Cisco Routers :: Unable To Isolate DMZ And LAN Traffic With SA520 Running 2.1.7.1 Firmware
Jan 29, 2013
I am unable to isolate DMZ and LAN traffic with an SA520 running 2.1.7.1 firmware. I have the optional port configured as DMZ and DHCP server enabled. I tired leaving the firewall as default. Also tried creating firewall rules to deny traffic from LAN to DMZ and DMZ to LAN for any address and any service.I am still able to ping devices both from LAN to DMZ and DMZ to LAN. I am also able to see network resources in both directions.
View 5 Replies
ADVERTISEMENT
Oct 28, 2012
I have several sa520 appliances, and one of them came with the 2.1.72 firmware and it works perfect... with all others I upgrade to 2.1.71 (because I was not able to find 2.1.72) that is the latest posted in the CISCO download area.So, is there any way to get 2.1.72 ?With the 2.1.71 the VPN Site 2 Site works fine some time, but later it disconnect and it does not connect until I disable /enable the VPN.
View 2 Replies
View Related
Jun 18, 2012
We would like to setup a link to our DR site that is separate from our main network traffic. This link will be used by an EMC VNX SAN for replication traffic. The SAN will be plugged into a fiber port on a 3750 switch and going out from the same switch (going in as multimode, going out as single mode) into a patch panel that runs over to the DR site (about a mile away). At the DR site it will go from the fiber panel into another 3750 switch which ends up going back out of that switch into our DR SAN.
I'm wondering what the best way would be to configure the fiber ports to accomplish this. I'm affraid that the replication traffic will find it's way over through another route and congest our main network unless configured appropriately.
View 4 Replies
View Related
Oct 14, 2012
I have 1 WAP321 for guest access. Now I need to isolate traffic of guest captive portal from my LAN.How can I do this?
View 1 Replies
View Related
May 28, 2012
I've enabled jumbo frames in Networking -> LAN (Local Network) -> Jumbo Frames on an RV180W running the base firmware (1.0.0.30).The switch seems to pass jumbo frames just fine (like ... almost every switch these days), but the router itself silently drops jumbo frames.ss this a known bug?This makes enabling jumbo frames on clients impossible, since it will break some external connectivity. (I.E. when two endpoints are on networks with jumbo frames, they will then negotiate a high MTU over the WAN, but the router will silently drop large frames and they won't get an ICMP Fragmentation Needed, etc. because the router simply drops large frames).
View 7 Replies
View Related
Feb 4, 2011
I have a Cisco 1841 router with the followingSerial T1 connection Fastethernet 1 with network address 192.168.0.1 Fastethernet 2 with network address 198.168.0.1I want to isolate Fastethernet 2 so that it cannot access the internet or the 192.168.0.1 network. Only incoming request is available.
View 5 Replies
View Related
Apr 23, 2013
I would like to setup a VPN to allow employees nomad that connect to our network from outside. Our router is a Cisco SA520 I tried different configurations without success ...Here is the current VPN configuration:I created my users IPSec, I can connect remotely, but I do not have network access ... Unable to access network shares, impossible to ping.
View 1 Replies
View Related
Jan 19, 2012
Currently on V1.3.0.5. Looking to upgrade to latest version, however the upgrade firmware page is greyed out. Same under Firefox 9 or IE 8. I have already rebooted router, with no change in behavior.
View 2 Replies
View Related
Nov 6, 2011
I am unable to upgrade the firmware on the SRP546W
The admin guide states goto Administration > Firmware Upgrade > Choose File > Browse > Click Upgrade
There is no such item to select in the Administration section All I have in the administration section is
Remote Management
Time Setup
User
Also was wondering if it is possible to change the Annex B version I have to Annex A if I bring it back to England?
View 3 Replies
View Related
Nov 15, 2011
I am currently trying to configure a Remote Access VPN on a SA520 (Primary Firmware Version 2.1.51) using Cisco VPN Client (Ver 5.0.07.0410)
Until now i have connectivity from the SA to the LAN and i can connect using the Cisco VPN Client to the AS:
[IKE] INFO: IPsec-SA established[UDP encap 12856->4500]
[IKE] INFO: IPsec-SA established[UDP encap 12856->4500]
It gives me an IP from the pool but i can not reach through ping to my LAN.
View 1 Replies
View Related
Jul 18, 2011
I have recently acquired one of these routers. I thought, being a Cisco product, it would be the bee's knees. It is not. After finally getting the network set up - no mean feat, although I do not claim any expertise, but had to resort to some other network management software to finally get it all running - the router drops either the WAN connection or the wireless connection many times a day. The laptops often show as being connected to the network/router, but are unable to access either the internet, or the router via the browser. Re-booting the router is the fix, but, hey, I can achieve that sort of performance with any old $20 router - none of my old Net gear routers was this troublesome.
The permanent fix would seem to be a firmware upgrade, but guess what? The only options available under the "Administration" tab are time setting and switch settings - no firmware upgrade. The supplied firmware is 1.01.09(001) Apr 7 2010. Why these products are supplied, as new, without the latest firmware installed beats me, but there you go.
View 4 Replies
View Related
Nov 22, 2011
I am trying to configure the DMZ on my SA520 router but without success.After a lot of tests I reduced everything to a very simple test case that is not working: I setted the "Optional Port Mode" to "DMZ" and enabled "DHCP Server" in the "DMZ Configuration", but DHCP on the DMZ does not assign any address.I am wondering if my optional port is broken or not.
View 4 Replies
View Related
Jul 30, 2012
Two factor setup with Symantec VIP? I just fined setting it up and VIP Service and SA520 seems to be synchronizing correctly but device doesnt direct VPN users for second authentication ?
View 16 Replies
View Related
Mar 20, 2012
I have a fibre connection on the dedicated WAN which was working perfect until someone somewhere cut through the line. The SA520 fell over to the Optional WAN port which is basic ADSL line which is connected. Logmein client is online too.
But it refuses to browse webpages, appears to be a dns issue or firewall or both.
I have added the ISP dns addresses into the forwarders on my server.
View 1 Replies
View Related
Jan 30, 2012
We have Cisco SA520 and we want to use VPN to access the office servers from home. We have been able to configure the VPN server on the SA520 however the connection is very unstable.We use OS X 10.7 lion built-in Cisco compatible VPN clients and this is a typical output of ping from 3G mobile network to a server inside the office network. It works the same way also if I am trying to access from my home ADSL connection so the problem is not the instability of the 3G connection.
Some sample traffic sequeezed:
PING ns.svm (192.168.60.27): 56 data bytes
64 bytes from 192.168.60.27: icmp_seq=0 ttl=63 time=98.022 ms
64 bytes from 192.168.60.27: icmp_seq=1 ttl=63 time=76.934 ms
64 bytes from 192.168.60.27: icmp_seq=2 ttl=63 time=278.201 ms
[code]....
View 1 Replies
View Related
Aug 7, 2011
We have a Cisco SA520 Router (Firmware 2.1.18)We are only using this for about 1 month now. Router seems ok its justI am worried about the Memory utilization which reach to 62% (144/234 MB)Is this something to worry about?How can I utilize this by lowering down the usage?
View 3 Replies
View Related
Oct 23, 2011
I have an SA520 setup and all my users can login to the SSL VPN tunnel except one user. The laptop is running windows 7 64bit and had IE9 installed. When I try to connect her to use an SSL VPN Tunnel, I get the following error: Cisco-SSLVPN-Tunnel Install Failed: Error in getting proxy settings!. I have made sure the firewall was turned off. How to get the ssl tunnel connected?
View 3 Replies
View Related
Nov 11, 2012
I am trying to update my F5D7234-4 G Wireless Router - Firmware and I am told No known program will open this file. This file is part of a program. What do I do?
View 1 Replies
View Related
Jul 17, 2012
So I went to update the firmware on my SA520 last night and aparently something failed, the device restarted and now it doesn't respond to anything. The Diag light stays light and the factory reset button does nothing no matter how long I hold it in. Is there another way to reset the device?
View 2 Replies
View Related
Sep 16, 2011
Is PVID the same thing as "native vlan"? Can the native VLAN be changed on a SA520? Currently I believe it to be 1, I'd like to change the native VLAN to 10.
I have a scenario where I have a prexisting production LAN of 192.168.1.0/24 . It's a small organization (a church), but they purchased 3 Aironet 1130ag units. They want to have a "private" WLAN that is part of 192.168.1.0/24 , and a guest WLAN of a different subnet (I chose 192.168.20.0/24) . The two should never meet. There will likely never be a guest computer connected via ethernet. Guest computers would always have to connect wirelessly.
I left VLAN 1 on the SA520 192.168.75.0/24 subnet as default.I created a VLAN 10 , 192.168.1.0/24 subnet, and I created a VLAN 20, 192.168.20.0/24 subnet.Ports 1-3 of the SA520 are members of VLAN 1, 10, and 20 (cannot remove membership of VLAN1, which is pretty annoying).
Both are secured by WPA, and when I connect, the proper DHCP subnet passes from the firewall through to the wireless client, for each respective SSID.Ultimately, I'd like the SBS 2003 server to handle DHCP for VLAN 10, and have the SA520 handle DHCP for VLAN 20, but i'll take what I can get.
The original production LAN is connected via an unmanged switch.I'd like to trunk the unmanaged switch to Port 4 on the SA520. However, since the PVID (native vlan?) of SA520 is 1, and I cannot make Port 4 on the SA520 ony a member of VLAN 10, then anything traffic coming from the unanaged switch will automatically be tagged with VLAN1, correct? Thus causing the already existing production network to start receiving DHCP from the firewall in the 192.168.75.0/24 range.
View 1 Replies
View Related
Feb 15, 2013
Manual and firmware not available for my f7d2401nt. The US support page do not find the model, the italian support page find the model but link to the US page ! Someone has at least the manual (englis, french or italian language) ?
