OSPF between 6224 and Cisco please!

It is easily possible to Exchange routes using a 6224 for a Cisco 7204 OSPF? My cisco has always been eigrp between all other routers.

I have OSPF enabled on the cisco as follows:

router ospf 100
Log-adjacency-changes
redistribute subnets eigrp 1
network 172.0.0.0 0.0.0.0 area 1

What should I exactly say the 6224 to accept the cisco roads?

I can find samples for the 6024, but not the 6224


Tags: Dell Switches

Similar Questions

  • VPN between ASA and cisco router [phase2 question]

    Hi all

    I have a problem with IPSEC VPN between ASA and cisco router

    I think that there is a problem in the phase 2

    Can you please guide me where could be the problem.
    I suspect questions ACL on the router, but I cannot fix. ACL on the router is specified below

    Looking forward for your help

    Phase 1 is like that

    Cisco_router #sh crypto isakmp his

    IPv4 Crypto ISAKMP Security Association
    status of DST CBC State conn-id slot
    78.x.x.41 87.x.x.4 QM_IDLE 2006 0 ACTIVE

    and ASA

    ASA # sh crypto isakmp his

    ITS enabled: 1
    Generate a new key SA: 0 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)
    Total SA IKE: 1

    1 peer IKE: 78.x.x.41
    Type: L2L role: initiator
    Generate a new key: no State: MM_ACTIVE

    Phase 2 on SAA

    ASA # sh crypto ipsec his
    Interface: Outside
    Tag crypto map: Outside_map, seq num: 20, local addr: 87.x.x.4

    Outside_cryptomap_20 ip 172.19.209.0 access list allow 255.255.255.0 172.
    19.194.0 255.255.255.0
    local ident (addr, mask, prot, port): (172.19.209.0/255.255.255.0/0/0)
    Remote ident (addr, mask, prot, port): (172.19.194.0/255.255.255.0/0/0)
    current_peer: 78.x.x.41

    #pkts program: 8813, #pkts encrypt: 8813, #pkts digest: 8813
    #pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
    compressed #pkts: 0, unzipped #pkts: 0
    #pkts uncompressed: 8813, model of #pkts failed: 0, #pkts Dang failed: 0
    #send errors: 0, #recv errors: 0

    local crypto endpt. : 87.x.x.4, remote Start crypto. : 78.x.x.41

    Path mtu 1500, fresh ipsec generals 58, media, mtu 1500
    current outbound SPI: C96393AB

    SAS of the esp on arrival:
    SPI: 0x3E9D820B (1050509835)
    transform: esp-3des esp-md5-hmac no
    running parameters = {L2L, Tunnel}
    slot: 0, id_conn: 7, crypto-card: Outside_map
    calendar of his: service life remaining (KB/s) key: (4275000/3025)
    Size IV: 8 bytes
    support for replay detection: Y
    outgoing esp sas:
    SPI: 0xC96393AB (3378746283)
    transform: esp-3des esp-md5-hmac no
    running parameters = {L2L, Tunnel}
    slot: 0, id_conn: 7, crypto-card: Outside_map
    calendar of his: service life remaining (KB/s) key: (4274994/3023)
    Size IV: 8 bytes
    support for replay detection: Y

    Phase 2 on cisco router

    protégé of the vrf: (none)
    local ident (addr, mask, prot, port): (172.19.209.0/255.255.255.0/0/0)
    Remote ident (addr, mask, prot, port): (172.19.194.0/255.255.255.0/0/0)
    current_peer 87.x.x.4 port 500
    LICENCE, flags is {origin_is_acl},
    #pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
    #pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
    compressed #pkts: 0, unzipped #pkts: 0
    #pkts uncompressed: 0, #pkts compr. has failed: 0
    #pkts not unpacked: 0, #pkts decompress failed: 0
    Errors #send 0, #recv 0 errors

    local crypto endpt. : 78.x.x.41, remote Start crypto. : 87.x.x.4
    Path mtu 1452, ip mtu 1452, ip mtu BID Dialer0
    current outbound SPI: 0x0 (0)

    SAS of the esp on arrival:

    the arrival ah sas:

