OSPF between 6224 and Cisco please!
It is easily possible to Exchange routes using a 6224 for a Cisco 7204 OSPF? My cisco has always been eigrp between all other routers.
I have OSPF enabled on the cisco as follows:
router ospf 100
Log-adjacency-changes
redistribute subnets eigrp 1
network 172.0.0.0 0.0.0.0 area 1
What should I exactly say the 6224 to accept the cisco roads?
I can find samples for the 6024, but not the 6224
Tags: Dell Switches
Similar Questions
-
VPN between ASA and cisco router [phase2 question]
Hi all
I have a problem with IPSEC VPN between ASA and cisco router
I think that there is a problem in the phase 2
Can you please guide me where could be the problem.
I suspect questions ACL on the router, but I cannot fix. ACL on the router is specified belowLooking forward for your help
Phase 1 is like that
Cisco_router #sh crypto isakmp his
IPv4 Crypto ISAKMP Security Association
status of DST CBC State conn-id slot
78.x.x.41 87.x.x.4 QM_IDLE 2006 0 ACTIVEand ASA
ASA # sh crypto isakmp his
ITS enabled: 1
Generate a new key SA: 0 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)
Total SA IKE: 11 peer IKE: 78.x.x.41
Type: L2L role: initiator
Generate a new key: no State: MM_ACTIVEPhase 2 on SAA
ASA # sh crypto ipsec his
Interface: Outside
Tag crypto map: Outside_map, seq num: 20, local addr: 87.x.x.4Outside_cryptomap_20 ip 172.19.209.0 access list allow 255.255.255.0 172.
19.194.0 255.255.255.0
local ident (addr, mask, prot, port): (172.19.209.0/255.255.255.0/0/0)
Remote ident (addr, mask, prot, port): (172.19.194.0/255.255.255.0/0/0)
current_peer: 78.x.x.41#pkts program: 8813, #pkts encrypt: 8813, #pkts digest: 8813
#pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 8813, model of #pkts failed: 0, #pkts Dang failed: 0
#send errors: 0, #recv errors: 0local crypto endpt. : 87.x.x.4, remote Start crypto. : 78.x.x.41
Path mtu 1500, fresh ipsec generals 58, media, mtu 1500
current outbound SPI: C96393ABSAS of the esp on arrival:
SPI: 0x3E9D820B (1050509835)
transform: esp-3des esp-md5-hmac no
running parameters = {L2L, Tunnel}
slot: 0, id_conn: 7, crypto-card: Outside_map
calendar of his: service life remaining (KB/s) key: (4275000/3025)
Size IV: 8 bytes
support for replay detection: Y
outgoing esp sas:
SPI: 0xC96393AB (3378746283)
transform: esp-3des esp-md5-hmac no
running parameters = {L2L, Tunnel}
slot: 0, id_conn: 7, crypto-card: Outside_map
calendar of his: service life remaining (KB/s) key: (4274994/3023)
Size IV: 8 bytes
support for replay detection: YPhase 2 on cisco router
protégé of the vrf: (none)
local ident (addr, mask, prot, port): (172.19.209.0/255.255.255.0/0/0)
Remote ident (addr, mask, prot, port): (172.19.194.0/255.255.255.0/0/0)
current_peer 87.x.x.4 port 500
LICENCE, flags is {origin_is_acl},
#pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 0, #pkts compr. has failed: 0
#pkts not unpacked: 0, #pkts decompress failed: 0
Errors #send 0, #recv 0 errorslocal crypto endpt. : 78.x.x.41, remote Start crypto. : 87.x.x.4
Path mtu 1452, ip mtu 1452, ip mtu BID Dialer0
current outbound SPI: 0x0 (0)SAS of the esp on arrival:
the arrival ah sas:
SAS of the CFP on arrival:
outgoing esp sas:
outgoing ah sas:
outgoing CFP sas:
protégé of the vrf: (none)
local ident (addr, mask, prot, port): (172.19.194.0/255.255.255.0/0/0)
Remote ident (addr, mask, prot, port): (172.19.209.0/255.255.255.0/0/0)
current_peer 87.x.x.4 port 500
LICENCE, flags is {origin_is_acl},
#pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
#pkts decaps: 8947, #pkts decrypt: 8947, #pkts check: 8947
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 0, #pkts compr. has failed: 0
#pkts not unpacked: 0, #pkts decompress failed: 0
Errors #send 0, #recv 0 errorslocal crypto endpt. : 78.x.x.41, remote Start crypto. : 87.x.x.4
Path mtu 1452, ip mtu 1452, ip mtu BID Dialer0
current outbound SPI: 0x3E9D820B (1050509835)SAS of the esp on arrival:
SPI: 0xC96393AB (3378746283)
transform: esp-3des esp-md5-hmac.
