Re: VPN Client+IOS [7:59283]
I have 4 interfaces: Serial 0/1 - public IP for example 1.1.1.1 fast 0/1 -public IP for example 2.2.2.2 fast 0/0 -LAN IP : 192.168.1.1/24 My ip address pool for VPN : 192.168.1.170-192.168.1.190 On VPN padlock i haver Ip address from router for example 192.168.1.170 but I can't ping any address on LAN. I don't know I am using the newest VPN Client : vpnclient-win-is-3.6.3.Rel-k9 I have ip nat inside on Fast 0/0 and outside on ser 0/1 but without doesn't work to :(. Ben Woltz wrote: The IP address that your VPN Client gets from the router, are you advertising that route through your network? JM wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello I am trying to run VPN beetwen VPN Client 3.6.2.A and Cisco 2651. On Cisco router I have: Software with 3DES/IP PLus/FW/IDS - Version 12.2(11)T2 Router has 4 interfaces: serial 0/1 - Internet here I gave cryptomap fasteth 0/1 -DMZ fasteth 0/0 -LAN ( here I want to be tgrough VPN) I have the same configuration like in TAC help : http://www.cisco.com/warp/customer/471/ipsecrouter_vpn.html VPN Client can login inside router, and I have ipaddress from router, but I don't see anything. I can't ping. I have question ? Where am Im inside the router ? I am in, but I don't see anything. When I will have : ip access-list out on fast0/0 (LAN) what should I enable ? I have nat inside on fast 0/0 and outside on ser 0/1 Regards JM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59318t=59283 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN and IPsec [7:23339]
I have some problems with my Ipsec configuration. My configuration is like: Internet---HQ---Internet--Office1 | |InternetOffice2 Between HQ and Office i want to use VPN connection with Ipsec. How should I make connection between Office1 and Office2? Is it possible to do this through HQ or I have to do this through another Ipsec session Office1-Office2. I want that Office1 and Office2 should go to Internet through HQ. How should I do this ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=23339t=23339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Routing polices [7:11896]
thank you very much. You advices were very helpful Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12083t=11896 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Routing polices [7:11896]
I have 2 ISP and 2 serial and 2 ethernet in my 2509 Cisco router. I want half my LAN goes through ISP1 and serial 0 and ethernet 0. And the other through ISP2 and serial1 and ethernet1. How should I do this ? What combination with route map should I use ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=11896t=11896 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Routing polices [7:11896]
I can't use BGP !!! On Linux routers there is no problem, but I see that the Cisco has a big problem. I receive only advice use BGP. I don't need any BGP. I want only that LAN 0 go through serial0 and LAN 1 do through serial1, on my Linux routers I do this on 3 second. Who really understand route-map command and routing policy on cisco routers ? MacDonald wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... is your Router has AS number Use BGP multi homing config Jacek Malinowski wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have 2 ISP and 2 serial and 2 ethernet in my 2509 Cisco router. I want half my LAN goes through ISP1 and serial 0 and ethernet 0. And the other through ISP2 and serial1 and ethernet1. How should I do this ? What combination with route map should I use ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=11898t=11896 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ARP problem [7:10400]
I have very big problem in Ethernet on my 4500 Cisco router. The problem is when some station are pinging my ethernet ip on the router. In some case the station can't ping my ethernet ip. After command clear arp cache on my Cisco router the station can ping my ethernet ip. I gave on the ethernet interface command arp timout 100 but it doesn't help. My LAN is very big and have 5 3 Com switches. I can't find the solution. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=10400t=10400 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Catalyst 2900XL [7:9843]
Is there possible configure QoS on switch 2924 XL ? What software number I need ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9843t=9843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: need a hand with a IPSEC tunnel [7:8703]
I think there is a problem with bad encryption or password. Both side must have the same encryption,hash, and first of all password when you use pre-share. Gonzalo P. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Derek, Could you add some lines of the configuration? it might help us help you... what are you trying to peer with? another router? a vpn client? a pix? Winchester, Derek wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Any of you that have used ipsec with the Cisco box, could you shed some light on this matter. For some reason I cant get pass phase one. All of the perameters seem to match up. Here is the log. 2d18h: ISAKMP: encryption DES-CBC 2d18h: ISAKMP: hash MD5 2d18h: ISAKMP: default group 1 2d18h: ISAKMP: auth pre-share 2d18h: ISAKMP: life type in seconds 2d18h: ISAKMP: life duration (basic) of 720 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 2d18h: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 65535 policy 2d18h: ISAKMP: encryption DES-CBC 2d18h: ISAKMP: hash MD5 2d18h: ISAKMP: default group 1 2d18h: ISAKMP: auth pre-share 2d18h: ISAKMP: life type in seconds 2d18h: ISAKMP: life duration (basic) of 720 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 2d18h: ISAKMP (0:1): no offers accepted! 2d18h: ISAKMP (0:1): SA not acceptable! 2d18h: ISAKMP (0:1): incrementing error counter on sa: PROPOSAL_NOT_CHOSEN 2d18h: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer at 1 92.128.101.16 2d18h: ISAKMP (1): sending packet to 192.128.101.16 (R) MM_NO_STATE 2d18h: ISAKMP (0): received packet from 192.128.101.16 (N) NEW SA Derek S. Winchester IPSS Network Engineer IP Services Business Unit Lucent Technologies Phone: 978-298-2143 Cell: 978-973-4561 Fax: 978-298-2006 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=8728t=8703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN+Ipsec [7:1576]
