WAAS in 2921 SRI - G2

Hi all

I have a 2921 with a switch module of the ether 16port and need to install the SM - SRE 710 for WAAS.

2921 G0/1 is the WAN 10.1.1.1 and internal port G1/0 LAN 10.1.2.1

How can I assign IP addresses to the SRE module so that I can use WCCP to direct traffic to the correct interface.

Or is this not possible with already installed ESM.

Hello

I think it works very well.

Through the SM0 interface you configure the IP address of router-side (command "ip address... ") as well as the IP address side WAAS ("module of service address ip... ") and WAAS side gateway by default ('service-module ip default-gateway '). You must use a subnet here, which is not used anywhere else on your network. See also here:
http://www.Cisco.com/c/en/us/TD/docs/routers/access/interfaces/software/feature/guide/ISM-SM-SRE.html#wp1140891

In order to configure WCCP redirect, that's all that is necessary. Of course, you must also adjust the routing in your networkf to ensure that the new subnet is accessible, you can reach WAAS on the SRE for the purposes of management (including the management of a WAAS CM).

Side of WAAS would then give you the IP address of router-side of the SM0 interface in the list of WCCP router.

Kind regards
Michael

Tags: Cisco DataCenter

Similar Questions

  • VPN IPsec: several LAN on one side - is it possible?

    Hi people!

    I have an IPsec Site to Site VPN branch (R2). There was a single LAN (LAN1) at HQ and another (LAN2) on the Executive.

    The tunnel end points:

    • R1 - Microsoft ISA Server
    • R2 - Cisco 2921 SRI

    LAN3 was created recently, behind R2 (see image below):

    So, I need to access LAN3 of LAN1. How could I solve this problem? I see two options for now.

    OPTION 1: Create a separate tunnel between R1 and R2

    I see a problem here:

    1. How to set a key for this tunnel?
      If I run something like this:
      ISAKMP crypto key LAN1_to_LAN2_key address 1.1.1.1
      then LAN1, LAN2 tunnel will be abandoned due to the modified key
    2. Everything else looks good - political maps, road maps, etc.
      Traffic stand between them

    OPTION 2: Create a summary route in config VPN

    Questions:

    1. R1 does not seem to support this kind of configuration (source, article "political quick mode negotiation fails with an error 'No configured policy'")

    How could I solve this problem?

    Running-config (security framework) is attached

    On the side of Cisco, it's easy to solve. I can't explain how to fix the side R1 Microsoft but suspect that it is not difficult.

    You don't want a second tunnel to solve this problem. You want to modify the access list that identifies the traffic is encrypted. If it were me, I would add this line to your existing access list

     permit ip 192.168.3.0 0.0.0.255 192.168.101.0 0.0.0.255

    or alternatively, you can replace this line

     permit ip 192.168.2.0 0.0.0.255 192.168.101.0 0.0.0.255

    with this line

     permit ip 192.168.2.0 0.0.1.255 192.168.101.0 0.0.0.255

    HTH

    Rick

  • Implementation of QoS on the border routers

    Hi all

    I have a question about the implementation of QoS in the local network. There are a bunch of L3 - L2 switches with the support of 802.1 p. 2921 SRI is on the edge of the network. I need to ensure service to certain types of traffic in the event of congestion of the uplink to the internet (attached).

    I could somehow score interesting traffic on RSR on the side LAN and apply a QoS policy? What criteria should I use? Thanks in advance.

    Hello

    Yes it is possible. You can try using the model from the following link:

    http://www.Cisco.com/c/en/us/TD/docs/solutions/Enterprise/WAN_and_MAN/QO...

    There are also other scenarios of QoS in the the reference Network Solution of QoS above Enterprise Design Guide.

    HTH,

    Alex

    * Please note the useful messages

  • IOS VPN will not respond to connections Cisco VPN Client.

    Hi all

    I'll put my routers fire here.

    I have two 2921 SRI both with licenses of security concerning leased lines separated. I configured one to accept our workers to remote Client VPN Cisco VPN connections.

    I have followed the set up process I used on another site with a router 1841/s and the same customers and I have also checked against the config given in the last guide of IOS15 EasyVPN.

    With debugs all assets, all I see is

    038062: 14:03:04.519 Dec 8: ISAKMP (0): received x.y.z.z dport-60225 Global (N) SA NEW 500 sport package
    038063: 14:03:04.519 Dec 8: ISAKMP: created a struct peer x.y.z.z, peer port 60225
    038064: 14:03:04.519 Dec 8: ISAKMP: new position created post = 0x3972090C peer_handle = 0x8001D881
    038065: 14:03:04.523 Dec 8: ISAKMP: lock struct 0x3972090C, refcount 1 to peer crypto_isakmp_process_block
    038066: 14:03:04.523 Dec 8: ISAKMP: (0): client setting Configuration parameters 3E156D70
    038067: 14:03:10.027 Dec 8: ISAKMP (0): packet received x.y.z.z dport 500 sport 60225 Global (R) MM_NO_STATE

    Here is the abbreviated config.

    System image file is "flash0:c2900 - universalk9-mz.» Spa. 154 - 1.T1.bin.

    AAA new-model
    !
    !
    AAA authentication login default local
    local VPNAUTH AAA authentication login
    AAA authorization exec default local
    local authorization AAA VPN network
    !
    !
    !
    !
    !
    AAA - the id of the joint session

    crypto ISAKMP policy 10
    BA aes
    preshared authentication
    Group 14

    ISAKMP crypto group configuration of VPN client
    key ****-****-****-****
    DNS 192.168.177.207 192.168.177.3
    xxx.local field
    pool VPNADDRESSES
    ACL REVERSEROUTE

    Crypto ipsec transform-set aes - esp esp-sha-hmac HASH
    tunnel mode

    Profile of crypto ipsec IPSECPROFILE
    the HASH transform-set value

    dynamic-map crypto VPN 1
    the HASH transform-set value
    market arriere-route
    !
    !
    list of authentication of card crypto client VPN VPNAUTH
    card crypto VPN VPN isakmp authorization list
    crypto map VPN client configuration address respond
    card crypto 65535-isakmp dynamic VPN ipsec VPN
    !
    !
    local IP VPNADDRESSES 172.16.198.16 pool 172.16.198.31

    REVERSEROUTE extended IP access list
    IP 192.168.0.0 allow 0.0.255.255 everything
    Licensing ip 10.0.0.0 0.0.0.255 any

    scope of IP-FIREWALL access list
    2 allow any host a.b.c.d eq non500-isakmp udp
    3 allow any host a.b.c.d eq isakmp udp
    4 ahp permits any host a.b.c.d
    5 esp of the permit any host a.b.c.d

    If anyone can see anything wrong, I would be very happy and it would save the destruction of a seemingly innocent router.

    Thank you

    Paul

    > I would be so happy and it would save the destruction of a seemingly innocent router.

    No, which won't work! But instead of destroying the router, I can do it for you. Just send it to me... ;-)

    OK, now more serious...

    1. The default Cisco IPSec client uses only DH group 2, while you set up the 14. Try to use Group 2 in your isakmp policy.
    2. You have your virtual model in place? She is not in the config.

  • License of dry and Cisco 2901

    Hi guys,.

    CISCO2901-V/K9 can support IPSec VPN Tunnel or should I order SL-29-SEC-K9 in order to create IPSec?

    Guys do you know where I can find the support of the Cisco router boot feature?

    Thank you for helping me!

    Hello Harry,.

    You can check this:

    Software licenses available on the ISR G2

    C2900 router is a powerful platform, but it requires the license of security for VPN support.

    The SSEC-K9 license removes the reduction applied by the US Government on the encrypted tunnel and encrypted flow export restrictions. SSEC-K9 is available only on the Cisco 2921, 2951 Cisco, Cisco 3925, 3945 Cisco, Cisco 3925th and 3945TH Cisco. With the SSEC-K9 license, the ISR G2 router can go above the limit of the reduction of the maximum of 225 tunnels for IP (IPsec) security and the flow rate of 85 Mbps of one-way traffic in or out the ISR G2 router encrypted, with a total of 170 Mbps bidirectional / s.

    Cisco 1941 and 2901 2911 already have maximum encryption within the limits of export capabilities. The HSEC license requires pre-installed image of the universalk9 and license DRY.

    FL-29-HSEC-K9

    US Export Restriction Compliance license for 2921/2951

    2921 SRI and SRI 2951

    SEC - K9 license

    Ordered with system license

    FL-29-HSEC-K9 =.

    US Export Restriction Compliance license for 2921/2951

    2921 SRI and SRI 2951

    SEC - K9 license

    Paper PAK spare

    L FL-29-HSEC-K9 =

    US Export Restriction Compliance license for 2921/2951

    2921 SRI and SRI 2951

    SEC - K9 license

    PAK electronic alternative

    HTH.

    Update: the previous post included the wrong table.

  • SRI-WAAS, Manager of plant by the name of "No.-HOSTNAME".

    Hello!

    Im trying to record 4 ISR-WAAS to a manager of the plant, but every time I run the installation procedure, the first SRI-WAAS record well, but with the host name NON-HOSTNAME; and the next SRI WAAS also. For this reason, I got an error message that there is another device with this hostname and I can't change it! ...

    Already try the command hostname inside the console of the SRI-WAAS, but does not work... I also tried to change the host name in the Central Manager, but I can't find the way.

    Any advice?

    Thanks in advance.

    Hello

    Looks like you're having Bug CSCuu23859.

    The SRI-WAAS release notes say that this problem has been fixed in the software v5.5.5 (according to the screenshot you run v5.5.1)

    BugSearch CSCuu23859

    SRI-WAAS release notes

    Best regards

    Andreas

  • SRI-WAAS with two routers

    Hello!

    Is it possible to have two routers (including one with RSR-WAAS and the other without) on a remote site router without ISR-WAAS to use the ISR-WAAS of the other router? (I have only finddual router with dual WAAS SRI in the CVD).

    Concerning

    Michael

    Hi Michael,

    Yes it is possible.

    However, the Redirect method depends on what type of router without ISR-WAAS is:

    another report of research international-4000:

    You can use AppNav (the two routers in the same groups of Application Controller & the SRI-WAAS as the sole member af of the AV/Waas node group).

    almost any other router:

    You can use WCCP on both routers redirecting to the SRI-WAAS.

    Best regards

    Finn

  • SRI-WAAS and AppNav

    Hi all

    Situation is the following. I have 2 routers x 4351-AX with the SSD upgrades and memory etc. Let's finish MPLS and other internet DMVPN or similar and both with RSR-WAAS configured.

    Is there an argument to have these set up a stand-alone WAAS devices or should they be in a cluster of AppNav? There are advantages and disadvantages to each method here?

    As Akamai Connect running on just the unit facing internet, does that mean it shouldn't be part of a cluster of AppNav?

    Thanks in advance.

    You should have configured cluster AppNav SRI-WAAS part. You can not have WCCP on the single Appnav SRI-WAAS interception.

    The new WAAS codes may work with Akamai to connect.

    http://www.Cisco.com/c/en/us/solutions/collateral/enterprise-networks/in...

    http://www.Cisco.com/c/en/us/TD/docs/app_ntwk_services/WAAS/WAAS/V551/No...

  • CSCuy98373 - Dead State SRI WAAS C4331 SN when running traffic with 3.16.02 XE

    We have the same problem as #CSCuy98373 with IOS - XE 3.17.02.S output (i.e. 15 (6) 1.S2).

    Be it resolved in the next version of 3.17?

    Hello

    The fix for CSCuy98373 in 3.17.02.S will be fixed in 3.17.03.S. ETA is early December.

    While on the subject of CSCuy98373, same problem is fixed with CSCuy32345 for 16.2 and 16.3 release trains.

    I hope this helps... Pascale

  • Apple in Sri Lanka support

    I find it frustrating that Apple didn't always options (other than authorized dealers) support for customers in Sri Lanka. I hope if I can draw enough attention to this thread I think that Apple would take notice?

    I really don't want to trust to authorized dealers here with my requests for support, simply because of their non-compliant with standards knowledge. I had bad experiences. If only Apple could have phone support for Sri Lanka, or at least a space online.

    I know that some progress has been made in many other countries in APAC, I think it's time that Apple gave us a little more attention.

    We are here all users and Apple here is moderation of the forum (without "retail" or "support")

    The best place for your suggestions Feedback - Apple Store - Apple , I think that

    I'm not sure that this one would address your concerns, but maybe Apple Support Feedback

  • I can not use apple pay to sri lanka?

    I can not use apple pay to sri lanka?

    Hello

    Apple pay has not yet launched in Sri Lanka.

    More information:

    Apple pays participating banks and cards store - Apple Support

  • Disk failure hard satellite L850 - claim under warranty in Sri Lanka

    My brother bought me a Satellite L850 of UAE UNITED a month ago.
    But I'm in sri lanka.

    The problem is now the hard drive does not start and it says to replace the hard drive.
    I have the card with me.

    My question is can I claim the warranty in Sri Lanka?

    Please help me soon as soon as possible.
    Thank you.

    Hello

    If you have not purchased the additional international interest, portable computer s hardware problems can be set only in the country where the phone was purchased.

    But AFAIK that parts such as HARD drive or memory are set at the user level.
    Maybe you n t need to send the laptop to UNITED Arab Emirates for a fix, but maybe the guys would be able to send you a HARD drive under warranty conditions.

    Here you can get all the details on the FSA available worldwide.
    http://www.Toshiba.EU/innovation/generic/ASP_SUPPORT/

    I recommend you to contact the ASP and ask for assistance

  • Model Australian Satellite A660 - issue of guarantee for Sri Lanka

    I have a toshiba Satellite A660 baught in Australia.
    I am in Sri Lanka at the moment and I need to get my repaired unit. It is still under warranty.

    When I contacted Toshiba guy in Sri Lanka, they say I must record the ion online computer area.
    Or if I pay a fee of $45 flat work. Can someone elihten me about this process? I wasn't aware that my machine should be registered for the service?

    Guy also says to read the warranty booklet, I got hot with the machine which I don't have with me. If someone can explain?

    Thank you

    Hello

    Here, you can page warranty Toshiba Australian:
    http://www.MyToshiba.com.au/support/warranty/statements

    You can find the statements of warranty for Toshiba products purchased in Australia.

    As far as I know the standard warranty is valid and valid for 12 months in Australia only.
    If you are outside Australia and you want to use the guarantee you need a limited international warranty that applies to all services outside the Australia and the New Zealand.

  • Satellite L - can I get guaranteed in sri lanka for Australian notebook?

    I bought my laptop in the Australia, but now I'm in sri lanka. so I need to know, who can get guaranteed in sri lanka?

    Hello

    I checked the Australian Toshiba page about the warranty, and it seems that you can handle the case of warranty in Australia and New Zealand. I doubt you can get security in Sri Lanka.

    But you can ask to the authorized service provider it how to handle this case ;)

  • I'll buy 6 s - model No. mkqv2ah/a in qatar. This device will support sri lanka face time? Sri lanka face the time not forbidden.

    I'll buy 6 s - model No. mkqv2ah/a in qatar. This device will support sri lanka face time? Sri lanka face the time not forbidden.

    No, any device purchased from a country where the FaceTime is prohibited or limited to certain carriers can never have Facetime out of that country, or with other companies except those he goes on.

    If you want an iPhone for FaceTime, buy it in a country where it is not prohibited or limited.

    Also, note that iPhone warranty is limited to the country of purchase, so if something haopens to the iPhone that requires a repair of office you will need to consider physically return to the country of purchase.

    Its best to buy the iPhone in the country that you intend to use.

Maybe you are looking for

  • Calculate the average per slot?

    Hi Chaps, I am a beginner on numbers (almost everything on Mac I would say) and I need help to calculate average values. These are calculated values (column 2) taken on a specific time of the day (column 1).I managed to create a third using a built-i

  • Scroll bar can be moved by the mouse cursor. Scrolling is generally lag.

    When I updated Firefox to version 9.01, my experience of the browser is that its generally slower (current running on an HP Envy 15 ") than the previous version. I tried the Beta 10 and the same problems occur. However, if I restart Firefox in safe m

  • Black screen because of a video driver when the computer loading.

    I tried to change my video driver and now I get a black screen when loading Windows Vista.  How can I regulate the video driver or any other suggestions?

  • Windows Disk Defragmenter is blocked

    I spin that my windows fragmenteur disk which I do not have courses within a certain time.  It worked for 3-4 days and is 7.  How long again is this thing is going to run and it will speed up my office when it finally? I have Windows 7

  • Upgrading vs buying new PSE

    Today, in order to improve PSE from13 to 14, is $20. U.S. more to buy new. Would I have problems with my current files of PES and the Organizer if I bought nine instead of the upgrade?