Cisco Security :: 2821 Couldn't Connect To Clean Access Server
Jan 30, 2011
We have 6 brnaches configured with NAC Module in Cisco 2821 ISR router. The WAN link being used to connect all the branch to the HQ CAM is via WIMEX wireless Broadband. The bandwidth is 2MB.OOBVG is the mode used. All branches were working well last 1 year. Last month it is suddently disconnected from the CAM.I opened the TAC. Cisco history of TAC experience, We have total 6 TAC enginners tried one by one still the problem not resolved. The following are the findings
1. Timing is accurate between CAS-CAM
2. Shared secret key correct
3. SSL temp certificate ok also image being used it 4.6.1.
4.Tcpdump from both CAM and shows some initial packet drops of 10 sec with the below CAM log
I believe that NAC is not a matured products and the problem like this even by Cisco TAC can not solve.
View 1 Replies
ADVERTISEMENT
Feb 9, 2011
We have NAC 4.0.5 and windows active directory domain the clients log on to the client to access the network with their domain credentials and they used to get the "Certificate is issued from an untrusted." until I installed the url.. certificate to the local certificate store.
I seem to have done something on the NAC manager that messed up something, cause now the client considers the certificate issued from a trusted source, BUT a warning stating that the name on the certificate does not match the name.
View 1 Replies
View Related
Jul 14, 2010
getting the iPad to work with Clean Access? Currently running v4.7.2 NAC.
View 6 Replies
View Related
Apr 17, 2011
Purchased a used Cisco 2821 Router and would like to remove all unnecessary files and folders.
My concern is a hacked Rommon or IOS, is there a way to determine this?
Is there a list of directories, files and folders of all of the necessary system folders so I can know what i can delete?
View 4 Replies
View Related
Jan 18, 2013
set up my router. Trying to set up my 3G modem with TP-Link MR3020.
Tried troubleshooting to find out where it went wrong and just couldn't figure out. Just tried disabling the wireless security and *poof* I'm able to connect to the Internet. Right after setting up the Network Key, I can't connect to the Intertnet via my router.
Here are the datas.
Windows IP Configuration
Host Name . . . . . . . . . . . . : TOSHIBAM840
Primary Dns Suffix . . . . . . . :
[Code].....
View 5 Replies
View Related
Mar 26, 2012
For a config on a 2821 router with IOS 15.1?I've setup an internal web server and am able to acccess it from outside our network but not from inside (on a separate internal LAN - 192.168.10.0). When on the internal LAN - DNS points to the Public IP for the web server - so we'd need to route through the Public IP to access the web server.
What is the best way to allow access to the web server XX.XX.XX.231 from 192.168.10.0 network?
Related Config Lines to Allow Access to Web Server
NAT
ip nat inside source static tcp 192.168.1.230 80 XX.XX.XX.231 80 extendable
ip nat inside source static tcp 192.168.1.230 443 XX.XX.XX.231 443 extendable
ACL
ip access-list extended WAN
permit tcp any host XX.XX.XX.231 eq 443
permit tcp any host XX.XX.XX.231 eq www
[code]....
View 2 Replies
View Related
Jul 5, 2011
The router is 2821 and is setup to perform static NAT from one internal ip address mapping to one external ip address for each of our servers (inside the LAN): [code] Servers all have internal ip addresses and each of them represented to the outside world by their public ip address with above command on the router. Here is the problem.When I'm in a server (for example 192.168.0.210) and try to access other servers by their public ip addresses (i..e. *.*.*.211) the connection fails. However, When i try to access the same server by it's private IP address (i.e. 192.168.0.211) it works!
My issue is i don't want to modify windows host file for a manual mapping (for example mail.mydomian.com goes to 192.168.0.211 rather than *.*.*.211) because we host many domains and just doesn't make sense to do it one by one.So we must be able to access our servers by their public IP addresses in order for us our applications works correctly.
View 10 Replies
View Related
Aug 28, 2012
My modem with single network connectivity (Type I) works fine. I tried to replace with Type II modem (with wifi- and 4 or more ports) for connectivity. I could not establish connection with the server of the service provider. I tried to replace with a different type of typeII modem. Still the same. What could be the reason?I connected the same in a different workplace to a different PC.
View 1 Replies
View Related
Nov 15, 2011
I have done a ADSSO config. Following all the steps in the guide with the specifics steps for windows 7 to modify the krb.txt and the strattomcat.I restart services activate the "Enable Agent-Based Windows Single Sign-On with Active Directory (Kerberos)" option on the NAM.Then, the ADSSO service start on the NAS.I modify the local policy according to the guide allowing all encryption except the one for future use.Then the NAC client say "User unknown" contact your network administrator.
