I would like to know if there is a possibility to create 2 Remote access VPNs for 2 ASA situated in different sites and using only one PCF file.Is set up a tunnel between the 2 ASA the only way to reach the 2 destinations with the same PCF file?
View 6 RepliesWe have a Main ASA 5520 and two remote site ASA 5505's that connect to each other via S2S VPN tunnels. Currently they are doing split tunneling, so only local traffic goes over the tunnel. We have are local LAN (10.0.0.0/16) and our DMZ (10.3.0.0/24) network at the main site. The DMZ hosts our external sharepoint, but we have access to it internally The problem is site A (10.1.0.0/24) and site B (10.2.0.0/24) have no idea of it, and when attempting to go to the site, it fails. You can access it via the external site address, but that's the only way. Normally the external address is blocked when you are internal.What i'm stuck at is even when we had all traffic sent from Site A to our main hub, it still wouldn't find it. Would i have to make a separate vpn tunnel purely for that DMZ traffic?
View 6 Replies View RelatedMY ISP installed one router in my lab.for internet connectivity they mail me steps :connect your Laptop directly to gi0/3 port to check internet connectivity with public ip 1.1.1.x and Gateway 1.1.1.1 with subnet mask 255.255.255.240 after connection I surprised because I am able to access only google sites like gmail,google search etc. but I am able to ping/traceroute all sites.from browser I am able to access only google sites only.In Router no firewall no such access list.
View 2 Replies View RelatedI'm looking to put together a solution for a customer that wants to "bridge" between their current office and a new office space they have rented. I know how to set up a site-to-site VPN between two sites with different private IP ranges. For example, site A is 192.168.1.0/24 and site B is 192.168.2.0/24. But is it possible to make both sites appear as a single IP block? This way, systems could be moved one by one without renumbering.I am guessing there might be a way to tunnel the layer 2 traffic and make it work, but I am concerned about broadcast services being broken. I am using non-cisco platforms so I am just looking for pointers on the protocols that might be used so I can do further research.
View 3 Replies View RelatedI have inherited a sbs 2008 network where they have a SBS2008 server and Server2008 running as a terminal sever at the main office and they have 2 satellite offices. These offices all connect through router to router vpn tunnels. The main site is on 10.0.0 and dhcp is done by the sbs. Satellite site a is on 10.0.10 and dhcp is done by the vpn router and Satellite site b is on 10.0.5 and dhcp is also done by the vpn router. All client computers can run rdp to access shares / programs etc on the two servers but when trying to push out group policy, antivirus updates or even using remote control through the SBS2008 server it is hit or miss. DHCP records on the SBS server do not seem to update correctly, manually changing the ip address in DNS records results in warnings that the PTR record cannot be created.
So I am wondering if the configuration they currently have setup is correct. What might be stopping some but not all computers from updating, why I can connect to some but not all computers at site "a" but I am not able to remotely connect to any computers at site "b".Why I can do remote installs of Eset Endpoint Security on roughly 10% of the clients but the other 90% fail.
I have been asked to setup wireless and we have purchased WLC 5508 and 1142 APs.We have several remote sites and a centralized WLC. The requirement are to have a common SSID (Corporate) advertised across all the remote sites and have that SSID locally switched, and have another two SSID Guest and Mobile tunneled back to the central site (WLC).I want all the wireless (Corporate) clients to use the same subnet as the wired clients at each remote site, the IP assigment will be done by a DHCP server at the central site. The Guest and Mobile users will use a common subnet each across all the site and this will also be handled by the DHCP server at the central site.
I have enabled H-REAP with Centralized Authentication and Local switching but I'm not sure about the second part which is to have a common SSID (Corporate) across the remote sites and localy switched whilst having the other two SSIDs tunneled back to the WLC. Cisco TAC told me to configure dynamic interfaces for each of the remote site but then he said I still wouldn't be able to switch the Corporate traffic localy if I use a different subnet to the wired subnet for the wireless clients.
I am installing 2 ASA 5505s at home offices with dynamic IPs. The EasyVPN server is a ASA585x. I am using the 5505s in NEM mode. I configured a unique DHCP scope on each 5505. I have a dynamic crpto map on the server. I configured unique tunnel groups, group policies and usernames for each site on the server. This seems to work fine. Is it normal to configure unique tunnel groups, group policies and usernames for each remote site?
View 2 Replies View RelatedWe have a Cisco 2921 router at the head office (Easy VPN Server) and been deploying Cisco 887VA (EasyVPN remote - Network Extension) for remote offices using EasyVPN. We are allowing Voice and Data traffic over VPN. Everything has been working great until this issue was discovered today:
When a remote user behind Cisco 887VA calls another remote user also behind Cisco 887VA, the call connects and Avaya IP phone rings but no voice in either direction.
Calls to/from head office and external mobiles/landlines are fine. Only calls between two remote sites are affected. As there is no need for DATA connection between Remote office, our only concern is Voice support.
I think "hair-pinning" of traffic over VPN interface is needed. (Examples configs etc).
I have got two 878 integrated services routers and I need to configure them as transparent bridges in order to connect 2 remote sites over ATM.
As I'm testing the topology, I configured two switches (representing the sites) at each end with a VTP domain. VTP works while the switches are connected directly with eachother, but it won't work with the bridges in the middle. [code]
I have been working with my ASA 5505 VPN Concentrator to maintain a connection with one of my remote sites. I have several tunnels that work fine and dont have any issues at all, but one tunnel with outside IP ending in 146 and inside LAN 192.168.3.0 goes down every 24 hours. Attached is the config from the concentrator. I changed around the Security Association Lifetime Settings and the tunnel would drop after that amount of time expired. If I set it to 24 hours, the tunnel would drop every 24 hours. If I set it to 8 hours it would go down every 8 hours.
I have swapped the router a few times, double and triple checked my key settings, disabled keep alives on both ends, and this problem just started happening a few weeks ago after working fine for years. I also get the following e-mail error every time it goes down:
<161>Jul 10 2011 16:19:47: %ASA-1-713900: Group = xxx.xxx.xxx.146, IP = xxx.xxx.xxx.146, construct_ipsec_delete(): No SPI to identify Phase 2 SA!
I'm dessigning a network and this is my scenario:
5 - Remote sites (no static IP there)
3 - Remote users (comercial)
1 - Central building (using static ip address)
Is it possible to establish a permanent vpn tunnel between each one of my remote sites to the main building, even if I have no static IP address in the remote sites?
Do you think that RV180 is the best choice to mannage vpn connection between remote sites and the central building securely and faster?
for example, there are 3 sites, A, B and C. A and B are 1.5 km apart and both are separate LAN(mixture of wireless and wired). C is 35 km apart from A and B. I have to connect A, B and C so that they can communicate with each other. Security is required.
View 8 Replies View RelatedI am going to hook my laptop directly up to my wireless router via ethernet. I will be showing them security, SSID, etc. My issue is when I put in my WAN and LAN settings. What exactly is the difference between a WAN address and a LAN address.I kept my Lan address that same as the router. 198.162.1.1.I create WAN addresses as 198.162.128.45 with subnet mask as 255.255.255.000 abut not sure what to put in for my gateway. Logic say 198.162.128. 1; however that doesn't work.I then configured my tcp/ip to reflect this. Although I can always access my router website, I cannot access any other web sites.
View 1 Replies View RelatedSo I had trouble connecting to some sites before like apple and such right? No big deal, just one site. Probably down. Then more and more.I got worried, then figured it was my ISP and went to neighbor to check. No. It wasn't. I ran home and checked my router, googled it before all my internet went down. I read something about UPNP being enabled and so after my internet was down, I went and checked, it was, disabled it.
View 1 Replies View RelatedI can't access my ad sites through my internet. I can access them through my phone internet and others are not having any problems going to them
View 3 Replies View Relatedaccess https sites from my PC? I cannot access these sites from IE 9 nor Firefox 6. I even disable firewall to try getting access to the secured websites but to no avail. But this problem recently cropped up when i upgraded my PC from XP to Windows 7.
