I hope an easy question, in the WAN profile of our SA540 I have IP Aliases configured for a block of IP addresses we have. The active 2 IP addresses plugged into the actual RoadRunner modem respond fine to ping, the other three I have programmed to the WAN interface are not responding as I would think they should. Have I overlooked something? The "Block IP on WAN Interface" is disabled and pings back fine.
View 3 RepliesAbout a week ago, our network started to experience complete failure.
Our Equipment:
Router: Netgear FVS336.xxx
Switch: Dlink DES-1024D (we have 6 of these switches in our building)
Wifi Routers: Dlink DIR-601, Linksys wrt54g, wrt54gv2
Computersservers: 40x
Copiersfax: 5x
Wireless clients: (iphones, laptops) at least 30
All has been working together in harmony for many years.Fast forward to last week when my hell began with intermittent crashes.Not sure what's causing the problem.When it happens, everybody loses their internet, the ability to communicate over the network; ping tests won't respond to anything (including the router) that exists on the lan, even with a static IP against other statics.In visually inspection of the switches and router, they seem to be happily blinking away with no apparent issue (visually).The only way I've been able to fix the problem is by power cycling the router.About 1 second after doing that, we're back in action for 2-6 hours (very unpredictable).I never had to power cycle any other devices)
Steps I've taken in troubleshootingeliminating potential culprits:
Replaced the router with a spare (new) FVS318G
Replaced the power supply for the router (suspected because problem remained after router swap)
Replaced cable going from router to lan switch
Removed linksys wifi router from network (the router had needed power cycling weekly and was old. So I unplugged it)
Removed Dlink wifi router from network (I hate dlink routers, so removed it).I'm at a loss.
We have a Cisco SA540. It has been an extremely reliable UTM router. Other than SSL VPN not working for Mac OSX, we are very pleased with the unit.We have a 3 year contract for IPS, a 3 year contract for Trend Micro Protectlink Web, and a 3 year contract for Small Business Support Service for the unit.Right now we are trying to setup the VIP functionality but it is not going very well. To sum it up in a few words, we cannot get the SA540 to prompt the SSL VPN users to enter the 6-digit access code.
We setup an account at Verisign and requested a trial for VIP. They promptly setup the trial account. Getting everything setup was a breeze. The Verisign website is very well documented. They even had specific instructions for Cisco SA500 Series routers!!! We were very impressed with Verisign's implemenation. We are able to get our SA540 to talk to Verisign (basically, when we activate or deactivate an SSL VPN VIP user in the SA540 web GUI, you can immediately see it enabling or disabling the user on the Verisign website... it is very cool).Unfortunately no matter what we do, we cannot get the SA540 to prompt the SSL VPN user to enter the one time 6-digit code. In this case, we are using Verisign's iPhone app called 'VIP Access'.
I called into the SBSC and talked to a guy. I felt really bad for him. He used WebEx to log into my desktop and I showed, and explained, to him how all of it worked (setting up VIP in the SA540 web GUI, as well as, and the Verisign website). He had no clue about Verisign, VIP, or the two-factor authentacation concept at all. I told him that he needed to escalate my case to the SA500 Series team, but of course he had to try. He was supposed to call me back yesterday or today. I am sure he is dreading calling me back as he probably still has no clue.
How to use the VIP functionality? Or how it works and set it up? We would like to at least get it to work before our 30-day trial period is up. I have a distinct feeling that the functionality used to work, but Cisco hasn't kept up the firmware with all the latest back-end API calls to Verisign or something similar.
We require UPnP (mainly for an in-house built FTP Server app that uses UPnP to dynamically open/close ports for Passive FTP mode) and have found it's implementation in the SA540 is unreliable. Sometimes UPnP works after a reboot, sometimes it doesn't. When it does work after a reboot it will eventually stop working. Going into the web GUI and turning UPnP off and back on always fixes for a while.
Is this a known issue with the SA500 Series routers? We had an RV220W deployed first, but it's UPnP implementation was even more unreliable. That said, it seems that the latest Beta firmware version for the RV220W has fixed the issue. Could it be that the same fix needs to be applied to the SA540?I was planning on opening a cause with the CSBC at some point like I did with the RV220W, but I'd rather not spent the time doing so if the this is a known issue.
Installing a SSL certificate from DigiCert on a SA540 router? The SSL certificate is a wildcard variant (*.example.com).
