Cisco Firewall :: Terminate L2L VPN On ASA Logical Address?

Jun 14, 2011

I currently terminate my L2L VPN sessions on the "OUTSIDE" interface via the actual IP address assigned to that interface. Can I assign the OUTSIDE interface a second address (VIP, Logical, Virtual etc.) and then terminate my L2L VPN sessions on that second address?

View 3 Replies


Cisco Firewall :: ASA5585-X Get One Logical Firewall With Doubled Performance

Dec 19, 2011

I am interesting how ASA 5585-X with SSP-60 operates in dual firewall mode, if I install two SSP-60 modules in chassi, do I get one logical firewall with doubled performance of (SSP-60) ?

View 1 Replies View Related

Cisco Firewall :: ASA 8.4 / Nat Internal IPs With A Logical IP?

Feb 17, 2013

I have a query on natting on 8.4 ASA. We are going to configure IPsec tunnel with our client. Our client has provided a single ip( which would be the source at his end. Is it possible to Nat my end network( with logical ip ( which is not configured anywhere.

here are details.
my end internal network(inside) : (
logical ip to be natted my internal ip:  (
Client end network : (

View 5 Replies View Related

Cisco Firewall :: 5520 Recreate Logical Interfaces For Each Physical Interface

Nov 29, 2012

We have to enable FIPS 140-2 on our ASA5520's for all our IPSEC VPN connections.   We currently have failover on our 5520's. I found a lot of information out there but some seems to conflict one another.What are the things I need to look out for - caveats? Does the clients that connect to the VPN had to use different clients once the FIPS was enabled.Do we need to recreate logical interfaces for each physical interface we have?

View 1 Replies View Related

Cisco Firewall :: Terminate Vpn Session On Asa 5510?

Apr 5, 2011

How to terminate a vpn session on the asa 5510, when u issue the command sh vpn-sessiondb remote?

View 1 Replies View Related

Cisco Firewall :: Terminate SIP Connection On ASA 5505?

Apr 15, 2013

I have a SIP trunk in my Florida office connected to a Cisco 2851 ISR. I'm using Unified Communications Manager 8.0 and life is great.
We just opened a new office in Spain and now the fun begins.  We created a site-to-site VPN tunnel using ASA 5510 in Florida and ASA 5505 in Spain. We can register IP Commuicator phones in Spain but when they make calls it shows up as a Florida call. We need it to show up as a Spain call.
We are thinking to get a SIP trunk into the Spain office but I only have a ASA 5505 over there. Can I terminate a SIP connection to it? Is this the best option? If not, what is the recommened setup?

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Terminate Second ISP Link On One Of DMZ Interface?

Jun 20, 2011

On our ASA 5510 we already have one ISP link terminated on outside interface. There is correspoinding nat and global configured for outbound access to internet.
Now we need to terminate second ISP link on one of the DMZ interface to have redundancy for the primary ISP. 
When primary ISP link or router is down we need to send all the traffic to secondary ISP router.  How do we configure NAT and global for this condition that only when primary is down then only this NAT -Global should be used.  Do we have anything like object tracking associated with the NAT-global.
So that as long as Primary  RTR - object is up ASA will use the first NAT-Global pair. When primary ISP is down RTR-Object is not reachable then ASA will perform the second NAT-Global operation.
Also can we have default route pointing to Outside interface (primary ISP router) and in case of primary router failure it will point to secondary ISP. Do we have "track"  in the static route commands on ASA.

View 2 Replies View Related

Cisco Firewall :: 5510 / Dual ISP / Terminate Two Internet Links?

Aug 4, 2012

I have a 5510 with me. I want to terminate two Internet links on that. The primary Internet Leased Line to access my DC network using Site-to-Site VPN, and the secondary ADSL connection to access my other location network via VPN and and for web browsing. How can I achieve these goals.

