Is Anyconnect supported for SA540 I have installed in on my android phone however I keep getting error "Unable to process data received from secure gateway" when trying to connect. If anyconnect is supported on SA540 how do I get it working?
View 1 RepliesWe have just purchased a license L-PL-GW-100MAX-3= Protect Link Gateway: Unlimited Web + 100 Max Email Seats,3YR. I found that it does not include IPS license. I cannot find anywhere where I can purchase an IPS license for SA540 gateway. It seems to be available only as a bundled product when purchasing the hardware.
View 1 Replies View RelatedHow can I prevent them from seeing the data i receive & send i was told vpn was a route to take but after some searching i found a lot of threads saying different is vpn a best way to go about blocking my isp from seeing data received & sent
View 1 Replies View RelatedWhat is the best antivirus that is available to keep my network secure from data mining?
View 2 Replies View RelatedWe have a Cisco SA540. It has been an extremely reliable UTM router. Other than SSL VPN not working for Mac OSX, we are very pleased with the unit.We have a 3 year contract for IPS, a 3 year contract for Trend Micro Protectlink Web, and a 3 year contract for Small Business Support Service for the unit.Right now we are trying to setup the VIP functionality but it is not going very well. To sum it up in a few words, we cannot get the SA540 to prompt the SSL VPN users to enter the 6-digit access code.
We setup an account at Verisign and requested a trial for VIP. They promptly setup the trial account. Getting everything setup was a breeze. The Verisign website is very well documented. They even had specific instructions for Cisco SA500 Series routers!!! We were very impressed with Verisign's implemenation. We are able to get our SA540 to talk to Verisign (basically, when we activate or deactivate an SSL VPN VIP user in the SA540 web GUI, you can immediately see it enabling or disabling the user on the Verisign website... it is very cool).Unfortunately no matter what we do, we cannot get the SA540 to prompt the SSL VPN user to enter the one time 6-digit code. In this case, we are using Verisign's iPhone app called 'VIP Access'.
I called into the SBSC and talked to a guy. I felt really bad for him. He used WebEx to log into my desktop and I showed, and explained, to him how all of it worked (setting up VIP in the SA540 web GUI, as well as, and the Verisign website). He had no clue about Verisign, VIP, or the two-factor authentacation concept at all. I told him that he needed to escalate my case to the SA500 Series team, but of course he had to try. He was supposed to call me back yesterday or today. I am sure he is dreading calling me back as he probably still has no clue.
How to use the VIP functionality? Or how it works and set it up? We would like to at least get it to work before our 30-day trial period is up. I have a distinct feeling that the functionality used to work, but Cisco hasn't kept up the firmware with all the latest back-end API calls to Verisign or something similar.
We require UPnP (mainly for an in-house built FTP Server app that uses UPnP to dynamically open/close ports for Passive FTP mode) and have found it's implementation in the SA540 is unreliable. Sometimes UPnP works after a reboot, sometimes it doesn't. When it does work after a reboot it will eventually stop working. Going into the web GUI and turning UPnP off and back on always fixes for a while.
Is this a known issue with the SA500 Series routers? We had an RV220W deployed first, but it's UPnP implementation was even more unreliable. That said, it seems that the latest Beta firmware version for the RV220W has fixed the issue. Could it be that the same fix needs to be applied to the SA540?I was planning on opening a cause with the CSBC at some point like I did with the RV220W, but I'd rather not spent the time doing so if the this is a known issue.
Installing a SSL certificate from DigiCert on a SA540 router? The SSL certificate is a wildcard variant (*.example.com).
View 1 Replies View RelatedI want to build a "hub and spoke" topology for one of my clients. For the "HUB" , I'm planning to use an SA540, with a static public IP provided by a 4Mb SDSL. For the "spokes" (21 at the moment), I'm planning to use RV120. They will be behind a NAT, provided by a "SAGEM LIVEBOX", and a static public IP. The boss will connect to the HUB using Cisco VPN client, or quickVPN, and get access to all the spokes. Some spokes will have to connect to each other, via the HUB. I searched a long time on this forum and reading documentation, but I didn't find at the moment the answer to my question : is this topology suitable with the choosen hardwares ?
View 7 Replies View RelatedLooking for routing with an SA540 router connecting to corporate VPN.We have an odd configuration that is beyond the scope of what I have configured previously with these devices..I am trying to configure the routing to the additional IP addresses listed for the HQ. The VPN tunnel between the .26.120.x and the .17.0.0 networks is built however it does not appear to be routing. The Cisco administrator at the HQ site says that they have "fully configured the routing" from all the listed IP addresses back through the VPN tunnel. The options I am unsure of for configuration of the SA540 router are: GW - I believe that I use the internal IP address of the 17.26.120.x router.Is this logical since the VPN tunnel. We are using NAT for the firewall internally.The existing 3 172.26.x.x VPN tunnels are live and working and fully routing between themselves.
View 2 Replies View RelatedI hope an easy question, in the WAN profile of our SA540 I have IP Aliases configured for a block of IP addresses we have. The active 2 IP addresses plugged into the actual RoadRunner modem respond fine to ping, the other three I have programmed to the WAN interface are not responding as I would think they should. Have I overlooked something? The "Block IP on WAN Interface" is disabled and pings back fine.
View 3 Replies View RelatedI went through the install procedure outlined in the ProtectLink Gateway install manual and i activated the ProtectLink Web product through Trend Micro (which shows up through their web site as a registered product to me). It still doesn't show up as installed on the SA540 (under Administration/License Management screen). When I try to activate the product again, it shows as "Already registered". Trend has no idea why it won't work. They said Cisco sold the license, so try their support.
View 1 Replies View RelatedI'm trying to figure out why recipients of emails from my company show that the mail is coming from our dedicated wan ip instead of the ip alias setup thru the dedicated wan.The external ip address for the sa540, wan1 (no optional interface), is 82.134.79.122.The ip alias is 62.97.213.156 mail. unitec hsubsea. com resolves to 62.97.213.156 for external dns yet it is reporting as the 82.134.79.122 for some recipients.The mail server was never setup with the 82.134.79.122 ip so i don't think this is a dns cache issue.What issue in the SA540 would cause the system to show as mail coming from 82.134.79.122 instead of the ip alias 62.97.213.156?
View 0 Replies View RelatedIs it possible to re-route our Site 2 Site VPN over our Static Route (T1) if the WAN fails?
View 1 Replies View RelatedTwo ASA-5510 in Failover.I already have several VPN with Cisco VPN client.Now I have the requirement to activate new AnyConnect VPN, witch "migrate" the old VPN to.The customer does not want to purchase licenses for SSL VPN, and then I have to configure the AnyConnect on IPSEC.I read that AnyConnect over IPSEC don't need SSL license - is this right?
Client version 2.5.3055.On the ASA with 8.4.2 (ASDM 6.4.7) I don't find HOW to configure the IPSEC for AnyConnect, while a friend of mine with 8.4.3 did it.Is there a way to configure using CLI, or is an item of the 8.4.2 ?When I try to connect, after authenticating Username & Password, I receive (on the client) a message "AnyConnect was not able to establish a connection to the specified secure gateway." On the "Real Time Log Viewer" I see only SSL, never IKE nor IPSEC
I could not connect from an anyconnect stand alone client to asa.Client shows "Unable to process response from x.x.x.x" error message,ASA debug webvpn anyconnect doesn't show any debug information.However debug http shows below
EVET-5580-022(config)# HTTP: processing handoff to legacy admin server [/]HTTP: session verified = [0]HTTP: processing GET URL '/' from host mymachineipHTTP: redirecting to: /admin/public/index.htmlHTTP: session verified = [0]HTTP: processing GET URL '/admin/public/index.html' from host mymachineip URL
I am using 2.5.0217 client . Also attached the tunnel and group-policy configurations.
I've got two RV082's connected. Each has a dynamic IP (changes typically every few weeks). I've configured the tunnels on both ends with a local and remote "Remote/Local Security Gateway Type" of "Dynamic IP + Domain Name(FQDN) Authentication".If I look at the VPN Summary tunnel status, it shows an IP address of "mydomain.dyndns.org 0.0.0.0" under the "Remote Gateway" column heading. The Tunnel Test "Connect" button is N/A.I can resolve both of the mydomain.dyndns.org entries on both sides of each VPN using the Diagnostic DNS lookup tool within each router. If I hardwire a fixed IP address for the Local and Remote Gateway everything works just fine. VPN is good.
I just can't seem to get the "mydomain.dyndns.org" function to work. It appears the router can't resolve the dynamic IP from the domain names on each of the routers.
I replace our aging rv082 routers with wireless rv220w routers. The gateway to gateway vpn works great, however I am no longer able to manage our print servers port 80 management page. I can ping any host with success, and I can manage hosts that have a port 10000 or 8000 web interface - but no port 80 ones... I had no issues when using the old rv082 routers...
View 0 Replies View RelatedI picked up a pair of RV220W's and before I spent loads of time at a remote site, I figured I'd go through some VPN testing at home to make sure I could get it setup properly. What this means is I've plugged the Internet uplink into a switch, then from the switch into both routers & configured them (using unique static IP's for each) from there. For what its worth: While I have some IT experience, I don't have strong networking experience.
I setup several VLAN's on the local RV220W, and the end result is to make it so that an asset at the remote site with an IP in any of the ranges (192.168.121.0/24, 192.168.131.0/24, 192.168.141.0/24 and any future VLANs) can communicate with/access resouces at the local site. Likewise, an asset at the local site with an IP in any of the ranges (.121, .131, .141 + any future VLANs) should be able to reach the remote resources (currently just 192.168.181.0/24, but future VLANs as well).
This evening I tried to focus on the relevant VPN pages of the Administration Guide to get the VPN up. Leaving the defaults I got as far as establishing a link between both sites and it seems that things are working right: From the remote site (.181) I can access the local site (.121, .131, .141); and from the local site I can at least ping resources (a laptop) on the remote site. (Yay!)
However, when I physically connected an asset that had a 192.168.121.X, 192.168.131.X and 192.168.141.X IP addresses to the remote RV220W (which is 192.168.181.0/24), I couldn't see it from the remote or local sites.I assume this is expected. But I'm reaching out to the community to see what other possibilities might be available becuase networking is a weak area for me. I figured it might be something like a Static [or Dynamic] Route but I really am not 100% sure.
'TECHNICAL' SPECS
Local Router LAN/WAN Settings:
LAN IP: 192.168.121.1 on default VLAN (1)
VLAN 13 defined 192.168.131.1 with DHCP enabled; Reservations created outside of DHCP scope
VLAN 14 defined 192.168.141.1 with DHCP enabled, Reservations created outside of DHCP scope
Inter VLAN Routing enabled for all VLANs
[URL]
I have two core switches - 4506E, and i noticed there are frequent cpu spikes on both of the cores switches. As its spikes intermitendly i couldnt able to anlyze the issue. I need inputs on the following,
1) Is there any Free CPU process monitoring tools to identify which process is spiking ?
2) Troubleshooting techniques to identify the issue.
Can I have use a Gateway-to-Gateway IPSec tunnel whereby a user can surf the Internet using his local Internet connection and at the same time connect through the IPSec tunnel to a remote subnet using RVS4000 routers?
View 1 Replies View RelatedI have two Cisco RV042 Routers, they are being used to connect two offices, i have created a standard gateway to gateway connection, fixed public ip addresses on both sides and everything works fine, except when the tunnel gets disconnected, it does not connect back automatically, i have to log into either router console and click the connect button to get the tunnel working again, this is really annoying since it happens once or twice a day at least.
View 2 Replies View RelatedNew hardware here, requesting a bit of your knowledge, We are tryingin to setup a simple gateway to gateway VPN
HomeA Has an RV016 with a public static IP
Local Group Security Gateway type is IP Only with the IP
Local Security Group Type is Subnet, with the local IP class 192.160.0.0
Remote Security Gateway Type: Dynamic + Email
Email address some@emailaddress.com
Remote Security Group Type: Subnet
IP Address 192.168.1.0
IPSec Setup as default with nice password.
HomeB has an RV082 with a dynamic ADSL link
Local Group Security Gateway type is DynamicIP +Email
Email address some@emailaddress.com
Local Security Group Type is Subnet, with the local IP class 192.160.1.0
Remote Security Gateway Type: IP Only
Remote Security Group Type: Subnet
IP Address 192.168.0.0
IPSec Setup as default with nice password.
The idea is for HomeB which has a dynamic IP, to reach HomeA, which has a static IP and connect. But they just wont. I have not clue what's wrong, I followed the instructions, maybe i miss interpreted something. I could share the VPN logs for both., Im getting a lot of errors there.
I have a pair of RV082 routers and I'd like to configure gateway to gateway VPN tunnel as described in a cookbook, "How to configure a VPN tunnel that routes all traffic to the Remote Gateway," (file name Small_business_router_tunnel_Branch_to_Main.doc). I followed this cookbook and found that my while the Main office has internet connectivity, the branch subnet doesn't have internet connectivity.
Routing does behave as advertised, where all traffic does go to the main office. However, the 192.168.1.0 subnet in the branch office does not get internet connectivity. I've read in other posts that the Main office router will only provide NAT for the local subnet, not the branch office subnet. Is there a way to configure the RV082 router to provide NAT for all subnets?
If not, which Cisco product will provide the VPN Tunnel connectivity as well as the NAT for all subnets? Can the RV082 be used as part of the final solution or are my RV082s a wasted expenditure?
Following is the configuration that I'd implemented, (real IP and IKE keys are bogus).
Gateway To Gateway
Remote Main Office
Add a New Tunnel
Tunnel No. 1 2
Tunnel Name : n1-2122012_n2-1282012 n1-2122012_n2-1282012
Interface : WAN1 WAN1
[code].....
I have two Cisco RV8082 Routers which I would like to setup a VPN Tunnel with Gateway to Gateway. One location is a static IP Address. The other location is a dynamic IP address.
View 2 Replies View RelatedI've been wrestling with a Windows XP reinstall that wiped out my network adapter. Fortunately I found D-Link AirPlus Utility and have restored it. However, now it says that windows was unable to find a certificate to log me on to the network, although I have entered the correct key.
View 1 Replies View RelatedI have a RVS4000 and just received a log entry "Kris is unlocked".
View 1 Replies View RelatedI am trying to set up a gateway to gateway VPN connection between a RV042G (central site) and a RV110W (newest firmware) which is used for presentation purposes on various customer's sites. The RV042G has a static IP. The RV110W has different IPs, depending on where it is used.
Basic VPN settings are clear to me (we have another VPN between two RV042G with static IPs). I set up the VPN connection on the RV042G wth the following settings for "Remote Group Setup":
Remote Security Gateway Type : IP + Domain Name (FQDN) Authentication IP by DNS resolved: mydomain.no-ip.org Domain Name: router12345
The value "router12345" is what I have configured in the RV110W as "Host name" in the network settings.
This configuration does not work so I am obviously doing something wrong. Do I have to use "router12345.mydomain.local" instead if I configured "mydomain.local" as the domain name in the RV110Ws network settings? For my tests the RV110W has a WAN-IP of 192.168.178.100 because it is located behind a DSL-Router. The external IP of this DSL-router is 178.0.x.x. The resolved IP from mydomain.no-ip-org is 192.168.178.100 but when I look in the RV042G log I see the requests coming withg the external IP (178.0.x.x). Is this the problem? The last message I see in the log is "no connection has been authorized with policy=PSK".
Or can I use "IP + Email Address (USER FQDN) Authentication" instead (where can I enter this email address in the RV110W?). Or do I have to use "Dynamic IP"?
Six month ago I installed and configured a wireless mesh with the equipment named. From two weeks ago one AP (MAP) restarts every day. In Wireless Lan Controller appears this logs:
"Unable to find AP entry in the database, could not process statistics information"
I exchanged a RV042 v1.2 (Firmware 1.3.13.02) by a new RV042G v3. (Firmware 4.2.1.02).
My problem is now the following: The old RV042 established the Gateway to gateway VPN connection as soon as an IP- address of the remote location was requested. The new RV042G stays on „Waiting for connection“ all the time and does nothing at all. The connection works by clicking „CONNECT“ or by ticking Keep-Alive in the advanced tunnel settings but NOT automatically as before. Is this a firmware issue or have I to configure something additional?
I have problems with the RV042 router. Currently I have two Internet service is the first DSL service and the other is through cable. The problem is because the router is not doing the redundancy process. For example if DSL service fails, the cable internet service does not come automatically. You have to disconnect and connect manually to maintain the connection to the Internet. Should not the router do this automatically without intervention?
View 1 Replies View RelatedTell me the process to connect TWO ADSL Router
View 1 Replies View RelatedI have a Cisco E1000 that I was changing settings on and now I cannot connect when I have a secure connection. I can connect when I disable security, I can also connect with a USB wireless adapter. Anyone else can connect to the wireless, but I cannot with my internal wireless adapater if the router is in secure mode, but I can with unsecure mode. I'm not sure what I changed or when, or if it is a coincidence. I'm using Windows Vista Home Edition. I have two wireless connections. The wireless 2 with the netgear adapter is working but the wireless with the Atheros is not. The wireless connector works with other other networks, just not the Cisco E1000 and the Cisco E1000 works with other computers. When I connect with the Atheros to the Cisco it just shows "Local Only".
Windows IP Configuration
Host Name . . . . . . . . . . . . : Owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No[code].....
i now learning about SSLVPN, and i already install license in 1941 with SSL and security9 License, i learning how to make a gateway for SSLVPN full tunnel, but i meet an obstacles, when i go to my wan ip address https://wan ip address, the browser give this
SSL connection error Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error
[code]...