DMVPN DOUBLE on routers Cisco 1812
I have 5 routers 1812 I put in place in a dmvpn configuration star between 5 sites. All routers have a secondary internet connection. Could I set up a second tunnel on each router interface to create a dmvpn backup that will use this secondary internet connection? I use EIGRP for routing.
Ideas or suggestions, I would apreciate.
Thank you!
D.
DACE,
One of the possibilities of use of two ISPs in DMVPN is described here:
https://supportforums.Cisco.com/thread/2106309
Marcin
Tags: Cisco Security
Similar Questions
-
VPN between 2 routers Cisco 1841 (LAN to LAN)
Hello
I need to connect two offices (two different LAN) using routers cisco 1841 at both ends.
Currently the two cisco router are in working condition and refer the internet LAN clients. (making the NAT).
Can someone please tell us what is the easiest way to set up a VPN between two sites, so that LAN users to an office to access mail servers electronic/request to the office LAN.
I understand that I need IPSec Site to Site VPN (I think).
Anyonce can you please advise.
Kind regards.
s.nasheet wrote:
Hi ,
I need to connect two offices ( two different LAN's) together using cisco 1841 routers at both end.
Currently both cisco router are in working order and acting as a internet gateway to the LAN clients. ( doing NAT).
Can anybody please advise what is the easiest method to configure VPN between two sites so that LAN users at one office be able to access the email/application servers at the other LAN office.
I understand I need IPSec Site to Site VPN ( i think).
Can anyonce please advise.
Regards.
Yes, you need a VPN site-to site. Start with this link which gives a number of examples to set up a VPN S2S between 2 routers Cisco.
http://www.Cisco.com/en/us/Tech/tk583/TK372/tech_configuration_examples_list.html#anchor16
Jon
-
We have a few customers that tunnel using DMPVN with 831 & 851 routers. Recently, a new order was placed to add a user to an existing tunnel. As 851 routers are no longer available, we went with the model 861 and found that it doesn't have the PNDH in IOS. So how do this work now, and why PNDH is no longer in the last IOS? Seems stupid to not have when used by older models of routers which replaces the 861.
Hello
You are right, the 861 series routers do not support DMVPN (and I tend to agree with you that maybe it's not the smartest marketing decision). For advanced security feature support, such as DMVPN and GETVPN, you must use the routers of the 880 series with all ip services features advanced, see:
http://www.Cisco.com/en/us/prod/collateral/routers/ps380/qa_c67_458826.html
Thank you
Wen
-
DMVPN double pivot on-site battery
Hello
I have a stacked double DMVPN hub site, VPN for IPv4 or IPv6 ether works correctly, but not both at the same time.
If peers IPv4 connects first, then IPv6 peers are unable to form an IPsec security association and the other way around. Crypto ISAKMP phase 1 is built correctly.
A "crypto ipsec to show his ' on the hub shows than her for the kind of peers connecting first. A "crypto ipsec to show his" on the ray that is unable to form a security with the Hub shows association, an association of security, but with none of the proposals and send to the counters of errors:
SA speaks (IPv4)
Interface: Tunnel1
Tag crypto map: my-profile-v4-head-1, local addr 2.2.2.1
protégé of the vrf: (none)
local ident (addr, mask, prot, port): (2.2.2.1/255.255.255.255/47/0)
Remote ident (addr, mask, prot, port): (1.1.1.1/255.255.255.255/47/0)
current_peer 1.1.1.1 port 500
PERMITS, flags = {origin_is_acl, ipsec_sa_request_sent}
#pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 0, #pkts compr. has failed: 0
#pkts not unpacked: 0, #pkts decompress failed: 0
#send errors 23255, #recv errors 0
endpt local crypto. : 2.2.2.1, remote Start crypto. : 1.1.1.1
text path mtu 1500 mtu 1500 gross, ip mtu 1500, ip mtu BID (no)
current outbound SPI: 0x0 (0)
PFS (Y/N): N, Diffie-Hellman group: no
SAS of the esp on arrival:
the arrival ah sas:
SAS of the CFP on arrival:
outgoing esp sas:
outgoing ah sas:
outgoing CFP sas:
protégé of the vrf: (none)
I'm in IOS Version 15.3 (2) T, is there some kind of known bug or workaround for this?
Configuration of the interface
interface GigabitEthernet0
Description * outside *.
IP 1.1.1.1 255.255.255.0
automatic duplex
automatic speed
IPv6 2001:1:1:1:1 address / 64
Encryption configuration
crypto ISAKMP policy 10
BA aes 256
preshared authentication
Group 14
key cisco address 0.0.0.0 crypto ISAKMP xauth No.
