We have just purchased a license L-PL-GW-100MAX-3= Protect Link Gateway: Unlimited Web + 100 Max Email Seats,3YR. I found that it does not include IPS license. I cannot find anywhere where I can purchase an IPS license for SA540 gateway. It seems to be available only as a bundled product when purchasing the hardware.
View 1 RepliesIs Anyconnect supported for SA540 I have installed in on my android phone however I keep getting error "Unable to process data received from secure gateway" when trying to connect. If anyconnect is supported on SA540 how do I get it working?
View 1 Replies View RelatedWe have a Cisco SA540. It has been an extremely reliable UTM router. Other than SSL VPN not working for Mac OSX, we are very pleased with the unit.We have a 3 year contract for IPS, a 3 year contract for Trend Micro Protectlink Web, and a 3 year contract for Small Business Support Service for the unit.Right now we are trying to setup the VIP functionality but it is not going very well. To sum it up in a few words, we cannot get the SA540 to prompt the SSL VPN users to enter the 6-digit access code.
We setup an account at Verisign and requested a trial for VIP. They promptly setup the trial account. Getting everything setup was a breeze. The Verisign website is very well documented. They even had specific instructions for Cisco SA500 Series routers!!! We were very impressed with Verisign's implemenation. We are able to get our SA540 to talk to Verisign (basically, when we activate or deactivate an SSL VPN VIP user in the SA540 web GUI, you can immediately see it enabling or disabling the user on the Verisign website... it is very cool).Unfortunately no matter what we do, we cannot get the SA540 to prompt the SSL VPN user to enter the one time 6-digit code. In this case, we are using Verisign's iPhone app called 'VIP Access'.
I called into the SBSC and talked to a guy. I felt really bad for him. He used WebEx to log into my desktop and I showed, and explained, to him how all of it worked (setting up VIP in the SA540 web GUI, as well as, and the Verisign website). He had no clue about Verisign, VIP, or the two-factor authentacation concept at all. I told him that he needed to escalate my case to the SA500 Series team, but of course he had to try. He was supposed to call me back yesterday or today. I am sure he is dreading calling me back as he probably still has no clue.
How to use the VIP functionality? Or how it works and set it up? We would like to at least get it to work before our 30-day trial period is up. I have a distinct feeling that the functionality used to work, but Cisco hasn't kept up the firmware with all the latest back-end API calls to Verisign or something similar.
We require UPnP (mainly for an in-house built FTP Server app that uses UPnP to dynamically open/close ports for Passive FTP mode) and have found it's implementation in the SA540 is unreliable. Sometimes UPnP works after a reboot, sometimes it doesn't. When it does work after a reboot it will eventually stop working. Going into the web GUI and turning UPnP off and back on always fixes for a while.
Is this a known issue with the SA500 Series routers? We had an RV220W deployed first, but it's UPnP implementation was even more unreliable. That said, it seems that the latest Beta firmware version for the RV220W has fixed the issue. Could it be that the same fix needs to be applied to the SA540?I was planning on opening a cause with the CSBC at some point like I did with the RV220W, but I'd rather not spent the time doing so if the this is a known issue.
Installing a SSL certificate from DigiCert on a SA540 router? The SSL certificate is a wildcard variant (*.example.com).
View 1 Replies View RelatedI want to build a "hub and spoke" topology for one of my clients. For the "HUB" , I'm planning to use an SA540, with a static public IP provided by a 4Mb SDSL. For the "spokes" (21 at the moment), I'm planning to use RV120. They will be behind a NAT, provided by a "SAGEM LIVEBOX", and a static public IP. The boss will connect to the HUB using Cisco VPN client, or quickVPN, and get access to all the spokes. Some spokes will have to connect to each other, via the HUB. I searched a long time on this forum and reading documentation, but I didn't find at the moment the answer to my question : is this topology suitable with the choosen hardwares ?
View 7 Replies View RelatedLooking for routing with an SA540 router connecting to corporate VPN.We have an odd configuration that is beyond the scope of what I have configured previously with these devices..I am trying to configure the routing to the additional IP addresses listed for the HQ. The VPN tunnel between the .26.120.x and the .17.0.0 networks is built however it does not appear to be routing. The Cisco administrator at the HQ site says that they have "fully configured the routing" from all the listed IP addresses back through the VPN tunnel. The options I am unsure of for configuration of the SA540 router are: GW - I believe that I use the internal IP address of the 17.26.120.x router.Is this logical since the VPN tunnel. We are using NAT for the firewall internally.The existing 3 172.26.x.x VPN tunnels are live and working and fully routing between themselves.
View 2 Replies View RelatedI hope an easy question, in the WAN profile of our SA540 I have IP Aliases configured for a block of IP addresses we have. The active 2 IP addresses plugged into the actual RoadRunner modem respond fine to ping, the other three I have programmed to the WAN interface are not responding as I would think they should. Have I overlooked something? The "Block IP on WAN Interface" is disabled and pings back fine.
View 3 Replies View RelatedI went through the install procedure outlined in the ProtectLink Gateway install manual and i activated the ProtectLink Web product through Trend Micro (which shows up through their web site as a registered product to me). It still doesn't show up as installed on the SA540 (under Administration/License Management screen). When I try to activate the product again, it shows as "Already registered". Trend has no idea why it won't work. They said Cisco sold the license, so try their support.
View 1 Replies View RelatedI'm trying to figure out why recipients of emails from my company show that the mail is coming from our dedicated wan ip instead of the ip alias setup thru the dedicated wan.The external ip address for the sa540, wan1 (no optional interface), is 82.134.79.122.The ip alias is 62.97.213.156 mail. unitec hsubsea. com resolves to 62.97.213.156 for external dns yet it is reporting as the 82.134.79.122 for some recipients.The mail server was never setup with the 82.134.79.122 ip so i don't think this is a dns cache issue.What issue in the SA540 would cause the system to show as mail coming from 82.134.79.122 instead of the ip alias 62.97.213.156?
View 0 Replies View RelatedIs it possible to re-route our Site 2 Site VPN over our Static Route (T1) if the WAN fails?
View 1 Replies View RelatedI've got two RV082's connected. Each has a dynamic IP (changes typically every few weeks). I've configured the tunnels on both ends with a local and remote "Remote/Local Security Gateway Type" of "Dynamic IP + Domain Name(FQDN) Authentication".If I look at the VPN Summary tunnel status, it shows an IP address of "mydomain.dyndns.org 0.0.0.0" under the "Remote Gateway" column heading. The Tunnel Test "Connect" button is N/A.I can resolve both of the mydomain.dyndns.org entries on both sides of each VPN using the Diagnostic DNS lookup tool within each router. If I hardwire a fixed IP address for the Local and Remote Gateway everything works just fine. VPN is good.
I just can't seem to get the "mydomain.dyndns.org" function to work. It appears the router can't resolve the dynamic IP from the domain names on each of the routers.
I replace our aging rv082 routers with wireless rv220w routers. The gateway to gateway vpn works great, however I am no longer able to manage our print servers port 80 management page. I can ping any host with success, and I can manage hosts that have a port 10000 or 8000 web interface - but no port 80 ones... I had no issues when using the old rv082 routers...
View 0 Replies View RelatedI picked up a pair of RV220W's and before I spent loads of time at a remote site, I figured I'd go through some VPN testing at home to make sure I could get it setup properly. What this means is I've plugged the Internet uplink into a switch, then from the switch into both routers & configured them (using unique static IP's for each) from there. For what its worth: While I have some IT experience, I don't have strong networking experience.
I setup several VLAN's on the local RV220W, and the end result is to make it so that an asset at the remote site with an IP in any of the ranges (192.168.121.0/24, 192.168.131.0/24, 192.168.141.0/24 and any future VLANs) can communicate with/access resouces at the local site. Likewise, an asset at the local site with an IP in any of the ranges (.121, .131, .141 + any future VLANs) should be able to reach the remote resources (currently just 192.168.181.0/24, but future VLANs as well).
This evening I tried to focus on the relevant VPN pages of the Administration Guide to get the VPN up. Leaving the defaults I got as far as establishing a link between both sites and it seems that things are working right: From the remote site (.181) I can access the local site (.121, .131, .141); and from the local site I can at least ping resources (a laptop) on the remote site. (Yay!)
However, when I physically connected an asset that had a 192.168.121.X, 192.168.131.X and 192.168.141.X IP addresses to the remote RV220W (which is 192.168.181.0/24), I couldn't see it from the remote or local sites.I assume this is expected. But I'm reaching out to the community to see what other possibilities might be available becuase networking is a weak area for me. I figured it might be something like a Static [or Dynamic] Route but I really am not 100% sure.
'TECHNICAL' SPECS
Local Router LAN/WAN Settings:
LAN IP: 192.168.121.1 on default VLAN (1)
VLAN 13 defined 192.168.131.1 with DHCP enabled; Reservations created outside of DHCP scope
VLAN 14 defined 192.168.141.1 with DHCP enabled, Reservations created outside of DHCP scope
Inter VLAN Routing enabled for all VLANs
[URL]
Can I have use a Gateway-to-Gateway IPSec tunnel whereby a user can surf the Internet using his local Internet connection and at the same time connect through the IPSec tunnel to a remote subnet using RVS4000 routers?
View 1 Replies View RelatedI have two Cisco RV042 Routers, they are being used to connect two offices, i have created a standard gateway to gateway connection, fixed public ip addresses on both sides and everything works fine, except when the tunnel gets disconnected, it does not connect back automatically, i have to log into either router console and click the connect button to get the tunnel working again, this is really annoying since it happens once or twice a day at least.
View 2 Replies View RelatedNew hardware here, requesting a bit of your knowledge, We are tryingin to setup a simple gateway to gateway VPN
HomeA Has an RV016 with a public static IP
Local Group Security Gateway type is IP Only with the IP
Local Security Group Type is Subnet, with the local IP class 192.160.0.0
Remote Security Gateway Type: Dynamic + Email
Email address some@emailaddress.com
Remote Security Group Type: Subnet
IP Address 192.168.1.0
IPSec Setup as default with nice password.
HomeB has an RV082 with a dynamic ADSL link
Local Group Security Gateway type is DynamicIP +Email
Email address some@emailaddress.com
Local Security Group Type is Subnet, with the local IP class 192.160.1.0
Remote Security Gateway Type: IP Only
Remote Security Group Type: Subnet
IP Address 192.168.0.0
IPSec Setup as default with nice password.
The idea is for HomeB which has a dynamic IP, to reach HomeA, which has a static IP and connect. But they just wont. I have not clue what's wrong, I followed the instructions, maybe i miss interpreted something. I could share the VPN logs for both., Im getting a lot of errors there.
I have a pair of RV082 routers and I'd like to configure gateway to gateway VPN tunnel as described in a cookbook, "How to configure a VPN tunnel that routes all traffic to the Remote Gateway," (file name Small_business_router_tunnel_Branch_to_Main.doc). I followed this cookbook and found that my while the Main office has internet connectivity, the branch subnet doesn't have internet connectivity.
Routing does behave as advertised, where all traffic does go to the main office. However, the 192.168.1.0 subnet in the branch office does not get internet connectivity. I've read in other posts that the Main office router will only provide NAT for the local subnet, not the branch office subnet. Is there a way to configure the RV082 router to provide NAT for all subnets?
If not, which Cisco product will provide the VPN Tunnel connectivity as well as the NAT for all subnets? Can the RV082 be used as part of the final solution or are my RV082s a wasted expenditure?
Following is the configuration that I'd implemented, (real IP and IKE keys are bogus).
Gateway To Gateway
Remote Main Office
Add a New Tunnel
Tunnel No. 1 2
Tunnel Name : n1-2122012_n2-1282012 n1-2122012_n2-1282012
Interface : WAN1 WAN1
[code].....
I have two Cisco RV8082 Routers which I would like to setup a VPN Tunnel with Gateway to Gateway. One location is a static IP Address. The other location is a dynamic IP address.
View 2 Replies View RelatedI am trying to set up a gateway to gateway VPN connection between a RV042G (central site) and a RV110W (newest firmware) which is used for presentation purposes on various customer's sites. The RV042G has a static IP. The RV110W has different IPs, depending on where it is used.
Basic VPN settings are clear to me (we have another VPN between two RV042G with static IPs). I set up the VPN connection on the RV042G wth the following settings for "Remote Group Setup":
Remote Security Gateway Type : IP + Domain Name (FQDN) Authentication IP by DNS resolved: mydomain.no-ip.org Domain Name: router12345
The value "router12345" is what I have configured in the RV110W as "Host name" in the network settings.
This configuration does not work so I am obviously doing something wrong. Do I have to use "router12345.mydomain.local" instead if I configured "mydomain.local" as the domain name in the RV110Ws network settings? For my tests the RV110W has a WAN-IP of 192.168.178.100 because it is located behind a DSL-Router. The external IP of this DSL-router is 178.0.x.x. The resolved IP from mydomain.no-ip-org is 192.168.178.100 but when I look in the RV042G log I see the requests coming withg the external IP (178.0.x.x). Is this the problem? The last message I see in the log is "no connection has been authorized with policy=PSK".
Or can I use "IP + Email Address (USER FQDN) Authentication" instead (where can I enter this email address in the RV110W?). Or do I have to use "Dynamic IP"?
I exchanged a RV042 v1.2 (Firmware 1.3.13.02) by a new RV042G v3. (Firmware 4.2.1.02).
My problem is now the following: The old RV042 established the Gateway to gateway VPN connection as soon as an IP- address of the remote location was requested. The new RV042G stays on „Waiting for connection“ all the time and does nothing at all. The connection works by clicking „CONNECT“ or by ticking Keep-Alive in the advanced tunnel settings but NOT automatically as before. Is this a firmware issue or have I to configure something additional?
RSV 4000 bundle with IPSECVPN. Any additional license for IPSECVPN ?
