Cisco Routers :: Routing SA540 Connecting To Corporate VPN
May 21, 2012
Looking for routing with an SA540 router connecting to corporate VPN.We have an odd configuration that is beyond the scope of what I have configured previously with these devices..I am trying to configure the routing to the additional IP addresses listed for the HQ. The VPN tunnel between the .26.120.x and the .17.0.0 networks is built however it does not appear to be routing. The Cisco administrator at the HQ site says that they have "fully configured the routing" from all the listed IP addresses back through the VPN tunnel. The options I am unsure of for configuration of the SA540 router are: GW - I believe that I use the internal IP address of the 17.26.120.x router.Is this logical since the VPN tunnel. We are using NAT for the firewall internally.The existing 3 172.26.x.x VPN tunnels are live and working and fully routing between themselves.
View 2 Replies
ADVERTISEMENT
Feb 7, 2012
I have a computer that was previously connected on-site (hard wired) to a corporate network. I am now attempting to connect it on-site to my home network. While I have a live Internet connection going into the computer, I cannot connect to the Internet. Is there soem sort of setting adjustment that i need to make?
View 5 Replies
View Related
Jul 16, 2012
We have a Cisco SA540. It has been an extremely reliable UTM router. Other than SSL VPN not working for Mac OSX, we are very pleased with the unit.We have a 3 year contract for IPS, a 3 year contract for Trend Micro Protectlink Web, and a 3 year contract for Small Business Support Service for the unit.Right now we are trying to setup the VIP functionality but it is not going very well. To sum it up in a few words, we cannot get the SA540 to prompt the SSL VPN users to enter the 6-digit access code.
We setup an account at Verisign and requested a trial for VIP. They promptly setup the trial account. Getting everything setup was a breeze. The Verisign website is very well documented. They even had specific instructions for Cisco SA500 Series routers!!! We were very impressed with Verisign's implemenation. We are able to get our SA540 to talk to Verisign (basically, when we activate or deactivate an SSL VPN VIP user in the SA540 web GUI, you can immediately see it enabling or disabling the user on the Verisign website... it is very cool).Unfortunately no matter what we do, we cannot get the SA540 to prompt the SSL VPN user to enter the one time 6-digit code. In this case, we are using Verisign's iPhone app called 'VIP Access'.
I called into the SBSC and talked to a guy. I felt really bad for him. He used WebEx to log into my desktop and I showed, and explained, to him how all of it worked (setting up VIP in the SA540 web GUI, as well as, and the Verisign website). He had no clue about Verisign, VIP, or the two-factor authentacation concept at all. I told him that he needed to escalate my case to the SA500 Series team, but of course he had to try. He was supposed to call me back yesterday or today. I am sure he is dreading calling me back as he probably still has no clue.
How to use the VIP functionality? Or how it works and set it up? We would like to at least get it to work before our 30-day trial period is up. I have a distinct feeling that the functionality used to work, but Cisco hasn't kept up the firmware with all the latest back-end API calls to Verisign or something similar.
View 4 Replies
View Related
Mar 1, 2012
We require UPnP (mainly for an in-house built FTP Server app that uses UPnP to dynamically open/close ports for Passive FTP mode) and have found it's implementation in the SA540 is unreliable. Sometimes UPnP works after a reboot, sometimes it doesn't. When it does work after a reboot it will eventually stop working. Going into the web GUI and turning UPnP off and back on always fixes for a while.
Is this a known issue with the SA500 Series routers? We had an RV220W deployed first, but it's UPnP implementation was even more unreliable. That said, it seems that the latest Beta firmware version for the RV220W has fixed the issue. Could it be that the same fix needs to be applied to the SA540?I was planning on opening a cause with the CSBC at some point like I did with the RV220W, but I'd rather not spent the time doing so if the this is a known issue.
View 1 Replies
View Related
Jan 26, 2012
Installing a SSL certificate from DigiCert on a SA540 router? The SSL certificate is a wildcard variant (*.example.com).
View 1 Replies
View Related
Jul 11, 2011
I want to build a "hub and spoke" topology for one of my clients. For the "HUB" , I'm planning to use an SA540, with a static public IP provided by a 4Mb SDSL. For the "spokes" (21 at the moment), I'm planning to use RV120. They will be behind a NAT, provided by a "SAGEM LIVEBOX", and a static public IP. The boss will connect to the HUB using Cisco VPN client, or quickVPN, and get access to all the spokes. Some spokes will have to connect to each other, via the HUB. I searched a long time on this forum and reading documentation, but I didn't find at the moment the answer to my question : is this topology suitable with the choosen hardwares ?
View 7 Replies
View Related
Apr 5, 2013
We have just purchased a license L-PL-GW-100MAX-3= Protect Link Gateway: Unlimited Web + 100 Max Email Seats,3YR. I found that it does not include IPS license. I cannot find anywhere where I can purchase an IPS license for SA540 gateway. It seems to be available only as a bundled product when purchasing the hardware.
View 1 Replies
View Related
Oct 23, 2012
I hope an easy question, in the WAN profile of our SA540 I have IP Aliases configured for a block of IP addresses we have. The active 2 IP addresses plugged into the actual RoadRunner modem respond fine to ping, the other three I have programmed to the WAN interface are not responding as I would think they should. Have I overlooked something? The "Block IP on WAN Interface" is disabled and pings back fine.
View 3 Replies
View Related
Sep 13, 2011
I went through the install procedure outlined in the ProtectLink Gateway install manual and i activated the ProtectLink Web product through Trend Micro (which shows up through their web site as a registered product to me). It still doesn't show up as installed on the SA540 (under Administration/License Management screen). When I try to activate the product again, it shows as "Already registered". Trend has no idea why it won't work. They said Cisco sold the license, so try their support.
View 1 Replies
View Related
Jul 13, 2012
I'm trying to figure out why recipients of emails from my company show that the mail is coming from our dedicated wan ip instead of the ip alias setup thru the dedicated wan.The external ip address for the sa540, wan1 (no optional interface), is 82.134.79.122.The ip alias is 62.97.213.156 mail. unitec hsubsea. com resolves to 62.97.213.156 for external dns yet it is reporting as the 82.134.79.122 for some recipients.The mail server was never setup with the 82.134.79.122 ip so i don't think this is a dns cache issue.What issue in the SA540 would cause the system to show as mail coming from 82.134.79.122 instead of the ip alias 62.97.213.156?
View 0 Replies
View Related
Mar 21, 2011
I have a Belkin Wireless G Plus MIMO Router and had no problems connecting to corporate in the past until several months ago. I can connect just fine if I bypass the router and connect to the modem. I also have no problem if I go to places like Subway. There is no problem with the wireless internet connection, only a problem when I try to connect to corporate through the VPN.
View 3 Replies
View Related
Dec 30, 2011
Is it possible to re-route our Site 2 Site VPN over our Static Route (T1) if the WAN fails?
View 1 Replies
View Related
Dec 26, 2011
Is Anyconnect supported for SA540 I have installed in on my android phone however I keep getting error "Unable to process data received from secure gateway" when trying to connect. If anyconnect is supported on SA540 how do I get it working?
View 1 Replies
View Related
Sep 14, 2012
I have created an IPSEC VPN tunnel using a Cisco ASA5520 (corporate) to a Cisco SRP541W (remote). The corporate subnet is 10.1.0.0/16, and the remote subnet is 192.168.1.0/24. From the remote subnet, I can ping anything on the 10.1.0.0 corporate network, but I cannot ping from the corporate network to the remote subnet. At first I thought this was something obvious, perhaps an incorrect acl or something easy on the corporate firewall. However, we have several other vpn tunnels established, all set up the same, and they work just fine. After looking at it a bit more closely, if I ping the remote subnet I see the hit counter increment by one each time, which leads me to believe that traffic is in fact being routed properly.Now I'm thinking that something in the remote SRP541W that is not allowing icmp traffic, but I can't find it anywhere. To be honest I have never used this type of firewall before, they have all been Cisco PIX501/506e and ASA5500 models.
View 2 Replies
View Related
Feb 27, 2013
A new Windows 8 computer can't access the SSLVPN corporate connection.
When we try to access the SSLVPN website to download the launcher (you have to download the VPN launcher everytime for our configuration), you can log in and that's fine, and then you can click on the VPN Tunnel link, a popup shows up but it doesn't actually download the launcher. Solutions we've tried so far:
1) Reinstalling C++ Redistirbutable
2) Adding the site to trusted sites and allowing unsigned ActiveX controls
3) Removing all internet objects through internet options.
Is there anything else we can try?
View 3 Replies
View Related
Apr 14, 2013
Setup: SA540 (fw 2.1.71) with pretty basic configuration, no VLANs or QoS. Wireless APs and 3 large Netgear gigabit switches plugged straight into the SA540 LAN ports. Wireless APs are: 1 Aiport Express, 1 Linksys WRT54GL, and 1 Asus RT-N56U.
Problem: network speeds (transferring files) to the servers from wired and wireless workstations is very slow, around 200kBps.
Resoultion: plug the wireless APs into the Netgear switches instead.
Notes: any connection through each of the wireless APs was very slow, but not a signal problem. Even when plugging straight into one of the wireless AP's inbuilt switches, the speed is slow. Only when unplugging these APs from the SA540, and plugging the APs into any of the Netgear switches, does the transfer speed go back to normal even when the traffic still goes through the SA540 to reach the destination.
I don't understand why creating this extra hop between switches would be useful, and why plugging the APs directly into the SA540 is an issue.
View 1 Replies
View Related
Oct 15, 2012
Scenario: Two buildings connected with a private leased fiber line, so it does operate as a LAN. There are several subnets and everyone at both buildings needs to be able to access all subnets. However the physical machines on those subnets are building specific:
-Building 1: 10.2.0.0/24 (vlan20), 10.4.0.0/24 (vlan40), Internet connection
-Building 2: 10.1.0.0/24 (vlan10), 10.3.0.0/24 (vlan30)
The majority of the traffic between the subnets is specific to the buildings as well (i.e. most of the traffic is between 10.1 and 10.3 or 10.2 and 10.4).
Currently I have a Catalyst 3560 at Building 1 operating as the single "core" L3 router (and then a variety of switches connected to that). I have another 3560 at Building 2 that I'd like to turn in to the "master" L3 router for the two subnets primarily used by Building 2. In other words, make it so traffic from 10.1 to 10.3 doesn't have to run to building 1 just to get back to building 2.
I've got a basic knowledge of adding VLANs, VLAN interfaces and a static routes. The part that I'm getting confused on is that the Building 1 core router needs to make its default route to the firewall (and on to the internet) but "know" that traffic on vlans 10 and 30 gets sent across the fiber line to the other router. So I'm assuming this gets done with some combination of vlan definitions, vlan interfaces and static ip routes on each router.
View 6 Replies
View Related
Mar 28, 2012
I am have a little trouble setting up my home lab. I have a 3620 with two ethernet ports and a 3640 with four ethernet ports. I also have a 3500XL switch that I am using to connect the two together, but I can't seem to get each one to ping.
Here are my configs:
3500XL
3500XL-BottomSwitch#show run
Building configuration...
Current configuration:
!
version 12.0
[Code]......
View 14 Replies
View Related
Oct 22, 2012
While I managed to connect to each router individually, I decided it was time to connect the routers together via serial; as I don't have any serial cables and need to buy some, what serial cables I need, as well as to ask whether I have the right cards in my router(s) that will allow me to do so.
I bought 3 1841 routers, and all have a 1 port serial WAN Interface Card (WIC 1-T); one router has 2 of these, and one router has a WIC-1B-S/T .. My question is, can I connect the routers with a serial cable via WIC 1-T, or do I need a 2-T
View 1 Replies
View Related
May 21, 2013
In testlab we use pim-sm with bootstrap router on sup7 with IOS-XE 03.04.00.SG. Any possibility to prevent non authorized rp from connecting to the candidate bootstrap routers? We found several security recommendations concerning limiting registering of sources at the rp, rate-limits etc, but no possibility to control rp connecting to the bsr.
View 4 Replies
View Related
Dec 29, 2012
We have done the site to site VPN between Fortinet and Cisco SA540. Everything is configured at both ends but the tunnel is not establised.
View 4 Replies
View Related
Oct 18, 2011
I installed a new SA540 and configured some NAT rules for my Exchange server. Everything worked fine untill I did a firmware upgrade.Now the NAT rules won't work on my dedicated WAN.On the Optional WAN (load balancing) the NAT rules work fine.
View 1 Replies
View Related
Dec 20, 2011
I have tried to establish a VPN-Connection from Ipad (via the Ipad built-in vpn-client) to a SA540.Unfortunately without any results. I get the message "Server is not responding". (A VPN Connection from a normal Software-Client running on W7 works fine).
View 0 Replies
View Related
May 2, 2012
I was very excited to read about the two factor authentication that Cisco and Verisign offer through the VIP and SA500 series routers. I purchased an SA540 a month and a half ago. I have been on the phone with support of both Cisco and Verisign ever since. It appears no one actually knows how to make the product work. Finally I was told that they have only tested it on an SA520. So I bought an SA520; however, it doesn't work either. How to use the Verisign VIP two factor authentication with either an SA520 or SA540? If so, what is the trick? If not, how is Cisco advertising this product if it doesn't actually work?
View 3 Replies
View Related
Jul 10, 2012
We are using the cisco sa540 router and shrew VPN to connect to our buiness network, mostly to connect to the workstations with RDP. Now we wonder if it posible that the connection will disconnect automaticly after an idle time of for example 30 minutes. And if so, how can i configure it?
View 4 Replies
View Related
Nov 22, 2012
I am the CEO of a small company with 5 divisions, 2 of which are remote. There is also my home office that I wish to be on the company VPN.We can't afford an IT department, so it is up to me to ask for a network diagram (as specific as possible) that lays out all the hardware required.My plan is to eventually have an intranet web server, file server, and database server all for internal use. Our external webserver is hosted by a well-known company. Growth must be considered both in hardware and network.
View 4 Replies
View Related
May 21, 2012
I have cisco's CUCM version System version: 7.1.5.10000-12 when I do a corporate lookup (form my 7970 I hit Directories - 5) Corporate Directory) I see all sort of accounts that have no phone extensions I.E. our windows service accounts, our administrator accounts that have no number associated with them. is there a way for me to hide them?
View 1 Replies
View Related
Aug 17, 2011
I need information about the Aironet 600 access point.I got a customer who want to deploy a guest WLAN on branch office with an authentication with a captive portal that is centralized. I would like to use the OfficeExtend functionnality with Aironet 600 Acces point & WLC 5508 or 2504 to centralize the traffic from all access points on the controller.
On those branch offices, there were a few "free access desktops" that need a copper link. I want those devices to be also authenticated by captive portal, so I want to connect them on the four 10/100 port of the access point. But it seems that we can only use one port as "corporate remote LAN", the threee others are just for "home LAN". Is it correct ? Is there any solution to configure the four ports as remote LAN interface ?
View 3 Replies
View Related
Mar 16, 2011
My company uses an ASA 5520 to authenticate VPN using the Anyconnect client. We would like to deploy a second authentication method such as Host Scan (CSD.) Our ASA is currently running on a "Plus" license. As I understand CSD will only work with "Premium?" If this is correct are there other options for two part authentication? We're also considering using FOBs and have ruled out using the NAC.
View 3 Replies
View Related
Oct 1, 2011
I have some trouble with the setup of an oeap 600 ap. The ap has joined the controller as it should and the remote-lan connection to my corporate network works well, but i can't connect to the corporate wlan.
When i check the event log on the ap it says:
"
*Oct 02 07:36:56.662: (Re)Assoc-Req from 00:1a:73:d2:82:8c forwarded to WLC, wired: no
*Oct 02 07:36:56.665: received assoc-rsp for wireless client, status=0011
*Oct 02 07:37:11.712: DisAssoc-Req/DeAUTH from 00:1a:73:d2:82:8c forwarded to WLC, wired: no
*Oct 02 07:37:11.713: WTP Event: Delete Mobile sent to wlc00:1a:73:d2:82:8c"
and a debug on the controller gives me:
apfMsConnTask_6: Oct 02 08:52:05.034: 00:1a:73:d2:82:7f Adding mobile
on LWAPP AP ec:c8:82:c2:3a:20(0)
*apfMsConnTask_6: Oct 02 08:52:05.034: 00:1a:73:d2:82:7f Association received from mobile on AP ec:c8:82:c2:3a:20
*apfMsConnTask_6: Oct 02 08:52:05.034: 00:1a:73:d2:82:7f Sending Assoc Response to station on BSSID ec:c8:82:c2:3a:20 (s
tatus 17) ApVapId 1 Slot 0
[code]....
View 3 Replies
View Related
Apr 4, 2012
erro came with 3722------however after checking date and time i was able to login. AZAD
View 1 Replies
View Related
Jun 11, 2012
I am trying to connect to my office wifi which uses a proxy server. Scenario 1: I am using Samsung Bada (wave 1), connected to the internet successfully and also any applications that require an internet connection including Samsung's app store. While, connecting via open networks like home wifi and other friends' wifi also worked without any issue. Scenario 2: Now I also have an android based Galaxy pocket: even after entering all the required proxy setting as mentioned above, I can access websites via browser but cannot access samsung's app store, google's play store, skype, sipdroid etc. I know it is nothing to do with the network administration as I am still accessing via my samsung wave but not via android. Is there anything like a network profile I need to assign for these applications?
View 1 Replies
View Related
May 30, 2012
How can i to prevent the demonstration of a software in corporate network?
View 2 Replies
View Related
