IPSEC or authentication between CE routers

Similar Messages

• IPSec tunnel between 2 routers

  Hello,
  i'm trying to configure an IPSec VPN tunnel between 2 Cisco routers connected to internet via ATM interface, my router is a 1841 with network address 10.200.36.0, the remote router is a Cisco 877 with network address 192.168.9.0.
  I tryied to follow some tutorials, without success because i still can't ping any IP address on the remote network and also the VPN tunnel is not up!
  May you please help me giving a configuration template, or maybe let me know how to configure it step by step on mine and remote router?
  Thank you very much!
  Regards
  Riccardo    

  Here is an example. x.x.x.x and y.y.y.y are the public IPs of the routers:
  hostname Router1
  crypto isakmp policy 10
    encr aes 256
    auth pre
    group 5
  crypto isakmp key cisco1234 address y.y.y.y
  crypto ipsec transform-set ESP-AES256-SHA1 esp-aes 256 esp-sha-hmac
  crypto ipsec profile TunnelProfile
    set transform ESP-AES256-SHA1
  interface Tunnel0
    ip address 10.255.255.0 255.255.255.254
    tunnel source Dialer 0
    tunnel destination y.y.y.y
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile TunnelProfile
  interface Dialer0
    ip address x.x.x.x
  ip route 192.168.9.0 255.255.255.0 Tunnel0
  hostname Router2
  crypto isakmp policy 10
    encr aes 256
    auth pre
    group 5
  crypto isakmp key cisco1234 address x.x.x.x
  crypto ipsec tranform-set ESP-AES256-SHA1 esp-aes 256 esp-sha-hmac
  crypto ipsec profile TunnelProfile
    set transform ESP-AES256-SHA1
  interface Tunnel0
    ip address 10.255.255.1 255.255.255.254
    tunnel source Dialer 0
    tunnel destination x.x.x.x
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile TunnelProfile
  interface Dialer0
    ip address y.y.y.y
  ip route 10.200.36.0 255.255.255.0 Tunnel0
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• Wi-fi bridge between two routers TP-LINK WR841ND (WDS).  HP 1536 dnf MFP connect to one of this routers (copper).  My Ipad or Iphone can't find HP 1536 dnf MFP (using Eprint). Ipad and iphone connect   to router across WiFi.

  Hello.
  I have wi-fi bridge between two routers TP-LINK WR841ND.
  The name of this technology - WDS.
  HP Laser JET 1536 dnf MFP connect to one of this routers (copper).
  Second device (my NETBOOK) connect to second router (WiFi).
  I have good communication between NETBOOK and HP Laser JET 1536 dnf MFP via WiFI-bridge.
  In usual case NETBOOK can find (and can Ping) network printer and make a print some files.
  But my Ipad or Iphone can't find HP Laser JET 1536 dnf MFP (using Eprint). Ipad and iphone connect
  to router across WiFi.
  Please, help!

  Are you using the ePrint Mobile App, the ePrint Printer Control App, or just trying to send an email to the printer's ePrint email address?
  Does AirPrint work?
  -------------How do I give Kudos? | How do I mark a post as Solved? --------------------------------------------------------

• The difference of the IEEE802.1x Auth between Cisco Routers and Catalyst switches

  Hello
  I am investigating the difference of the IEEE802.1x Auth between Routers and Switches.
  Basically dot1x auth is availlable on Catalyst Switches. however if I want to check to
  PortBased Multi-Auth , MAC address Auth and any certification Auth with this feature,
  Is it possible to integrate into Cisco Router such as Cisco 891F ?
  In my opinion Cisco891F is also available to use basic IEEE802.1x but if it compares with Catalyst switches such as Cat3560X
  I think there might be any unsupported feature on Cisco 891F.
  I appreciate any information. thank you very much in advance.
  Best Regards,
  Masanobu Hiyoshi

  Many time in interviews asked comaprison between cisco  routers and switches that i was answerless bcoz i dont have much knowledge about that.Can anyone provide me the compariosin sheet of the same.how are the cisco devices differ with each other how much Bandwidth each routres support and Etc...
  Ummmm ... The most common question I get is "what is the difference between a router and a switch".
  However, if you get a question like this, then my impression to this line of questioning are:
  1.  The candidate they are looking for has in-depth knowledge of routers and switches.  And I mean IN-DEPTH!;
  2.  They are not looking for a candidate.  They just want to stroke their ego.  There is not alot of people who can give you the "names and numbers" of routers and switches at a snap of a finger.  And if you do happen to know the answer, then and there, then expect a tougher follow-up question. 

