Rebooting a 3g card on a cisco router
Is there a way to reboot only the 3G modem card on a cisco router without rebooting the router? We have a cisco 881G with a PCEX-3G-HSPA-A card and sometime our ISP ask us to reboot the modem. We use the 3G card has a backup connection. If we reboot the router, we will lose the communication with the head office. So this is why we would like to know if there is a way to connect on the 3G card and reboot only the modem.
Thanks for your help on this issue.
I have found the correct procedure.
Router(config)#service internal
Router(config)#exit
Router#test cellular 0 modem-power-cycle
000048: *Feb 8 16:04:50.975: %CISCO800-2-MODEM_REMOVAL_DETECTED: Cellular0 modem is now REMOVED
000049: *Feb 8 16:04:50.975: %CISCO800-2-CELLULAR_INTERFACE_NOT_SHUTDOWN: WARNING: Cellular0 interface sh
ould be shutdown before removing modem. Reload Required to reset interface
000050: *Feb 8 16:04:50.975: %CELLWAN-2-MODEM_DOWN: Cellular0 modem is DOWN
000051: *Feb 8 16:04:55.523: %CISCO800-2-MODEM_INSERTED_DETECTED: Cellular0 modem is now INSERTED
Modem Power cycled successfully
Router#
Similar Messages
-
Problems with my 1760 cisco router
Is possible to conect to Internet a 1760 Cisco router without VIC/WIC cards? My Cisco router don't have this cards and I am not able to understand his role in my network! (school network). Thank you.
Depends on your internet connection. If you use DSL/Cable Modem, you usually get an ethernet hand off. If you have T class connection, you'll have/need a WIC-1T or WIC-1T-DSU.
-
What sort of fxs card to buy for the cisco router 2801
Hi
I have just bought a cisco router 2801 which l want to setup for my VIOP lab. Can pls advice me on what sort of fxs card l should buy for the cisco router 2801 to connect the ip phones or the analog phones.Hi
It depends what you want to do:
IP Phones - need nothing
FXS - needed only if you want to connect analogue handsets or faxes
FXO - needed if you want to connect the system to a POTS line
There are further interfaces (BRI, PRI etc) if you have different PSTN connectivity.
What connectivity do you plan to have in your lab?
Aaron
Please rate helpful posts... -
RE: Network Connect of a WMP100N Wireless card Thru a WRT54G Router
Well, I disabled the Zonealarm personal firewall. No change in connectivity. The card acquires the router, has super signal strength, and no internet. I've even tried re-doing the connection profile. I have noticed a minor difference in security settings. The router is configured WPA with PSK using TKIP + AES. The card gives me the option of either TKIP or AES (not the plus) Probably doesn't matter since the card only acquires the router when TKIP is chosen. I have also noticed when I tried using the rightclick repair option that windows lists encryption as disabled. If the card security settings match that of the router and access is established, isn't encryption enabled? Re-enabled the wired card and immediately established and internet connection. Am lost as to why I can't get internet thru the wireless card. There is an IP address and standard subnet mask. There just is a blank gateway, DNS and etc.
Well, I may have made a mistake. I spent some time on Live Chat with no real success. After all that, I decided to update firmware for the router. Here's where I may have goofed. Rather than use the old way to update, I used the linksys upgrade application. It did upgrade the router. Unfortunately, it seems to have corrupted my OS installation. I can't get XP (SP2) to properly shutdown. It goes partway thru the process, then I hear a click, the fans start whirring and it reboots. I end up having to push and hold the power button for shut off. Not a good solution. Any ideas? I am considering uninstalling the wireless card and doing a system restore pre-card. (BTW, the wireless card worked after the firmware update (although the connection does drop fairly often without any other 2.4 competing devices)
-
OS X 10.6.8 and Cisco Router WRT110
Just upgraded my Macbook Pro to OS X 10.6.8 and am having to reboot my Cisco router continuously to maintain internet connectivity. Is it the 2 year old router?
Make sure your firmware is updated for the router.