View 1 Replies View Related

Cisco Firewall :: 1921-SEC / Terminate Each IPSec Connection In Separated Zone

Apr 26, 2011

We are using a CISCO1921-SEC Router. On the "WAN" side we have 1 public IP Adress assigned by DHCP. At the moment we are using the WAN Interface with a crypto-map as endpoint of some IPSec connections. We set up a zone-based-firewall with "WAN" and "LAN" zone. In this setup all IPSec Endpoints are on one Interface - connections to the "LAN" zone can be managed by rulesets. What about connections between IPSec connections and the zone "self".We like to terminate each IPSec connection in a separated zone. How can this be configured ?Each one on a "tunnel inetface" with "tunnel source ..." binding ?

View 4 Replies View Related

Cisco Firewall :: 5510 Security Plus To Terminate Client VPN Access For External Support Team

Aug 7, 2012

I have a customer that wants to purchase an ASA 5510 security plus to terminate client VPN access for an external support team. The customer claims to want URL content filtering/proxy which leads me to suggest a CSC SSM 20 plus module. But upon further conversation, he mentioned wanting IPS. In this case, the customer does not seem to know the difference between the URL content filter/proxy and the IPS and uses both terms interchangably.
1. What would you suggest in your expert opinion would be the best module to get for this customer? IPS or CSC
2. If I go with the CSC module, where can I find good documentation on how to configure it and get it up to date?
3. does the CSC module provide any web proxy functionality?

View 3 Replies View Related

Cisco Firewall :: Terminate Point To Point Link Between 3750 And 6506?

May 20, 2012

I all we are going to terminate point to point link between 3750 and 6506. 
on 6506
 int gi1/45
no switchport access
ip address 192.X.0.x
no shut
Does this config correct as i am configuring between stack switch and 6506

View 1 Replies View Related

Cisco :: ASA Monitoring Logical Interfaces

May 12, 2011

Does any know why the ASA will monitor physical interfaces by default, but monitoring of logical interfaces is disabled by default? Or better yet, is anybody doing a monitor-interface for a subint without issue? I'd imagine it isn't enabled by default for a reason.

View 2 Replies View Related

Logical Interface Approach

Oct 8, 2012

I have a node with one physical wireless interface and I need it to offer AP service to other nodes, connect to an existed AP, and connect to other nodes in ad hoc mode. If I create 3 logical wireless interfaces of that interface and configure each one respectively to the modes above, would this work? do they use the same MAC address or each needs to be configured a different one?

View 2 Replies View Related

Cisco LAN :: Two Logical Switches Within One Catalyst 3560

May 20, 2012

I have purchased two catalyst 3560 switches (with 24 interfaces) on Ebay to prepare for ccnp switch exam. It would be great if I have 4 switches. Is it any possibillity to create two logical switches from one? I mean, not by assigning interfaces to different vlans?

View 1 Replies View Related

Cisco Routers :: SRP527W - Logical Link Not Picking Up

Dec 27, 2011

I recently bought 2 SRP527W for  customer and i am trying to install them.  I have updated the firmware to the latest version.
Problem: It can detect BTs business ADSL but the Logical Link is not picking up.  I have checked and rechecked the setting with BT but no joy.  the original BT router works.

View 19 Replies View Related

Cisco WAN :: 2650xm / 2811 - Hierarchical QOS Over Two Logical Connection?

Nov 16, 2011

We have two logical connection which are connected via  1 physical Ethernet interface to 2 routers in central sites. Both connections are 2 Mb/s. How can i classify the output traffic in order to shape both direction to 2-2 Mb/s.
There are not suitable "match" command!!! ??The branch routers are 2650xm and 2811.

View 4 Replies View Related

Cisco Switching/Routing :: Logical SE/SVI Connection Between Brocade MLX And 4503

Jan 11, 2012

I am installing a connection between Brocade MLX and Cisco 4503 using SE and SVI's. Below is the config for each. Am I missing anything like MTU Ignore or something along that nature?
*** Cisco 4503 (v15.01) Config ***
name EOC_Gi1/2