View 2 Replies
View Related
Aug 20, 2011
How could i make a vpn tunnel between a router SA520 and a central UC540.
View 3 Replies
View Related
Nov 26, 2012
Is there a way on the security appliance SA520 to remove someone from the DHCP lease client manually rather than setting the DHCP lease time to expire in less time like 4 hours or 2 hours. I was able to do this on other routers by highlighting the connected device and click remove. If not any recommendations on how to handle the device that are attached via DHCP and the person is no longer here, but the lease time is not up. I have set DHCP lease time to 4 hours.
View 1 Replies
View Related
Oct 9, 2012
I have a Cisco 527w which we are wanting to deploy to our remote sites however i've found a bug. We use ADSL with an IPsec tunnel as primary and 3G APN for failover . When the ADSL goes down the route via the IPSec tunnel remains and i am unable to route the traffic via the APN backup without disabling the VPN tunnel .
View 0 Replies
View Related
Dec 30, 2011
Is it possible to re-route our Site 2 Site VPN over our Static Route (T1) if the WAN fails?
View 1 Replies
View Related
Oct 27, 2011
I have VPN up and running between two sites. Both sites have Cisco ASA 5505. I can ping across the devices from both networks. But I cannot remote into the servers on the other network.
View 8 Replies
View Related
Aug 17, 2012
I have a DIR-655 Version B running the stock 2.0 firmware and a Motorola SB6120 cable modem and my ISP is comcast. I have had comcast come out and test my line and everything is fine. I have a desktop directly wired to the internet and several portable devices accessing the router.I cannot connect to the internet. My network is available and none of my devices ever indicate the network isn't available. When I try to load a website it just says "waiting for reply..." and nothing happens. The solution that always works is rebooting both the modem and the router. What is odd is that this problem comes and goes, I will go a week with zero issues, then I go all week with rebooting my stuff 5-8 times a day..What have I tried? I tried the settings that are recommended by Furrynuts to users complaining. I have also tried changing the wireless band settings to different channels as well.
View 6 Replies
View Related
Dec 18, 2011
I am unable to connect both of my smart phones to the access point. I am using WPA2 encryption on the AP. I can connect my phones to other AP's using WPA2. I have other devices that connect to the AP except my Android phones. I would like to be able to get some debug logs except the web interface says that the logging fictions are disabled when in bridge mode. Cisco/Linksys tech support: Any troubleshooting tips other than resetting the access point and or reflashing it.
View 4 Replies
View Related
Mar 13, 2013
I'm running firmware version 1.1.28.14856 on EA6500 series.
View 4 Replies
View Related
Oct 30, 2011
Our customer is experimenting really bad performance when running 10Gig traffic through FWSM on C6509. Test with1 Gig traffic are providing find result perfromance as expected in this document: url... I have made a simple drawing so everyone can understand the setup:
The issue is when running 10 Gig traffic between Netapp servers. This traffic is going though the FWSM and the perfomance are really bad: around 50 Mbit/sec. If the traffic is not going though the FWSM ther performance are around 900 Mbit/s.
The customer and I think that the issue is releated the buffer in the C6509 and the FWSM which has big trouble managing 10G to 1G traffic convertering between C6509 and FWSM 6 G etherchannel connection.
When running 10G traffic through FWSM the number of output drops are increasing as you can see on the output bellow. The last thing which is wired a is that the speed is showing 1000 Mbits and not 6000Mbits. [code]
View 4 Replies
View Related
May 18, 2012
I am trying to reconfigure my Boblite modem router to allow basically all traffic through to my computer on my home lan which is running ZA so I can see what intrusion attempts whether directly or indirectly are being made on my connection.I am not having much luck at the moment, have tried turning off the firewall within the router all together and also setting up a dmz for my computer.
View 1 Replies
View Related
Jan 28, 2012
I have a Uverse router and using the Ethernet ports I have others around me hooked up using routers.I am using the wireless from the Uverse.Now I may already be isolated but I am not sure.The others using the internet are not on the same SSID as I am.Uverse router in a central location but too far for anyone to pickup the signal but is also encrypted with a password no one knows. 3 300 foot Ethernet wires go to separate locations and are connected to wireless routers.(that is how the remote locations access the internet.The people using the remote routers (to the best of my knowledge are not hackers). However I want to be sure that all of my info and websites visited stay private.how I can continue to give the internet to the remote locations and be 100% sure my PC is isolated. My PC is W7 as well as one of the remote locations the others use vista and XP and one uses an iPad
View 2 Replies
View Related
Apr 13, 2012
Our church has two internet connections, one that the internal network accesses and one that the wireless network in the building accesses. For (obvious) security reason we need to keep the networks isolated from eachother. On sunday's when we upload the sunday sermon video recording we caused a network lag for other computers on the network, thus the church has asked us to use the wireless network to upload the videos. We record the video on one computer, then can transfer it to a Mac that has 2 network cards.
How do we isolate the two networks from eachother without plugging and unplugging cables and have the Mac upload through the wireless network instead of the wired network?
View 1 Replies
View Related
