Cisco Routers :: Symantec VIP Users Out There SA540
Jul 16, 2012
We have a Cisco SA540. It has been an extremely reliable UTM router. Other than SSL VPN not working for Mac OSX, we are very pleased with the unit.We have a 3 year contract for IPS, a 3 year contract for Trend Micro Protectlink Web, and a 3 year contract for Small Business Support Service for the unit.Right now we are trying to setup the VIP functionality but it is not going very well. To sum it up in a few words, we cannot get the SA540 to prompt the SSL VPN users to enter the 6-digit access code.
We setup an account at Verisign and requested a trial for VIP. They promptly setup the trial account. Getting everything setup was a breeze. The Verisign website is very well documented. They even had specific instructions for Cisco SA500 Series routers!!! We were very impressed with Verisign's implemenation. We are able to get our SA540 to talk to Verisign (basically, when we activate or deactivate an SSL VPN VIP user in the SA540 web GUI, you can immediately see it enabling or disabling the user on the Verisign website... it is very cool).Unfortunately no matter what we do, we cannot get the SA540 to prompt the SSL VPN user to enter the one time 6-digit code. In this case, we are using Verisign's iPhone app called 'VIP Access'.
I called into the SBSC and talked to a guy. I felt really bad for him. He used WebEx to log into my desktop and I showed, and explained, to him how all of it worked (setting up VIP in the SA540 web GUI, as well as, and the Verisign website). He had no clue about Verisign, VIP, or the two-factor authentacation concept at all. I told him that he needed to escalate my case to the SA500 Series team, but of course he had to try. He was supposed to call me back yesterday or today. I am sure he is dreading calling me back as he probably still has no clue.
How to use the VIP functionality? Or how it works and set it up? We would like to at least get it to work before our 30-day trial period is up. I have a distinct feeling that the functionality used to work, but Cisco hasn't kept up the firmware with all the latest back-end API calls to Verisign or something similar.
View 4 Replies
ADVERTISEMENT
Mar 1, 2012
We require UPnP (mainly for an in-house built FTP Server app that uses UPnP to dynamically open/close ports for Passive FTP mode) and have found it's implementation in the SA540 is unreliable. Sometimes UPnP works after a reboot, sometimes it doesn't. When it does work after a reboot it will eventually stop working. Going into the web GUI and turning UPnP off and back on always fixes for a while.
Is this a known issue with the SA500 Series routers? We had an RV220W deployed first, but it's UPnP implementation was even more unreliable. That said, it seems that the latest Beta firmware version for the RV220W has fixed the issue. Could it be that the same fix needs to be applied to the SA540?I was planning on opening a cause with the CSBC at some point like I did with the RV220W, but I'd rather not spent the time doing so if the this is a known issue.
View 1 Replies
View Related
Jan 26, 2012
Installing a SSL certificate from DigiCert on a SA540 router? The SSL certificate is a wildcard variant (*.example.com).
View 1 Replies
View Related
Jul 11, 2011
I want to build a "hub and spoke" topology for one of my clients. For the "HUB" , I'm planning to use an SA540, with a static public IP provided by a 4Mb SDSL. For the "spokes" (21 at the moment), I'm planning to use RV120. They will be behind a NAT, provided by a "SAGEM LIVEBOX", and a static public IP. The boss will connect to the HUB using Cisco VPN client, or quickVPN, and get access to all the spokes. Some spokes will have to connect to each other, via the HUB. I searched a long time on this forum and reading documentation, but I didn't find at the moment the answer to my question : is this topology suitable with the choosen hardwares ?
View 7 Replies
View Related
Apr 5, 2013
We have just purchased a license L-PL-GW-100MAX-3= Protect Link Gateway: Unlimited Web + 100 Max Email Seats,3YR. I found that it does not include IPS license. I cannot find anywhere where I can purchase an IPS license for SA540 gateway. It seems to be available only as a bundled product when purchasing the hardware.
View 1 Replies
View Related
May 21, 2012
Looking for routing with an SA540 router connecting to corporate VPN.We have an odd configuration that is beyond the scope of what I have configured previously with these devices..I am trying to configure the routing to the additional IP addresses listed for the HQ. The VPN tunnel between the .26.120.x and the .17.0.0 networks is built however it does not appear to be routing. The Cisco administrator at the HQ site says that they have "fully configured the routing" from all the listed IP addresses back through the VPN tunnel. The options I am unsure of for configuration of the SA540 router are: GW - I believe that I use the internal IP address of the 17.26.120.x router.Is this logical since the VPN tunnel. We are using NAT for the firewall internally.The existing 3 172.26.x.x VPN tunnels are live and working and fully routing between themselves.
View 2 Replies
View Related
Oct 23, 2012
I hope an easy question, in the WAN profile of our SA540 I have IP Aliases configured for a block of IP addresses we have. The active 2 IP addresses plugged into the actual RoadRunner modem respond fine to ping, the other three I have programmed to the WAN interface are not responding as I would think they should. Have I overlooked something? The "Block IP on WAN Interface" is disabled and pings back fine.
View 3 Replies
View Related
Sep 13, 2011
I went through the install procedure outlined in the ProtectLink Gateway install manual and i activated the ProtectLink Web product through Trend Micro (which shows up through their web site as a registered product to me). It still doesn't show up as installed on the SA540 (under Administration/License Management screen). When I try to activate the product again, it shows as "Already registered". Trend has no idea why it won't work. They said Cisco sold the license, so try their support.
View 1 Replies
View Related
Jul 13, 2012
I'm trying to figure out why recipients of emails from my company show that the mail is coming from our dedicated wan ip instead of the ip alias setup thru the dedicated wan.The external ip address for the sa540, wan1 (no optional interface), is 82.134.79.122.The ip alias is 62.97.213.156 mail. unitec hsubsea. com resolves to 62.97.213.156 for external dns yet it is reporting as the 82.134.79.122 for some recipients.The mail server was never setup with the 82.134.79.122 ip so i don't think this is a dns cache issue.What issue in the SA540 would cause the system to show as mail coming from 82.134.79.122 instead of the ip alias 62.97.213.156?
View 0 Replies
View Related
Dec 30, 2011
Is it possible to re-route our Site 2 Site VPN over our Static Route (T1) if the WAN fails?
View 1 Replies
View Related
Dec 26, 2011
Is Anyconnect supported for SA540 I have installed in on my android phone however I keep getting error "Unable to process data received from secure gateway" when trying to connect. If anyconnect is supported on SA540 how do I get it working?
View 1 Replies
View Related
Sep 30, 2012
Our organization uses controls to verify a client is running Symantec Endpoint Protection 11.x or 12.x on a user's machine before allowing them into the network. On Windows hosts, this works fine, however our preliminary tests on Mac OS X 10.8 hosts display an error that Symantec services aren't running/virus definitions are out of date (both incorrect statements on the Mac host as the definitions are current as of today and the service is running). Is there a known issue regarding this, or are we missing something in the VPN controls to allow Mac clients to authenticate? Here's the relevant versions involved:
Mac OS X 10.8.2
CiscoAnyConnect 3.1.00495
Symantec Endpoint Protection 12.1.1989.1989 (12.1 RU2 Beta 2)
View 3 Replies
View Related
Apr 19, 2004
I see a lot of postings about getting the GX270 working with a ghost boot floppy.
Dell Optiplex GX270 Onboard Intel LOM (Intel 1000 Pro) and Ghost 8.0 Corporate Edition using a Ghost Console Boot Partition.I'm using identical Intel Drivers on both the floppy and the Boot Partition.It works from the floppy(only using PC-DOS however).
When started from the ghost console boot partition it pauses after displaying the MAC address of the card which after a few minutes it displays an error message "command interpreter missing (command.com)".
I've gotten the scenario to work with a Broadcom Gigabit Extreme network card, haven't tried this with an Intel Pro 1000 NIC (as opposed to the onboard NIC) to eliminate the driver as the culprit. I suspect this might have something to do with the SATA configuration.and no, the -FNI or the -NOIDE switch will not work in this situation as the *.exe that starts on the boot partition is ngctdos.exe and not ghost.exe.Which, I'm assuming is the app that listens for instructions from the Ghost Console.
View 58 Replies
View Related
Sep 4, 2012
I am working on a task of redirecting any unmatched http traffic to Symantec public transparent proxy through Cisco ASA. For the definition of uncatched http traffic, we have inbound squid servers for deploying IE proxy pac and redirect the http traffic to Symantec public transpraent proxy, however we can't deploy IE proxy pac to mobile device and non-support web browers.Since we have some application using IE proxy setting for direct http communication with external domains, the current symantec policy addes those domains in the exception list so that they are not redirect to Symantec public transparent proxy server.
-For the platform - Cisco ASA 5510 ASA 8.4(4)1
-For the solution, I have the following two nat rules
View 10 Replies
View Related
Dec 29, 2012
We have done the site to site VPN between Fortinet and Cisco SA540. Everything is configured at both ends but the tunnel is not establised.
View 4 Replies
View Related
May 15, 2013
I have a Cisco Small Business RV180 and I have several VPN users configured. IPsec between my home router (also an RV180) and work router (router in question) is working fine, several PPTP users working fine and 1 QVPN user that works as well. I set up another qvpn user and it didn't work. I went back into the router to check and make sure I hadn't goofed something up and saw that I had 8 lines, 1 and 2 were the QVPN users and 6 other PPTP users, however, the "pages" footer (for lack of a better word) only displays 1 -5 of 5 instead of the 1-8 of 8 I would expect it to show.I dumped the cfg file and opened it up, all 8 user configurations show up. One was my user account which showed negative numbers for the logon time, something like -1day -hours -minutes -sec, so I thought that that might be locking up the router or something so I deleted my PPTP account but it didn't allow the new user access. I deleted all PPTP accounts and no luck there either.I'm running firmware 1.0.2.6.
View 4 Replies
View Related
Oct 18, 2011
how many SSL VPN Users are supported in Cisco1921-SEC/K9 routers? Or do i need to separately purchase SSL-VPN User license- FL-SSLVPN25-K9 (Cisco SSLVPN Feature License-25 Users) separately?
My client requires 25 Users SSL VPN.
View 4 Replies
View Related
Apr 2, 2012
I need a name resolution within my pptp users. How do I configure the dns settings of a pptp user client.
View 4 Replies
View Related
Oct 18, 2011
I installed a new SA540 and configured some NAT rules for my Exchange server. Everything worked fine untill I did a firmware upgrade.Now the NAT rules won't work on my dedicated WAN.On the Optional WAN (load balancing) the NAT rules work fine.
View 1 Replies
View Related
Dec 20, 2011
I have tried to establish a VPN-Connection from Ipad (via the Ipad built-in vpn-client) to a SA540.Unfortunately without any results. I get the message "Server is not responding". (A VPN Connection from a normal Software-Client running on W7 works fine).
View 0 Replies
View Related
Feb 1, 2011
Trying to hook up to my blu ray player for a internet connection, but the blu ray is telling me to check the pc for a shared users so it can connect!
View 1 Replies
View Related
Jun 25, 2012
i have 8 users in my office. i want to enable the URL Filtering for only 5 users in my office and 3 users will have no URL Filtring.
View 7 Replies
View Related
Jun 25, 2012
how can i configure the SSL VPN users connexion to connecte from my remote PC (Windosws 7 32 & Internet Explorer
View 1 Replies
View Related
Feb 2, 2012
I have Ports open, with DNS named defined for internal services..
When extertnal they work by name just fine, so the firewall's working Ok. But when on the LAN they fail.
When I look at the port forwarding rules, I see Outside -> Inside, but there's no Inside -> Inside..
How can my LAN users use DNS Names/Ports that are on the WAN interface,,. so when they come between the WAN and LAN their apps continue to work ?
View 6 Replies
View Related
Oct 11, 2012
We have a client that is looking to provide connectivity for up to 800 users at a conference. They have a SRP527W available to them. Looking at the configuration we have been able to provide the needed number of IP addresses through VLANs each with their own DHCP scope.
However we are doubtful that the router will be able to process such a high number of connections (NAT, Firewall etc.) even though they will be using a specialised application that pulls static content via WAN.
Thus far we have been told that the unit has supported 150 user no issue, my I am guessing anything over 200 and you would start to see stability issues?
View 5 Replies
View Related
Feb 10, 2013
A client of mine has a Cisco RV042 Router. I've configured it to run VPN and it works, sort of. Some clients can connect, others can't, for no discernible reason.
Specific machine issues are Windows 7 x64 or x86, Quick VPN latest release, unobtrusive (Avast or Microsoft Security Essentials) security, etc. 2 separate machines on the same home remote network, 1 can connect just fine, the other can't. My laptop (Win7 x64) connects just fine, one of my techs can connect OK, the IT support guy that works for this client can connect.
Particulars of the router: Firmware version: v4.0.4.02; PID VID : RV042 V03; Firmware MD5 Checksum : 1f84d8d0a2a8b99f9bfa4409e64547aa
View 3 Replies
View Related
May 2, 2012
I was very excited to read about the two factor authentication that Cisco and Verisign offer through the VIP and SA500 series routers. I purchased an SA540 a month and a half ago. I have been on the phone with support of both Cisco and Verisign ever since. It appears no one actually knows how to make the product work. Finally I was told that they have only tested it on an SA520. So I bought an SA520; however, it doesn't work either. How to use the Verisign VIP two factor authentication with either an SA520 or SA540? If so, what is the trick? If not, how is Cisco advertising this product if it doesn't actually work?
View 3 Replies
View Related
Jul 10, 2012
We are using the cisco sa540 router and shrew VPN to connect to our buiness network, mostly to connect to the workstations with RDP. Now we wonder if it posible that the connection will disconnect automaticly after an idle time of for example 30 minutes. And if so, how can i configure it?
View 4 Replies
View Related
Aug 12, 2011
how to limit the bandwidth in digicom router?
View 2 Replies
View Related
Nov 19, 2011
We assign (reserve by MAC actually) static IPs to all of our devices. Over time we have gotten rid of some devices but haven't begun (or finished really) re-using the old IPs. On our WRVS4400N v2 routers we are able to set the max number of DHCP users per Vlan. This prevents unauthorized devices trying to connect to our LAN.For example. I set the range from 192.168.1.100 - 192.168.1.103. IPs 100, 101, and 103 are in use (reserved via MAC address). We set max number of DHCP users to 3. This prevents someone from gaining access to 192.168.1.102. Does this make sense? Or at least this was the initial goal and it tested out successfully back when we implemented it.
How can I do the same for with the RV220W? I can set the range, assign static IPs (reserve IPs by MAC address), but can't keep others from gaining accessing to our LAN via the unused IPs (not assigned a static IP).My initial thought was to create static IPs (for the unused IPs) using dummy MAC addresses. I'm sure there is a much better way of accomplishing what I am trying to do.
View 3 Replies
View Related
Mar 29, 2013
I want to setup a simple VPN to allow users to access the office via the iOS (iPad/iPhone) devices. I assume I do this through:
VPN>IPsec>Basic VPN Setup
BUT, what do I enter for the "Endpoint Information" and "Secure Connection Remote Accessibility"?
View 1 Replies
View Related
Dec 3, 2012
I have a RV220W setup with SSL VPN users, authenticating to an internal Active Directory. Maybe 5 ports forwarded and 8 external IP addresses. Besides this i have 1 data VLAN and a voice vlan on my network.
The reboots are on different times on a day, even on Sundays at 7 AM when noone is logged in to the network.FW is at 1.0.4.17.
View 1 Replies
View Related
Apr 28, 2012
I've just deployed a SRP527W that I've had lying around for a while.Everything on the unit runs as well as can be expected, however I have a requirement to run split tunneling for VPN users.
Currently the only route that the VPN client receives is a default route. I noticed that on site to site VPN's and GRE tunnels you can specify secured routes, however I can't find anything that relates to the VPN remote users. This can be done on IOS without a problem but would be nice for the SRP.
I'm running the latest firmware 1.01.26, so if I haven't overlooked something would this be likely for a future release?
View 2 Replies
View Related
