I have two ISP's and I want to channel specific traffic out of an interface based on traffic type. Will the ASA 5505 security bundle allow me to route specific traffic out through a specific interface?
View 2 Repliesi've searched the cisco product line looking for a simple router that many of my small to medium size clients can benefit from .Most of these clients have approx. 40 - 75 users and they have standard T1 Connections for Internet as well as a secondary Internet provider utilizing broadband ( cable )
i would like to find them a cisco series router that can provide both load balancing to maximize the speed from both ISP's and - provide automatic fail-over / business continuity in the event one of their Internet lines goes down.
i see that the 800 series router provides business continuity but it doesn't appear that is suitable for my situation ( T1 / broadband cable ) not DSL.don't want to spend 5k on something that is overkill b/c again, these are relatively small offices ( 40- 75 users max )
Does the Cisco WAP4410N Wireless-N Access Point device have simultaneous wireless N dual-band 2.4 GHz and 5 Ghz capability?
View 2 Replies View RelatedI have an ASA 5505 with the Security License running 8.4 and 6.4.5 software, I have a fully working VPN solution on there using a ISP IP - works fine. My boss wants to split the lines/bandwidth to another ISP we have coming into the office. So what I want to acheieve if possible is this Say my current isp is 5.5.5.5, my internal network is 192.168.2.x and my other ISP is 6.6.6.6 - is it possible to use the ASA to accept VPN clients from both ISP's and use the internal network?
View 2 Replies View RelatedI have problem with dual ISP + IPSEC on my cisco ASA5505 sec plus licence.Routing is working correct (connect to Internet from siteA is working trought 1st also second ISP) but IPSEC is working just trought the first ISP! It seemt that phase 1 and 2 of IPSEC is correct but packets are just encrypting but not decrypting.
I'm trying ping from siteA (PC - 10.4.1.66) to siteB (PC - 10.3.128.50)
config site A:
##########################################################################
ASA5505 Version 8.2(1)
interface Vlan1
nameif inside
security-level 100
ip address 10.4.1.65 255.255.255.248
!
interface Vlan2
[code]....
for the purpose of a redundency, incase the primary ISP goes down the backup kicks in.Can this be done with the basic license (max 3 vlans) or you need to have the security plus license. (20 vlans) Currently not using the 3rd vlan (dmz)
View 5 Replies View RelatedI've been searching the net for days now trying to configure the ASA5505 for dual DHCP ISP use. All guides available assume you have one static.
After realizing that it required a Security Plus license to even configure 3 VLANs.
I can choose a backup interface in ASDM. It even says dual ISP enabled. Why cant there be a guide or simple configuration example or am I the only one looking for this kind of solution?
Customer has two ADSL internet connections and want to switch between them if they fail. No load balancing required.
I have setup an ASA5505 running 8.2 with dual ISP's
Primary link is the current live static route out and the backup picks up if the primary fails. That all works great However I have an issue with inbound NAT rules
I have configured an inbound static on the primary which works great
static (inside,primary) *.*.*.* 10.1.1.1 netmask 255.255.255.255 access-list outside_access_in line 2 extended permit tcp any host *.*.*.* eq 3389 (hitcnt=4)
Question? With the primary link active and the default route pointing out through the primary, am I able to configure an inbound NAT to the same inside host 10.1.1.1
on the backup link?
If the primary fails users will need to be able to connect inbound to this service
When I try to set it up I got this error ERROR: Static PAT using the interface requires the use of the 'interface' keyword instead of the interface IP address
So I tried that and got this error WARNING: All traffic destined to the IP address of the backup interface is being redirected. WARNING: Users will not be able to access any service enabled on the backup interface.
So what is the best practice for configuring inbound NAT for a dual ISP configured ASA
I have a site with an ASA5505 and 2 isp connections but the catch is the 2 isp's are giving me a dynamic IP so I am unable to use this [URL]
View 3 Replies View RelatedI'm trying to set up a S2S VPN between two ASA5505 SP units running ASA Version 8.2(1). I've ordered additional ADSL2 lines to handle this traffic and I'm having troubles with the configuration for the additional PPPoE connection. Here is are extracts from my current config; First the interface vlans
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
[code]....
The result being that I can ping the OUTSIDE interface, but get no reply from the VPN interface. I've checked ADSL lines, they are up. The two PPPoE sessions are logged in and active. I can even see the ICMP packets hit the VPN interface, but there is no reply.
We have cisco asa 5505 series ulbunk8 and if it is possible to upgrade it to k9?
View 5 Replies View RelatedI have Cisco ASA5505 8.2(5) connected with Cisco 5520 8.2(1) via IPSEC tunnel, I was able to SSH from the inside 5520 to inside IP of the asa5505. but I after I upgrade the license to security plus at 5505 I lost the SSH and ASDM to inside IP of 5505 from the inside network of the 5520. however I still can use SSH and ASDM on outside IP of 5505.
I did a lot of testing to make it work but I couldn't I added SSH 0.0.0.0/0 inside and outside also I added acl on both interfaces. when I did a trace on the outside interface from the private network of 5520 to 5505 inside IP I got IPSEC spoofed by the way that trace only works with security plus because I try to test on all my other firewalls 8.2(5) it shows nothing and all my firewalls can accessed from the private network 5520 except the one with the security plus!
We have had an ASA5505 for close to two years. About a year ago, we added a second ISP ("BOB") which became our primary and our old one (SBC) became our backup. I successfully modified the config for this and it's been working well.
Now we're changing our primary ISP to Comcast and getting rid of BOB, so right now we actually have 3 ISPs coming into our building.
I removed the BOB interface and routes, then added an interface for Comcast using an IP address from the range they provided as well as a static route to the gateway they provided - everything is analagous to the previous interfaces and routes, but it doesn't work. If I physically disconnect the Ethernet cable going to the Comcast cable modem, then the ASA does fail back to the SBC interface as expected. If I put the BOB interface & route back in there, it works again through BOB.
If I connect a PC to the Comcast cable modem and use an IP/Gateway they provided, the Internet connection *does* work. Using this same exact IP info in the ASA doesn't work.
Is there some other configuration item besides interfaces and static routes that I should be modifying? Is there some way I can dig deeper into the ASA to see exactly what is failing?
I have an ASA5505 with Security Plus license so I can have many interfaces (not 2 + 1 limited DMZ like in base license)
I have 2 VLANs.Is it possible to use one ISP for VLAN 1 and other for VLAN 2 ? Is it limited to 2 ISP's or can have more ?
I recently configured WCCP with a Sophos Web Filter on my network it works good but the problem I am having is I have two 5520s so I am directing the device to look at 2 different IP addresses and since the devices are in an Active/Passive failover. The problem is because the second device is in a passive failover it is not responding which is throwing connection errors to my Sophos device. I know you can have a single management connection for the ASA's but is there a way to have a single IP for the ASAs for the WCCP?
View 1 Replies View RelatedI am trying to configure my ASA5505 to allow SMTP relay and the ACLStatic I created is not working. [code]
View 3 Replies View RelatedI have a couple of ASAs 5505 (HQ & Branch) running version 8.2(4). They are configured with a Site-to-Site VPN over a single WAN link: [code]
I want to enable sla monitor on one of the devices in order to know the real status of my unique link because the interfaces sometimes don't go down, so I don't have any real statistic of failures.
All the information is related to dual ISP links failover. Is there any extra-consideration for my single link scenario?I already have a static route route outside 0.0.0.0 0.0.0.0 192.168.0.1 1 so I think I have to overwrite it with something like this route outside 0.0.0.0 0.0.0.0 192.168.0.1 1 track 1. Is this correct?If so, when I overwrite it, will the S2S VPN go down and will it go up automatically?
I have an ASA5520 in location A with an ISP connection and a matching ASA5520 in location B with a separate ISP connection. We have fiber connecting the two locations and vlans passing back and forth so I will be able to configure the failover via a vlan as well as extend the ISP's to each location via vlans. The Active/Active configuration with the multiple security contexts does not seem to be an issue but how is a redundant ISP configured in this mode?We want to have context A using the ASA in location A with ISP1 as the primary and failing over to ISP 2 in locaiton B We also want to have context B using the ASA in location B with ISP 2 as the primary and failing over to ISP1 in location A Would route tracking provide the desired result? Is there a better option?
View 1 Replies View RelatedI would like to make a design with 4 Nexus 5596UP. 2 of them equipped with Layer 3 Expansion Module so they can serve as core layer and the other 2 Nexus used as Layer 2 for aggregation server layer.The 2 Nexus in the core layer will run HSRP and will peer with ISP via BGP for Internet connection The 2 Nexus in the aggregation layer will be configured as layer 2 device and have FEX and switches connected to them.What I am ensure of is how the vpc and port-channel configuration should look like between the 4 nexus. What I was thinking is to run vpc between the 2 Nexus in the aggregation layer and between the 2 Nexus in the core layer. Than I was thinking of connecting each Nexus in the aggragtion layer to both Nexus in the core layer using port-channel and vice-versa.
View 3 Replies View Relatedhow to change our wireless setup. Currently, we have 2 Cisco AiroNet 1130 WAP's in the office that go directly into the 2 POE ports on our Cisco ASA 5500. These WAP's have 1 SSID and are using WEP for security. After demonstrating the flaws of WEP to my boss, he has agreed that we should use something more secure and I've suggested WPA. We want visitors to our office to be able to hop on our wireless but on a separate guest SSID with WEP.
I'd like the internal SSID to route to the ASA and take the default route to the internet (it will be our new fiber connection once it's installed in a couple weeks). The default route is whichever connection is working since our ASA 5500 will fail over when it detects an outage.
