Active Established TCPs When Offline?
Mar 26, 2013
how its possible that even when I turn off wifi on the laptop and even disconnect the modem that when I type netstat into CMD that there is still one or two TCP ESTABLISHED connections? I have waited as long as an hour and there are still established connections even though I am not connected to my internet. if I shut down the computer and reload it again with the router unplugged there will be either no connections or maybe one TIME WAIT connection for one or two IPs. but as soon as I reconnect to the internet then disconnect, the same thing happens where there are established connections to the laptop even though I am not connected to the internet.I use ccleaner to remove all cookies between sessions.
View 4 Replies
ADVERTISEMENT
Jul 17, 2012
I have a pair of ASA 5520s operating in failover pair as active/standby, having two contexts on them. I am planning to share the load and make it active/active making first context active on the primary unit and second context active on the secondary unit. My question is if this will disrupt any connectivity thru these firewalls when I do "no failover" on the active/standby and assign the contexts to different failover groups and enable the failover back.
View 6 Replies
View Related
Mar 20, 2012
I am looking at deploying a pair of 5585X's in an active/active multiple context state. I am creating Mulitple contexts that need to be able to route to each other. I was going to deploy a type of Gateway context that has a shared interface to all of the other contexts, instead of sharing interfaces directly between the contexts, i beleive this will work as basically i am just cascadng the contexts and sharing interfaces.
The main problem i have come across, is that if i deploy active/active across two appliances using 2 failover groups i can not see a way to route between them, for example.
I have Context 1, Context 2 and Context GW A including the shared interfaces of Con1 and Con2 in failover group 1 on appliance A with the respective standbys on Appliance 2. I have Context 2, Context 4 and Context GW B including the shared interfaces of Con 3 and Con 4 in failover group 2 on appliance B with the respective standbys on Appliance 1.
I need to be able to route traffic between Context GW A and GW B so that the contexts can communicate in normal operation and in failover. I do not beleive that I can share an interface between contexts in two separate failover groups and to be honest without adding a L3 device between the appliances i am not sure if this is possible.
View 9 Replies
View Related
Dec 17, 2012
I have two ASA 5510s running in Active/Active mode. I need to make config changes on them. How do I go about it? Do I power off the secondary ASA and make the config changes on the primary and then power on the secondary ASA ? Or this another way to do this?
View 3 Replies
View Related
Jun 1, 2011
I have an ASA5520 in location A with an ISP connection and a matching ASA5520 in location B with a separate ISP connection. We have fiber connecting the two locations and vlans passing back and forth so I will be able to configure the failover via a vlan as well as extend the ISP's to each location via vlans. The Active/Active configuration with the multiple security contexts does not seem to be an issue but how is a redundant ISP configured in this mode?We want to have context A using the ASA in location A with ISP1 as the primary and failing over to ISP 2 in locaiton B We also want to have context B using the ASA in location B with ISP 2 as the primary and failing over to ISP1 in location A Would route tracking provide the desired result? Is there a better option?
View 1 Replies
View Related
Feb 7, 2012
The 6509 Series Switches support the scenario VSS Active-Active Chassis, I would like to setup both switch's as one virtual switch but working at the same time, not with Active - Stand By Chassis.
My plans it to create PortChannel accross both Switches 6509 in order to have 2 links one connected to one slot/switch and the other connected to slot/switch in the second 6509 for servers redundancy.
View 1 Replies
View Related
Jun 10, 2012
I am working on a network which has two ISP connections (Active/Active) terminating on router (ASR1000). From the LAN side (6500 switch) all the traffic need to be route on ISP1 but some of the specific subnets like 10.250.0.0/16 need to be route on ISP2 connection.
I am planning to use PBR and NAT with route maps. any documents or refrences are provided.
(access switches)---------(core switch)----------(routers)----------------(ISP1)
----------------------(ISP2)
View 1 Replies
View Related
Apr 10, 2011
I faced one problem in our core switch 4507 R . Active sup lost connection and standby came active. We got lot of errors/alerts on console shown below. [Code] Also when I reloaded the switch with reload command only both sups got reloaded but I want to reload all the modules but reload command do not gives any options for that.
View 2 Replies
View Related
Mar 30, 2011
I have 2 asa 5520 firewalls including and 1 AIP-SSM-10 module in each of them. the configuration is set using active/active failover and context mode.
Both of them run individualy the IPS module. The IPS is configured using inline mode and fail-open option. However when one of the module fails and the state is changing from up to init or anything else making the IPS to fail then failover is detected and ASA consider it as failover and bounce context to the other unit.
IPS soft is 6.0(4) and ASA soft is 8.0(3)
I have checked cisco doc and it is confusing to me. it says: "The AIP-SSM does not participate in stateful failover if stateful failover is configured on the ASA failover pair." but it really does participate. Running is not really an option because of production network impact matter..
View 2 Replies
View Related
Sep 19, 2011
We have an Active/Active ASA 5520 setup, as i know in Active/Active setup there is no remote VPN access, So i could overcome this limitations?I have a solution but i dont know if it is ablecable or not? we have a spare ASA 5510, so i can use it behind Active/Active Firewalls and assign a public static NAT IP address to it and open all IPSEC and VPN ports and let the remote users to connect to it, is this ablecable setup or not?
View 1 Replies
View Related
Dec 27, 2011
its possible to set up active/active failover using etherchannel on 5585s?
View 1 Replies
View Related
Mar 17, 2013
How to Configure ASA5520 for Active/Active
View 8 Replies
View Related
May 7, 2007
our application team is mandating, that the solution we should come up with for SLB, should support Active/Active mode of SLB operation.
My question, is this mode of operation supported/accredited by Cisco, and what is the draw back from the traditional active/standby.
View 2 Replies
View Related
Sep 12, 2011
internet connection could not be established. the port used was closed.
View 1 Replies
View Related
May 27, 2012
I have the netgear wndr4500 setup on my home theater shelves which are located in the corner of the room. When using my ASus G74sx with the Atheros 9002 wifi I consistently get disconnected. The wifi connection is lost and needs to be re-established.
Interestingly, when I am using the laptop downstairs the disconnects never happen. I have pored over my router's settings, updated to the latest firmware, as well as installed the latest drivers on the laptop. I also tried setting the router to short preamble and changing the channels to 11and automatic.
View 1 Replies
View Related
May 2, 2012
I have two 5510's that I am trying to get a tunnel established. One has an exsistinig tunnel to a 5505 that works but I cant get the next one to get past the first phase. I have sanitized the attached configs
View 5 Replies
View Related
Aug 17, 2012
I use win7 os and samsung e2652 champ duos mobile. When I connect mobile to pc, the dial-up connection not established and show the error 777: the modem on the remote computer is out of order.
View 1 Replies
View Related
Apr 3, 2013
Using Cisco IOS 12.x+ on a router.How would create an ACL that will only allow access to a port from the inside only after it has been established. i.e. similar to port triggering? Inside host 10.1.1.60 needs to use port 61200 for bit torrent. Dont want the port to be visible as open to the global net accept when the host 10.1.1.60 establishes the connection first.That way a port doesnt have to be left open 24-7.
View 4 Replies
View Related
Jan 20, 2013
i successfully established site to site with 2 two ASA 5010. The problem is that traffic on not passing, This is current setup:1) Left side : only 1 private network 3) Right side : 1 private network, management network, 2 DMZ networks with public IP, On right ASA some netting is setup so servers in DMZ can be reached from private network. The goal would be that VPN client on left side can reach all resources on the right side (except management network, Just to get things going tunnel is built with only left and right private networks, but after tunnel is established i can't ping anything on other side.
View 4 Replies
View Related
Apr 7, 2013
I make a vpn site-to-site IPSEC tunnel between 2 RV110W the above ,you will find the configuration
Site1
Site 2
always the same message
View 3 Replies
View Related
Jun 19, 2011
We have an ASA 5510, with two internet connections. One inteded for VPN l2l and the other for general users inet access.
On asa 8.04, I configured the crypto map on inteface "VPNAccess" and a static route to the L2L remote peer through VPN internet access, the default rotue was pointing the general inet router.
We bought a new firewall with 8.4.1, and now asa only tries to initiate traffic if remote peer is on the default gateway.
It ignores more specific routes (i mean longer masks) and always tries to use default gateway, but only for VPN, if I make a trace route for that peers it uses correctly the routing table.
View 12 Replies
View Related
Jul 4, 2012
PPPoE connection isn't established...Config Cisco 1811 (c181x-advipservicesk9-mz.124-15.T15.bin):
...
vpdn enable
...
vpdn-group 1
request-dialin
protocol pppoe
[code].....
View 7 Replies
View Related
Jan 16, 2012
I have one ASA5520 with version 8.4(3), and a few ACL rules defined. One ACL is permit traffic from one interface(EXT_SERVICE) to another interface(DMZ_SERVICE), if i change that rule to deny traffic, all new connections that match the rule is denied, but no the established connectios. ¿Why the established connections can pass the deny rule? ¿How I can change that? I need create a ACL with deny type and stop all comunications that is running and match the deny rule.
Running-config of my ASA5520:
ciscoasa# show run
: Saved
:
ASA Version 8.4(3)
!
hostname ciscoasa
enable password 8ay2wjIyt7RRXU24 encrypted passwd 2wFQnbNIdI.2KYtU encrypted names !
interface GigabitEthernet0/0
[Code] ........
View 9 Replies
View Related
Aug 2, 2011
I have now the sa`s stablished between SRP527w and cisco 857, but If i ping from a host of Cisco side to a host of SRP side I get only rx traffic on the tunnel, the stats keep tx at 0 and ping is not answered.My tunnel is to send some voice call into IPSEC tunnel keeping DSCP bits, It comunicate SRP voice vlan with Cisco lan.
I have on SRP 2 vlans:
1 Vlan for data on ports 1,2 and 4
1 voice vlan on ports 1,2,3,4.
I connect a netbook to port 3 and I can connect to internet but I cant reach by ping the other side of the tunnel?Maybe traffic from voice vlan is being natted with data vlan ip address?I need all traffic must go into the tunnel without being natted, on cisco side I have a policy to avoid nat but don know if SRP have any problem about it too.All gateways are ok ?
View 2 Replies
View Related
Mar 18, 2013
We try to establish a Site-To-Site- IP Sec- connection between a Cisco 876 (local site) and a Check Point-firewall (remote site). The Cisco 876 is not directly connected to the internet, but is behind a DSL- Router with port-forwarding, forwarding ports 500 and 4500. The running config of the Cisco 876 is appended to this discussion thread. Unfortunately I get no output when debugging the connection with commands "debug crypto isakmp" and "debug crypto ipsec".
From the Checkpoint-firewall point of view the connection seems to establish, but there is no ping answer.
The server on the local site that should be reached from the network behind the Checkpoint-firewall has a routing entry "route -P add [inside ip-net remote] 255.255.255.0 [inside ip local]" (see also appended running config for naming of ip- addresses). Establishing a Cisco VPN- Client connection to the same Cisco 876 router works fine.
View 7 Replies
View Related
Oct 22, 2009
After I change my router, I recently found out that I cannot access remote network resources after VPN tunnel is established. I use CISCO System VPN client. I can see the connection is successful. I cannot ping server on the remote network
View 2 Replies
View Related
Apr 30, 2011
All my years on the computer and internet, i've only been connected via ethernet directly from my cable modem as i have just 1 desktop. Anyhow, i just bought a laptop yesterday and so, a router is a must to connect wirelessly. I received an old Linksys BEFW11S4 v4 router from a friend and decided to use it as it's still functional. Yes, i know it's an ancient router but i'm on a tight budget.The setup - I have the ethernet from my modem plugged into the router. I have another ethernet cable in slot #1 (router) connected to my desktop. For my laptop, it'll be a wireless connection.Issue - Now, the connection for my desktop (via ethernet cable in slot #1 on the router) works perfectly fine. I have it set up (on browser - 192.168.1.1), added the SSID, WPA Shared Key and such. The only issue is with my laptop. Everytime i switch on my laptop, i cannot establish a connection (after selecting the SSID and entering the key). The ONLY way for me to get a connection is if i power off then on the router. Each time i turn on/restart my laptop, i'll have to power off/on the router in order for me to get it to work.
View 9 Replies
View Related
Sep 15, 2011
I was hoping that the latest firmware would fix my (2) 'bugs', but it did not. We are using the RV042s at our remote medical clinics as an end-point VPN router to our Nortel 1700 VPN router, replacing our old Nortel Contivity 100s.When I try and do a reset when connected remotely via the WAN interface, the RV042 hangs and will only reset by re-powering.
View 1 Replies
View Related
Jul 22, 2012
I'm having some problems getting an ipsec tunnel established between a cisco 887VA router and a cisco srp527w router.I am working from a few text books and some example materials. I have worked through many combinations of what I have got and am still struggling a little bit.I look at debug results and it appears as though the policies do not match between the devices:
Jul 23 05:44:37.759: ISAKMP (0): received packet from XXX.XXX.XXX.XXX dport 500 sport 500 Global (R) MM_NO_STATE
broute1#
Jul 23 05:44:57.079: ISAKMP:(0):purging SA., sa=85247558, delme=85247558
broute1#
Jul 23 05:45:17.031: ISAKMP (0): received packet from XXX.XXX.XXX.XXX dport 500 sport 500 Global (N) NEW SA
[code]....
Some specific questions:
1) on the SRP in the example's I have used (and I have a few SRP->SRP VPN's that work) I see you need to enter the preshared key, I'm not seeing in the examples I have used anything about the IKE preshared key on the IOS box. Any examples where you use the preshared key for IKE? I wonder if this is my primary issue as it states clearly in the log that there is no Preshared key :|
2) I have used a mish mash of names between the various sections as on the SRP the naming convention isnt the same; ie: which parts of the IPSEC negotiation come from the IKE policy section and which from the IPSEC policy section. Do the names really matter across different ends of the VPN?
3) I notice when I perform this command in the(config-crypto-map)#:
set peer FQDN
It is converted to:
set peer XXX.XXX.XXX.XXX
Is this expected? I want the device to look at the FQDN as this particular host is using DDNS and not use a static IP address.
View 4 Replies
View Related
Jan 23, 2013
I have four ACE 4710. Each pair of ACE is in one geographical location. Probes are configured so that it is checking regular regex (HTTP GET).When there is need rserver update we change text in our testpage.html (for ie. from "OK" to "SUSPEND" ) so that probe detect fail. In fact rservers are still operational, but should not accept new connections. This works fine. BUT I observed that established connection/sessions did not end up after probe fails. ACE probably wait for openned/established connections to end up and it is what I am askign for.What happens if probe fails but in fact rserver is operational? I thought that if probe fails it also end up/cut all established connections to rserver. But seems it is not true.
View 2 Replies
View Related
Jul 7, 2012
i have user connected to office using Cisco vpn client , Cisco asa 5520 acts as vpn gateway, frequently the users got disconnected from the server while the VPN still established and not disconnected!
what is the cause of the issue , where the fault is located ? how to start the troubleshooting to figure out the issue?
View 1 Replies
View Related
Oct 27, 2012
i have 2 RV048 and one RV016
I have established VPN gateway to gateway tunnels; all routers use functional DYNDNS
IPrange site 1 192.168.123.1-254 external adres x.y.z.w
IPrange site 2 192.168.124.1-254 external adres a.b.c.d
IPrange site 3 192.168.122.1-254 external adres e.f.g.h.i
site 1 with 192.168.123.x has two win 2008R2DC servers, running AD, DNS, DHCP, RRAS with address 192.168.123.4-5
i can ping the routers only if i add the route to it but cannot ping further (route add command)
if i dont establish the route then nothing pings
How can i use the tunnel to connect to the servers in site 1
View 2 Replies
View Related
Aug 14, 2010
I have the WPC54G , used on Sony Vaio, Windows XP Home Edition Version 2002 and use a Novatel Wireless MiFi 2200 Mobile Hotspot. Recently had system crash--reinstalled through recovery discs and all current Windows Update (SP3), as well as the WPC54G The WPC54G worked with various WiFi Networks and the MiFi2200 Device before crash. After "recovery", it recognize WiFi Networks, however; it does not recognize my network established through the Novatel Wireless MiFi 2200 Device. (Note: the MiFi Device is working because other computer/devices are gaining access to internet.
View 7 Replies
View Related