View 2 Replies View RelatedWhat's the difference between VPN Plus license and Security Plus license. I have new 5520 shipped with VPN Plus license.Also does it require a seperate license for Anyconnect for Mobile and AnyConnect Essentials.
View 1 Replies View RelatedI’m stuck in some problem with installation of LMS4.0 in customer site.
- we purchase a LMS4.0(CWLMS-4.0-100-K9) but couldn’t install it on Windows server 2008 R2 64bit because those things don’t support each other.
- I need to upgrade the LMS4.0 to LMS4.2 that is supporting Windows server 2008 R2 64bit.
- So, I ordered following items via product update tool (url...) [code]
- In this status, how to install LMS4.2 with license for 100 devices? If I install R-PI12-BASE-K9 first, can i enter a licese for 100 devices for CWLMS-4.0-100-K9 into PI1.2?
I have 1941, 2901 ISR routers. I will use 3G backup when primary link (metro ethernet / G.SHDSL) goes down. Do I have to use Data License (SL-19-DATA-K9 / SL-29-DATA-K9) in order to switch back to 3G when primary link is not reachable) ?
View 7 Replies View RelatedWe have done the site to site VPN between Fortinet and Cisco SA540. Everything is configured at both ends but the tunnel is not establised.
View 4 Replies View RelatedI installed a new SA540 and configured some NAT rules for my Exchange server. Everything worked fine untill I did a firmware upgrade.Now the NAT rules won't work on my dedicated WAN.On the Optional WAN (load balancing) the NAT rules work fine.
View 1 Replies View RelatedI have tried to establish a VPN-Connection from Ipad (via the Ipad built-in vpn-client) to a SA540.Unfortunately without any results. I get the message "Server is not responding". (A VPN Connection from a normal Software-Client running on W7 works fine).
View 0 Replies View RelatedI was very excited to read about the two factor authentication that Cisco and Verisign offer through the VIP and SA500 series routers. I purchased an SA540 a month and a half ago. I have been on the phone with support of both Cisco and Verisign ever since. It appears no one actually knows how to make the product work. Finally I was told that they have only tested it on an SA520. So I bought an SA520; however, it doesn't work either. How to use the Verisign VIP two factor authentication with either an SA520 or SA540? If so, what is the trick? If not, how is Cisco advertising this product if it doesn't actually work?
View 3 Replies View RelatedWe are using the cisco sa540 router and shrew VPN to connect to our buiness network, mostly to connect to the workstations with RDP. Now we wonder if it posible that the connection will disconnect automaticly after an idle time of for example 30 minutes. And if so, how can i configure it?
View 4 Replies View RelatedSetup: SA540 (fw 2.1.71) with pretty basic configuration, no VLANs or QoS. Wireless APs and 3 large Netgear gigabit switches plugged straight into the SA540 LAN ports. Wireless APs are: 1 Aiport Express, 1 Linksys WRT54GL, and 1 Asus RT-N56U.
Problem: network speeds (transferring files) to the servers from wired and wireless workstations is very slow, around 200kBps.
Resoultion: plug the wireless APs into the Netgear switches instead.
Notes: any connection through each of the wireless APs was very slow, but not a signal problem. Even when plugging straight into one of the wireless AP's inbuilt switches, the speed is slow. Only when unplugging these APs from the SA540, and plugging the APs into any of the Netgear switches, does the transfer speed go back to normal even when the traffic still goes through the SA540 to reach the destination.
I don't understand why creating this extra hop between switches would be useful, and why plugging the APs directly into the SA540 is an issue.
I have a RV042 and I am trying to setup a Client to Gateway VPN for about 12 to 15 remote users. These users travel a lot and need to connect to the server. I have never setup a vpn and have looked at the manual and set it up like it says to. I installed the Quick VPN client on the remote computer and copied the certificate to the remote computer.
I am having two problems.
1. When I run the client on the remote computer and try to connect it tells me the cert is not installed on the local computer. (it is copied to the root program directory C:Program Files Cisco Small Business and the sub directory, C:Program Files Cisco Small Business Quick VPN Client.
2. I can continue and it acts like it's connecting but it does not. If I look at the router VPN summary it shows that I connected for only a brief time.
I've got half a dozen RV042 routers in various locations. They are running v4.0.0.07. Seemingly randomly, I got the 502 Bad GatewayThe CGI was not CGI/1.1 compliant. error when attempting to log into the web interface with google chrome (same with IE too). This happens from the LAN side. I actually didn't notice it until my Opsview monitoring software threw up a critical when it didn't get an http response. The router is otherwise actually working just fine.Since the first occurrence, more of my routers have developed the same error.
I've tried different browsers, clearing caches, though I'm not surprised those efforts were fruitless, as there is clearly a problem even when no browser is involved (nagios). The nagios http check also returns a 502 Bad Gateway.