ISAKMP crypto key cisco ipv6 address: / 0 no.-xauth
ISAKMP crypto keepalive 10 periodicals
Crypto ipsec transform-set My - Set esp - aes 256 esp-sha512-hmac
tunnel mode
Crypto ipsec v4-profile-My profile
Description * fuer profile IPsec peers IPv4 *.
the transform-set My - Set value
PFS group2 Set
Crypto ipsec profile My-profile-v6
Description * fuer IPsec peer IPv6 profile *.
the transform-set My - Set value
PFS group2 Set
Tunnel configuration
Tunnel1 interface
Description * DMVPN Intranet IPv4 *.
bandwidth 1000
IP vrf forwarding VPN
IP 10.0.10.1 255.255.255.0
no ip redirection
IP mtu 1416
no ip next-hop-self eigrp 65351
no ip split horizon eigrp 65351
PIM sparse-mode IP
dynamic multicast of IP PNDH map
PNDH network IP-1 id
property intellectual PNDH holdtime 360
property intellectual shortened PNDH
the PNDH IP forwarding
IP tcp adjust-mss 1360
load-interval 30
Shutdown
KeepAlive 10 3
source of tunnel GigabitEthernet0
multipoint gre tunnel mode
key 1 tunnel
Shared protection my-profile-v4 ipsec tunnel profile
!
interface tunnels2
Description * DMVPN Intranet IPv6 *.
bandwidth 1000
IP vrf forwarding VPN
10.0.12.1 IP address 255.255.255.0
IP mtu 1416
no ip next-hop-self eigrp 65351
no ip split horizon eigrp 65351
PIM sparse-mode IP
dynamic multicast of IP PNDH map
PNDH network IP-2 id
property intellectual PNDH holdtime 360
property intellectual shortened PNDH
the PNDH IP forwarding
IP tcp adjust-mss 1360
load-interval 30
KeepAlive 10 3
source of tunnel GigabitEthernet0
gre tunnel mode multipoint ipv6
tunnel key 2
Shared protection ipsec mon-profile-v6 tunnel profile
Kind regards
Thomas
Thomas,
Design interesting, I understand that you test this by double stacked spoke?
I wish you a few things:
(1) absolutely remove "keepalive 10 3" love interfaces (with protection tunnel!)
It is not supported.
(2) you say 'shared' on profiles, but in fact you do NOT share the profile, that is, you use two different profiles.
Seems strange. Here are my suggestions:
(a) either use the same profile for both IPv6 and IPv4 OR tunnels
(b) separate use two usage profile different transform sets for two profiles (i.e. try to use 3des instead of AES, since it is a laboratory test).
I can't find the reference at the moment, but I think that number 2 option might be what you're looking for.
M.
-
double authentication with Cisco's VPN IPSEC client
Cisco VPN client (the legacy IPSEC client) does support dual authentication with RSA token AND ActiveDirectory credentials?
I know that AnyConnect supports it and the commandsecondary- authentication -Server- group' is only for ssl connections, but must be confirmed.
Kind regards
Mohammad
Hi Mohammad,.
What is double authentication support for Cisco VPN Client?
A. No. Double authentication only is not supported on the Cisco VPN Client.
You can find more information on the customer Cisco VPN here.
As you said the only client that supports dual authentication is the Cisco AnyConnect secure mobility Client.
Please note and mark it as correct this Post!
Let me know if there are still questions about it!
David Castro,
-
DMVPN double double Hub application for assistance?
Hello someone with experience DMVPN,.
Can you please have a look at my DMVPN queries in the attached document?
Thank you
Concerning
The Phuc
Hi the Phuc,
I found for you a fairly detailed design and implementation guide. Please read carefully and implement a test bench. I am sure that you will get support for specific issues if you are having problems.
http://www.Cisco.com/en/us/docs/solutions/Enterprise/WAN_and_MAN/DMVPN_2_Phase2.html
These documents are written with care and I have never encountered any problem with these reference implementations.
Also: Please do not formulate your questions in an attached document, making it difficult for us to give you answers.
Best regards, MiKa
-
Cisco 1812 no contact to the Radius Server
Hi guys,.
IM pretty new to cisco and plays with an 1812 products... I am trying set up an easy VPN server, with the support of ray and I can see that I did everything right, but there is a problem, because the router do not contact the RADIUS server and the RADIUS server has been tested ok.
Anyone who can see what I'm missing? Worked with this problem for 3 days now.
Here is my CONF.
Current configuration: 9170 bytes
!
