How to configure SRST on Cisco 3825

Similar Messages

• How to configure an external Cisco MDS 9124 Switch

  I have worked with some other Fibre switches before but not Cisco and was wondering if someone can pass me some quick info on how to configure the MDS 9124. I saw the Quick Guide and it briefly talked about config, but do I have to go thru hyperterminal to do the initial IP config? Is there a default one already I can use to get to the WebGUI. Some of the ones I worked with (like the ones that come with the Bladecenter) have a default IP, where I can enter the IP into the web browser and access the GUI right away and start doing configs.
  With the MDS 9124, can I do this? Or do I have to configure IP thru hyperterminal and then install Fabric Manager etc.
  Thanks in advance for any help!

  I assume that you actually read the guide:
  http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/hw/9124/quick/quide/9124QSG.html
  Setup of the network is pretty clear. If the switch is brand new, you have to give it an IP address. Generally just follow the dotted line and don't vary except if you know what you are doing.
  Once its on the network, DM and FM can do the rest.
  The 9124e's don't have serial ports so the OA looks after that for you.

• How to configure VPN with Cisco ASA 5505 behind Actiontec MI424WR

  I'm trying to test my Cisco VPN client from my workplace to my home where I have a Cisco ASA 5505 (VPN server) behind the Actiontec MI424WR.  I'm able to Ping the Actiontec external IP.  I also have Port Forwarding for IKE and IPSec configured on the Actiontec, but I cannot establish the VPN connection.
  What do I need to configure on the Actiontec to make this work?
  Also, when I test this at home, the MI424WR acts as the DHCP server for my laptop and the Cisco outside interface.  At home, I'm able to establish the VPN connection from my laptop to the ASA, allowing me to see a shared drive behind the ASA.  However, at home, I cannot go to the Internet while using the VPN client.
  Thanks for any help.
  Steve
  Solved!
  Go to Solution.

  http://www.dslreports.com/faq/verizonfios/3.0_Networking
  those are the best sample config's and resources on how to set the FiOS network
  Bridging is possible but difficult.  That link will give you great info on it.
  Are you a FiOS customer that has phone/internet/tv
  or no tv?   or no phone?    You have to be careful on your configuration or you might lose some TV features and functionality, like the Interactive Program Guide, or the VOD or the Widgets.
  Sorry the Portforwarding wasn't enough to resolve your issue, I am not sure that it's a Actiontec config you are looking for, from my understanding of Cisco's and FiOS it may be something behind the cisco that is causing an issue.  You may want to reach out to the Cisco admin that manages that, and find out if there are additional ports that are required and then you can come back and configure those ports too.

• How to configure SSL on Cisco Load Balancer

  I want to configure SSL termination on cisco LB. i just want to know is there any license required for this deployment ? please share me some configuration steps to deploy the SSL.
  Thanks
  Irfan Hussain

  Check the following basic ssl config
  http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Configuration_Examples_--_SSL_Configuration_Examples
  I think you do get a little of ssl resource without a license.
  Gilles.

• How to configure SGE2000P with CISCO 7900 phones and data VLAN

  Hello all
  I am having problem setting up SGE2000P switches to work with my default data VLAN and additional voice VLAN. I am configuring it to pick IP address for phones from voice VLAN which is working fine but when I connect a PC on phone port it is also picking up an IP from Voice VLAN while default VLAN is data with different scope of IP.
  Is there any good discussion or documents out there to help me resolve this issue before I pack these switches and purchase ESW 500 series. I have ESW 500 at another client and they are working fine out of the box but this guy is giving me hard time.
  Any suggestions help will be appreciated
  Mo

  HI Muhammed,
  I suggest you contact the Small Business Support Center for some help:
  http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
  Regards,
  Cindy Toy
  Cisco Small Business Community Manager
  for Cisco Small Business Products
  www.cisco.com/go/smallbizsupport
  twitter: CiscoSBsupport

• How to configure one dsl connection and one public ip in cisco router and map to one interface for using exchange server

  how to configure one dsl connection and one public ip in cisco router and map to one interface for using exchange server

  Hi ,
   Have you got any additional public IP Address from your service provider , If yes on router you can have static route for those additional IP Address pointing to your ASA  outside interface . 
  Accordingly you can configure NAT 
  HTH
  Sandy . 

