Cisco :: (Received Encrypted Packet With No Matching SA / Dropping)

Jun 24, 2011

Got to set up a site to site VPN to one in a clients office and we're struggling to get Phase 2 working, just seems to loop around saying "Received encrypted packet with no matching SA, dropping" which to me means the ACLs arent mirrored correctly?

View 3 Replies


ADVERTISEMENT

Cisco :: ASA Received Large Packet?

Jan 13, 2011

I've got a lot of these messages in my logs from SVC users:Code:

View 13 Replies View Related

Cisco :: Packet Didn't Received By Host

May 12, 2011

Problem Host A unable to reach Host B, trace route from Host A it reach to Router B but the packet unable reach to the Host B here the 1st level troubleshoot I did

1. Traceroute and ping success from router A to host B

2. Ping success from router B to host B success

I wonder the packet reach to router B but it didnt pass to Host B.

View 5 Replies View Related

Cisco Switching/Routing :: 2600 - Source IP Set To Public When Packet Received

Mar 27, 2012

We have Cisco IP phones behind a 2600 series router:Most of the time when the PBX receives a packet from the phone, the source IP of the packet is set to the public IP of the router (1.2.3.4) as expected. However, once in a while, we get packets (at the PBX) with the source IP set to the private IP of the phone (10.0.0.12).The router is configured by our provider, and they can't give us any explanation for this behaviour. Is it safe to assume that PAT is not configured properly at the router?

View 2 Replies View Related

Cisco :: ASA5540 - Run Firewall To Display MTU Packet Size Being Received On Interface?

Jul 5, 2012

I have a ASA5540 firewall set-up with an interface MTU of 1500.  
 
I suspect that we are receiving packets with a larger MTU but have not found an easy way of confirming this.  Any command that can be run on the firewall to display the MTU packet size being received on an interface?
 
We are also running Solar Winds so could query an OID if such a variable exists.

View 1 Replies View Related

Cisco Switching/Routing :: 4500 / Packet Received With Invalid Source MAC Address

Sep 3, 2012

Most of the 4500 Switches in our network are giving the similar error for so many ports
 
%C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 1 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on p  t Gi2/6 in vlan 100
 
Its impossible to do a wireshark packet tracing for all the ports. 

View 2 Replies View Related

Cisco Switching/Routing :: 4507 - Packet Received With Invalid Source MAC Address

Feb 14, 2012

Issue I am having with a Cisco 4507? Below is the error i am receiving.
  
Feb 14 10:06:09 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 508 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112
Feb 14 18:44:06 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 119 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112
Feb 15 00:51:06 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 366 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112

[Code]...

View 9 Replies View Related

Packet Dropping While Reaching Internet

Jul 19, 2012

Default route is pointed to firewall but still it is taking the path directly to the ISP from the router without going through firewall.

[code]....

View 3 Replies View Related

Cisco Firewall :: PIX 525 - Windows Server 2008 And PIX Packet Dropping?

Sep 6, 2011

I came across a situation where a client had an old PIX 525 running PIX 6.2.  There was a Windows 2008 R2 server running Exchange 2010 that was having trouble delivering email to a handful of email servers.  We then found out that we could telnet to these servers on port 25 but got no return traffic.  We then went back the old email server that was running Windows 2003 Server and could telnet to port 25 on these email servers and got a response, saw the banner and could issue commands.  The first thought was reverse DNS which we thoroughly checked and it was not.  I turned off the smtp fixup protocol and that didn't fix it either.  From workstations on the network running XP or Windows 7 or Linux you could telnet to these servers and you would get a response but just not with 2008 server.  I spent hours on the phone with Cisco support and it was determined that the packets were returning and we could capture the packets on the outside interface but they were then dropped by the firewall.  Using the 6.2 version of PIX we could not determine why the packets were being dropped.  I suggested upgrading to the next major version to be able to troubleshoot the issue further.  We then upgraded the PIX to version 7.0(8).  After the upgrade we were able to telnet to the problem mail servers from Windows 2008 Server and there were no issues. Is there a know issue with Windows 2008 Server and PIX 6.2? 

