Category: Cisco

Cisco ASA: Add New Subnet in an Existing Site-to-Site VPN using ASDM

Edit the Existing VPN Configuration The existing connection profile cannot be edited for the new peer information because it is bound to a specific peer. In order to edit the existing configuration, you need to perform these steps: Create a New Tunnel Group Edit the Existing Crypto Map Create a New Tunnel Group Go to Configuration … Continue reading Cisco ASA: Add New Subnet in an Existing Site-to-Site VPN using ASDM

Advertisement

Cisco device serial number explanation

Cisco devices have a standard serial number, from the serial number you can work out it's age and the location it was built. To decipher the serial number, here's how it is composed. Cisco S/N format is LLLYYWWXXXX. LLL = Location code (i.e. FOC = FoxConn China) YY = Year code (08 = 2004...09=2005...etc...) WW … Continue reading Cisco device serial number explanation

SPAN Configuration Examples

Configuring Simple SPAN session Make sure the destination interface is configured with command: # switchport monitor C2950#configure terminal C2950(config)# C2950(config)#monitor session 1 source interface fastethernet 0/2 destination interface fastethernet 0/3 no shut end C2950(config)#show monitor session 1 STATE SHOULD SHOW UP. Other Configuration Examples for SPAN This section includes the following topics: Configuration Example for a … Continue reading SPAN Configuration Examples

Cisco: Password Recovery and Factory Reset of Cisco Catalyst 2960/2900-series

Password Recovery Procedure Not surprisingly, the instructions for Cisco Password Recovery Procedure are found readily on the internet via any search engine. On this page, one merely needs to scroll down to the particular product series and click the respective link. We are interesting in the documentation for Password Recovery of the Cisco Catalyst Layer 2 fixed configuration … Continue reading Cisco: Password Recovery and Factory Reset of Cisco Catalyst 2960/2900-series

Cisco: All about errdisable (and how to enable ports disabled by it)

Errdisable is a feature that automatically disables a port on a Cisco Catalyst switch and is supported on most Catalyst switches running the Cisco IOS software. The Errdisable error disable feature was designed to inform the administrator when there is a port problem or error.  The reasons a catalyst switch can go into Errdisable mode and shutdown … Continue reading Cisco: All about errdisable (and how to enable ports disabled by it)

Tricks: How to debug a specific IPSec VPN Tunnel on Cisco.

Let’s say you’ve got a router with well over 100 IPSec VPN peers, and you’ve got this one tunnel that just won’t form correctly. Your not sure why and want nothing more than to debug the IPSec process for this one peer but you know if you debug the isakmp or ipsec process your going … Continue reading Tricks: How to debug a specific IPSec VPN Tunnel on Cisco.

Restarting VPN Tunnels on Cisco

In some rare cases, VPN Tunnels hang-up randomly and needs to be bounced or restarted to restart the VPN Tunnel negotiate that on some cases the easiest fix on VPN Down issues Check Phase 1 Status of the Tunnel: show crypto ipsec sa Normal/UP status should show: QM_IDLE (More info on Status here) Restarting VPN … Continue reading Restarting VPN Tunnels on Cisco

How to Clear IPSec VPN Remote Peer on Cisco IOS

The following command clears the crypto sessions for a remote IKE peer. You can use context sensitive help ?to find other options. This command will also reset encap/decap counters on the show crytpo ipsec sa peer <PEER_IP_ADDRESS>  output Syntax clear crypto session remote IP_ADDRESS Example: clear crypto session remote 1.1.1.1

Troubleshooting Cisco VPN Phase 2

Problem It’s been over two years since I wrote Troubleshooting Phase 1 Cisco Site to Site (L2L) VPN Tunnels. I’ve always meant to come back and write the ‘Phase 2’ article but never got around to it. This article is NOT intended to be a ‘fix all” for phase 2 problems, it’s designed to point you in the … Continue reading Troubleshooting Cisco VPN Phase 2