! Last modification of the configuration to 13:44:49 UTC Tuesday, October 12, 2010
!
version 15.1
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
router host name
!
boot-start-marker
boot-end-marker
!
!
no set record in buffered memory
!
AAA new-model
!
!
AAA server radius sdm-vpn-server-group 1 group
auth-port 1645 90.0.0.245 Server acct-port 1646
!
AAA authentication login default local
AAA authentication login sdm_vpn_xauth_ml_1-passwd-expiry group sdm-vpn-server-group 1
AAA authorization exec default local
AAA authorization sdm_vpn_group_ml_1 LAN
!
!
!
!
!
AAA - the id of the joint session
!
Crypto pki token removal timeout default 0
!
Crypto pki trustpoint TP-self-signed-250973313
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 250973313
revocation checking no
!
!
TP-self-signed-250973313 crypto pki certificate chain
certificate self-signed 01
308201A 5 A0030201 02020101 3082023C 300 D 0609 2A 864886 F70D0101 04050030
2 040355 04031325 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 30312E30
69666963 32353039 37333331 33301E17 313031 30313230 39343333 0D 6174652D
395A170D 2E302C06 1325494F 03540403 32303031 30313030 30303030 5A 303031
532D 5365 6C662D53 69676E65 4365 72746966 69636174 652 3235 30393733 642D
06092A 86 4886F70D 01010105 33313330 819F300D 00308189 02818100 0003818D
BCF94FB0 77240E92 B703CE70 556D5D22 A57823E5 DD4CD4C4 12D639DE 5E97DB2D
81FBB304 9FA677A6 CAD84F96 9734081B F8F8FAAE 000B02FB AEF7C7B1 73AFA44B
7D27E112 8991F03B 3D4FD484 34E2EA9F BD426F73 48778F2A AD35AAD6 EC00805D
249B 8702 D545AEEA 40670DFD 3E6BEC29 EE48A0C6 CB7694FD 722D1A62 3A499CC5
02030100 01A 36630 03551 D 13 64300F06 0101FF04 05300301 01FF3011 0603551D
11040A 30 08820652 6F757465 72301F06 23 04183016 801462CB F6BD12F6 03551D
080C8A89 F9FBBDCE 9751528A FFFD301D 0603551D 0E041604 1462CBF6 BD12F608
0C8A89F9 FBBDCE97 51528AFF FD300D06 092 HAS 8648 01040500 03818100 86F70D01
ACA87977 CF 55225 6 9147E57E 8B5A8CA8 46348CAF 801D11C6 9DA57C69 14FA5076
6844F0CC 4CBEB541 136A483A 69F7B7F0 E44474E8 14DC2E80 CC04F840 B 3531, 884
F08A492D 8C3902C0 725EE93D AC83A29F 799AAE0F 5795484B B3D02F84 911DB135
5 189766 C30DA111 6B9B4E46 E999DA5B 202 21B0B9D4 HAS 6900 07A93D8D 41C7FD21
quit smoking
dot11 syslog
IP source-route
!
!
!
!
!
IP cef
No ipv6 cef
!
Authenticated MultiLink bundle-name Panel
!
!
!
license udi pid CISCO1812/K9 sn FCZ10232108
username admin privilege 15 secret 5 P677 $1$ $ Rggfdgt8MeD8letZDL08d.
!
!
!
type of class-card inspect correspondence sdm-nat-smtp-1
game group-access 101
smtp Protocol game
type of class-card inspect entire game SDM_AH
match the name of group-access SDM_AH
type of class-card inspect all sdm-cls-insp-traffic game
match Protocol cuseeme
dns protocol game
ftp protocol game
h323 Protocol game
https protocol game
match icmp Protocol
match the imap Protocol
pop3 Protocol game
netshow Protocol game
Protocol shell game
match Protocol realmedia
match rtsp Protocol
smtp Protocol game
sql-net Protocol game
streamworks Protocol game
tftp Protocol game
vdolive Protocol game
tcp protocol match
udp Protocol game
inspect the class-map match sdm-insp-traffic type
corresponds to the class-map sdm-cls-insp-traffic
type of class-card inspect all SDM-voice-enabled game
h323 Protocol game
Skinny Protocol game
sip protocol game
type of class-card inspect entire game SDM_IP
match the name of group-access SDM_IP
type of class-card inspect entire game SDM_ESP
match the name of group-access SDM_ESP
type of class-card inspect entire game SDM_EASY_VPN_SERVER_TRAFFIC
match Protocol isakmp
match Protocol ipsec-msft
corresponds to the SDM_AH class-map
corresponds to the SDM_ESP class-map
type of class-card inspect the correspondence SDM_EASY_VPN_SERVER_PT
corresponds to the SDM_EASY_VPN_SERVER_TRAFFIC class-map
type of class-card inspect all match sdm-cls-icmp-access
match icmp Protocol
tcp protocol match
udp Protocol game
type of class-card inspect correspondence sdm-invalid-src
game group-access 100
type of class-card inspect correspondence sdm-icmp-access
corresponds to the class-map sdm-cls-icmp-access
type of class-card inspect correspondence sdm-Protocol-http
http protocol game
!