• How can i configure hsrp in cisco 3850 switch please guide me

  how can i configure hsrp in cisco 3850 switch please guide me

  Hi Mauleshg,
  Please the below mention link to configure Hsrp hope this will help you.
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/ip/configuration_guide/b_fhrp_3se_3850_cg/b_fhrp_3se_3850_cg_chapter_010.html
  Br.
  Mohseen Patel

• How to configure Cisco Airespace in Cisco Secure ACS v5.3

  Need some help regarding Cisco Airespace configuration in Cisco Secure ACS v5.3. We're migrating to ACS v5.3 but we're encountering an issue with
  Cisco Airespace. It is only working on ACS4.1 but when we tried to move it to Cisco Secure ACS v5.3, it is not working.

  Ok, we have a legacy Cisco wireless devices called Cisco Airespace and this device is the result of Cisco acquisition of Airespace Wireless Network in 2005. Cisco improve this technology and make it a perfect device for WLAN. Going back to my issue, as I mention we have this device and it is working in our older version of ACS (4.x). Since we have now a latest version of ACS which is 5.3. We wanted to migrate all the device into our latest version of ACS including older version (Airespace). Since this is an older device, I'm thinking that the VSA attributes needs to manually added and create Policy and Access Service specific to Cisco Airespace. I've attached the Dictionaries attributed that I've added and needs some advise if I got the correct value for below item
  Airespace-WLAN-Id
  Airespace-QoS-Level
  Airespace-DSCP
  Airespace-802.1p-Tag
  Airespace-Interface-Name
  Airespace-ACL-Name
  Below link is the configuration guide for Cisco Airespace under ACS 4.x
  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080891919.shtml

• Cisco NAC: How to configure the NGS as Radius Server & NAC Manager as Raidus Clients !!!

  Hi,
  Kindly let me know that how to configure the NGS (Version 2.0.3) as a Radius Server while NAC Manager (Version 4.8.2) as a Radius Client...
  Moreover,
  1) I want to Create the two User Roles (Guest1 & Guest2) on NGS.
  2) When sponsor will create the users, user will belong to either of roles.
  3) NAC Manager will have an authentication provider (Radius) with the default Role "Deny Role" but users belongs to "User Role = or Group = Guest1" will fall into "Guest1" Role while User Role = or Group = Guest2" will fall into "Guest2" Role.
  I need an assistance to configure this scenario....
  Please advise me.
  BR,
  Mubasher Sultan

  Hi,
  Any idea or suggestion...
  BR,
  Mubasher Sultan

• Help or ideas how to configure two cisco 1230 ap-s acting like bridges

  Hello ya´ll
  Need help with configuration of two cisco 1230 ap-s, which are acting as bridges today. Idea is to configure an 4506 (EIGRP) with two new VLAN-s, "hide"  those in 2 VRF-s and send those thru one of the ap-s via radio link (a). Distance between is about 700 feet. On the other side an 3560 is acting as L3 device so VRF is needed on 3560 to. Post your thoughts and ideas. Thank´s in advance.

  Hi Bernard,
  If you have WCS, you can use templates to synchronize your configurations on the WLCs.
  Another possibility is you can upload your current configuration from your production WLC, and then open up the configuration file and edit the IP addresses to give new addresses to the new WLC. You will also want to change the system name to be unique as well. You can then download this config onto the new WLC, as long as the IP addresses and system name are different it should not interfere with your current WLC.
  To have the WLCs operate together properly, you will want to make sure they are defined in a mobility group, see the following for instructions:
  http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mobil.html
  -Patrick Croak
  Wireless TAC

• Cisco 3825 as a EZ VPN Server

  I have a Cisco 3825 setup as a EZ VPN Server. I can connect and authenticate to it but I can't pass traffic (at least that's what it seems like).
  My internal network is 192.168.111.x and my VPN pool is 10.13.0.x. I am succesfully assigned an IP from that pool when I authenticate with the Cisco client.
  Here is my Group part of my config with my domain name pulled out:
  crypto isakmp client configuration group SRC
  key "whatever"
  dns 192.168.111.221 192.168.111.220
  wins 192.168.111.221
  domain domain.com
  pool SDM_POOL_1
  acl 106
  split-dns domain.com
  netmask 255.255.255.0
  And here is my ACL:
  access-list 106 remark VPN ACL
  access-list 106 permit ip 192.168.111.0 0.0.0.255 any
  access-list 106 permit icmp any any
  Also, just in case it helps, the interface that I am terminating on is a loopback. My external interface has an IP that my ISP will not route so I NAT'd one of my public IP's to the Loopback.
  Please let me know if you need more info and I'll be happy to give it to you.
  I know I'm close, just one last thing to tweak. Thanks for all the help!

