I have ASA 5520 running ver 8.3.(2)8 and configured for AnyConnect VPN. While testing for iPads and iPhones we noticed that on connecting it disconnects few times before finally connecting. These are the messages logged in the ASA.I don't see authenticatio as an issue. Results are better with wifi compared to 3G. [Code]
View 1 RepliesI have setup an AnyConnect Connection Profile on my ASA 5520.
We have some remote support software which the helpdesk use to connect to PC's remotley and torubleshoot.
I cannot connect to this software using the assigned IP address of the client even though it works fine with our old Nortel VPN.
If I hit the IP address the packet gets all the way to the ASA and seems to disappear.
I have setup an IP v4 access list on the connection profile which allows any/any access b ut still no joy.
I have an ASA 5520 soft 8.2(3) when i try to configure the any connect I don't get the SSL and the telnet options for the connection. bare in mind that i don't have the any connect software on my asa nor do i have any certificate. is it essential to get a certificate. do i have to buy it knowing that it will only be used by our company's partners. if not how do i get it
View 1 Replies View RelatedSo i setup a failover active / passive with 2 ASA5520's
Primary asa has 750 Anyconnect vpn licensing and the secondary asa has 2 Anyconnect licenses
I haven't setup the second asa with the new 750 licenses i purchased but when i do a show version it shows that the failover licensed features shows 750...
Does this mean i do not have to install the secondary anyconnect licenses on the standby ASA unit?
output of secondary asa
:
Licensed features for this platform:Maximum Physical Interfaces : Unlimited perpetualMaximum VLANs : 150 perpetualInside Hosts : Unlimited perpetualFailover : Active/Active
[Code]......
I have noticed that all the computers lose wifi connection at a certain time (i.e in the morning and at night).
I think it may be the router. I notice the wifi symbol on my router blinking when my macbook pro is not connected to the router after it disconnects by itself.
I've been having an issue recently which is causing my internet to disconnect for under 20 seconds 1-5 times a day. This can be troublesome when online gaming, as I am normally disconnected from the server.
View 1 Replies View RelatedI have an SSL VPN set up on my ASA 5520 with a self signed cert. When I run the AnyConnect install on my desktop machine I have click through a few windows to accept the certificate. When I connect through the mobile client on Android, the connection goes right through without a prompt to import/choose/download a certificate. I'm able to connect but I'm wondering if the phone has actually recieved a certificate. I'm in the 'Advanced Connection Editor' screen and the certificate setting says "Automatic".
View 2 Replies View RelatedWe have 2 Dell laptops and 1 Mac book all connected via a wireless router. Everything worked just fine until we got a Mac desktop which we connected via Ethernet cord for my husband's work. Now the wireless connection to our laptops disconnects at least 3-4 times per day and we need to unplug everything from the router and plug back in to get it to work again. The Ethernet connection to the desktop doesn't seem to have any issues.
View 7 Replies View RelatedHad an E4200 for a couple of months now and have not been able to resolve an issue with the router dropping an Apple iPad 2 at random times.The E4200 is replacing a Cisco Aironet 1200, which never dropped any clients, iPad 2 or others, and never displayed any of the issues below.
TECH DETAILS:The E4200 is being used purely as an access point. All extras are not in use and are disabled.
Firmware 1.0.03
Hardware version 1.
BASIC ISSUE:The E4200 drops an Apple iPad 2 off the 2.4 Ghz Mixed (B, G, N) network. The user must then select the network to rejoin. Rejoining occurs without incident. The same issue occurs when the network is restricted to B, G. The drops occur at what appears to be random intervals - sometimes 10 minutes apart, sometimes hours apart. We can have as many as 6 drops in an hour. A ping to the apple ipad shows the device stops responding to pings about 10 seconds before the user is prompted to rejoin a network. Meanwhile, a ping to the E4200 itself from a laptop connected via the E4200 on the same radio as the ipad continues to work without fail during this incident.
1. The iPad 2's cannot connect to the 5Ghz radio. I believe iPad 2's are supposed to support 5Ghz.
2. Both our Apple TVs do not connect to the 5Ghz radio: they fail with a "There was an error connecting to the network. Check your settings and try again. (-3914)" error. Apple TV supports 5Ghz.
3. The admin interface for the E4200 is very slow sometimes. Probably over 20 seconds to render some pages when it gets really bad. As a comparison, Internet-based pages on fast sites that delivered via the E4200 itself load in less than 2 seconds.
4. The HTTPS version of the admin interface can only be connected to via Safari browers. Both Internet Explorer 9 and Chrome 16 fail to connect with a "Connection reset" error. In Chome, it says "Error 101 (net::ERR_CONNECTION_RESET): The connection was reset." This is across multiple devices. There is no issue with straight HTTP.
All other devices - including Macs and PCs - connect fine with the E4200 on both 5Ghz and 2.4 Ghz radios, even if they cannot access its admin interface via HTTPS.I've presented quite a few issues above, but the main one is the drop outs for the iPad 2 devices. I'd present logs on drops, but the thing doesn't record any useful logs.
Basic wireless config:
5Ghz:
Network Mode: Wireless-N Only
Channel width: Auto (20 or 40 Mhz)
Channel: Auto (DFS)
SSID Broadcast: Enabled
[URL]
I just bought WRT54GH router. I have one PC (running Ubuntu) connected via Wireless.Every 5-10 minutes I get disconnected for a short period of time (about 10-30 seconds). During that period I am able to access router configuration page, but can't connect to the "outer" world... Surely it's not about my Internet provider, since connecting the PC directly to the Internet cable works fine with no "disconnections".
View 9 Replies View RelatedI check all of the settings and changed the channel to see if it works. For some reason it disconnects my wireless internet at random times and i know before it never use to do that before with a older router. There is nothing blocking it, it worked before, and my computers can connect except two. The only thing i can guess is my wireless card.
View 6 Replies View RelatedI am setting up an ASA5505 to allow a VPN with certificate from AnyConnect Secure Mobility Client (iPad)However I get a "No License" message back from the ASA, on the iPad - Anyconnect.I remember reading the ASA5505 came with two licenses.
View 8 Replies View RelatedI'm using the Cisco ASA 5520 on GNS3 .. Everything is working fine, except for one thing. The CCP .. I tried the CCP with a router and it worked, but it can't see the firewall.
I have already enabled the HTTP server using "HTTP server enable" and created account using "username admin privilege 15 password admin" also enabled SSH and Telnet on the ASA
"ssh 0 0 INSIDE"
"telnet 0 0 INSIDE"
When I use the CMD to telnet to the ASA, it works just fine .. Also, when I connected a router to the ASA I could SSH to it, as well as using the PuTTy . Is there a way to troubleshoot? Or even a document that illustrates how to configure the ASA for CCP? Better a document for configuring the ASA from scratch .
We recently upgraded our any connect client from -2.5.3055 to -3.0.07059. This is running on a ASA HA pair running 8.4(2)8. Since the upgrade our users are seeing continual disconnects.
View 2 Replies View RelatedI connect to my corporate network using Cisco AnyConnect Secure Mobility Client. Once connected I can no longer print to my LAN attached printer and other local resources. I use the Cisco/Lyncsys E4200 router on my LAN and can re-connect to the storage on the local LAN by setting up Port Forwarding of port 21 and MS Windows FTP folder sharing. However, I can't seem to connect to a Terminal Services client by forwarding port 3389. Is there a way to connect to the local LAN after logging into the VPN connection. I can connect to regular HTTP/HTTPS sites and most other type of connectiins, just not my own local resources.
View 3 Replies View RelatedSince several weeks ago we are triyng to solve a disconnection problem related to servers benind an ASA 5520 behind this ASA there are:
-subnet with public ip addres
-sunbet with prive ip address, the server on this subnet are acccesible via NAT.the problem is worst when some ousite our network and behind a nat device (like a adsl modem/router) tries to connect to those servers wich are using natted ip behind the ASA.I tried from my home to connect to this ASA5520 using annyconnect and get reset tcp packets. Are there some aditional configuration to make the ASA work properly?. We have other firewalls like PIX or software firewall (ASG), they work with no problem. Only the ASA 5520 has this issue.
Connecting ASA 5520 to two Catalyst 3560G layer 3 switches. What's the best practice to connect the asa-5520 at the edge, to the core of my network? What I'm looking to do is connect two routed gigabit ports (gi0/2 and gi03) to two seperate layer 3 routed ports on catalyst 3560G. I'm wondering how to do it, or if there's any type of failover method? I'm running EIGRP in the network and the link to the first core switch has a /30 point to point connection. Everything works fine, I'm just not sure how to connect the second switch to the firewall. Should I use the a different /30 for the point to point connection to csw02 gi0/48? (See attachment) How would this affect traffic flowing through this interface? Would I have to duplicate rules I have on my inside (gi0/2) interface? Is there a way to make the inside2 interface standby some how? I want to know the best way to set this up, so in the event csw01 goes down I don't loose internet. Will EIGRP work it's magic and only use 1 path to the ASA? Should I even be using routed interfaces on the ASA and just use trunked mode?Running ASA 8.4?
View 1 Replies View RelatedI have an ipad that is not able to connect to a 1142 Autonomous AP. This AP was originally a light weight AP and then downgraded to autonomous.A strange thing i see is that the AP shows me only two radios. 802.11 N(2.4 GHZ) and 802.11 N(5 GHZ). I suspected the AP not to support the b/g networks. i then downloaded the most recent software but i still cannot get it to connect and on the AP's GUI i only see the above two mentionned radios. i tried to connect to two SSID's. one using WPA2 and another with open authentication and no security.but this does not work. Is it possible that some 1142 do not support b/g networks?
View 21 Replies View RelatedI am looking to purchase the RV220W router. I am interested to know if I can use the iPhone/iPad to create a VPN connection to this router.I have seen a lot of conflicting information about this so I am looking for a confirmation.
View 15 Replies View Related2 x ASA5520 with SSM20 . using AnyConnect 3 , users are not getting disconnected from ASA even after the vpn client is closed . Users would not be able to login from the same ip until the session is active. Manual clearing of the session enable the user to log back in .
View 1 Replies View RelatedWhen trying to connect my ipad to my windows wireless network it asks for a passwordIs this the same thing as my network key?
View 4 Replies View RelatedIPods and IPads to connect to stand alone AP1131? My scenario is as follows:
There is a section of a campus that is covered by 14 stand alone AP1131 were I experience the problem. The security parameters are: 802.1x, wpa enterprise, tkip
The other section is under WLC also AP1131 but in this case in WLANs/Scurity/Leyer 2 I checked boxes:
WPA Policy, WPA Encryption TKIP
WPA2 Policy, WPA2 Encryption AES
Auth Key Mgmt 802.1x
Wonder if the fact that I chose WPA2, AES makes a difference with stand alone mode? Anyways I tried configuring AES in stand alone APs and it didn't make a difference since I could not connect either.
recently we have purchased Reflection - an AirPlay mirroring software. Basically install Reflection in the laptop and you can view the screen of the iPad or iPhone via wireless network. we have tested in home wireless network no problem, but when connect to the cisco network, the iPad didn't recognize the REFLECTION installed in the laptop.
we are running WLC 5508, WLAP AP-1331AG, we can ping from laptop to the iPad laptop and ipad can access network without any issue. there is no any application port has been blocked between the client via wifi extra details for REFLECTION: [URL]
I have a query regarding MAC authentication for end systems on ASA 5520. Inspite of proving MAC address in endpoint authentication along with AAA, only AAA attribute policies are getting created. MAC authentication is not happening.
Is there any requirement like LDAP or AD is required for MAC authentication?
I have an E4200 wireless router which is connected via USB to my Canon MX 308 printer. I am able to print from Windows computers that are connected to this router (via WiFi of course). My iPad 2.0 is able to connect to the internet via the router. However I am not able to print content from my iPad via the E4200 router (via Wifi using Cisco Connect software).
View 1 Replies View RelatedWe are currently using Cisco VPN Client. I'm looking to migrate to Cisco Any Connect. Our ASA 5520 has 750 IPSec and 2 SSL license. I also have approximately 40 IPSec site to site VPN's on this. ,Will anyconnect interfere with the site to site tunnels?,If I setup anyconnect with the IPSec instead of SSL do I still need to purchase the premium or essentials license?,Lets say if I do have to get the license and I get essentials will it cause any issues with the site to site VPNs?
View 2 Replies View RelatedWe have an ASA 5520 with two VPN profiles working fine.Since some users are now working with Windows 8, VPN clients for Cisco ASA is not able to connect.I have read there are problems for such VPN Clients in that OS, and I should use now Anyconnect for them to connect. I thought we had anyconnect working also, because some users can connect to a web page they can do some kind of connections to internal servers, (web, telnet, rdp, etc) so I installed cisco anyconnect VPN client in a laptop and try to connect (same IP and port I used for that web page) but after signing I get the message AnyConnect is not enabled on the VPN Server.So I tried to follow a configuration guide for Anyconnect, but there's a step in which I am trapped, these are the steps: Click Configuration, and then click Remote Access VPN.
View 7 Replies View RelatedMy client is upgrading from anyconnect 2.5.2014 to 3.1.00495. The ASA is running ASA 5520 version 8.2(5)33 and is in an active/standby failover pair.when trying to push out the new 3.1 from the pair to windows 7 and XP machines, he gets the error "Failed to get configuration from secure gateway. Contact your system administrator". When he tries to push 2.5.2014 and 2.5.6005 out from the pair this works fine.When pushing the 3.1 out from a stand-alone test ASA 5520 it works fine.
View 2 Replies View RelatedWe have bought L-ASA-AC-PH-5520=Anyconnect Vpn Phone License for our Cisco Phones but when we entered this license into our ASA it shows th following i.e enabled for linksys phones. Is there a diff part no to enable vpn for cisco phones. [code]
View 2 Replies View RelatedWhen I try to add CAS to CAM a cannot choose a OOB Virtual Gateway or OOB Real-IP Gateway, because these operation modes are absent in Type list.What can be reason it?
View 5 Replies View RelatedWe currently are using the anyconnect client using certificates for authentication (ASA 5520 v8.4). It works pretty good but I can only get it to work on a profile basis on the clients laptops. We are running windows 7 and if multiple users need VPN i have to install the certificate for each user. I have changed the xml profile to read the certificate store to "all" and true for certificate store override. I am installing the certificate in the trusted root certificate store. Is there a way for the anyconnect to authenticate for all profiles (users) for the laptop?
View 0 Replies View RelatedI have an ASA 5520 and I am having trouble getting the AnyConnect VPN authentication timeout feature to work properly. I thought I did have it working a couple of months ago, but right now it is not giving me more than the default 12 seconds. I have tried intervals of anywhere from 25 seconds up to 120. I am currently runnign version 6.4 on the ASA and AnyConnect 2.5.3055.
View 8 Replies View RelatedWe currently have a setup where users connect to the inside of a firewall using the ipsec client. We are moving them to the anyconnect client but are unable to get it to work, we cannot even get a webvpn page on the inside.
When trying to connect with anyconnect the ASA reports an IKE initiator fail on the inside. and no tcp connection flag. We cannot get any response with Webvpn either I have tried using a different tcp port on webvpn but then the asa denies the traffic even though there are no rules denying.