ID for 1841?

Similar Questions

• which product is right for the ssl vpn: asa 5505 cisco 1841 or

  Hello

  I want to install an outside link management related so that we can ssh to our cisco devices and microsoft RDP toour servers. It's my configuration (based on what I know):

  Internet > DSL modem > ASA 5505 > management CONSOLES SWITCH > SWITCH CISCO or Windwos Server

  or

  Internet > 1841 with DSL HWIC > management CONSOLES SWITCH > SWITCH CISCO or Windwos Server

  My questions are:

  Should I go for ASA or 1841 router?

  What options is better? and ASA will do the job?

  Are there any technical support prior to purchase of products in Australia? I need technical advice on the choice of the right products, not justs eiling me products.

  Hello

  Its strongly suggested to go with ASA 5505 in the first place, it is supposed to feature for the main functionality of ssl vpn server from 1841 which has this feature to be a vpn server.

  ASDM also gives you the freedom to config box on your own based on your condition.

  regds

• Download ACL for VPN users. ACS 4.1 & 1841 router

  Hello

  I have configured the router 1841 as a VPN server. All VPN users get authenticated using RADIUS ACS 4.1

  I need to apply downloadable ACLs by user.

  I configured the Downlodabale ACL ACS. Same ACS event report shows that the ACL is applied to the authenticated user, but traffic is not blocked or past accordingly.

  What is your configuration?

  I think that the more easy to do is to use IPSEC TIV in interfaces, as well as the aaa authorization network and on the radius server, use ip:inacl to the cisco av pair, as

  IP:inacl #1 = permit tcp any any eq 80

  IP:inacl #2 = permit tcp any any eq 443

  ...

  Some documents:

  http://www.Cisco.com/en/us/docs/iOS/12_3t/12_3t14/feature/guide/gtIPSctm.html#wp1090634

• SRW2048 and a Cisco 1841

  I am trying to Setup VLAN between a 2 and a Cisco 1841 router SRW2048 switches. I have ports that connect the 2 switches to the other and the port that connect to router as junction ports. I set 2 VLANS. VLAN 1 is just the vlan by default everyone runs and vlan will be the area demilitarized. I have no configuration of access control lists to block traffic, but when I assign vlan 2 on the port that the server is, I can not ping to the gateway. I don't know what is happening, see below for the cleaned configs.

  1841:

  Current configuration: 4282 bytes
  !
  version 12.4
  no service button
  horodateurs service debug datetime msec
  Log service timestamps datetime localtime show-time zone
  encryption password service
  !
  hostname QCSLOLURTR01
  !
  boot-start-marker
  start the system flash c1841-advsecurityk9 - mz.124 - 25B .bin
  boot-end-marker
  !
  logging buffered debugging 8192
  !
  AAA new-model
  !
  !
  AAA authentication login default group Ganymede + local
  the AAA authentication enable default group Ganymede + none
  !
  AAA - the id of the joint session
  clock timezone CST - 6
  clock to summer time recurring CDT
  IP cef
  !
  !
  property intellectual auth-proxy max-nodata-& 3
  property intellectual admission max-nodata-& 3
  !
  !
  no ip domain search
  IP domain name qcsupply.com
  !
  !
  !
  user name x

  Archives
  The config log
  hidekeys
  !
  !
  x IP ftp username
  x IP ftp password