View 1 Replies View Related

Cisco :: CME Matching The Dial Peer?

Dec 7, 2012

I believe that the Cisco Unified Communications Manager Express matches the outbound VoIP dial peer digit-by-digit, because:

1. when using the debug command it shows how it works digit-by-digit till it match a pattern

2. It says in the study guide ( If a match is found, the router immediately processes the call - chapter 6) so I understand its not en bloc

View 3 Replies View Related

Cisco :: VOIP QoS Config Not Matching?

Aug 15, 2011

my config and all the show's ive run sofar tryign to figure this out, but the policy map isnt matching the traffic for some reason

View 9 Replies View Related

Cisco Firewall :: ASA 8.3 - NAT And Matching Global Statements?

Oct 3, 2012

I have a Cisco ASA running 8.2 in routed mode.The ASA has three interfaces, inside, outside and DMZ. They connect to the following three networks:
 
Inside: 10.1.1.0/24
Outside: 10.1.2.0/24
DMZ: 100.1.1.0/24
 
I have the following dynamic PAT configuration:
 
nat (inside) 1 10.1.1.0 255.255.255.0
global (outside) 100.1.1.1
 nat control is turned off.
 
By my understanding any traffic from the inside to outside interface will be PATted to 100.1.1.1. However, communications between inside and the DMZ will not be PATted, and should work with no problems.This seems to be corroborated by this document: [URL]Which states:"The adaptive security appliance translates an address when a NAT rule matches the traffic. If no NAT rule matches, processing for the packet continues."EDIT: I may have misunderstood the above statement.I found this guide to configuring NAT/PAT: [URL]It states:"When you specify a group of IP address(es) in a nat command, then you must perform NAT on that group of addresses when they access any lower or same security level interface; you must apply a global command with the same NAT ID on each interface, or use a static command. NAT is not required for that group when it accesses a higher security interface because to perform NAT from outside to inside you must create a separate nat command using the outside keyword. If you do apply outside NAT, then the NAT requirements preceding come into effect for that group of addresses when they access all higher security interfaces. Traffic identified by a static command is not affected."My problem is that packet tracer does not seem to bear me out. It tells me the packet is dropped due to "no matching global" when I source traffic from the inside interface and send it to the DMZ.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 Unable To See Matching ID Of 0

Sep 20, 2011

I have a command line from ASA 5505 like below :
 
nat (inside) 0 access-list NO_NAT
The problem is I cannot see any matching ID of 0 at the (outside) like :
nat (outside) 0  xxxxxxxxxxxxx

Another problem is there is also no any access list with the name of NO_NAT.

View 2 Replies View Related

Cisco :: ASA5400 Interface Speed Not Matching From Both Sides

Mar 29, 2012

i have firwall ASA5400, and the outside interface connected to internet router but i noticed that the interface speed in the outside interface is 1000M, but on the internet router is 115 M. so the interface in the router is highly utilized and also the firwall cpu highly utilized. [code]

View 0 Replies View Related

Cisco VPN :: ASA 5520 8.4.1 IPSec VPN No Matching Connection For ICMP

Jun 23, 2011

I am trying to set up remote access vpn on an asa 5520 running 8.4.1.  I have the ipsec group, policies, and ip pool set up.  When I try and connect with the cisco vpn client I see the following in the logs.  Deny icmp src outside:214.67.39.42 dst outside:24.252.51.73 (type 3, code 3) by access-group "acl_inbound".  Do I need to put in some firewall rules to allow this traffice so that the VPN can connect?

View 9 Replies View Related

Cisco WAN :: 2500 - No Matching Route To Delete Error

May 15, 2012

I am trying to remove a static route I added: [code]
 
I was practicing setting up static routing on three routers r2 (2600xm) connected to r1(2600xm) via T1 module cards on the serial ports. connected to r1 is an old 2500 router called PC.
 
I removed the static routes off r2 and PC but when I get to r2 which I am connecting to via console cable from another 2500 that I use for an access server I get the above error.  all the IPs are just generic subnets I created to play around with static routing. I

View 4 Replies View Related

Cisco VPN :: 2651 No Matching Crypto Map Entry For Remote Proxy

Jul 14, 2011

ASA is the server, 2651 is the client. Phase 1 is negotiating, after entering XAUTH on the 2651, the ASA is showing:
 
Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 10.250.2.0/255.255.255.0/0/0 local proxy 10.10.3.0/255.255.255.0/0/0 on interface Outside
 
Not sure what this means in this instance, the maps are setup the same as the article below. I guess I more expected that sort of error if this was a static tunnel and there was an ACL issue. I don't have a lot of knowledge on the Easy VPN with the ASA. [code]

View 1 Replies View Related

Cisco Firewall :: 5505 - Order Of NAT Not Matching Correct Line ASA 8.4

Aug 23, 2012

We are configuring a twice-nat to send traffic for scansafe, its on a asa5505 ve 8.4(3) on a remote location for the customes. The nat redirecion is working but we also have a VPN tunnel to the corporate network. Through the tunnel we need to reach a http server. The problem we are having is that when we add the scan-safe nat, all http traffic gets redirected to scansafe, includind the traffic to the http server on the corporate network.
 
 10.2.1.0 ---<ASA5505> ---Internet,scansafe ---- <Corporate> --- 10.1.1.0
 the http server is 10.1.1.75
the remote location network is 10.2.1.0/24

[Code].....

View 9 Replies View Related

Cisco Switching/Routing :: 6500 - Route-map Not Used / ACL Not Matching Traffic

Jan 12, 2012

I'm performing tests with following desired scenario: We have several remote offices, connected to our HQ via MPLS. In these remote offices, we have several vlan's. Each vlan has it's own ip-range. The MPLS cloud is routed, so we cannot switch our HQ vlan's to the remote offices. In this case, the client pc is in a guest vlan which allows him internet access. The uplink for this internet access is hosted in our HQ datacenter.
 
basic scheme:
client pc --> MPLS cloud (managed by ISP) --> 6500 switch LAN --> Checkpoint Firewall --> 6500 switch DMZ --> ASA Firewall
 
My test scheme:
Client pc is in a subnet A (guest vlan range office).
We receive this traffic on our first LAN 6500.

[Code].....

View 29 Replies View Related

Network Is Showing Up As Encrypted?

Sep 23, 2011

I reloaded XP on an old laptop I have, a Toshiba Satellite, and it works fine. Problem is when I try to connect to my wireless network, it comes up as being security protected...and it isn't...and never has been. I have other computers connecting just fine, but I can't seem to figure this one out. I don't have a key to enter as there isn't one! I installed a USB wireless adapter, and it works fine, but I don't want to use the adapter on the laptop.

View 6 Replies View Related

Cisco Switching/Routing :: 6509 Matching A Device To Bandwidth Consumption

Sep 18, 2012

My company is composed of three different campuses, all with a similar network topology. We currently are experiencing high bandwidth on our serial interface at one of the campuses in particular. The network is composed of about 20 VLANS routed internally using a Cisco 6509. Traffic to the outside is PAT’d by an ASA 5510 and then forwarded through our edge router interface. Each VLAN is PAT’d to a specific public address.Due to the PAT, how would you recommend determining what specific private addresses are consuming our resources on the serial interface. When I look at our NMS, it reports the public address, but that only narrows it down to a VLAN. For example, all the devices in VLAN 6 are translated to 146.34.118.245, and 146.34.11.245 is a top talker.

View 1 Replies View Related

Cisco Routers :: RV 220W - Create Matching Inbound And Outbound Rules

May 15, 2012

RV220W - I'm trying to create a one-to-one NAT connection to a PC on my network. I have 5 static IP's assigned by my ISP. I've gone through the step of 'registering' each IP in turn on the WAN port, and pinging that IP from an external device until it starts to respond, then I set the WAN IP back to the one I want to use to manage the device.
 
I think what I want to do is simple. I simply want to NAT ALL traffic hitting my 2nd IP address, let's call it 24.15.120.73 (not the real value) to 192.168.1.10 internally. I want ALL ports both UDP and TCP to be forwarded. This Server is then going to be one end of a VPN tunnel going to another site, but I don't want to complicate things with that for now. So I can't even seem to get one-to-one NAT working! I created the one-to-one NAT on the Advanced tab of the firewall and created rules for all ports for UDP and TCP, but I can still never 'see' the internal server from the Internet. Also, the server will not get out to the Internet (can't hit Google, etc).

View 2 Replies View Related

Cisco :: VPN Client Traffic Encrypted Check

Oct 12, 2012

How can we check when we connect using VPN client software if traffic is getting encrypted ?

View 7 Replies View Related

Cisco VPN :: ISR1921 PPTP VPN With Encrypted Password

Sep 19, 2011

I am actualy trying to make a remote access VPN between a ISR1921 and Windows 7 pro. I already managed to put a PPTP VPN with an authentication against our LDAP databse via radius. But our password are in SHA1 in our LDAP, so I had to let the password unencrypted on the network using pap and this is bad.If I don't use pap, it simply doesn't work since all the other method need unencrypted password for the challenge authentication.Does that mean that every remote access VPN keep our password unencrypted ? Maybe use EAP (but I can't find a howto or good documentation about it)? Can I add a certificate or something?

View 1 Replies View Related

Cisco Routers :: Encrypted GRE Tunnel With RIP On SRW527w?

May 13, 2012

Is it possible to configure an IPSEC GRE tunnel with RIP on an SRP527w? I see RIP, GRE & IPSEC are all possible.. But I'm not sure about them all together securing the GRE tunnel??
 
I basically want to do this with the SRW routers not native IOS. Single head end hub & spoke.

View 1 Replies View Related

Cisco VPN :: ASA 5505 - No Return Traffic Is Being Encrypted

May 26, 2012

I've configured an ASA5505 to be  Lan to Lan VPN tunnel endpoint, peering with a linux box.  The ASA is full licensed so that side isn't an issue.PROBLEM:When the tunnel is initialised from the linux box everything comes up okay except the ASA isn't encapsulation any packets.  It is decrypted the packets received from the Linux box okay but no return traffic is being encrypted.When the tunnel is initialised from the ASA, nothing happens.After some troubleshooting I've found that the ACL defining interesting traffic nor the ACL defining NO_NAT aren't being hit at all.
 
ACL for NO_NAT:
access-list NO_NAT line 1 remark ACL USED TO DEFINE WHAT TRAFFIC NOT TO NAT OVER THE VPN
access-list NO_NAT line 2 extended permit ip host PAMS_SERVER object-group LINUX-BOXES 0xc736d5fb
access-list NO_NAT line 2 extended permit ip host PAMS_SERVER 10.11.228.0 255.255.255.0 (hitcnt=0)

[code]....
 
I've checked with the administrator of the linux box and the definition for interesting traffic is exactly the same (except in reverse as should be the case).The firewall is doing other things like NATs and such like too but those NATs have nothing to do with this VPN.  The setup is a LAN to LAN connection with no natting in between.The main parts of the config are attached, i've deleted things that should have a bearing on this however if you think it necessary i can sanitise the config and re-post.  I think it will be working fine as long as the traffic hits those ACLs, however they're not and I'm unsure why.At this time i'm not seeing anything at all when doing an debug cry ipsec or debug cry isa.  The ACL's aren't being hit so i'm guessing it's not even trying to form the VPN as it can't see any traffic that constitutes being 'interesting'.

View 4 Replies View Related

Cisco VPN :: C6509E - Limitation For Encrypted Traffic

Sep 14, 2011

I have
MLS : C6509-E
SUP : VS-S720-10G
PFC : VS-F6K-PFC3CXL
 
I'm trying to find out what is its limitation for encrypted traffic via SVTI there .
 
I don't have a SPA for the ip sec .

View 2 Replies View Related

Linksys Wireless Router :: EA4500 - Current Password Not Matching

Jul 2, 2012

My router password is "55xxxxx"

But when I want to change the router password in CCC, it warns me "Current password is not match"

View 1 Replies View Related

WEP Cracking - Packets That Appeared Are Encrypted

Mar 13, 2012

How WEP cracking works. I have a much better understanding now but it seems whatever programs I download and however close I get I always hit a wall somewhere. I am using windows 7 64 bit and my network adapters/cards are Broadcom 802.11n Network Adapter and Broadcom Netlink(TM) Gigabit Ethernet. I am not sure if these are adequate. I was using Commlink and aircrack but not sure if they are compatible and which versions i should have installed. I got as far as the collecting packets stage but the packets that appeared said ENCRYPT which was not correct and then my computer went to blue screen adn shut down and I had to system restore.

View 1 Replies View Related

Motorola Surfboard Running Non-encrypted?

Mar 4, 2012

The only way we can use our Motorola router is unencrypted. I have gone into the router numerous times and reset it, unplugged it, retyped the WEP key, tried to shift to WPA and nothing works. None of three computers in the house will connect unless all encryption is off. We live in a good neighborhood on a cul de sac, don't get a lot of traffic through here, and know the immediate neighbors, but nothing is stopping a stranger with a laptop from sitting on the street and using our wifi. I've talked to the Comcast tech. The trouble just seems to be our boxes won't get past the WEP encryption stage.

View 8 Replies View Related

Wpa2 Encrypted Virtual Wifi On Xp

Aug 21, 2011

I have XP running on this older laptop for my kids.I wish to connect this laptop wireless (WPA2 encrypted) with the internet AND with other hardware in my home (other pc, harddisk, mediaplayer, printer).I know it can be done in windows 7, and Microsoft also had a virtual WiFi research project for a WEP encrypted visual WiFi.But as said I need a WPA2 encrypted virtual WiFi for a laptop running XP.

View 14 Replies View Related

AAA/Identity/Nac :: ACS 5.1 Handling Of Encrypted Backups (gpg)

May 24, 2010

I've noticed, that ACS 5.1 is writing .gpg archives for backups. I'm about to upgrade an evaluation system and the Installation and Upgrade Guide tells me to do a full backup and restore in order to upgrade an eval to a production system. [URL] (second note in section "Evaluating ACS 5.1)
 
Question: can the production system sucessfully decrypt the backup? According to my personal gpg it is CAST5 encrypted with one passphrase. Is this passphrase constant for all ACS 5.x?

View 1 Replies View Related

Cisco Security :: ACS 4.2 Any Option To Tackle Encrypted Password

Mar 28, 2011

Our campus using WisM (WS-SVC-WISM-1-K9) as wireless controller , Cisco  1130 access point and Cisco Secure ACS 4.2 Solution Engine 1113  Appliance as radius server. For username and password, ACS will export the data from Oracle database (production DB). The problem that we are facing right now is password that store in oracle database is in  encrypted format. Base feedback from our database administrator, the  encryption is done by oracle - application layer and cannot be decrypt  back. In Oracle they call it "Oracle Stored Procedures"
My questions :
 
1- Can Cisco Secure ACS 4.2 work with Oracle 10G or 11G?

2- Is there any option to tackle the encrypted password? Can ACS handle the "Oracle Stored Procedures" function?

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved