Cisco Firewall :: 5060 Microsoft Office Communicator 2007 TCP UDP Ports Remote Users

Mar 11, 2012

We have a Cisco secure VPN site to site tunnel between the 2 locations.Which ports are need to open on tunnel so that users can successfully use OCS over the site to site VPN tunnel.All the users are havning the main brach AD account.Using Wireshark captured the packets, found only port TCP 5060, after allowing this port over tunnel I can see the authentication window.The user authentication fails. Already port 3389, 80, 443 are allowed.The main requirement is to only have the Chat, Group Chat and file transfer. Not require AV traffic.OCS is using TCP. no TLS is configured.

View 1 Replies


ADVERTISEMENT

Cisco Firewall :: 65535 Make Video Conference Call Through Microsoft Office Communicator

Oct 19, 2010

my client wants to make videoconference call thorugh Microsoft Office Communicator, this should be operating between host from one site to another one, but we already configured some rules in the firewalls, and making some test I see that the videoconference use dynamic ports (1024 to 65535) and if we let to operate the videoconference we should remove all the rules in the firewall and that's not the point.

View 6 Replies View Related

Cisco Firewall :: Allow SIP On Multiple Ports Not Only 5060 (ASA 5505)

May 14, 2012

We've read everything about inspecting SIP packets and allowing them to pass through on port 5060, the default SIP port. However, our setup requires the ASA 5505 to allow SIP on ports 5060, 5160 and 5260.
 
Is this possible with the ASA 5505? If it's not, it would be a blocking issue for us to move forward with ASA appliances. We are currently investigating in a lab environment and really having difficulties configuring it to facilitate full SIP functionality.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 With 8.0.2 - Exchange 2007 Outlook Anywhere / OWA Users

Aug 15, 2011

We have a ASA 5510 which was running 8.0.2, we recently upgraded it to 8.2.5 and since the upgrade remote users for exchange 2007 are not able to download any large email attachments(over or close to 1MB). This is only happening to Outlook anywhere users or OWA users who are connecting to the exchange server using https(443) externally. If the same users connects internally they do not face any issue. When i check the logs on ASA i am gettings lots of RESET-O and RESET-I entries. Looks like the connection between the client and the server gets reset.

View 14 Replies View Related

Cisco VPN :: ASA 5510 - AnyConnect Users Cannot Access Remote Office Over Site-to-site

Jul 15, 2012

we have two ASA 5510s one in 8.4(4) and one in 8.2(5) in a site-to-site VPN setup. All internal traffic is working smoothly.Site/Subnet A: 192.160.0.0 - local (8.4(4)) Site/Subnet B: 192.260.0.0 - remote (8.2(5)) VPN Users: 192.160.40.0 - assigned by ASA When you VPN into the network, all traffic hits Site A, and everything on subnet A is accessible.

Site B however, is completely inaccessible for VPN users. All machines on subnet B, the firewall itself, etc... is not reachable by ping or otherwise.There are also some weird NAT rules that I am not happy with that were created after I upgraded Site A ASA to 8.4

Site A internal: 192.160.x.x     External: 55.55.555.201(main)/202(mail)
Site B (over site-to-site) is 192.260.x.x     External: 66.66.666.54(all)

I pretty much just have the basic NAT rules for VPN, Email, Internet and the site-to-site.What do I need to add for the VPN to be able to access the site-to-site network?

Here is my NAT config:

nat (inside,Outside) source static DOMAIN_LOCAL DOMAIN_LOCAL destination static VPN_Network VPN_Network no-proxy-arp route-lookup
nat (inside,Outside) source static DOMAIN_LOCAL DOMAIN_LOCAL destination static DOMAIN_REMOTE DOMAIN_REMOTE no-proxy-arp route-lookup
!
object network DMZ_Network
nat (DMZ,Outside) dynamic interface
object network DOMAIN_LOCAL

[code]....

View 3 Replies View Related

Cisco Firewall :: ASA5505 - Microsoft SQL Server And Anyconnect Remote Client VPN

Oct 29, 2012

I ve configures an asa 5505 for remote vpn with anyconnect. it works just fíne - from remote i can ping the Clients and Server inside, i can do RDP or Connect via SSH to any machine, map some volumes local and so on but: I can not connect microsoft sql server. It uses port 1433 for the first connect and establishes then a dynamic connection. So i am a Newbie  - what rules or configs do i miss?   

View 3 Replies View Related

Cisco Firewall :: 5060 PBX Behind ASA Got Hacked

Nov 13, 2012

We have a costumer who has an asterix PBX behind an ASA i configured, the PBX i did not configure, we have several customers with the same setup. Today we have noticed that there PBX got hacked and was making calls to very expensive phone extensions. The guy who configured the PBX is saying that its the ASA who got hacked. In my opinion it is not the ASA that got hacked but i think there is something going on on the internal network.
 
They from th PBX says when he scans the IP of the customer who got hacked he sees port 5060 sip is open. but in the ASA ther is no port forwarding on that port, how is this possible?I also scanned it myself and it says port 5060 is open, which is weird because there is no port forwarding on port 5060.

View 11 Replies View Related

Cisco Firewall :: ASA 5510 - Set Up Guest Wireless Network For A Remote Office?

Jul 8, 2012

I have been tasked with setting up a guest wireless network for a remote office.  They would prefer that the guest network be on a different VLAN than the trusted network, and they want to use a different outside IP address for the guest network. 

I am trying to figure out how to configure the ASA so that it supports two different LANS, each with it's own outside IP address.  Is this possible?

View 7 Replies View Related

Microsoft Office Outlook 2003 / Can't Access Email From School Computer

Aug 29, 2011

I'm an intern in an elementary school. We have here two administration computers in which I and all the teachers have access to. One of the teachers has told me that she cannot access her email (Microsoft Office Outlook 2003) from one of the computers.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Intermittently Disconnects Remote Vpn Users

Mar 7, 2011

I am using my ASA 5505 to remote VPN.  I use both windows and Macs.  I use the Cisco VPN client software on the windows machine, on the Mac I have used both the Cisco VPN software and the built in OS X VPN client. 
 
I am able to VPN with all machines, but randomly the VPN will disconnect all users.  I know there is a setting that may fix this which I think I tested in the past and it did not work, but I have now forgotten it. 

View 4 Replies View Related

Cisco Firewall :: 5510 Access List For Remote Vpn Users

Apr 5, 2011

How to designate access-list for the remote access vpn users in order to let them access specific subnet or host,asa 5510 and acs is in the picture

View 9 Replies View Related

Cisco Firewall :: Securely Access Exchange Server 2007 Through ASA 5510?

Dec 27, 2011

Is there any way to access a MS Exchange Server 2007 on Windows server 2008 through an ASA 5510 running 8.4 with a full MS Outlook client (not using OWA - web browser)?  OWA is currently working fine but I was wondering if access via the full Outlook client is possible and more importantly...is it opening up too many ports on my 5510? 

View 1 Replies View Related

Office Wireless Network Setup - 50 Users?

Nov 1, 2012

I presently have a fiber internet connection to my office with about 40 wireless users on a single AP. The connection keeps dropping. Probably due to too many users on a single AP?

1. My question is similar to aniketchitale's, can get another wireless router, create a different SSID (eg. router1 and router2), but both wireless routers still connected to the same fiber connection. In other words, I would like to segregate the first 20 users to router 1 and the next 20 users to router 2.

2. By having 2 wireless routers each with their unique SSID, will all the users still be able to access to the same printer in the office?

View 12 Replies View Related

Servers :: Small Office Networking With File Sharing For Certain Users?

Feb 4, 2012

Right now every computer is connected through a workgroup and some computers are sharing files to everyone and some need a login to share other files. I want to run a main server where all the files are on that computer and have it share all the files to everyone else on the network. I'm not too familiar with Windows workgroup networking and file sharing.I want to have certain files accessible to certain computers and certain files accessible to everyone on the network. I'm under the impression that I have to have the main server with all the business documents. Then create separate accounts on the server and hand them out to each individual computer. After, go to each document and specify who can access what with read/write. Can I share some files to everyone and have certain files limited to other computers at the same time? How would someone access the shared files when you need a login and will this login conflict with files shared to everyone and files shared to certain people. I remember on my small business network I need a login for certain computers because it is shared to only certain people then how would I access the files shared to everyone when I have to login to see the server files to begin with?

View 1 Replies View Related

Cisco Wireless :: WAP2000 Connection To Remote Office?

Mar 14, 2011

We have a WAP2000 that supports a few wireless users in a shop environment.  Users authenticate using RADIUS.  Users connect without issue and can browse the Internet.
 
The main local network uses a Cisco 800 router to connect to the Internet via DSL and there is an IPsec VPN tunnel to our main office.
 
When a user is connected to the network via a wired connection, all systems work as expected.  If they are on wireless,  they cannot connect to services at the main office. They must make a PPTP VPN connection for applications to function.
 
The WAP2000 has the latest firmware 2.0.4.0.  It has a static IP on the local subnet.

View 2 Replies View Related

Cisco Wireless :: 5505 WLC At Remote Head Office

Apr 17, 2012

I have 3 AIR-CAP3502I-E-K9 AP’s on my network now. Its connected directly to a cisco L3 switch now. and through a WAN link it communicates to a cisco 5505 WLC at remote head office (flexconnect).I want to install a low end WLC on my office, so that incase of the WLC fails at head office, still the clients on my end able to connect to the AP .So which of the following models are support for the AIR-CAP3502I-E-K9  APs ? and can that’s WLC talk with the other one at head office(WLC 5505) ?

View 1 Replies View Related

Cisco VPN :: 2911 Remote Office With Dual ISP And EZVPN

Aug 9, 2011

I am attempting to get a solid setup for a remote office we have going up and I am running into little issues that I cant seem to get around.
 
Basically, we have a remote office that will have dual ISPs, one hard wired circuit from a local carrier and the other will be a Verizon 4G router that plugs in via Ethernet and hands out DHCP to my Cisco router.The Cisco router is a 2911 with IP SLA configured.  I have it setup to ping my DC out one interface and if that fails, it removes the default route and injects a new default route from the other ISP,
 
The problem I am having is with the VPN.  I figured using EZVPN would be the only solution because the Verizon 4G only supports DHCP so I have to be able to connect from a dynamic remote host.  The other caveat is that failover needs to be seamless as we have no person onsite that can troubleshoot.  Its fine if it takes a few minutes, but the VPN just needs to come back up on its own without any intervention.
 
I attempted to setup two different EZVPN crypto maps on the router but realized you can only have one inside cryptomap per interface, which would cause a problem with the internal network.  I thought I could just create subinterfaces off the router to have two inside interfaces to work with but that wouldnt have supported because they would now be on different subnets.
 
I decided that adding an ASA5505 behind the router may be the simplest solution.  Use the router only for the purpose of handling routing between the two ISPs and performing NAT out the interfaces.  Then use the ASA to do EZVPN from.  This works well but there are some issues I am trying to work through.
 
First, when the ISP fails over to the backup, the NAT translations have to timeout before things start working again.  For a constant ping, this is fine, I have the timers set down to 15 seconds for NAT timeouts and after 15 seconds the ping picks right back up again.  However, this breaks the EZVPN.  The ASA keeps trying to bring up the ISAKMP nearly every second, which keeps resetting the countdown on the NAT timeout for the remote EZVPN server.  Because of this, the VPN will never come up until I manually clear the NAT translations on the router.  So my first question is this; is there a way to adjust the timer that the VPN uses to try to bring the tunnel up?  I tried the crypto isakmp keepalive command but that didnt work, it looks like it doesnt work with EZVPN.
 
The second issue is really with the IP SLA and is only an issue because of the first issue I mentioned.  When the router first comes up after a reboot, both the primary and secondary interfaces come up.  However, since the primary default route is only injected into the routing table once IP SLA is up and can reach its destination, the secondary route gets injected initially and the VPN comes up over the secondary ISP.  In a few seconds, the primary default route is injected, changes the path and because of the NAT translation, breaks the tunnel and never comes up again because of the first issue with the VPN tunnel renewing the NAT translation continuously. 
 
I could easily go out and purchase a $100 Linksys router that will do the failover and clear its NATs and everything, but I need better reliability out of the hardware than that.  There has got to be a way to do this on a Cisco device since consumer level equipment can.

View 1 Replies View Related

Security / Firewalls :: VPN To A Remote Office With An Existing VPN Tunnel?

May 23, 2011

I have an existing VPN tunnel from my branch office to corporate.I want to allow my employees to establish a VPN connection to our local branch office where we have a local server, and not go through the corporate office.Can I set up a direct VPN connection to my router/ firewall at the branch office, even when there is a VPN tunnel already connected between my office and corporate?

View 1 Replies View Related

Cisco Routers :: RV180 To Setup A VPN Tunnel Between Remote Site And Central Office

Aug 18, 2012

I bought 2 RV180 to setup a VPN tunnel between a remote site and central office.The VPN tunnel is established, I can ping from central office to remote site but browsing on that server fails. [code]
 
Seems the routing is not really working through the VPN Tunnel.

