Cisco Firewall :: ASA 8.0 - Back Up VPN Pre-share Keys?
Apr 22, 2013
I have an old Pix(on ASA 8.0) having a lot VPNs with pre-share keys setup. And it has been too old to find out what those pre-share keys are on any documents. Now I need to replace this PIX with a new ASA. My question is how can I find out those pre-share keys, so I can setup same VPNs on the new firewall and make it plug-and-play. Any way I can export then import those VPN pre-share keys from the old PIX to the new ASA? Or export and import whole configuration, but hardware are different.
How can I setup same VPN pre-share keys as the that of the old Pix on the new ASA?
View 4 Replies
ADVERTISEMENT
Feb 10, 2013
ASA5510, Can't generate RSA keys, so can't SSH. [code]
View 2 Replies
View Related
Feb 9, 2012
I'm just wondering, is it possible to find out or recover the passwords for users and pre-shared key for tunnel-group? The VPN connection was confiigured on ASA5505 before me, but no login details were left.
View 3 Replies
View Related
Nov 25, 2012
I have a Cisco 8510msr that is connected back to back with a 7206vxr across a 155Meg connection.I receive lots of Output drops on the 7206vxr interface facing the atm switch. When I do the following command:-
kwdair9#sh atm int atm 1/0Interface ATM1/0:AAL enabled: AAL5 , Maximum VCs: 4096, Current VCCs: 27 Maximum Transmit Channels: 0Max. Datagram Size: 4528PLIM Type: SONET - 155000Kbps, TX clocking: LINECell-payload scrambling: ONsts-stream scrambling: ON797522 input, 881483 output, 203946630 IN fast, 223768062 OUT fast, 0 out dropVBR-NRT : 110288 Avail bw = 44712 <====
I only have 44megConfig. is ACTIVEkwdair9# I only get 44Meg of the available 155Meg.There is no QOS on the router and the only commands I can find that vaguely see that refer to QOS are on the ATM switch:-
atm address 47.0091.8100.0000.0007.0d87.b201.0007.0d87.b201.00atm router pnnino aesa embedded-number left-justifiednode 1 level 56 lowest redistribute atm-static?why this is acting like a DS3 link and not a 155Meg link?
View 4 Replies
View Related
Dec 4, 2011
What cable I need to connect two 2951 back to back through a HWIC-4T1/E1 card ?
View 1 Replies
View Related
Apr 11, 2013
I have two site that has a copper wire ( 2 wire) connection between each router ( No Telco in between ). Now I want to use 1921 router with HWIC-4SHDSL-E card to connect these two site together. Can I use attach configuration to make the connection reference from the diagram ?
View 1 Replies
View Related
Nov 25, 2011
I have 2650XM router and 2620 Router Both routers have built in WIC T1 CSU/DSU cards
2620Router --
2620Router#sh int se0/0
Serial0/0 is down, line protocol is down
Hardware is PQUICC with Fractional T1 CSU/DSU
Description: DTE side
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
[code]....
My question is that cisco website says there are two type of cable connections for this type of config --which are --T1 CSU/DSU ConfigurationSet one CSU/DSU to clock source internal, and the other CSU/DSU to clock source line. The linecode, framing, data-coding, and timeslots must be set the same on both CSU/DSUs.Four-Wire 56k CSU/DSU Configuration For my network connection which type of config i should use??Secondly i try to connect these ports by normal crossover cable it did not work.So for this type of connection i know i need T1 cross over cable-- which has RJ 48 connections at both sides.I check cable from ebay which is RJ45 RJ48 cross over -- will this cable work in my router to router connection.
View 5 Replies
View Related
Oct 19, 2012
I have 1 2611xm router and 1 2801 router. For my own lab purpose, i want to configure them back to back to support voice services. I don't know what configuration will be required at each end. in 2611xm, i have NM-2V and its also detecting the card, so i hope it will work ? also what commands i need to run on both ends .
View 1 Replies
View Related
Jan 8, 2013
I would like configure two router (e.g. 1921) back to back via a 2 pin copper wire. Can I use HWIC-4SHDSL-E card to do it? What is the configuration I can use?
View 7 Replies
View Related
Apr 14, 2013
I have two site that has a copper wire (2 wire) connection between each router ( No Telco in between )Now I want to use 1921 router with HWIC-4SH DSL-E card to connect these two ste together.Can I use attach configuration to make the connection reference from the diagram?
View 2 Replies
View Related
Feb 29, 2012
Just to get this clear as having issues with a E1 link with CRC's at one.Router A,Network-Clock-Participate WIC 1,Should router B have clock participate for WIC 1? We currently have controllers set as UNFRAMED but guess we can set to NO-CRC4 both ends and telco will pass this.
View 1 Replies
View Related
Jan 7, 2013
I'm looking for instructions on how to setup and connect two RV082 routers together with a crossover cable between their WAN ports. This is to connect two separate LANS together via an ethernet connection. For staging we are setting everything up with a crossover cable in our shop. Ultimately the crossover cable will be replaced by a microwave link between the two LANS several miles apart. There will be no internet connection.