View 3 Replies
View Related
Jan 14, 2012
I have two NAC appliances version 4.8.2, one Manager and one Server, I want to know if the “nacagentsetup-win-4.8.2.1.tar.gz” software exists in my appliance or it’s CD or not? Should I download it?
When my client wants to download the software by clicking on “download Clean Access Agent 4.8.2” button this error appears “Failed to download (states=-2)”. I guess I should upload the software first but I don’t know how or where it is?
View 1 Replies
View Related
Apr 19, 2006
We are running IOS12.4(5a) on a 2821 and have "ip inspect esmtp" enabled. We noticed that every day several emails end up in the postmaster account with the following message:
"A mail message was not sent due to a protocol error.
500 Firewall Error
The message that caused this notification was:"
On closer inspection the router logfiles show:
Apr 20 08:54:19 loghost 830747: 810587: Apr 20 08:54:19.441 BST: %FW-3-SMTP_UNSUPPORTED_PARAMETER: Unsupported SMTP parameter (Data Size (> 20000000)) from initiator (172.16.1.6:3537)
But the emails in questions are just a few kB. So what is going wrong. This is especially disturbing because the users don't get a notification that the email has not been delivered.
View 2 Replies
View Related
Jan 9, 2012
I did a re-install of my operating system the other day and im sure i messed up something because i deleted the whole parameter first or whatever its called then reinstalled with the CD that came with my laptop. this is an older model 5160 Inspiron Pentium 4.Everything seems to be working fine except that there is no wireless connection icon or anything of the kind now. I have looked and looked and the only icons to connect with are the local area connection - no wifi connect.
View 2 Replies
View Related
Nov 12, 2012
This customer has 5 5508 WLC controllers, version 7.0.230.0 with several cisco 1142 and 3502e AP's. All in one mobility domain. Randomly some AP's don't accept clients to connect. Requesting for an IP-address by DHCP on the client (XP).
I just made ssh connection to the AP's, did some debugging. No information. Checked the logging, nothing I wanted to see. Even debug ip packet, give me the insufficient information I want to have.
When we reboot the AP, everything will work fine, but some several weeks later, this AP will have the same problem again. The capwap tunnel still exists, I could ping, telnet/ssh the AP. Even when a user tries to connect, I don't see any authentication debug messages.
This AP exists in a clean room environment, but is sometimes happens with an AP in a open office space.
Logging a tac case is not an option, due to the lack of debug output I receive.
View 4 Replies
View Related
May 12, 2011
i was setting up my friends new router (Lynksys WRT54GL) and i figured out the ip address and it was DCHP(i think) enabled so i just enabled that on the router settings and then i tried to finish the setup with the disc that came in the box and it kept saying it couldnt connect to the internet.-SO-we disconnected the router and connected to the internet and suddenly, no connection to internet. it was working earlier today but for some reason now it no longer has connection. waited around for 3 hours and still no connection, through router or direct link.
View 3 Replies
View Related
Feb 14, 2011
I just bought DIR-655 yesterday and tried to set it up through the CD but without success. My problem at first was I couldn't get internet connect via router (but PC to DSL modem direct connection is always all right). Then I played around to turn on "Advanced DNS service" then I got internet connection via router to my PC. However sometimes the web site names couldn't be translated by DNS correctly and it resulted in "Not Found" and I am pretty sure those web sites are active and running (as I have no problem to access those if I connect DSL modem to my PC directly). Also I noticed wireless connection was very slow and some You Tube videos would stop playing after around 30 seconds and DSL modem had no further activity at all. Why couldn't I use 192.168.0.1 (default IP) as primary DNS (as I got no internet at all if I did so)? Is it really necessary to turn on "Advanced DNS service"? How can I get internet access if I turn "Advanced DNS service" off?
View 4 Replies
View Related
Aug 26, 2012
I have been trying to get a PIX 501 firewall reset and have been having the hardest time. Im a student and this is my first experience with a firewall. I have been going through the steps here URL,I cant seem to connect to the tftp server, I have several nic's on my computer and tried them both and even plugged the firewall to the router and tried to use the gateway to connect but it doesn't seem to want to even ping for me.
View 4 Replies
View Related
Jun 11, 2011
I try to configure in both Clean Access Manager and Switch 3560E-24Ps on SNMP Version 2 protocol but I can't make it working together (For CAM and Switch 3560G-48Ps I can do that). [code]
View 3 Replies
View Related
Dec 19, 2011
I couldn't access internet with route specified i know the problem with the route or nat.i have 2911 router [code]
i could ping from lan Ip's to ISP1 and ISP2 gateway IPS. but when i ping to any site llike example gmail.com packet s not moving out to the ISP1 or ISP2 interfaces. [code]
View 10 Replies
View Related
Dec 26, 2011
Is there any way to access a MS Exchange Server 2007 on Windows server 2008 through an ASA 5510 running 8.4 with a full MS Outlook client (not using OWA - web browser)? OWA is currently working fine but I was wondering if access via the full Outlook client is possible and more importantly...is it opening up too many ports on my 5510?
View 2 Replies
View Related
Mar 11, 2013
Couldn't connect to mobile hotspot but could connect to other networks, none of which were from a phone. When attempting to connect to hotspot, my phone displays the information of my computer as name unknown, IP address 0.0.0.0, but gives a MAC address. (My computer has a name, I can't find my IP address, idk what a MAC address is)I tried using remote desktop connection, but the computer I was trying to connect to couldn't find mine.
To be honest, I'm not sure I did it correctly, though.Displayed as 0.0.0.0 on phone when attempting to connect to mobile hotspot.I typed ipconfig in command prompt but got nothing about an IP address. There were several lines that began with "Tunnel adapter" all followed by "Media State : Media Disconnected" then "Connection-specific DNS Suffix: I currently have no internet connection (I'm on my phone), so I can't find it that way either.
Under Network Location it specifies that it cannot connect to MEMORYCARD (\EPSON00) (Z:) and upon clicking on it I receive an error message: "Microsoft Windows Network: The network path was not found. This connection has not been restored."I've spilled water on my keyboard before, but this took place after these problems arose. I dried the computer and had it sit with rice for 2 days. The only issue that came of this incident that I am aware of was a few stuck keys.
View 2 Replies
View Related
Apr 18, 2012
1. I could not make an inbound access rule work for RDP. It is configured as follows WAN -> LAN for RDP (TCP 3389) , it didn't work even when I chose "All Traffic".
2. Single Port Forwarding seems to be working though.
3. Destination IP and QoS settings seem to be grayed out, I would like to know why.
View 2 Replies
View Related
Apr 7, 2011
We are using a 2821 Router as our boundary router. It has installed into it a 9 port HWIC for layer 2 switching as well as allowing the router to communicate on the Network Management VLAN. All of the devices on the Network Management VLAN are segregated from the managed traffic, which unfortunately also doesn't allow them external NTP services. Can the router be programmed as a NTP server so that all of the network appliances can utilize it for NTP from either it's NM Vlan IP address or from a loopback address?
View 3 Replies
View Related
Sep 16, 2011
I have an Kasda router connected to my PC. I want to connect Wireless D-Link router to a Kasda router so I can have wireless internet on laptop and on my PC as it is now directly. But I can't seem to manage to get it work. I can catch the signal but it says "No Internet Access". Also I can't enter my wireless router when connected that way, only the normal one. I'm suspecting that I need to configure both routers somehow to get it working. I've tried some other things but no luck.
The first thing I done was this:
PC<->Router<->Wireless Router (Connected them on LAN ports)
Also I've tried:
Router<->Wireless Router(Connected LAN from router to an internet port on Wirless)<->PC(connected lan from wireless to PC). - This way I was able to acces both router from PC, but still couldn't connect to wireless on my laptop.
View 3 Replies
View Related
Feb 25, 2011
I have put two different e4200 routers in my network and both of them have the same issue. I believe there are some major firmware bugs with this router. First of all I set up everything using the web interface. My laptops could connect to the network and internet but any of my devices that use wireless bridges (WET610N) to connect could only get local network access. They could not connect to the internet. After some troubleshooting I found the reason it was not working properly. I used DHCP reservations in my network because of port forwarding and such. Well when the devices connected to the bridges were in the reservation list they were unable to connect to the internet. After I removed them they now are able to get on the internet without a problem. So that is the first problem I've found so far...
The second is I can no longer connect from my Xbox 360 to my Media Center PC. I tried to set up a new connection but this did not work either.
View 9 Replies
View Related
Feb 9, 2012
I bought the E3200 to replace an older Linksys model. The older model worked but the signal was weak throughout the house. I installed the e3200 using the Cisco connect software but it told me that it wasn't sure I was connected to the internet. I wasn't. Showed a strong signal but could not connect via wireless devices or from the cable from the router to the desktop.
I have LUS Fiber service which does not use a modem. I have had them recycle the signal several times and have done tried many different variations of the MAC numbers from ipconfig or from cloning. Have also tried it with the MAC cloning disabled so the router's MAC number is used. I have reset, rebooted and done just about every possible option.
Spoke with my provider many times and they insist they are sending me a signal. They also recognized the router's MAC number on their end.I purchased one router and it wouldn't connect, so I exchanged it. All these shenanigans I have gone through are with the second router because I figured the hardware isn't the problem.
View 1 Replies
View Related
Oct 4, 2011
So, I've had my Linksys E2000 Router for awhile now (not a year old though), and I just discovered a problem with it.Just the other night, not even 8 hours ago, I was playing my 360, everything was fine. I then decided to go to bed, cause it was getting late. Here I am now, I boot my 360 up, and notice that my 360 couldn't connect to Live. At first I thought maybe the cable got unplugged somehow; nope. So I troubleshooted to fiind out that Ethernet Port one no longer works on my router, but switching the cable to port two, my 360 is able to go online.
Does this mean my beloved router, that I paid my hard earned cash for, has decided to start crapping out on me, or is there a fix for this? I take really good care of all my electronics, and my router sits in a spot by itself on my desk with plenty of air space. I have had no issues with this router in the past, until' now. I've always trusted Cisco, and Linksys products, and this really dissapoints me that my router might just be kicking the bucket, at not even a year old. What's the deal Cisco?
View 8 Replies
View Related
Jun 24, 2012
I've recently purchased a Linksys EA4500 router. I've got home, I've used the installation guide CD thingy, connected 3 of my laptops wirelessly, no issue there.However when I tried to connect my 4th laptop problems came along. The problem I was dealing with was that I couldn't connect to the router. I mean I could see the network name appearing in the list, but when I tried to connect the network would just dissapear from the list, not connect, and wouldn't back on the list unless I've reset the laptop. Anyhow I've ignored that computer because I thought it was two years old and it might have had a wireless network adaptor issue, although it was conneting with no problem to my former router D-Link DIR 365.Anyway, just yesterday I've purchesed a brand new netbook (Evolio U9) and it doesn't see my router, although it sees all the other connection availables (my neighbors' wirless networks), I even connected to one of them just to test if anything was wrong with the netbook.
I also have problems when trying to connect with an Iphone 4. Well, it does connect, but the connection to the iphone just goes on and off making it impossible to use. It's really strange that all the 3 Iphones in my home have no issue connecting, not even my Glaxy S3, nor any of the Smart Tvs, nor the printer.Does the router have any number of limited connections available? The router configuration is the ones done from the CD. I've only assign a SSID and a WPA password.Please note that all the computers above are GENIUNE Windows
View 9 Replies
View Related
Oct 24, 2011
I've recently bought a WRT54GL router, and I`m having some problems with it. The original firmware the router came with had a bug, and couldn`t even connect to a PPPOE network. I downloaded the latest firmware version for this model (4.30.14 build 5, Oct. 26, 2009). Now it can connect to PPPOE but the broadband speed is limited to ~ 30Mbits/s. My ISP normally provides a download speed up to 80-90MBits/s, and if I bypass the router, and connect the internet cable directly to my PC, it works.
The QoS is disabled, so this can`t be the problem, but I searched the internet, and I found that it can be because the router`s CPU is too slow and can`t handle connections up to 80-90Mbit/s download speed, but this sounds a little bit weird to me.Did any of you gus run into this problem? Is it a hardware problem, or a software one? Maybe there`s something I need to set up in the admin interface?
View 3 Replies
View Related
Feb 28, 2011
My company ordered NAC and ACS 1120 My question is Can i configure 802.1X security through ACS server and NAC in layer 2 Inband Virtual Gateway.for campus switches.Is it the good design to have double security for switch ports. 1st is 802.1X and 2nd is NAC in layer 2 INBAND VG?
View 1 Replies
View Related
Apr 14, 2011
I have a 2821 ciso router and i want to setup a vpn for my windows domain users , they must to reach the domain from outside. There is posibile to intregrate Active directory auth with pptp running on 2821 router? kind of dialin via radius server(IAS running on windows server 2003).
View 3 Replies
View Related
Jan 30, 2011
In my laptop, bluetooth lan access server is shown with crossed mark. I would like to know how to connect it.
View 15 Replies
View Related
Nov 13, 2012
i have 2 routers 2821 with wic-2t serical card and 1921 with hwic-2t serial card.can i connect between those two serials card with serial cross cable ?
View 3 Replies
View Related
Jun 5, 2011
I have Cisco 2821 router, using it to learn various features. I just recieved this router recently. I wanted to connect it to my cable modem so I can access the outside world. Also when I overload a new interface comes up NVI0, which is nat vertual interface, but anyways.
View 1 Replies
View Related
