I am supporting a small cluster of AP541N WAPs and would like to know if there is an easy way to manually disconnect an associated client (recognized by MAC address) from the Associated Clients screen in the Access Point Configuration Utility Status view. That type of feature might come in handy with unruly bandwidth hogs down the road.
View 0 Replies
Just setup a Cisco 2821 acting as the easy vpn server. All good, however, the easy vpn client, say for example doing a speedtest, is REALLY slow.
For example, both the client and server have 100M / 5M connections and doing some local speed tests thru the isp, on the client side we are seeing 4M/2M? We have very few vpn clients right now, so I can't see the Cisco 2821 being overloaded.
I have tried messing with the mtu, adjust-mss settings on the wan port on the 2821, but, no real changes?
Is it possible to de-auth a client, and then make sure they have to enter the passphrase if they want to connect again?
I just cant seem to find this option anywhere in my routers configuration page.
I have access to network 10.3.1.0 /24 but I am not able to access 10.3.2.0/24 and other networks behind the Easy VPN server.I am using a software client to connect to the server.I have configured split tunnel to the network 10.3.0.0 /16 and it shows up in the route details too. I can ping 10.3.1.0 network but not 10.3.2.0 and so on.The Easy VPN server is configured on Cisco 861 with VPN module. [code]
View 6 Replies View RelatedIs it possible with ASAVPNSERVER 5520 and an EasyVPN 5505 Client to have the client do split tunnel to a single public IP address? Both devices are on 8.2(5) 33. Could you possible provide sample config for split tunnel?
View 1 Replies View RelatedI was looking for a way the manually re-authenticate dot1x client from cli and found this: [URL]
"You manually reauthenticate the client by entering the dot1x reauthenticate interface interface-id privileged EXEC command"
I've tried it 2960 with 12.2(58)SE and 15.0(2)SE, but it doesn't seems to be implemented. Have I missunderstood something? Or do you guys have any other command to accomplish a manually re-auth?
I'm currently using DynDNS for my Dynamic DNS Provider with the RVS4000, but I'm looking at upgrading to the RV180 and switching my Dynamic DNS provider over to DNS Made Easy since I can get all my DNS hosting under one roof. Does the RV180 support DNS Made Easy in its Dynamic DNS client? If not, could it be added in a firmware update?
View 3 Replies View RelatedI currently have two 541N access-points slightly overlapping eaching other and my clients appear to connect to the further AP most often. They are setup in a cluster, but that appears to just provide configuration synchronization. Short of purchasing a wireless controller which would appear to be overkill, is there any way to manage client connections between the two AP's?
View 4 Replies View RelatedInstalled 4 AP541N units in a client site and they've now come back with reports of issues with the setup. I went out there today to take a look and the issue is primarily that randomly during the day, clients will loose access to DHCP. The client authenticates fine (we see success logs in the Windows 2008 RADIUS event logs) but doesn't manage to get an ip address.To sum up the things with the current setup:
- Running version 2.0 Code on the AP541N's.
- Using Windows 2008 for NPS (RADIUS) and DHCP.
- Cisco Catalyst Switching in the back end.
Things tend to work fine in the morning. It's as the site hits midday that we start seeing issues.In looking at the issue I've come across a number of posts in regards to issues with DHCP and these units. One item that was suggested to switch off Mutlicast / Broadcast limiting on the Advanced Settings. What's weird with this is that if I do disable this option, RADIUS authentication stops working entirely. Switch limiting back on and RADIUS works again. I've confirmed this with Network Monitor running on the RADIUS Server.
We have an AP541N that has been deployed to replace a Cisco 1200 AP (B/G radio). The 1200 functioned perfectly in our environment. The new AP541N on the other hand seems to work fine right after a reboot but immediately starts to degrade service. Over a short period of time, the devices bandwidth degrades to the point were the wireless network is not usable. This happens with just one device connected. Eventually, the device stops accepting client connections. We are unable to get any relevant logging out of the device to diagnose the problem.
View 84 Replies View RelatedWith the advent of all these consumption devices; smart phones, tablets, net books, gaming systems, laptops etc... I keep seeing recurring themes at a bunch of locations.I've recently been in 3 locations where once a certain number of clients access a wireless router (not bridged, not strictly AP) another client gets disconnected from the network. This seems to be happening more and more.
View 1 Replies View RelatedA user with Easy VPN client connects to a 876 ISR (router A). This router also has a site-to-site VPN to another 876 ISR (router B). What I want to achieve is that the user dials in to router A and can access the network on the remote end of the site-to-site tunnel (router B) In diagram:
user (192.168.18.x) - Easy VPN - Router A (192.168.16.x) - sitetosite - Router B (192.168.17.x)
I have added routes in router B to the 192.168.18.x network with router A as next hop, but I can't reach the other segment.