-
Trouble connecting Cisco router with cable modem for Internet purposes
So I am requesting help from the Cisco community on this issue as the cable company states there equipment is working fine. At all my facilities I have a guest Internet service setup through a local Internet provide to provide Internet services to the residents and guests. I have the cable modem usually a Motorola SBG6580 or a SMC 8014 (both provided by cable company) connected to my router on a FE or GE interface. I am using static IPs and using the cable modem just as a modem (bridge mode). Over the past several months these connections have just stopped working. I have not made any drastic changes to my router configs; however, the cable company has updated the firmware on these modems. I am wondering if that could affected how the modem and router talk. I was told by the cable company that the modem sees the Cisco router but that the port is inactive. My router shows the port is active and traffic passing. Does anyone have any ideas that could point where the problem lies? I will post a basic config to one that currently does not work. I am using a VRF to route a certain group out, using NAT. Please let me know if I need to post additional info. Any help would be greatly appreciated.
Cisco CISCO2911/K9
Version 15.2(3)T1
service timestamps debug datetime localtime
service timestamps log datetime localtime show-timezone
service password-encryption
hostname 1204RTR01
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.152-3.T1.bin
boot system flash0:c2900-universalk9-mz.SPA.151-3.T.bin
boot-end-marker
card type t1 0 0
logging buffered 64000
aaa new-model
aaa session-id common
clock timezone cst -6 0
clock summer-time CDT recurring
no ipv6 cef
no ip source-route
ip vrf 5
rd 5:1
ip multicast-routing
1
ip dhcp pool Guest
vrf 5
network 10.51.XXX.0 255.255.255.0
default-router 10.51.XXX.XXX
dns-server 209.18.47.61 209.18.47.62
ip flow-cache timeout active 1
no ip bootp server
no ip domain lookup
ip cef
multilink bundle-name authenticated
application
global
service alternate default
license udi pid CISCO2911/K9 sn FTX1508AHTM
hw-module pvdm 0/0
redundancy
ip tcp synwait-time 10
interface GigabitEthernet0/0.5
description Guest VLAN
encapsulation dot1Q 5
ip vrf forwarding 5
ip address 10.51.xx.xxx 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
interface GigabitEthernet0/2
description Guest Intenet access
ip vrf forwarding 5
ip address 24.242.182.182 255.255.255.252 <--Cable company IP, Modem IP is 24.242.182.181
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 9 interface GigabitEthernet0/2 vrf 5 overload
ip route vrf 5 0.0.0.0 0.0.0.0 24.242.182.181
access-list 9 permit 10.51.204.0 0.0.0.255Ok, mysteriously this location just started working yesterday, but I still am dealing with seven others and I really would like to know what is going on. I will give you everything you may need and let me know.
Config:
version 15.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime show-timezone
service password-encryption
hostname 1112RTR01
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.152-3.T1.bin
boot system flash0:c2900-universalk9-mz.SPA.151-1.T.bin
boot-end-marker
aaa new-model
aaa session-id common
clock timezone CDT -6 0
clock summer-time CDT recurring
network-clock-participate wic 0
network-clock-select 1 T1 0/0/0
no ipv6 cef
no ip source-route
ip vrf GuestVRF
rd 5:1
ip multicast-routing
ip dhcp pool Guest
vrf GuestVRF
network 10.51.112.0 255.255.255.0
default-router 10.51.112.1
dns-server 209.18.47.61 209.18.47.62
ip flow-cache timeout active 1
no ip bootp server
no ip domain lookup
ip cef
application
global
service alternate default
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0.5
description Guest VLAN
encapsulation dot1Q 5
ip vrf forwarding GuestVRF
ip address 10.51.112.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
interface GigabitEthernet0/1
description Guest Internet (Time Warner Connection)
ip vrf forwarding GuestVRF
ip address 97.77.116.234 255.255.255.252
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
ip forward-protocol nd
ip nat inside source list 5 interface GigabitEthernet0/1 vrf GuestVRF overload
ip route vrf GuestVRF 0.0.0.0 0.0.0.0 97.77.116.233
access-list 5 permit 10.51.112.0 0.0.0.255
control-plane
end
router#sh ip arp vrf GuestVRF
router#Internet 97.77.116.233 2 f80b.bee7.e09f ARPA GigabitEthernet0/1
Protocol Address Age (min) Hardware Addr Type Interface
Internet 97.77.116.234 - 8843.e13c.8d99 ARPA GigabitEthernet0/1
router#ping vrf GuestVRF 97.77.116.233
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 97.77.116.233, timeout is 2 seconds:
Success rate is 0 percent (0/5)
router#sh int g0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is 8843.e13c.8d99 (bia 8843.e13c.8d99)
Description: Guest Internet (Time Warner Connection)
Internet address is 97.77.116.234/30
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is RJ45
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:00:10
Input queue: 76/75/15/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 3000 bits/sec, 7 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
81 packets input, 4860 bytes, 0 no buffer
Received 81 broadcasts (0 IP multicasts)
0 runts, 0 giants, 12 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
16 packets output, 1193 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
router#sh int g0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is 8843.e13c.8d99 (bia 8843.e13c.8d99)
Description: Guest Internet (Time Warner Connection)
Internet address is 97.77.116.234/30
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is RJ45
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:00:42
Input queue: 76/75/67/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 3000 bits/sec, 7 packets/sec
30 second output rate 1000 bits/sec, 2 packets/sec
408 packets input, 24480 bytes, 0 no buffer
Received 408 broadcasts (0 IP multicasts)
0 runts, 0 giants, 61 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
72 packets output, 5669 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
I am receiving packets in and out of the interface but I cannot ping the modem through the VRF.
router#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 97.77.116.234:3169 10.51.112.39:3169 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:8534 10.51.112.39:8534 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:12244 10.51.112.39:12244 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:14002 10.51.112.39:14002 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:23623 10.51.112.39:23623 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:24489 10.51.112.39:24489 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:24550 10.51.112.39:24550 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:27458 10.51.112.39:27458 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:28603 10.51.112.39:28603 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:37404 10.51.112.39:37404 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:53942 10.51.112.39:53942 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:58125 10.51.112.39:58125 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:64797 10.51.112.39:64797 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:56925 10.51.112.52:56925 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:56925 10.51.112.52:56925 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:62342 10.51.112.52:62342 209.18.47.62:53 209.18.47.62:53
tcp 97.77.116.234:36559 10.51.112.69:36559 199.167.177.46:1227 199.167.177.46:1227
tcp 97.77.116.234:48895 10.51.112.69:48895 54.195.253.126:5223 54.195.253.126:5223
tcp 97.77.116.234:58385 10.51.112.69:58385 54.195.243.137:5223 54.195.243.137:5223
Pro Inside global Inside local Outside local Outside global
tcp 97.77.116.234:58658 10.51.112.71:58658 31.13.66.165:443 31.13.66.165:443
udp 97.77.116.234:3066 10.51.112.72:3066 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:3884 10.51.112.72:3884 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:6656 10.51.112.72:6656 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:11194 10.51.112.72:11194 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:11774 10.51.112.72:11774 209.18.47.62:53 209.18.47.62:53
Let me know if you need anything else. I need to figure this out and I just don't get it because the other site wasn't working a few days ago and all of a sudden it is working again but others are still not. -
Cisco Router 1841 is it support CME ?
I have cisco router 1841 is it support CME? I tried to put this command myrouter(config)# telephony-services but is not recognized ?
1841 supports VWIC card perfectly. it works great in WAN data.