• SSL authentication between business connectoe and other system

  Hi every1,
  One system has to be connected to SAP BC(Business connector). I want to know how to setup the connectivity between these two systems. Also I want to know how to handel the SSL authentication between these two systems with complete details for how to do this.
  Thankx in advance.
  Regards
  Karan

  Hi Karan,
  Find everything related to SAPBC at http://service.sap.com/connectors _> SAP business connector.
  For SSL check
  http://service.sap.com/connectors _> SAP business connector -> Tools and Services -> SSL Version.
  Regards
  Juan

• Setting up back-to-back async connection between 2 routers

  Hi,
  I am trying to setup a back-to-back async connection between 2 routers via the async serial interface. The connection between the two routers are via a smart serial to RS232 male(CAB-SS-232MT) cable connecting to another RS232 female to smart serial (CAB-SS-232FC) cable. What I am trying to do is to push the async data from one router (Router A) to another router (Router B).
  When I try to capture the async data from the async serial interface on the source router (Router A) while disconnecting the back-to-back connection from Router B, it is showing the correct data. The data capture is via the smart serial to RS232 male cable connecting to Router A, to a PC via hyperterminal. But however, when the back-to-back connection is connected and I try to do a reverse telnet at Router B opening up the port for the async interface on Router B, it seems to be showing incorrect data. I have confirmed that the speed and configurations on both routers are matched.
  Does it require to have two physical async modems in between both routers for signalling? Any experts who are familiar with such setups can advise on why the async data at Router B appear as incorrect with unreadable characters? Any help is greatly appreciated.

  Hey Sebastian,
  Had the same issue, which I just managed to get it resolved.
  When you insert the modem, the router will create an Async interface for it lets say Async 0/1/0
  then all what you've to do is:
  chat-script DialOut ABORT ERROR ABORT BUSY "" "AT" OK "ATDT \T" TIMEOUT 45 CONNECT \c
  line 0/1/0
  exec-timeout 0 0
  script dialer DialOut
  modem InOut
  transport preferred none
  transport input all
  transport output all
  stopbits 1
  speed 115200
  flowcontrol hardware
  and to dial a the remote router all what's required is:
  reverse telnet to the above line (show line to know the line number) then type atdt
  Let me know in case you still get issues

• Help picking between 2 routers

  So I'm between two routers. I plan on flashing the router with dd-wrt immediately. Just want some advise please.
  Between
  Netgear R7000 Nighthawk AC1900 Smart WiFi Router ‑ 4‑Port Switch
  And the
  ASUS RT‑AC87U Wireless router ‑ 4‑port switch ac2400
  The asus one is the newer one with better hardware, but I'm not sure which will work out better for me in the long run.
  My current situation: house with three floors, 6 regular users, and roughly 7-10 devices concurrently.
  Right now I have a 57 Mbps connection using a net gear router with ddwrt.
  One issue I'm currently running into is every so often the wifi only will crash while the wired connection stays live.  I've tried trouble shooting for past several months No resolution. I am considering a speed upgrade soon, but not until I can sustain a stable connection with the current setup.
  Most common use is gaming and streaming via Netflix, along with general browsing.
  What I'm looking for is stable hardware that will keep me future proof for a bit longer, that is why im erring towards the asus since it is the new hardware, but they are also the less tested company in terms of routers.
  I'll appearciate any advise.
  Currently. Can get asus for $258, and netgear for $171
  I am hoping to upgrade to a 500 Mbps connection down the road.

  Thank you for your help, re-instating the DHCP did the trick (after a power cycle).
  Just in case anyone else needs to do this, here is my final config;
  WAG160N is set to 192.168.1.1 with DHCP enabled.
  BEFW11S4 is set to 192.168.2.1 with DHCP enabled and auto select IP address.
  Thanks for all the suggestions everyone - just need a Wireless N ADSL router (to replace the two I've got hooked up) that can log all internet traffic now

• IPSEC Tunnel trouble between two VRW200

  Hi,
  First...a note of disappointment: Linksys tech support seems to say: "You have selected a product that is not supported via Linksys Chat."  I am not sure why...is it not supported model any more?
  Anyway...the real problem I have is:
  I got 2 sites. Both use a VRW200 router with Firmware Version: 1.0.39 .
  The routers do their job nice on LAN and WAN and WLAN.
  I need to connect the 2 sites via VPN IPSEC tunnel to ensure resources can be shared...imagine as a mini branch office and a Small main office.
  QuickVPN works nice for both, that is how I can manage both routers from home, but we need more, a tunnel between the 2 networks.
  I set up the tunnel on both ends using exact same settings, except, the branch accepts connections from ANY and main office calls branch by FDQN using dyndns.
  In VPN summary of the Branch, the status is ANY, in the office it is T (Try to connect to Remote Peer.) 
  The connection seems to be up for a while...not short, but less than a day even with this T status, but it never becomes C and it disconnects eventually.
  Pasting here details of VPN tunnel from main office (altered the IP adresses a little bit but consequently):
  000 "TunnelA":     srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
  000 "TunnelA":   ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 60s; rekey_fuzz: 100%; keyingtries: 5
  000 "TunnelA":   policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24; interface: eth0; 
  000 "TunnelA":   dpd: action:restart; delay:30; timeout:120; 
  000 "TunnelA":   newest ISAKMP SA: #304; newest IPsec SA: #305; 
  000 "TunnelA":   IKE algorithms wanted: 5_000-2-2, flags=strict
  000 "TunnelA":   IKE algorithms found:  5_192-2_096-2, 
  000 "TunnelA":   IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
  000 "TunnelA":   ESP algorithms wanted: 3_000-2, flags=strict
  000 "TunnelA":   ESP algorithms loaded: 3_000-2, flags=strict
  000 "TunnelA":   ESP algorithm newest: 3DES_0-HMAC_SHA1; pfsgroup=<Phase1>
  000 #305: "TunnelA":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 1773s; newest IPSEC; eroute owner
  000 #305: "TunnelA" [email protected] [email protected] [email protected] [email protected]
  000 #304: "TunnelA":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 26954s; newest ISAKMP; lastdpd=26s(seq in:432 out:0)
   Please anyone can help me to get a C into connection status?
  Thanks,
  Dezso 

  Are you using WRV200? Try checking the group if they are using the correct server addresses.
  Regards,
  Lord Maxthor

• Kerberos Authentication between Sharepoint 2013 Foundation - SSRS 2012 - Oracle 11g failing with ORA-12638: Credential retrieval failed

  I have set up SharePoint 2013 Foundation, SharePoint Reporting Services and SQL Server 2012 in a single server. I then created a Data Connection to Oracle 11g. Upon testing the connection, it throws the error “ORA-12638: Credential retrieval failed”.
  Given below are the steps of installation and configuration.
  Installation till basic authentication:
  The installation has been done in a
  single server.
  Installed SQL Server 2012 (Developer version).
  Selected only the following features:
  Database Engine Services
  Analysis Services
  Reporting Services – SharePoint
  Reporting Services Add-in for SharePoint Products
  Management Tools – Basic
  - Management Tools - Complete
    2. Installed SQL Server 2012 SP1.
    3. Installed SQL Server 2012 SP2.
    4. Installed SharePoint Foundation 2013.
    5. Created web application (without Kerberos; we did not even create the SPNs).
        The application pool has been configured to use Reporting Services account since it is a single server installation. This account has been registered as a managed
  account.
    6. Created Site Collection.
    7. Verified that Reporting Services is not installed.
    8. Installed SharePoint Reporting Services from SharePoint 2013 Management Shell.
    9. Verified that Reporting Services is installed.
   10. Created a new SQL Server Reporting Services Service Application and associated the Web Application to the new SQL server Reporting Services Service Application.
    11. Verified that SQL Server Reporting Services Service Application and its proxy have started. Reset IIS.
    12. Created a Site.
    13. Created a Data Connection library with “Report Data Source” content type.
    14. Created a Report Model library with “Report Builder Model” content type.
    15. Created a Report library with “Report Builder Report” content type.
    16. Uploaded an SMDL to the Report Model library.
    17. Added the top level site to Local Intranet instead of as a Trusted Site in the browser settings.
    18. Able to create and save a report using Report Builder.
  Hence, basic authentication is working and SSRS is able to connect to Oracle database.
  Next we have to configure Kerberos settings between SharePoint and SQL Server.
  Implementation of Kerberos authentication
  In the Report Server machine, opened the file C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\WebServices\Reporting\rsreportserver.config  and added the Authentication Types of RSWindowsNegotiate
  and RSWindowsKerberos.
   2.  Set up the following SPNs.
                 a) SQL Server Database Engine service (sqlDbSrv2):
                  setspn -S MSSQLSvc/CER1110:1433 CERDEMO\sqlDbSrv2
                  setspn -S MSSQLSvc/CER1110.cer.demo.com:1433 CERDEMO\sqlDbSrv2
               In the Delegation tab of the account, selected "Trust this user for delegation to any service (Kerberos only)".
  b) Account: SharePoint Setup Admin account (spAdmin2)
       setspn -S HTTP/CER1110:9999 CERDEMO\spAdmin2
                  setspn -S HTTP/CER1110.cer.demo.com:9999 CERDEMO\spAdmin2
                  In the Delegation tab of the account, selected "Trust this user for delegation to any  service
  (Kerberos only)".
  c) Account: SQL Server Reporting Service account (sqlRepSrv2)
                     setspn -S HTTP/CER1110 CERDEMO\sqlRepSrv2
                     setspn -S HTTP/CER1110.cer.demo.com CERDEMO\sqlRepSrv2
                     In the Delegation tab of the account, selected "Trust this user for delegation to any service
  (Kerberos only)".
    3. Configure the Web Application to use “Negotiate (Kerberos)”.
    4. Logged in as SharePoint Administrator to the SharePoint server and opened the top level site in the IE browser.
       The Event Viewer logged the login process for the SharePoint Administration account as
  Negotiate and not Kerberos.
    5. Implemented Kerberos for Oracle database and client.
       Able to connect to the Oracle database via Kerberos authentication using SQL Plus.
    6. Turn on Windows Firewall.
    7. While testing the site's data connection using Kerberos settings, got the error
  “Can not convert claims identity to windows token. This may be due to user not logging in using windows credentials.”
        Note: The Data Connection for basic authentication still worked.
    8. Created a Claims to Windows Token Service account (spC2WTS2).
    9. Started the Claims to Windows Token Service.
   10. Registered the Claims to Windows Token Service account as a Managed Account.
   11. Changed the Claims To Windows Token Service to use the above managed account.
   12. Verified that the Claims to Windows Token Service account (spC2WTS2) is automatically added to the WSS_WPG local group on the SharePoint box.
        Note: The Reporting Services service account is also a part of the WSS_WPG local group.
   13. Added the Claims to Windows Token Service account (spC2WTS2) to the Local Admin Group on the machine having the SharePoint App Server.
   14. In the SharePoint box, added the Claims to Windows Token Service account (spC2WTS2) in the Act as part of the operating system policy right.
   15. The Claims to Windows Token Service account (spC2WTS2) has the WSS_WPG group configured.
        When the C2WTS service was configured to use the managed account Claims to Windows Token Service account (spC2WTS2) earlier, the spC2WTS2 account was automatically
  added to the WSS_WPG local group on the SharePoint box. The WSS_WPG group in turn is configured in c2wtshost.exe.config file.
   16. Verified that the Reporting Services account is a managed account and part of the WSS_WPG group.
   17. Earlier Service Application Pool - SQL Server Reporting Services App Pool service was associated with the SharePoint Admin account.
        Changed this to associate the Reporting Service account with the Service Application Pool - SQL Server Reporting Services App Pool service.
   18. Changed the delegation of the Reporting Service account to constrained delegation with Protocol Transitioning. This is because we are transitioning from one authentication scheme (Claims) to another (Windows Token).
        For this, the delegation has been changed to "Trust this user for delegation to specified services only". Also, selected the sub radio button "Use
  any authentication protocol". Selected the Oracle Kerberos service as the service to which this account can present delegated credentials.
        Note: The Reporting Service account already had an HTTP SPN.
   19. Next, the goal was to make the Claims To Windows Token Service account match the Reporting Service account.
         For this, we created a fake SPN for the Claims To Windows Token Service account since the delegation tab was missing.
         The delegation has been changed to "Trust this user for delegation to specified services only". Also, selected the sub radio button "Use any
  authentication protocol". Selected the Oracle Kerberos service as the service to which this account can present delegated credentials.
   20. Restarted the SharePoint server.
   21. Tested the data connection with the Kerberos settings again.
         Got the error
  “ORA-12638: Credential retrieval failed”.
  Can anyone tell me what is wrong with this setup?

  http://www.freeoraclehelp.com/2011/10/kerberos-authentication-for-oracle.html
  Problem4: ORA-12638: Credential retrieval failed
  Solution:  Make sure that SQLNET.KERBEROS5_CC_NAME is set in sqlnet.ora and okinit has been run before attempting to connect to the database.
  Do check 
  http://webcache.googleusercontent.com/search?q=cache:5a2Pf3FH7vkJ:externaltable.blogspot.com/2012/06/kerberos-authentication-and-proxy-users.html+&cd=5&hl=en&ct=clnk&gl=in
  If this helped you resolve your issue, please mark it Answered. You can reach me through http://itfreesupport.com/

• How can I improve performance over a Branch Office IPsec vpn tunnel between and SA540 and an SA520

  Hello,
  I just deployed one Cisco SA540 and three SA520s.
  The SA540 is at the Main Site.
  The three SA520s are the the spoke sites.
  Main Site:
  Downstream Speed: 32 Mbps
  Upstream Speed: 9.4 Mbps
  Spoke Site#1:
  Downstream Speed: 3.6 Mbps
  Upstream Speed: 7.2 Mbps (yes, the US is faster than the DS at the time the speed test was taken).
  The SA tunnels are "Established"
  I see packets being tranmsitted and received.
  Pinging across the tunnel has an average speed of 32 ms (which is good).
  DNS resolves names to ip addresses flawlessly and quickly across the Inter-network.
  But it takes from 10 to 15 minutes to log on to the domain from the Spoke Site#1 to the Main Site across the vpn tunnel.
  It takes about 15 minutes to print across the vpn tunnel.
  The remedy this, we have implemented Terminal Services across the Internet.
  Printing takes about 1 minute over the Terminal Service Connection, while it takes about 15 minutes over the VPN.
  Logging on to the network takes about 10 minutes over the vpn tunnel.
  Using an LOB application takes about 2 minutes per transaction across the vpn tunnel; it takes seconds using Terminal Services.
  I have used ASAs before in other implementation without any issues at all.
  I am wondering if I replaced the SAs with ASAs, that they may fix my problem.
  I wanted to go Small Business Pro, to take advantage of the promotions and because I am a Select Certified Partner, but from my experience, these SA vpn tunnels are unuseable.
  I opened a case with Small Business Support on Friday evening, but they couldnt even figure out how to rename an IKE Policy Name (I figured out that you had to delete the IKE Policy; you cannot rename them once they are created).
  Maybe the night weekend shift has a skeleton crew, and the best engineers are available at that time or something....i dont know.
  I just know that my experience with the Cisco TAC has been great for the last 10 years.
  My short experience with the Cisco Small Business Support Center has not been as great at all.
  Bottom Line:
  I am going to open another case with the Day Shift tomorrow and see if they can find a way to speed things up.
  Now this is not just happening between the Main Site and Spoke Site #1 above. It is also happeninng between the Main Site and Spoke #2 (I think Spoke#2 has a Download Speed of about 3Mbps and and Upload Speed of about 0.5 Mbps.
  Please help.
  I would hate to dismiss SA5xx series without making sure it is not just a simple configuration setting.

  Hi Anthony,
  I agree!.  My partner wants to just replace the SA5xxs with ASAs, as we have never had problems with ASA vpn performance.
  But I want to know WHY this is happening too.
  I will definitely run a sniffer trace to see what is happening.
  Here are some other things I have learned from the Cisco Small Business Support Center (except for Item 1 which I learned from you!)
  1.  Upgrade the SA540 at the Main Site to 2.1.45.
  2a. For cable connections, use the standard MTU of 1500 bytes.
  2.b For DSL, use the following command to determine the largets MTU that will be sent without packet fragmentation:
  ping -f -l packetsize
  Perform the items below to see if this increases performance:
  I was told by the Cisco Small Business Support Center that setting up a Manual Policy is not recommended; I am not sure why they stated this.
  3a. Lower the IKE encryption algorithm from "AES-128" to DES.
  3b. Lower the IKE authentication algorithm to MD5
  3c. Also do the above for the VPN Policy
  Any input is welcome!

