Cisco Routers :: SA520 VPN Cannot Ping
Nov 15, 2011
I am currently trying to configure a Remote Access VPN on a SA520 (Primary Firmware Version 2.1.51) using Cisco VPN Client (Ver 5.0.07.0410)
Until now i have connectivity from the SA to the LAN and i can connect using the Cisco VPN Client to the AS:
[IKE] INFO: IPsec-SA established[UDP encap 12856->4500]
[IKE] INFO: IPsec-SA established[UDP encap 12856->4500]
It gives me an IP from the pool but i can not reach through ping to my LAN.
View 1 Replies
ADVERTISEMENT
Apr 23, 2013
I would like to setup a VPN to allow employees nomad that connect to our network from outside. Our router is a Cisco SA520 I tried different configurations without success ...Here is the current VPN configuration:I created my users IPSec, I can connect remotely, but I do not have network access ... Unable to access network shares, impossible to ping.
View 1 Replies
View Related
Nov 22, 2011
I am trying to configure the DMZ on my SA520 router but without success.After a lot of tests I reduced everything to a very simple test case that is not working: I setted the "Optional Port Mode" to "DMZ" and enabled "DHCP Server" in the "DMZ Configuration", but DHCP on the DMZ does not assign any address.I am wondering if my optional port is broken or not.
View 4 Replies
View Related
Jul 30, 2012
Two factor setup with Symantec VIP? I just fined setting it up and VIP Service and SA520 seems to be synchronizing correctly but device doesnt direct VPN users for second authentication ?
View 16 Replies
View Related
Mar 20, 2012
I have a fibre connection on the dedicated WAN which was working perfect until someone somewhere cut through the line. The SA520 fell over to the Optional WAN port which is basic ADSL line which is connected. Logmein client is online too.
But it refuses to browse webpages, appears to be a dns issue or firewall or both.
I have added the ISP dns addresses into the forwarders on my server.
View 1 Replies
View Related
Jan 30, 2012
We have Cisco SA520 and we want to use VPN to access the office servers from home. We have been able to configure the VPN server on the SA520 however the connection is very unstable.We use OS X 10.7 lion built-in Cisco compatible VPN clients and this is a typical output of ping from 3G mobile network to a server inside the office network. It works the same way also if I am trying to access from my home ADSL connection so the problem is not the instability of the 3G connection.
Some sample traffic sequeezed:
PING ns.svm (192.168.60.27): 56 data bytes
64 bytes from 192.168.60.27: icmp_seq=0 ttl=63 time=98.022 ms
64 bytes from 192.168.60.27: icmp_seq=1 ttl=63 time=76.934 ms
64 bytes from 192.168.60.27: icmp_seq=2 ttl=63 time=278.201 ms
[code]....
View 1 Replies
View Related
Aug 7, 2011
We have a Cisco SA520 Router (Firmware 2.1.18)We are only using this for about 1 month now. Router seems ok its justI am worried about the Memory utilization which reach to 62% (144/234 MB)Is this something to worry about?How can I utilize this by lowering down the usage?
View 3 Replies
View Related
Oct 23, 2011
I have an SA520 setup and all my users can login to the SSL VPN tunnel except one user. The laptop is running windows 7 64bit and had IE9 installed. When I try to connect her to use an SSL VPN Tunnel, I get the following error: Cisco-SSLVPN-Tunnel Install Failed: Error in getting proxy settings!. I have made sure the firewall was turned off. How to get the ssl tunnel connected?
View 3 Replies
View Related
Jul 17, 2012
So I went to update the firmware on my SA520 last night and aparently something failed, the device restarted and now it doesn't respond to anything. The Diag light stays light and the factory reset button does nothing no matter how long I hold it in. Is there another way to reset the device?
View 2 Replies
View Related
Sep 16, 2011
Is PVID the same thing as "native vlan"? Can the native VLAN be changed on a SA520? Currently I believe it to be 1, I'd like to change the native VLAN to 10.
I have a scenario where I have a prexisting production LAN of 192.168.1.0/24 . It's a small organization (a church), but they purchased 3 Aironet 1130ag units. They want to have a "private" WLAN that is part of 192.168.1.0/24 , and a guest WLAN of a different subnet (I chose 192.168.20.0/24) . The two should never meet. There will likely never be a guest computer connected via ethernet. Guest computers would always have to connect wirelessly.
I left VLAN 1 on the SA520 192.168.75.0/24 subnet as default.I created a VLAN 10 , 192.168.1.0/24 subnet, and I created a VLAN 20, 192.168.20.0/24 subnet.Ports 1-3 of the SA520 are members of VLAN 1, 10, and 20 (cannot remove membership of VLAN1, which is pretty annoying).
Both are secured by WPA, and when I connect, the proper DHCP subnet passes from the firewall through to the wireless client, for each respective SSID.Ultimately, I'd like the SBS 2003 server to handle DHCP for VLAN 10, and have the SA520 handle DHCP for VLAN 20, but i'll take what I can get.
The original production LAN is connected via an unmanged switch.I'd like to trunk the unmanaged switch to Port 4 on the SA520. However, since the PVID (native vlan?) of SA520 is 1, and I cannot make Port 4 on the SA520 ony a member of VLAN 10, then anything traffic coming from the unanaged switch will automatically be tagged with VLAN1, correct? Thus causing the already existing production network to start receiving DHCP from the firewall in the 192.168.75.0/24 range.
View 1 Replies
View Related
Aug 20, 2011
How could i make a vpn tunnel between a router SA520 and a central UC540.
View 3 Replies
View Related
Nov 26, 2012
Is there a way on the security appliance SA520 to remove someone from the DHCP lease client manually rather than setting the DHCP lease time to expire in less time like 4 hours or 2 hours. I was able to do this on other routers by highlighting the connected device and click remove. If not any recommendations on how to handle the device that are attached via DHCP and the person is no longer here, but the lease time is not up. I have set DHCP lease time to 4 hours.
View 1 Replies
View Related
Dec 30, 2011
Is it possible to re-route our Site 2 Site VPN over our Static Route (T1) if the WAN fails?
View 1 Replies
View Related
Jan 29, 2013
I am unable to isolate DMZ and LAN traffic with an SA520 running 2.1.7.1 firmware. I have the optional port configured as DMZ and DHCP server enabled. I tired leaving the firewall as default. Also tried creating firewall rules to deny traffic from LAN to DMZ and DMZ to LAN for any address and any service.I am still able to ping devices both from LAN to DMZ and DMZ to LAN. I am also able to see network resources in both directions.
View 5 Replies
View Related
Oct 28, 2012
I have several sa520 appliances, and one of them came with the 2.1.72 firmware and it works perfect... with all others I upgrade to 2.1.71 (because I was not able to find 2.1.72) that is the latest posted in the CISCO download area.So, is there any way to get 2.1.72 ?With the 2.1.71 the VPN Site 2 Site works fine some time, but later it disconnect and it does not connect until I disable /enable the VPN.
View 2 Replies
View Related
Aug 15, 2011
When I ping an address from my windows machine, it succeeds, but when I ping to the same IP on my MAC OS X machine, it fails.
1. Why?
2. How to get successful ping on my MAC machine?
View 1 Replies
View Related
Jun 22, 2011
How do you convert a pix501 configuration to use on a sa520? I do not know how to use a GUI, I am a cli guy. Can a pix501 config be used on a sa520?
View 1 Replies
View Related
Apr 1, 2012
I am using the cisco vpn client to connect to the sa520 router. When I am connected I have split tunneling working so I can surf the internet and I can also access the server on the remote network by ip and full dns name I can not do it by netbios. and I have been trying to get or domain suffix on the vpn client but nothing I have tried is working?
1. the remote network domain as the connection specific dns suffix or
2. how to get netbios to go over the vpn connection
View 2 Replies
View Related
Apr 22, 2011
We configured sa520 load balance with 2 isp 2mb+2mb how to check the status of the load balance on sa 520 .
View 1 Replies
View Related
Sep 7, 2011
Is it possible to configure a Site to Site VPN from a SA520 with Dynamic IP (DSL) to a Cisco ASA5510 with static IP? I need to make sure about because i am trying to sell this solution to a customer with two branch offices with DSL connection and a Main Office with Metroethernet.
I know that using a a pre-share-key on the defaultl2lgroup of the ASA, the ASA will accept any site to site VPN. I have tried this with the ASA 5505 instead of the SA500 for the branch office, but the ASA5505 is too expensive for my customer.
View 2 Replies
View Related
Feb 29, 2012
I just bought an SA520 to replace my existing FW.
The thing is that I have private IP adresses on my LAN, and I have been issued a public IP network for my DMZ by my ISP.
Meaning I want to NAT my LAN but not my DMZ, but I can't seem to find a way in the 520 to do that. I can only find the oprion to turn off NAT all together.
View 1 Replies
View Related
Nov 8, 2012
I have an SA520 that is being used as a front end firewall. Behind it I have an IP PBX. The VOIP provides are registered and I can make outgoing calls. However It appears that the SA520 is either blocking or not routing the calls. I have opened the ports recommended by both the IP PBX and the VOIP provider. What do I need to do to make incoming calls through the SA520?
View 1 Replies
View Related
Sep 6, 2012
I want to use Cisco VPN Client to VPN to my SA520 to manage a UC320W. I can establish a VPN connection to the SA and ping both the SA and a switch that I have on the network, but I cannot ping my UC. I've set up firewall rules to allow ANY-ANY access from LAN-WAN, and a WAN-LAN rule to allow a certain range of IP addresses (the IP addresses assigned from the VPN DHCP pool, in this case, 192.168.12.x) access to the UC.
My SA IP address is 192.168.75.1 and my UC is 192.168.75.2 (I can ping both when I am directly connected to a LAN port on either equipment).
View 1 Replies
View Related
May 2, 2012
I was very excited to read about the two factor authentication that Cisco and Verisign offer through the VIP and SA500 series routers. I purchased an SA540 a month and a half ago. I have been on the phone with support of both Cisco and Verisign ever since. It appears no one actually knows how to make the product work. Finally I was told that they have only tested it on an SA520. So I bought an SA520; however, it doesn't work either. How to use the Verisign VIP two factor authentication with either an SA520 or SA540? If so, what is the trick? If not, how is Cisco advertising this product if it doesn't actually work?
View 3 Replies
View Related
Nov 7, 2012
I have run into a problem replacing an old Linksys BEFVP41 with a SA520. The BEFVP41 had an address on the LAN defined as a DMZ. That address was another router. It is in the same subnet as the local LAN and I am not sure what ports it uses. It is controlled by an outside group and requires much delay and paperwork to change the address. The new SA520 will only support a DMZ if it is in a different subnet than the LAN. Any way to simulate the old DMZ function on the newer router? I have not yet been able to obtain a list of all ports that should go to the second router. Didn't know if there was a way to forward all ports like the old BEFVP41 does by setting a DMZ address.
View 1 Replies
View Related
Mar 21, 2012
I'm trying to configure a VPN remote access type on a SA520-k9 but i don't know why doesn't work.
My Internal network is 192.168.131.0/24 and my Wan Ip is 87.216.xxx.xxx.
on Remote WAN's IP Address / FQDN i put the WAN IP 87.216.xxx.xxx on Local WAN's IP Address / FQDN I put the cisco SA520 Ip. I think this is the problem.
I create a IPsec user. I create a firewall rule from WAN interface to SA520 Ip with IPSEC-UDP-ENCAP service.
View 3 Replies
View Related
Jun 5, 2011
Updated formware of a partners ESW224 to the current GA code.I tried to add a ACL to a ESW switch. The switch was connected to a SA520.
I setup a guest network on a AP541 and propogated that guest VAP VLAN down through a ESW224 and down to a SA520.
On the SA520 I disabled IP routing between VLANs. All worked OK.
Guest and corporate clients could get differeing IP addresses deopending on which VAP they connect to.
But the wireless guests could still ping the management interface of the SA520. This is a security violation for the partner.Tried to setup a ACL on a ESW224 to deny traffic from getting to the normal corporate vlan or 192.168.75.0.
But received a popup on the ESW when i tried to create a ACL. It suggested there is a lack HW resources.
I disabled ESW advanced QOS.Tried to add a ACL , but still have a error message saying lack of HW resources.Why do I get a message saying lack of HW resources ?
View 2 Replies
View Related
Jan 5, 2012
I am new to Cisco products. We have currently got a Netgear FVX538 running in front of a few servers. We currently have 2 ranges of IP addresses provided to us on 2 separate subnets. We configured the netgear box with the first IP addresses of each subnet as the IP address of each of the primary and secondary LANs. This then allowed us to set the gateway addresses of servers on the network to either of those 2 addresses, depending on it's range.
This all worked fine - except for the fact that the Netgear box is incredibly flakey, so we decided to get a Cisco box.
We have gone for the SA520, which I have been trying to configure this afternoon. Unfortunately I am now having concerns as to whether it is possible to configure 2 separate subnets internally on this box in the same way we have done with the netgear box. ie - classical routing, one incoming WAN interface with multiple subnets?
View 5 Replies
View Related
Oct 17, 2011
Last week and just yesterday, our switch SG200 50/50 logged an error like this:
%CDP-E-MALFORMED_TLV: CDP message from 88:43:e1:ab:66:f8 cached with illegal Appliance VLAN-ID TLV
At the time of the error, the SA520 router's LAN Port 1 where the SG200 Port 49 connected went down. (Light is OFF) So internet is down and other V LAN are disconnected. The MAC address on the log is the SA520 router. This happens 2x now and it needs for me to reboot both switch and router. and goes back again online.
SG200 50/50 Port Firmware 1.1.1.8
SA 520 Firmware (Primary/Sec):2.1.51/2.1.18
View 4 Replies
View Related
May 21, 2012
i am first time to trying to make Vlans. I managed to do 2 vlans to SA520 to ports 1 and 2. But when i try to separatethem to SG300 with web management it doesnt work. Vlan 1 works fine, i untagged wanted ports and forbid vlan 2 ports.In Vlan 2 there vice versa, is this right way to do? Both Vlans has their own DHCP range as i do them to SA520.
View 2 Replies
View Related
Feb 6, 2012
i have setup vpn connection (client-gateway) using quick vpn ( default cisco) and third party like thegreenbow. connection is ok (established) but why from outside I can only ping to IP LAN PC , if I ping ip server the result is request time out(failed). I have been trying do this to 3 server ( windows server 2003 as OS).four your information I have made firewall "OFF" on all of those servers. the result is same, failed.
View 0 Replies
View Related
Apr 16, 2013
I have a RVS4000 and I would like to setup a Ping monitoring from the outside to a device behind RVS on lan network. I have created a rule to allow a service PING for range from WAN 46.xxx.xxx.xxx - 46.xxx.xxx.xxx to host 192.xxx.xxx.xxx but unfortunately this is not working. I can confirm that I can ping host 192.xxx.xxx.xxx from diagnostics on RVS.
View 2 Replies
View Related
Mar 24, 2013
I have setup a new RV180 and it appears to be connected to the WAN, however, I cannot ping the external IP. In some of the documentation, there are references to default access rules, however, there does not appear to be any rules setup. What other settings need to be made to allow the firewall to be pinged on the WAN interface?
View 1 Replies
View Related