running parameters = {Tunnel}
Conn ID: 29, flow_id: Motorola SEC 1.0:29, card crypto: mycryptomap
calendar of his: service life remaining (k/s) key: (4393981/1196)
Size IV: 8 bytes
support for replay detection: Y
Status: ACTIVEthe arrival ah sas:
SAS of the CFP on arrival:
outgoing esp sas:
SPI: 0x3E9D820B (1050509835)
transform: esp-3des esp-md5-hmac.
running parameters = {Tunnel}
Conn ID: 30, flow_id: Motorola SEC 1.0:30, card crypto: mycryptomap
calendar of his: service life remaining (k/s) key: (4394007/1196)
Size IV: 8 bytes
support for replay detection: Y
Status: ACTIVEoutgoing ah sas:
outgoing CFP sas:
VPN configuration is less in cisco router
access-list 101 permit ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
access-list 101 permit ip 172.19.206.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
access-list 101 permit ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
access-list 101 permit ip 172.19.203.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
access-list 101 permit ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connect
access-list 101 permit ip 172.19.209.0 0.0.0.255 172.19.194.0 0.0.0.255 connectaccess-list 105 deny ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
access-list 105 deny ip 172.19.206.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
access-list 105 deny ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
access-list 105 deny ip 172.19.203.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
access-list 105 deny ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connect
access-list 105 deny ip 172.19.209.0 0.0.0.255 172.19.194.0 0.0.0.255 connectsheep allowed 10 route map
corresponds to the IP 105Crypto ipsec transform-set esp-3des esp-md5-hmac mytransformset
mycryptomap 100 ipsec-isakmp crypto map
the value of 87.x.x.4 peer
Set transform-set mytransformset
match address 101crypto ISAKMP policy 100
BA 3des
md5 hash
preshared authentication
Group 2
ISAKMP crypto key xxx2011 address 87.x.x.4Your permit for 105 ACL statement should be down is changed to match because it is the most general ACL.
You currently have:
Extend the 105 IP access list
5 permit ip 172.19.194.0 0.0.0.255 (18585 matches)
10 deny ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
30 deny ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
50 deny ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connectIt should be:
Extend the 105 IP access list
10 deny ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
30 deny ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
50 deny ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connectIP 172.19.194.0 allow 60 0.0.0.255 (18585 matches)
To remove it and add it to the bottom:
105 extended IP access list
not 5
IP 172.19.194.0 allow 60 0.0.0.255 any
Then ' delete ip nat trans. "
and it should work now.
-
LACP hash between N3048 and CISCO SG300/SG200 + question Twinax attach direct cable
Hello
In my network I have deployed two new N3048 with 2 transceivers SPF + and SPF module back + as core switches are connected to other 3 switches from edge of N2048 using optical fiber and I reused my previous CISCO SG300 and SG200 goes to serve the other two boxes of my campus via the spine in copper.
I have 4 copper cable which starts from the hub of the SG300 network and 2 the SG200 brass. I set up to have a redundant connection using 2 + 2 with SG300 and 1 + 1 with SG200 RSTP.
So for the SG300 I re LAG + LACP to have two channels of the N3048s port, but now that a single cable is connected because I don't know what kind of LACP hash mode should I put on N3048 to have a compatible hash between Dell and Cisco switches.
My N3048 have mode 7 (Advanced hash) as default but I guess that cisco models do not understand... so, what mode is the best for LACP work perfectly with small business cisco switches?
I also received my twinax cables to connect my two N3048 via SPF + back modules... conhot can I plug the cables into the slots SPF + (already mounted) without turning off my basic switches?
Thank you!
