We recently switched two of our branches to point-to-point fiber connections to our corporate office.  Previously they were using MPLS connections.  For branch A, the ethernet handoff of the fiber is connected directly to a Catalyst 3750 gigabit port.  That port has no configuration on it.  The other end of that fiber is connected to a gigabit port on the 3750 switch at our corporate office.  That port is configured with an IP address that is within the subnet of branch A, and is operating at layer 3 due to the no switchport command.  Branch B currently has a Cisco Express 500 ethernet port (with no configuration on it) connected to the fiber hand off there.  At first we setup a port on the 3750 at our corporate office that is connected to Branch B via the fiber in the same manner.  This resulted in us receiving DCHP leases at Branch B from Branch A.  Obviously not desired.  Now we have the port on the corporate 3750 that is connected to Branch B's fiber configured with switchport vlan 64.  I also configured interface vlan 64 on that switch at corporate with an IP address from the branch B subnet.  We then set that IP address as the default IP address for devices at Branch B. We are having trouble with both an ATM and a phone system not communicating properly at Branch B.  At Branch A we are experiencing the same oddity with the phone system, but the ATM is able to communicate fully.  At branch B, when configuring a Windows Vista or Windows 7 laptop with a static IP address that is known to be available, you get transit failures when trying to ping.  Essentially everything seems to be able to route fine, but some traffic even after a full tcp hand shake seems to not transmit properly. When you configure a point-to-point fiber connection from a layer 2 switch at a location without a router to a location with a Cisco Catalyst 3750 switch as the endpoint, what is the best way to configure both sides?  Currently we only have vlan 64 configured on the port mentioned on our switch at corporate, and then the switch at Branch B is essentially operating as an unmanaged switch at the moment with all ports in vlan 1.  I could really use some assistance. Thanks in advance! Ryan ... View more

The trend graphs in the web interface for port utilization, packet error, and bandwidth utilization are all blank for both of our Catalyst 2960 switches.  I've verified that this is the case in both IE and Firefox.  Are there commands I need to input into the swtiches in order for it to track and display usage? The switches are currently running                                            12.2(44)SE6. Thanks, Ryan ... View more

Is there a way to limit the traffic that is sent over a Lan-to-Lan IPSec VPN tunnel configured on an ASA 5510 8.0(4)?  We would like to limit the traffic being sent over one of our VPN tunnels to to 12 Mbps so that the rest of our traffic going out our outside interface is not negatively impacted.  I'm guessing the answer to my question is that it's not possible, but let me know if you can think of what my best solution would be. Thanks! ... View more

I recently configured an easy vpn client connection on one of the interfaces (interface Vlan2) for our 1841 router.  This interface already has a crypto map applied to the same interface for a different peer.  The easy vpn client is actually replacing a part of the remaining crypto map entry.  I mention that only to say that when both tunnels were configured using the same crypto map, everything was fine.  The easy vpn tunnel is working fine now, and the crypto map ipsec tunnel establishes (phase 1 and 2), and even allows 2 or three packets across before traffic is seemingly not routed over the crypto map tunnel any longer.  Is there any way to get the two to play nice on the same interface?  Current config follows: version 15.0 service nagle no service pad service tcp-keepalives-in service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Router ! boot-start-marker boot system  flash:c1841-advsecurityk9-mz.150-1.M.bin boot-end-marker ! logging buffered 51200 warnings no logging console enable secret 5 xxxxxxxxxxxxxxxx ! no aaa new-model ! !        ! memory-size iomem 25 clock timezone EDT -5 dot11 syslog no ip source-route ip spd mode aggressive ! ! ! ! ip cef no ip bootp server no ip domain lookup ip domain name yourdomain.com vlan ifdescr detail ! multilink bundle-name authenticated ! ! ! ! ! license udi pid CISCO1841 sn FTX1033W0NK archive log config   hidekeys ! redundancy ! ! ip tcp selective-ack ip tcp path-mtu-discovery ! track 123 interface Vlan2 ip routing ! ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share crypto isakmp invalid-spi-recovery crypto isakmp keepalive 15 ! ! crypto ipsec transform-set myset esp-3des  esp-md5-hmac ! ! ! crypto ipsec client ezvpn BACKUP connect acl 160 ctcp group unityvpn key abcdefg mode network-extension peer z.z.z.z username testuser password test xauth userid mode local crypto ipsec client ezvpn PRIMARY connect acl 160 ctcp group unityvpn key abcdefg backup BACKUP track 123 mode network-extension peer z.z.z.z username testuser password test xauth userid mode local ! ! bridge irb ! ! ! ! interface FastEthernet0/0 ip address x.x.x.37 255.255.255.252 ip nat outside ip virtual-reassembly speed 100 full-duplex crypto ipsec client ezvpn BACKUP ! ! interface FastEthernet0/1 description LAN ip address 172.20.70.1 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto crypto ipsec client ezvpn PRIMARY inside crypto ipsec client ezvpn BACKUP inside ! ! interface FastEthernet0/1/0 switchport access vlan 2 ! ! interface FastEthernet0/1/1 ! ! interface FastEthernet0/1/2 ! ! interface FastEthernet0/1/3 ! !        interface Vlan1 no ip address ! ! interface Vlan2 ip address y.y.y.230 255.255.255.252 ip flow ingress ip nat outside ip virtual-reassembly crypto map unitymap crypto ipsec client ezvpn PRIMARY ! ! ip forward-protocol nd ip http server ip http authentication local no ip http secure-server ip http timeout-policy idle 60 life 86400  requests 10000 ! ! ip nat inside source route-map vpn interface  Vlan2 overload ip route 0.0.0.0 0.0.0.0 y.y.y.229 track 123 ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 x.x.x.38  2 !        access-list 111 deny   ip 172.20.70.0 0.0.0.255  172.20.0.0 0.0.3.255 access-list 111 permit ip 172.20.70.0 0.0.0.255  any access-list 160 permit ip 172.20.70.0 0.0.0.255  172.20.0.0 0.0.3.255 no cdp run ! ! ! route-map vpn permit 10 match ip address 111 ! ! ! control-plane ! !        bridge 1 protocol ieee bridge 1 route ip ! line con 0 line aux 0 line vty 0 4 password 7 xxxxxxxxxxxxxxxxxx login transport input telnet line vty 5 15 password 7 xxxxxxxxxxxxxxxxxx login transport input telnet ! scheduler allocate 20000 1000 end ... View more