  I just found this link with a quick search:
  PIX/ASA 7.x: Allow Split Tunneling for VPN Clients on the ASA Configuration Example
  <http://www.cisco.com/en/US/customer/products/ps6120/prod_configuration_examples_list.html>
  Links for more examples:
  http://www.cisco.com/en/US/customer/products/ps6120/prod_configuration_examples_list.html
  Do you plan on using SSL VPN or Cisco IPSEC VPN Client? SSL VPN client can auto-deploy to any non-Vista Windows machine (does not yet support Vista to my knowledge). If remote users have Vista, you'll need to use VPN Client software installed on their machines. Also consider how you will do authentication...do you require two-factor, or pointing ASA to a Cisco Secure ACS server, or perhaps pointing to Windows Active Directory for authentication? Lots of possibilities...

• Cisco 3825 + vwic2-2mft-t1/e1

  hi,
  I have Cisco 3825 router with software version c3825-spservicesk9-mz.124-11.T3.bin. In HWIC0 slot is vwic-2mft-e1 card and it works fine; in HWIC1 slot I've added vwic2-2mft-t1/e1 card, but I can't configure it. Command: card type doesn't exist. More info: I have 2 x PVDM 64 and "show diag" shows VWIC2 in slot.
  Any ideas how to make it works?
  TIA
  regards,
  pklos

  hi,
  sorry for delay. We solved this strange problem with this steps:
  1. I put new VWIC2 card in HWIC0 slot (old VWIC card was not in the router)
  2. command "card type" appeared, so I did card type e1 0 0
  3. I put old VWIC card in HWIC0 and new VWIC2 in HWIC1 and this time router recognized new card.
  regards,
  pk

• How to do it in CISCO

  I have the following setup:
  Private network <-> SW <-> CISCO VPN <-> ISP MODEM
  I have configured VPN part and is working correctly. I have a computer in the private network at static address 192.168.1.100  and an application is running on it on 8100 tcp port for clients.
  Now I need to connect from the Internet to the application on 192.168.1.100 on port 8100.
  How to configure CISCO router to forward traffic coming in tcp port 8100 to machine 192.168.1.100??
  ISP Modem is going to handover all the traffic to CISCO device.
  Thank You

