I have a problem with a branch office setup, and I can't for the life of me think of what the problem is.I have a remote office setup, using an ASA 5505 that is set up to establish an easy vpn connection to the central network. The connection at the branch office is a 20/5 cable modem, the central network has a 25/25 fiber connection.
The issue I have is this. Wired clients work fine at this branch office, at least 95% of the time. I have a lightweight AP there that can come up and join the controllers at the central network, no problem. I haven't done anything with H-REAP because there are really no resources locally they need that would allow them to do their work, so all traffic is tunneled back to the WLC.
Wireless clients can authenticate to the AP, and I can get 15-20ms ping responses from them all day. Latency never comes close to the 600ms proposed limit with CAPWAP. Yet, for some reason the performance of the clients is problematic. Webpages will frequently not load correctly, they experience some freezing, and with one application we use - it refuses to load completely.If we bring these same computers to an AP connected to our central network, on the same SSID, they work flawlessly.
Something about this particular location is causing a lot of grief for our users.For what it's worth, we are running WCS 7.0.230.0 and the WLCs are on 7.0.116.0. The ASA is running a pretty basic configuration, pretty much out of the box with the easy vpn configuration entered.
I'd like to connect through a VPN the HQ office to a Branch using two ASAs.I have a 5520 in the HQ and 5505 in the Branch Office.My problem is in the Branch office where I have a dynamic IP (ADSL).
I couldn't find a example this kind of configuration.
I have got two 1841 and one 881 cisco router. I can keep any one of this router at HO and remaining at branch office. I have got a static internet IP at HO but dynamic IP at branch office. I want to setup a VPN to connect to HO from branch office through router. The branch connects through a private IP for internet purpose. Which VPN is the most secure and best for this purpose.
I am trying to configure access to several remote offices for users who VPN into our main datacenter. The datacenter has a 5520, and the branches are connected through IPSec L2L VPNs. Branches all have 5505 or 5510's. Remote users use IPSec via the Cisco remote Client. Remote access into our data center works, and the L2L VPNs are perfect...just now that i need remote users to access the branches after Remote access VPNing (for support) i cant get that part to work.
I am trying to set our VPN connection to route to our branch office from a VPN Client. So far I did not succeed and at this point I am stuck.At our office we have a VPN Server which enables VPN Clients to connect to our main office with an IP Range of 192.168.104.0 with subnet 255.255.248.0 and a branch office with a IP Range of 192.168.25.0 and a subnet 255.255.255.0Internally on the LAN the routing is done by our firewall, which acts as DHCP and Default gateway. It connects the 2 LANs by a leased line.When I ping an IP address in our branch office from our main office I get a reply.
Now when a VPN client connects it gets a IP Address in the range of the main office from our firewall and the client can connect to all computers in the main office network. However if i try to connect to a computer in the branch office it does not work.I tried a static route in the Routing and remote access Server (which is Windows Server 2003 R2) and I tried adding a static route to the DHCP settings on the firewall. In both cases it does not connect from the VPN Client to the branch office.Searching the internet, since the examples are all based on a setup with a RAS Server on both networks. The LANs are already "integrated"/"physicly connected" trough the routing on our firewall and its leased line.
I also tried settings on the VPN Clients machine. Settings like "Use gateway in remote network" on or off and tried adding static routes. This did not work, since the Default gateway I must use is not on the same range as the home network and returned an error trying that.What I noticed is that the VPN Client gets a route which uses the VPN CLient IP as default gateway. Makign a static route like that will work (I think), but since the IP addresses for the VPN clients are obtained through DHCP and can vary each time, there is no way (i think) to automate adding a route with, for example, a batchfile that I could give to the employees connecting trough VPN because of the variable IP.
We have AT&T Managed MPLS service are our datacenter and our branch office locations. AT&T has provided the routers and simply give us an ethernet connection. We also have ethernet connectivity to the internet through our datacenter...with our network being protected by an ASA 5520.Each branch location has a 29xx series router (voice gateway) and switching gear attached to their AT&T MPLS router. Some of our branches also have 3rd party cable internet service with an ASA 5505 to protect it from the internet. What I'd like to do is better utilize this cable modem/ASA5505 setup. Right now, if there were an outage, I would be connecting manually to the remote location to change static routes to point to the cable link and to configure a VPN tunnel between the remote and our DC.