View 4 Replies View Related

Cisco :: Aironet 1130 AG Remote Office Connected To Data Centre Over MPLS

Sep 27, 2011

We have an aironet 1130ag in a remote office connected to the data centre over MPLS. The Radius server is based on server 2003.We have hundreds of these points set up exactly the same but this is the only one giving me issues, I even stripped the config and rebuilt it and then swapped with a new access point
 
The issue is that clients can't authenticate when connecting to the access point but provides nothing in event viewer. Checking the RADIUs server provides nothing either.The access point error logs just state station: authentication failed
 
On looking deeper into the problem I enabled RADIUS debugging on the access point and got some interesting results, in particular is the line:
no sg in radius-timers: ctx 0x12EF0A4 sg 0x0000.I can't find out what no SG in Radius-timers actually means, but after that line appears I just see more retransmits and no sg fails.
 
I inspected the packets on the RADIUs server and found lots access requests coming from my access point and lots of access-challenges returning back from my RADIUS server - I'm not sure how often that's supposed to happen or if it's a one time occurance. I did however see directly after the first access-request that the RADIUS server returns with UDP and is fragmented, length is 1514...... could this be the problem? If so why cannot it hanlde fragmented packets?

View 2 Replies View Related

Linksys Wireless Router :: E4200 - Remote Access To Music On Family And Documents On Office LAN

Dec 19, 2011

I want to separate my house in three zones plus guest W LAN. One for my mother in law living upstairs, One Gega-net for my family and one for my own little company office. Additionally I want W LAN on three of the V LAN's in addition to one guest W LAN.
 
And I want remote access to my music on the family LAN and my documents on the office LAN.
 
Can I accomplish this with one (W LAN)router or do I need more equipment?

View 1 Replies View Related

Cisco VPN :: ASA Hairpinning Remote VPN Users 8.4?

Aug 14, 2011

I have set this up on pre 8.3 code and 8.3 code as well. I have the following configured on the ASA, but it is not working and I am not seeing the ASA trying to NAT the VPN pool IP address that the client gets assigned.  
 
object network VPNPool
subnet 192.168.70.0 255.255.255.0
 nat (outside,outside) dynamic interface
 same-security-traffic permit intra-interface

View 3 Replies View Related

Cisco Firewall :: ASA 5510 Cannot Connect To Microsoft IAS

Apr 24, 2012

I am transitioning from a Microsoft ISA server to a Cisco ASA 5510. So far so good, until it comes to getting AAA functioning properly. I have a Microsoft IAS server that is functioning properly, however when I try to test it through the ASA's ASDM it errors out. When I run a packet trace it shows it's being blocked by the dreaded implicit ACL. The funny thing is that I can ping and traceroute to the IAS server from the ASA. I found numerous config examples for AAA using IAS, but still not working.
 
Could it possibly be behaving this way because my ASA and my IAS server are on two different internal netowrks? (172.31.1.x-ASA, 10.1.1.x-IAS)

View 1 Replies View Related

Cisco VPN :: Microsoft VPN Client To ASA 5510 Firewall?

Aug 5, 2012

We just set up the AnyConnect SSL vpn on our ASA.  I am able to establish a connection fine using the Cisco AnyConnect client.  I would like to use the native Windows VPN client though if possible. What configuration changes on either the firewall or the client I would need to make for this to happen?

View 1 Replies View Related

Cisco WAN :: Microsoft Outlook Though ASA5505 Firewall

Nov 16, 2011

I have some users from another company who are visiting my company. The use outlook to access their mail. I think it is via RPC over https (ssl). When there are on my network they are unable to send messages but when the connect to an ISP directly they are able to send. I have a cisco 2821 as my internet router and an ASA5505 (8.0.5...i downgraded it from 8.2.3) as my firewall. I have not blocked anything from going out. Of note is that when other users use window live configured for gmail....which uses tls they are unable to send emails with atachements. Regular emails go though no problem. Hotmail can send atachments without a problem (there is no encrytion there). I have narrowed the issue down to how the firewall treats esmtp or tls traffic passing though it. I have already diabled inspect esmtp on the firewall.

View 2 Replies View Related

Cisco Firewall :: Microsoft Exchange With NLB And PAT On Asa 5510

Nov 7, 2012

i have exchange with NLB cluster.
 
i want to PAT the cluster ip to access email from outside. i know i can add the static arp entry for multicast cluster ip.
 
my question is i can add static nat command to that same cluster ip for port 25 and 443 like normal way like we do for normal PAT?

View 2 Replies View Related

Cisco :: ASA5520 - Implementing VPN For Remote Users?

Apr 25, 2012

I have roughly 50 users that are remote, and use VPN to access the resources in my network such as file servers, application servers etc.  We currently use Microsoft VPN to authenticate those users.  It works, but I am not a fan on Microsoft VPN.
 