  Hi Karthik,
  I need this to work so that
  outside users should be able to access 192.168.1.100:8100 using http://PublicIP:8100 without using VPN at all
  And VPN users should be able to access using http://192.168.1.100:8100
  I am new to CISCO and committed to setup this for a customer. I got the VPN configured correctly by reading help. If I can do this last configuration, I am saved.
  Thank you for your time
  My Router Configuration Follows
  sh run
  Building configuration...
  Current configuration : 5416 bytes
  ! Last configuration change at 17:58:55 CSTime Mon Aug 20 2012 by csi
  ! NVRAM config last updated at 17:58:24 CSTime Mon Aug 20 2012 by csi
  version 15.0
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname Router
  boot-start-marker
  boot-end-marker
  logging buffered 51200 warnings
  enable secret 5 $1$KJWP$wujENW/75bJnnoUxGXYJE0
  aaa new-model
  aaa authentication login default local
  aaa authentication login vpn_xauth_ml_1 local
  aaa authentication login sslvpn local
  aaa authorization network vpn_group_ml_1 local
  aaa session-id common
  memory-size iomem 10
  clock timezone CSTime -6
  clock summer-time CSTime date Mar 11 2012 2:00 Nov 4 2012 2:00
  crypto pki trustpoint TP-self-signed-986700165
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-986700165
  revocation-check none
  rsakeypair TP-self-signed-986700165
  crypto pki certificate chain TP-self-signed-986700165
  certificate self-signed 01
    3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 39383637 30303136 35301E17 0D313230 38313631 38353134
    375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
    532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3938 36373030
    31363530 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
    A4AD22DF ECCB9372 C3E88024 318D7181 C2BE73E1 DB6F0B70 4A2781FF A0AB108D
    FEDD1EE5 C9C761A6 A9738299 684F25AC FC56F107 4FD43297 4D0D248B C431D0E2
    1A53D9B3 B0BCF9CF 7DF157FD 517594D0 B05FCD98 681D5A66 B48265FE BF353F47
    84FDA0C5 1A46E55D 40429810 B0A0D3A8 153FAD0A 78538AE0 657467FD FD44E6ED
    02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
    11041B30 19821750 69636179 756E652E 796F7572 646F6D61 696E2E63 6F6D301F
    0603551D 23041830 16801491 5CACBE40 0996DFCE 1B9C67C3 9316041C 40FB8130
    1D060355 1D0E0416 0414915C ACBE4009 96DFCE1B 9C67C393 16041C40 FB81300D
    06092A86 4886F70D 01010405 00038181 003F26CD 9FA486C5 F71250F6 FC7E44F8
    CC1C15AC 1364CCA1 2E23CACA D123F78B F4B933EB 73648D75 A2C0B17A 28FAAC18
    7CAAB60E 9E5A49C3 50217868 BEFA30F5 6F36A04B BE41FE65 7C684DB9 10320AA1
    77D0BBC4 7216C6F6 20564AE2 8F46A06B 85AED401 9DB59ABF 6B360531 153BA6E1
    ECBF1F55 D4AF489A 70276D39 D13AF574 C5
          quit
  ip source-route
  ip dhcp excluded-address 10.10.10.1
  ip dhcp excluded-address 192.168.1.1 192.168.1.25
  ip dhcp excluded-address 192.168.1.100
  ip dhcp excluded-address 192.168.1.222
  ip dhcp excluded-address 192.168.1.254
  ip dhcp pool ccp-pool
     import all
     network 10.10.10.0 255.255.255.248
     default-router 10.10.10.1
     lease 0 2
  ip dhcp pool Internal_Network
     network 192.168.1.0 255.255.255.0
     default-router 192.168.1.254
     dns-server 192.168.100.1
  ip cef
  ip domain name yourdomain.com
  ip name-server 192.168.100.1
  no ipv6 cef
  license udi pid CISCO881-K9 sn FTX1604828M
  username csi privilege 15 secret 5 $1$G4wK$PRgc9k9omH9X8s1u37lkh1
  username RemoteUser secret 5 $1$EWRQ$vPW7kG3jNhqwHTiL8IsBx0
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp policy 2
  encr 3des
  hash md5
  authentication pre-share
  group 2
  crypto isakmp client configuration group RemoteAccessSupport
  key Router_WWTP
  pool VPN-Pool
  acl VPN-Access-List
  crypto isakmp profile vpn-isakmp-profile-1
     match identity group RemoteAccessSupport
     client authentication list vpn_xauth_ml_1
     isakmp authorization list vpn_group_ml_1
     client configuration address respond
     virtual-template 2
  crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
  crypto ipsec profile VPN-Profile-1
  set transform-set encrypt-method-1
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  ip address 192.168.100.3 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  interface Virtual-Template2 type tunnel
  ip unnumbered FastEthernet0
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile VPN-Profile-1
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
  ip address 192.168.1.254 255.255.255.0
  no ip redirects
  no ip unreachables
  ip nat inside
  ip virtual-reassembly
  ip tcp adjust-mss 1452
  ip local pool VPN-Pool 192.168.1.101 192.168.1.150
  ip forward-protocol nd
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip nat inside source list 100 interface FastEthernet4 overload
  ip route 0.0.0.0 0.0.0.0 192.168.100.1
  ip access-list extended VPN-Access-List
  permit ip 192.168.1.0 0.0.0.255 any
  access-list 23 permit 10.10.10.0 0.0.0.7
  access-list 23 permit 192.168.1.0 0.0.0.255
  access-list 100 remark Used for Internet access to Internal N/W
  access-list 100 permit ip 192.168.1.0 0.0.0.255 any
  no cdp run
  control-plane
  banner motd ^C----------  Router VPN Router ----------^C
  line con 0
  exec-timeout 30 0
  logging synchronous
  no modem enable
  line aux 0
  line vty 0 4
  access-class 23 in
  privilege level 15
  password 7 124A50424A5E5550
  transport input telnet ssh
  scheduler max-task-time 5000
  end