I've followed Watchguard's instructions for configuring a Branch Office VPN connection, and I'm unable to connect. I have configured the Watchguard gateway to accept remote-to-local connections and put in the Watchguard's public IP address as the local connection, and the WRVS4400n's public IP as remote.The Linksys has the local VPN group configured as 192.168.0.0./24 and the remote gateway as the Watchguard's public IP Address.When I connect it remains "down" and I"m receiving errors saying it could not authenticate. I have the passphrase the same on both sides with 3DES and SHA1 configured.Does the WRVS4400n support this type of VPN configuration or am I wasting effort?
I am preparing to move two branch offices from a point to point T1 connection to Century Link Metro Ethernet.Currently my branch locations connect to my HQ 7204 router via a channelized DS3. I have a 4507R at HQ that I will connect the ME circuit to.We will also be moving our Internet connection on the ME circuit.Our service provider Clink will hand me a single Ethernet handoff for the Internet and branch office connections. For the first phase I will connect one branch office using ME. Once that is in place and tested we will move another office and so on. Then our final step is to move our web connection to the ME circuit.Each branch office has their own unique voice and data subnet. They each have a 2801 router and a 3560 switch. The routers are MGCP gateways with only one PSTN connection, a POTs 911 line on a FXO port.
So my questions are;
1 - Should I connect the ME directly in to the 3560 at the branch offices or use the Fa0/1 on the 2801? Fa0/0 is currently connected to the 3560.
2 - On my 4507R at HQ how will I configure the ME switch port? As a dot1q trunk port?
3 - Given that ME is basically a LAN connection will I have to re IP the branch office? HQ is 10.10.1.x/24. Branch is 10.10.166.x/24 (data) 192.168.166.x/24 (voice).
4 - On the 4507R will I need to configure a vlan interface for each branch subnet?
I attached two network diagrams. One represents our current topology (MEexisting) and the second represents the new ME circuit changes (MEprojected).
I have to setup what seems to be a very basic configuration, but it doesn't work. In our lab there is a cluster of switches with a 3550 that does all the routing for vlans. I need to simulate a sort of a small branch office that has one connection to the outside world (the lab network). [code] From the router I can ping any host on vlan 230 and other vlans,I can also ping the pc connected to e0/1.However from the PC I can only ping 192.168.1.1(e0/1) and 172.26.230.150 (e0/0) [code]
I have been told to connect our branch offices over outdoor point-to-point wireless CPE. The wireless brand is Orthogon. The Main office got cisco 4507 L3 switch where all building switches terminate. DHCP,DNS and all application are hosted in main office. The branch office got ONE 24 port POE Switch cisco 2960 where all users will be connected, On Port 0/24 of 2960 switch at branch will terminate the outdoor Wireless and other end will be terminated on 4/15 of 4507 at main office? what command I need at both interface where Wireless is terminated.when we connect floor switches to 4507 we got these commands on access switches
We have used two Cisco RVS4000 to create the IPSec VPN between the main office and the branch office. The main office has SBS 2008. There is a Windows Server 2008 as the domain controller in the branch office. One branch office user has a laptop which is not in the domain, but his exchange account is set up in the Outlook. When he connects the laptop to the branch office network, he cannot connect to the exchange server and get the emails. Is there any configuration to set up in the router, server or Outlook?
What are my best options to secure branch office connection to HQ over Provider MPLS cloud. Our existing Setup
<<HeadQuarter>> :: DataCenter hosting Email, ERP, Intranet, Voice Services 10mb link to Service Provider over MPLS CloudMPLS is terminated on a 3825 Router running advance Services
<<BrancOffice>>::Total 10 In Country Branch Offices2mb Link to Service Provider over MPLS CloudTotal users in each branch : 20 MPLS is terminated on a 2811 Router running advance Services
Our Headquarter (asa 5510) is running a site to site vpn connection with a Branch office (router 2811). All remote users are accesing the internet through the VPN and also accesing headquarter file servers.I want to know if there is a way for some remote users to be able to use the vpn for accesing the file servers but to access the internet through the branch office. The rest of the remote users will be still accessing the internet through VPN.