View 7 Replies
View Related
Aug 28, 2012
securing a back-toback connection using E1.The connection is between two cities, using 2x CISCO 1841 router + VWIC-1MFT-E1 interface at each city.
The E1 connections has been provided by our local telco, and they are completely private. The customer is a bank, and they asking me if this is a secure connection or not. If possible, we need to guarantee that no body can get access to the bank network even if they brought E1 modem at one of the ends (telco PoP).
View 11 Replies
View Related
Apr 7, 2013
I searched a lot but couldnt find a clear document about connecting 2 G.SHDSL routers back to back.First of all I am not sure which type of cable (RJ11) is used for connecting two 878 routers. Does it have to be cross or straight cable.
Which RJ11 pairs will be connected each other [code]
According the configuration samples One router must be CPE and the other must be CO for simulating DSLAM.
View 2 Replies
View Related
Dec 15, 2011
I'm having some trouble getting two Cisco 888's to work correctly back to back.. The two routers will ultimately be used in conjunction with a BT EPS8 circuit which is effectively four wires short distance between customer sites. We have configured lots of these using the older Cisco 878's.
Anyway, as i've been struggling to get line sync on site I've gone back to basics and connected the two 888's back to back. However, I've found that no matter what I do I can only get the routers to sync at 384kbps!? And that's with a one meter RJ11-RJ11 cable.. Very strange. When we've used the 878's we get much more bandwidth. I have tried statically assigning the line rate at both ends but it still only works at 384kbps.
View 3 Replies
View Related
Sep 29, 2011
I have an 887, I'm having trouble wrapping my head around the ZBF. I would like to change it to the old style firewall, but using the CCP it says I must delete the ZBF policys first - fair enough, I deleted all the rules so the firewall looks blank, but it still doesn't want to let me change the firewall mode - saying I must remove all the policies first.
View 5 Replies
View Related
Mar 17, 2012
I downloaded a new image to my ASA 5510 and found out up on reboot that the ASA doesn't have enough memory so I am booting to the "ciscoasa" prompt with no config. I still have my old image in disk0:. How do I roll back to this old image?
View 1 Replies
View Related
Feb 27, 2011
I have asa 5505 with security plus license, I configured dual ISP with two different ISP provider. I followed below cisco document to configure dual ISP [URL] The Configuration works during the testing, while removing the primary ISP cable from firewall. The problem i am facing is my primary ISP is down but the gateway is still up and it not switch over to backup ISP. For SLA which IP should i monitor so once my primary ISP is down it will fallback to Secondary.
View 5 Replies
View Related
Feb 7, 2011
I have a sending application that it is establishing a TCPIP socket connection to a vlient that has a receiving application on another server (completely separate networks) The receiving end has a Cisco Router 1605R and has allowed my connection using this firewall rule
access-list 101 permit tcp host xx.xxx.xx.xx any eq 5600 log
(where the x are actually numbers corresponding to the senders IP address)
I can establish an outbound connection to the receiver and the connection shows up on the machine. After the connection is established I can send data and it is received by the receiving application (I observed this using a socket test application, data actually gets through the firewall) However I need to send an acknowledgment back on the same session to the sender. This cannot be transmitted and shortly after I try sending the connection is closed with error 10060.
View 8 Replies
View Related
Feb 19, 2013
I need to NAT a port range spanning from TCP and UDP 50,000 to 59,999 from inside global address 58.96.x.x on loopback2 to an inside local address of 192.168.5.5.Currently all the existing NAT translations are 1-to-1 that map inside global addresses on a wide span of Loopbacks and a Dialer Interface to inside local addresses on few subnets which are fine.I'm using an 1811 with an ADVIPSERVICESK9-M image, version 12.4(6)TS
View 1 Replies
View Related
May 26, 2013
I am setting up my lab using two 2901 routers which is running on 15.2 IOS.I am trying to simulate a back to back BRI.BRI Module: WIC-1B-S/T-V3 (x2) one of each router.
I followed this amazing document to understand the concept of BRI and configuration. url..but it never says if i can use the module that i have mentioned.
Q1. What cabling i need to use to setup back to back BRI using 2x 2901 routers with these modules?
Q2. What cabling do i need to use.
Q3. Is it actually possible to use these 2 modules alone to simulate a back to back BRI..?
View 6 Replies
View Related
Nov 28, 2012
I had a working active/passive pair of ASA5510's, and then I had to do a rush firmware upgrade, but didn't have time to do it on the secondary at the same time. Now I have made config changes and upgraded the secondary firmware to be the same, and wish to know if I plug it back in if it will think the secondary has the "correct" config or if it will know that the primary is newer. I disconnected the failover cable because it was complaining about version mismatches constantly.
Is it safe to add the secondary back in or is it possible it will be declared newer and overwrite the config?
View 6 Replies
View Related
Jun 20, 2012
I am setting up a network that will use the 1941 router with a cellular card (HWIC) to connect to the Internet for communication with remote stations in the field. The 1941 has a static IP address (166.142.xxx.yyy) on the Internet provided by the ISP (Verizon). The 1941 is connected via ethernet to the ASA5510. The end goal is to have the field cell routers (Digi Transport WR-44-R, also static IP) connect to the ASA5510 via VPN tunnels for communication back to the servers behind the firewall. I'm not sure exactly how to configure the 1941 so that the remote router can connect to the ASA using the public IP of the 1941 router. I have the 1941 working stand alone and can connect to the Internet and pass traffic, but I tried a static NAT to translate the public IP to the private IP of the ASA and cannot pass traffic. below is part of the 1941 configuration: [code]
Do I need to use VLAN bridging to accomplish the task or am I missing something with the NAT?
View 3 Replies
View Related
Jul 30, 2012
I have an ASA 5510, one public IP address on my outside interface, an internal email server and a private network.I would like...
1: Users on my private network to be able to access the internet (PAT them to external outside address)
2: Email to be delivered to my MX (my single public IP address translated back to my internal email server.
i.e. can I share my single public IP address to serve translation in both directions (private users surfing the Internet (in-to-out) and an outside to inside NAT for email) ?
Email (MX) = 1.2.3.4
Public (outside) address = 1.2.3.4
Email server internal = 10.1.2.3
Internal private subnet for users = 10.0.0.0/8
View 1 Replies
View Related
Oct 7, 2011
how IPSEC VPN works but i hit a stumbling block understanding symmetric encryption keys.Here is my understanding about the process
1.Peers will negotiate plocies
2.Authenticate using pre-shared or certificates
3.Exchange DH Public Keys
4.Using Public keys encrypt symmetric key and exchange the same key which will be useful for communication
5.maintain sessions
But when we are configuring we will define encryption keys in isakmp phase and ipsec transform set ,i thought we will use the same encryption key for both management and data communication in fact i thought management phase is to give us a securely exchanged encryption key for the data tunnel.But we can use 2 different encryption keys in 2 phase i am bit confused.
View 3 Replies
View Related
Feb 13, 2012
I need retriving the wireless key from WC 2504. I have a lot of clients connected to the WLAN and need to add another one but my notes/files got deleted. Is there a way to see the keys on the controller?
View 0 Replies
View Related
Apr 25, 2013
I have a Cisco 5540 that terminates one end of a L2L tunnel, the remote end is a Sonicwall TZ100. The tunnel is in place to carry voice traffic and I have a need to decrypt the traffic that's been captured in .cap file using Wireshark 1.8.5. How to go about getting the session keys from either device?
View 3 Replies
View Related
Jul 8, 2012
I can't access the internet. When searching I get message"turn on radio button".I have the Toshiba Satellite P775 and I use Win7 64bit. My router is doing fine, because I go online with my other laptop. Device Manager shows that everything is o.k. I have traced it down to the FN keys because they are not working. Therefore I can't press FN+F8 to turn on WiFi.There is no switch anywhere on this laptop. Have been working trying to resolve without success.How to enable (turn on) the FN Keys?
View 6 Replies
View Related
Aug 6, 2011
my samsung laptop is not connectiong to the internet wireless network . my other dell computer is working but samsung laptop says there ius no wireless connectivity.
View 2 Replies
View Related
Feb 25, 2011
how do you turn on wireless with the function keys
View 1 Replies
View Related
Oct 10, 2012
I'm able to build my tunnel but unable to RDP nor ICMP back to the internal network.
VPN Client IP: 192.168.200.200
INTERNAL IP: 172.17.130.200
my configuration is below:
HOME-ASAFW02(config)# wr t: Saved:ASA Version 8.4(4)!hostname HOME-ASAFW02domain-name hsd1.nj.comcast.netenable password ViPq56cvd3SGvB08 encryptedpasswd 8bcozHCAwCqA5BmN encryptednames!interface Ethernet0/0description OUTSIDE-Connectionswitchport access vlan 2switchport protected!interface Ethernet0/1description INSIDE-Connectionswitchport protectedspeed 100duplex full!interface Ethernet0/2description WiFi-LinkSYSswitchport access vlan 3switchport protected!interface Ethernet0/3shutdown!interface Ethernet0/4shutdown!interface Ethernet0/5shutdown!interface Ethernet0/6shutdown!interface Ethernet0/7shutdown!interface Vlan1description INTERNAL-Networknameif insidesecurity-level 100ip address 172.17.130.129 255.255.255.128!interface Vlan2description OUTSIDE-Link-to-ISPnameif
[code]....
View 12 Replies
View Related
Apr 18, 2013
Any info about the SSL performance for 2kb keys on ACE4710? There is only SSL performance for 1024b keys on ACE4710 (7500 SSL TPS) in the data sheet.
View 5 Replies
View Related
Feb 24, 2013
We just purchased a bunch of 3750s, and we need to do EIGRP stub routing and VRF routing
For the newer IOS versions (15+), will I need activation keys?
View 5 Replies
View Related