Cisco Routers :: SA540 And SSL Certificate From DigiCert?
Jan 26, 2012Installing a SSL certificate from DigiCert on a SA540 router? The SSL certificate is a wildcard variant (*.example.com).
View 1 Replies
ADVERTISEMENT
Cisco Routers :: Symantec VIP Users Out There SA540
Jul 16, 2012We have a Cisco SA540. It has been an extremely reliable UTM router. Other than SSL VPN not working for Mac OSX, we are very pleased with the unit.We have a 3 year contract for IPS, a 3 year contract for Trend Micro Protectlink Web, and a 3 year contract for Small Business Support Service for the unit.Right now we are trying to setup the VIP functionality but it is not going very well. To sum it up in a few words, we cannot get the SA540 to prompt the SSL VPN users to enter the 6-digit access code.
We setup an account at Verisign and requested a trial for VIP. They promptly setup the trial account. Getting everything setup was a breeze. The Verisign website is very well documented. They even had specific instructions for Cisco SA500 Series routers!!! We were very impressed with Verisign's implemenation. We are able to get our SA540 to talk to Verisign (basically, when we activate or deactivate an SSL VPN VIP user in the SA540 web GUI, you can immediately see it enabling or disabling the user on the Verisign website... it is very cool).Unfortunately no matter what we do, we cannot get the SA540 to prompt the SSL VPN user to enter the one time 6-digit code. In this case, we are using Verisign's iPhone app called 'VIP Access'.
I called into the SBSC and talked to a guy. I felt really bad for him. He used WebEx to log into my desktop and I showed, and explained, to him how all of it worked (setting up VIP in the SA540 web GUI, as well as, and the Verisign website). He had no clue about Verisign, VIP, or the two-factor authentacation concept at all. I told him that he needed to escalate my case to the SA500 Series team, but of course he had to try. He was supposed to call me back yesterday or today. I am sure he is dreading calling me back as he probably still has no clue.
How to use the VIP functionality? Or how it works and set it up? We would like to at least get it to work before our 30-day trial period is up. I have a distinct feeling that the functionality used to work, but Cisco hasn't kept up the firmware with all the latest back-end API calls to Verisign or something similar.
Cisco Routers :: UPnP Is Unreliable In SA540
Mar 1, 2012We require UPnP (mainly for an in-house built FTP Server app that uses UPnP to dynamically open/close ports for Passive FTP mode) and have found it's implementation in the SA540 is unreliable. Sometimes UPnP works after a reboot, sometimes it doesn't. When it does work after a reboot it will eventually stop working. Going into the web GUI and turning UPnP off and back on always fixes for a while.
Is this a known issue with the SA500 Series routers? We had an RV220W deployed first, but it's UPnP implementation was even more unreliable. That said, it seems that the latest Beta firmware version for the RV220W has fixed the issue. Could it be that the same fix needs to be applied to the SA540?I was planning on opening a cause with the CSBC at some point like I did with the RV220W, but I'd rather not spent the time doing so if the this is a known issue.
Cisco Routers :: Hub And Spoke Between SA540 And RV120
Jul 11, 2011I want to build a "hub and spoke" topology for one of my clients. For the "HUB" , I'm planning to use an SA540, with a static public IP provided by a 4Mb SDSL. For the "spokes" (21 at the moment), I'm planning to use RV120. They will be behind a NAT, provided by a "SAGEM LIVEBOX", and a static public IP. The boss will connect to the HUB using Cisco VPN client, or quickVPN, and get access to all the spokes. Some spokes will have to connect to each other, via the HUB. I searched a long time on this forum and reading documentation, but I didn't find at the moment the answer to my question : is this topology suitable with the choosen hardwares ?
View 7 Replies View RelatedCisco Routers :: IPS License For SA540 Gateway
Apr 5, 2013We have just purchased a license L-PL-GW-100MAX-3= Protect Link Gateway: Unlimited Web + 100 Max Email Seats,3YR. I found that it does not include IPS license. I cannot find anywhere where I can purchase an IPS license for SA540 gateway. It seems to be available only as a bundled product when purchasing the hardware.
View 1 Replies View RelatedCisco Routers :: Routing SA540 Connecting To Corporate VPN
May 21, 2012Looking for routing with an SA540 router connecting to corporate VPN.We have an odd configuration that is beyond the scope of what I have configured previously with these devices..I am trying to configure the routing to the additional IP addresses listed for the HQ. The VPN tunnel between the .26.120.x and the .17.0.0 networks is built however it does not appear to be routing. The Cisco administrator at the HQ site says that they have "fully configured the routing" from all the listed IP addresses back through the VPN tunnel. The options I am unsure of for configuration of the SA540 router are: GW - I believe that I use the internal IP address of the 17.26.120.x router.Is this logical since the VPN tunnel. We are using NAT for the firewall internally.The existing 3 172.26.x.x VPN tunnels are live and working and fully routing between themselves.
