Cisco :: Firewall That Doesn't Require A Shared Layer - Two Domain For Clustering?
Feb 21, 2012Any vendors that offer a firewall that doesn't require a shared layer-two domain for clustering?
View 4 RepliesAny vendors that offer a firewall that doesn't require a shared layer-two domain for clustering?
View 4 RepliesI have a work PC Behind a domain which can connect to my home network no problems. I have a Homegroup set up at home that has a printer connected and shared to one of my PC's. All PC's behind the HomeGroup (or sharing the same homegroup name) can print to the printer no issue.
How can I set it up to where the Domain PC can print to the HomeGroup Printer?
If you look at the data sheet for the 5512-X the High Availability section states "Not Supported; ActiveActive or ActiveStandby" while the ASA 5515-X states "ActiveActive or ActiveStandby". What does "Not Supported" mean for the ASA 5512-X? Does this mean HA does not work, or that I need to purchase an additional license to use the HA feature?
[URL]
I have a small office with about 20 people. I currently have a T1 line which feeds a Cisco ASA 5505. I would like to replace the T1 line with two (2) ADSL lines. I need a dual WAN switch/load balancer. I researched a bit and found that Cisco RV042 will probably work for me even though I don't need another VPN and would have to disable it.
My question: Is there anothe device from Cisco or others which will give me the dual WAN and load balancing but not the VPN piece. My assumption is that it would be a less expensive device if such an animal exists.
Our previous wireless router (Netgear Rangemax wpn802) died yesterday so I went out and bought a Western Digital My Net N900. The issue is that now anyone using the wireless signal can't connect to a shared network folder that they were previously able to connect to using the old router.
I'm not able to log into the old router to see any of its settings. I do have access to the server that has the shared folder - I just don't have any idea what needs to be set in order for the N900 to allow me through to the shared folder - whether it's on the router side or the server side.
[code]...
I have a E3000 with a USB hard drive plugged into it. It works perfectly as a shared storage drive from all my computers. But as a Media Server it is not working. I purchased a Sony SMP-N200 Steaming Media Server that found all the PCs in the house and can stream music and photos fine. It does not see the shared USB drive connected to the E3000. Sony's web site says it uses DLNA to find and stream music and photos. It says Windows 7 is one example of DLNA When I go to DLNA.org and check to see what routers are DLNA compliant, it says the Cisco E4200 and E4200v2 is. Is Cisco going to make a firmeware upgrade to include DLNA for the E3000?
View 6 Replies View RelatedI reset the wap610N,after establishing connection, my iphone see my network domain but does not connect. I heard of dual band setting,how do i go about that. What must i do to establish connection with the iphone.
View 4 Replies View RelatedI have a question with regard to setting up the ID firewall on the ASA 5585 in a single forest, multiple domain windows network.Currently I have a semi-operational IDF at the top level but can't find users on the lower other domains, here is the setup:I have 3 domains.
[URL]
Both domains have a two way parent-child trust and I can look for users in AD Users/Computer on both domains. I initially setup the ASA to look at domain1.test.com using an LDAP aaa-server per the IDF instructions, and then proceeded to configure the ad-agent. I installed the adagent on the domain1.test.com domain controller configured the settings on that system and had no problem adding users to the firewall and getting functionality within domain1. I looked to see if I could see domain 2 and domain 3 users and found none. I went ahead and added the domain2 system to the adagent on the DC and the system says that it is up, but when I search for users is not pulling them from domain2. Instead, it shows domain1 users as domain2user1. I also configured another adserver in the ASA to search ldap on domain 2 to no avail.The cisco documentation states the following:•Before you configure even a single domain controller machine using the adacfg dc create command, ensure that the AD Agent machine is first joined to a domain (for example, domain J) that has a trust relationship with each and every domain (for example, domain D[i]) that it will monitor for user authentications (through the domain controller machines that you will be configuring on the AD Agent machine). Single Forest, Multiple Domains—All the domains in a single forest already have an inherent two-way trust relationship with each other. Thus, the AD Agent must first be joined to one of the domains, J, in this forest, with this domain J not necessarily being identical to any of the domains D[i] corresponding to the domain controller machines. Because of the inherent trust relationship between domain J and each of the domains D[i], there is no need to explicitly configure any trust relationships.Reading that it sounds like it should just work. I had everything properly configured before I installed the adagent, but I'm guessing that there is a chance that you can't have the adagent on the top level DC and get to communicate with the lower level domains.
I have a lot of reading to go through but so far everything I have found is for web server clustering.
View 10 Replies View RelatedI want to setup VLAN with the switches SG300 and SLM2024. What is the suggestion to connect these 2 switches. We have the Juniper net screen.
View 1 Replies View RelatedNeed to know if ASA 5520 does Layer 7 firewall or not?
View 2 Replies View RelatedI have a question if I Stack a Catalyst 3750 L3 with a Catalyst just L2, will we able to use all L3 capabilities?
Switches are
WS-C3750G-24TS-E1U
WS-C3750V2-24PS-S
We have got 3 Cisco APs 541N with firmware version 9.2.2 and want to set up the cluster function for those APs.Here is the problem:Before enabling the cluster you can ping all three APs located in the same local network with a delay of 1ms or below.If the cluster is enabled the pings for one AP rise above 200 ms in a random way (see attached file).Moreover users connected to that AP are more likely to lose the connection or experience delay.Do the APs communicate through LAN or WLAN ?
View 3 Replies View RelatedI have configured two AP541N in a cluster, but only VAP0, is listed as clustered. None of the VAPs seems to be clustered. What can I configure to get all SSIDs clustered?Product Identifier:AP541N-E-K9Hardware Version:V01Software Version:AP541N-K9-2.0(4)
View 22 Replies View RelatedI'm looking to deploy a 2504 controller and some AP1142s but would like to provide the client with an alternative, lower initial-cost option in my proposal. I've been researching the AP541N access points but several areas of their implementation seem unclear to me.
Clustering: For the clustering feature is it necessary for the network to have other SBCS components (500 series platforms)? All of their other features are either unapplicable to or already implemented in the network in question; if I have to add another appliance I would rather go the LWAPP route and use a true WLC.
What are the cababilities of clustering? Can I implement some form of wireless resilience by spacing APs closer together than necessary and they will lower transmit dBm and intelligently respond to attempt to cover a new cell where an AP has gone down?
What about roaming? I believe Cisco advertises this as part of a small business voice solution. A client roaming between two access points in the same mobility group (cluster?) on a wireless voip phone should be able to keep connection, as it's analogus to some critical UDP communications that are going to take place on the clients.
I recently changed jobs and at the new location we are primarily running Catalyst 2960G series switches with the exception of one 3750. All of the switches are setup in a cluster with the 3750 being the cluster master. My question is what is the benefit of switch clustering? The entire network seems to be a bit over engineered for the our needs and I am hoping to scale it back a bit. For example, the the network was setup with VOIP QoS when there were no plans to even use VOIP. Also what procedures would I want to follow to disable the cluster to avoid any major outages? Assuming there is no real need for a cluster.
View 1 Replies View RelatedShared licensing of ASA?I have 2 ASA 5585 in cluster and I have to Implement SSL / VPN license My question:Since I have a cluster in 8.3 version, can I use only one license VPN / SSL for two, without necessarily implement the Shared Server licenses and participant.
View 4 Replies View RelatedI have a situation where we have a single DMZ server currently statically forwarded to a single public IP. TCP ports 80, 443, 8080, 8500, 53, and 21 are open to this server via an access list.
However, we have added an additional server to the DMZ, and because our web developers did not communicate with me beforehand, we are forced to use the same DNS name (thus, the same piblic IP) for this server. This server only needs traffic on TCP/8800 forwarded to it.
I am using ASDM 6.4 for configuration of this, as I am required to take multiple screen shots of the procedure for our change control policy.
My question lies in the reconfiguration of NAT/ PAT. Since our current server has a single static NAT to a single public IP, it is simply natted for "any" port. I understand that I can add the new server as an object, and only PAT it on TCP 8800, but will I then have to go back and reconfigure the first server multiple times for PAT, or will the ASA notice the specific PAT, and forward 8800 to the new server without affecting the existing "old" server?
It appears ASDM will not allow me to put multiple ports into a single network object. I am assuming I will need to add 6 separate object translations for the "old" server based on TCP port, and 1 object translation for the "new" server, correct?
What does a firewall block at the transport layer?
View 1 Replies View RelatedWe have a situation where we need to encrypt the traffic on a Layer 2 V LAN. We have a Cisco Switch on each side but the fiber it runs over is leased and encryption (AES256 minimum) is required on a leased line. We have 2 ASA5505s that we could use on each side. Not sure what would be the best setup for this scenario (Site to Site). Or is there something better than using 2 ASAs on each side?
View 14 Replies View Relateduse of a pair of ASA 5585's in active/active mode with a shared outside interface.Last time I did this was with FWSM, there was a restriction where all contexts that share an outside interface have to be in the same failover group.Does this apply also to the ASA? My thought is that it will, but I am unable to find that in any documentation.
View 1 Replies View RelatedI have attached a pdf of an example of a FWSM configuration with shared interfaces. Now what I dont get is (please refer to the link) url...Is there any difference between the natting that they have done on page B-4 on Context A.as opposed to configuring a static NAT for processing traffic to correct context nat(inside,outside) 209.165.201.0 10.1.2.0.The other question is on page B-2 (diagram) Context A has a customer A network linked to the inside interface. Is it possible to put a default route towards that "Network 2" cloud and restrict traffic from the 6509 switch towards the context A?
View 5 Replies View RelatedCisco 3750 with IP Service Image 12.2.55, Trying to enable Web Authentication on Layer 3 interface:
!
ip auth-proxy name bp_auth_proxy http inactivity-time 60
!
interface GigabitEthernet1/0/5
no switchport
ip address 192.168.1.27 255.255.255.0
ip access-group 101 in
i am using Cisco ASA5510 Firewall on my network at the distrubution Layer . The Private IP Address is in the network for Users and PAT is use.I have a client who has configured the RDP on port2000. when the Users behind the Firewall in my Network tried RDP it does not work it shows configuring remote Desktop only. i am able to telnet the Client said server with port 2000 but unable RDP.Is any changes required on my firewall as a tesult the RDP works.
View 8 Replies View RelatedDo the cisco 4503 switches support virtual clustering feature ? I have a requirement where switch ports on two different 4503 switches need to combined in the same Link aggregation group . This is needed because the firewall notes say that the aggregated interfaces need to be conected to a single switch and combined in the same LAG . So according to the diagram below , the interfaces marked RED need to be in the same LAG in the switches , same for the interfaces marked BLUE . I have done the same setup using Juniper switches where it uses VIRTUAL CLUSTERING to group the different switch ports in the same LAG.
View 2 Replies View RelatedConnecting ASA 5520 to two Catalyst 3560G layer 3 switches. What's the best practice to connect the asa-5520 at the edge, to the core of my network? What I'm looking to do is connect two routed gigabit ports (gi0/2 and gi03) to two seperate layer 3 routed ports on catalyst 3560G. I'm wondering how to do it, or if there's any type of failover method? I'm running EIGRP in the network and the link to the first core switch has a /30 point to point connection. Everything works fine, I'm just not sure how to connect the second switch to the firewall. Should I use the a different /30 for the point to point connection to csw02 gi0/48? (See attachment) How would this affect traffic flowing through this interface? Would I have to duplicate rules I have on my inside (gi0/2) interface? Is there a way to make the inside2 interface standby some how? I want to know the best way to set this up, so in the event csw01 goes down I don't loose internet. Will EIGRP work it's magic and only use 1 path to the ASA? Should I even be using routed interfaces on the ASA and just use trunked mode?Running ASA 8.4?
View 1 Replies View RelatedI am trying to get layer 7 application protocol to work in a simple test setup, I need to get this working to filter roommate traffric . Simple configuration with two interface(inside and outside). With layer application configured, everything works fine, but when applied layer 7 it does not block the web site i want... URL filter and parameter map don't work either...