!
type of policy-card inspect sdm-permits-icmpreply
class type inspect sdm-icmp-access
inspect
class class by default
Pass
type of policy-card inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-smtp-1
inspect
class class by default
drop
type of policy-map inspect sdm - inspect
class type inspect sdm-invalid-src
Drop newspaper
class type inspect sdm-insp-traffic
inspect
class type inspect sdm-Protocol-http
inspect
class type inspect SDM-voice-enabled
inspect
class class by default
Pass
type of policy-card inspect sdm-enabled
class type inspect SDM_EASY_VPN_SERVER_PT
Pass
class class by default
drop
type of policy-card inspect sdm-license-ip
class type inspect SDM_IP
Pass
class class by default
Drop newspaper
!
security of the area outside the area
safety zone-to-zone
ezvpn-safe area of zone
safety zone-pair sdm-zp-self-out source destination outside zone auto
type of service-strategy inspect sdm-permits-icmpreply
source of sdm-zp-out-auto security area outside zone destination auto pair
type of service-strategy inspect sdm-enabled
safety zone-pair sdm-zp-in-out source in the area of destination outside the area
type of service-strategy inspect sdm - inspect
sdm-zp-NATOutsideToInside-1 zone-pair security source outside the area of destination in the area
type of service-strategy inspect sdm-pol-NATOutsideToInside-1
in the destination box source sdm-zp-in-ezvpn1 ezvpn-pairs area security
type of service-strategy inspect sdm-license-ip
source of sdm-zp-out-ezpn1 of security area outside zone ezvpn-zone time pair of destination
type of service-strategy inspect sdm-license-ip
safety zone-pair sdm-zp-ezvpn-out1-source ezvpn-zone of destination outside the area
type of service-strategy inspect sdm-license-ip
safety zone-pair source sdm-zp-ezvpn-in1 ezvpn-area destination in the area
type of service-strategy inspect sdm-license-ip
!
!
crypto ISAKMP policy 1
BA 3des
preshared authentication
Group 2
!
Configuration group Sindby crypto isakmp client
key TheSommerOf03
90.0.0.240 DNS 8.8.8.8
win 90.0.0.240
SBYNET field
pool SDM_POOL_2
Max-users 15
netmask 255.255.255.0
ISAKMP crypto sdm-ike-profile-1 profile
identity Sindby group match
client authentication list sdm_vpn_xauth_ml_1
ISAKMP authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-model 1
!
!
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
Crypto ipsec transform-set esp-SHA2-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set esp-3des SHA3-ESP-3DES esp-sha-hmac
Crypto ipsec transform-set esp-3des SHA4-ESP-3DES esp-sha-hmac
Crypto ipsec transform-set esp-3des SHA5-ESP-3DES esp-sha-hmac
Crypto ipsec transform-set esp-3des SHA6-ESP-3DES esp-sha-hmac
Crypto ipsec transform-set esp-3des SHA7-ESP-3DES esp-sha-hmac
Crypto ipsec transform-set esp-3des SHA8-ESP-3DES esp-sha-hmac
Crypto ipsec transform-set esp-3des SHA9-ESP-3DES esp-sha-hmac
Crypto ipsec transform-set esp-3des SHA10-ESP-3DES esp-sha-hmac
!
Profile of crypto ipsec SDM_Profile1
game of transformation-ESP-3DES-SHA10
isakmp-profile sdm-ike-profile-1 game
!
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
Shutdown
!
interface FastEthernet0
Description $FW_OUTSIDE$
IP address 93.166.xxx.xxx 255.255.255.248
NAT outside IP
IP virtual-reassembly in
outside the area of security of Member's area
automatic duplex
automatic speed
!
interface FastEthernet1
no ip address
Shutdown
automatic duplex
automatic speed
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
FastEthernet6 interface
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
type of interface virtual-Template1 tunnel
IP unnumbered FastEthernet0
ezvpn-safe area of Member's area
ipv4 ipsec tunnel mode
Tunnel SDM_Profile1 ipsec protection profile
!
interface Vlan1
Description $FW_INSIDE$
IP 90.0.0.190 255.255.255.0
IP nat inside
IP virtual-reassembly in
Security members in the box area
!
local IP SDM_POOL_1 90.0.0.25 pool 90.0.0.29
local IP SDM_POOL_2 90.0.0.75 pool 90.0.0.90
IP forward-Protocol ND
IP http server
local IP http authentication
IP http secure server
IP http timeout policy inactive 600 life 86400 request 10000
!
!
IP nat inside source static tcp 192.168.1.200 25 interface FastEthernet0 25
the IP nat inside source 1 interface FastEthernet0 overload list
IP route 0.0.0.0 0.0.0.0 93.166.xxx.xxx
!
SDM_AH extended IP access list
Remark SDM_ACL = 1 category
allow a whole ahp
SDM_ESP extended IP access list
Remark SDM_ACL = 1 category
allow an esp
SDM_IP extended IP access list
Remark SDM_ACL = 1 category
allow an ip
!
exploitation forest esm config
access-list 1 permit 90.0.0.0 0.0.0.255
Access-list 100 = 128 SDM_ACL category note
access-list 100 permit ip 255.255.255.255 host everything
access-list 100 permit ip 127.0.0.0 0.255.255.255 everything
access-list 100 permit ip 93.166.xxx.xxx 0.0.0.7 everything
Remark SDM_ACL category of access list 101 = 0
IP access-list 101 permit any host 192.168.1.200
!
!
!
!
!
!
RADIUS-server host 90.0.0.245 auth-port 1645 acct-port 1646
!
control plan
!
!
Line con 0
line to 0
line vty 0 4
transport input telnet ssh
!
end
Hello
Looks like you're missing the key from the radius server configuration "RADIUS-server host 90.0.0.245 auth-port 1645 1646 key your_keyacct-port»
Thank you
Wen
-
Tunnel of sIte establishing btn two routers cisco 1721
Hello
I need to establish IPSec site to site tunnel between cisco 1721 (version supports for IPSec). U can help me to set up the basic configuration.
The network diagram is standard. The objective of the implementation is to establsih a communication between two end counterparts.
IE LAN---> router---> Internet--->---> LAN router
Thanks in advance
Concerning
RAMU
Of course, here is an example configuration for VPN Site to Site tunnel between 2 IOS routers:
http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_configuration_example09186a0080194650.shtml
Hope that helps.
-
DMVPN, PNDH: What certification cisco?
Hi all
I want to know that DMVPN and PNDH reports to which cisco certification?
Eve.
Hello
It is the CCIE Security.
https://learningnetwork.Cisco.com/docs/doc-5273
There will be a link which gives the review program.
I hope this helps.
Kind regards
Anisha.
P.S.: Please mark this thread as answered if you feel that your query is resolved. Note the useful messages.
-
Hi all
I tried to set this up for a while now, but there is a question that threatens. Can I get something that looks like this?
Whenever I try this config, I find that I can not route through the backup tunnel. If anyone can shed some more light on if this is possible, or config warnings, etc., it would be very appreciated!
Also, can someone point me to a good document about how configure single cloud double hub with OSPF? I can't seem to find a...
Kind regards
Xavier
I second what Marcin says about this... I was able to complish the same thing through you GNS
For the part of the document, see this link, do not know whether you have already:
HTH,
Mo.
-
L2l using routers Cisco VPN question
I can successfully configure an L2L IPSec VPN between two ASAs but using a similar configuration on Cisco routers, I can't establish a tunnel ping to the local LAN interface on the other, but two, NY and Burlington, routers can ping each and other WAN interface. Here is the configuration of routers and a version of the show; I have attached the config files complete and the screenshot of the topology.
I appreciate all help.
The fF0/0 - ISP - F0/0 Burlington NY
See the version
Cisco IOS Software, software 3600 (C3640-IK9S-M), Version 12.4 (25), RELEASE SOFTWARE (fc1)
Technical support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Updated Thursday, August 18, 10 06:59 by prod_rel_teamROM: ROMMON emulation Microcode
ROM: 3600 Software (C3640-IK9S-M), Version 12.4 (25), RELEASE SOFTWARE (fc1)The availability of NY is 0 minutes
System returned to ROM by unknown charge cause - suspect boot_data [BOOT_COUNT] 0 x 0, BOOT_COUNT 0, BOOTDATA 19
System image file is "tftp://255.255.255.255/unknown".Cisco 3640 (R4700) Prozesseur (revision 0xFF) 124928K / 6144K bytes of memory.
Card processor ID FF1045C5
R4700 CPU at 100 MHz, 33, Rev 1.2 implementation
2 FastEthernet interfaces
Configuration of DRAM is wide with parity 64-bit capable.
