Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi I have a new ISR4321 router which is replacing an ISR877. The ISR4321 has two IPSEC over VTI connections to two other ISR's. The ISR4321 is unable to establish IPSEC over VTI, but simple GRE over VTI works fine. The ISAKMP response on the remote I...
Hi,Setup:I have 10 sites using 877's, latest IOS 12.4.T, and all are in a mesh configuration.Each site also has a port forward rule SMTP rule from the internet to the local Exchange 2007 server.Problem:My issue is that if I telnet to port 25 on an Ex...
Hi,Is it possible to forward a range of ports when using the following command:ip nat inside source static tcp <ip> <port> <ip> <port> The only way I can think of is to use a route-map command, but I can seem to get this working.RegardsAndrewp.s. I d...
Hi,I have a 877 using PPPoA with a /28 public network. For this example lets just say the network address is 217.10.10.0/28 and .7 is used as the GW. Heres a cut down config :!!crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group...
The other option when this error is encountered is to "Perform a complete reimage" of the device. The process has been outlined at the below link. https://sd.datcom.net/portal/?r=kb:view:1940
Hi Igor,
Easy fix in the end. I altered the NAT ACL to just include the subnet of the local LAN: -
Before: -
object-group network OGN_RFC1918
10.0.0.0 255.0.0.0
192.168.0.0 255.255.0.0
172.0.0.0 255.224.0.0
ip nat inside source list ACL_NAT i...
Hello Igor,
I have yet to find a solution, if I do I will post it in this thread. If you have the same problem on the same model router it could be a hardware issue.
Thanks,
Andrew
HiConfig attached. I don't think it's an ACL issue as I get the same error when I add 'ip any any'. The issue seems to be the port number in the debug output, I can't find anyone else who has the same issue! The source/peer port should be 500 for IS...
Hi, This is the remote side: - R1003951#sh runBuilding configuration...Current configuration : 5853 bytes!! Last configuration change at 10:29:46 BST Fri Sep 22 2017 by COMPANY! NVRAM config last updated at 04:00:00 BST Wed Sep 27 2017! NVRAM config ...