• 2 ISPs with addresses /32 and PPtP Server onboard of Cisco 3825

  First of all, excuse me for my bad English, it's not my native language.
  A couple of years ago our company changed our central router Cisco 1841 with more powerfull 3825 ISR.
  Here is show ver
  Cisco IOS Software, 3800 Software (C3825-ADVENTERPRISEK9-M), Version 12.4(24)T7
  This Cisco 3825 contains 2 DIMMs - 256Mb and 512 Mb of RAM onboard.
  Now it works with 2 ISPs (take a glance on pdf picture http://www.intelcom-ug.ru/scheme.pdf or in the attached file). We're using the failover scheme, the ISP1 with statically assigned IP address 85.20.20.20/32 (Dialer 1)  is used as Backup link. The ISP2 L2TP link is main.
  Now our authorities organize the remote office with Cisco 1841. And we face with the problem, we cannot connect via PPtP from anywhere to the  85.20.20.20/32 (Dialer 1). And we need some help or advise. The config of Cisco 3825 is like this:
  version 12.4
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime localtime
  service password-encryption
  hostname CENTRAL-OFFICE
  boot-start-marker
  warm-reboot
  boot-end-marker
  security authentication failure rate 3 log
  logging message-counter syslog
  logging buffered 64000
  enable secret 5 HEREISTHESECRETPASSWORD
  aaa new-model
  aaa local authentication attempts max-fail 3
  aaa authentication login default local
  aaa authentication ppp default local
  aaa authentication ppp vpn-users local
  aaa authorization exec default local 
  aaa authorization exec vpn-users local 
  aaa authorization network vpn-users local 
  aaa session-id common
  clock timezone MSK 4
  ip source-route
  no ip gratuitous-arps
  ip cef
  no ip domain lookup
  ip domain name somewhere.net
  ip name-server 8.8.8.8
  no ipv6 cef
  multilink bundle-name authenticated
  vpdn enable
  vpdn-group 239
   accept-dialin
    protocol pptp
    virtual-template 100
  vpdn-group global
  ! Default L2TP VPDN group
  ! Default PPTP VPDN group
   accept-dialin
    protocol any
  password encryption aes
  voice-card 0
  username administrator privilege 15 password 7 737364645252414571
  username vpnuser password 7 85956353413120384645373930
  archive
   log config
    hidekeys
  ip tcp selective-ack
  ip tcp timestamp
  ip tcp synwait-time 5
  ip tcp path-mtu-discovery
  ip ssh version 2
  l2tp-class beeline
  pseudowire-class pw-beeline
   encapsulation l2tpv2
   protocol l2tpv2 beeline
  buffers tune automatic
  interface Loopback0
   ip address 10.111.111.111 255.255.255.255
  interface GigabitEthernet0/0
  descrition --Our Local Network--
   ip address 192.168.7.2 255.255.255.0
   ip nat inside
   ip virtual-reassembly
   duplex auto
   speed auto
   media-type rj45
  interface GigabitEthernet0/1
   description --Trunk Connection--
   no ip address
   duplex auto
   speed auto
   media-type rj45
  interface GigabitEthernet0/1.10
  description --Connection to ISP1 through vlan on our managed switch--
   encapsulation dot1Q 10
   pppoe enable group global
   pppoe-client dial-pool-number 2
  interface GigabitEthernet0/1.20
  description --Connection to ISP2 through vlan on our managed switch--
   encapsulation dot1Q 20
   ip address dhcp
   ip virtual-reassembly
  interface Virtual-PPP5
  description --Interface for ISP2--
   ip address negotiated
   no ip proxy-arp
   ip nat outside
   ip virtual-reassembly
   ip tcp adjust-mss 1380
   no peer neighbor-route
   no cdp enable
   ppp authentication chap callin
   ppp chap hostname 8282828282828
   ppp chap password 7 theSecretForISP2
   pseudowire 10.255.255.242 10 pw-class pw-beeline
  interface Virtual-Template100
  description --TEMPLATE for incoming PPtP connections of our users--
   ip unnumbered Dialer1
   autodetect encapsulation ppp
   peer default ip address pool for-vpn
   no keepalive
   ppp authentication ms-chap ms-chap-v2 vpn-users
   ppp authorization vpn-users
  interface Dialer1
  description --Interface for ISP1. PPPoE--
   bandwidth 10240
   ip address negotiated
   ip accounting output-packets
   ip nbar protocol-discovery
   ip nat outside
   ip virtual-reassembly
   encapsulation ppp
   ip tcp adjust-mss 1400
   load-interval 30
   dialer pool 2
   dialer-group 2
   no fair-queue
   ppp authentication chap callin
   ppp pap sent-username reteretere password 7 PasswordForISP1
  ip local policy route-map External_VPN
  ip local pool for-vpn 172.16.135.1 172.16.135.10
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 Dialer1 100 track 1
  ip route 0.0.0.0 0.0.0.0 Virtual-PPP5 track 2
  ip route 192.168.239.0 255.255.255.0 172.16.135.1 name C1841-Rossiyskaya70
  ip route 194.87.0.8 255.255.255.255 Dialer1
  ip route 194.87.0.9 255.255.255.255 Virtual-PPP5
  ip route 10.255.255.242 255.255.255.255 dhcp
  ip route 10.255.255.247 255.255.255.255 dhcp
  no ip http server
  no ip http secure-server
  ip nat inside source route-map Beeline interface Virtual-PPP5 overload
  ip nat inside source route-map UTK interface Dialer1 overload
  ! This access-list is for local Network proxy
  ip access-list standard fwd-squid
   permit 192.168.7.100
   permit 192.168.7.0 0.0.0.255
  ! This access-list is for ip local policy
  ip access-list extended External_VPN_access
   permit tcp host 85.20.20.20 eq 1723 any
   permit tcp host 85.20.20.20 eq 22 any
   permit tcp host 85.20.20.20 eq telnet any
   permit icmp host 85.20.20.20 any echo-reply
  track 1 ip sla 1 reachability
  ip sla 1
   icmp-echo 194.87.0.8 source-interface Dialer1
   timeout 7000
   threshold 100
   frequency 15
  ip sla schedule 1 life forever start-time now
  ip sla reaction-configuration 1 react timeout threshold-type immediate action-type triggerOnly
  track 2 ip sla 2 reachability
  ip sla 2
   icmp-echo 194.87.0.9 source-interface Virtual-PPP5
   timeout 7000
   threshold 400
   frequency 15
  ip sla schedule 2 life forever start-time now
  ip sla reaction-configuration 2 react timeout threshold-type immediate action-type triggerOnly
  access-list 1 remark --SNMP Watching--
  access-list 1 permit 192.168.7.0 0.0.0.255
  access-list 100 permit ip 192.168.7.0 0.0.0.255 any
  dialer-list 1 protocol ip permit
  dialer-list 2 protocol ip permit
  dialer-list 3 protocol ip permit
  route-map External_VPN permit 10
   match ip address External_VPN_access
   set default interface Dialer1
  route-map UTK permit 10
   match ip address 100
   match interface Dialer1
  route-map Beeline permit 10
   match ip address 100
   match interface Virtual-PPP5
  snmp-server community public RO 1
  control-plane
  line con 0
  line aux 0
  line vty 0 4
   exec-timeout 30 0
  line vty 5 15
  exception memory ignore overflow processor
  exception memory ignore overflow io
  scheduler allocate 20000 1000
  ntp update-calendar
  ntp peer 194.33.84.1
  event manager applet nat_clear_isp1 
   event track 1 state any
   action 1 wait 5
   action 2 cli command "enable"
   action 3 cli command "clear ip nat translation *"
  event manager applet nat_clear_isp2 
   event track 2 state any
   action 1 wait 5
   action 2 cli command "enable"
   action 3 cli command "clear ip nat translation *"
  end