View 11 Replies View RelatedOur office is running a DELL Poweredge server2 xeon processors16 GB memory5 RaiddrivesVM WARE with 3 virtual machinesOne of the VM's handles our DNS with is our main server second is an exchange server third is a sequal applicaioas of recent we have notice a few website sites we cant access (municipalities of which we access tax info) we need to visit on a regular basis. and it only seem to be just the 3 or 4 that are closest to us. Othe area communities we can access fine. All we get is a page cannont be displayed.The sites works outside our office or on our phones.[CODE]
View 5 Replies View RelatedI cannot access http sites unless I manually write the prefix https. The issue is mainly on Wordpress blog pages and I have to keep writing https if I want to access other blogger's page.For the time being I am using Chrome's extension "Https Enforcer" which slows down my browsing speed but eventually the sites open. I have to disable it if I have to use google images. I use windows 7, Chrome browser, Pocket Modem.
View 2 Replies View RelatedI am trying to block access to facebook and twitter on my router, to a certain range of ips, 192.168.1.8 - 254. I have been digging around and trying stuff but all I do seems to restrict everyone access to the internet.
View 5 Replies View RelatedI cannot access google sites or services in any browser, tried Chrome, IE and firefox.I'm running Windows XP SP3. I can ping Google without issue. My hosts file is clean and I checked in the registry to make sure that the hosts file is where it is supposed to be. I had trouble finding one that worked but I configured Chrome to use an external proxy and it seemed to work, abeit too slowly to really tell. I did manage to get a Nigerian google page up though.I've flushed the DNS and switched to the free google DNS.Looking around I've seen similar issues with people using Linksys routers. I am not using a Linksys router. I am currently using my android phone as a hotspot.I am running a Windows 7 laptop on the same network with no issues and booting the same host into Vista also works fine.
View 15 Replies View RelatedI manage to configure the firewall 5505 so that it can ping between outside and DMZ and also between DMZ and inside.
Outside and Inside are not accessible to each other because Outside No Forward to Inside.
My purpose now wants to access the shared folder by Windows Explorer ( under Network ) between for example DMZ and inside. I tried to do it but cannnot even see the Host of the other party network. For example, if I open Windows explorer at DMZ, I can't see the Host at Inside Network. Same as I open Windows Exploere at Inside, I can't see also the Host at DMZ network.
How am I configure so that I can access the hsot as well as shared folder of two sites which already can ping each other?
when my Linux VM is running!How's this for a mystery - last night I noticed that I could no longer access my gmail. Thought it might be down. This morning, I still couldn't access it. Thought I would try comcast, no joy either. Changed computers, no difference. Changed routers, no difference. Bought a new router and started plugging in network cables one at a time. My main machine first, everything works - http and https sites, a second computer, all good. The switch. Fine. Powerline. Still good. Then I plug in a Windows server running a Linux VM. Https sites on all the other machines stop working. Pause the Linux VM, restart router - https sites return to life. Went to Linux machine, re-enabled ipv6 (the only recent change on the Linux machine was to disable ipv6 since upon a reboot, Linux didn't have an ipv4 address). Restart Linux everything seems fine. A few hours go by, try to connect my wife's new laptop and at that moment wireless seems to stop. Restart router, wireless is back. But lo and behold, https is gone again. Unplug the machine that has the Linux VM, restart router, all is good.Ever see anything this weird?
View 3 Replies View RelatedOur secondary site accesses the internal intranet via a link, which is basically:
[URL] where externalip is the IP address of my router.
* This used to work fine before we migrated from ADSL (6mb up / 0.5mb down) to Fibre(70mb / 20mb) *
Internally, I access the same link, but via [URL] Internally it loads in 2 seconds, externally it is taking 68seconds(ish)..
I can't work it out, the fibre shouldave made things loads quicker but is infact very slow. I'm wondering if something network wise is going on.
The intranet is a php intranet sitting on apache, and using postgresql as the database. Other pages load fine, this specific index.php page does quite a lot of DB connections and so on, but as I say before, it worked fine before the migration.
i have a problem with some sites! i cant access to them ! some sites are hotmail, this one, and many other! the msg that i see every time is : There is a problem with this website's security certificate. The security certificate presented by this website has expired or is not yet valid.
[code]...
My bsnl wimax connection has stopped working on my laptop...IT WORKS ON MY FREINDS' LAPTOP. On my laptop (windows 7), in the taskbar, it shows connected and everything seems fine but i cant access any sites or download anything? Does this have to do with a bluetooth device i installed a few days back or some other issue.
View 3 Replies View RelatedEverytime i try to go to a site that uses a google server, i get the message "The server at www.google.com can't be found, because the DNS lookup failed. DNS is the web service that translates a website's name to its Internet address. This error is most often caused by having no connection to the Internet or a misconfigured network. It can also be caused by an unresponsive DNS server or a firewall preventing Google Chrome from accessing the network."
View 2 Replies View RelatedI'm looking to setup AnyConnect VPN with no split tunneling. ASA 5505 v8.2. It seems this should be really easy. I must be missing something.
I can get the AnyConnect users to connect fine and they can access sites internal and at other IPSec-tunneled sites. But no access to the internet.
Internal is 10.1.1.x, VPN pool is 10.1.1.251-253 (Temp list for testing). I issued the following tracer: packet-tracer input outside tcp 10.1.1.253 12345 69.147.125.65 80 detailed
The last reported point (where it fails) is:
Phase: 7
Type: WEBVPN-SVC
Subtype: in
[Code].....
I have restricted access to users using TCP/IP using cisco 1841 router in my organization.
I need to permit some sites for users which are part of work..
The issue here is I cannot ping to the site but able to browse to that site when having internet access, i have permitted range the entire range of that IP's but still no luck..
url...is the site which is not pinging from internet.I have also checked the source code for the root IP but still no luck.
I need to restrict access or rather, block altogether if i can, access of one of the computers on my local wireless network, to online multi-player gaming sites, in particular Age of Empires and Voobly.com, which also uses a messenger type program for them to chat.I've searched and searched online, but alas, have come up with nothing that i understand. I've tried doing the block ports thing, but am unsure if what i've been doing is right. I have blocked Voobly.com under domain and URL settings via the router admin page, but for some reason, it only seems to be denied on my computer. I even went so far as to register and download relevant programs to my computer, for Voobly, so i could see if the blocking worked. Seems it's only my computer that's blocked, i didn't specify ip or mac addresses.I am unable to get on the other computer as it's not mine, and it's also password locked. I don't know the password
View 1 Replies View RelatedI'm using my iPhone to write this, because any other site that's not google just ends up as a blank white screen!Internet connection is 5 bars, and I tried cable and changing DSN servers.
View 4 Replies View RelatedMy own sites were down & I can't view them on my computer now.This is the 2nd time this has happened to me with router WRT54G.Every time there's a problem with my hosting company & my sites go down, my router blocks them once the sites are back up & running.When I plug directly into the modem I can access them, but then I can't use my phone, etc.I've recycled & I keep trying to find how you save your settings on your router so I can do a cold reboot, but I can't find the instructions anywhere.Why does it keep doing this & how to save the settings & restore them.
View 2 Replies View RelatedUsing router above cannot access pandora, Sirius, etc. No sites/URLs blocked. All other sites -- except music related sites == ok.
View 1 Replies View RelatedI have 3 3560 switches which are configured with trunks between them. They run vlan 10, 11 & 12. I have a 'core' switch (switch 1) of these 3 to which an MPLS router is connected on vlan12. I in addition have another switch hanging off the 'core' switch via a routed link (switch 4). I have EIGRP configured as a stub and as such the IP address on the routed link at the core switch end is of a /24 from v lan 1 on the other switch. This makes the route directly connected and therefore distributed via EIGRP stubs. Switch 1 is then exchanging routes with the MPLS router (via EIGRP).
The problem I have is that from any sub net on any switch (switch 1, 2 or 3) I can ping 192.168.13.1 (switch 4). When I try and ping switch 4 from over the MPLS I am unable to. If I trace to the switch I see it reaches the outside of the MPLS router, but is then unresponsive. The same applies if I try to ping switch 1 on 192.168.13.2. Any of the other IP addresses of switch 1 respond.
The MPLS network is a managed solution to which I have no access. I'm told that the MPLS provider is able to ping switch 1 & switch 4 on the 192.168.13.x addresses from a remote router (192.168.32.2). I have tried from a switch on the same L2 sub net (192.168.32.1) and I don't get a response.
From switch 4 I am able to ping the switch on 1 of it's interfaces (192.168.19.1), but not the interface I mentioned above 192.168.32.1. There are no access lists in place on the switches and no firewalls between the sites.