setting up MPLS on a single T3 line. A client has contacted us to set up a 2951 at a branch location. There are 5 locations connected with MPLS.They will split off 4meg of the T3 for mpls. The rest of the 45meg would go to the internet.They have two 1841's currently set up with a T1 line in each. One 1841 connects to the MPLS and the other to the internet.When the T3 is turned up by the provider, everything, internet and MPLS, will go through it. I asked for the current configurations, but I have not received them yet and this setup is due in a couple days.Given I've never configured MPLS before and I have a rudimentary understanding of how it works, any tips or configurations? I'd hate to be stuck on site and not equipped to complete the job.
I have HQ side with ASA 5520 (8.4) & Branch Side with ASA 5505 Design
VPN LAN<------->ASA5520(8.4)----->Thomson Business TG628s----->Internet<--->ADSL Modem------>ASA5505(8.2)
Now on both modems UDP 500 & TCP/UDP 4500 ports are enabled I can ping from internal LAN of HQ to internal LAN of branch but I cant ping from internal LAN of branch to internal LAN of HQ
HQ ASA 5520 Side ASA Version 8.4(3) host name aljoaib-fw01 [ code].... Branch side ASA 5505 ASA Version 8.2(5) host name GTC- DMM- FIREWALL domain-name ALJOAIB.COM enable password 7pgp93AEPfHtDc5N encrypted [Code]....
I have a Any Connect setup and able to VPN into my office.i bought a ASA5505-SW-UL that is unlimited user (UL) software license but now the vendor tells me that: From the ASA you can saw the unlimited license is for inside hosts, instead VPN client's, by default, ASA 5505 included only 2 VPN client's and can supported up to 25 VPN client's, your license look only default 2 VPN client's. If need more VPN client's connect, you have to purchase the additional VPN client's license. I am just wondering his statement TRUE/FALSE, because i thought ASA5505-SW-UL means unlimited license
I was into IBM iSeries all these years (15 years) and just got into Microsoft Programming(.NET) I have done a program in csharp.net which gets input from the users and dump it into a database. 50 users are going to do the data entry with just one database. As I dont have much knowledge on sharing/accessing applications/database in a network environment (PC based).
I have been tasked with the technology update of our office and have have MAJOR questions which I hope can be answered here, so here goes;
First a little history, I have an electronics degree and a certificate in computer technology, so computers are not something new to me, however networking IS.I have a VERY LIMITED budget to work with, which I'm sure is not unheard of before, with the following equipment already available:
1 MFP currently on lease connected via network 3 totally junk PCs running 3 different versions of Windows from XP to 7 A DSL internet connection A wireless router A wired 8 port switch
What I would like to do is begin with a basic server, 7 clients, shared internet on all machines (including external via login), An MFP, at least 1 NAS for data storage, 1 NAS for backup of all drives.
I have recently managed to configure a setup where I have 2 srp527's one at office one at home.Have 1 fixed IP at the office and 1 fixed ip at home.I have configured the srp at work to be a vpn server and have configured the group and 2 user profiles. This allows me to have 2 concurrent sessions over the vpn to my office from desktop and laptop at the same time. Connections fire up perfectly no problems.From the desktop, I connect using vpn client with user profile 1 Once connected, I then connect to my workstation machine at the office using remote desktop.This gets me super fast access to office files and large spreadsheets without downloading the whole file over the vpn and is working perfectly.
If I then additionally connect from the laptop using the vpn client with user profile 2 the remote desktop connection drops.Disconnect the laptop connection, remote desktop comes back.Have isolated this to being 2 connections arriving at the srp at the office from the same external ip. If I connect my laptop to my phone as a hotspot rather than using my home LAN, both connections are made and remote desktop has no interruptions. Is there a way I can overcome this through re-configuration of the srp at the office or is this a limitation with the srp?
I have finally got my office extend AP to connect to my companies 5508 controller by enabling NAT on the management interface and can see all the cooperate SSID's. However when I try to connect to the SSID my client either gets a local IP address from my home router or then cannot get any IP address.
