to have.. make and model.
    Make and model of disk.. make and model of router.. how the setup will be done.. what windows OS you run.. etc etc.
    As it stands your question could have nothing to do with apple at all.. other than you posted in a forum so I guess there is something apple in there somewhere.

  • Airport extreme software will not install on vista, how can i still configure the router?

    airport extreme software will not install on vista, how can i still configure the router?  Trying to help someone with vista get an airpot extreme configured.  10.0.1.1 does not work, the software will not install correctly on their vista machine.  How can I get into the base tation and lock it down?

    Hi - Vista can be tricky - I need more info to see if I can be of some help - first, is the Vista machine a desktop or a laptop and is it fully up to date with Windows Update (sp2 or higher)? - next, are you trying to install Airport Utility version 5.5.3 which is the correct one for Vista? - and finally, what do you mean "it will not install" - what kind of error messages or evidence are you getting?

  • I have a cisco-linksys e2500 router. Can someone help me reconfigure my router, please?

    It says I cannot reconfigure my router to MAC OS X 10.9.4 but it can do so with a MAC OS X 10.5.8, MAC OS X 10.6.1, and/or a MAC OS X 10.7 or later operating system. How is it even possible that my MAC OS X 10.9.4 is later than MAC OS X 10.7 model but unable to configure the router?
    Can anyone help me with my dilemma?

    NicoleDianneAgnes wrote:
    ...  I haven't yet gotten rid of the old computer, ...
    That is good News...
    From your OLD computer...
    Copy your ENTIRE iTunes FOLDER to an External Drive... and then from the External Drive to your New Computer..
    Full Details Here  >  http://support.apple.com/kb/HT1751
    Also... Have a look at these 2 Videos...
    http://macmost.com/moving-your-itunes-library.html
    http://macmost.com/moving-your-itunes-media-to-an-external-drive.html

  • Need Help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect

    Hi All,
    I need help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect
    2811 having C2800NM-ADVIPSERVICESK9-M
    2811 router connects to the Internet SW then connects to the Internet router.
    Note- For Authentication am using the Device ID & Pre share key. I am worried as all user traffic goes with PAT and not firing up my tunnel for port 80 traffic. Can you please suggest what can be the issue ?
    Below is router config for VPN & NAT
    crypto keyring ISR_Keyring
      pre-shared-key hostname vpn.websense.net key 2c22524d554556442d222d565f545246
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp keepalive 10
    crypto isakmp profile isa-profile
       keyring ISR_Keyring
       self-identity user-fqdn [email protected]
       match identity user vpn-proxy.websense.net
    crypto ipsec transform-set ESP-NULL-SHA esp-null esp-sha-hmac
    crypto map GUEST_WEB_FILTER 10 ipsec-isakmp
    set peer vpn.websense.net dynamic
    set transform-set ESP-NULL-SHA
    set isakmp-profile isa-profile
    match address 101
    interface FastEthernet0/1
    description connected to Internet
    ip address 216.222.208.101 255.255.255.128
    ip access-group HVAC_Public in
    ip nat outside
    ip virtual-reassembly
    duplex full
    speed 100
    no cdp enable
    crypto map GUEST_WEB_FILTER
    access-list 101 permit tcp 192.168.8.0 0.0.3.255 any eq www
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.187 log
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.181 log
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.182 log
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.216.0 0.0.1.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 116.50.56.0 0.0.7.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.220.0 0.0.3.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 103.1.196.0 0.0.3.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 177.39.96.0 0.0.3.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 196.216.238.0 0.0.1.255
    access-list 103 permit ip 192.168.8.0 0.0.3.255 any
    ip nat pool mypool 216.222.208.101 216.222.208.101 netmask 255.255.255.128
    ip nat inside source list 103 interface FastEthernet0/1 overload
    ip nat inside source route-map nonat pool mypool overload

    How does Websense expect your source IPs in the tunnel? 192.168.8.0 0.0.3.255 or PAT'ed 216.222.208.101 ?
    Check
    show crypto isakmp sa
    show crypto ipsec sa
    show crypto session
    You'd better remove the preshared key from your post.

  • Please help me configure authentic connection with Caller ID via ISDN 30B+D using Cisco ACS

    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin-top:0in;
    mso-para-margin-right:0in;
    mso-para-margin-bottom:10.0pt;
    mso-para-margin-left:0in;
    line-height:115%;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;}
    Hi all
    I have set up a dial up connection between to PC's at remote site and center. It using ISDN 30B+D which is configured on Router 3845. Currently I have configured authentic connection with username and password using Cisco ACS. To enhance the security configuration I want to authenticate both the phone number which dialup with Cisco ACS. And currently I have not done this. Please help me solve this problem.
    Thanks so much
    Longn

    1) I deleted bridge-utils, netcfg
    2) I edited /etc/hostapd/hostapd.conf:
    interface=wlan0
    #bridge=br0
    edited /etc/dnsmasq.conf:
    interface=wlan0
    dhcp-range=192.168.0.2,192.168.0.255,255.255.255.0,24h
    and edited /etc/rc.local:
    ifconfig wlan0 192.168.0.1 netmask 255.255.255.0
    ifconfig wlan0 up
    3) I added in autostart these daemons: hostapd, dnsmasq and iptables.
    Profit!

  • Cisco 2911 router interface hangs

    dears,
    Please note that the LAN interface (GigabitEthernet0/2) on our 2911 router is hanging. the interface stays up/up but is not reachable and stops passing traffic. the issue is temporary resolved after putting the interface in default configuration and reapplying back the configuration.
    shut/no shut and router reload does not resolve the issue.
    interface GigabitEthernet0/2
     description connected to LAN
     ip address 10.1.184.2 255.255.255.0
     ip nat inside
     ip inspect mea in
     ip virtual-reassembly in
     standby 1 ip 10.1.184.1
     standby 1 priority 110
     standby 1 preempt
     standby 1 track 100 decrement 50
     load-interval 30
     duplex auto
     speed auto
    IOS used: c2900-universalk9-mz.SPA.151-4.M8.bin
    Please advise.
    thank you in advance.

    Hi Richard.
    Normal interface state.
    Gi 0/0 UP
    GI 0/1 Admin Down
    Gi 0/2 Admin Down
    Fast 0/0/0 Up
    Fast 0/0/1 Up
    The routers works normally , lines ok, and devices attached ok, without any reason, no problems in lines  PtP  , no power problems, lost the connectivity, the only way to restore the connectivity is with a router reset.
    The Gi 0/0 connect to the LAN local:
    GigabitEthernet0/0 is up, line protocol is up
    Hardware is CN Gigabit Ethernet, address is 4c00.827f.3de0 (bia 4c00.827f.3de0)
    Description: "LAN LOCAL"
    Internet address is
    MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Full Duplex, 100Mbps, media type is RJ45
    output flow-control is unsupported, input flow-control is unsupported
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:00, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 564000 bits/sec, 98 packets/sec
    5 minute output rate 303000 bits/sec, 75 packets/sec
    2120530 packets input, 802569322 bytes, 0 no buffer
    Received 19268 broadcasts (0 IP multicasts)
    0 runts, 0 giants, 0 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
    0 watchdog, 1277 multicast, 0 pause input
    2304826 packets output, 1883365124 bytes, 0 underruns
    0 output errors, 0 collisions, 2 interface resets
    845 unknown protocol drops
    0 babbles, 0 late collision, 0 deferred
    1 lost carrier, 0 no carrier, 0 pause output
    0 output buffer failures, 0 output buffers swapped out
    And the device conected to this interface is a WS-C3750X-24P (with this example, i have the problem in four routers), with a cat5e wired, no problems was reported in the ws-C3750X-24P.
     In my case when the router is reset, recovered the normal operation
    More input:
    Cisco CISCO2911/K9 (revision 1.0) with 483328K/40960K bytes of memory.
    Processor board ID FCZ17397055
    4 FastEthernet interfaces
    3 Gigabit Ethernet interfaces
    1 terminal line
    DRAM configuration is 64 bits wide with parity enabled.
    255K bytes of non-volatile configuration memory.
    250880K bytes of ATA System CompactFlash 0 (Read/Write)
    System image file is "flash0:c2900-universalk9-mz.SPA.152-1.T4.bin"
    Thanks in advance.
    David.

  • Need help regarding Cisco 1841 Router

    hello everyone , i am need of help regarding configuring of   FE 0/1 port. our company have a cisco 1841 router. The serial 0/0/0 is connected with VSAT for internet. The FE 0/0 is connected to switch(LAN) through which net connectivity is provided to all users. Recently a new VSAT has been installed at our site,with different IP series. So every time we want to switch between the two net connectivity we need to change the entire IP configuration of all users, which in turn prohibits the users from accessing the printers,data servers etc which are been set to our existing IP series. So, my idea was to configure the FE 0/1, so that just by changing the DNS will help us providing internet along with all other devices without changing the entire IP series. The new VSAT modem has a lan cable which can be connected to FE 0/1. Can any one help out in solving the problem. Our existing IP series is 192.168.3.1..... and the new VSAT series is 10.205.74.1......

    Bao
    Do I understand correctly that you will have 20 remote users who will telnet to the 2511 and from the 2511 will use reverse telnet to access the console of router1, router2, router3, etc which have their console ports connected to async ports of the 2511? If that understanding is correct then the firewall only needs to open TCP port 23 for telnet. The other ports (2001, 2002, etc) are between the 2511 and router1, router2, etc and will not be seen by the firewall. If my understanding is not correct then please clarify.
    I do not believe that you will find an image for the 2500 that supports SSH.
    HTH
    Rick

Maybe you are looking for

  • How I can change my country in Mac App Store when I have a $0.66 that I can't spend it on anything

    I have $0.66 in the US Mac App Store and I want to change my country to Canada. Unfortunately MAS keeps telling me that I want to spend all the money in my account before I can change my country. Please help

  • BAPI_BUPR_RELATIONSHIP_CREATE ??

    Hello experts , I need to upload the data to BP transaction using bapi BAPI_BUPR_RELATIONSHIP_CREATE. I have some fields like department telephone extension fax email which also needs to be uploaded . But these feilds are not there in IMPORT PARAMETE

  • Prevent WiFi from Connecting

    I'm trying to figure out how I to get a Mac running OS X 10.9, with iCloud Keychain enabled, to *not* automatically connect to WiFi, even if the WiFi radio is turned on and a known network is reachable. The lack of a simple 'disconnect' feature in OS

  • Set env var(FORMS_PATH) in default.env

    Thanks in advance to all: My question is: Can I set var FORMS_PATH in Linux environment as: FORMS_PATH=/u01/oracle/ora_midtier/forms: FORMS_PATH=$FORMS_PATH:/Forms10g/Source_Appl/Web/Menu or in different way (%FORRRXXXX%) Thanks again

  • SA_MAGIC header corrupt on ZFS causing kernel panic in S11.1 SRU5.5

    I have a number of Sun Fire x4500s and x4540s running S11.1 SRU5.5. One of the x4540s has recently started kernel panicking within minutes of powering on and sharing its file systems over NFS (it provides user directories for a computing cluster). If