  !
  !
  crypto ISAKMP policy 1
  BA 3des
  md5 hash
  preshared authentication
  Group 2
  ISAKMP crypto key QCSLOLU address x.x.x.x No.-xauth
  !
  !
  Crypto ipsec transform-set esp-3des esp-md5-hmac ts1
  Crypto ipsec transform-set esp - esp-md5-hmac ts2
  !
  VPN-map 10 ipsec-isakmp crypto map
  defined peer x.x.x.x
  Set transform-set ts1
  match address 101
  !
  !
  !
  interface FastEthernet0/0
  Description QCSL OLU INTERNET CONNECTION
  IP x.x.x.x where x.x.x.x
  IP access-group denied-hack-attack in
  no ip redirection
  no ip unreachable
  no ip proxy-arp
  NAT outside IP
  IP virtual-reassembly
  automatic duplex
  automatic speed
  No cdp enable
  card crypto vpn-map
  !
  interface FastEthernet0/1
  no ip address
  automatic duplex
  automatic speed
  !
  interface FastEthernet0/1.1
  encapsulation dot1Q 1 native
  IP 10.60.90.1 255.255.255.0
  IP nat inside
  IP virtual-reassembly
  !
  interface FastEthernet0/1.2
  encapsulation dot1Q 2
  IP 10.60.89.1 255.255.255.0
  IP nat inside
  IP virtual-reassembly
  !
  interface Serial0/0/0
  no ip address
  Shutdown
  !
  Router eigrp 100
  Network 10.60.89.0 0.0.0.255
  Network 10.60.90.0 0.0.0.255
  No Auto-resume
  !
  IP forward-Protocol ND
  IP route 0.0.0.0 0.0.0.0 x.x.x.x
  !
  no ip address of the http server
  23 class IP http access
  local IP http authentication
  no ip http secure server
  IP http timeout policy slowed down 60 life 86400 request 10000
  IP nat inside source map of route-nat interface FastEthernet0/0 overload
  IP nat inside source static tcp 10.60.89.10 80 80 extensible x.x.x.x
  IP nat inside source static tcp 10.60.89.10 expandable 443 443 x.x.x.x
  IP nat inside source static tcp 10.60.89.10 2021 x.x.x.x extensible 2021
  IP nat inside source static tcp 10.60.89.10 6100 6100 extensible x.x.x.x
  IP nat inside source static tcp 10.60.90.13 80 80 extensible x.x.x.x
  IP nat inside source static tcp 10.60.90.13 expandable 443 443 x.x.x.x
  IP nat inside source static tcp 10.60.90.13 1494 x.x.x.x extensible 1494
  !
  deny-hack-attack extended IP access list
  allow udp 0.255.255.255 x.x.x.x any eq snmp
  deny udp any any eq snmp
  deny udp any any eq tftp
  deny udp any any eq bootpc
  deny udp any any eq bootps
  deny ip x.x.x.x 0.15.255.255 all
  deny ip x.x.x.x 0.0.255.255 everything
  allow an ip
  !
  record 10.10.5.30
  access-list 23 allow 10.10.10.0 0.0.0.7
  access-list 99 allow 10.0.0.0 0.255.255.255
  access-list 99 allow x.x.x.x 0.0.1.255
  access-list 101 permit ip 10.60.90.0 0.0.0.255 10.10.0.0 0.0.255.255
  access-list 101 permit ip 10.60.89.0 0.0.0.255 10.10.0.0 0.0.255.255
  access-list 105 deny ip any host x.x.x.x
  105 ip access list allow a whole
  access-list 111 deny ip 10.60.90.0 0.0.0.255 10.10.0.0 0.0.255.255
  access-list 111 deny ip 10.60.89.0 0.0.0.255 10.10.0.0 0.0.255.255
  access-list 111 allow ip 10.60.89.0 0.0.0.255 any
  access-list 111 allow ip 10.60.90.0 0.0.0.255 any
  SNMP-server community no RO
  map of route-nat allowed 10
  corresponds to the IP 111
  !
  !
  RADIUS-server host x.x.x.x
  RADIUS-server key x
  !
  control plan
  !
  Banner motd ^ C

  x

  ^ C
  !
  Line con 0
  line to 0
  Modem InOut
  Discovery to automatically configure modem
  autohangup
  Speed 2400
  line vty 0 4
  location * Access Virtual Terminal allowed only from internal network *.
  access-class 99 in
  privilege level 15
  transport telnet entry
  line vty 5 15
  access-class 23 in
  privilege level 15
  transport telnet entry
  !
  Scheduler allocate 20000 1000
  end

  SRW2048 #1:

  Port 1: Trunk (to the router)

  Port 2: Trunk (SRW2048 #2)

  Prot 24: VLAN 2

  SRW2048 #2:

  Port 1: Trunk (of SRW2048 #1)

  Any ideas?

  Because the SRW is now part of Cisco Small Business, it would probably be best to ask the Cisco Small Business support community. You find people from Cisco over there.