125K bytes of NVRAM memory.
8192 K bytes of processor onboard flash system (read/write)Configuration register is 0 x 2102
NY router
crypto ISAKMP policy 1
BA aes 256
preshared authentication
Group 2
address of ThisIsAWeekKey key crypto isakmp 172.16.2.2
!
!
Crypto ipsec transform-set esp - aes 256 esp-sha-hmac L2L
!
Burlington 1-isakmp ipsec crypto map
defined peer 172.16.2.2
game of transformation-L2L
match address Burlington-NW
!
!
interface FastEthernet0/0
address 172.16.1.2 IP 255.255.255.252
automatic duplex
automatic speed
card crypto Burlington
!
interface FastEthernet1/0
IP 10.0.1.1 255.255.255.0
automatic duplex
automatic speed
!
no ip address of the http server
no ip http secure server
!
IP forward-Protocol ND
IP route 0.0.0.0 0.0.0.0 172.16.1.1
!
!
Burlington-NW extended IP access list
ip licensing 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255Burlington router
crypto ISAKMP policy 1
BA aes 256
preshared authentication
Group 2
address of ThisIsAWeekKey key crypto isakmp 172.16.1.2
!
!
Crypto ipsec transform-set esp - aes 256 esp-sha-hmac L2L
!
NY 1 ipsec-isakmp crypto map
defined peer 172.16.1.2
game of transformation-L2L
match address NY - NW
!
!
interface FastEthernet0/0
IP 172.16.2.2 255.255.255.252
automatic duplex
automatic speed
card crypto NY
!
interface FastEthernet1/0
IP 10.0.2.1 255.255.255.0
automatic duplex
automatic speed
!
no ip address of the http server
no ip http secure server
!
IP forward-Protocol ND
IP route 0.0.0.0 0.0.0.0 172.16.2.1
!
!
NY - NW extended IP access list
IP 10.0.2.0 allow 0.0.0.255 10.0.1.0 0.0.0.255No problem, we learn every day
Please kindly marks the message as answered while others can also learn from your post. Thank you.
-
Dows routers Cisco 2921 supports WIC cards?
I have trouble to install a frame relay service, because the seller sold me the WIC cards but I think that 2921 only supports cards HWIC
Here the result to see the figure:
Router Llano Mall
ag321-VAC-rou-01 #sh diag | b WIC Slot 1:
WIC Slot 1:
Series 2T (12 in 1)
Module WIC unsupported / disabled this slot machine
Review of Board of revision 1.0 Hardware B0
Serial number 32098957 part number 800-03181-02
FRU part number WIC - 2T =
Test the number of RMA history 0 x 0 00-00-00
Type of PCI slot
Format EEPROM 1 version
Table of contents EEPROM (hex):
0 X 20:01 12 01 00 01 E9 CA 8 D 50 6 02 00 00 00 00 0C
0 X 30 : 58 00 00 00 04 04 08 00 FF FF FF FF FF FF FF FFRouter Cumaná
ag521-VAC-rou-01 #sh diag | b WIC Slot 0:
WIC Slot 0:
Daughter HWIC WAN card series 2T
Hardware revision: 2.0
Number of albums part together: 800-34379-01
Review on board: A0
Number of deviation: 115024
Fab version: 02
Serial number of PCB: FOC15023T8C
History of the RMA tests: 00
RMA number: 0-0-0-0
RMA history: 00
FAB part number: 28-8141-01
Product number (FRU): HWIC-2 t
Version identifier: V03
CLEI Code: COUIA1RCAB
EEPROM 4 format version
Table of contents EEPROM (hex):
0X00: 04 FF 40 05 89 41 02 00 C0 46 03 20 00 86 4 B 01
0X10: 42 41 30 88 00 01 50 02 02 C1 8B 46 43 31 4F C1
0x20: 35 30 32 33 54 38 43 03 00 81 00 00 00 00 04 000 X 30: 85 1 1F CD 01 87 48 57 49 43 2D 32 54 89 56 CB
0 X 40: 30 33 20 D9 02 40 C1 C6 8 A 43 55 49 41 31 52 4F
0 X 50 : 43 41 42 FF FF FF FF FF FF FF FF FF FF FF FF FF
0 X 60 : FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
0 X 70 : FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FFIs there any command or any form can I use this card to put in place frame relay?
Thanks in advance
Alejandro
It seems that he has not supported and an ISR G2 2921 would accept an HWIC-2 t instead.
http://www.Cisco.com/en/us/products/ps10537/products_relevant_interfaces...
Sent by Cisco Support technique iPhone App
-
5.4 double certificate option Cisco ACS
Hello Experts
I wonder if anyone knows if I can get two certificates on my Cisco ACS 5.4 server. The documentation says I can have it as long they have different 'from' and 'to' dates with a same name CN. However, this is a production server and wanted to if sure before I make changes. I currently have a certificate installed and everything works well but need to add a second for migration purposes.
Hovsep Armeni
LAN, UKA certificate can be linked to these two services (HTTP and EAP), however, each service can only be associated with a single certificate. Thus, for example, you cannot have two certificates that are related to the EAP process.
Thank you for evaluating useful messages!
-
Tunnel VPN site to Site with 2 routers Cisco 1921
Hi all
So OK, I'm stumped. I create much s2s vpn tunnels before, but this one I just can't go there. It's just a tunnel VPN Site to Site simple using pre-shared keys. I would appreciate it if someone could take a look at our configs for both routers running and provide a comment. This is the configuration for both routers running. Thank you!
Router 1
=======
Current configuration: 4009 bytes
!
! Last configuration change at 19:01:31 UTC Wednesday, February 22, 2012 by asiuser
!
version 15.0
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
SJWHS-RTRSJ host name
!
boot-start-marker
boot-end-marker
!
!
No aaa new-model
!
!
!
!
No ipv6 cef
IP source-route
IP cef
!
!
DHCP excluded-address 192.168.200.1 IP 192.168.200.110
DHCP excluded-address IP 192.168.200.200 192.168.200.255
!
IP dhcp POOL SJWHS pool
network 192.168.200.0 255.255.255.0
default router 192.168.200.1
10.10.2.1 DNS server 10.10.2.2
!
!
no ip domain search
IP-name 10.10.2.1 Server
IP-name 10.10.2.2 Server
!
Authenticated MultiLink bundle-name Panel
!
!
Crypto pki trustpoint TP-self-signed-236038042
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 236038042
revocation checking no
rsakeypair TP-self-signed-236038042
!
!
TP-self-signed-236038042 crypto pki certificate chain
certificate self-signed 01
30820241 308201AA A0030201 02020101 300 D 0609 2A 864886 F70D0101 04050030
8B1E638A EC
quit smoking
license udi pid xxxxxxxxxx sn CISCO1921/K9
!
!
!
redundancy
!
!
!
!
crypto ISAKMP policy 10
md5 hash
preshared authentication
ISAKMP crypto key presharedkey address 112.221.44.18
!
!
Crypto ipsec transform-set esp-3des esp-md5-hmac IPSecTransformSet1
!
map CryptoMap1 10 ipsec-isakmp crypto
defined by peer 112.221.44.18
game of transformation-IPSecTransformSet1
match address 100
!
!
!
!
!
interface GigabitEthernet0/0
192.168.200.1 IP address 255.255.255.0
automatic duplex
automatic speed
!
!
interface GigabitEthernet0/1
Description wireless bridge
IP 172.17.1.2 255.255.255.0
automatic duplex
automatic speed
!
!
interface FastEthernet0/0/0
Verizon DSL description for failover of VPN
IP 171.108.63.159 255.255.255.0
automatic duplex
automatic speed
card crypto CryptoMap1
!
!
!
Router eigrp 88
network 172.17.1.0 0.0.0.255
network 192.168.200.0
redistribute static
passive-interface GigabitEthernet0/0
passive-interface FastEthernet0/0/0
!
IP forward-Protocol ND
!
no ip address of the http server
local IP http authentication
IP http secure server
!
IP route 0.0.0.0 0.0.0.0 172.17.1.1
IP route 112.221.44.18 255.255.255.255 171.108.63.1
!
access-list 100 permit ip 192.168.200.0 0.0.0.255 10.10.0.0 0.0.255.255
!
!
!
!
!
!
control plan
!
!
!
Line con 0
Synchronous recording
local connection
line to 0
line vty 0 4
exec-timeout 30 0
Synchronous recording
local connection
transport input telnet ssh
!
Scheduler allocate 20000 1000
end
=======
Router 2
=======
Current configuration: 3719 bytes
!
! Last configuration change at 18:52:54 UTC Wednesday, February 22, 2012 by asiuser
!
version 15.0
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
SJWHS-RTRHQ host name
!
boot-start-marker
boot-end-marker
!
logging buffered 1000000
!
No aaa new-model
!
!
!
!
No ipv6 cef
IP source-route
IP cef
!
!
!
!
no ip domain search
!
Authenticated MultiLink bundle-name Panel
!
!