• Sharing Authentication between different weblogic istances

  Hi,
  I'm using WebLogic 10.3.5.
  Is there a way to share only the authentication (getRemoreUser() info) between 2 distinct ear, each deployed on different weblogic istances (same WL domain) and with only one of them under my control?
  I done it successfully when the 2 ears were deployed in the same weblogic istance.
  What about If I were using OHS (virtual hosts) as an "access point" to the 2 ears?
  P.S. I can't use SSO,
  Thank you very much.
  Best regards,
  S.

  Turns out it does matter what domain you are accessing each app with--I was using our Apex development domain to test, and it was bombing out. When I used the same domain as the Designer forms and cookie domain, it worked like a charm.

• Load balancing between two routers

  I have two routers connected through the LAN connection. The first one is using as routing protocol EIGRP, the other one is part of the managed service and I do not have access to it. I would like to make a load balancing between the two of them by redistributing the static routes in EIGRP. When I tried this, I am loosing the EIGRP entry for this route in the routing table. I would like to have both of them , so we could have traffic sharing. I appreciate if you give me any hints.

  Raju,
  you have two choices as far as I can see. If you want to use static routing over the WAN to your branch, you could duplicate your static routes to the branch and point them to the secondary router. You will have two identical sets of static routes in the primary router, one set pointing to the WAN interface and the other one pointing to the secondary router.
  ip route x.x.x.x "WAN-interface"
  ip route x.x.x.x "secondary router"
  ip route y.y.y.y "WAN-interface"
  ip route y.y.y.y "secondary router"
  etc.
  As a result the primary router will have two routes to the branch and will load-balance. If one next-hop fails (either the WAN interface or the secondary router), only the other will be used. If the next-hop comes back up, load-balancing will resume.
  The other choice would be to use EIGRP over the WAN, and make sure the two routers become EIGRP neighbors. Then you can use the "variance" command to achieve unequal cost load-balancing between the two routers. Let me know if you need more information about this, but i think static routes will be sufficient in your situation.
  HTH, Thomas

• Connection between two routers

  Can´t ping from pc10 to pc15. It get's stuck on router4, because the communication between router4 and router2 is failling.
  I would appreciate if somebody could help me!
  Thanks in advance. 

  I dont have Packet tracer...
  What is the ip address of the pc's?
  Do you have route for both subnets in all routers?
  Thanks,
  Madhu.

• IPSec Certificate Authentication from Linux Strongswan client to Windows Advanced Firewall (2012)

  Hi,
  Has anybody had any success in getting a Linux Strongswan client (or Openswan) to connect to a win2012 Advanced Firewall using certificates and IPSec?  My Security Connection Rule requires authentication both inbound and outbound.  The cert is
  installed correctly on the Linux box.
  I can get a connection using pre-shared keys, but haven't been able to establish a Quick Mode session when using certs.  I've tried (literally) hundreds of different configs without success.  Event log shows either 'No Policy Configured' or 'Unknown
  Authentication'.
  Windows clients can connect correctly with certs.  I've deliberately excluded details as the Linux config can be setup in so many different ways, i'd rather start by looking at someone elses config that works (if that actually exists).
  Thanks
  Mick

  Hi,
  I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
  Thanks for your understanding and support.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• E1 crossover voice trunk between 2 routers

  Hi,
  I am looking to setup a voice trunk (preferably using ISDN signalling), between 2 2811 routers.
  I have VWIC-1MFT-E1= on 1 router and a VWIC-2MTF-E1= on the other.
  I have a cross over cable setup, and both controllers are up.
  I am trying to setup dial-peers etc but when I do an ISDN debug on the routers, I see BAD_FRAME messages on 1 router.
  Could this be a cabling issue ?
  If I setup the trunk as ds0 with type fxs-loop-start, then it seems to work.
  Thanks

  Hi Dgahm,
  I did try doing this at one point but it did not seem to work.
  Although with all the changes I was making, it may have slipped through.
  Also, I have limited dsp resources, so I could allocate only 10 channels in the PRI group on both ends. Would that make any difference ? (timeslot 1-10,16)
  I'll try it out again.
  On one router, I do have it setup as an MGCP gateway with BRI backhaul to CCM and also have sccp transcoding setup for CCM.
  Would that by any chance have any effect on this E1 ? I dont think it should (apart from dsp resources).
  Thanks