  For SRW configuration, you added the two VLANS to your trunk ports? Configuration of a port in trunk mode adds automatically that all configured VLAN to the trunk.

  The server has a static IP address in the DMZ LAN?

• Cannot configure VWIC-2MFT-T1 on 1841

  I checked and double-checked before you buy and this card is obviously taken in charge on the 1841 for 'data only mode' which is all that I need.  I have 3 T1s multi-links mode and I want to use 2 of these cards (and 3 of the 4 ports) to support.  The problem is that, even if the HS INVENTORY finds the card, I can't spear the command "card type" to indicate I use it with a T1 - I get this:

  R3 (config) #card type t1 1 0

  ^

  Invalid entry % detected at ' ^' marker.

  So I tried to issue the command 'controller T1' and it does not recognize the slot as containing a map T1 (which makes sense since the order of the 'map' did not work).

  I found many references to this map being supported in docs Cisco with a minimum OS around 12.2 (8) - it varies according to the chassis.  I can't find the required explicit OS for the 1841, which is a concern, but I use 12.4 (13r) VERSION SH T. finds "2 channeled T1/PRI ports" which is the card of the MFT.

  Am I missing something? I need to get the interfaces configured on these maps series.  Thank you very much.

  Hello Dale,

  If you use a VWIC-2MFT-T1, you're not supposed to use the 'card-type' for the map command is just a T1. Let's not forget that this command is used if the card has features of T1/E1; for example, if you were installing a VWIC2-2MFT-T1/E1.

  Then, you must configure the T1 controller to view the serial interface, as you can see in the example configuration:

  controller T1 0/1/0

  framing ESF

  linecode b8zs

  slots of channel-group 0 1 - 24

  !

  controller T1 0/1/1

  framing ESF

  linecode b8zs

  slots of channel-group 0 1 - 24

  In this particular case, the card is installed in slot 1 of the WIC. If the card have been installed at location 0, the controller of numbering will be different because the number between slashes will be 0 (Controller t1 0/0/0 or 0/t10/1 controller)

  If these commands are not difference, now, gather the following products:

  • See the version
  • Show diag
  • See the t1 controllers

  Kind regards.

• -Cisco 1841

  Howdy,

  I have a Cisco 1841 with two WAN ports to use 0/FE0 FE 0/1

  First FE 0/0 has an MPLS connection with my internet provider. 2MB / 2MB DL/UL

  Second FE 0/1 has a MPLS internal with one of our server's storage providers. 1 MB / 1 MB DL/UL

  The thing is, I have a second Wired internet connection in a router low cost for emergencies. I want to centralize all services in the 1841.

  It is possible to configure the port for a third connection ADSL and load balancing between ADSL1 (FE 0/0) and ADSL2 (future port to THE) 2MB / 2 MB DL/UL

  ( ? )

  Or need another router?

  Thanks in advance,

  Kind regards

  Hi Miguel,.

  You will need the WIC-1ADSL for the WAN connection extra said.

  The port to THE is usually connected to an external modem for remote management.

  Sent by Cisco Support technique iPhone App

• Module of IPS for router Cisco 3925?

  Hello

  To be compliant HIPAA our society must have an IPS device. I was looking into it and I came across this router module (see link below). We have around 200 users behind the router and we have 2 locations with a similar setup. This module meets our requirement to have a decent IPS solution, my concerns are. It will be able to support a corporate network? Should what factors I take into account during the finalization of an IPS device.

  http://www.Cisco.com/c/en/us/products/collateral/routers/1841-integrated...

  Any idea is appreciated.

  The modules of network and all the 'old' Cisco IPS devices, modules and software are end-of-sales. Here's the announcement confirming that these specific modules.

  For a modest condition like yours, I recommend a small series of ASA 5500-X running in transparent mode with the power module of fire services running the IPS feature. It is less intrusive to your network ("bump in the wire") and only costs it for the features it offers. the exact model would be mainly depends on your current and projected throughput but for up to 50 Mbit/s with active political IPS you would be fine with the smallest model (ASA 5506-X).

  Find a Cisco partner, who has a security practice in your area. They can advise you on the details and provide a quote.