View 3 Replies View Related

Cisco Switching/Routing :: Catalyst 2960 Logical Link Control

Feb 16, 2013

I have 2 devices which need to communicate through Logical Link Control.  Each device functions like this: they have a built in network switch that allows their internal components to communicate with TCP/IP which is then encapsulated inside LLC frames and sent out a special port.  The LLC frames from each device all come from a single source MAC address and are broadcast out the network.  The receiving deivce receives the LLC frames, unencapsulates the data and uses it directly.
Using it this way through a single 2960 (such that device 1 is connected to fa0/2 and device 2 is connected to fa0/23) with its own dedicated VLAN and no other traffic on the switch (all other ports shutdown), the two devices are unable to "connect".  Using a SPAN session, I can clearly see them exchanging LLC frames, but if I connect my computer to the internal device switch and try to ping the other device through the LLC encapsulated link, I get anywhere from a 25% to 100% loss with response times between 2ms and 15ms.
When I connect the special ports of each device together directly with a straight through cat-5e cable, they can connect and I can successfully ping through the link with sub-millisecond response times.  The same goes if I connect them through an old unmanaged Linksys switch.  I have toggled everything on the 2960 I can think of, including STP, CDP, LLDP, storm control, keepalives, IGMP snooping, management interface VLAN1, and QoS.  In general, the more of those that I turned off, the faster the ping responses became, but nothing seems to stop the data loss.

View 1 Replies View Related

Cisco WAN :: Stack WS-C3750E-48TD With WS-C3750G-12S Together To Create Single Logical Switch

Oct 31, 2012

I was wondering if I can stack WS-C3750E-48TD with WS-C3750G-12S together to created a single logical switch.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 To Have Internal Address That Wish To Forward From External Address

Jul 8, 2012

I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did.

View 7 Replies View Related

Cisco VPN :: How To Use ASA 5510 To Terminate A LAN To LAN IPsec VPN

Aug 6, 2012

We have an ASA 5510 running 8.3 that we need to use to terminate a LAN to LAN IPSEC VPN.
Problem is we only have one public address available so have had to configure the link between the ASA and the Internet Router on private addresses.
Is it possible to NAT the public address to the inside or outside interface of the ASA and terminate the VPN on that interface?

View 7 Replies View Related

Cisco WAN :: Terminate IP Sec VPN Tunnel On ASR 1002 Router?

Mar 28, 2012

I want to terminate the IP Sec VPN tunnel on the Cisco ASR 1002 router, but it shouldn't have be bedirectional traffic to the other end., and it should be answer only, We don't run tunnle over GRE (no IPSec profile), just IPSec only. I found there is a command "crypto map *** client configuration address respond" but it looks it is global command and we have lots of VPN terminated on the Cisco ASR 1002 router, How can we configure the "Answer Only" for only one specific VPN tunnel and it won't impact the others?

View 2 Replies View Related

Cisco Application :: ACE 4710 SSL Terminate Not Working

Jul 1, 2011

I configured cisco ace 4710 with ssl-proxy and it is not working,url..When i put the output is: "There is a problem with this website's security certificate", so i click in "Continue to this website (not recommended)" and the ace dont balance the output show error "Internet Explorer cannot display the webpage". [code]

View 2 Replies View Related

Cisco VPN :: 8.4.2 - How To Have Outside Interface Terminate SSL AnyConnect Client

Dec 24, 2011

I am having an issue I need to have the outside interface terminate a ssl AnyConnect Client.  I have several groups the will login and I need multiple inside interfaces to satisfy my security needs.
I have one group call ombudsman-mhdd and they need to go out interface g0/1.231 and another group called oet-router go out g0/1.232.This works on my 8.2 box but I am having trouble routing traffic out these interfaces. 
interface GigabitEthernet0/0
description trunk mplsfe-hub g1/10 - - null
nameif outside
security-level 0
ip address


View 3 Replies View Related

Cisco WAN :: 3945E - Terminate A 1Gbps Ethernet

Nov 15, 2011

I'm looking to use a Cisco 3945E to terminate a 1Gbps Ethernet internet connection and I want to know the realistic throughput that I can expect. The router will only be configured with BGP with partial routes. No firewall or QoS will be configured.