  Okay, you are not going to be able to do this using the interconnect between the switch and the router. The issue is -
  1) if you make the interconnect a L2 trunk then you would have subinterfaces on the router interface connecting to the switch. But you cannot have multiple interfaces on the router configured from the same IP range so it won't work ie. you would need a subinterface using the same IP range as one of the other interfaces
  2) if you make the interconnect L3 as you have then you cannot route to the same subnet ie. think of it as two separate devices, a L3 switch and a router. You connect the L3 switch to the router using a L3 connection.
  On the switch you then configure a client with a public IP and on another interface on the router ie. not the interface used to connect to the switch, you use the same public IP range.
  You cannot then route from the client to that other interface because you don't route to the same IP subnet and the client and the other interface are separated by a different IP subnet.
  So neither will work. The L3 switch is usually used where you have multiple vlans/IP subnets and you create L3 vlan interfaces for these on the switch and then you route to other subnets that are reachable from the router, whether these are directly connected subnets or remote networks.
  But you aren't doing that.
  The only way i could see you doing what you need is to not configure the interconnect at all and instead run cables from the relevant router interfaces to the switch. Then you could configure vlans on the switch and have them route via the physical router interface.
  The switch is then only acting as a L2 switch and all L3 is done on the router.
  One thing i should say is i have never used the switch module this way so i can't guarantee it will work although i can't see why it wouldn't.
  Jon