• Hardware requirements for DMVPN HUB

  Hi all

  is that anyone can confirm that the 1841 below can take over as dmvpn HUB for 3 spoke?

  Cisco 1841 (revision 6.0) with 222208 K/K 39936 bytes of memory.
  Card processor ID FCZ10xxxxxxx
  2 FastEthernet interfaces
  1 module of virtual private network (VPN)
  Configuration of DRAM is 64 bits wide with disabled parity.
  191K bytes of NVRAM memory.
  126000K bytes of ATA CompactFlash (read/write)

  Thanks in advance,

  RJ

  OK, 1 MBit is easy for a 1841.

  15.0 (1) M10 is the actual release under 15.0 and 15.1 (4) M10 is the Cisco proposed release. I would upgrade the router before going live if possible. If you have no support contract, running IOS should also be fine.

• Troubleshooting IPSec Site to Site VPN between ASA and 1841

  Hi all

  in the past I've implemented several VPN connections between the devices of the SAA. So I thought a site link between an ASA site and 1841 would be easier... But it seems I was mistaken.

  I configured a VPN Site to Site, as it has been described in the Document ID: SDM 110198: IPsec Site to Site VPN between ASA/PIX and an example of IOS Router Configuration (I have not used SDM but CCP).

  I have run the wizards on the ASA with ASDM and the current IOS version 15.1 1841, with CCP.

  It seems to Phase 1 and 2 are coming although my ASA in ADSM reports (monitoring > VPN > VPN statistics > Sessions) a tunnel established with some of the Tx traffic but 0 Rx traffic),

  On the ASA:

  Output of the command: "sh crypto ipsec its peer 217.xx.yy.zz.

  address of the peers: 217.86.154.120
  Crypto map tag: VPN-OUTSIDE, seq num: 2, local addr: 62.aa.bb.cc

  access extensive list ip 192.168.37.0 outside_2_cryptomap_1 allow 255.255.255.0 172.20.2.0 255.255.255.0
  local ident (addr, mask, prot, port): (LAN-A/255.255.255.0/0/0)
  Remote ident (addr, mask, prot, port): (LAN-G/255.255.255.0/0/0)
  current_peer: 217.xx.yy.zz

  #pkts program: 400, #pkts encrypt: 400, #pkts digest: 400
  #pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
  compressed #pkts: 0, unzipped #pkts: 0
  #pkts uncompressed: 400, comp #pkts failed: 0, #pkts Dang failed: 0
  success #frag before: 0, failures before #frag: 0, #fragments created: 0
  Sent #PMTUs: 0, #PMTUs rcvd: 0, reassembly: 20th century / of frgs #decapsulated: 0
  #send errors: 0, #recv errors: 0

  local crypto endpt. : 62.aa.bb.cc, remote Start crypto. : 217.xx.yy.zz

  Path mtu 1500, fresh ipsec generals 58, media, mtu 1500
  current outbound SPI: 39135054
  current inbound SPI: B2E9E500

  SAS of the esp on arrival:
  SPI: 0xB2E9E500 (3001672960)
  transform: esp-3des esp-sha-hmac no compression
  running parameters = {L2L, Tunnel, PFS 2 group}
  slot: 0, id_conn: 100327424, crypto-map: VPN-OUTSIDE
  calendar of his: service life remaining (KB/s) key: (4374000/1598)
  Size IV: 8 bytes
  support for replay detection: Y
  Anti-replay bitmap:
  0x00000000 0x00000001
  outgoing esp sas:
  SPI: 0 x 39135054 (957567060)
  transform: esp-3des esp-sha-hmac no compression
  running parameters = {L2L, Tunnel, PFS 2 group}
  slot: 0, id_conn: 100327424, crypto-map: VPN-OUTSIDE
  calendar of his: service life remaining (KB/s) key: (4373976/1598)
  Size IV: 8 bytes
  support for replay detection: Y
  Anti-replay bitmap:
  0x00000000 0x00000001

  Output of the command: "sh crypto isakmp his."

