Cisco Firewall :: 5520 - VPN Tunnel Not Working Properly?
Jan 11, 2012I am getting the below messages in my cisco asa 5520, during this time tunnel is down. just what to check whether the problem is at remote FW or with asa
[code]...
I am getting the below messages in my cisco asa 5520, during this time tunnel is down. just what to check whether the problem is at remote FW or with asa
[code]...
Model: ASA 5520
ASA: asa843-k8.bin
We are having an issue with the the ASA RDP2 plugin, it has been working correctly since the installation of the ASA 2 years ago.1 month ago the functionality stopped working in IE activeX. I performed an upgrade of the ASA software in an attempt to fix, unfortunately this has not resolved the issue. Reimporting the plugin has not solved our issue either.
When using the Java client, there is a warning that -"The terminal server disconnected before licence negotiation completed. Possible cause: terminal server could not issue a licence"When a user clicks on a bookmark or types in a server name that is associated to the RDP2 plugin, the page timeouts and goes back to the home screen of the clientless SSL vpn.
I not familiar with the ASA 5510 product. I having trouble since last 24 hours and still cant find out the root cause yet. Here is my scenario, my network should be
WAN --- ASA5510 (FW) --- SERVER (192.168.1.0/24)
Now I face the problem, all the NAT static 1-to-1 is working OK. All my public IP can be ping from outside internet. But the problem happen when I try to telnet to port 80 on each server. I had try telnet from my PC to public IP 124.xxx.179 80, it's work fine, but failed on 124.xxx.180 80, then on 124.xxx.181 80, its work fine.
Then I do try on my colleague PC, in same network as mine, I face another case where the public IP 124.xxx.179 80 cannot be telnet, but it's ok for 124.xxx.180, then failed on 124.xxx.181 80.
FYI.. all our PC can ping to the Public IP and no packet lose.
The scenario is very weird, I cant find any other solution as had review my configuration few times.
check does my configuration is working perfectly or not.
ASA Version 8.2(5)
!
hostname fw-asa
enable password xxx encrypted
[Code].....
We just migrated from a single 5510 to a dual (failover) 5520, It seems that everything is working except the remote VPN. We can establish a tunnel and authenticate as local users, (going to LDAP when all is working) but no traffic is passing. I know I am overlooking something but cant see it. [code]
View 12 Replies View RelatedWe have a 100 Mbps WAN circuit, we have configured an IPsec tunnel between ASA 5520 and Cisco 3845 Router for our DR site replication via Veeam Backup and Replication, it was working fine before, when we established the 3DES tunnel the traffic for certain subnets is dropped after an hour and it stops the replication, although tunnel remains up and we can access the other subnets, as soon as we clear the crypto SA and ISAKMP sessions on the firewall the traffic starts flowing again and then after an hour the traffic is dropped again.So far the testing and differnet configurations we tried are as under.
Tried with a different MTU size both on firewall and ESXi servers but nothing happened.Their is no QOS configuration.Checked the utilization on both ends its Noram although their are subsequent 100% spikes on Cisco 3845 but on average it remians at 30-40%.
I have a site to site VPN between SiteA to SiteB which is working fine. SiteA has an ASA5520 and SiteB Pix501. The ASA5520 is running version 804 with split tunneling. Users connect to SiteA using remote access VPN. Is it possible to setup SiteA ASA5520 so that when users connect to SiteA they can access servers located on SiteB through the tunnel? I know i can setup the Pix501 for remote access VPN but it is located in another country and i don't want to take a chance just incase i lose connectivity.
View 7 Replies View RelatedI have the following setup
|| Socks Server || >> Switch1 >> ||Cisco 5520 ASA || -->> | Switch 2| -->> Clients
I have a SSH SOCKS tunnel set up on the socks server which is a Linux box. When I connect my machine to the switch 2, I am NOT able to receive and mail by setting up a mail client and it seems SOCKS traffic does not reach the socks server. I can however run a telnet command on port 1080 (socks port) which connects which shows that the port was going through and open. However there was no SOCKS traffic. When I connected the machine to Switch 1, SOCKS traffic worked as expected and I was able to receive mail.
This suggests to me that the ASA has some inherent rule that does not allow SOCKS traffic. IS this true and if so how can I bypass this?
Monitor a VPN tunnel that has as end devices a Cisco ASA 5520 and a NetScreen Firewall. I'll like to be receive an alert when the VPN is down.
View 1 Replies View RelatedI'm trying to achieve a site-to-site ipsec tunnel to a Cisco ASA 5520. Most examples feature the ASA with a public interface that terminates the tuennel and a private network on another interface that the tunnel interacts with. Where my scenario differs is that the interface that accepts the tunnel is part of a public /29 network where I want the remaining hosts on that subnet to be able to route thrugh to the other end of the tunnel. My tunnel gets established, but any attempts to route via the IP assigned to that one interface result in the ASA rejecting traffic. If so, what configuration options should I consider?
View 5 Replies View RelatedNeed to check how many tunnels IPSEC are running over ASA 5520.Tried commands which we use on Routers no luck?
View 6 Replies View RelatedI have an ASA 5510 and I am building a site-to-site vpn tunnel, peer on the other end is a sonicwall. I can initiate the tunnel from my end, but when he tries from his end it fails on phase 2 with this error in the logs:
"Rejecting IPSec tunnel: no matching crypto map entry for remote proxy"
Obviously our crypto map's don't match, i have it restricted to specific ports on my end and he had it wide open on his end, but said he is not sure how to restrict it down to specific ports. My question is why would I be able to bring the tunnel up on my end if the crypto map's don't match and he can't bring it up?
I have an ASA 5510 and I am building a site-to-site vpn tunnel, peer on the other end is a sonicwall. I can initiate the tunnel from my end, but when he tries from his end it fails on phase 2 with this error in the logs:
"Rejecting IPSec tunnel: no matching crypto map entry for remote proxy"
Obviously our crypto map's don't match, i have it restricted to specific ports on my end and he had it wide open on his end, but said he is not sure how to restrict it down to specific ports. My question is why would I be able to bring the tunnel up on my end if the crypto map's don't match and he can't bring it up?
I am having a wierd case, where in i have a 5520 and i am not able to ssh into that firewall. When did a capture on that firewall it shows my connection is getting reset as soon as i try to ssh into the box. Given below is the config for ssh into the firewall.
!
ssh 10.252.253.0 255.255.255.0 inside
ssh 10.114.255.240 255.255.255.255 inside
ssh 169.2.162.75 255.255.255.255 inside
[Code].....
I have an issue with Cisco ASA 5520, The summary is below!
Packet # 1 on inside capture the Call-ID was: Call-ID: 2a54f680-
a5d1de2a-160c-164070a@10.7.100.1
Packet # 1 on outside interface the Call-ID was: Call-ID: 2a54f680-
a5d1de2a-160c-164070a@149.5.33.44 --- this bcz of the inspection.
Packet # 2 on outside capture the Call-ID was: Call-ID: 2a54f680-
a5d1de2a-160c-164070a@149.5.33.44
Packet # 2 on inside capture the Call-ID stay: Call-ID: 2a54f680-
a5d1de2a-160c-164070a@149.5.33.44 --- this is the problem.
(This suppose to be Call-ID: 2a54f680-a5d1de2a-160c-164070a@10.7.100.1)The inspection should change the Call-ID for the incoming packet as it did with the outgoing packet. Whenever, the CM receive the trying message with different Call-ID it considered as new session and it keep sending invitation messages for the SIP provider.NAT is enabled.
it keeps disconnecting and ping breaks all the time.other laptop and phones work fine.and if i go 5-10 meters away from router it gets worse.tried new drivers and bios.even tried to change settings of wireless card still problem is there.
View 5 Replies View RelatedIm having a problem with my wireless. My whole family is connented. to wireless. But when we all use it together it goes so slow. Like 4 some times only 2 people using it at the same time.
View 9 Replies View RelatedI have a an issue with one particular VPN user. They are using the built in Windows Vista client to connect to my ASA 5510.
All other users do not have an issue and i receive the following error at roughly the same time of day when the drop happens. Authentication is done by my AD Server which handles all logins.
[code]...
I have one Flex WLC 7510 using software version 7.0.220, And all APs are 1131.
I have some sites with H-Reap, where H-Reap is configured properly.
The Access Points are set with AP Group. AP Group is configured properly too.
Each AP Group was configured for one site, and they was configured with 2 SSIDs. All sites has 2 differents SSIDs. During some basic tests, in one site with 9 APs, I saw:
1. When the Access Points are registred on WLC, all APs are working fine. All APs has your 2 SSID added on slot 0 (radio 0)
2. If I disable the link between WLC and Access Points, 7 access points delete SSIDs on your AP Groups and replace it with 16 SSIDs (SSIDs on Default Group) configured on WLC.
i had an extra network under my wireless networks that was just called "network" which was not connected to anything, but since i had this, on the bottom right of my screen where it normally showed the bars for the wireless connection, it had the bars grey with a red X on them, but my connection worked fine still.I am using windows 7 64x bit. I always use a wireless connection on my laptop.
View 6 Replies View RelatedI have 2 computers, One running Vista 32, Desktop.Another, Laptop, Win 7 64bit.Both computers have given Error 651 when using PPPoE wired connections, usually at the peak of the day.My ISP says that Error 651 is the problem, while I am starting to think its the amount of bandwidth their giving my neighborhood/home.Also, can that dosen't work,how to fix the overall problem of my Internet shutting off at peak hours?
View 2 Replies View Relatedwhen I couldnt turn on the wifi from the switch. It remained orange(which is its off state) and so I went to the device manager and the wifi adapter was shown there but with an exclamation mark. Showing the error "the device cannot be started(code 10)". So I uninstalled and rebooted, only to get the same error when it got reinstalled.
View 19 Replies View RelatedI have a Netgear CVD31T modem delivered by my internet provider. I can't change any settings on the modem. My connection speed is 30 gb up and 5 GB down.Until now I used a Linksys WRT54GV ver. 2 router to share my connection between my computers and NAS server and it worked ok. In speed tests I normally get approx 25 - 28 GB speed. To optain more speed on my LAN I want to buy a GB router. And here started my problems. First I tried a D-link DIR655, then a Netgear WNDR3700 and latest a Linksys E3000. I all 3 occations my WAN speed droped drasticaly down to between 3 - 5 GB speed, at under a ping test I have a loss of between 10 - 30 % and time on approx 50 ms.If I connect my PC directly to the modem or re-connect my old router it works perfect. I have tried to replace cables etc. etc.
View 5 Replies View RelatedLast night on the xbox 360 i was suddenly experiencing alot of lag on other peoples voices. i took no notice of it and the next day i went on my laptop and alot of websites wouldn't load properly.i can go on google,obviously this and my hotmail(after having to wait a long time for the hotmail to load), but others such as ebay will not load. I cannot even access my router settings by typing in my ip address, instead i get a message saying the page cannot be found. also i was disconnected from xbox live with the internet to xbox live part not working. Obviously the first thing i done was turn the router off and back on but it hasn't made any difference.
OS Version: Microsoft Windows Vista Home Premium , Service Pack 2, 64 bit
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4055 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1804 Mb
Hard Drives: C: Total - 290204 MB, Free - 141170 MB; E: Total - 14999 MB, Free - 5644 MB;
Motherboard: Dell Inc., 0G848F, , .5MDJWJ1.CN7016697U05OT.
Antivirus: AVG Anti-Virus Free Edition 2011, Updated and Enabled
I bought a TP-Link TL-WR841N which i have managed to setup up properly, i am able to connect to the wireless and get internet access. However the minute i walk out of the room or a few meters away i am disconnected and i can't re-connect, i get the "windows cannot connect to TP-LINK" message. The signal strength in on excellent and i know it works because when i stand near it, it works perfect.I phoned TP-LINK technical support who were pretty useless and couldn't fix the problem.
View 3 Replies View Relatedhow u would evaluate the effectiveness of the home entertainment (PC,console, Windo media centre
View 1 Replies View RelatedThe Network icon in the notification area in the bottom right hand corner of my screen will almost always look like this:Quite frequently, though, I will get an exclamation mark inside a triangle with a message instead saying No internet access (I don't have a screenshot). If I give it a few seconds, usually never more than a minute (30 seconds on average it seems), it corrects itself and gives me back internet access.
I have configured my CIsco 2911 router and there seems to be something wrong with my configuration regarding subinterface 0/0.102 The hosts on this subnetwork cant access the Internet and i cant spot the error.
Here is my running config on this matter.
class-map type inspect match-any LAN_TO_WAN
match access-group name LAN_TO_WAN
class-map type inspect match-any WAN_TO_LAN
match access-group name WAN_TO_LAN
class-map type inspect match-any GRE_TO_WAN
match access-group name GRE_TO_WAN
class-map type inspect match-any WAN_TO_GRE
[code]....
I have a user using windows 7 64 bit. I tried vpnclient-winx64-msi-5.0.07.0290-k9.exe and vpnclient-winx64-msi-5.0.07.0440-k9.exe. Installation is fine. Connecting is fine. But no traffic goes through.The remote end cisco is 1811 VPN Server split tunnel. User get authenticated by Radius server.
After connected, user get the correct IP address. In router, sh crypto session, it has SA, etc. But sh ip route, can't find the Static route point back to the client IP like other connections.
At user end, windows show the IP address but no gateway. Windows route print shows the VPN network via gateway xxx.xxx.xxx.1 which is not available.Other 32bit users have no issues with VPN.
ive been having some issues with my internet, i had an attack on my pc recently by some american orginization, ive reinstalled new windows on my pc, reset my modem, and nothign seems to work, i have too many tunnel adapters in cmd ip config i think, bell canada hooked up my internet lines and they actually joined two or more wires together and strung them up on the neighbours fence and mine and even wrapped it around a tree branch, god knows why they would even do that, maybe they think when the tree grows it will cost me money to fix it and theyll earn from thier mistakes instead of learn from them... anyway this is my ipconfig test results as explained in previous post from someone.Windows IP Configuration[CODE]
View 1 Replies View RelatedSome Trouble With My Wired Internet Connection,basically it worked somedays other days it cut off and didnt work for a few days,i phoned virgin media who sent me a new modem.Everything is set up and activated and it worked for about a day,now it has stopped working even though the computer says im connected,everytime i try internet explorer or firefox i get a white screen and every webpage i try fails,but if i bring up utorrent i can see that my internet is connected because it begins to download the ebooks
View 17 Replies View RelatedSo I have an HP Pavilion dv9000 laptop with window 8 installed and when I try to connect to the internet I keep getting an error that says the "Ethernet" Adapter is not working properly. I used to be able to go on the internet and then my dad had my computer for a while and now it's not working.
View 7 Replies View RelatedI recently replaced a Linksys wireless router with a Netgear wireless router(provided by Comcast) to the modem in my house. I used my HP Pavilion as the computer to run the setup disk and the wireless wizard to link the new router to the modem. I unplugged my HP from the router and proceeded to setup my computer on the wireless network.
View 14 Replies View RelatedWhen I check the strength sometimes it indicates it's good if I'm practically sitting on top of the router, this seems to eventually degrade to low until finally the connection drops.Repairing' with XP repair facility doesn't work. I can forget about getting a connection if I move further away from the router. At the moment I'm relying on using an ethernet cable snaking across the dining room, which isn't really practical with a toddler and a dog racing around. Recently a friend put a bigger HD in and before this it was working fine, so I suspect that it may be due to this. I think it's due to the wirless card in the laptop, as I have a number of other devices in the house which all work fine.
View 4 Replies View Related