Here is VWIC card in my 1841 in "show diag",
WIC/HWIC Slot 1:
VWIC2-2MFT-T1/E1 - 2-Port RJ-48 Multiflex Trunk - T1/E1
Hardware Revision : 0.0
Top Assy. Part Number : 800-22629-05
Board Revision : C0
Deviation Number : 0
Fab Version : 04
PCB Serial Number : FOCxxxxxxx
RMA Test History : 00
RMA Number : 0-0-0-0
RMA History : 00
Product (FRU) Number : VWIC2-2MFT-T1/E1
Version Identifier : V01
EEPROM format version 4
EEPROM contents (hex):
0x00: 04 FF 40 03 FC 41 00 00 C0 46 03 20 00 58 65 05
0x10: 42 43 30 88 00 00 00 00 02 04 C1 8B 46 4F 43 31
0x20: 33 30 34 33 57 42 53 03 00 81 00 00 00 00 04 00
0x30: CB 90 56 57 49 43 32 2D 32 4D 46 54 2D 54 31 2F
0x40: 45 31 89 56 30 31 20 D9 02 40 C1 FF FF FF FF FF
0x50: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
0x60: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
0x70: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF -
Unable to use Cisco Router 2851 as E1 RAS. Please help...
Dear All,
I have one Cisco Router 2851 with following cards and features:
Cisco 2851-V/K9 - 2851 Voice Bundle
VWIC2-2MFT-T1/E1 - 2-Port 2nd Gen Multiflex Trunk Voice/WAN Int. Card - T1/E1
S28NSPSK9 - 12403 - IOS
PWR-2821-51-AC - 1 No
Router-SDM-CD - 1 No
PVDM2-48 - 1 No
MEM2800-256D-INC - 1 No
MEM2800-64-CF-INC - 1 No
ACS-2821-51-STAN - 1 No
Attaching Config details along with this.
Appreciate, if someone help me on this.
Regards,
SureshYou need a digital modems card for that, PVDM2-xxDM, where xx = 12, 24 or 36.
You will also need one of the following interface cards:
NM-1CE1T1-PRI
NM-2CE1T1-PRI
HWIC-1CE1T1-PRI
HWIC-2CE1T1-PRI
The VWIC that you have is not supported with the Digital Modems. -
Printer Reboots at 75% when connected to Cisco 2960
Currently Being Moderated
Xerox 5745 Printer Reboots at 75% when connected to Cisco 2960
Hi,
We are having a problem with our Xerox 5745 multifunction Printer...
This problem had been forwarded to Xerox, but they claim that a problem was caused by a power surge on our Cisco router.
We are having a total of 8 CiscoCatalyst 2960 Series in our IT Communication rooms.
We are also having 2 Xerox 7120, 4 Xerox 5745, 6 HP5200 and 300 computers - PC (HP Desktop) and Laptop (Samsung).
Network : all connected to CISCO Catalyst 2960 Series
Printer Setup:
IP Address: Manual IP Assignment (DHCP Disabled)
PC Setup: TCP/IP –RAW on Port 9100 – SNMP Status ENABLED
The two machines has same firmware software and configuration settings.
one machine just been installed with latest firmware
Problem:
On 3 Xerox 5745 display panel shows: "Network Controller booting"
at 75% the system restart and go on again and again.
This happens when cables are connected to CISCO Catalyst 2660.
Testing done:
•1. No problem, Connecting directly to laptop using (crossover cable), accesss to printing is normal.
•2. No Problem, Using other switch - dLink (not CISCO Catalyst 2960), the printing is normal.
•3. Not work, changing ip address; disabling all protocol; changing speed to 10MBps.
•4. Not work, Switching to other port on CISCO Catalyst 2960.
•5. Not work, Re-starting the Cisco Catalyst 2960 s.
•6. Not work, Changing cables.
HELP! Please ...Ferdinand,
at least you're not the only one who's experiencing this problem:
http://forum.support.xerox.com/t5/Hardware/Workcentre-5135-network-controller/td-p/5086
http://www.fixya.com/support/t556616-network_controller_unavailable (read the comments too!)
In case of your c2960 supports PoE, did you test to disable power inline (I know, PoE normally can't be the reason - but this is a really strange problem)?
What happens when you boot a printer without network connectivity (or with the dLink) to 100% and connect it after that to the c2960 switch? -
Cisco Router tried to take a firmware update and no longer works
Ok so internet was working fine until Cisco Connect told me to take an update. My connection is wired and there were no disruptions during the download. Yet the download still failed and now my power light blinks continuously and there is no internet access. I tried instructions on "How to unbrick your Cisco Router", even got them to work, it took the firmware update from the cmd line. Still doesnt work though. What's wrong with this thing and how do i fix it?
Solved!
Go to Solution.I ended up downloading a firmware utility program and was able to get it to reload. The power light became solid somewhere between 2-5 mins, however still didnt connect to the internet. Found that all this factory resetting will change your Internet access name & password, with no way to find out the new one. You have to remove the Cisco Connect program from your computer and reload it from the original disk. Only then will you be up and running again. While I appreciate the response Helm, I was way beyond a 30 second reset button solution when I posted this lol.
-
Cant ping behind cisco router (site2site vpn)
Dears;
After configure site to site vpn between cisco router and fortigate firewall,
site A : 10.0.0.0/24 behind fortigate
site B: 10.10.10.0/24 behind cisco router
the tunnel is up and I can ping 10.0.0.1 from site B and can ping 10.10.10.1 from site A but I cant ping any ip inside 10.0.0.0/24 form site B or network 10.10.10.0/24 from site A
my cisco router configuration is
Current configuration : 2947 bytes
! No configuration change since last restart
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
boot-start-marker
boot-end-marker
enable secret 4 EE103as6FtdocdBefpgugX6P9eGaDKDyBvwz7AywH5Q
no aaa new-model
memory-size iomem 10
clock timezone cairo 2 0
crypto pki token default removal timeout 0
ip source-route
ip dhcp excluded-address 192.168.16.1
ip dhcp excluded-address 10.10.10.1 10.10.10.10
ip dhcp pool GUEST
network 192.168.16.0 255.255.255.0
default-router 192.168.16.1
dns-server 8.8.8.8 8.8.4.4
ip dhcp pool LAN
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 8.8.8.8 8.8.4.4
ip cef
controller VDSL 0
ip ssh version 2
crypto isakmp policy 10
encr aes
hash sha256
authentication pre-share
group 5
crypto isakmp key 6 *********** address 4.x.x.x no-xauth
crypto ipsec transform-set myset esp-aes esp-sha256-hmac
crypto map kon-map 10 ipsec-isakmp
set peer 4.x.x.x
set transform-set myset
set pfs group5
match address 105
interface Ethernet0
no ip address
no fair-queue
interface ATM0
no ip address
ip mtu 1452
ip tcp adjust-mss 1452
no atm ilmi-keepalive
interface ATM0.1 point-to-point
ip flow ingress
pvc 0/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
interface FastEthernet0
switchport mode trunk
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
switchport access vlan 2
no ip address
interface FastEthernet3
no ip address
interface Vlan1
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Vlan2
ip address 192.168.16.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password 0
ppp pap sent-username
crypto map kon-map
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
access-list 100 deny ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 100 permit ip 192.168.16.0 0.0.0.255 any
access-list 105 permit ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
banner motd ^C^C
end
when ping from cisco router
konsuler#ping 10.0.0.27 source vlan1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.27, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
Success rate is 0 percent (0/5)
help pleaseThank you karsten
I can ping interface of router from remote site but cant ping any device behind the router and can ping firewall interface but cant ping any device behind the firewall
-counters in
# sh crypto ipsec sa
increased only while ping 10.0.0.1 or 10.10.10.1 from both sides
r#show crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
X - IKE Extended Authentication, F - IKE Fragmentation
Interface: Dialer1
Uptime: 00:03:12
Session status: UP-ACTIVE
Peer: 4.x.x.x port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.x.x.x
Desc: (none)
IKEv1 SA: local 6.x.x.x/500 remote 4.x.x.x/500 Active
Capabilities:(none) connid:2001 lifetime:22:39:59
IPSEC FLOW: permit ip 10.10.10.0/255.255.255.0 10.0.0.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 9 drop 0 life (KB/Sec) 4605776/3407
Outbound: #pkts enc'ed 14 drop 0 life (KB/Sec) 4605775/3407 -
Not able to telnet or ssh to outside interface of ASA and Cisco Router
Dear All
Please help me with following question, I have set up testing lab, but still not work.
it is Hub and spoke site to site vpn case, connection between hub and spoke is metro-E, so we are using private ip for outside interface at each site.