  HIS active: 4
  Generate a new key SA: 0 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)
  Total SA IKE: 4

  IKE Peer: 217.xx.yy.zz
  Type: L2L role: initiator
  Generate a new key: no State: MM_ACTIVE

  On the 1841

  1841 crypto isakmp #sh its
  IPv4 Crypto ISAKMP Security Association
  DST CBC conn-State id
  217.86.154.120 62.153.156.163 QM_IDLE 1002 ACTIVE

  1841 crypto ipsec #sh its

  Interface: Dialer1
  Tag crypto map: SDM_CMAP_1, local addr 217.86.154.120

  protégé of the vrf: (none)
  local ident (addr, mask, prot, port): (172.20.2.0/255.255.255.0/0/0)
  Remote ident (addr, mask, prot, port): (192.168.37.0/255.255.255.0/0/0)
  current_peer 62.153.156.163 port 500
  LICENCE, flags is {origin_is_acl},
  #pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
  #pkts decaps: 585, #pkts decrypt: 585, #pkts check: 585
  compressed #pkts: 0, unzipped #pkts: 0
  #pkts uncompressed: 0, #pkts compr. has failed: 0
  #pkts not unpacked: 0, #pkts decompress failed: 0
  Errors #send 0, #recv 0 errors

  local crypto endpt. : 217.86.154.120, remote Start crypto. : 62.153.156.163
  Path mtu 1452, ip mtu 1452, ip mtu BID Dialer1
  current outbound SPI: 0xB2E9E500 (3001672960)
  PFS (Y/N): Y, Diffie-Hellman group: group2

  SAS of the esp on arrival:
  SPI: 0 x 39135054 (957567060)
  transform: esp-3des esp-sha-hmac.
  running parameters = {Tunnel}
  Conn ID: 2003, flow_id: FPGA:3, sibling_flags 80000046, card crypto: SDM_CMAP_1
  calendar of his: service life remaining (k/s) key: (4505068/1306)
  Size IV: 8 bytes
  support for replay detection: Y
  Status: ACTIVE

  the arrival ah sas:

  SAS of the CFP on arrival:

  outgoing esp sas:
  SPI: 0xB2E9E500 (3001672960)
  transform: esp-3des esp-sha-hmac.
  running parameters = {Tunnel}
  Conn ID: 2004, flow_id: FPGA:4, sibling_flags 80000046, card crypto: SDM_CMAP_1
  calendar of his: service life remaining (k/s) key: (4505118/1306)
  Size IV: 8 bytes
  support for replay detection: Y
  Status: ACTIVE

  outgoing ah sas:

  outgoing CFP sas:

  Interface: virtual Network1
  Tag crypto map: SDM_CMAP_1, local addr 217.86.154.120

  protégé of the vrf: (none)
  local ident (addr, mask, prot, port): (172.20.2.0/255.255.255.0/0/0)
  Remote ident (addr, mask, prot, port): (192.168.37.0/255.255.255.0/0/0)
  current_peer 62.153.156.163 port 500
  LICENCE, flags is {origin_is_acl},
  #pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
  #pkts decaps: 585, #pkts decrypt: 585, #pkts check: 585
  compressed #pkts: 0, unzipped #pkts: 0
  #pkts uncompressed: 0, #pkts compr. has failed: 0
  #pkts not unpacked: 0, #pkts decompress failed: 0
  Errors #send 0, #recv 0 errors

  local crypto endpt. : 217.86.154.120, remote Start crypto. : 62.153.156.163
  Path mtu 1452, ip mtu 1452, ip mtu BID Dialer1
  current outbound SPI: 0xB2E9E500 (3001672960)
  PFS (Y/N): Y, Diffie-Hellman group: group2

  SAS of the esp on arrival:
  SPI: 0 x 39135054 (957567060)
  transform: esp-3des esp-sha-hmac.
  running parameters = {Tunnel}
  Conn ID: 2003, flow_id: FPGA:3, sibling_flags 80000046, card crypto: SDM_CMAP_1
  calendar of his: service life remaining (k/s) key: (4505068/1306)
  Size IV: 8 bytes
  support for replay detection: Y
  Status: ACTIVE

  the arrival ah sas:

  SAS of the CFP on arrival:

  outgoing esp sas:
  SPI: 0xB2E9E500 (3001672960)
  transform: esp-3des esp-sha-hmac.
  running parameters = {Tunnel}
  Conn ID: 2004, flow_id: FPGA:4, sibling_flags 80000046, card crypto: SDM_CMAP_1
  calendar of his: service life remaining (k/s) key: (4505118/1306)
  Size IV: 8 bytes
  support for replay detection: Y
  Status: ACTIVE

  outgoing ah sas:

  outgoing CFP sas:

  It seems that the routing on the 1841 is working properly as I can tear down the tunnel and relaunch in scathing a host on the network of 1841, but not vice versa.

  Trounleshoot VPN of the 1841 report shows a message like "the following sources are forwarded through the interface card crypto.      (172.20.2.0 1) go to "Configure-> routing" and correct the routing table.

  I have not found an error on the 1841 config so if one of the guys reading this thread has an idea I appreciate highly suspicion!

  It's the running of the 1841 configuration

  !
  version 15.1
  horodateurs service debug datetime msec
  Log service timestamps datetime msec
  encryption password service
  !
  host name 1841
  !
  boot-start-marker
  start the system flash c1841-adventerprisek9 - mz.151 - 1.T.bin
  boot-end-marker
  !
  logging buffered 51200 notifications
  !
  AAA new-model
  !
  !
  AAA authentication login default local
  !
  AAA - the id of the joint session
  !
  iomem 20 memory size
  clock timezone PCTime 1
  PCTime of summer time clock day March 30, 2003 02:00 October 26, 2003 03:00
  dot11 syslog
  IP source-route
  !
  No dhcp use connected vrf ip
  !
  IP cef
  no ip bootp Server
  IP domain name test
  name of the IP-server 194.25.2.129
  name of the IP-server 194.25.2.130
  name of the IP-server 194.25.2.131
  name of the IP-server 194.25.2.132
  name of the IP-server 194.25.2.133
  No ipv6 cef
  !
  Authenticated MultiLink bundle-name Panel
  !
  !
  object-group network phone
  VoIP phone description
  Home 172.20.2.50
  Home 172.20.2.51
  !
  redundancy
  !
  !
  controller LAN 0/0/0
  atm mode
  Annex symmetrical shdsl DSL-mode B
  !
  !
  crypto ISAKMP policy 1
  BA 3des
  preshared authentication
  Group 2
  isakmp encryption key * address 62.aa.bb.cc
  !
  !
  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
  !
  map SDM_CMAP_1 1 ipsec-isakmp crypto
  Description Tunnel to62.aa.bb.cc
  the value of 62.aa.bb.cc peer
  game of transformation-ESP-3DES-SHA
  PFS group2 Set
  match address 100
  !
  !
  !
  interface FastEthernet0/0
  DMZ description $ FW_OUTSIDE$
  10.10.10.254 IP address 255.255.255.0
  IP nat inside
  IP virtual-reassembly
  automatic duplex
  automatic speed
  !
  interface FastEthernet0/1
  Description $ETH - LAN$ $FW_INSIDE$
  IP 172.20.2.254 255.255.255.0
  IP access-group 100 to
  IP nat inside
  IP virtual-reassembly
  IP tcp adjust-mss 1412
  automatic duplex
  automatic speed
  !
  ATM0/0/0 interface
  no ip address
  No atm ilmi-keepalive
  !
  point-to-point interface ATM0/0/0.1
  PVC 1/32
  PPPoE-client dial-pool-number 1
  !
  !
  interface Dialer1
  Description $FW_OUTSIDE$
  the negotiated IP address
  IP mtu 1452
  NAT outside IP
  IP virtual-reassembly
  encapsulation ppp
  Dialer pool 1
  Dialer-Group 2
  PPP authentication chap callin pap
  PPP chap hostname xxxxxxx
  PPP chap password 7 xxxxxxx8
  PPP pap sent-name of user password xxxxxxx xxxxxxx 7
  map SDM_CMAP_1 crypto
  !
  IP forward-Protocol ND
  IP http server
  local IP http authentication
  IP http secure server
  !
  !
  The dns server IP
  IP nat inside source static tcp 10.10.10.1 808 interface Dialer1 80
  IP nat inside source static tcp 10.10.10.1 25 25 Dialer1 interface
  IP nat inside source overload map route SDM_RMAP_1 interface Dialer1
  IP nat inside source overload map route SDM_RMAP_2 interface Dialer1
  IP route 0.0.0.0 0.0.0.0 Dialer1 permanent
  !
  logging trap notifications
  Note category of access list 1 = 2 CCP_ACL
  access-list 1 permit 172.20.2.0 0.0.0.255
  Note access-list category 2 CCP_ACL = 2
  access-list 2 allow 10.10.10.0 0.0.0.255
  Note access-list 100 category CCP_ACL = 4
  Note access-list 100 IPSec rule
  access-list 100 permit ip 172.20.2.0 0.0.0.255 192.168.37.0 0.0.0.255
  Note CCP_ACL the access list 101 = 2 category
  Note access-list 101 IPSec rule
  access-list 101 deny ip 172.20.2.0 0.0.0.255 192.168.37.0 0.0.0.255
  access-list 101 permit ip 172.20.2.0 0.0.0.255 any
  Note access-list 102 CCP_ACL category = 2
  Note access-list 102 IPSec rule
  access-list 102 deny ip 172.20.2.0 0.0.0.255 192.168.37.0 0.0.0.255
  access-list 102 permit ip 10.10.10.0 0.0.0.255 any
  !