View 1 Replies View RelatedI want to build a "hub and spoke" topology for one of my clients. For the "HUB" , I'm planning to use an SA540, with a static public IP provided by a 4Mb SDSL. For the "spokes" (21 at the moment), I'm planning to use RV120. They will be behind a NAT, provided by a "SAGEM LIVEBOX", and a static public IP. The boss will connect to the HUB using Cisco VPN client, or quickVPN, and get access to all the spokes. Some spokes will have to connect to each other, via the HUB. I searched a long time on this forum and reading documentation, but I didn't find at the moment the answer to my question : is this topology suitable with the choosen hardwares ?
View 7 Replies View RelatedWe have just purchased a license L-PL-GW-100MAX-3= Protect Link Gateway: Unlimited Web + 100 Max Email Seats,3YR. I found that it does not include IPS license. I cannot find anywhere where I can purchase an IPS license for SA540 gateway. It seems to be available only as a bundled product when purchasing the hardware.
View 1 Replies View RelatedLooking for routing with an SA540 router connecting to corporate VPN.We have an odd configuration that is beyond the scope of what I have configured previously with these devices..I am trying to configure the routing to the additional IP addresses listed for the HQ. The VPN tunnel between the .26.120.x and the .17.0.0 networks is built however it does not appear to be routing. The Cisco administrator at the HQ site says that they have "fully configured the routing" from all the listed IP addresses back through the VPN tunnel. The options I am unsure of for configuration of the SA540 router are: GW - I believe that I use the internal IP address of the 17.26.120.x router.Is this logical since the VPN tunnel. We are using NAT for the firewall internally.The existing 3 172.26.x.x VPN tunnels are live and working and fully routing between themselves.
View 2 Replies View RelatedI went through the install procedure outlined in the ProtectLink Gateway install manual and i activated the ProtectLink Web product through Trend Micro (which shows up through their web site as a registered product to me). It still doesn't show up as installed on the SA540 (under Administration/License Management screen). When I try to activate the product again, it shows as "Already registered". Trend has no idea why it won't work. They said Cisco sold the license, so try their support.
View 1 Replies View RelatedI'm trying to figure out why recipients of emails from my company show that the mail is coming from our dedicated wan ip instead of the ip alias setup thru the dedicated wan.The external ip address for the sa540, wan1 (no optional interface), is 82.134.79.122.The ip alias is 62.97.213.156 mail. unitec hsubsea. com resolves to 62.97.213.156 for external dns yet it is reporting as the 82.134.79.122 for some recipients.The mail server was never setup with the 82.134.79.122 ip so i don't think this is a dns cache issue.What issue in the SA540 would cause the system to show as mail coming from 82.134.79.122 instead of the ip alias 62.97.213.156?
View 0 Replies View RelatedIs it possible to re-route our Site 2 Site VPN over our Static Route (T1) if the WAN fails?
View 1 Replies View RelatedI just got digital cable, phone and internet and when I try to use the digital phone and internet at the same time, the internet wouldn't work. Its connected through Netgear N300. The wireless connection will not stay connected.
View 1 Replies View RelatedIs Anyconnect supported for SA540 I have installed in on my android phone however I keep getting error "Unable to process data received from secure gateway" when trying to connect. If anyconnect is supported on SA540 how do I get it working?
View 1 Replies View RelatedIs it possible to use IP "aliases" on an ASA5505 to use as static NAT public IPs to private IPs? For example, I have int e0/0 connected to my ISP using a /30 subnet and I have my private LAN connected to e0/1 with a /24 subnet. At the moment I can use the one usable IP from the /30 to NAT to the private LAN. The ISP is also routing a /28 subnet to the one public IP of the ASA. I would like to use some of the /28 IPs for NAT also. Can it be as easy as just adding the NAT commands? I figure I would have to add that subnet to the ASA somehow, no? In other devices (including the SA520) they use a concept called IP aliases whereby you define what additional IPs the device can use in its NAT config. Does the ASA support aliases? Maybe I have to do something with VLANs?