We a remote user set up with a Cisco 877W that connects into a ASA5510 using EasyVPN (remote user has dynamic external IP)
The home setup also has a physical Cisco VOIP phone that connects into a Call Manager Express system over the VPN. The home user cannot hear the other end properly and voice is breaking up when using office apps on the VPN link at the same time (Outlook etc),
We continue to hear his voice OK when he is having these problems hearing us, so I guess the upload of voice from the 877 is fine and not struggling with congestion, so I have not put Qos Policies on the 877 as I guess it can only control what it is sending out and this is already working OK. Therefore its the 877 downloading from the ASA that seems to be the issue, voice is not getting prioritised when other traffic is getting sent down the same vpn link.
I have set up the following QoS policy on the ASA for this link so Voice traffic is prioritized, but the issue still occurs so I guess it doesn't work,
class-map HomeUser match dscp ef match tunnel-group ezvpngroup
policy-map VPNQOS class HomeUser priority
service-policy VPNQOS interface OUTSIDE
I have a 857 (124-4.T12). And would like to setup an Easy VPN server. I can run through the wizard in CCP, but it does not work from the VPN client. It does not complete the first stage of comm. All I have done is run the wizard and create a user. I'm fairly happy with Cisco routers, but the VPN part is new to me. I've read the walk through document on the Cisco site. I created it on a new local loop back.
The first time I run the wizard and click test it tells me none of the cyrpto interfaces are up. Are there some prerequisite I'm missing?
I have configured an easy vpn server in cisco 1905 ISR using ccp.The router was already configured with zone based firewall. But when i try to connect my office using vpn client i can reach only upto the internal interface of the router but can't access the LAN of my company.Do i need to change any configuration in ZBF since it is configured as 'deny any' from outside to inside ? If then what all protocols do i need to match ? Also is there any NAT exemption for the VPN clients?
For reference please see my full configuration:
Router#sh run
Building configuration...
Current configuration : 8150 bytes
!
! Last configuration change at 05:40:32 UTC Wed Jul 4 2012 by
[code].....
I have a new ASA5505 which I want to use for Remote Easy VPN. The device connects to the remote ends but I am not able to ping the remote network. The interface is new to me and I am not sure where to add the routes. The local network is 192.168.66.0/24. The remote network is 192.168.4.0/24
I am trying to connect the Remote (conf) to the Corporate (conf). I have done this many times but now the new ADSM interface is confusing. I added the commands as you indicated with no success. The ASA gave me an error when I had added nat (inside) 0 access-list nonat. I wouldn't allow me to enable the EasyVPN option while this command was on the configuration. Here are the cry isa and cry ipsec isa files as requested.
I'm setting up a small office network and the best way to do it,I have three pcs , I want to use one as the main data base/ server with all the main data to be stored on, I'm also installing a small data base software called lotus for everyone to access to update when needed, I'm just wondering what would be the best way to link all three pc's together as a network , this is something I've not done before, i have plenty of expirence with computers but I've never set up a network.
View 3 Replies View RelatedI have set up two ASA 5505's (lets call them ASA1 and ASA2) with site to site VPN configuration and i've encountered two problems with my setup.ASA1 has IP 192.168.1.254 on the inside interface and is connects ASA2. It's also an Easy VPN Server for external users to connect through Easy VPN Client.ASA2 has IP 192.168.11.1 on the inside interface and connects to ASA1 Problem #1 None of the ASA's can ping eachothers inside LAN IP address. Computers behind the ASA's are unable to ping the remote ASA's inside IP address. My guess is that this has to do with either NAT or built in security.Problem #2. The Easy VPN clients which connects to ASA1 are unable to access the LAN behind ASA2.
View 3 Replies View RelatedWe recently installed a 2911 sec router.On this device there are three Ipsec GRE Tunnnels which are working fine and an Easy VPN Server.The problem is that when clients connect to the easy vpn server they cannot ping anything inside , the configuration regarding protected networks is fine.After restarting the router the first client conneced works but when disconnected all the others are authenticating and the cant see anythining in the internal network . By checking the routing table i realized that the route to the virtual access interface is missing for no reason. i used the #debug ip routing detail command and i got the following during the client connection
Mar 31 09:51:37.875: RT: interface Virtual-Access5 removed from routing tableMar 31 09:51:37.875: RT: delete route to 192.168.20.9 via 79.xxx.xxx.xxx, Virtual-Access5
why is this route getting deleted?
I'm looking to use 861s at few remote sites connecting to a 881 in the main office using Easy VPN. If I was to get 2 ISPs at the main office, can I configure it in a way that if the primary WAN failsover to the secondary, the VPN tunnels from remote sites will also failover?
Would you recommend an ASA 5505 at main office over the 811?
is there a easy to install SSL certificate on ASA, rather than enroll with a public CA? ASDM has a place to import certificates. Can I just upload a SSL certificate I got from my CA to ASA, withou setup CA enrollment? And if yes, how can I generate a SSL certificate request from my ASA 8.2?
View 2 Replies View RelatedPreviously, I was able to configure our Easy VPN Server with local authentication.But now, I am trying to use LDAP authentication to match with our policies.
My router is a Cisco1941/K9.
Current configuration : 5128 bytes!! Last configuration change at 13:25:16 UTC Tue Aug 28 2012 by admin! NVRAM config last updated at 05:03:14 UTC Mon Aug 27 2012 by admin! NVRAM config last updated at 05:03:14 UTC Mon Aug 27 2012 by adminversion 15.2service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Router!boot-start-markerboot-end-marker!!!aaa new-model!!aaa group server ldap ASIA-LDAPserver server1.domain.net!aaa authentication login ciscocp_vpn_xauth_ml_1 localaaa authentication login ASIA-LDAP-AUTHE group ldap group ASIA-LDAPaaa authorization network VPN_Cisco localaaa authorization network ASIA-LDAP-AUTHO group ldap group ASIA-LDAP!!!!!aaa session-id common!!no ipv6 cef!!!!!ip domain name domain.netip cef!multilink bundle-name authenticated!crypto pki token default removal timeout 0!crypto pki trustpoint
[code]....
I've got the following problem using my DLink DSL-2740B with the latest firmware:On all my devices (Notebook, Netbook, iPhone, Set top Box, TV...) I need to manually set the IP of my internet providers DNS server or else, URL's can't be resolved. I'm pretty sure that the Router/Gateway is set up correctly as the status page of the router does show both the primary and secondary DNS servers IP addresses. Both have been automatically detected by the router.On my different devices, if I leave the DNS IP to be automatically detected, they will use the Routers IP as their DNS server IP (e.g. 192.168.1.1), which is the way it should be I'd think. However, trying to access (in browser or through ping or whatever) any URL, it just won't work. I need to manually enter the DNS's IP in the device.
View 1 Replies View RelatedAfter cleaning the PC from malware part of the settings in "Network connections" does not work. In auto mode everything is OK IP address is set and internet connection runs fine. When I tried to set it up manually - "right click" or "double click" on the connection, the PC stucks without message until "Ctr-Alt-Del". I know that reinstalling Windows will work, but I'm looking for easier way.
View 1 Replies View RelatedPB c3 easy notes wireless wont turn on wireless adaptar and drivers updated
View 2 Replies View RelatedI have an access point 1310. I want to add to the WLC as an access point. It have been configured with IP address correctly and the radio interface is up. I need to add it to the WLC as CAPWAP.
View 5 Replies View RelatedWe have a Cisco 2921 router at the head office (Easy VPN Server) and been deploying Cisco 887VA (EasyVPN remote - Network Extension) for remote offices using EasyVPN. We are allowing Voice and Data traffic over VPN. Everything has been working great until this issue was discovered today:
When a remote user behind Cisco 887VA calls another remote user also behind Cisco 887VA, the call connects and Avaya IP phone rings but no voice in either direction.
Calls to/from head office and external mobiles/landlines are fine. Only calls between two remote sites are affected. As there is no need for DATA connection between Remote office, our only concern is Voice support.
I think "hair-pinning" of traffic over VPN interface is needed. (Examples configs etc).
I'm am wanting to know how to configure Easy VPN server with downloadable ACLs on a cisco router 2811.
Indeed, I would like to set up a remote access vpn that uses radius for authentication of VPN clients. The radius server is connected to an Active Directory server that contains the log in / password. I would like to on the basis of the user who connects to the VPN, the ACL that define the services or servers to which this user can access is automatically applied on the router and define the rights of the users.
getting internet access via a easy vpn tunnel on a cisco 877 router. Basically we would like roaming users to be able to use the internet via the vpn rather than using a split tunnel. The reason for this is we have multiple sites that are tied down via external IP access lists for some services. We would like roaming users to be able to interact with these sites through the central router and use the routers external IP address to acess the secured sites. I know we can use a proxy but we also use some other non proxy bases services at these sites so would rather direct routed access.
View 1 Replies View RelatedJust moved out for the first time, I have a modem but it came with a very short cable. That doesn't work. So I wanna know a couple things:
- What's the best to by, and what's safer: cable or wireless router?
- Is it easy to set up a wireless router with my original modem? I have a MacBook Pro early 2012 version.
- What type of router would you recommend for me? I live in a one room apartment, I'm the only one who will be using it, use internet for work, social networks, email, school, youtube...not big stuff.
I connect to internet with lan and PPPOE . and the Idea is to have the internet as Wireless .As far as I try I could not use this PPPOE in my modem to connect directly it to internet and use its wireless internet .that's why I try to connect to internet with my computer then share my connection But the problem is I cannot share the internet on the wireless even I tray ICS .I dont now may be because of subnet of my PPPOE(255.255.255.255 ) Or something else .
[code]...
I recently bought a WRT120N Cisco router off of eBay. The seller, sadly, did not have the WiFi password or online interface username and password. I figured: 'Hey, no big deal, I'll just reset it.' I tried multiple times to no avail.I found out that is was a software issue. I looked up how to update the software, and what do you know? The only way I found to update the software was through the online interface.So, basically,I can't log into my router, can't reset it, and to do so, I need to access the interface which I can't do. How to possibly manually update the software of the router without the interface?
View 1 Replies View RelatedI have problem in recently installed LMS 4.1 Device discovery will not start when launched manually. When i hit the button, it doesn't even give a popup window saying that the discovery is started and that email will be sent... If I schedule it is launched, runs and finishes correctly. All proceses are started and it seems that application is working ok. LMS is installed on Win 2008 R2.
View 1 Replies View Related