I'd like the guest SSID to route to the ASA and then go over our existing cable connection. This connection will be our backup once the fiber connection is installed. Since we won't be using it very often, but will be paying for it, I advised that we send all guest wireless traffic over this connection since 50/5 is plenty for guests.
The current SSID (which will be the internal SSID) has no VLAN. We do currently have a few VLANS on our network, one for voice (.42) and one for data (.100) and the default (.0). What device to I create the VLAN on (Cisco 5500?) and how to I setup the WAP? I need very basic instructions to start and I'm also trying to do this without causing downtime if possible.
I've attached a diagram of what it should look like. Red indicates our internal network and Blue indicates the guest network. I can send screenshots as well.
I wanted to ask a question about the diagram I have included. We are bringing up 2 MPLS WAN connections and would like some specifics on the best design. We are using BGP to the providers. From there we have big questions. We can run BGP internal and are licensed to do so on the N5K's. The N5Ks are currently using HSRP for inside LAN clients as default gateway. We want to load balance and provide redundant routes using a dynamic approach. Should we use BGP internal utilizing the connections between the routers? Should we use HSRP on the routers? How best to get the routes to the N5K and should we be considering this?
View 5 Replies View RelatedI run 2 RV042 V1 for home and office with Gateway to Gateway VPN connection with single WAN connection in use. Everything works like a charm!
I was even able to create VPN connection with 2 WAN connection on one Router and 1 WAN connection on another with Smart link failover and VPN Tunel Backup.
I got problem though when i tried more complex connection diagram. [URL]
So basically I now have 2 ISP connections on each point with Static IPs and I'd like VPN Connection to be alive for ALL 4 options automatically with failovers (smart links) And tunel backups but i'm not sure if that's ever possible with my equipment.
Transceiver integration within Cisco 3945.I need to supervise the DOM (Digital optical monitoring) capability of LX laser integrated within CISCO 3945.But after study of the Cisco DataSheet on transceiver module compatibility:
[URL]
I've seen that the SFP-GE-L model which supports DOM cannot be integrated within Cisco 3945.As specified in the datasheet, the only model of LX lasers compliant with CISCO 3945 is GLC-LH-SM (without DOM).However, after study of this datasheet, I can see that Cisco propose this Tranceiver model with DOM capability: GLC-LH-SMD But, so far I can't figure out if this model (GLC-LH-SMD) with the DOM capability is supported on Cisco 3945 and can be monitored through monitoring tools? If not, is there an other alternative to supervise the DOM capability with transceiver (LX) to be intergated within Cisco 3925?
we are using the prime 4.2. want to know the capabilty of the HUM poller. How many interfaces can be added in a single hum poller ? And total interfaces can be managed by the HUM as recommended by the cisco ?
View 5 Replies View RelatedMy HP laptop (Windows Vista, 4-5 five years old) has started to malfunction. I cannot connect to the router attached to my PC. The message tells me that the wireless capability is turned off. It says "Turn on wireless capability - this can be done by using as switch which can usually be found on side of computer or a function key combination." I can find no switch on my laptop, and don't know how which function key combination to press.
View 3 Replies View Relatedeven after switching on & off external button on laptop but still my laptop states wireless capability is turned off. what do i do.
View 1 Replies View Relatedthe wireless capability says it is turned off, however the switch for wireless is on, and I heard that it might be in powerdown mode, do you know where on a dell this can be changed or the wireless capability turned
View 1 Replies View Relatedhow to turn wireless capability on ,on hp 530?
View 1 Replies View RelatedI recently purchased a 1941W Router and upgraded it to IOS15.2T. After upgrading I was disapointed to see that it didn't have IPSEC VPN capability. What do I have to do to get this support activated/installed on this device?
View 1 Replies View RelatedMy daughter has an old Compaq N600c with OS XP professional. When she visits me she would like to use my wireless broadband, however, her laptop does not seem to have a wireless capability. Is there any way we can install a card or something? I opened the silver multiport cover on the laptop lid � and there is a green card in there, marked PCB-PC7507 TRANSFB-30D-VER 310.Alternatively, would one of those USB dongle adaptors work? If so, can you suggest what to buy?I�m useless with computers.
View 3 Replies View RelatedDoes the Apple MacBook Air MD224LL/A have an integrated wireless network (Airport or otherwise) that will enable it to connect to the internet, even though the specs do not mention Airport?
View 1 Replies View RelatedMy computer the theme of my laptop changed and a lot of programs have now shut off it has now been 30 minutes and I have turned on all the programs that was needed i did ant virus scan and nothing came up, how do i turn my wifi back on? its not my modem cause i manually connected it to the laptop and its working fine and if it was my modem I would still get to see the other connections in my housing area.
View 1 Replies View RelatedLooking for my next router and it needs to have the standard WIFI capabilities, Gigabit wired ports and also ability to use 3G modem, or have one built in. I have not seen any entry level routers that does this.
View 1 Replies View Related