View 2 Replies View RelatedI've been noticing that occasionally our 2nd Gen RV082 fails to allow internal admin management until a manual restart. After the restart, all seems to be fine and traffic/router is very responsive. The following describes typically how the issue occurs: Internet traffic is rather slow and unresponsiveContent is failing to load for end usersWebsite are loading but with images or css failing to loadWebsites fail to load and appear offline (not all, but some such as ebay for example)We recognize there is a problem, let's try to access the local router adminFails to load the log-in prompt, so we manually reboot the deviceAll is operational for now We are running Firmware Version: 2.0.0.19-tm. [URL]
View 2 Replies View RelatedWhen I ping an address from my windows machine, it succeeds, but when I ping to the same IP on my MAC OS X machine, it fails.
1. Why?
2. How to get successful ping on my MAC machine?
We have done the site to site VPN between Fortinet and Cisco SA540. Everything is configured at both ends but the tunnel is not establised.
View 4 Replies View RelatedI installed a new SA540 and configured some NAT rules for my Exchange server. Everything worked fine untill I did a firmware upgrade.Now the NAT rules won't work on my dedicated WAN.On the Optional WAN (load balancing) the NAT rules work fine.
View 1 Replies View RelatedI have tried to establish a VPN-Connection from Ipad (via the Ipad built-in vpn-client) to a SA540.Unfortunately without any results. I get the message "Server is not responding". (A VPN Connection from a normal Software-Client running on W7 works fine).
View 0 Replies View RelatedI was very excited to read about the two factor authentication that Cisco and Verisign offer through the VIP and SA500 series routers. I purchased an SA540 a month and a half ago. I have been on the phone with support of both Cisco and Verisign ever since. It appears no one actually knows how to make the product work. Finally I was told that they have only tested it on an SA520. So I bought an SA520; however, it doesn't work either. How to use the Verisign VIP two factor authentication with either an SA520 or SA540? If so, what is the trick? If not, how is Cisco advertising this product if it doesn't actually work?
View 3 Replies View RelatedWe are using the cisco sa540 router and shrew VPN to connect to our buiness network, mostly to connect to the workstations with RDP. Now we wonder if it posible that the connection will disconnect automaticly after an idle time of for example 30 minutes. And if so, how can i configure it?
View 4 Replies View RelatedSetup: SA540 (fw 2.1.71) with pretty basic configuration, no VLANs or QoS. Wireless APs and 3 large Netgear gigabit switches plugged straight into the SA540 LAN ports. Wireless APs are: 1 Aiport Express, 1 Linksys WRT54GL, and 1 Asus RT-N56U.
Problem: network speeds (transferring files) to the servers from wired and wireless workstations is very slow, around 200kBps.
Resoultion: plug the wireless APs into the Netgear switches instead.
Notes: any connection through each of the wireless APs was very slow, but not a signal problem. Even when plugging straight into one of the wireless AP's inbuilt switches, the speed is slow. Only when unplugging these APs from the SA540, and plugging the APs into any of the Netgear switches, does the transfer speed go back to normal even when the traffic still goes through the SA540 to reach the destination.
I don't understand why creating this extra hop between switches would be useful, and why plugging the APs directly into the SA540 is an issue.
I have a Cisco 4404 WLC that is up, has green status light, the interfaces are showing activity. I see it connected to my Cisco 6500, (Sh port status) it shows connected and trunking,; I also see a lot of activity on the interfaces. Also it will not let me console in, I can console in on my other Cisco 4404 WLC's with out and issues, so I know my cables and configure are correct. The only change a I made today was the time zone. I noticed the time was off by a hour and noticed that the time zone wasn't set so I set it correctly. Shortly after that I saw the WLC go belly o up in my WCS. I tried rebooting the WLC several times without luck. Since I can not gain access via the console I can not really trouble shoot.
View 10 Replies View RelatedI have an ASA 5510 and two IPS connections. I need ISP2 to take over when ISP1 does not respond. I have followed the following link ASA/PIX 7.x: Redundant or Backup ISP Links Configuration Example and as far as i can see this part is working. I disable interface for ISP1 and the routing table changes its static route to ISP2. When i enable ISP1 again the static route changes to ISP1. However no traffic flows to the outside. I have set up a nat rule that is the same as for wan1.
View 10 Replies View RelatedCisco 851 router Apple Ipad 3 using IPSEC setp get this message The VPN server did not respond. I have tried Anyconnect that gives me Cannot verify server identity anyconnect can't verify the identity of ios-self-signed-certificate-1164042433 would you like to continue anyway? hit continue and it just goes off. I was asking if If get an ASA 5505 to replace my 851 it would work in my environment.
I have 15 computers accessing the web thru the 851. I host a web site on one of my servers. I have a static ip address. I also host exchange server and have remote web access to my exchange as well as remote outlook users. I can VPN thru the 851 using the cisco client on Windows 7 and vista and even xp. Would like to use the native windows client and get my iphones and ipads working. Can the ASA5505 support the above? Was also looking at the cisco 1841 how about that one?
It is good at times but usually it gets slow and web pages come up with "The web page is taking too long to respond". When I run Diagnose, sometimes I get the computer is correctly configured, but something is wrong with the DNS server (I dont know what that is). I have a NetGear CGD24G Wireless Router that was supplied by Charter when I got internet from them again. I also run Windows 7.
View 12 Replies View RelatedSGE2010P won't Switch respond to login after reboot
View 1 Replies View RelatedI'm trying to set up an 802.1 q trunk between my layer 3 switch and ASA5520. I understand I need to create a subinterface to accomplish this and have done so. However, the subinterface does not respond to pings, and when I attempt to run the packet tracer on the firewall itself, I get a message saying Flow is denied by configured rule. But the strange thing is it shows the output interface as "np identity ifc":
(The VLAN in question is VLAN2 192.168.2.3 is the VLAN2 address on the switch). The ASA config is as follows:
ASA Version 8.2(5) <context>
hostname context2
names
!
interface GigabitEthernet0/0.2
nameif Inside0/0.2
[Code] ....
I've been using my 2509 router as an access server for my 3 routers, 1 frame-relay (3640) and 4 switches for the past 2 months and it work great till this morning. As soon as the async lights on when i try to connect, it just hangs. It doesn’t respond to anything. No key hits not even disconnecting the console to where im connecting too. (from router to router) if i reboot the router with out the cord plug in (the async) i can use the router with all functions working great; But as soon as i connect the async cord.
The lights blink and poof router is gone. No response. i just cant figure how from one day to the next it doesn’t work.I haven't tried a different cable yet but i tried disconnecting all console connection and just left the plug in and boot. This works but as soon as i connect to any console port physically it gone. No response?i cleared all my configes and its blank and it still just doesn’t respond as soon as i connect any thing (after configuring all the basic)
ive tried these
line 1 8
no flush-at-activation
no login local
no modem Dialin
no exec
speed 9600
still no good?
I have a DIR-655 (HW rev A2) that has worked mostly fine for a long time. Today I decided to do a firmware upgrade, and in preparation I backed up my custom config settings and did a hard reset via the factory reset button on the back of the unit.
Since then, the unit itself has been inaccessible from my computer. If I connect the DIR-655 and a PC with a network cable, the appropriate light goes on on the front of the router, but the client does not lease an IP address from the router and I can't access the router home page at 192.168.0.1.
I have tried the reset button again and also power-cycled multiple times, and I have tried connecting from multiple computers, all with the same unsuccessful results. how to "un-brick" the device?
How can I measure a respond time from a switchport to another? What I intend to do is to measure packets transmission from a server. I have a Cisco 3750G in stack, and the server is connecting to it with a 1GE NIC. How do I measure from Cisco prospective? Any tools available from Cisco to measure such respond time? I have a PRTG on bandwidth management on this particular server switchport and it is around 45-70Mbps, which is less than 10% of 1GE interface.
View 3 Replies View RelatedWe are experiencing a lot of these RADIUS failed to respond messages on our WLC's leading to a lot of RADIUS server hopping within the WLC.We are using Cisco 5508's, 1142 AP's and a Microsoft NPS RADIUS backend. SSID is WPA2+802.1xThe first workaround to this problem was to disable aggressive failover on the WLC. But this is only a temporary fix, because in the end, there will be more than 3 consequetive clients, failing to authenticate to the WLAN network. As a result, the WLC will swap to the 2nd RADIUS server configured.When we dived into this a little bit more we saw the following messages being logged on the RADIUS backend at the time we saw the RADIUS messages on the WL:Event ID: 6274: Network Policy Server discarded the request for a user.
View 16 Replies View RelatedI have several windows 2003 virtualized on linux + kvm envirorment.One of them has a strange and unpredictable behaviour: windows 2003 network stop to work.Suddenly it's not possible to ping it. The services are not reachable.Usually it's enough to disable the network card and enable it again.At first I thought something about virtualization but there is another windows 2003 on the same server, with a network card on the same bridge, using the same drivers.
View 1 Replies View Related