Cisco Firewall :: ASA 5510 Tunnel - Replicate Data Between Two Locations

Oct 3, 2012

I am not a ASA expert but I have configured them few times. I have a vision of a task I have to complete but not sure if it is practical or how to go about doing it.
We two locations, Location A and Location B. Both locations have a 100MB internet conection. Location A has a ASA 5510. Location B has a 5505. Users at both locations access the internet via their respective ASA. Location A is the headquarters and Location B is a disaster recovery site. We want to setup a tunnel between both ASAs. This tunnel will be used to replicate data between the two locations for DR purposes. We need the users to still use the same pipe to get to the internet but want to allocate 10MB for internet use and the remaining 90MB for the DR tunnel.

View 30 Replies


Cisco Firewall :: 5510 - VPN Tunnel Between Two Locations

May 23, 2011

Firewall ASA5510. I'm planning to get one of ASA5510 for our office in order to secure our network properly, however we have quite specific routing configuration to allow us failover to the remote location (data center) in case of any disaster with our server. I'd like to find out if I can just install firewall between our ISP Ruter and internet and allow traffic to/from Data Centre. In this situation will I have to change routing configuration on Company Router or do I have to do anything with our Company Router

View 1 Replies View Related

Cisco Routers :: WRVS4400N - VPN Tunnel Between 2 Locations

Dec 17, 2011

I have establlished VPN tunnle between 2 locations
I can ping accros and access server resources on both LANs The problem is that from one location I can not access Internet
I can not ping by IP,when I do tracert it just reaches default gateway of this locations from other location(office) no problem

View 1 Replies View Related

Cisco Routers :: RV042 - VPN Tunnel Between Two Remote Locations

Jun 27, 2012

I have configured a VPN tunnel between two remote locations using static IP addresses on two RV042 routers. The tunnel seems to work but the problem is that when the two hosts attempt to ping each other only one can successfully ping. One PC with IP address can ping across the network but the second PC with IP address cannot. These are laptops seperate from the intranet used to test the tunnel. Someone had suggested NAT may be the issue so I enabled NAT Transverse on the routers but still no luck. The following is the results from a ping test.

PC 1
Pinging with 32 bytes of data:
Reply from bytes=32 time=116ms TTL=63
[Code] ......

View 1 Replies View Related

Cisco Routers :: WRVS4400N VPN Tunnel Between 2 Physical Locations

Dec 7, 2011

I have 2 WRVS4400N's installed in our network, one at each end of a VPN tunnel between 2 physical locations.  I continue to have issues with the VPN to "Stay" connected, even after purchasing another new WRVS4400N 4 months ago.  I can reboot both routers, and the VPN connects with no problem, but hangs up after a few hours / days (no pattern). 
I am taking a hard look at the issue now, as about 1 month ago, the newest router "automatically" reset it itself back to factory settings (thus interrupting nearly everything in our network).  After contacting support, we reset the router and re-configured it to our environment.  It is plugged into a surge protected UPS (yep, I thought maybe a power issue caused the problem, but it's not).  Then about 1 week ago, the other/older (9 month old) router lost it's configuration.  again, reset it and all works.  Including the VPN, but the VPN still works as it did before connects for a while, but then drops and generally I need to reboot the router to get it connected again (clicking on the Connect on either router doesn't work until after a reboot).
Also, in light of the recent "lost configurations", I turned on logging and now I'm getting TONS of emails of log activity, even when the network is idle (no users, no background jobs running). 
after rebooting and no inter activity, I get this kind of log, all night long (to me it generally looks like the VPN connection resets and increments by 1... I'm taking a guess that the increment hits a limit someplace and I lose my VPN).[code]

View 6 Replies View Related

Cisco Firewall :: Cat 6500 FWSM System Space Does Not Replicate Part Of Configuration

Jun 11, 2012

I have FWSM failover pair, Active/Active configuration, admin and another 4 context, few context active on first FWSM, other on second FWSM.I needed to add  VLANs 51 and 52 to FWSMI created VLANs on both Cat6500, created firewall vlan-group 3 a and put "firewall module1 vlan-group 3" on both cat6500Then I log in in system space on primary FWSM and created interface VLAN.Created VLANs automatically occured in system space on  Secondary FWSM.Then I wanted allocate VLAN 51 and 52 to context XY, so I went to part of configuration for context XY and "allocate-interface Vlan51" and  "allocate-interface Vlan52".