    SAS of the CFP on arrival:

    outgoing esp sas:

    outgoing ah sas:

    outgoing CFP sas:

    protégé of the vrf: (none)
    local ident (addr, mask, prot, port): (172.19.194.0/255.255.255.0/0/0)
    Remote ident (addr, mask, prot, port): (172.19.209.0/255.255.255.0/0/0)
    current_peer 87.x.x.4 port 500
    LICENCE, flags is {origin_is_acl},
    #pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
    #pkts decaps: 8947, #pkts decrypt: 8947, #pkts check: 8947
    compressed #pkts: 0, unzipped #pkts: 0
    #pkts uncompressed: 0, #pkts compr. has failed: 0
    #pkts not unpacked: 0, #pkts decompress failed: 0
    Errors #send 0, #recv 0 errors

    local crypto endpt. : 78.x.x.41, remote Start crypto. : 87.x.x.4
    Path mtu 1452, ip mtu 1452, ip mtu BID Dialer0
    current outbound SPI: 0x3E9D820B (1050509835)

    SAS of the esp on arrival:
    SPI: 0xC96393AB (3378746283)
    transform: esp-3des esp-md5-hmac.
    running parameters = {Tunnel}
    Conn ID: 29, flow_id: Motorola SEC 1.0:29, card crypto: mycryptomap
    calendar of his: service life remaining (k/s) key: (4393981/1196)
    Size IV: 8 bytes
    support for replay detection: Y
    Status: ACTIVE

    the arrival ah sas:

    SAS of the CFP on arrival:

    outgoing esp sas:
    SPI: 0x3E9D820B (1050509835)
    transform: esp-3des esp-md5-hmac.
    running parameters = {Tunnel}
    Conn ID: 30, flow_id: Motorola SEC 1.0:30, card crypto: mycryptomap
    calendar of his: service life remaining (k/s) key: (4394007/1196)
    Size IV: 8 bytes
    support for replay detection: Y
    Status: ACTIVE

    outgoing ah sas:

    outgoing CFP sas:

    VPN configuration is less in cisco router

    access-list 101 permit ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
    access-list 101 permit ip 172.19.206.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
    access-list 101 permit ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
    access-list 101 permit ip 172.19.203.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
    access-list 101 permit ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connect
    access-list 101 permit ip 172.19.209.0 0.0.0.255 172.19.194.0 0.0.0.255 connect

    access-list 105 deny ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
    access-list 105 deny ip 172.19.206.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
    access-list 105 deny ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
    access-list 105 deny ip 172.19.203.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
    access-list 105 deny ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connect
    access-list 105 deny ip 172.19.209.0 0.0.0.255 172.19.194.0 0.0.0.255 connect

    sheep allowed 10 route map
    corresponds to the IP 105

    Crypto ipsec transform-set esp-3des esp-md5-hmac mytransformset

    mycryptomap 100 ipsec-isakmp crypto map
    the value of 87.x.x.4 peer
    Set transform-set mytransformset
    match address 101

    crypto ISAKMP policy 100
    BA 3des
    md5 hash
    preshared authentication
    Group 2
    ISAKMP crypto key xxx2011 address 87.x.x.4

    Your permit for 105 ACL statement should be down is changed to match because it is the most general ACL.

    You currently have:

    Extend the 105 IP access list
    5 permit ip 172.19.194.0 0.0.0.255 (18585 matches)
    10 deny ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
    30 deny ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
    50 deny ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connect

    It should be:

    Extend the 105 IP access list
    10 deny ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
    30 deny ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
    50 deny ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connect

    IP 172.19.194.0 allow 60 0.0.0.255 (18585 matches)

    To remove it and add it to the bottom:

    105 extended IP access list

    not 5

    IP 172.19.194.0 allow 60 0.0.0.255 any

    Then ' delete ip nat trans. "

    and it should work now.

  • LACP hash between N3048 and CISCO SG300/SG200 + question Twinax attach direct cable

    Hello

    In my network I have deployed two new N3048 with 2 transceivers SPF + and SPF module back + as core switches are connected to other 3 switches from edge of N2048 using optical fiber and I reused my previous CISCO SG300 and SG200 goes to serve the other two boxes of my campus via the spine in copper.

    I have 4 copper cable which starts from the hub of the SG300 network and 2 the SG200 brass. I set up to have a redundant connection using 2 + 2 with SG300 and 1 + 1 with SG200 RSTP.

    So for the SG300 I re LAG + LACP to have two channels of the N3048s port, but now that a single cable is connected because I don't know what kind of LACP hash mode should I put on N3048 to have a compatible hash between Dell and Cisco switches.

    My N3048 have mode 7 (Advanced hash) as default but I guess that cisco models do not understand... so, what mode is the best for LACP work perfectly with small business cisco switches?

    I also received my twinax cables to connect my two N3048 via SPF + back modules... conhot can I plug the cables into the slots SPF + (already mounted) without turning off my basic switches?

    Thank you!

    See you soon

    Cables can be connected/disconnected, but I don't know if the real module SFP + for the rear of the N3000 is hot plug.

  • Difference between Csico and Cisco Unity Connection unit

    What are the main differences between Cisco Unity and Cisco Unity Connection (version 7)

    as: 1. in Cisco Unity servers are active - failover Mode and about unity, the servers are in active-active mode

    2 Cisco Unity, knows about unity and unified messaging, integrated messaging

    What is the major difference between Unified Messaging and integrated messaging?

    Please provide some points of difference between the two...

    This may well be true today, but the gap could soon close... otherwise disappear.  Cisco is currently in EFT (field-tested at the beginning) or testing "beta" for the connection of the Unit 8.5 (1), which aims to add features of Unified Messaging Unit connection using WebDav for Exchange 2003 and Exchange Web Services (EWS) for Exchange 2007/2010.  Just a nugget to think when you consider the timing of your client to install and what platform would be best suited to most environments.  Take a look at this blog for more information/thoughts:

    http://www.netcraftsmen.NET/resources/blogs/unity-connection-with-Unified-Messaging-where-will-unity-fit-in.html?blogger=David+Hailey

    Hailey

    Please note the useful messages!

  • Active FTP problem between Checkpoint and Cisco PIX

    Hello

    I am facing a strange problem.

    Many of our customers have achieved a Checkpoint FW-1/VPN-1 4.1 SP6 (the last before NG). When they try to connect to an FTP server that is located behind a Cisco PIX firewall, they are not able to transfer data: the connection is established, the authentication to follow, but at the stage of the 'LIST' the connection 'freeze' and the user must close the FTP client.

    Users are facing this problem ONLY in Active mode: passive mode works very well. Turn passive mode FTP client isn't acceptable workaround for most of my clients.

    The problem seems to be related only to the firewall Cisco PIX and active FTP.

    Please, what is someone encountered the same problem?

    Could someone give me any help?

    Thank you in advance.

    Paolo

    Yes it is a (global) problem, even with the last checkpoint firewalls. What happens with Active FTP, it's that each command (get, list, etc.) causes another log on the client (source port) to the server on port 21. If you run netstat from the customer you can check this for yourself.

    What normally happens, with HTTP, FTP, telnet, which have are, it's that the client makes a connection to port 21, 23 etc then returns with a port source such as 1936, 1980, 3000, etc..

    Connect problem with statefull firewall is they do not allow multiple sessions control port number on a destination, as well as a source port can be bound to a destination port, in this case, 21 for FTP. I Don t see it changed, an extreme security risk any time soon, since it s, someone else might be hopping session and block this type of traffic, it's what the stateful firewall are all about and FTP servers are problably the machines more pirated on the planet.

    You´ve mentioned the workaround solution, unfortunately that s the only way, change your passive customers, I think that Unix/Linux customers have a problem with this, change your FTP server can also help, there are multiple servers that can be configured to disable Active FTP, I wouldn know exactly, I only network & firewall... maybe someone else can move on this...

  • EZVPN between ASA and Cisco 2801

    Hi Experts,

    Need help with establishing ezvpn. I have a Cisco 2801 with the following configuration:

    router version 124 - 24.T3 (advanceipservicesk9)

    Crypto ipsec client ezvpn BOS-BACKUP
    connect auto
    Group bosnsw keys clar3nc3
    client mode
    peer 202.47.85.1
    xauth userid interactive mode

    interface FastEthernet0/0
    IP 10.80.3.85 255.255.255.0
    automatic duplex
    automatic speed
    Crypto ipsec client ezvpn BOS-BACKUP inside

    the Cellular0/1/0 interface
    the negotiated IP address
    encapsulation ppp
    load-interval 60
    Broadband Dialer
    GSM Transmitter station
    Dialer-Group 2
    interactive asynchronous mode
    no fair queue
    a model of PPP chap hostname
    PPP chap 0 dummy password
    PPP ipcp dns request
    Crypto ipsec client ezvpn BOS-BACKUP
    !
    IP route 0.0.0.0 0.0.0.0 Cellular0/1/0
    !
    Dialer-list 2 ip protocol allow

    Celuular interface is up and the router is able to ping the exchange of vpn:

    Router # ping 202.47.85.1

    Type to abort escape sequence.
    Send 5, echoes ICMP 100 bytes to 202.47.85.1, wait time is 2 seconds:
    !!!!!
    Success rate is 100 per cent (5/5), round-trip min/avg/max = 396/473/780 ms

    The ASA configuration:

    Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
    Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
    Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
    Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
    Crypto ipsec transform-set ESP-3DES esp-3des esp-sha-hmac
    life crypto ipsec security association seconds 28800
    Crypto ipsec kilobytes of life - safety 4608000 association
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
    Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

    card crypto OUTSIDE_map 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
    OUTSIDE_map interface card crypto OUTSIDE

    crypto ISAKMP policy 10
    preshared authentication
    3des encryption
    sha hash
    Group 2
    life 86400

    username password encrypted UaV1j04bjTagjYnj privilege 0 bosnsw
    username bosnsw attributes
    VPN-group-policy DfltGrpPolicy
    Protocol-tunnel-VPN IPSec l2tp ipsec
    No vpn-framed-ip-address

    type tunnel-group bosnsw remote access
    tunnel-group bosnsw General-attributes
    address BOS_CORPORATE pool
    No ipv6 address pool
    authentication-server-group LOCAL ACS_AUTH
    secondary-authentication-server-group no
    no accounting server group
    Group Policy - by default-BOS_CORPORATE
    No dhcp server
    No band Kingdom
    no password-management
    No substitution-disabling the account
    No band group
    gap required
    certificate-CN user name OR
    secondary username-certificate CN OR
    authentication-attr-of primary server
    authenticated-session-user principal name
    tunnel-group bosnsw webvpn-attributes
    catch-fail-group policy DfltGrpPolicy
    personalization DfltCustomization
    the aaa authentication
    No substitution-svc-download
    No message of rejection-RADIUS-
    no proxy-auth sdi
    no pre-fill-username-ssl client
    no pre-fill-username without client
    No school-pre-fill-name user-customer ssl
    No school-pre-fill-user without customer name
    DNS-Group DefaultDNS
    not without CSD
    bosnsw group of tunnel ipsec-attributes
    pre-shared-key *.
    by the peer-id-validate req
    no chain
    no point of trust
    ISAKMP retry threshold 300 keepalive 2
    no RADIUS-sdi-xauth
    ISAKMP xauth user ikev1-authentication

    BOS-NRD-IT-FW1 # sh cry isa his

    HIS active: 2
    Generate a new key SA: 0 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)
    Total SA IKE: 2

    1 peer IKE: 112.213.172.108
    Type: user role: answering machine
    Generate a new key: no State: AM_TM_INIT_XAUTH_V6H

    I've attached the output of debugging of router and firewall. Hope someone can shed some light on this issue. Thanks in advance.

    Thats is correct! You must configure the network extension mode if you want to change the IP address

    Here is the guide to configure the router and ASA in network extension mode. Hope you find it useful.

    http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_configuration_example09186a0080809222.shtml#TS1

    Thank you

    Françoise

  • What is different between iPod and iPhone

    Feel it between iPod and iPhone please.

    Basically an iPod is an iPhone that is not making telephone calls.

  • difference between cisco NAC agent and cisco Clean Access Agent

    Hi all

    If anyone has the idea on different between cisco NAC agent and cisco Clean Access Agent, please let us know your ideas.

    Thank you

    In 4.6, the agent has been revised and is now called the NAC agent.  Previous versions were called the clean access Agent.  So roughly, 4.5 and 4.1.3.2 agent are own access agents, and agents 4.6.x and 4.7.x are called NAC agents.

    Some of the changes are moving a lot of the agent configuration in an XML file, redesign of the GUI, adding a service portion (of the sort that the agent of heel is no longer necessary) and the best journaling agent.

  • LAN-to-LAN tunnel between VPN 3000 and Cisco 1721

    Hello

    I have a current LAN-to-LAN tunnel configuration between VPN 3000 (3.6) and Cisco 1721 (12.2 (11) T).

    When I use the encryption = authentication and Des-56 = ESP\MD5\HMAC-128 for the IPSec Security Association, everything works fine.

    However, I would like to Turn off encryption for some time getting the speed improvements, so I changed

    Encryption = null esp (in 1721) and to "null" in VPN-3000.