Hub -- Juniper SRX
Spoke One - Cisco ASA with version 9.1(5)
spoke two - Cisco router with version 12.3
site to site vpn has been successful established. Customer would like to telnet/ssh to spoke's outside ip from Hub(using Hub's outside interface as source for telnet/ssh), or vise versa. Reason for setting up like this is they wants to be able to make configuration change even when site to site vpn is down. Sound like a easy job to do, I tried for a long time, search this forum and google too, but still not work.
Now I can successfully telnet/ssh to Hub SRX's outside interface from spoke (ASA has no telnet/ssh client, tested using Cisco router).
Anyone has ever done it before, please help to share your exp. Does Cisco ASA or router even support it?
When I tested it, of cause site to site vpn still up and running.
Thanks
YKHello YK,
On this case on the ASA, you should have the following:
CConfiguring Management Access Over a VPN Tunnel
If your VPN tunnel terminates on one interface, but you want to manage the ASA by accessing a different interface, you can identify that interface as a management-access interface. For example, if you enter the ASA from the outside interface, this feature lets you connect to the inside interface using ASDM, SSH, Telnet, or SNMP; or you can ping the inside interface when entering from the outside interface. Management access is available via the following VPN tunnel types: IPsec clients, IPsec LAN-to-LAN, and the AnyConnect SSL VPN client.
To specify an interface as a mangement-only interface, enter the following command:
hostname(config)# management access management_interface
where management_interface specifies the name of the management interface you want to access when entering the security appliance from another interface.
You can define only one management-access interface
Also make sure you have the pertinent configuration for SSH, telnet, ASDM and SNMP(if required), for a quick test you can enable on your lab Test:
SSH
- ssh 0 0 outside
- aaa authentication ssh console LOCAL
- Make sure you have a default RSA key, or create a new one either ways, with this command:
*crypto key generate rsa modulus 2048
Telnet
- telnet 0 0 outside
- aaa authentication telnet console LOCAL
Afterwards, if this works you can define the subnets that should be permitted.
On the router:
!--- Step 1: Configure the hostname if you have not previously done so.
hostname Router
!--- aaa new-model causes the local username and password on the router
!--- to be used in the absence of other AAA statements.
aaa new-model
username cisco password 0 cisco
!--- Step 2: Configure the router's DNS domain.
ip domain-name yourdomain.com
!--- Step 3: Generate an SSH key to be used with SSH.
crypto key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 3
!--- Step 4: By default the vtys' transport is Telnet. In this case,
!--- Telnet and SSH is supported with transport input all
line vty 0 4
transport input All
*!--- Instead of aaa new-model, the login local command may be used.
no aaa new-model
line vty 0 4
login local
Let me know how it works out!
Please don't forget to Rate and mark as correct the helpful Post!
David Castro,
Regards, -
Remote access VPN with Cisco Router - Can not get the Internal Lan .
Dear Sir ,
I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .Please see the attachment for Scenario, Configuration and Ping status.
I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue.
Below is the IP address of the device.
Local PC connect with Router -2 (Through MS Loopback) Router -2 Router-1 PC -01
IP Address :10.10.10.2 Mask : 255.255.255.0 F0/01
IP address:10.10.10.1
Mask:255.255.255.0 F0/0
IP Address :20.20.20.1
Mask :255.255.255.0
F0/1
IP address :192.168.1.3
Mask:255.255.255.0
F0/0
IP address :20.20.20.2
Mask :255.255.255.0
F0/1
IP address :192.168.1.1
Mask:255.255.255.0
I can ping from local PC to the network 10.10.10.0 and 20.20.20.0 .Please find the attach file for ping status .So connectivity is ok from my local PC to Remote Router 1 and 2.
Through Cisco remote vpn client, I can get connected with the VPN Router R1 (Please see the VPN Client pic.)But cannot ping the network 192.168.1.0
Need your help to fix the problem.