View 8 Replies View Related

Cisco VPN :: 5520 Terminate Remote Access VPN Connection

Aug 6, 2012

I Have asa 5520 terminate the remote access VPN Connection,when successfully  connect to my corporate Network and try to copy a file(30MB) from the share to my PC ,it takes around 2 Hours or it disconnect.what is the speed of the vpn client once y connected to the corporate over the Internet ?at my home i have 512 ADSL while at my corporate we have 155Mbps Internet speed.

View 1 Replies View Related

Cisco WAN :: Terminate New 10M Link Via Ethernet Interface On 1841 Router?

Dec 19, 2010

We want to terminate new 10M link via Ethernet interface on Cisco 1841 router. We have free Gig port on the router. We also have HWIC-FE module inserted in the router. However, our implementation team said that Cisco 1841 doesn't support 10M link. It is not designed to cater to such high Bandwidth.

View 14 Replies View Related

Terminate Split Cat 5 For Data And Voice At Patch Panel End?

May 24, 2011

How do i terminate a split cat5 for data and voice at the patch panel end?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Doesn't Purge User Sessions When VPNs Terminate

Feb 2, 2012

we use an asa5520 like vpn termination point, asa uses acs5.3 for authentication purpose, and all seems to work properly,but acs5.3 doesn't purge user sessions when vpns terminate; I can see many user "logged-in" into menu System Administration --> Users --> Purge User Sessions; this is a problem, because we have configured max session per user how can avoid this problem? is there any new configuration to implement into asa?
we need to configure max session per user, but there is only a global option applyed to all can we configure user accounting? we need to know how long a user is connected via vpn session.

View 1 Replies View Related

Cisco Switching/Routing :: 3560CG Switch Terminate On Internet Modem

Feb 4, 2013

I am facing with Cisco 3560CG Switch. We have a Cisco WS-C3560CG-8PC-S (Cisco Catalyst 3560-C Switch, 8 GE PoE, 2 dual-purpose uplinks, IP Base image) switch which will be a core switch and the internet link from the ISP is terminated on a Modem. The ISP configured the internet modem and provided the details such as Gateway IP, Subnet Mask, DNS IP address, Usable IP Address Block,  to configure the switch, where ew have connacted the Modem. When, I verified the details, there were only 4 IP addresses available under Usable IP address block. Spoke with the ISP and they confirmed that they cannot increase the IP Addresses (some limitation on the Modem) in the pool and we have to do NATing at the switching (Which we can't do, because of IP Base image limitation). About the network, it will be a flat network with only one VLAN which is used for Wireless Guest Access.

View 1 Replies View Related

Linksys Wireless Router :: WRT160N - Application Requested Runtime To Terminate In Usual Way

Feb 3, 2013

I have a WRT160N that I used just once after purchase (my ISP gave me a wireless router). I could not remember the PW, so I reset. (The computer saw the old router name but I had no PW)When I run the software (CD that came with the product says 150N), it get to "configuring computer" and stops there.I tried downloading the software, but when I try to run it says "Application requested runtime to terminate in an usual way."When I go to the 192. URl and try to login using a bank user name and 'admin," it jsut keep bringing up the password box.

View 2 Replies View Related

Terminate CAT6 Home Runs With Male RJ45 Or Female Keystone Jack?

Jul 8, 2013

I'm going to be running CAT6 throughout my house (once I figure out all the paths and buy the cable) with the home runs going to a patch panel in the basement.

I've been wondering if I should terminate each cable with a male RJ45 end and use a patch panel with RJ45 female-female keystone couplers or; terminate each cable with a female RJ45 keystone jack and snap it into a keystone patch panel.

I'm just wondering if there are any pros and cons to each, each method seems to be exactly the same, just buying different pieces.

View 19 Replies View Related

Linksys Wireless Router :: E4200 Version 1 - Terminate PPPoE On Really High Speed Connection

Jan 17, 2013

Used an E4200 version 1 to terminate PPPoE on a really high speed connection? By that I'm talking say 400Mb or higher.

View 9 Replies View Related

Copyrights 2005-15, All rights reserved