I have purchased an ASA5520 to replace my crappy layer 3 HP core backbone switch, and plan on replacing my Microsoft VPN with Cisco VPN.  I want to configure my ASA so my remote users can continue to VPN into my network securely?Is this possible?

View 8 Replies View Related

Temporarily Lock Out Remote Users?

Dec 30, 2011

One of our accounting administrators will be working in our server this weekend from his home remotely. He wanted to know if there was a way I could temporarily lock users from remoting in a few days to prevent them from messing up his work.The only way I could think of was disabling the accounts in Active Directory and then re-enabling them once he was done. Server is running Windows Server 2003 with the users remoting in via RDP. They all have accounts in Active Directory.

View 1 Replies View Related

Cisco Firewall :: ASA Version 8.2 (2) / Authenticate With Microsoft LDAP?

Jul 25, 2012

I am running ASA ver. 8.2(2)  and all users are configured in the ASA. This ASA is uses as a VPN ASA and we are using it for remote access for external users. When a user is logged in, he gets all parameters that are need to continue working from outside, such as, IP, assigned to special group with special permissions and so on. All the parameters that are needed are configured under  user attribute. See example below: 
  
username username1 password xxxxxx == nt-encrypted
username username1 attributes
vpn-group-policy Basic
vpn-access-hours none
vpn-simultaneous-logins 1
vpn-idle-timeout 30

[code]....            

Is it possible to live the user attributes as is and to force the users to authenticate via LDAP servers only?

View 4 Replies View Related

Cisco Firewall :: Enabling Microsoft LDAP With ASA 5520

Oct 27, 2012

I am trying to implement Microsoft LDAP server with our ASA 5520. The client is using Cisco VPN client and when I am trying to connect I am receiving the following error message:
 
"Secure VPN connection terminated locally by the client. Reason 413:User authentication failed"
 
I triggered the debug on the ASA 5520 and everything looks fine .The LDAP server is sending the right information without any error message.
  
Googled this error message and I found that I need to enable the simultaneous logins to enable. I enabled it but I got the same error message. This configuration is under remote access vpn>group-policies>General>more options.

View 64 Replies View Related

Cisco VPN :: SA520W SSLVPN For Remote Users Only 64kbps?

Oct 19, 2011

I have setup an SA520W and configured SSL-VPN for our small business.  Everything seemed to go smoothly and I tested SSL VPN by logging in and playing around a bit which seemed to be fine.  However, shortly after deployment I started getting complaints about it being much slower than our old VPN through the consumer grade router I just replaced.  I investigated and tested with IE8 and Chrome on Windows XP 32-bit with several different machines, and in all instances it did seem very slow indeed.  While looking around I noticed that the Task Manager under the Networking tab shows the SSL VPN connection as VirutalPassage at 64 Kbps.  Going into Network Connections shows VirtualPassage under the Dial-up heading with device name Virtual Passage SSLDrv Adapter.  Additional properties describe it as an ISDN channel.  I have attached an image of the Task Manager pane.The router is running the latest firmware of 2.1.51.  It is connected via a static IP that does not require a login, to our dedicated 5 Mbit / 5 Mbit ethernet over copper link to our ISP.  We get great speeds and low latency through everything but SSL VPN connections.  I haven't done anything fancy so the router certificate is the factory default.  Currently we are using the existing 2 SSL VPN licenses that come with the router until we need more access, at which point I want to upgrade to the 25 user bundle.  However, I don't feel comfortable upgrading until I get this resolved, because 64kbps simply cannot work for us for a VPN solution.how to configure the SSL VPN to not limit at 64kbps?  My engineers are making fun of me for bringing us back to dialup, and I have to agree with them!

View 1 Replies View Related

Cisco VPN :: 5510 Restrict Remote VPN Access For MAC OS X Users

Feb 12, 2013

I need a way to block MAC OS X users connecting remotely to our coporate users over VPN. I know there is an option to block connections based on VPN client Version, but cant find a way to block users based on operating system.
 
We use Cisco ASA 5510 firewals one with v8.2(1) and other with v7.2(3). I need to do on both firewalls. They are both at diffrent sites.

View 4 Replies View Related

Cisco VPN :: 5510 Remote Vpn Users Having Address From Pool 2

Apr 5, 2011

can i have 2 pools each with diifferent subnet [code] i wanna put restricution on remote vpn users having address from pool-2,and just give them access to 172.16.10.0/24,is it possible on the asa 5510?

View 7 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved