Cisco :: 5505 VPN Failed Anti-reply Checking

Apr 4, 2013

I have many VPN sites using ASA5505 with broadband connection and terminating on a single ASA5550.I have a problem with one site. they are having poor performance. One of the issues I can see is an error on the remote ASA 5505.ive tried the reccomended fix using this command: crypto ipsec security-association replay window-size 1024.

View 1 Replies


ADVERTISEMENT

DynDns Failed - Bad Reply From Server

Feb 23, 2012

Trying to set up remote access to webcam. Signed up with dyndns.org for Hostname, but when I try to set up the DDNS Service Settings in the webcam firmware it continually gives 'Bad reply from server' and I'm pretty clueless when it comes to networking! As far as I can see it requires a User name and Password plus the newly acquired Hostname as shown [URL]

View 7 Replies View Related

Cisco Firewall :: To Enable Anti Spoofing ASA 5505

Apr 24, 2011

What is Anti Spoofing in ASA 5505. Can I enable it on ASA 5505. If yes , port will be inside or Outside. ? or both ?

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - VPN NAT Overlap Subnets Remote Interface Does Not Reply

Jul 10, 2012

Not really a big problem, but not knowing the answer is killing me.  This is what I have:
 
Host 1 <-> ASA 5505 <-> VPN connection<-> ASA5510 <-> Host 2
 
The problem is when one of the hosts trys to reach the inside interface of the remote ASA.  E.g. Host 1 trying to ping ASA5510 inside interface.  Again Host 1 and 2 have the same subnet address of 10.1.1.0/24.  I have configured the ASA 5505 to do the the NAT translations. 
 
[code]...

View 3 Replies View Related

Cisco :: ASA 5505 SSL VPN Log Failed

Aug 31, 2012

[code]....
 
Red error what is the reason? Only appears in the window 2003 server.

View 5 Replies View Related

Cisco VPN :: 5505 - Routing Failed To Locate Next Hop For TCP From Internet

Jul 2, 2012

We need to connect from an external computer connected by cisco-vpn-client to one internal server that is behind an ASA 5505 config with Easy VPN. The VPN connection with the client to our 5520 firewall is fine, but when I try to connect to the server on the LAN, FW log says:

Routing failed to locate next hop for TCP from Internet:172.17.1.215/1108 to Lan_Interna:172.33.0.50/3389 
Attached image.

View 22 Replies View Related

Cisco Security :: ASA 5505 Failed To Unzip AnyConnect Package

Nov 28, 2011

There is ASA 5505:
- 8.4(2) IOS
- FLASH: 128 Mb
- DRAM: 256 Mb
 
Requirements for 8.4(2) are acomplished: For the ASA 5505, only the Unlimited Hosts license and the Security Plus license with failover enabled require 512 MB; other licenses can use 256 MB.Are installed latest AnyConnect packeges for linux, some smatphones (each 4-5 MB). But for Windoes it's 21 MB and we got error "Failed to unzip the Anyconenct Package". In prior IOS version there was command cache-fs limit, by default it was 20 Mb. As i understand ASA now dinamically determines amount of cache memory and it's not enough. Because of the increased size of the AnyConnect package from 4MB in AnyConnect 2.5 to 21 MB in AnyConnect 3.0, you may need to upgrade the ASA flash and memory card first.If your ASA has only the default internal flash memory size or the default DRAM size (for cache memory) you could have problems storing and loading multiple AnyConnect client packages on the ASA. Even if you have enough space on the flash to hold the package files, the ASA could run out of cache memory when it unzips and loads the client images.So there is a question, after DRAM upgrade to 512 MB will be there enough cache memory for Anyconnect packeges with total size 35-40 Mb?

View 3 Replies View Related

Cisco VPN :: ASA 5505 / Regular Translation Creation Failed For Icmp

Mar 15, 2011

I have site-to-site VPN and IPsec VPN installed on ASA 5505. VPNs work OK except few stranges:I can't ping 192.168.17.104 from remote ip 192.168.17.138 - 305006 192.168.17.138 regular translation creation failed for icmp src OLD-Private:192.168.17.104 dst OLD-Private:192.168.17.138 (type 0, code 0) in the same time I able to ping 192.168.17.104 from my network 192.168.10.0 and can ping from ASA No firewall at 192.168.17.104?How to fix it?
 
There is my config:
 
ASA Version 8.2(2)
!hostname ASA5505domain-name domainenable password password  encryptedpasswd password  encryptednames!interface Vlan1 description INTERNET mac-address 0000.0000.0001 nameif WAN security-level 0 ip address a.a.a.a 255.255.255.248 standby a1.a1.a1.a1 ospf cost 10!interface Vlan2 description OLD-PRIVATE mac-address 0000.0000.0102 nameif OLD-Private security-level 100 ip address 192.168.17.2 255.255.255.0 standby 192.168.17.3 ospf cost 10!interface Vlan6 description MANAGEMENT mac-address 0000.0000.0106 nameif Management security-level 100 ip address 192.168.1.2 255.255.255.0 standby 192.168.1.3 ospf cost 10!interface Vlan100 description LAN Failover Interface!interface Ethernet0/0!interface Ethernet0/1 shutdown!interface Ethernet0/2 shutdown!interface Ethernet0/3 shutdown!interface Ethernet0/4 shutdown!interface

[code]....

View 10 Replies View Related

Cisco Firewall :: ASA 5505 / Failed To Locate Egress Interface For TCP From DMZ

Apr 9, 2013

I have ASA 5505, in routed mode, basic license.I run a web server in DMZ. I can reach Internet from DMZ. Also, the trafic from outside can reach the web server. However, if the web site is requested from within the DMZ, the request will fail, and the firewall log contains the following message:
 
Failed to locate egress interface for TCP from DMZ50: 30.30.30.10/49213 to 170.70.30.114/80 

I don't have DNS, so the request must go to Internet, even the web site is hosted on the server in DMZ.

Here is sample of my config file:

interface Vlan1
nameif inside
security-level 100
ip address 162.160.1.3 255.255.255.0
!
interface Vlan2

[code]....

What can be the reason for requests, originated in DMZ, to fail, and how could it be fixed?

View 1 Replies View Related

Cisco VPN :: ASA 5505 Error Copying X To Temporary RamFS File Failed

Nov 16, 2012

[OK] webvpn
webvpn
[ERROR] anyconnect image disk0:/anyconnect-win-3.0.08057-k9.pkg 2
copying 'disk0:/anyconnect-win-3.0.08057-k9.pkg' to a temporary ramfs file failed
 
Trying to add the windows anyconnect to the list of usable software for clients and that error happened. What is going wrong? I assume I dont have enough RAM...

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - Regular Translation Creation Failed For Protocol 47 SRC

Oct 10, 2011

We have a PIX with 3 interfaces. Inside, Outside,DMZ.
 
On my DMZ we have some clients that come in and remotely connect back to there office via MSPPTP. I setup the ASA with this to get rid of the error message: regular translation creation failed for protocol 47 src
   
policy-map global-policy
inspection_default
inspect pptp
 
Now when the dmz client tries to connect back to there PPTP server I get the following error.
 
172.31.10.204 0 24.172.85.162 37624 Teardown dynamic GRE translation from dmz:172.31.10.204/0 to outside:24.172.85.162/37624 duration 0:01:30
172.31.10.204 1069 173.188.74.155 1723 Deny TCP (no connection) from 172.31.10.204/1069 to 173.188.74.155/1723 flags PSH ACK  on interface dmz
172.31.10.204  173.188.74.155 63767 Teardown GRE connection 8393958 from dmz:172.31.10.204 to outside:173.188.74.155/63767 duration 0:01:08 bytes [ code]...

View 7 Replies View Related

Cisco :: Difference Between Anti-virus And IPS

Mar 10, 2012

If I have an updated Antivirus in my network, do you still recommend having IPS installed in my network?

View 1 Replies View Related

Cisco WAN :: Anti Spoofing With 3825

May 5, 2011

Is there any way  to configure 3825 to ensure that all packets have a source IP address  that matches the correct source interface (similar to ASA's 'ip verify reverse-path interface')? Currently, we manage anti spoofing with a bunch of ACLs, however I'm looking for a more manageable solution.

View 2 Replies View Related

Cisco Application :: ACE-4710-02-K9 - Checking ACE Bundle Through CLI

Jun 16, 2012

What is the command that can show the ACE Bundle (Like: ACE-4710-02-K9, ACE-4710-04-K9). We have ordered one ACE with 4G BW, and another one with 2G BW. But nothing shows this fact using "show hardware" and "show inventory" commands !

View 1 Replies View Related

Anti-Virus For SBS 2011?

Aug 24, 2012

AV for SBS 2011 that also works with Exchange 2010? I found Trend Micro Worry-Free Business Security Advanced 7, but unfortunately it doesn't seem to have a free trial.

View 5 Replies View Related

Checking The Access On Range Extender?

Apr 29, 2011

I have a Cisco Valet+ AP. I have added an Engenius Range extender, big house, (actually a B&B). The setup seems to have gone well (ranger extender linked to AP). Is there a way that I can verify that a PC in the big house away from the AP is actually connected to the Range Extender.

View 1 Replies View Related

Cisco :: LMS 3.2 Checking Compliance For Single Access List

Apr 29, 2012

how to check compliance for only one access list in cisco works.
 
Example:
 
I want to run a compliance template that only check access-list 13 to make sure it has the following and nothing else:
 
access-list 13 permit 1.1.1.1
access-list 13 permit 10.1.0.0 0.0.0.127
 
If something else is listed, then I'll deploy the template and it will remove any other entry besided the two above.
 
I have tried a Global config compliance on + access-list 13 permit 1.1.1.1 and it comes back and says it's not compliant and wants to remove everything else, which is every other access list.  I have tried submodes thinking that it could check under ip access-list standard 13, but that didn't work either.

View 6 Replies View Related

What Is The Function Of Anti Static Protection

Jul 26, 2011

what is the function of anti static protection

View 1 Replies View Related

Cisco Firewall :: How To Configure ASA 5510 CSC Anti X Edition

Dec 13, 2011

how to configure ASA 5510 anti X edition ? Can I have a link explaining the configuration step by step ?

View 2 Replies View Related

Cisco Firewall :: IS There Any Drawback To Enable Anti-spoofing In All PIX 535

May 30, 2011

We are runing PIX 535 with software version 8.02. In ASDM,  I see  anti-spoofing is diable in all interfaces. If I enable it, is there any negative effect? Can I enable it in DMZ, inside, and outside interfaces?

View 2 Replies View Related

Cisco Firewall :: ASA 5510 Anti-replay Window For VPN?

Aug 11, 2011

tell me the command to view current anti-reply window size in ASA 5510?

View 7 Replies View Related

Cisco Firewall :: PIX 525 Anti-Spoofing Attack Protection

Mar 19, 2011

I have multiple questions about the PIX 525 software version 8.0(2) ASDM 6.0 (2)I am a windows network admin that is new to Cisco and routing in general. I have read through the forums and the Cisco documentation, but have not been able to fully understand the topics discussed within.

1. Anti-Spoofing Attack Protection
2. Scanning Threat Detection - Auto Shun
3. NTP Sync Verification
4. QoS implementation5. IOS and ASDM Backup
 
This option is currently DISSABLED for all interfaces.I know what ip address spoofing is, but what is the functionality of these options specifically? How does it work and should I enable it and for which interfaces? Second Question: Scanning Threat Detection - Auto Shun
 
I found this option in ASDM under: Configuration --> Firewall --> Threat Detection.Enable Basic Threat Detection and Enable Scanning Threat Detection are both currently ENABLED, but Shun Hosts detected by scanning threat is currently DISABLED. Also, the Networks Excluded from Shun field is empty. I know what the shun command does. I have used it many times when I have been fortunate enough to catch some piece of **** trying to spam my mail server or gain access to it.
 
What I am asking specifically is how does the Auto Shun work? Should I enable it and what are the potential consequences? Also, what exactly is a scanning attack?
 
I am not familiar enough with the PIX and with the topics discussed in the document to successfully apply the info within. Plus, I'm not sure it covers the kind of basic, all-inclusive bandwith cap I would like to put in place.
 
The goal is to cap the maximum internet (outside) bandwidth that inside5 can use to a reasonable percentage while allowing the other interfaces to have the remainder.

How would I go about this implementation? 2. Is there a way to allow inside1 - inside4 to use max bandwidth when there is no traffic on inside5?
 
I am probably, at least, the third owner of this device and I do not have an account with Cisco nor can my tiny (perhaps non-exsistant given the current economic state) IT budget afford any form of support or software licensing with them.My goal is to backup the IOS and ASDM data in the event that I have to replace the device due to a hardware failure.
 
I found a file transfer function within ASDM which allowed my to copy the files pix802.bin, asdm-602.bin and tfp from flash to my desktop computer. I also have a copy of the activation key info and my current configuration.
 
1. Have I backed up all the data/info I would need to restore this software and ASDM to another unit.
2. The activation key screen also has a serial number field. Is this the hardware serial number or is it for the software? and is it tied to this device specifically or can I use it to restore another unit if necessary?
3. Is there anything else I should do or be aware of regarding backup and restore for the PIX?
4. What is the tfp file?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ISE 1.1.1 Windows NAC Client Posture Checking Loop

Jul 17, 2012

Just upgraded Cisco ISE to 1.1.1 in my lab/demo environment and am now having problems with a basic posture implementation. In short I connect to a wireless SSID and check posture based on the presence of a file. The NAC agent is declaring my host as compliant and granting full network access however about 5 seconds later it it checks for requirements again while placing my host in the temporary network access. At this point it states I am compliant again and 5 seconds later scans again. This behaivour does not stop and continues endlessly until I close the wireless connection. I had no problems with this setup on 1.1.All logs indicate successful compliance and no errors in terms of compliance.

View 33 Replies View Related

Cisco Switching/Routing :: ASR 1000 - Checking Link Quality

Mar 3, 2012

We have branches all over the country and we take different links like fiber (Ethernet) radio links etc. Now sometimes when we ping from branch WAN ip to its gateway or to the aggregation router (ASR 1000) in this case, we see some drops, but see no problem in actual HTTP or lotus communication.

What i want to know, that now a days, should we rely on ping results to determine link quality ? or should i use tools like iperf to basically see if the link is actually treating tcp and udp packets properly, I have heard this countless times that normally network devices like Cisco routers, even without any QOS, will give low priority to ping packets.

View 1 Replies View Related

Anti-virus For Virtual Dedicated Servers

Sep 5, 2011

I plan buy a virtual dedicated server, well as for anti-virus for it I am lost where to look for and what exist [what search]? any open source? url..is enough or needed additionally and other tools? Needed and software firewall to install?

View 5 Replies View Related

Routers / Switches :: When Checking Port Forwarding - It Says Not Open

May 23, 2012

When checking my port forwarding, it says that it is not open. Why?

View 6 Replies View Related

Routers / Switches :: Port Forwarded But Still Says Blocked On Checking Sites?

Apr 6, 2012

i have been trying to forward port 25565 for a server on a game called minecraft. I have a bt homehub 2 and i have followed everything on portforward.com and on several videos and still no luck. I have B.T net protect plus so I don't know if the firewall is blocking the port

View 1 Replies View Related

Cisco Firewall :: ASA5540 - Disabling Anti-Replay For Specific Tunnel

Sep 23, 2012

We need Solution for disabling Anti-Replay on the Firewall for a specific tunnel. ASA 8.4(2) ) does not support disabling Anti-Replay on specific Ipsec tunnel , is it true , then if we want to disable Anti-replay , what we have  to do in ASA5540 .

View 4 Replies View Related

Cisco Switching/Routing :: Checking Internet Speed Directly In The 1841 Router?

Nov 2, 2011

I want to know is it possible to check Internet speed directly in the cisco router thru any command or activating any service in the cisco router?.As it is seen most of the times internet speed offer by ISP is different as compared to clients.and Clients most oftenly not satisfied with internet speed The problem is that our ISP has given us 100MB leaased line.But when we deployed in production network the speed is same as DSL.We have reported this issue to ISP they then carried out Iperf test by connecting laptop directly with the ISP router.They have tested the speed and it shows  about 94-96 Mbps and argu that it is up to the mark and there is problem at your side(i.e our internal network).Now our internal network has cisco 1841 router connected directly to ISP 3825 cisco router.Our router has minimum configuration as required to pass traffic out and in.Our internal 1841 router is connected to switch to which different clients are connected.We have performed some online tests using different speed checking websites and also perform real time tests by uploading and downloading files.The speed is much low as compared to 100Mbps and it is nearly or slightly higher then as DSL connection. how can we check internet speed in the specified scenario?Is there any command or service available in cisco router to check internet speed as we want to check ISP connection speed directly thru 1841 router?what about authenticity of online speed checking websites?Any specialize software/tool you recommend to check Internet speed in specified scenario?

View 11 Replies View Related

Cisco Switching/Routing :: WS-C3560G-24PS - Checking Utilization And / Or Performance On Switch

Apr 23, 2012

I have a WS-C3560G-24PS service as a distribution switch with six (6) WS-C2950T-24 connected to it. In looking at the utilization on the inter connect links no one is running close to a gig speed and this includes the link between this switch and the core. The CPU load (6%) and memory utilization (30%) on the switch  do not seem bad so what else does one watch to see if it needs an upgrade? 
 
We are starting tohave discussions about any needed upgrades on the network. I have an ocassional user that complaines about low performance but looking through the network I can find nothing glaring on a consistent basis that says an upgrade is warranted. I am however looking at things such as the above. Utilization on links, CPU, memory, etc.

View 2 Replies View Related

Wireless :: Want To Reply To Craigslist Ads

Oct 13, 2011

Reply to craigslist with windows outlook

View 1 Replies View Related

Can't Reply To Emails When Using Firefox

Jun 8, 2012

I can't reply to emails when I use Firefox. When I try the page locks up. Replying to emails with Safari or Entourage is not a problem.

View 1 Replies View Related

Linksys Wireless Router :: E1200 Changing Out Ethernet Cables / Checking Connections

Apr 25, 2012

ISP : Charter Communications
Modem : Motorola SURFboard SB6121
Router : Linksys E1200
 
I started out installed on the CD and then I kept getting messages about not being set up and finally it kicked me out. So I started out with the basics, changing out ethernet cables and checking connections. I then tried cycling the modem, router, computer and still no go. As soon as I plug the modem straight back into the computer it kicks back on. So then I tried some other trouble shooting ideas on the forums with the last being MAC address clone, save changes, release renew IP, and finally another round of cycling and I still can't get it to work.

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved