DMVPN and VRF Lite
Someone at - it an example of use of several networks DMVPN and VRF (no MPLS) interfaces
I have a requirment to use a common link to transmit three talking about networks isolated to the Hub as encrypted data. It could be VTI doesn't bother me, but I can't use MPLS.
Thank you
Hello
"back in the day", I made this config:
of http://isamology.blogspot.com/2010/01/IPSec-and-vrfs-so-who-faire-vrf.html
But normally, I guess you've seen this:
http://www.Cisco.com/en/us/prod/collateral/iosswrel/ps6537/ps6586/ps6660/prod_white_paper0900aecd8034be03_ps6658_Products_White_Paper.html
Same principles apply to the VRF lite little matter DMVPN/VTI/GREoIPsec configuration.
tunnel vrf VRF door =
IP vrf forwarding = inside the VRF
Now, if you add the cheat of Nico (for isakmp profiles) sheet especially if necessary, you should be all set.
https://supportforums.Cisco.com/docs/doc-13524
Marcin
Tags: Cisco Security
Similar Questions
-
The AAA authentication and VRF-Lite
Hello!
I encountered a strange problem, when you use authentication Radius AAA and VRF-Lite.
The setting is as follows. A/31 linknet is configured between PE and THIS (7206/g1 and C1812), where the EP sub-si is part of a MPLS VPN and VRF-Lite CE uses to maintain separate local services (where more than one VPN is used..).
Access to the this, via telnet, console etc, will be authenticated by our RADIUS servers, based on the following configuration:
--> Config start<>
AAA new-model
!
!
Group AA radius RADIUS-auth server
Server x.x.4.23 auth-port 1645 acct-port 1646
Server x.x.7.139 auth-port 1645 acct-port 1646
!
AAA authentication login default group auth radius local
enable AAA, enable authentication by default group RADIUS-auth
...
touch of 1646-Server RADIUS host x.x.4.23 auth-port 1645 acct-port
touch of 1646-Server RADIUS host x.x.7.139 auth-port 1645 acct-port
...
source-interface
IP vrf 10 RADIUS ---> Config ends<>
The VRF-Lite instance is configured like this:
---> Config start<>
VRF IP-10
RD 65001:10
---> Config ends<>
Now - if I remove the configuration VRF-Lite and use global routing on the CE (which is OK for a simple vpn installation), AAA/RADIUS authentication works very well. "" When I activate transfer ip vrf "10" on the interface of the outside and inside, AAA/RADIUS service is unable to reach the two defined servers.
I compared the routing table when using VRF-Lite and global routing, and they are identical. All roads are correctly imported via BGP, and the service as a whole operates without problem, in other words, the AAA/RADIUS part is the only service does not.
It may be necessary to include a vrf-transfer command in the config of Group server as follows:
AAA radius RADIUS-auth server group
Server-private x.x.x.x auth-port 1645 acct-port
1646 key ww
IP vrf forwarding 10
See the document below for more details:
http://www.Cisco.com/en/us/partner/docs/iOS/12_4/secure/configuration/guide/hvrfaaa.html
-
DMVPN and INTERNET VIA HUB RENTAL ISSUES
Hello everyone,
I really wish you can help me with the problem I have.
I explain. I test a double Hub - double DMVPN Layout for a client before we set it up in actual production.
The client has sites where routers are behind some ISP routers who do NAT.How things are configured:
-All rays traffic must go through the location of the hub if no local internet traffic on the rays.
-Hub 1 and 2 hub sends a default route to rays through EIGRP. But only Hub 1 is used.
-Hub 1 is the main router to DMVPN. In case of connection / hardware failure of the Internet Hub 2 become active for DMVPN and Internet.
-Hub 1 and 2 hub are both connected to an ISP and Internet gateway for rays.
-Hub 1 and 2 hub are configured with IOS Firewall.
-On the shelves I used VRF for separate DMVPN routning Global routning table so I could receive a default route of 1 Hub and Hub 2 to carry the traffic of rays to the Internet via the location of the hubWhat works:
-All rays can have access to the local network to the location of the hub.
-All the rays can do talk of talk
-Working for DMVPN failover
-Rais NOT behind the router NAT ISP (i.e. the public IP address) directly related to their external interface can go Internet via hub location and all packages are inspected properly by the IOS and Nat firewall properly
What does not work:-Rays behind the NAT ISP router can not access Internet via Hub location. They can reach a local network to the location of the hub and talk of talks.
IOS Firewall Router hub shows packages from rays of theses (behind a NAT) with a source IP address that is the router og PSI of public IP address outside the interface. Not the private address LAN IP back spoke.
In addition, the packets are never natted. If I do some captge on an Internet Server, the private source IP is the IP LAN to the LAN behind the rays. This means that the hub, router nat never these packages.How to solve this problem?
/ * Style definitions * / table. MsoNormalTable {mso-style-name : « Tabel - Normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 cm 5.4pt cm 0 5.4pt ; mso-para-margin : 0 cm ; mso-para-marge-bottom : .0001pt ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-fareast-font-family : « Times New Roman » ; mso-fareast-theme-font : minor-fareast ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ; mso-bidi-font-family : « Times New Roman » ; mso-bidi-theme-font : minor-bidi ;}
Well I don't know that's why I need your help/advice :-)
I don't know that if I have to configure a VRF on the location of the hub gets also like things might mess upward.
The problem seems to be NAT - T the rays that are not behind a NAT, among which go over the Internet through a Hub and inspection of Cisco IOS and NAT are trying to find.
I tested today with the customer at the start them talking behind nat could ping different server on the Internet but not open an HTTP session. DNS was to find work. The IOS Firewall has been actually
inspection of packages with private real IP address. Then I thought it was a MTU issue, so I decided to do a ping on the Internet with the largest MTU size and suddenly the pings were no more.
I could see on the router Hub1 IOS Firewall was inspecting the public IP of the ISP NAT router again alongside with rays and not more than the actual IP address private. Really strange!
Attached files:
I attach the following files: a drawing of configuration called drawing-Lab - Setup.jpeg | All files for HUB1, BRANCH1 and BRANCH2 ISP-ROUTER configs, named respectively: HUB1.txt, BRANCH1.txt, BRANCH2.txt and ISP - ROUTER .txt
Hub1 newspapers when ping host 200.200.200.200 on the Internet of Branch2 (behind the NAT ISP router):
Branch2 #ping vrf DMVPN-VRF 200.200.200.200 source vlan 100
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 200.200.200.200, time-out is 2 seconds:
Packet sent with a source address of 192.168.110.1
.....
Success rate is 0% (0/5)* 06:04:51.017 Jul 15 UTC: % FW-6-SESS_AUDIT_TRAIL_START: start session icmp: initiator (110.10.10.2:8) - answering machine (200.200.200.200:0)
If the IOS Firewall does not inspect the true private source IP address that can be, in this case: 192.168.110.2. He sess on the public IP address.
HUB1 #sh ip nat translations
Inside global internal local outside global local outdoor Pro
ICMP 80.10.10.2:1 80.10.10.2:1 100.10.10.2:1 100.10.10.2:1
ICMP 80.10.10.2:2 80.10.10.2:2 110.10.10.2:2 110.10.10.2:2
UDP 80.10.10.2:4500 80.10.10.2:4500 110.10.10.2:4500 110.10.10.2:4500There is no entry for packets of teas present NAT
Captge on Tunnel 1 on Hub1 interface (incoming packets in):
7 7.355997 192.168.110.1 200.200.200.200 request ICMP (ping) echo
So that the firewall controllable IOS to the 110.10.10.2:8 public IP sniffing capture said that the package come from private real IP addressInhalation of vapours on the server (200.200.200.200) with wireshark:
114 14.123552 192.168.110.1 200.200.200.200 request ICMP (ping) echo
If the private IP address of source between local network of BRANCH2 is never natted by HUB1
If the server sees the address source IP private not natted although firewall IOS Hub1 inspect the public IP address 110.10.10.2:8
Hub1 newspapers when ping host 200.200.200.200 on the Internet of Branch1 (not behind the NAT ISP router):
Branch1 #ping vrf DMVPN-VRF 200.200.200.200 source vlan 100
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 200.200.200.200, time-out is 2 seconds:
Packet sent with a source 192.168.100.1 address
!!!!!* 06:05:18.217 Jul 15 UTC: % FW-6-SESS_AUDIT_TRAIL_START: start session icmp: initiator (192.168.100.1:8) - answering machine (200.200.200.200:0)
This is so the firewall sees the actual private IP which is 192.168.100.1
HUB1 #sh ip nat translations
Inside global internal local outside global local outdoor Pro
ICMP 80.10.10.2:1 80.10.10.2:1 100.10.10.2:1 100.10.10.2:1
ICMP 80.10.10.2:2 80.10.10.2:2 110.10.10.2:2 110.10.10.2:2
UDP 80.10.10.2:4500 80.10.10.2:4500 110.10.10.2:4500 110.10.10.2:4500
ICMP 80.10.10.2:22 192.168.100.1:22 200.200.200.200:22 200.200.200.200:22The real private source IP address is also find natted 1 Hub outside the public IP address
Captge on Tunnel 1 on Hub1 interface (incoming packets in):
8 7.379997 192.168.100.1 200.200.200.200 request ICMP (ping) echo
Real same as inspected by IOS Firewall so all private IP address is y find.
Inhalation of vapours on the server (200.200.200.200) with wireshark:
/ * Style definitions * / table. MsoNormalTable {mso-style-name : « Tabel - Normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 cm 5.4pt cm 0 5.4pt ; mso-para-margin : 0 cm ; mso-para-marge-bottom : .0001pt ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-fareast-font-family : « Times New Roman » ; mso-fareast-theme-font : minor-fareast ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ; mso-bidi-font-family : « Times New Roman » ; mso-bidi-theme-font : minor-bidi ;}
67 10.441153 80.10.10.2 200.200.200.200 request ICMP (ping) echo
So, here's all right. The address is natted correctly.
__________________________________________________________________________________________
Best regards
Laurent
Hello
Just saw your message, I hope this isn't too late.
I don't know what your exact problem, but I think we can work through it to understand it.
One thing I noticed was that your NAT ACL is too general. You need to make it more
specific. In particular, you want to make sure that it does not match the coming of VPN traffic
in to / out of the router.
For example you should not really have one of these entries in your NAT translation table.
HUB1 #sh ip nat translations
Inside global internal local outside global local outdoor Pro
ICMP 80.10.10.2:1 80.10.10.2:1 100.10.10.2:1 100.10.10.2:1
ICMP 80.10.10.2:2 80.10.10.2:2 110.10.10.2:2 110.10.10.2:2
UDP 80.10.10.2:4500 80.10.10.2:4500 110.10.10.2:4500 110.10.10.2:4500Instead use:
Nat extended IP access list
deny ip any 192.168.0.0 0.0.255.255 connect
allow an ip
deny ip any any newspaperIf you can use:
Nat extended IP access list
deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255 connect
IP 192.168.0.0 allow 0.0.255.255 everything
deny ip any any newspaperAlso, I would be very careful with the help of the "log" keyword in an ACL, NAT.
I saw problems.
What are the IOS versions do you use?
Try to make changes to the NAT so that you no longer see the entries of translation NAT
for packages of NAT - T (UDP 4500) in the table of translation NAT on the hub. It may be
This puts a flag on the package structure, that IOS Firewall and NAT is
pick up on and then do the wrong thing in this case.
If this does not work then let me know.
Maybe it's something for which you will need to open a TAC case so that we can
This debug directly on your installation.
Mike.
-
Hello
I was wondering if it was possible to use CRYPTOGRAPHY even for both: DMVPN and CLIENT IPsec?
To make it work, I have to use 1 crypto for the DMVPN and 1 crypto for IPsec, both systems operate on the same router, my router TALK can connect to my HUB router and my computer can connect to the router "HUB" via an IPsec tunnel.
Is their any way to make it easier, instead of doing configs in a single router for more or less the same work?
My stitching question may be stupid, sorry for that, I'm still learning, and I love it
Here below the full work DMVPN + IPsec:
Best regards
Didier
ROUTER1841 #sh run
Building configuration...
Current configuration: 9037 bytes
!
! Last configuration change to 21:51:39 gmt + 1 Monday February 7, 2011 by admin
! NVRAM config last updated at 21:53:07 gmt + 1 Monday February 7, 2011 by admin
!
version 12.4
horodateurs service debug datetime localtime
Log service timestamps datetime msec
encryption password service
!
hostname ROUTER1841
!
boot-start-marker
boot-end-marker
!
forest-meter operation of syslog messages
logging buffered 4096 notifications
enable password 7 05080F1C2243
!
AAA new-model
!
!
AAA authentication banner ^ C
THIS SYSTEM IS ONLY FOR THE USE OF AUTHORIZED FOR OFFICIAL USERS
^ C
AAA authentication login userauthen local
AAA authorization groupauthor LAN
!
!
AAA - the id of the joint session
clock time zone gmt + 1 1 schedule
clock daylight saving time gmt + 2 recurring last Sun Mar 02:00 last Sun Oct 03:00
dot11 syslog
no ip source route
!
!
No dhcp use connected vrf ip
DHCP excluded-address IP 192.168.10.1
DHCP excluded-address IP 192.168.20.1
DHCP excluded-address IP 192.168.30.1
DHCP excluded-address IP 192.168.100.1
IP dhcp excluded-address 192.168.1.250 192.168.1.254
!
IP dhcp pool vlan10
import all
network 192.168.10.0 255.255.255.0
default router 192.168.10.1
lease 5
!
IP dhcp pool vlan20
import all
network 192.168.20.0 255.255.255.0
router by default - 192.168.20.1
lease 5
!
IP dhcp pool vlan30
import all
network 192.168.30.0 255.255.255.0
default router 192.168.30.1
!
IP TEST dhcp pool
the host 192.168.100.20 255.255.255.0
0100.2241.353f.5e client identifier
!
internal IP dhcp pool
network 192.168.100.0 255.255.255.0
Server DNS 192.168.100.1
default router 192.168.100.1
!
IP dhcp pool vlan1
network 192.168.1.0 255.255.255.0
Server DNS 8.8.8.8
default router 192.168.1.1
lease 5
!
dhcp MAC IP pool
the host 192.168.10.50 255.255.255.0
0100.2312.1c0a.39 client identifier
!
IP PRINTER dhcp pool
the host 192.168.10.20 255.255.255.0
0100.242b.4d0c.5a client identifier
!
MLGW dhcp IP pool
the host 192.168.10.10 255.255.255.0
address material 0004.f301.58b3
!
pool of dhcp IP pc-vero
the host 192.168.10.68 255.255.255.0
0100.1d92.5982.24 client identifier
!
IP dhcp pool vlan245
import all
network 192.168.245.0 255.255.255.0
router by default - 192.168.245.1
!
dhcp VPN_ROUTER IP pool
0100.0f23.604d.a0 client identifier
!
dhcp QNAP_NAS IP pool
the host 192.168.10.100 255.255.255.0
0100.089b.ad17.8f client identifier
name of the client QNAP_NAS
!
!
IP cef
no ip bootp Server
IP domain name dri
host IP SW12 192.168.1.252
host IP SW24 192.168.1.251
IP host tftp 192.168.10.50
host IP of Router_A 192.168.10.5
host IP of Router_B 10.0.1.1
IP ddns update DynDNS method
HTTP
Add http://dri66: [email protected] / * *//nic/update?system=dyndns&hostname=mlgw.dyndns.info&myip=[email protected] / * //nic/update?system=dyndns&hostname=mlgw.dyndns.info&myip=
maximum interval 1 0 0 0
minimum interval 1 0 0 0
!
NTP 66.27.60.10 Server
!
Authenticated MultiLink bundle-name Panel
!
!
Flow-Sampler-map mysampler1
Random mode one - out of 100
!
Crypto pki trustpoint TP-self-signed-2996752687
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 2996752687
revocation checking no
rsakeypair TP-self-signed-2996752687
!
!
VTP version 2
username Admin privilege 15 secret 5 $1$ gAFQ$ 2ecAHSYEU9g7b6WYuTY9G.
username cisco password 7 02050D 480809
Archives
The config log
hidekeys
!
!
crypto ISAKMP policy 3
BA 3des
preshared authentication
Group 2
!
crypto ISAKMP policy 10
md5 hash
preshared authentication
ISAKMP crypto cisco123 key address 0.0.0.0 0.0.0.0
!
ISAKMP crypto client configuration group 3000client
key cisco123
DNS 8.8.8.8
dri.eu field
pool VPNpool
ACL 150
!
!
Crypto ipsec transform-set strong esp-3des esp-md5-hmac
Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT
!
Profile cisco ipsec crypto
define security-association life seconds 120
transformation-strong game
!
!
Crypto-map dynamic dynmap 10
Set transform-set RIGHT
!
!
map clientmap client to authenticate crypto list userauthen
card crypto clientmap isakmp authorization list groupauthor
client configuration address map clientmap crypto answer
10 ipsec-isakmp crypto map clientmap Dynamics dynmap
!
!
!
property intellectual ssh time 60
property intellectual ssh authentication-2 retries
IP port ssh 8096 Rotary 1
property intellectual ssh version 2
!
!