• Don't know which technology to utilize or how to configure ASA5505

  I have an ASA5505.  Currently, it is using static NAT on several ports to forward traffic to several devices inside my network.  It is a pain not only to configure but from the end user side.
  The issue I am having is the applicatoins I am using to access the devices become a mess with dual configurations, one for when I am connected to the internal network and one for when I am away from the office and accessing from the internet.  For example, I have 2 Cisco VC240 IP Cameras behind the ASA5505.  One is set use port 9091 and the other 9092.  When I am inside the office, I access them via http://10.1.2.215:9091 and http://10.1.2.216:9092.  But when I am away from the office, I have to have another configuration in an Android app to use them, http://external_ASA_IP:9091 and 9092 and then NAT 9091 to the object for Camera1 and 9092 for Camera2.  This is only one scenario.  I also have a UC320W that I would like to put an IP phone at home and it sounds like AnyConnect is the only way to do this.
  It sounds like to me that if I use some type of VPN, I can access the same devices using the same IP whether internal or external with the external connection using the VPN to tunnel the IP to the local network.  There seems to be quite a few ways to do this with an ASA 5505.
  AnyConnect seems like the way to go but after reading Cisco documentation, it requires your Android device to be root'd if it is not a particular Samsung model.  If I understand correctly, root'ing your phone voids the warranty.  I know it is common practice but would think Cisco would have a better solution as I am sure Cisco would not want another manufacturer telling their customers to void the warranty on their Cisco equipment in order to get it to work.
  I believe I can just use IPSEC and use the native VPN of the Android OS and also tunnel L2TP as the Android supports IPSEC-PSK/L2TP or IPSEC-CRT/L2TP.  But will either of these will support the IP phone to the UC320W?
  A friend also told me to use NginX to proxy URL's so the URL http://www.fqdn.com/camera1 gets proxy'd to the internal IP of Camera1 and http://www.fqdn.com/camera2 gets proxy'd to Camera2.  He says I should be able to store a cookie on the phone and let the phone authenticate to the camera and if the phone cannot, the proxy can authenticate internally to the IP camera over SSL.
  I don't know anymore, I am so confused and just want to simplify my life as I am just a small business with me and a couple other employees but I have full-time job and it is not IT/Network Technician, it is only CTO/CEO/CIO/CFO.  I don't have hours upon hours to set this up and test and I don't have hours upon hours to manage it.  I just need to simplify this and have so that it is a set-it-and-forget-it for 6 months to 1 year and re-evaluate or update.  So, if someone suggests IPSEC, I would not know how to configure anyway and you should expect another post.  The same for AnyConnect or any of the other suggestions.
  Thanks in advance for any advice.

  Hi!
  1. Set Calculation Mode property of ITEM_5 to Formula.
  Formula property:
  nvl(:Block_Name.ITEM_1, 0) + nvl(:Block_Name.ITEM_2, 0) + nvl(:Block_Name.ITEM_3, 0) + nvl(:Block_Name.ITEM_4, 0)
  OR
  Function_Name(Param_1,... Param_N);
  Have in view of, that the ITEM_5 data will not be saved in DataBase.
  2. When-Validate-Item trigger is usfull when is necessary to store calculated item data in DataBase.
  Rename you Post-Query trigger to When-Validate-Item.
  Modify trigger: Store calculation result in the variable.
  (Don't forget to round variable value!)
  Then compare it with ITEM_5. If they are different - :ITEM_5 := var_name.
  I prefer the first method.