I've use 2 Cisco 1750 and Ipsec between them. I have problem with transmision, in some case Ipsec does work. Is it the problem in lifetime configuration ? What are the optimal configuration for lifetimes ? I've use 1000 sec. for Isakmp and Ipsec ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1576t=1576 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN+IPsec II [7:1622]
I have the Ipsec connection between 2 LAN's: A LAN 10.10.10.0 /24 | router A 1750 195.111.111.1 /30 | Internet | router B 1750 200.230.20.1 /30 | B LAN 10.10.50.0 My access-list are: Router A access-list 110 permit ip 10.10.10.0 0.0.0.255 10.10.50.0 0.0.0.255 Router B access-list 110 permit ip 10.10.50.0 0.0.0.255 10.10.10.0 0.0.0.255 Configuration Ipsec is ok, both LAN can ping other side. But I have another LAN C and another router C : | router B 1750 | B LAN 10.10.50.0 | |10.10.50.1 router C 3640 |10.10.30.1 | LAN C 10.10.30.0/24 I want to reach LAN C from LAN A. What should I do to reach this LAN C from LAN A ? Help me to resolve this problem !!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1622t=1622 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN
Hey I have a big problem with Cisco router and Allied Telesyn routers. First of all I want to make VPN conenction between Cisco (2611) and Allied(AR320S). On the Allied site there is an example, but it does work :(. First of all i have used ISAKMP on both routers (cisco and allied). On debuggind i see that isakmp can't exchange key. But why ? I have done: create enco key=1 type=gen rand (on allied router) and then sho enco key=1 (on allied router) I have received the key= and this key i have put on Cisco crypto isakmp key= adress ... And nothing. JM _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route-map
I want to thank everyone for help. But I forgot to specify that running BGP is impossible. The company has a small network (100 users) and connection to Internet through ISP B (like on the picture). That link must be always up. The problem is that the company want to test another connection to Internet through ISP A at the same time ( small network (10 users) management :) ). I'm working as a systems engineer in ISP A :))), and we must sell our link. I know that the best will be BGP. I know that, but I must find another method. Maybe I was wrong, and with route-map command it'll be not work. But why ? I must be sure that tests two ISP without BGP is impossible. THX for help _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route-map
I want only to know if I've a default route ( 0.0.0.0 0.0.0.0 serial 1), and ip policy route-map on the ethernet interface, I'll go always trough serial 1 or if the match criteria are met I'll go trough serial 0 ? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Route-map
I have a big problem with the route-map command. My network looks like : ISP A ISP B | | | | | | --s0--(router 2611)--- s1-- configuration (hypothetical): interface Serial0 ip address 1.1.1.1 255.255.255.0 ! interface Serial1 ip address 100.100.100.100 255.255.255.0 ! interface FastEthernet0 ip address 10.0.0.222 255.255.255.0 secondary ip address 192.168.1.1 255.255.255.0 ip policy route-map POLICY no ip directed-broadcast ! ip classless ip route 0.0.0.0 0.0.0.0 Serial1 no ip http server ! access-list 2 permit 10.0.0.0 0.0.0.255 route-map POLICY permit 10 match ip address 2 set ip next-hop 1.1.1.1 traffic from the network 10.0.0.0 should go through serial 0 and ISP A traffic from the network 192.168.1.0 should go through serial 1 and ISP B. I don't understand how is it possible, that ping from 10.0.0.0 goes through serial 1 and return through serial 0. there is the policy on the ethernet interface. I can't run BGP :( because my router is only 2611 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route-map
Sorry, there is a bug in my hypothetical configuration. in set ip next-hope should be ISP A (1.1.1.2) ""Bradley J. Wilson"" [EMAIL PROTECTED] wrote in message 014301c0a3fa$e349f400$f402f7a5@bwilson">news:014301c0a3fa$e349f400$f402f7a5@bwilson... This is just a guess, but how about setting the next hop in the route-map to the IP address of ISP A? - Original Message - From: Jacek Malinowski Newsgroups: groupstudy.cisco To: [EMAIL PROTECTED] Sent: Saturday, March 03, 2001 9:27 AM Subject: Route-map I have a big problem with the route-map command. My network looks like : ISP A ISP B | | | | | | --s0--(router 2611)--- s1-- configuration (hypothetical): interface Serial0 ip address 1.1.1.1 255.255.255.0 ! interface Serial1 ip address 100.100.100.100 255.255.255.0 ! interface FastEthernet0 ip address 10.0.0.222 255.255.255.0 secondary ip address 192.168.1.1 255.255.255.0 ip policy route-map POLICY no ip directed-broadcast ! ip classless ip route 0.0.0.0 0.0.0.0 Serial1 no ip http server ! access-list 2 permit 10.0.0.0 0.0.0.255 route-map POLICY permit 10 match ip address 2 set ip next-hop 1.1.1.1 traffic from the network 10.0.0.0 should go through serial 0 and ISP A traffic from the network 192.168.1.0 should go through serial 1 and ISP B. I don't understand how is it possible, that ping from 10.0.0.0 goes through serial 1 and return through serial 0. there is the policy on the ethernet interface. I can't run BGP :( because my router is only 2611 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]