Router R2 Configuration :!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R2
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip tcp synwait-time 5
interface FastEthernet0/0
ip address 20.20.20.2 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
end
Router R1 Configuration :
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R1
boot-start-marker
boot-end-marker
aaa new-model
aaa authentication login USERAUTH local
aaa authorization network NETAUTHORIZE local
aaa session-id common
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
username vpnuser password 0 strongpassword
ip tcp synwait-time 5
crypto keyring vpnclientskey
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco123
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp client configuration group remotevpn
key cisco123
dns 192.168.1.2
wins 192.168.1.2
domain mycompany.com
pool vpnpool
acl VPN-ACL
crypto isakmp profile remoteclients
description remote access vpn clients
keyring vpnclientskey
match identity group remotevpn
client authentication list USERAUTH
isakmp authorization list NETAUTHORIZE
client configuration address respond
crypto ipsec transform-set TRSET esp-3des esp-md5-hmac
crypto dynamic-map DYNMAP 10
set transform-set TRSET
set isakmp-profile remoteclients
crypto map VPNMAP 10 ipsec-isakmp dynamic DYNMAP
interface FastEthernet0/0
ip address 20.20.20.1 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map VPNMAP
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip local pool vpnpool 192.168.50.1 192.168.50.10
ip forward-protocol nd
ip route 10.10.10.0 255.255.255.0 FastEthernet0/0
no ip http server
no ip http secure-server
ip nat inside source list NAT-ACL interface FastEthernet0/0 overload
ip access-list extended NAT-ACL
deny ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended VPN-ACL
permit ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
endDear All,
I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .
Please see the attachment for Scenario, Configuration and Ping status. I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue.
Waiting for your responce .
--Milon -
Hi, I'm trying to create Site-to-Site VPN between Cisco ASA 5505 and Cisco Router 3945.
I've tried create configuration with and without ASA wizard, but anyway it doesn't work.
Please help me to find where is the issue.
I have two sites and would like to get access from 192.168.83.0 to 192.168.17.0
192.168.17.0 --- S1.S1.S1.S1 (IOS Router) ==================== S2.S2.S2.S2 (ASA 5505) --- 192.168.83.0
Here is my current configuration.
Thanks for your help.
IOS Configuration
version 15.2
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
crypto isakmp key cisco address 198.0.183.225
crypto isakmp invalid-spi-recovery
crypto ipsec transform-set AES-SET esp-aes esp-sha-hmac
mode transport
crypto map static-map 1 ipsec-isakmp
set peer S2.S2.S2.S2
set transform-set AES-SET
set pfs group2
match address 100
interface GigabitEthernet0/0
ip address S1.S1.S1.S1 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map static-map
interface GigabitEthernet0/1
ip address 192.168.17.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
access-list 100 permit ip 192.168.17.0 0.0.0.255 192.168.83.0 0.0.0.255
ASA Configuration
ASA Version 8.4(3)
interface Ethernet0/0
switchport access vlan 2
interface Vlan1
nameif inside
security-level 100
ip address 192.168.83.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address S2.S2.S2.S2 255.255.255.248
ftp mode passive
same-security-traffic permit intra-interface
object network inside-network
subnet 192.168.83.0 255.255.255.0
object network datacenter
host S1.S1.S1.S1
object network datacenter-network
subnet 192.168.17.0 255.255.255.0
object network NETWORK_OBJ_192.168.83.0_24
subnet 192.168.83.0 255.255.255.0
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended deny ip any any log
access-list outside_cryptomap extended permit ip 192.168.83.0 255.255.255.0 object datacenter-network
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpn_pool 192.168.83.200-192.168.83.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic inside-network interface
nat (inside,outside) source static inside-network inside-network destination static inside-network inside-network no-proxy-arp route-lookup
nat (inside,outside) source static inside-network inside-network destination static datacenter-network datacenter-network no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.83.0_24 NETWORK_OBJ_192.168.83.0_24 destination static datacenter-network pdatacenter-network no-proxy-arp route-lookup
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 DEFAULT_GATEWAY 1
crypto ipsec ikev1 transform-set vpn-transform-set esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set vpn-transform-set mode transport
crypto ipsec ikev1 transform-set L2L_SET esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set L2L_SET mode transport
crypto dynamic-map dyno 10 set ikev1 transform-set vpn-transform-set
crypto map vpn 1 match address outside_cryptomap
crypto map vpn 1 set pfs
crypto map vpn 1 set peer S1.S1.S1.S1
crypto map vpn 1 set ikev1 transform-set L2L_SET
crypto map vpn 20 ipsec-isakmp dynamic dyno
crypto map vpn interface outside
crypto isakmp nat-traversal 3600
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
group-policy GroupPolicy_S1.S1.S1.S1 internal
group-policy GroupPolicy_S1.S1.S1.S1 attributes
vpn-tunnel-protocol ikev1
group-policy remote_vpn_policy internal
group-policy remote_vpn_policy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
username artem password 8xs7XK3To4s5WfTvtKAutA== nt-encrypted
username admin password rqiFSVJFung3fvFZ encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool vpn_pool
default-group-policy remote_vpn_policy
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group S1.S1.S1.S1 type ipsec-l2l
tunnel-group S1.S1.S1.S1 general-attributes
default-group-policy GroupPolicy_S1.S1.S1.S1
tunnel-group S1.S1.S1.S1 ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f55f10c19a0848edd2466d08744556eb
: endThanks for helping me again. I really appreciate.
I don't hve any NAT-exemptions in Cisco IOS Router. Transform-set I will change soon, but I've tried with tunnel mode and it didn't work.
Maybe NAT-exemptions is the issue. Can you advice me which exemptions should be in Cisco IOS Router?
Because on Cisco ASA I guess I have everything.
Here is show crypto session detail
router(config)#do show crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
X - IKE Extended Authentication, F - IKE Fragmentation
Interface: GigabitEthernet0/0
Session status: DOWN
Peer: 198.0.183.225 port 500 fvrf: (none) ivrf: (none)
Desc: (none)
Phase1_id: (none)
IPSEC FLOW: permit ip 192.168.17.0/255.255.255.0 192.168.83.0/255.255.255.0
Active SAs: 0, origin: crypto map
Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
Should I see something in crypto isakmp sa?
pp-border#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
IPv6 Crypto ISAKMP SA
Thanks again for your help. -
I have AppleTV and Ipad2 running VJay app to my TV over a private cisco router disabled firewall but I keep loosing the video on my TV after a few minutes what can I do?
I also get this problem on my iPad, so probably not related to the AppleTV. On the iPad I restarted Airport Extreme this time, and then the iPad saw my Home Sharing.
So to recap, restarting the router or Airport Express allowed the iPad and AppleTV to see Home Sharing. Restarting AppleTV also allows AppleTV to see Home Sharing.
So does anyone have any idea?
Thanks
Maybe you are looking for
-
Downloading and activating Adobe Acrobat XI Standard
I am in the process of trying to download and install Adobe Acrobat XI Standard onto my laptop. I had to re-image the device. I have the serial number and I have linked it to my account but I cannot recieve a download, even when going to the preferre
-
Looping from end of clip to middle of clip
I'm a complete newbie regarding Flash development, but I've been tasked with automating SWF creation from an AVI source (and quickly!). Once the SWF is finished playing it should endlessly loop from the last frame to about 5 seconds prior to the end
-
How to execute Block step in workflow so that Approval can be done by new
Hi expertt. How to execute the block step in workflow with Local container passed to WF conatiner . so that wf can executed next step with event raised.
-
About .desktop files (using xfce4)
I don't really understand how .desktop files work. There are some in /usr/share/applications in /opt/kde/share/application /opt/gnome/... Now I want some programs to be displayed in the xfce menu. Many are already registered but not eclipse. I have f
-
I use garagband regulalry for voice recording. It now freezes after a few seconds(if that) of recording. I use an Audio Technica usb mic with no problems. I remember this happening with GB afer another OS upgrade in the past.. Is there a problem or s