View 1 Replies View Related

Cisco Firewall :: ASA 5510 And Having Two Outside Interfaces For Voice And Data

Feb 13, 2012

I have a question regarding firewall configurations. Is it possible to have two interfaces ( for two internet service providers) one for voice and one for data. Can I have two Outside Interfaces that one will apply to a pppoe client group and the other will apply to a static IP? Is this possible and if so What would be the steps on applying this connection? Also to note I have a point to point connection already established for the pppoe. I also have another point to point connection for data, but however I do not know how to apply this to the firewall.

View 3 Replies View Related

Cisco VPN :: ASA 5510 / Vpn Goes Down Intermittently For One Or More Locations

Mar 22, 2011

We are facing a major issue of VPN tunnel going down very often. I have 7 Site-2-Site VPN connectivity, this works fine for some days and suddently VPN tunnel goes down intermettenly for one or few locations and i need to clear isakmp sa for that speicific tunnel to come up.When tunnel goes down the vpn phase 1 status.....
6   IKE Peer:
    Type    : L2L             Role    : initiator
    Rekey   : yes             State   : MM_ACTIVE_REKEY
7   IKE Peer:
    Type    : L2L             Role    : responder
    Rekey   : no              State   : MM_REKEY_DONE_H2
After clearing phase 1 for specific tunnel the VPN tunnel come up.
7   IKE Peer:    Type    : L2L             Role    : responder    Rekey   : no              State   : MM_ACTIVE
 CINBLR01-SQDR-FIREWALL-00002# sh version
 Cisco Adaptive Security Appliance Software Version 8.0(4)Device Manager Version 6.1(5)
 Compiled on Thu 07-Aug-08 20:53 by buildersSystem image file is "disk0:/asa804-k8.bin"Config file at boot was "startup-config"
 CINBLR01-SQDR-FIREWALL-00002 up 1 day 17 hours
 Hardware:   ASA5510-K8, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHzInternal ATA Compact Flash, 256MBBIOS Flash M50FW080 @ 0xffe00000, 1024KB


This platform has an ASA 5510 Security Plus license.

View 7 Replies View Related

Cisco Firewall :: How To Configure 4GE SSM Or ASA 5510 Internal Data Ports

Feb 4, 2013

I have inherited an asa 5510 whit 4GE SSM module installed. The asa runs fine, but i can not use the 4GE SSM ports. Using  ASDM or console i can get and configure the gigabitethernet1/x ports but i can not get traffic on it. The ping from the console to the ip address of the Gigabitethernet1/0 is successful. On switches or hubs connected to those ports i can not see the port's mac address. The two Internal-data0/0 and Internal-data1/0 are down and i can get they up. How to configure 4GE SSM or ASA internal-data ports.

View 8 Replies View Related

Cisco VPN :: Setting Up Two Separate 5510 At Two Different Locations

Nov 1, 2011

I'm setting up two separate 5510's at two seperate locations. The client wants two seperate SSL-VPN's; one for the HQ and one for the COLO location. They have a single domain for which I have added a-records to point to the corrosponding ASA's thusly: [code]
My questions is this: do i need to buy seperate certificates for each ASA/fqdn/IP combo? I'm using godaddy to buy the certs. If I do need to buy seperate certs, that makes the installation easier, but may waste $$. If I only need to buy one cert, how do I set it up so that both combo's are verified?

View 2 Replies View Related

Cisco Firewall :: ASA 5510 - Data Center Move / IP Address Change

Nov 4, 2012

We will be moving to a new data center in the very near future and with them our WAN IP addresses will be changing. Any best course of action for changing the IP addresses throughout the firewall configuration? Would it be possible/suggested to export the running-config, make the neccessary changes, then import the config? I am familiar with the ASA 5510 only so far as changes are required. It is not something I work with on a regular basis.

View 5 Replies View Related

Cisco Firewall :: ASA 5510 - VPN Is Up But Network Traffic / Data Transfer Is Not Happening

May 2, 2013

we have ASA 5510 Configured. this is regarding site-to-site VPN.

View 1 Replies View Related

Cisco Firewall :: VPN Tunnel Between 5510 And Rv042?

Nov 27, 2012

I don't know if this is in the right section, but I cannot set up a vpn tunnel between an asa 5510 and a cisco rv042 router. I believe the problem is because i need to set up a nat exempt rule on the rv042 route but don't know how.

View 1 Replies View Related

Cisco Firewall :: 5510 / L2L Tunnel Keeps Dropping?

May 15, 2013

I have our main site using a Cisco 5510 running 8.4.2 code and a remote site using a Cisco 5505 running 8.4.2 code.  The main site has a T1 and the remote site is using a DSL connection.  About every other day I have to reset the connection at the remote site.  The process that I have found that works is to remove the nat statement, clear the cry ips sa and then add back the  nat statement.  The connection usually comes back up and a few minutes.  I am trying to see what is causing this to drop.

View 5 Replies View Related

Cisco Firewall :: ASA 5510 - Vpn Tunnel Not Working From One End

May 9, 2013

I have an ASA 5510 and I am building a site-to-site vpn tunnel, peer on the other end is a sonicwall. I can initiate the tunnel from my end, but when he tries from his end it fails on phase 2 with this error in the logs:
"Rejecting IPSec tunnel: no matching crypto map entry for remote proxy"
Obviously our crypto map's don't match, i have it restricted to specific ports on my end and he had it wide open on his end, but said he is not sure how to restrict it down to specific ports. My question is why would I be able to bring the tunnel up on my end if the crypto map's don't match and he can't bring it up?

View 5 Replies View Related

Cisco Firewall :: VPN Tunnel Not Working From One End ASA 5510

Dec 5, 2012

I have an ASA 5510 and I am building a site-to-site vpn tunnel, peer on the other end is a sonicwall. I can initiate the tunnel from my end, but when he tries from his end it fails on phase 2 with this error in the logs:
"Rejecting IPSec tunnel: no matching crypto map entry for remote proxy"
Obviously our crypto map's don't match, i have it restricted to specific ports on my end and he had it wide open on his end, but said he is not sure how to restrict it down to specific ports. My question is why would I be able to bring the tunnel up on my end if the crypto map's don't match and he can't bring it up?

View 1 Replies View Related

Cisco Firewall :: IPSec Tunnel On Sub-interface On ASA 5510?

Jun 11, 2012

I working on a security solution using ASA firewall. Is it possible to setup a IPSec tunnels  on each subinterface of a physical interface on ASA 5510?

View 3 Replies View Related

Cisco VPN :: Unstable Connectivity In C870 Vs Firewall ASA 5510 Tunnel

Oct 24, 2012

I have a dynamic VPN site to site between a Firewall ASA 5510 with ASA version 8.2(1) (firewall ASA have a Static IP and a C870 ISR (the ISR have a dynamic IP). The tunnel and the conectivity in both sides is successfull, however each time that occurs a interface restart because the Internet link is unstable in ISR side the VPN tunnel does not going to UP STATE again
These are the ISR logs listed when VPN going to DOWN
*Mar 10 13:58:45.157: %LINK-3-UPDOWN: Interface ATM0, changed state to down
*Mar 10 13:58:46.157: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to down


View 2 Replies View Related

Cisco Firewall :: No ASDM SSH Access To Inside Int Across L2L Tunnel In Asa 5510

Jul 19, 2011

So I've run into a problem on my ASA5510, post-upgrade I can no longer connect to the inside interface from across our L2L VPN. I've tried both ASDM and SSH and the connections fail. I see in the logs that the attempt is being made, but it will eventually time out. There have been no problems with this type of connection with any previous upgrades, just this particular upgrade, I went from 8.4(1) to 8.4(2). I don't see much in the release notes or anything in a pre/post config diff that jumps out as a cause to this behavior. The only thing I did see in the release notes "CSCtg50770 Mngt-access (ASDM,SSH) to inside intf of 5580 fails over RA VPN session" which sounds like it could be my problem, but that was in the "Fixed in 8.4(2)" section and says it's for a 5580, maybe the fix for the 5580 broke it on a 5510??? I hope not and that I'm simply missing some new setting that I need to enable for this type of connection as this device is in a remote office.

View 2 Replies View Related

Cisco Firewall :: 5510 RADIUS Based AAA For Remote Access Tunnel Groups

Nov 22, 2011

How would I go about configuring RADIUS based AAA for remote access VPN users?  I have an OSX RADIUS server and an ASA 5510
(I want to keep console and SSH using LOCAL, so I keep this: "aaa authentication ssh console LOCAL", right?)What does the rest of the config look like to get RADIUS based AAA for remote access VPN users?

View 4 Replies View Related

Cisco Firewall :: ASA 5515-X Route With Branch Locations?

Apr 17, 2013

We installed a new ASA 5515 about a month ago for the corporate office we also have 40 branch locations that feedback VOIP, camera, and Citrix to the corp location.  Each of the branch locations have a separate DSL connection with a local provider and all of them are dynamic IP addresses. 
The problem I have is that I cannot figure out a access rule to make the voip traffic work 100% of the time what ends up happening is five or six random locations change IP address's every day and I could not figure out how to create a access rule for that so I create a static route with that dynamic IP and then it will change a week or so later.  That's a horrible security risk and a lot of manual work.

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Allow Only One Host Access To VPN Site To Site Tunnel

May 28, 2012

I have a ASA 5510 that has multiple site to site VPNs. I need to create an additiona site to site VPN but only allow 1 host to access and traverse the tunnel. The network is on a 192.168.5.x but the host that will need to access this tunnel needs to be on a 172.16.33.x network. I dont want any other traffic allowed to access or traverse the VPN tunnel for this host.  How can I set this up?

View 33 Replies View Related

Cisco :: Find MPLS Tunnel Data Counters In Routers?

Mar 12, 2013

i am new to MPLS on cisco routers. For our interoperability testing i need MPLS tunnel counters output ( data sent out and data received.). i am not able to find this information in cisco user guide. As per standard it is defined in MIB table mplsTunnelPerfTable of stdte.mib.

View 7 Replies View Related

Cisco Routers :: RVS4000 Freezes When Pushing Data Through VPN Tunnel

Jul 26, 2011

My RVS4000 router freezes up when a lot of data is being pushed through the Ipsec tunnel. Let me explain in detail.
On physical location A, I have an RVS4000 router (with IP which is permanently connected with a WRVS4400 router (with IP on physical location B. The Ipsec tunnel has been configured using the Easy Setup Wizard of Cisco and has been working fine and stable for months. Both routers have another Ipsec tunnel with another WRVS4400 router (with IP on physical location C, but this router does not play a role in the problem below.Recently, I’m trying to set up a remote backup service between physical location A and B using “rsync”, which uses port 873. Due to the Ipsec/VPN tunnel, I could configure rsync to move the backup files from our NAS on location A (NAS has IP directly to location B (NAS has IP Both NAS-devices are of the brand Synology (DS211J). The Ipsec tunnel guarantees that the data is coded and thus secure.
However, when pushing the first batch of data, I noticed that the router on the receiving end (RVS4000) freezes up after approx. 1,5h after the batch has started, which is after approx. 1 gigabyte of data has been transmitted. The connection with the WAN is lost, also the VPN-tunnel is not working, I cannot ping the device or reach its configuration pages (on, the only option is unplugging it and letting it reboot. I’m thinking the router cannot deal with the huge amount of data that needs to be decoded. I tried 5/6 times, with always the same result (timing / amount of data pushed through before router freezes varies slightly).

View 11 Replies View Related

Cisco Routers :: RVL200 IPSEC Channel All Or Some Data Traffic Through Tunnel

Jan 2, 2013

Is it at all possible to channel all/some data traffic through an established ipsec tunneled connection using the RVL200? I have successfully established an ipsec connection through RVL200 and RV042 routers and are able to connect to servers/computers behind it.Now I want to channel all or some traffic through the ipsec-tunnel for computers that reside on subnet of RVL200 network.
Main office - RV042 router -
Remote office - RVL200 router -
I am trying to use the Advanced Routing option to add static routes but I am not 100% sure if I am configuring the routes correctly.To give an example of routing DNS requests for HOTMAIL.COM []: [code]For some reason this does not appear to work. I have also tried using the interface setting of WAN and tested - this also does not work.

View 10 Replies View Related

Cisco Wireless :: WLC5508 With 6.0 Software - How To Replicate All Configuration

Sep 15, 2012

I have WLC 5508 with 6.0 software  and kept in main office and 10 sites are connected . I created Group and hreap for the sites AP.Now customer wants the secondary WLC to keep on one another site. And the customer is asking all the configuration like ap group and all should come to secondary wlc automatically . In future also if he create any new group in primary it should come in secondary wlc.And if primary goes down the secondary should controll all the sites and when comes up primary should taken care.Active standbye mode.

View 10 Replies View Related

Cisco WAN :: 4948 Trying To Replicate Config For Qnq Layer3 Interface

Apr 9, 2013

I am replacing a 7204 router with a 4948 and am having trouble trying to replicate the config for the qnq Layer3 interface.A bit of background - I am a service provider where  I have an interconnect with the carrier, who pass off WAN links to me as a standard VLAN Ids.  Some of these VLANs however I can do QnQ.
This works fine - but I can get the second-dot1q 50 command working properly

View 14 Replies View Related

Cisco VPN :: 5510 - L2L VPN Not Passing Data Packets

Apr 17, 2012

I have a 5510 that has 2 site to site vpn's that aren't working.  Phase 1 and 2 are up, but no data packets are being sent.  This just started randomly 2 days ago after working for weeks. 

View 6 Replies View Related

Cisco VPN :: VPN IKEv1 Data Transfer With ASA 5510

Dec 2, 2012

just upgraded my ASA5510 from IOS 8.25 to 8.42Everything is running fine apart from one VPN between ASA5510 and cisco 887V router.The VPN session is up but no data traffic is being passed through The tunnel although this VPN was working fine with old IOS. The tunnel is up but no data is passing through IKEV1 session.

protected vrf: (none)   local  ident (addr/mask/prot/port): (   remote ident (addr/mask/prot/port): (   current_peer xxxxxx port 500     PERMIT, flags={origin_is_acl,}    #pkts encaps: 0, #pkts encrypt: 0, #pkts [Code]...

View 1 Replies View Related

Cisco VPN :: 5510 - How To Create ASA / VPN Tunnel

Jun 11, 2013

We currently run dual ASA 5510's in A/S config on our main campus. We would like to create a VPN tunnel to a branch campus. Trying to decide between a 5505/5510/5512x, We would like to extend many of the capabilities of our network to the branch campus which will be 20-50 users on a 50mb/10mb internet connection.
Domain login
System Center workstation management
Cisco WCS
Shoretel voip
(Cisco NAC?)
Several different VLANs for wireless guest, student traffic, staff traffic, voip traffic, etc. Which device would be best and should we get the security plus license with it?

View 4 Replies View Related

Cisco VPN :: 5510 - Get A Tunnel Established?

May 2, 2012

I have two 5510's that I am trying to get a tunnel established. One has an exsistinig tunnel to a 5505 that works but I cant get the next one to get past the first phase. I have sanitized the attached configs

View 5 Replies View Related

Cisco VPN :: 5510 VPN Tunnel Looks Up But No Ping

May 30, 2012

I had a pix that had two working tunnels going to one 5510 and one 5520. Today the VPN tunnel to our 5520 stopped working but if I do sh cry isa sa both tunnels have QM_IDLE as the state. (both ends) I tried to debug crypto isakmp 255 but all I get is PEER_REAPER_TIMER and no other output on the pix side.

View 20 Replies View Related

Cisco VPN :: ASA 5510 / VPN Tunnel Drops Due To Inactivity?

Dec 12, 2011

I am using a Cisco ASA 5510. Our tunnels always drop due to inactivity, which is a security issue I understand, and it only takes some "interesting traffic" to bring it back up. My problem is that it looks like the interesting traffic has to originate from my side of the tunnel, when our clients send traffic and the tunnel is down due to inactivity it does not come back up. Is there a setting that I am overlooking that will make it come back up no matter who sends traffic? Or, is there a way to make it stay up through inactivity?

View 4 Replies View Related

Copyrights 2005-15, All rights reserved