    Now the tunnel is setup but I can spend only ICMP traffic. When I pass the traffic UDP\TCP the message below appears the Cisco 1721

    % C1700_EM-1-ERROR: error in packet-rx: pad size error, id 75, hen offset 0

    Has anyone seen this behavior?

    All those put in place an IPSec Tunnel with only the ESP authentication and NO encryption between VPN-3000 and Cisco 1721?

    Thanx------Naman

    Naman,

    Disable you the vpn Accelerator? "no accel crypto engine. Sure that you can't do with a null module vpn.

    Kurtis Durrett

  • Problem with IPsec VPN between ASA and router Cisco - ping is not response

    Hello

    I don't know because the IPsec VPN does not work. This is my setup (IPsec VPN between ASA and R2):

    my network topology data:

    LAN 1 connect ASA - 1 (inside the LAN)

    PC - 10.0.1.3 255.255.255.0 10.0.1.1

    ASA - GigabitEthernet 1: 10.0.1.1 255.255.255.0

    -----------------------------------------------------------------

    ASA - 1 Connect (LAN outide) R1

    ASA - GigabitEthernet 0: 172.30.1.2 255.255.255.252

    R1 - FastEthernet 0/0: 172.30.1.1 255.255.255.252

    ---------------------------------------------------------------------

    R1 R2 to connect

    R1 - FastEthernet 0/1: 172.30.2.1 255.255.255.252

    R2 - FastEthernet 0/1: 172.30.2.2 255.255.255.252

    R2 for lan connection 2

    --------------------------------------------------------------------

    R2 to connect LAN2

    R2 - FastEthernet 0/0: 10.0.2.1 255.255.255.0

    PC - 10.0.2.3 255.255.255.0 10.0.2.1

    ASA configuration:

    1 GigabitEthernet interface
    nameif inside
    security-level 100
    IP 10.0.1.1 255.255.255.0
    no downtime
    interface GigabitEthernet 0
    nameif outside
    security-level 0
    IP 172.30.1.2 255.255.255.252
    no downtime
    Route outside 0.0.0.0 0.0.0.0 172.30.1.1

    ------------------------------------------------------------

    access-list scope LAN1 to LAN2 ip 10.0.1.0 allow 255.255.255.0 10.0.2.0 255.255.255.0
    object obj LAN
    subnet 10.0.1.0 255.255.255.0
    object obj remote network
    10.0.2.0 subnet 255.255.255.0
    NAT (inside, outside) 1 static source obj-local obj-local destination obj-remote control remote obj non-proxy-arp static

    -----------------------------------------------------------
    IKEv1 crypto policy 10
    preshared authentication
    aes encryption
    sha hash
    Group 2
    life 3600
    Crypto ikev1 allow outside
    crypto isakmp identity address

    ------------------------------------------------------------
    tunnel-group 172.30.2.2 type ipsec-l2l
    tunnel-group 172.30.2.2 ipsec-attributes
    IKEv1 pre-shared-key cisco123
    Crypto ipsec transform-set esp-aes-192 ASA1TS, esp-sha-hmac ikev1

    -------------------------------------------------------------
    card crypto ASA1VPN 10 is the LAN1 to LAN2 address
    card crypto ASA1VPN 10 set peer 172.30.2.2
    card crypto ASA1VPN 10 set transform-set ASA1TS ikev1
    card crypto ASA1VPN set 10 security-association life seconds 3600
    ASA1VPN interface card crypto outside

    R2 configuration:

    interface fastEthernet 0/0
    IP 10.0.2.1 255.255.255.0
    no downtime
    interface fastEthernet 0/1
    IP 172.30.2.2 255.255.255.252
    no downtime

    -----------------------------------------------------

    router RIP
    version 2
    Network 10.0.2.0
    network 172.30.2.0

    ------------------------------------------------------
    access-list 102 permit ahp 172.30.1.2 host 172.30.2.2
    access-list 102 permit esp 172.30.1.2 host 172.30.2.2
    access-list 102 permit udp host 172.30.1.2 host 172.30.2.2 eq isakmp
    interface fastEthernet 0/1
    IP access-group 102 to

    ------------------------------------------------------
    crypto ISAKMP policy 110
    preshared authentication
    aes encryption
    sha hash
    Group 2
    life 42300

    ------------------------------------------------------
    ISAKMP crypto key cisco123 address 172.30.1.2

    -----------------------------------------------------
    Crypto ipsec transform-set esp - aes 128 R2TS

    ------------------------------------------------------

    access-list 101 permit tcp 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255

    ------------------------------------------------------

    R2VPN 10 ipsec-isakmp crypto map
    match address 101
    defined by peer 172.30.1.2
    PFS Group1 Set
    R2TS transformation game
    86400 seconds, life of security association set
    interface fastEthernet 0/1
    card crypto R2VPN

    I don't know what the problem

    Thank you

    If the RIP is not absolutely necessary for you, try adding the default route to R2:

    IP route 0.0.0.0 0.0.0.0 172.16.2.1

    If you want to use RIP much, add permissions ACL 102:

    access-list 102 permit udp any any eq 520

  • Difference between static and dynamic encryption card

    Anyone tell me the difference between static and dynamic encryption card?

    Hi Rodrigo,

    Public static crypto map - identifies by the peers and traffic to encrypt explicitly. Generally used to host some tunnels with different profiles and characteristics (different partners, sites, location)

    So, when you have the information of the two peers than what policies we're going to use, what is the IP on both devices we normally use static VPN.

    Crypto dynamic map - is one of the ways to accommodate peer sharing the same characteristics (for example, several offices of branches share the same configuration) or peers with dynamic IP addressing (DHCP, etc.)

    For more information, please visit:

    https://supportforums.Cisco.com/document/12013476/crypto-map-based-IPSec...

    Kind regards

    Aditya

    Please evaluate the useful messages and mark the correct answers.

  • Orders between IOS and IOS - XE devices?

    Hi all

    Is there a difference in order between IOS and IOS - XE routers?  If Yes, can you please share more details on the same?

    Thank you

    Sunil Kumar

    Hello

    Most of the commands are the same for both IOS and IOS - XE.

    Here's more information:

    http://www.Cisco.com/c/en/us/products/collateral/iOS-NX-OS-software/iOS-...

    HTH

  • VPN between ASA and 871

    Hello

    I'm setting up a VPN router between 871 and ASA 5505 for the first time and having a problem. I have attached my network diagram as well as the configuration of 871 and ASA. Although the VPN tunnel is coming for example sh crypto isakmp his watch QM_IDLE and Exchange ipsec SA is successuful as well, but none of the machine can access each other. Please help as I am in desperate need to operate.

    Thank you all,.

    Jérôme

    Hello

    It seems that you are missing some required configuration. See the link below...

    http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00805e8c80.shtml

    HTH

    MS

    * Rate of useful messages *.

  • VPN between 2 routers Cisco 1841 (LAN to LAN)

    Hello

    I need to connect two offices (two different LAN) using routers cisco 1841 at both ends.

    Currently the two cisco router are in working condition and refer the internet LAN clients. (making the NAT).

    Can someone please tell us what is the easiest way to set up a VPN between two sites, so that LAN users to an office to access mail servers electronic/request to the office LAN.

    I understand that I need IPSec Site to Site VPN (I think).

    Anyonce can you please advise.

    Kind regards.

    s.nasheet wrote:
    

    Hi ,
    

    I need to connect two offices ( two different LAN's) together using cisco 1841 routers at both end.
    

    Currently both cisco router are in working order and  acting as a internet gateway to the LAN clients. ( doing NAT).
    

    Can anybody please advise what is the easiest method to configure VPN between two sites so that  LAN users at one office be able to access  the  email/application servers at the other LAN office.
    

    I understand I need IPSec Site to Site VPN  ( i think).
    

    Can anyonce please advise.
    

    Regards.

    Yes, you need a VPN site-to site. Start with this link which gives a number of examples to set up a VPN S2S between 2 routers Cisco.

    http://www.Cisco.com/en/us/Tech/tk583/TK372/tech_configuration_examples_list.html#anchor16

    Jon

  • Dot1x - difference between "mab" and "mab eap.

    Hi guys,.

    can someone explain the difference between "mab" and "mab eap" for me?

    I'm doing dot1x with EAP - TLS with MAB as a backup method.

    The explanation that I found in the config guides are very poor.

    Thank you for your help.

    Mathias

    Hello Mathias.

    This is an old post but I stumbled across it while trying to find another post I answered before. In case you have not found an answer yet, please take a look at this thread where I think you'll find your answers.

    https://supportforums.Cisco.com/message/3768500#3768500

    Kind regards

    Thanks for the note!

Maybe you are looking for