Crypto pki trustpoint TP-self-signed-3490164941
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 3490164941
revocation checking no
rsakeypair TP-self-signed-3490164941
!
!
TP-self-signed-3490164941 crypto pki certificate chain
certificate self-signed 01
30820243 308201AC A0030201 02020101 300 D 0609 2A 864886 F70D0101 04050030
2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30
EA1455E2 F061AA
quit smoking
license udi pid xxxxxxxxxx sn CISCO1921/K9
!
!
!
redundancy
!
!
!
!
crypto ISAKMP policy 10
md5 hash
preshared authentication
ISAKMP crypto key presharedkey address 171.108.63.159
!
86400 seconds, duration of life crypto ipsec security association
!
Crypto ipsec transform-set esp-3des esp-md5-hmac IPSecTransformSet1
!
map CryptoMap1 10 ipsec-isakmp crypto
defined by peer 171.108.63.159
game of transformation-IPSecTransformSet1
match address 100
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
automatic duplex
automatic speed
!
!
interface GigabitEthernet0/0.1
encapsulation dot1Q 1 native
IP 10.10.1.6 255.255.0.0
!
interface GigabitEthernet0/1
IP 172.17.1.1 255.255.255.0
automatic duplex
automatic speed
!
!
interface FastEthernet0/0/0
IP 112.221.44.18 255.255.255.248
automatic duplex
automatic speed
card crypto CryptoMap1
!
!
!
Router eigrp 88
Network 10.10.0.0 0.0.255.255
network 172.17.1.0 0.0.0.255
redistribute static
passive-interface GigabitEthernet0/0
passive-interface GigabitEthernet0/0.1
!
IP forward-Protocol ND
!
no ip address of the http server
local IP http authentication
IP http secure server
!
IP route 0.0.0.0 0.0.0.0 112.221.44.17
!
access-list 100 permit ip 10.10.0.0 0.0.255.255 192.168.200.0 0.0.0.255
!
!
!
!
!
!
control plan
!
!
!
Line con 0
Synchronous recording
local connection
line to 0
line vty 0 4
exec-timeout 30 0
Synchronous recording
local connection
transport input telnet ssh
!
Scheduler allocate 20000 1000
end
When the GRE tunnel carries your traffic to private ip range, your ACL must contain address of the host of point to point the IPSec tunnel.
Since then, both routers are running EIGRP in the corporate network, let the EIGRP Exchange routes via GRE tunnel, which is a good practice, rather than push the ip ranges private individual through the IPSec tunnel.
Let me know, if that's what you want.
Thank you
-
Double screen in Cisco Telepresence SX20
Hi all
I have a recently installed SX20 units which are registered on a VCS. the unit has the following options installed.
NaturalPresenter / MultiSite / PremiumResolution / DualDisplay
When I make a call to another site and I m send a content, I´d like to see on the screen on the left side in full screen the remote site.
And on the right screen, I need see what I m sending.
Anyone know how to make this configuration?
You suggest you have a look on the Administrator's guide, choose the one corresponding to the version of software you are using: http://www.cisco.com/c/en/us/support/collaboration-endpoints/telepresence-quick-set-series/products-maintenance-guides-list.html
Go to control panel, category "Vidéo", "monitors:, select 'Dual' or 'DualPresentationOnly'. '. See screenshot below:
Go to the video output and output hdmi 1 and hdmi 2 value what configuration you need. monitor i.e. first, second, presentation only, see the screenshot below:
.
/Jens
Please note the answers and score the questions as "answered" as appropriate.
Maybe you are looking for
-
I tried to upload monkey of fat, but it won't let me?
Says unable to download.
-
Cookies deleted using delete all Cookies keep coming back
I tried to delete all cookies using tools-> Options-> show Cookies-> remove all Cookies.But all deleted cookies come back after a few seconds.I suspect that there is malware in doing so.I encounter this problem in the past. It was caused by an AddOn
-
HP pavilion 15ab273ca: need all drivers
computer hp laptop 15ab273ca drivers needed 1. acquisition of ICP data and signal processing controller 2 acquisition of ICP data and signal processing controller 3. PCI device 4 PCI memory controller 5. PCI simple communication controller 6. SM bus
-
The El Captain deleted my Windows partition and I can't get the rear space.
Hey guys. After the upgrade to El Captain, I recently discovered that my Windows partition has been erased for some reason I don't know. I thought it was ok, that I would be re - install again, but I met some difficulties. In the tab "about this Mac"
-
After download el capitan noise strange e
There is no noise like that before when I installed el capitan, there is a power plug box noise like a fan is now working correct a little noise but is not good please explain to me what can be?