!
interface Loopback0
IP 192.66.66.66 255.255.255.0
!
interface Tunnel0
172.16.0.1 IP address 255.255.255.0
no ip redirection
IP mtu 1440
no ip next-hop-self eigrp 90
property intellectual PNDH authentication cisco123
dynamic multicast of IP PNDH map
PNDH network IP-1 id
No eigrp split horizon ip 90
source of tunnel FastEthernet0/0
multipoint gre tunnel mode
0 button on tunnel
Cisco ipsec protection tunnel profile
!
interface FastEthernet0/0
DMZ description
IP ddns update hostname mlgw.dyndns.info
IP ddns update DynDNS
DHCP IP address
no ip unreachable
no ip proxy-arp
NAT outside IP
IP virtual-reassembly
automatic duplex
automatic speed
clientmap card crypto
!
interface FastEthernet0/0,241
Description VLAN 241
encapsulation dot1Q 241
DHCP IP address
IP access-group dri-acl-in in
NAT outside IP
IP virtual-reassembly
No cdp enable
!
interface FastEthernet0/0.245
encapsulation dot1Q 245
DHCP IP address
IP access-group dri-acl-in in
NAT outside IP
IP virtual-reassembly
No cdp enable
!
interface FastEthernet0/1
Description INTERNAL ETH - LAN$
IP 192.168.100.1 address 255.255.255.0
no ip proxy-arp
IP nat inside
IP virtual-reassembly
Shutdown
automatic duplex
automatic speed
!
interface FastEthernet0/0/0
switchport access vlan 10
spanning tree portfast
!
interface FastEthernet0/0/1
switchport access vlan 245
spanning tree portfast
!
interface FastEthernet0/0/2
switchport access vlan 30
spanning tree portfast
!
interface FastEthernet0/0/3
switchport mode trunk
!
interface Vlan1
IP address 192.168.1.250 255.255.255.0
IP nat inside
IP virtual-reassembly
!
interface Vlan10
IP 192.168.10.1 255.255.255.0
IP nat inside
IP virtual-reassembly
!
interface Vlan20
address 192.168.20.1 255.255.255.0
IP nat inside
IP virtual-reassembly
!
Vlan30 interface
192.168.30.1 IP address 255.255.255.0
IP nat inside
IP virtual-reassembly
!
interface Vlan245
IP 192.168.245.1 255.255.255.0
IP nat inside
IP virtual-reassembly
!
Router eigrp 90
network 172.16.0.0
network 192.168.10.0
No Auto-resume
!
IP pool local VPNpool 172.16.1.1 172.16.1.100
IP forward-Protocol ND
no ip address of the http server
local IP http authentication
IP http secure server
!
IP flow-cache timeout idle 130
IP flow-cache timeout active 20
cache IP flow-aggregation prefix
cache timeout idle 400
active cache expiration time 25
!
!
overload of IP nat inside source list 170 interface FastEthernet0/0
overload of IP nat inside source list interface FastEthernet0/0.245 NAT1
IP nat inside source static tcp 192.168.10.10 80 interface FastEthernet0/0 8095
!
access-list 150 permit ip 192.168.10.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 170 refuse ip 192.168.10.0 0.0.0.255 172.16.0.0 0.0.0.255
access-list 170 refuse ip 192.168.10.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 170 permit ip 192.168.10.0 0.0.0.255 any
access-list 180 deny ip 192.168.10.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 180 permit ip 192.168.10.0 0.0.0.255 any
not run cdp
!
!
!
route NAT allowed 10 map
corresponds to the IP 180
!
!
!
control plan
!
exec banner ^ C
WELCOME YOU ARE NOW LOGED IN
^ C
connection of the banner ^ C
WARNING!
IF YOU ARE NOT:
Didier Ribbens
Please leave NOW!
YOUR IP and MAC address will be LOGGED.
^ C
!
Line con 0
Speed 115200
line to 0
line vty 0 4
access-class 5
privilege level 15
Rotary 1
transport input telnet ssh
line vty 5 15
access-class 5
Rotary 1
!
Scheduler allocate 20000 1000
end
Didier,
Some time ago, I wrote a bit on VT, you should be able to find information about the server ezvpn DVTI it.
The configuartion you have right now is the way to strives for ezvpn, with the new way DMVPN (protection of tunnel).
If it is true for the most part, it is best to go on the learning curve Moose and go everythign new configuration.
With EZVPN you can always assign IP from the pool by group ezvpn or external authorization ;-)
Anyway let me know if you face any problems.
Marcin
-
I opened my laptop and I lit the charge then it shows connect to 65w adapter y at - it a problem with my charger?
I pressed the f1 key to continue, then my laptop recharges normally.
-
We have a few customers that tunnel using DMPVN with 831 & 851 routers. Recently, a new order was placed to add a user to an existing tunnel. As 851 routers are no longer available, we went with the model 861 and found that it doesn't have the PNDH in IOS. So how do this work now, and why PNDH is no longer in the last IOS? Seems stupid to not have when used by older models of routers which replaces the 861.
Hello
You are right, the 861 series routers do not support DMVPN (and I tend to agree with you that maybe it's not the smartest marketing decision). For advanced security feature support, such as DMVPN and GETVPN, you must use the routers of the 880 series with all ip services features advanced, see:
http://www.Cisco.com/en/us/prod/collateral/routers/ps380/qa_c67_458826.html
Thank you
Wen
-
VRF-lite, NAT and route-leak
Hello, community. I'm trying to reproduce the installation with two clients (R1 and R2) program, router PE (R3) and common services (R4).
Here is the configuration:
R1:
interface Loopback0
IP 10.10.1.1 255.255.255.255
!
interface FastEthernet1/0
192.168.15.1 IP address 255.255.255.0
!
IP route 0.0.0.0 0.0.0.0 192.168.15.5
R2:
interface Loopback0
10.10.2.2 IP address 255.255.255.255
!
interface FastEthernet1/0
IP 192.168.16.1 255.255.255.192
!
IP route 0.0.0.0 0.0.0.0 192.168.16.5
R3:
IP vrf VRF1
RD 1:1
export of road-objective 1:1
import of course-target 1:1
!
IP vrf VRF2
Rd 2:2
Route target export 2:2
import of course-target 2:2
!
interface FastEthernet0/0
R1 description
IP vrf forwarding VRF1
IP 192.168.15.5 255.255.255.192
IP nat inside
IP virtual-reassembly
!
interface FastEthernet0/1
R2 description
IP vrf forwarding VRF2
IP 192.168.16.5 255.255.255.192
IP nat inside
IP virtual-reassembly
!
interface FastEthernet1/0
R4 description
IP 1.1.1.1 255.255.255.0
NAT outside IP
IP virtual-reassembly
!
IP route 0.0.0.0 0.0.0.0 1.1.1.2
IP route vrf VRF1 0.0.0.0 0.0.0.0 FastEthernet1/0 overall 1.1.1.2
IP route vrf VRF1 10.10.0.0 255.255.0.0 192.168.15.1
IP route vrf VRF2 0.0.0.0 0.0.0.0 FastEthernet1/0 overall 1.1.1.2
IP route vrf VRF2 10.10.0.0 255.255.0.0 192.168.16.1
!
IP nat inside source list 15 interface FastEthernet1/0 vrf VRF1 overload
VRF2 of the IP nat inside source list 16 interface FastEthernet1/0 vrf, overload
!
access-list 15 allow 192.0.0.0 0.255.255.255
access-list 15 allow 10.10.0.0 0.0.255.255
access-list 16 allow 192.0.0.0 0.255.255.255
access-list 16 allow 10.10.0.0 0.0.255.255
R4:
interface Loopback0
IP 10.10.10.10 address 255.255.255.255
!
interface FastEthernet0/0
1.1.1.2 IP 255.255.255.0
!
IP route 0.0.0.0 0.0.0.0 1.1.1.1
The configuration is not operational.
R1 #ping 192.168.15.5
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 192.168.15.5, wait time is 2 seconds:
!!!!!
Success rate is 100 per cent (5/5), round-trip min/avg/max = 68/89/116 ms
R1 #ping 192.168.15.5 source l0
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 192.168.15.5, wait time is 2 seconds:
Packet sent with the address 10.10.1.1 source
!!!!!
Success rate is 100 per cent (5/5), round-trip min/avg/max = 68/86/92 ms
R1 #ping 1.1.1.1 source l0
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes of 1.1.1.1, time-out is 2 seconds:
Packet sent with the address 10.10.1.1 source
.!!!!
Success rate is 80% (4/5), round-trip min/avg/max = 292/357/400 ms
R1 #ping 1.1.1.2 source l0
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 1.1.1.2, time-out is 2 seconds:
Packet sent with the address 10.10.1.1 source
.!!!!
Success rate is 80% (4/5), round-trip min/avg/max = 216/187/160 ms
R1 #ping 10.10.10.10 source l0
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes of 10.10.10.10, time-out is 2 seconds:
Packet sent with the address 10.10.1.1 source
.....
Success rate is 0% (0/5)
I can't ping R4 loopback address ("shared resource" or also known as the "common service")
It is the same with R2 (second customer).
But I can still ping loopback R4 of R3:
R3 #ping 10.10.10.10
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes of 10.10.10.10, time-out is 2 seconds:
!!!!!
Success rate is 100 per cent (5/5), round-trip min/avg/max = 40/88/116 ms
It's the routing on R3 table:
R3 #sh ip road | start the gateway
Gateway of last resort is 1.1.1.2 network 0.0.0.0
1.0.0.0/24 is divided into subnets, subnets 1
C 1.1.1.0 is directly connected, FastEthernet1/0
S * 0.0.0.0/0 [1/0] via 1.1.1.2
R3 #sh ip route vrf VRF1 | start the gateway
Gateway of last resort is 1.1.1.2 network 0.0.0.0
192.168.15.0/26 is divided into subnets, subnets 1
C 192.168.15.0 is directly connected, FastEthernet0/0
10.0.0.0/16 is divided into subnets, subnets 1
S 10.10.0.0 [1/0] via 192.168.15.1
S * 0.0.0.0/0 [1/0] via 1.1.1.2, FastEthernet1/0
R3 #sh ip route vrf VRF2 | start the gateway
Gateway of last resort is 1.1.1.2 network 0.0.0.0
10.0.0.0/16 is divided into subnets, subnets 1
S 10.10.0.0 [1/0] via 192.168.16.1
192.168.16.0/26 is divided into subnets, subnets 1
C 192.168.16.0 is directly connected, FastEthernet0/1
S * 0.0.0.0/0 [1/0] via 1.1.1.2, FastEthernet1/0
So the question is what is the cause of the problem? How to troubleshoot? What is the troubleshooting steps?
His does not work since the address IP of Destination that represents common Services is be routed locally to the THIS itself. That's the problem here. We must ensure that the Destination subnet is not pointing to what is happening here.
R4:
interface Loopback0
IP 10.10.10.10 address 255.255.255.255
!
R3-VRF1
S 10.10.0.0 [1/0] via 192.168.15.1
Concerning
Verdier
-
DMVPN with VRF (redistribution a road by default via VRF)
Hi all
I was testing a DMVPN configuration so that users with POLES surfing the Internet on the Internet portal of the HUB. The SPOKE1PN is able to ping all internal IP addresses and route determination agrees. When he reached out to the Internet (HUB_INTGW) gateway, pings are okay, but traceroute requests time out. I was wondering if anyone has an idea. Here's my topology.
Basically, if SPOKE1PN pings to the Internet, it goes to SPOKE1, HUB1 via tu0, HUB1_INTGW and it gets overloaded NAT.
QUESTION (OK, TRACEROUTE DROPS AFTER OVERLOADED NAT PINGS)
SPOKE1PN #ping 202.0.0.2 rep 88
Type to abort escape sequence.
88, echoes ICMP 100 bytes to 202.0.0.2 sending, time-out is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!
Success rate is 100 per cent (88/88), round-trip min/avg/max = 144/211/328 ms
SPOKE1PN #traceroute 202.0.0.2
Type to abort escape sequence.
The route to 202.0.0.2
1 192.168.1.1 88 MS 64 ms 16 ms
2 172.14.1.1 164 MS 92 MS 128 ms
3 10.1.0.254 152 MS 124 MS ms 116
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
SPOKE1
version 12.4
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
hostname SPOKE1
!
boot-start-marker
boot-end-marker
!
!
No aaa new-model
memory iomem size 5
IP cef
!
IP vrf DMVPN
RD 1:1
!
crypto ISAKMP policy 1
BA aes 256
md5 hash
preshared authentication
Group 5
address key crypto isakmp 0.0.0.0 @ngelam1chell3r1c 0.0.0.0
ISAKMP crypto keepalive 60 periodicals
!
Crypto ipsec transform-set SET1 IPSEC ah-md5-hmac esp - aes
!
Profile of crypto ipsec DMVPN
game of transformation-IPSEC-SET1
!
interface Tunnel0
IP vrf forwarding DMVPN
IP 172.14.1.2 255.255.255.0
no ip redirection
IP mtu 1416
property intellectual PNDH authentication cisco123
property intellectual PNDH card 172.14.1.1 200.0.0.2
map of PNDH IP multicast 200.0.0.2
property intellectual PNDH card 172.14.1.254 200.0.1.2
map of PNDH IP multicast 200.0.1.2
PNDH id network IP-99
property intellectual PNDH nhs 172.14.1.1
property intellectual PNDH nhs 172.14.1.254
source of tunnel FastEthernet0/1
multipoint gre tunnel mode
tunnel key 999
Protection ipsec DMVPN tunnel profile
!
interface FastEthernet0/0
IP vrf forwarding DMVPN
IP 192.168.1.1 255.255.255.0
automatic duplex
automatic speed
!
interface FastEthernet0/1
IP 201.0.0.2 255.255.255.240
Speed 100
full-duplex
!
Router eigrp 1
Auto-resume
!
address ipv4 vrf DMVPN family
redistribute connected
network 172.14.1.0 0.0.0.255
network 192.168.1.0
No Auto-resume
autonomous system of-1
output-address-family
!
IP forward-Protocol ND
IP route 0.0.0.0 0.0.0.0 201.0.0.1
!
no ip address of the http server
no ip http secure server
!
control plan
!
Line con 0
line to 0
line vty 0 4
!
end
HUB1
version 12.4
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
hostname HUB1
!
boot-start-marker
boot-end-marker
!
No aaa new-model
memory iomem size 5
IP cef
!
IP vrf DMVPN
RD 1:1
!
crypto ISAKMP policy 1
BA aes 256
md5 hash
preshared authentication
Group 5
address key crypto isakmp 0.0.0.0 @ngelam1chell3r1c 0.0.0.0
ISAKMP crypto keepalive 60
!
Crypto ipsec transform-set SET1 IPSEC ah-md5-hmac esp - aes
No encryption ipsec nat-transparency udp-program
!
Profile of crypto ipsec DMVPN
game of transformation-IPSEC-SET1
!
interface Tunnel0
IP vrf forwarding DMVPN
IP 172.14.1.1 255.255.255.0
no ip redirection
IP mtu 1416
property intellectual PNDH authentication cisco123
dynamic multicast of IP PNDH map
PNDH id network IP-99
source of tunnel FastEthernet0/1
multipoint gre tunnel mode
tunnel key 999
Protection ipsec DMVPN tunnel profile
!
interface FastEthernet0/0
IP vrf forwarding DMVPN
IP 10.1.0.1 255.255.255.0
automatic duplex
automatic speed
!
interface FastEthernet0/1
IP 200.0.0.2 255.255.255.240
Speed 100
full-duplex
!
Router eigrp 1
Auto-resume
!
address ipv4 vrf DMVPN family
redistribute connected
redistribute static
Network 10.1.0.0 0.0.0.255
network 172.14.1.0 0.0.0.255
No Auto-resume
autonomous system of-1
output-address-family
!
IP forward-Protocol ND
IP route 0.0.0.0 0.0.0.0 200.0.0.1
IP route vrf DMVPN 0.0.0.0 0.0.0.0 10.1.0.254
!
no ip address of the http server
no ip http secure server
!
control plan
!
Line con 0
line to 0
line vty 0 4
!
end
HUB1_INTGW
version 12.4
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
hostname HUB1_INTGW
!
boot-start-marker
boot-end-marker
!
No aaa new-model
memory iomem size 5
IP cef
!
no ip domain search
!
Authenticated MultiLink bundle-name Panel
!
Archives
The config log
hidekeys
!
interface FastEthernet0/0
IP 10.1.0.254 255.255.255.0
IP nat inside
IP virtual-reassembly
automatic duplex
automatic speed
!
interface FastEthernet0/1
IP 200.0.1.2 255.255.255.240
NAT outside IP
IP virtual-reassembly
Speed 100
full-duplex
!
IP forward-Protocol ND
IP route 0.0.0.0 0.0.0.0 200.0.1.1
IP route 192.168.1.0 255.255.255.0 10.1.0.1
!
no ip address of the http server
no ip http secure server
overload of IP nat inside source list ACL_NATOVERLOAD interface FastEthernet0/1
!
IP access-list standard ACL_NATOVERLOAD
permit 10.1.0.0 0.0.0.255
permit 192.168.1.0 0.0.0.255
permit 172.14.1.0 0.0.0.255
!
control plan
!
Line con 0
exec-timeout 0 0
Synchronous recording
line to 0
line vty 0 4
!
end
Desmon,
If the works of ping I can bet you that it's a problem of how ICMP unreachable it will be via NAT (PAT in fact) in response to UDP with expired TTL.
Can you do a static NAT on HUB1_INTGW to the IP test and you should see a difference... BTW the debug ip packet is your friend, try it :-) on INTGW and INT_RTR
Marcin
-
I changed the batteries AA and CR1200 battery and the lite on screen keeps flashing?
Can not stop flashing battery lite on camera, changed all THE batteries?
It could be dirty, tarnished spring contacts would be a better term.
You did not say what brand of batteries you use this "could" play a role too because you get variations in the nozzle at the top but not to the actual body size may be different... all we need is a current reduced flow caused by a bad contact be loses fitting or tranished because he would become so resistive causing a voltage drop of contact acorss.
If you use a strange mark sounding or 'El cheapos' might I suggest trying something like Duracell - I use them in my Canon A650IS and they seem to last much longer than the others, I tried.
It takes the contacts should be cleaned somehow. For electrical contacts cleaning, I use a brush fiberglass in the form of a pen, a couple of swirls round is what it takes against the contacts.
A bad battery brand could also create this problem would be unable to provide the necessary power.
Dave
-
IKEv2 with NAT - T and VRF (FlexVPN)
Hello
I'm trying to get it works and the IOS debugging commands show nothing.
Spoke1
======
Keyring cryptographic ikev2 LAN-to-LAN
peer HUB
address of the identity 93.174.221.254
pre-shared key local TEST
pre-shared key remote TSET
!
Profile of ikev2 crypto IPSEC_IKEv2
match one address remote identity 93.174.221.254 255.255.255.255
identity local fqdn spoke1.domain.com
sharing front of remote authentication
sharing of local meadow of authentication
door-key local LAN-to-LAN
!
Crypto ipsec transform-set ESP-TUNNEL esp - aes esp-sha-hmac
tunnel mode
!
Crypto ipsec IPSEC profile
game of transformation-ESP-TUNNEL
IPSEC_IKEv2 Set ikev2-profile
!
interface tunnels2
Description VTI2 | CUSTOMER2
VRF forwarding CUSTOMER2
Unnumbered IP Loopback2
source of Dialer1 tunnel
ipv4 ipsec tunnel mode
tunnel destination 93.174.221.254
tunnel path-mtu-discovery
Ipsec IPSEC protection tunnel profile
!
interface Loopback2
VRF forwarding CUSTOMER2
10.47.255.1 the IP 255.255.255.255
!
interface Dialer1
IP address negotiated
!
HUB
====
Keyring cryptographic ikev2 LAN-to-LAN
spoke1.domain.com peer
identity domain name full spoke1.domain.com
pre-shared key local TSET
Remote pre-shared key TEST
!
Profile of ikev2 crypto IPSEC_IKEv2
match identity fqdn remote spoke1.domain.com
address local identity 93.174.221.254
sharing front of remote authentication
sharing of local meadow of authentication
door-key local LAN-to-LAN
virtual-model 2
!
Crypto ipsec transform-set ESP-TUNNEL esp - aes esp-sha-hmac
tunnel mode
!
Crypto ipsec IPSEC profile
game of transformation-ESP-TUNNEL
IPSEC_IKEv2 Set ikev2-profile
!
tunnel type of interface virtual-Template2
Description VTI2 | CUSTOMER2
VRF forwarding CUSTOMER2
Unnumbered IP Loopback2
source of Loopback254 tunnel
ipv4 ipsec tunnel mode
tunnel path-mtu-discovery
Ipsec IPSEC protection tunnel profile
!
interface Loopback2
VRF forwarding CUSTOMER2
10.47.255.252 the IP 255.255.255.255
!
interface Loopback254
93.174.221.254 the IP 255.255.255.255
!
-----
The ray can do anything on the internet, including the face address public hub 93.174.221.254 ping, but the tunnel is not started. Each end is running RIPv2 under the context of 'CUSTOMER2' with 'network 10.0.0.0' and no Auto-resume. Static routes do not seem to kick in life either. Any help would be appreciated, thanks.
[Cool!;]
Don't forget that a similar logic applies to the talk of talk communication. know what address IP/identity should I put as the identity of the peer in the Keyring? :-)
-
DMVPN and active directory (logon)
Hi all
We have a DMVPN configuration between a few sites and everything seems fine, except that the logons through the VPN for a new domain active directory are very slow (10-15 minutes). I believe that the problem may be with the fragmentation of tunnel and packages such as AD is configured correctly.
I am looking for some recommendations or advice on the MTU and TCP MSS settings see if it solves the problem.
both the hub and the spokes are currently with the following settings MTU and MSS (ive removed some irrelevant information) Tunnel0 was originally a mtu of 1440 but if whatever it is 1400 is even worse.
Thank you
interface Tunnel0
IP 1400 MTU
IP nat inside
authentication of the PNDH IP SP1
dynamic multicast of IP PNDH map
PNDH network IP-1 id
IP virtual-reassembly in
No cutting of the ip horizon
source of Dialer0 tunnel
multipoint gre tunnel mode
0 button on tunnel
Profile of ipsec protection tunnel 1
interface Dialer0
MTU 1492
the negotiated IP address
NAT outside IP
IP virtual-reassembly in
encapsulation ppp
IP tcp adjust-mss 1452
Dialer pool 1
Dialer-Group 1
Darren,
In general the prolem is due to Kerberos on UDP traffic.
There are several ways you can solve the problem:
(1) transition to Kerberos over TCP. (suggested)
(2) setting the MSS on the interface of tunnel not on telephone transmitter (recommended)
(3) allowing the PMTUD tunnel (strongly recommended).
M.
-
Hello
You start to replace all of our ISA Server with with DMVPN cisco routers. So far, we are happy with everything, but I ran into a problem. I've just set up one of our agencies and the DMVPN works very well, but this location also has a VPN tunnel to another branch that we have not replaced with Cisco equipment yet. The problem I have is that as soon as I associate an ipsec site-to-site VPN on the router, the DMVPN drops.
I create the Ipsec VPN:
map VPN_Crypto 1 ipsec-isakmp crypto
game of transformation-ESP-3DES-SHA
the value of aa.aa.aa.aa peer
match address 103 (where address is allow remote local IP subnet the IP subnet)
and everything works fine. As soon as I do the following:
interface GigabitEthernet0/1
card crypto VPN_Crypto
The DMVPN drops. If I can connect to and run:
interface GigabitEthernet0/1
No crypto card
The DMVPN happens immediately.
What could I do it wrong? Here is the config for the Tunnel0 DMVPN tunnel:
interface Tunnel0
bandwidth 1000
192.168.10.31 IP address 255.255.255.0
no ip redirection
IP 1400 MTU
authentication of the PNDH IP DMVPN_NW
map of PNDH IP xx.xx.xx.xx multicast
property intellectual PNDH card 192.168.10.10 xx.xx.xx.xx
PNDH id network IP-100000
property intellectual PNDH holdtime 360
property intellectual PNDH nhs 192.168.10.10
dmvpn-safe area of Member's area
IP tcp adjust-mss 1360
delay of 1000
source of tunnel GigabitEthernet0/1
multipoint gre tunnel mode
tunnel key 100000
Tunnel CiscoCP_Profile1 ipsec protection profile
If you need anything else the config for help just let me know. Our main site router, I had no problem with him being the DMVPN hub and also having a handful of Ipsec VPN set up on it well. I appreciate a lot of help, I really need to get both of these tunnels running simultaneously as soon as possible.
Yes, but I don't see anything looking for strange (well, configs generated by CCP always sound strange...).
Maybe you run into a bug. Have you tried a different IOS? Personally I wouldn't use 15.2 if I have to. You can try 15.0 (1) M8 and see if it works.