See you soon
Cables can be connected/disconnected, but I don't know if the real module SFP + for the rear of the N3000 is hot plug.
-
Difference between Csico and Cisco Unity Connection unit
What are the main differences between Cisco Unity and Cisco Unity Connection (version 7)
as: 1. in Cisco Unity servers are active - failover Mode and about unity, the servers are in active-active mode
2 Cisco Unity, knows about unity and unified messaging, integrated messaging
What is the major difference between Unified Messaging and integrated messaging?
Please provide some points of difference between the two...
This may well be true today, but the gap could soon close... otherwise disappear. Cisco is currently in EFT (field-tested at the beginning) or testing "beta" for the connection of the Unit 8.5 (1), which aims to add features of Unified Messaging Unit connection using WebDav for Exchange 2003 and Exchange Web Services (EWS) for Exchange 2007/2010. Just a nugget to think when you consider the timing of your client to install and what platform would be best suited to most environments. Take a look at this blog for more information/thoughts:
Hailey
Please note the useful messages!
-
Active FTP problem between Checkpoint and Cisco PIX
Hello
I am facing a strange problem.
Many of our customers have achieved a Checkpoint FW-1/VPN-1 4.1 SP6 (the last before NG). When they try to connect to an FTP server that is located behind a Cisco PIX firewall, they are not able to transfer data: the connection is established, the authentication to follow, but at the stage of the 'LIST' the connection 'freeze' and the user must close the FTP client.
Users are facing this problem ONLY in Active mode: passive mode works very well. Turn passive mode FTP client isn't acceptable workaround for most of my clients.
The problem seems to be related only to the firewall Cisco PIX and active FTP.
Please, what is someone encountered the same problem?
Could someone give me any help?
Thank you in advance.
Paolo
Yes it is a (global) problem, even with the last checkpoint firewalls. What happens with Active FTP, it's that each command (get, list, etc.) causes another log on the client (source port) to the server on port 21. If you run netstat from the customer you can check this for yourself.
What normally happens, with HTTP, FTP, telnet, which have are, it's that the client makes a connection to port 21, 23 etc then returns with a port source such as 1936, 1980, 3000, etc..
Connect problem with statefull firewall is they do not allow multiple sessions control port number on a destination, as well as a source port can be bound to a destination port, in this case, 21 for FTP. I Don t see it changed, an extreme security risk any time soon, since it s, someone else might be hopping session and block this type of traffic, it's what the stateful firewall are all about and FTP servers are problably the machines more pirated on the planet.
You´ve mentioned the workaround solution, unfortunately that s the only way, change your passive customers, I think that Unix/Linux customers have a problem with this, change your FTP server can also help, there are multiple servers that can be configured to disable Active FTP, I wouldn know exactly, I only network & firewall... maybe someone else can move on this...
-
EZVPN between ASA and Cisco 2801
Hi Experts,
Need help with establishing ezvpn. I have a Cisco 2801 with the following configuration:
router version 124 - 24.T3 (advanceipservicesk9)
Crypto ipsec client ezvpn BOS-BACKUP
connect auto
Group bosnsw keys clar3nc3
client mode
peer 202.47.85.1
xauth userid interactive modeinterface FastEthernet0/0
IP 10.80.3.85 255.255.255.0
automatic duplex
automatic speed
Crypto ipsec client ezvpn BOS-BACKUP insidethe Cellular0/1/0 interface
the negotiated IP address
encapsulation ppp
load-interval 60
Broadband Dialer
GSM Transmitter station
Dialer-Group 2
interactive asynchronous mode
no fair queue
a model of PPP chap hostname
PPP chap 0 dummy password
PPP ipcp dns request
Crypto ipsec client ezvpn BOS-BACKUP
!
IP route 0.0.0.0 0.0.0.0 Cellular0/1/0
!
Dialer-list 2 ip protocol allowCeluular interface is up and the router is able to ping the exchange of vpn:
Router # ping 202.47.85.1
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 202.47.85.1, wait time is 2 seconds:
!!!!!
Success rate is 100 per cent (5/5), round-trip min/avg/max = 396/473/780 msThe ASA configuration:
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ESP-3DES esp-3des esp-sha-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5card crypto OUTSIDE_map 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
OUTSIDE_map interface card crypto OUTSIDEcrypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400username password encrypted UaV1j04bjTagjYnj privilege 0 bosnsw
username bosnsw attributes
VPN-group-policy DfltGrpPolicy
Protocol-tunnel-VPN IPSec l2tp ipsec
No vpn-framed-ip-addresstype tunnel-group bosnsw remote access
tunnel-group bosnsw General-attributes
address BOS_CORPORATE pool
No ipv6 address pool
authentication-server-group LOCAL ACS_AUTH
secondary-authentication-server-group no
no accounting server group
Group Policy - by default-BOS_CORPORATE
No dhcp server
No band Kingdom
no password-management
No substitution-disabling the account
No band group
gap required
certificate-CN user name OR
secondary username-certificate CN OR
authentication-attr-of primary server
authenticated-session-user principal name
tunnel-group bosnsw webvpn-attributes
catch-fail-group policy DfltGrpPolicy
personalization DfltCustomization
the aaa authentication
No substitution-svc-download
No message of rejection-RADIUS-
no proxy-auth sdi
no pre-fill-username-ssl client
no pre-fill-username without client
No school-pre-fill-name user-customer ssl
No school-pre-fill-user without customer name
DNS-Group DefaultDNS
not without CSD
bosnsw group of tunnel ipsec-attributes
pre-shared-key *.
by the peer-id-validate req
no chain
no point of trust
ISAKMP retry threshold 300 keepalive 2
no RADIUS-sdi-xauth
ISAKMP xauth user ikev1-authenticationBOS-NRD-IT-FW1 # sh cry isa his
HIS active: 2
Generate a new key SA: 0 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)
Total SA IKE: 21 peer IKE: 112.213.172.108
Type: user role: answering machine
Generate a new key: no State: AM_TM_INIT_XAUTH_V6HI've attached the output of debugging of router and firewall. Hope someone can shed some light on this issue. Thanks in advance.
Thats is correct! You must configure the network extension mode if you want to change the IP address
Here is the guide to configure the router and ASA in network extension mode. Hope you find it useful.
Thank you
Françoise
-
What is different between iPod and iPhone
Feel it between iPod and iPhone please.
Basically an iPod is an iPhone that is not making telephone calls.
-
difference between cisco NAC agent and cisco Clean Access Agent
Hi all
If anyone has the idea on different between cisco NAC agent and cisco Clean Access Agent, please let us know your ideas.
Thank you
In 4.6, the agent has been revised and is now called the NAC agent. Previous versions were called the clean access Agent. So roughly, 4.5 and 4.1.3.2 agent are own access agents, and agents 4.6.x and 4.7.x are called NAC agents.
Some of the changes are moving a lot of the agent configuration in an XML file, redesign of the GUI, adding a service portion (of the sort that the agent of heel is no longer necessary) and the best journaling agent.
-
LAN-to-LAN tunnel between VPN 3000 and Cisco 1721
Hello
I have a current LAN-to-LAN tunnel configuration between VPN 3000 (3.6) and Cisco 1721 (12.2 (11) T).
When I use the encryption = authentication and Des-56 = ESP\MD5\HMAC-128 for the IPSec Security Association, everything works fine.
However, I would like to Turn off encryption for some time getting the speed improvements, so I changed
Encryption = null esp (in 1721) and to "null" in VPN-3000.
Now the tunnel is setup but I can spend only ICMP traffic. When I pass the traffic UDP\TCP the message below appears the Cisco 1721
% C1700_EM-1-ERROR: error in packet-rx: pad size error, id 75, hen offset 0
Has anyone seen this behavior?
All those put in place an IPSec Tunnel with only the ESP authentication and NO encryption between VPN-3000 and Cisco 1721?
Thanx------Naman
Naman,
Disable you the vpn Accelerator? "no accel crypto engine. Sure that you can't do with a null module vpn.
Kurtis Durrett
-
Problem with IPsec VPN between ASA and router Cisco - ping is not response
Hello
I don't know because the IPsec VPN does not work. This is my setup (IPsec VPN between ASA and R2):
my network topology data:
LAN 1 connect ASA - 1 (inside the LAN)
PC - 10.0.1.3 255.255.255.0 10.0.1.1
ASA - GigabitEthernet 1: 10.0.1.1 255.255.255.0
-----------------------------------------------------------------
ASA - 1 Connect (LAN outide) R1
ASA - GigabitEthernet 0: 172.30.1.2 255.255.255.252
R1 - FastEthernet 0/0: 172.30.1.1 255.255.255.252
---------------------------------------------------------------------
R1 R2 to connect
R1 - FastEthernet 0/1: 172.30.2.1 255.255.255.252
R2 - FastEthernet 0/1: 172.30.2.2 255.255.255.252
R2 for lan connection 2
--------------------------------------------------------------------
R2 to connect LAN2
R2 - FastEthernet 0/0: 10.0.2.1 255.255.255.0
PC - 10.0.2.3 255.255.255.0 10.0.2.1
ASA configuration:
1 GigabitEthernet interface
nameif inside
security-level 100
IP 10.0.1.1 255.255.255.0
no downtime
interface GigabitEthernet 0
nameif outside
security-level 0
IP 172.30.1.2 255.255.255.252
no downtime
Route outside 0.0.0.0 0.0.0.0 172.30.1.1------------------------------------------------------------
access-list scope LAN1 to LAN2 ip 10.0.1.0 allow 255.255.255.0 10.0.2.0 255.255.255.0
object obj LAN
subnet 10.0.1.0 255.255.255.0
object obj remote network
10.0.2.0 subnet 255.255.255.0
NAT (inside, outside) 1 static source obj-local obj-local destination obj-remote control remote obj non-proxy-arp static-----------------------------------------------------------
IKEv1 crypto policy 10
preshared authentication
aes encryption
sha hash
Group 2
life 3600
Crypto ikev1 allow outside
crypto isakmp identity address------------------------------------------------------------
tunnel-group 172.30.2.2 type ipsec-l2l
tunnel-group 172.30.2.2 ipsec-attributes
IKEv1 pre-shared-key cisco123
Crypto ipsec transform-set esp-aes-192 ASA1TS, esp-sha-hmac ikev1-------------------------------------------------------------
card crypto ASA1VPN 10 is the LAN1 to LAN2 address
card crypto ASA1VPN 10 set peer 172.30.2.2
card crypto ASA1VPN 10 set transform-set ASA1TS ikev1
card crypto ASA1VPN set 10 security-association life seconds 3600
ASA1VPN interface card crypto outsideR2 configuration:
interface fastEthernet 0/0
IP 10.0.2.1 255.255.255.0
no downtime
interface fastEthernet 0/1
IP 172.30.2.2 255.255.255.252
no downtime-----------------------------------------------------
router RIP
version 2
Network 10.0.2.0
network 172.30.2.0------------------------------------------------------
access-list 102 permit ahp 172.30.1.2 host 172.30.2.2
access-list 102 permit esp 172.30.1.2 host 172.30.2.2
access-list 102 permit udp host 172.30.1.2 host 172.30.2.2 eq isakmp
interface fastEthernet 0/1
IP access-group 102 to------------------------------------------------------
crypto ISAKMP policy 110
preshared authentication
aes encryption
sha hash
Group 2
life 42300------------------------------------------------------
ISAKMP crypto key cisco123 address 172.30.1.2-----------------------------------------------------
Crypto ipsec transform-set esp - aes 128 R2TS------------------------------------------------------
access-list 101 permit tcp 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255
------------------------------------------------------
R2VPN 10 ipsec-isakmp crypto map
match address 101
defined by peer 172.30.1.2
PFS Group1 Set
R2TS transformation game
86400 seconds, life of security association set
interface fastEthernet 0/1
card crypto R2VPNI don't know what the problem
Thank you
If the RIP is not absolutely necessary for you, try adding the default route to R2:
IP route 0.0.0.0 0.0.0.0 172.16.2.1
If you want to use RIP much, add permissions ACL 102:
access-list 102 permit udp any any eq 520
-
Difference between static and dynamic encryption card
Anyone tell me the difference between static and dynamic encryption card?
Hi Rodrigo,
Public static crypto map - identifies by the peers and traffic to encrypt explicitly. Generally used to host some tunnels with different profiles and characteristics (different partners, sites, location)
So, when you have the information of the two peers than what policies we're going to use, what is the IP on both devices we normally use static VPN.
Crypto dynamic map - is one of the ways to accommodate peer sharing the same characteristics (for example, several offices of branches share the same configuration) or peers with dynamic IP addressing (DHCP, etc.)
For more information, please visit:
https://supportforums.Cisco.com/document/12013476/crypto-map-based-IPSec...
Kind regards
Aditya
Please evaluate the useful messages and mark the correct answers.
-
Orders between IOS and IOS - XE devices?
Hi all
Is there a difference in order between IOS and IOS - XE routers? If Yes, can you please share more details on the same?
Thank you
Sunil Kumar
Hello
Most of the commands are the same for both IOS and IOS - XE.
Here's more information:
http://www.Cisco.com/c/en/us/products/collateral/iOS-NX-OS-software/iOS-...
HTH
-
Hello
I'm setting up a VPN router between 871 and ASA 5505 for the first time and having a problem. I have attached my network diagram as well as the configuration of 871 and ASA. Although the VPN tunnel is coming for example sh crypto isakmp his watch QM_IDLE and Exchange ipsec SA is successuful as well, but none of the machine can access each other. Please help as I am in desperate need to operate.
Thank you all,.
Jérôme
Hello
It seems that you are missing some required configuration. See the link below...
http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00805e8c80.shtml
HTH
MS
* Rate of useful messages *.
-
VPN between 2 routers Cisco 1841 (LAN to LAN)
Hello
I need to connect two offices (two different LAN) using routers cisco 1841 at both ends.
Currently the two cisco router are in working condition and refer the internet LAN clients. (making the NAT).
Can someone please tell us what is the easiest way to set up a VPN between two sites, so that LAN users to an office to access mail servers electronic/request to the office LAN.
I understand that I need IPSec Site to Site VPN (I think).
Anyonce can you please advise.
Kind regards.
s.nasheet wrote:
Hi ,
I need to connect two offices ( two different LAN's) together using cisco 1841 routers at both end.
Currently both cisco router are in working order and acting as a internet gateway to the LAN clients. ( doing NAT).
Can anybody please advise what is the easiest method to configure VPN between two sites so that LAN users at one office be able to access the email/application servers at the other LAN office.
I understand I need IPSec Site to Site VPN ( i think).
Can anyonce please advise.
Regards.
Yes, you need a VPN site-to site. Start with this link which gives a number of examples to set up a VPN S2S between 2 routers Cisco.
http://www.Cisco.com/en/us/Tech/tk583/TK372/tech_configuration_examples_list.html#anchor16
Jon
-
Dot1x - difference between "mab" and "mab eap.
Hi guys,.
can someone explain the difference between "mab" and "mab eap" for me?
I'm doing dot1x with EAP - TLS with MAB as a backup method.
The explanation that I found in the config guides are very poor.
Thank you for your help.
Mathias
Hello Mathias.
This is an old post but I stumbled across it while trying to find another post I answered before. In case you have not found an answer yet, please take a look at this thread where I think you'll find your answers.
https://supportforums.Cisco.com/message/3768500#3768500
Kind regards
Thanks for the note!
Maybe you are looking for
-
Where can I find the .dll is missing from my computer files?
Original title: slbc.dll I tried to install the software of the printer on my computer, but I can't because the software tells me that I need to slbc.dll, scccbase.dll, gpkcsp.dll. and Enum. Where can I find these things?
-
I have 3 drives hard, but windows 7 install only 2 (im of a facility in xp) see of them. The strange thing is that it can not see my HDD with xp on? I tried to install it on others, but it says "Setup could not create a new partition system or locate
-
Password for KB888111 patch does not work.
Original title: 888111 KB Password for the KB 888111 fix does not work Any suggestions?
-
How to use the prtsc button please, so I can capture Bank to receive the shipment?
How to use the prtsc button please, so I can capture Bank to receive the shipment?
-
Photosmart HP 7510: FAX does not
Hello I tried to send an eFAX for my printer HP 7510. Pages feeding okay of the printer, but the printer then realized that "the your printer is not connected to a network." If please connect to a network and try again. "To test the system, I tried t