  !
  allowed SDM_RMAP_1 1 route map
  corresponds to the IP 101
  !
  allowed SDM_RMAP_2 1 route map
  corresponds to the IP 102
  !
  !
  control plan
  !
  !
  Line con 0
  line to 0
  line vty 0 4
  length 0
  transport input telnet ssh
  !
  Scheduler allocate 20000 1000
  NTP-Calendar Update
  NTP 172.20.2.250 Server prefer
  end

  As I mentioned previously: suspicion is much appreciated!

  Best regards

  Joerg

  Joerg,

  ASA receives not all VPN packages because IOS does not send anything.

  Try to send packets to the 1841 LAN to LAN of the ASA and see is the "sh cry ips its" on the 1841 increments the encrypted packets (there not)

  The problem seems so on the side of the router.

  I think that is a routing problem, but you only have one default gateway (no other channels on the router).

  The ACL 100 is set to encrypt the traffic between the two subnets.

  It seems that the ACL 101 is also bypassing NAT for VPN traffic.

  Follow these steps:

  Try running traffic of LAN router inside IP (source of ping 192.168.37.x 172.20.2.254) and see if the packages are not through the translation and obtaining encrypted.

  I would also like to delete 100 ACL from the inside interface on the router because it is used for the VPN. You can create an another ACL to apply to the interface.

  Federico.

• QoS for tenant

  I rent a small apartment next to my house.  The tenant use the internet a lot and when I try to use it, it becomes very slow. I don't want to limit bandwidth, when I'm not home that he can use all he wants, but I want a way to give priority to my use of the internet.  My main router is a 1841 and I have already setup QoS for voice.  I just want to apply the QoS policy on his particular IP.  I give him a public IP address and it connects his router.

  So, basically, I want to have him use internet at full speed, until I decide to use it, at that time my stuff will prevail on his stuff.  It will always be unless it is VoIP, then VoIP stuff will always take precedence over everything.

  The 1841 has two interfaces Fa0/0 is my WAN and fa/0/1 my LAN.

  How can I do this?

  Bandwidth control is what is used to establish the value of percentage Yes.

  Queues of traffic is only really makes sense when you let the router not load Rx is already received over your WAN interface.i.e. entry.

  Then apply the policy to output interfaces (output) and that should do the job.

• 1841 to 3030 IPSec connectivity no tunnel

  Hi all

  I have a Cisco 1841 router with package Adv Sec top and need to configure a static IPSec tunnel to a Cisco 3030 hub. The trick is that the interesting traffic must be THAT NAT would be through a different IP address than the IP Address of the interface.

  For peering must be on x.x.x.34, but the traffic costed me must come from x.x.x.35. It is a requirement of the office that I connect to. I have configured tunnels before, but never with this type of requirement.

  What is the best way to achieve this?

  Hi Sean

  local network at the end of 1841: 192.168.5.0/24

  network remotely to 3030 end: 172.16.5.0/24

  the 1841

  int loopback10

  IP address x.x.x.35

  access-list 101 permit ip 192.168.5.0 0.0.0.255 172.16.5.0 0.0.0.255

  IP nat inside source list 101 interface loopback10 overload

  Obviously in your crypto map access-list, you must use the Natted address IE.

  access-list 102 permit ip host x.x.x.35 172.16.5.0 0.0.0.255

  HTH

  Jon

• Tunnel VPN, Interface Dialer, 1841, ASA

  We have Cisco 1841 looked with a Cisco ASA 5520 for a VPN tunnel. The 1841 will carry the PPPOE client and the DSL router is in bridge mode. We have a problem with the card encryption were not applied to the dialer interface after the router is rolled power. The startup configuration to display the map encryption applied. Everyone has seen this problem before and the workaround?

  RUNNING THIS IOS:

  Cisco IOS Software, 1841 (C1841-ADVIPSERVICESK9-M), Version 12.4 (25), R

  SENSE SOFTWARE (fc2)

  This is a known bug in 12.4 (25):

  CSCsz41177 Card crypto missing from the interface to reload

  It is set to 12.4(25a).

  The solution is to manually apply the encryption card to the interface after reloading :)

• Cisco 1841 and a connection in fiber optics 400MbS

  Cisco 1841 is a router 100mbs.

  The building has a line of 400mbps.

  My question is can I connect Cisco 1841 to a line of 400mps directly without configuration or hardware changes for 400mps?  We only need a line 100mps output.  Trying to avoid a new router when not not required.

  Thank you

  Brendon

  The 1941 will be fine.  Note that a 891F is likely to be cheaper and will have almost identical performance and comes with all licenses (whereas licenses are an 'extra' for the 1941).

  I almost stopped sale of 1941 as a result.

• Configuration Cisco 1841

  Hi all

  I work for a company of Radio 2-way, we use Motorola equipment.  One of the systems requires a router for each repeater site. Motorola recommends a MSR20 20 HP router. I set up this router before and it works great but I would use cisco vs. HP equipment.  I'm having issues reflecting the way in which we present the HP router to the CLI on the Cisco 1841.  I'd appreciate any help that someone is willing to offer.

  Here's how the HP router is configured in the CLI...   Thank you!!

  pic1.jpg

  

  Pic2.jpg

  

  pic3.jpg

  

  pic4.jpg

  

  pic5.jpg

  

  Hello

  the following is the equivalent of Cisco for the yellow highlisghted lines:

  !hostname Site1!int Eth0/0  ip nat outide  ip address 192.168.1.1 255.255.255.0!int Eth0/1  ip nat inside  ip address 10.1.1.1 255.255.255.0!ip nat inside source static udp 192.168.1.10 55001 10.1.1.1 55001ip nat inside source static udp 192.168.1.11 55011 10.1.1.1 55011ip nat inside source static udp 192.168.1.12 55012 10.1.1.1 55012!ip route 0.0.0.0 0.0.0.0 10.1.1.254!

  Cheers, Seb.

• Upgrading a 1841 to IOS AdvSecurity

  Hello.

  I want to deploy it on a router 1841 (32 MB Flash/128 MB DRAM) IOS ADVSECURITY.

  For what I saw, he needs an upgrade of memory: I decided to extend it to flash 128 MB and 384 MB of DRAM (the max available).

  I noticed though, there are 2 possible modules to increase the RAM: MEM180X-128U384D and MEM180X - 256D =. What is the right module, I need to buy for the router? What is the difference between them?

  And for the flash?

  Thanks anticipately

  C

  MEM180X-128U384D, that's what you're looking for. The part number indicates that it is an upgrade from 128 MB to 384 MB. The other part would seem be a 256 MB module. It is possible that there is no real difference between them, but it is always best to order the upgrade kit.

  In regards to the flash, it's just a 128 MB card compact flash you need. I don't know what will be the Cisco part number.

  HTH