View 2 Replies View RelatedCisco Routers :: SA540 IP Aliases Respond To Ping
Oct 23, 2012I hope an easy question, in the WAN profile of our SA540 I have IP Aliases configured for a block of IP addresses we have. The active 2 IP addresses plugged into the actual RoadRunner modem respond fine to ping, the other three I have programmed to the WAN interface are not responding as I would think they should. Have I overlooked something? The "Block IP on WAN Interface" is disabled and pings back fine.
View 3 Replies View RelatedCisco Routers :: SA540 Protect Link Web Activation
Sep 13, 2011I went through the install procedure outlined in the ProtectLink Gateway install manual and i activated the ProtectLink Web product through Trend Micro (which shows up through their web site as a registered product to me). It still doesn't show up as installed on the SA540 (under Administration/License Management screen). When I try to activate the product again, it shows as "Already registered". Trend has no idea why it won't work. They said Cisco sold the license, so try their support.
View 1 Replies View RelatedCisco Routers :: Sa540 Ip Alias External Ip Showing Dedicated Wan
Jul 13, 2012I'm trying to figure out why recipients of emails from my company show that the mail is coming from our dedicated wan ip instead of the ip alias setup thru the dedicated wan.The external ip address for the sa540, wan1 (no optional interface), is 82.134.79.122.The ip alias is 62.97.213.156 mail. unitec hsubsea. com resolves to 62.97.213.156 for external dns yet it is reporting as the 82.134.79.122 for some recipients.The mail server was never setup with the 82.134.79.122 ip so i don't think this is a dns cache issue.What issue in the SA540 would cause the system to show as mail coming from 82.134.79.122 instead of the ip alias 62.97.213.156?
View 0 Replies View RelatedCisco Routers :: Re-Route To Static T1 If Ipsec VPN Fails (SA520 / SA540)?
Dec 30, 2011Is it possible to re-route our Site 2 Site VPN over our Static Route (T1) if the WAN fails?
View 1 Replies View RelatedCisco Routers :: SA540 / Unable To Process Data Received From Secure Gateway
Dec 26, 2011Is Anyconnect supported for SA540 I have installed in on my android phone however I keep getting error "Unable to process data received from secure gateway" when trying to connect. If anyconnect is supported on SA540 how do I get it working?
View 1 Replies View RelatedCisco AAA/Identity/Nac :: %ASA-3-717009 / Certificate Validation Failed / Certificate Date Is Out-of-range
Jan 30, 2012There is ASA with remote access VPN and users are authenticated using third party signed certificates (CA is not local in ASA).When user certificate expires i can see it in syslog messages. For example:
%ASA-3-717009: Certificate validation failed. Certificate date is out-of-range, serial number: (...)
I would like to know if there is an opportunity to view user's certificate expiry date beforehand, say, 3 days before?
Cisco Routers :: Install SSL Certificate From CLI On SR520
Sep 13, 2011How to install an SSL key + certificate on our SR520 from the CLI. I have found the following document.
[URL]
I basically have the following files that I need to install:
Key file:
domainname.key
Certificates file:
AddTrustExternalCARoot.crt
[Code].....
Cisco Routers :: RV120W - SSL Certificate For Client
Oct 30, 2011When I try to export an SSL Certificate for a Client I get a htps . CSR file instead of the .PEM file. So, I can't update the client computer with the correct certificate.
Firmware: 1.0.2.6
Cisco AAA/Identity/Nac :: ISE 1.1.1 Don't Have Certificate Authority Certificate Anymore?
Oct 19, 2012i am working on ISE 1.1.1, surprisingly i couldn't found certificate authority certifiate at certificate operation anymore.
would it be the change on GUI? So now where i can import the CA certificate to ISE?
Cisco Routers :: RV042 Giving Out Certificate Instead Of Server?
Jan 28, 2013RV042 router is giving out the outer certificate instead of server certificate. Outlook anywhere is failing and we are receiving certificate errors for any secure site behind this firewall. I'm not talking about remote management. I'm talking about people trying to access our web site, which is secured, and getting an error because the RV042 is giving its own SSL certificate instead of the Server's certificate. Firmware Version: 1.3.13.02-tm. I don't see any updates for that hardware. I do have it working on an RV042 with the same firmware at a different location. How do we turn that off or keep it from happening? Output from a test site Attempting to resolve the host name xxxx in DNS.The host name resolved successfully. Additional DetailsTesting TCP port 443 on host xxxx to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. Test Steps ExRCA is attempting to obtain the SSL certificate from remote server xxxx on port 443. ExRCA successfully obtained the remote SSL certificate. Additional Details Remote Certificate Subject:
SN=California, L=Irvine, C=US, O="Cisco-Linksys, LLC", OU=RV042, CN=68:ef:bd:b8:0f:78, Issuer: SN=California, L=Irvine, C=US, O="Cisco-Linksys, LLC", OU=RV042, CN=68:ef:bd:b8:0f:78.Validating the certificate name. Certificate name validation failed. Tell me more about this issue and how to resolve it Additional Details Host name xxxx doesn't match any name found on the server certificate SN=California, L=Irvine, C=US, O="Cisco-Linksys, LLC", OU=RV042, CN=68:ef:bd:b8:0f:78.
Cisco Routers :: RV220W Invalid Certificate Error
Oct 15, 2012When I access setup on an RV220W with Internet Explorer, Mozilla or Safari the following message always displays:
"There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority. The security certificate presented by this website was issued for a different website's address."
I access the router by clicking on "Continue to this website (not recommended)."
This also happens anytime a URL filter is triggered by a client. I.e., clients do not see the "Blocked by Cisco Firewall" message unless they also click on the "Continue to this website (not recommended)." option.
Even worse, when I attempt to connect as a VPN, the SLLVPN applet gets java connection refused. This is why I bought this thing!
What do I need to do to fix all these certificate related errors?
Cisco Routers :: RV042 Giving Out Router Certificate Instead Of Server
Nov 28, 2012Just installed RV042 router. And it's giving out router certificate instead of server certificate so people who are trying to access our secured server are getting errors. I'm not talking about remote management. I'm talking about people trying to access our web site, which is secured, and getting an error because the RV042 is giving its own SSL certificate instead of the Server's certificate. How do we turn that off or keep it from happenning?
The RV042 firm version is v4.0.0.07-tm (Aug 19 2010 19:19:50)
Cisco Routers :: RV120W - Create New Unique Self-signed Certificate?
May 9, 2012how to create new unique self-signed certificate on RV120W? I can create request for singning by external CA, but I cannot create new unique self-signed certificate itself.
View 2 Replies View RelatedCisco Routers :: WRVS4400N - Server Certificate To Get VPN Client To Work?
Dec 12, 2011WRVS4400N Where is the Server Certificate located to get the VPN Client to work?
View 2 Replies View RelatedCisco Routers :: RV082 VPN Client Certificate Export Error
Jan 26, 2012When I attempt to export the certificate for the quickvpn client via the router web interface, it looks as if the export works, and it asks me to save the zip file. However, upon opening the zip file I receive the error: The compressed folder is invalid or corrupted.
This happens in multiple browsers, from multiple machines.
Cisco Routers :: RV-180W Certificate Errors With URL Blocking Feature
Jan 5, 2013I like to use "URL Blocking" with keywords in the firewall properties. When I activate this feauture, I get errors from the router certificate when I browsing to any site in the Internet. Is there a way to manage this problem without using a public certificate?
RV180W-Firmware-1.0.1.9
Cisco Routers :: Self-signed Certificate With RV220W And QuickVPN Client?
Nov 21, 2011The establishment of IPSEC tunnel between the RV220 and QuickVPN client works properly with the security certificate of origin of the router.RV220 V1.0.3.5QuickVPN V1.4.2.1
Since the establishment of a security certificate self-signed, the RV220 and QuickVPN client refuses to work together .
Here are the log of the QuickVPN client
2011/09/27 12:45:14 [STATUS]OS Version: Windows 7
2011/09/27 12:45:14 [STATUS]Windows Firewall Domain Profile Settings: ON
2011/09/27 12:45:14 [STATUS]Windows Firewall Private Profile Settings: ON
2011/09/27 12:45:14 [STATUS]Windows Firewall Private Profile Settings: ON
[code].....
Cisco Routers :: RV082v2 SSL Certificate Future Start Date
Mar 27, 2013For some reason this RV082 (code level v2.0.2.01-tm-20110308) has generated a SSL cert that is not valid till 2022?
How to regenerate the cert with a valid date?
SSL Certificate - Future Start Date
The SSL certificate is not valid before Mar 3 06:51:27 2022 GMT : Subject : CN=00:0c:41:92:41:71, OU=RV082, O=Cisco-Linksys, LLC, C=US, L=Irvine, SN=California Issuer : CN=00:0c:41:92:41:71, OU=RV082, O=Cisco-Linksys, LLC, C=US, L=Irvine, SN=California Not valid before : Mar 3 06:51:27 2022 GMT Not valid after .
Cisco Routers :: RV042 Browser Certificate Errors When Logging Into Web-based Gui
Jan 2, 2012I have set the RV042 up for QuickVPN access. The router config recommends turning HTTPS on in the firewall when using QuickVPN. The side effect to this is any web browser throws me certificate errors and warns me not to continue logging in to the router's config. How do I fix this so the browser does not throw these messages?
Router is Linksys-branded, using latest firmware for this hardware (1.3.13.02-tm)
Cisco Routers :: RV110W And QuickVPN - Servers Certificate Doesn't Exist
Dec 19, 2011After a day of troubleshooting I have finally got the QuickVPN client to work. I connect however during the connection I get: "Server's certificate doesn't exist on your local computer. Do you want to quit this connection?" I click no and it connects fine other than this error. So how do I get rid of this error? Also I have exported the client certificate from the RV110 and put it in the quickvpn directory as I saw suggested elsewhere.
Here is my log:
2011/12/21 00:39:44 [STATUS]Connecting...
2011/12/21 00:39:44 [DEBUG]Input VPN Server Address = ***.***.***
2011/12/21 00:39:45 [STATUS]Connecting to remote gateway with IP address: **.**.**.***
2011/12/21 00:39:50 [WARNING]Server's certificate doesn't exist on your local computer.
2011/12/21 00:39:56 [STATUS]Remote gateway was reached by https ...
[code]....
Cisco Routers :: Rv042 Remote Management Unavailable After Certificate Export
Nov 24, 2011i was connected to my rv042 via remote management / browser, and tried to add vpn clients. i generated a new certificate and then i clicked on export for clients. by doing this, the remote management disconnected and i cannot access the router anymore.
how can i get the new .pem file from remote? do i have to make somebody turn off and on the unit to get back remote access??
p.s.: after turning off an on i tried the same steps again: everytime i click on "export for admin" or "export for client", this kills the remote management and the unit must be hardreset. now: how do i get the newly created client certificate off that unit ?? otherwise i will have to drive 350 km just to grep that file ?!?!
Cisco Routers :: RV220W SSLVPN - Don't Have Valid SSLA Certificate On Firewall
Apr 3, 2012I do not have a valid SSL Certificate on my firewall but I want to use SSLVPN.
If I connect to the IP adress and the SSLVPN Portal I can choose the sslclient launcher but after that I get a error that I need a internet explorer 64bit or that the active I was blocked because of a unsecure publisher.
Cisco Routers :: RV042G Site Certificate Invalid On Admin Login Page?
Aug 17, 2012I recently replaced my RV042 with an RV042G. I did an export of the RV042 Config and used the Config Migration Tool to upgrade the file to v3 (I had an old v1 RV042). When I first logged in to the RV042G it was quite happy and I imported the config file successfully.After installing the RV042G in my system it fired up and worked perfectly. Unfortunately when I now try to log in via the web interface it comes up with 'Invalid Site Certificate' each time. I've tried importing the certificate but that does not work as it is flagged as invalid.All I can assume is I have either imported the origional RV042 certificate as part of the config or importing the config has corrupted the original RV042G site certificate. I assume this is a generic issue and not specific to the RV042G as I have had this problem before but cannot remember how I solved it.The bottom line would be a hard reset and load all my settings manually but I can't spare the time just now.
View 2 Replies View RelatedCisco Routers :: WRVS400n - QuickVPN Server's Certificate Doesn't Exist On Local Computer
May 7, 2012I bought a new WRVS400n recently because it had Gigabit speed, wireless n and a built in VPN server. The device works perfect except for the Quick VPN client. I'm a system engineer so I thought I could set it up quite easy just like any other device I configured in the past. Painfull but it isn't like this.
I set up the VPN on the WRVS4400n and generated a certificate. I saved both the client and admin certificate to my pc, I gave them a name to easily make up the difference between both of them. When placing the certificate in the installed QuickVPN folder, it doesn't seem to get recognised by the QuickVPN software. When I try to connect, it says 'Server's certificate doens't exist on your local computer'. I guess the naming convention must meet some kind of format, is that correct? If so, this should have been described in the documentation.
Besides that I checked if the required ports used by the VPN server are open on the public port of the device, that is the case. So It seems I'm quite close to get it working.
The version of QuickVPN I used is 1.4.2.1. The WRVS4400n has the latest firmware loaded.
Cisco VPN :: IPSEC Between Fortinet And SA540?
Dec 29, 2012We have done the site to site VPN between Fortinet and Cisco SA540. Everything is configured at both ends but the tunnel is not establised.
View 4 Replies View RelatedCisco WAN :: SA540 NAT Rules Won't Work On Dedicated WAN
Oct 18, 2011I installed a new SA540 and configured some NAT rules for my Exchange server. Everything worked fine untill I did a firmware upgrade.Now the NAT rules won't work on my dedicated WAN.On the Optional WAN (load balancing) the NAT rules work fine.
View 1 Replies View RelatedCisco VPN :: Establish Connection From IPad To SA540
Dec 20, 2011I have tried to establish a VPN-Connection from Ipad (via the Ipad built-in vpn-client) to a SA540.Unfortunately without any results. I get the message "Server is not responding". (A VPN Connection from a normal Software-Client running on W7 works fine).
View 0 Replies View Related