I just joined this company and they already ad a VPN to one of their partners that provides them access to some resources. We have now added a 2nd location but the partner wouldnt allow a 2nd VPN tunnel so the decision was made to give the new location a ASA5505 to tunnel thru the main office to access the resources at the partners site.Using ASDM i believe i was able to setup the tunnel to the main office but there is no resource there to use. Now i'm stuck and i do not know what to do to get to the partner site
What are the best network engineering practises for a small/medium sized office?Currently I have set it up like this:The top floor has all the sales people, each desk has a hub underneath which connects all computers at that desk together, and the hum is connected to a switch under the floor. There are about about 8 desks each with about 4 computers, so 8 hubs.They all go into a 10/100 switch, which is then connected to an 1gb switch on the bottom floor via a 1gb port on the top floor switch, via a cat6 cable.We then have internet > modem > router > the 1gb switch. Our main server is also connected to that switch along with all the computers for the ground floor, except these computers have 1gb switches under the desks instead of hubs. The main server is the DHCP, DC, DNS and file server. We have also setup another server which acts as a backup DC and is also a DNS server.Is there anything wrong with this configuration? We have been having problems with the router losing connection to the internet and warnings on the main DNS server.
I presently have a fiber internet connection to my office with about 40 wireless users on a single AP. The connection keeps dropping. Probably due to too many users on a single AP?
1. My question is similar to aniketchitale's, can get another wireless router, create a different SSID (eg. router1 and router2), but both wireless routers still connected to the same fiber connection. In other words, I would like to segregate the first 20 users to router 1 and the next 20 users to router 2.
2. By having 2 wireless routers each with their unique SSID, will all the users still be able to access to the same printer in the office?
I have 3 AIR-CAP3502I-E-K9 AP’s on my network now. Its connected directly to a cisco L3 switch now. and through a WAN link it communicates to a cisco 5505 WLC at remote head office (flexconnect).I want to install a low end WLC on my office, so that incase of the WLC fails at head office, still the clients on my end able to connect to the AP .So which of the following models are support for the AIR-CAP3502I-E-K9 APs ? and can that’s WLC talk with the other one at head office(WLC 5505) ?
We have a ASA 5505 setup with VPN and using Cisco client 5.0. The VPN works without a problem if we use normal internet access (from home, motel, etc). However if we use a cellular wi-fi hotspot or tether a phone it will connect to the vpn but will not allow us to get on the office network
I setup RV042s at a clients offices for the VPN support and am now finding that multiple sip clients behind the router does not work. I found a thread on tech and it looks like there's a case open for the issue. url... How to get this working other than assigning IPs for the phones and dealing with different ports.
We're looking at deploying both office extend and also a guest wlan. Both would require a WLC in the DMZ.My question is can one 5508 WLC be both a guest anchor and have office extend APs on it at the same time?
XYZ Corporation currently employs eight people but plans to hire 10 more in the next four months. Users will work on multiple projects, and only those users assigned to a project should have access to the project files. You’re instructed to set up the network to make it easy to manage and back up. Would you choose a peer-to-peer network, a server-based network, or a combination of both?
I bought 2 RV180 to setup a VPN tunnel between a remote site and central office.The VPN tunnel is established, I can ping from central office to remote site but browsing on that server fails. [code]
Seems the routing is not really working through the VPN Tunnel.
i'm trying to setup a local DNS server to manage small office local-only domain names for our servers. i have the DNS working properly (resolving local machines and using the ISP dns if it can't). so i put the DNS server ip into the "Static DNS 1" field of the router settings. the other 2 static dns fields are empty.the problem is that the router is still using the ISP dns server as the primary and my local dns server as the secondary. i verify this in two places. first, if i go to the "status" tab, DNS 1 shows the ISP server while DNS 2 shows my local DNS server. secondly, if i connect to the wireless device with a linux-based machine, the /etc/resolv.conf file shows the nameserver ips in the same incorrect order.
To set up AnyConnect on my ASA5505? I have my VPN access working properly through the Cisco client however I want to be able to use the clientless program as well that is available.
I want to setup a quick and simple VPN server on my ASA. I want to do local authentication and, once authenticated, I want to allow all internal access. I only have 1 WAN IP. I'm finding a ton of conflicting info online. The ASA is already setup and is operational. I just need the correct commands to setup the VPN.