--
Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
http://www.Kiva.org/invitedBy/karsteni -
Decision on DMVPN and L2L simple IPsec tunnels
I have a project where I need to make a decision on which solution to implement... environment is as follows...
- 4 branches.
- Each branch has 2 subnets; one for DATA and another for VOICE
- 2 ISPS in each (an Internet access provider and a provider of MPLS)
- Branch #1 isn't necessarily the HUB office that all database servers and files are there are
- Branch #2 is actually where the phone equipment
- Other 2 branches are just branches speaks (may not need never DATA interconnectivy, but they do need interconnection VOICE when they call since we spoke directly to the other)
- MPLS is currently used for telephone traffic.
- ISP provider link is used for site to site tunnels that traverse the internet, and it is the primary path for DATA. Means that all branch DATA subnets use the tunnels from site to site as main road to join the #1 branch where all files and databases are located.
- I'd like to have redundancy in case the network MPLS down for all traffic VOICE switch to L2L tunnels.
My #1 Option
Because it isn't really a star to the need, I don't really know if I want to apply DMVPN, although I read great things about it. In addition, another reason, I would have perhaps against DMVPN is the 'delay' involved, at least during initialization, communications having spoke-to-spoke. There is always a broken package when a department wants to initiate communication with one another.
My #2 Option
My other choice is just deploy L2L IPSec tunnels between all 4 branches. It's certainly much easier to install than DMVPN although DMVPN can without routing protocols that I think I'll need. But with these Plains L2L IPSec tunnels, I can also add the GRE tunnels and the routing of traffic protocols it as well as all multicast traffic. In addition, I can easily install simple IP SLA that will keep all tunnels upwards forever.
Can someone please help to choose one over the other is? or if I'm just okay with the realization of the #2 option
Thanks in advance
Hi ciscobigcat
Yes, OSPF will send periodic packets 'Hello' and they will maintain the tunnels at all times.
The numbers that you see (143 and 1001) are the "cost" of the track, so OSPF (Simplified) will calculate what different paths there are to a destination and assign each of them a 'cost' (by assigning a cost to each segment of the path, for example GigabitEthernet is "lower cost" Fastethernet and then adding the costs of all segments).
Then it will take the path to the lowest cost (143 in your case, in normal operation) and insert this in the routing table.
So since traffic is already going the right way, I don't know if you still need any tweaking? Personally, I would not add a second routing protocol because, generally, makes things more complicated.
QoS, it is important to use "prior qos rank".
See for example
http://www.Cisco.com/en/us/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/IPSecQoS.html
http://www.Cisco.com/en/us/Tech/tk543/tk757/technologies_tech_note09186a00800b3d15.shtml
HTH
Herbert
-
Captivate and Flash lite 2.1 for Mobile
Hi, I need to view a SWF file in my Intermec CN3 HH, but when I try to do that, visualization is not good, I installed Adobe flash lite 2.1 and 7 MFlashPlayer to view my SWF, but does not work, do I still have another program?, or what can I do?, I exported this compatible with Flash 7 SWF file from Captivate 3 I need to make it compatible with flash lite 2.1, do I have to export to Flash CS3 and export and then from there to flash lite 2.1?, thank you.
> Hi, I need to view a SWF file in my Intermec CN3 HH, but when I try
> do
> that visualization is not good, I installed Adobe flash lite 2.1 and
> 7 MFlashPlayer to view my SWF, but is not working, do I still need
> another
> program?, or what can I do?, I exported the SWF file from Captivate 3
> compatible with Flash 7, I need to make it compatible with flash lite
> 2.1,
> do I need to export to Flash CS3 and export and then from there to flash lite
> 2.1?, thank you.See if this helps:-
http://www.Adobe.com/devnet/Captivate/articles/mobile_captivate.html
There are several things to Captivate 2 which are not viewable in Flash Lite.
The article above should help you to create a project file that can be accessed
on your mobile devices.Steve
--
Adobe Community Expert: Devices, Mobile Flash and Authorware
http://www.magnoliamultimedia.comYou must go to MAX - http://adobemax2007.com/na/
-
Tecra M5 - fan is noisy and constantly lit
I have a new Tecra M5, to replace a M400... The M400 at first had a very noisy fan but Toshiba provided an update of the BIOS to reduce, which was good!
The M5 does not have this luxury, the fan is constantly on and I know that the goal is to keep cool.
But I know from experience we Shouldna´t have to be this strong. Someone at - it experience the same problems or know of a fix?Powersaver tool does not appear to reduce this and I noticed that the two options is grayed out and disabled now.
Hello
> The tool powersaver doesn t seem to reduce ve all and I noticed that the two options is grayed out and disabled now
What options are just grayed out?I just read your first thread on the wrong BIOS update. It seems that you have updated the wrong BIOS on your laptop. Am I wrong?
Have you noticed this fan behavior before update BIOS?
Maybe you are looking for
-
Qosmio G30 - TV card not respond
Hi I have a problem with the Toshiba tv cardAll of the tv-card programs does not respond when frost, can not kil the tv program card so power reboot touch:(ce que je s'il vous plaît ce problème avec tous les soft pour tv-card) My pcQosmio G30 OS Vist
-
Satellite A105-S1014 - BIOS hangs during loading
Hi all I'm working on an A105-S1014. the problem is that when trying to boot the system, the bios starts to load, but it freezes. There is a bar of progression at the bottom of the screen and it stops just about 2/3 of the way. This is a laptop that
-
Hello, I own this phone and im thinking of upgrading the processor. Manual HP, I found that the proccessor max that I can install is q9100. But from the Web page of chipset intel, I found that for my chipset portable maximum proccessor is QX9300 and
-
I noticed in my email that someone sent some of my contacts, email coming out and using my name. I received a mailer and found that attachments that have been added to the e-mail were something that I'm not familiar with, or know, but still, it was
-
Laptop HP 15-r205ne: reverse keyboard
Dear Sir / Madam,. I have a problem with my keyboard. That is to say, @ and "were reversed after upgrade to windows 10. @ should be in numeric key 2 and "must be in inverted comma key.i want @ back to number keys 2 and Vice Versa." Thank you.