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(24)T1, RELEASE SOFTWARE (fc3)
parameter-map type urlfilter URL-FILTERaudit-trail onparameter-map type regex humoronpattern [Hh][Uu][Mm][Oo][Rr][Oo][Nn][.][Cc][Oo][Mm]
parameter-map type regex LAPOSTE1pattern LAPOSTE.NET(code)
I am currently authenticating wireless clients using PEAP User Authentication through a Cisco Wireless LAN Controller and Cisco ACS 4.2, which points to a Microsoft Active Directory external database. This does not keep users from configuring thier personal devices with thier Active Directory login information and connecting to the corporate wireless network. I can setup a client to use a certificate, machine authentication and user authentication, but I havent been able to REQUIRE the certificate and or machine authentication to authenticate to my wireless network.
>I now have the Windows External Database Configuration, ACS External Database setup with Enable PEAP Machine Authentication and Enable machine access restrictions. With the client configuration set to use Computer Authentication, it passes the authentication through ACS (and AD), but the client can also be configured for User Authentication and also pass authenticaiton. Is there a way to only require Computer Authentication through a Cisco WLCCisco ACS?
RACK 1 is the old rack and NEW RACK is the rack which is going to be procurred for some new Servers. All the Servers in the RACK 1 has a default gateway as PIX Inside IP. As of now the 3560 Switches acts as Layer 2 and does not have L3 IP routing enabled. How can I enable conenctivity between 192.168.36.0 range and 192.168.57.0 range wihtout making any change to current PIX inside IP address 192.168.57.1?Is it possible that I can enable IP routing on the 3560 Switches , create interface VLAN 36 and since already Switch 2 has it 's default gateway as 192.168.57.1 , Would the traffic from 192.168.36.0 be routed to 192.168.57.1 ? Or do I need to create static route for that ?Since L3 Routing is not enabled and since the 3560 Switches are just acting as L2 , the VLAN 2 - 192.168.57.0 range does not have any interface VLAN configured. When it is changed I would need to create interface VLAN 2 on 3560 Switches?
View 18 Replies View Relateddata centre hosted system with 4 servers connected to a CISCO ASA5505, everything was working fine with 4x windows server 2003 machines but since pulling 2 out and replacing them with windows server 2008 machines i get a flood of the error below and it blocks communications back to the IP listed which is the domain controller so naturally this makes the 2 new servers unusable.
1: they are all connected to the inside VLAN directly via the ASA's switch ports.
2: the are all in the same 255.255.255.0 subnet including the ASA inside interface
3: removing the gateway on the affected machines makes no difference the ASA continues to block it which indicates whether or not the machines use the asa as a gateway its inspecting the traffic and blocking. [code]
I would like to setup three Aironet 2602I-A-K9 WAP in my office. Being new to Cisco WiFi, it appeared that I HAVE to have a WiFi Controller to make this work. Is that a requirement that requires me to also purchase a WIFI controller?
View 4 Replies View RelatedRemove PPPoe settings on Vista. I uninstalled the att software but the pppoe settings remain and my computer says my network is unidentified and will only allow local connection. My XP computer had no problem making the change but the Vista one keeps saying it is an unidentified network. I have tried turning everything off and then restarting the cable and then the computer but it does not work. I have a wireless adapter and can connect the Vista machine to the network with no problem but need a wired connection for games I play so I need to fix the wired problem. I am sure the settings the ATT software changed is the problem but I don't know how to get into the system to fix the problem. There is no router involved. The router is built into the cable modem.
View 5 Replies View RelatedI have a switch layer 6500 series connected to a firewall, the port configuration between them is layer 2, in another words I do not configure an IP address in the Cisco switch port to conected it in the firewall, but when a apply a policy on firewall it lose communication with others vlans, just the vlan that is connected between the switch and firewall works, attachment the design. I think that is necessary to configure the connection between the firewall and switch as layer 3 ( a port with IP address in the switch), but I would like to know why? The switch is configured with about 10 vlan and it is a inter vlan routing, a default route is configured in the switch where the gateway is the firewall.
View 5 Replies View Related