I got a task to replace our current cisco 2800 series router which is used for easy vpn remote access with cisco asa 5510.I have a got a lot of users, i wish that user shall see no difference except of ip address they are going to use for remote login.
View 1 RepliesASA 5510 security plus edition will it support active/active failover. and does it support context with securiyt plsu edition. and how many default context do we get with asa 5510 security plus edition.
View 3 Replies View RelatedI'm replacing an 877W router with an C887VA-W-A-K9.The new router uses the service module for managing the AP independently - So I know I can't simply paste the config accross from the old one.
The current router is connected to an ISP with a VPN back to the head office router. DHCP is supplied from the router and clients connect to that via wireless.
I know I can type most of the commands in - but what is best practice going from an all-in-one to having a separate AP? What order should thing be entered?
Comcast upgraded me to a 30 Mbps speed, and my trusty old BEFSR41 v2 doesn't cut it. Cisco promotes wireless routers with a 1 Gbps ethernet, I would rather have a wired router, and use a WAP that I can unplug when I am not using it, since, for now, I only connect my work notebook wirelessly. Most wireless routers also generate a lot more heat than a wired one does, and I don't need any more heat in my Houston home.A new BEFSR41 v4.3 is only 10/100 Mbps. There doesn't seem to be any 1 Gbps wired routers for home use. Will a new BEFSR41 give me 100% of the cable Dociss 3.0 speed, or would I need to get a 1 Gbps router to get the fastest throughput? Or do I only need to upgrade when the cable speed increases closer to 100 Gbps?If a 1 Gbps router is better, are there any simple business wired routers you could recommend?
View 1 Replies View RelatedI have that red gigabit router with the 150/65 service. It connects via ethernet for internet and has a coax to transmit the guide data etc.So my idea was to just leave the Verizon router connected and on (with wi-fi off) so it could do the TV stuff and just plug my router into the ethernet wall port the Verizon guy installed.Not so easy of course, my E4200 will not recognize the ethernet from my ONT (I think that's what the device they put in my basement is called) and the internet doesn't work. I have factory reset the router.The reason I am doing all this is because the wireless range of the e4200 at 2.4ghz is near unmatched and given my house, the actiontech cannot reach my room.
View 9 Replies View RelatedI have a 2801 router that I am replacing with a 2911. I know the ports on the 2911 are Gigabits and the 2801 are Fe. I read where the IOS would not support backup and restore on each other . I am attaching a show ver on both routers. I need to know if backup and restore would work and or what other changes would need to get done.
View 1 Replies View RelatedI want to replace a WRT150N with an E2500 and retain the setup/settings of the WRT150N.
View 2 Replies View RelatedI purchased an E2500 wireless router. I am trying to replace a Netgear wilreless router with no success. During installation my laptop reaches about 25% and I get an error message. In short my laptop asks for an IP address with a password. Once I enter that information I receive an error message to call for assistance.
View 1 Replies View RelatedI am trying to replaced our wired router (BEFSR41) with a wireless router (WRT54G V5) that we have floating around. When connected through the wireless router, I am unable to access 192.168.1.1. I went to the command prompt and The IP Address and the Default gateway are both blank. I even tried to manually set the default gateway to 192.168.1.1 but I was still unable to connect. Currently, I am connected directly to the modem so that I may use the internet for troubleshooting. I've tried releasing and renewing the ip, but it will not renew.
View 2 Replies View RelatedI am attempting to bring up a remote router using a pppoe connection by replacing the current Tenda 308R router with a Cisco 1921 using the Ethernet connection on the WAN side. The connection works fine with the Tenda in place but when I put the Cisco in I get no connection and no answer for my PADI queries.I always get padi timer expired. I do not think it is even getting to the ppp authentication. [code]
View 5 Replies View RelatedI want to ask for the possibility of configuration below? 2x Cisco ASA 5510 running Multi-Context mode and Active/Active Failover1 Cisco ASA 5510 (ASA 1) has AIP-SSM1 Cisco ASA 5510 (ASA 2) has CSC-SSMThere are 2 contexts, context A and context BASA 1 is the primary firewall for context A, and secondary firewall for context BASA 2 is the primary firewall for context B, and secondary firewall for context A
Can AIP-SSM on ASA 1 inspects traffic of context B which primarily runs on ASA 2?Can CSC-SSM on ASA 2 inspects traffic of context A which primarily runs on ASA 1?
In the next month or so I plan to replace my old desktop PC. It is currently connected to a Linsys E3200 wireless router. I have many other wireless devices also running off the E3200, but my PC is the only wired device connected to it. When I replace the wired PC do I simply switch the new one in with the existing ethernet connection (I'm sure it is not that simple) or do I have to start over again recreating my entire network..security etc.. ? If so what is the process to start over ? Do I have to reset something on the router, reload cisco connect, create a new network name?
View 4 Replies View RelatedI want to upgrade my ASA 5510 from version 7.0(6) to 8.2(5). Reading the release notes for 8.2(5) it says the DRAM requirement is 256MB unless you have high CPU usage. Also it says I need to upgrade through the major releases, from 7.0(x) to 7.1(x) and 7.1(x) to 7.2(x) and then from 7.2(x) to 8.2(x). The questions are:
- My ASA has 256MB of RAM and 68% of free memory, would you think it will run the 8.2(5) version with no problem?
- When making the upgrades to the major releases, is there any consideration regarding the configuration file? Or the versions to use for the 7.1 and 7.2 versions?
- Would you recommend making all the upgrades in one maintenance window? How much time could it take?
We’ve ordered ASA 5510 with security plus license as below description:
ASA5510-K8
ASA 5510 Appliance with SW, 5FE, DES
L-ASA5510-SEC-PL=
ASA 5510 Security Plus License w/ HA, GE, more VLANs + conns
The license details on the appliance shows as the below,
Fail over : Enabled
Encryption-DES : Enabled
Encryption-3DES-AES : Disabled
Security Contexts : Default
GTP/GPRS : Disabled
Any Connect Premium Peers : Default
Other VPN Peers : Default
Advanced Endpoint Assessment : Disabled
Any Connect for Mobile : Disabled
Any Connect for Cisco VPN Phone : Disabled
Shared License : Disabled
UC Phone Proxy Sessions : Default
Total UC Proxy Sessions : Default
Any Connect Essentials : Disabled
Bot net Traffic Filter : Disabled
Inter company Media Engine : Disabled
I’ve noticed that the 3DES is disabled, do I need to order another license to use 3DES or not ?Also, I need 2 ~ 5 branches to connect simultaneously and have VPN access on their laptops to the main branch via vpn software, which VPN software I should use and is our license enough or I should order another license.
i have upgraded a PIX 525 lately to a 5510 ASA, but i have faced a problem after this.One of the DMZ's are connected to a switch that is not connected to my VTP domain on a DMZ port.
with access-list to permit from host to host with all ports opened.my problem is that the outside client is able to initiate a windows VPN to a server that i have in the DMZ, BUT it disconnects after almost 10minutes. What might be the reason of the disconnection.Note, a cisco remote access VPN is also configured on the FW, and it doesnt disconnect.
trying to TS a VPN device that is behind an ASA basic set up is IOS VPN<firewall/nat<internet>ASA/nat>IOS VPN
I do not have a lot of insight into the other side of the connection, although the tech on the other side claims all is good. so to the point.
Is the asa capable of allowing this tunnel to work? The configs and debug follow.
1.1.1.1 = my public ip
2.2.2.2 = peer public ip
The asa -
[Code]......
I was under the impression that those global addresses that we used with NAT were from the outside IP addresses range?Lets say my outside IP address is idk 192.112.40.11 /30 and I only had two usable IPs (since you can't use network and broadcast IPs) so how would I set up NAT for a couple of Inside addresses with a shorting of addresses like this? Idk if that makes sense what I'm trying to say
View 3 Replies View RelatedI'm trying to monitor Tunnels activity. We want to gather statistics like bandwidth utilization per Tunnel and in the case of Remote Access also the user name associated with a tunnel. All this via SNMP
I've browse through the Cisco-IPSec-Flow MIB and found the TunnelTable, this seems to provide everything I need in Regards to Tunnels, I just need a tip in how to calculate or obtain the bytes Tx and Rx. I can obtain packets and Octets amounts but not actual bytes. Is there another OID I should be inquiring?
In regard to Remote Access I found the CRASSessionTable From here I can obtain the Group associated with the tunnel and I should be able to obtain the User name through the 1.3.6.1.4.1.9.9.392.1.3.21.1.1 OID, but I'm getting an UnSupported response when querying this particular OID.
What OID can provide the User name?
I know that Cisco Performance Monitor can in fact obtain all that info from the ASA so there must be an appropriate OID I can query to obtain this particular info.
I have a ASA 5510 that uses Radius for Authentication. What I am trying to do is assign each user that logs into VPN to have a specfic static IP based on userid. I have about 30 to 50 users. I don't want to complicate this by having them select a different profile when logging into the ASA. What is a clean and simply way to assign user static ip and not use local database for login?
View 1 Replies View RelatedI configured Cisco ASA5510 firewall, but i am facing the problem with ssh login, i gave ssh for inside and outside access, but i am getting "server ... error" i enabled LOCAL for the authentication for ssh and HTTP. and i am able to acees the device through HTTP using ASDM, but not able to access from outside.
ASA Version 8.2(1)
!
hostname ASA5510
[Code].....
i have in my network firewall ASA 5510 but the problem i cannot login to my firewall thru telnet or ssh even ASDM or bowser this is my configuration :
ASA Version 8.2(5)
!
hostname Amco-ASA
[Code].....
I am trying to upgrade all my firewalls to Security Plus but I am not sure what firewalls are needing the upgrade. Is there a SNMP pull I can do to see what license is on my firewall? example: "This platform has an ASA 5510 Security Plus license." via SNMP
View 1 Replies View RelatedCurrently I have an asa 5510 set up with one block of outside IP addresses. Everything is working fine in regards to my initial setup. However we needed to purchase additional IPs from our provider and ended up being a whole complete different block. Where I am getting stuck is getting the new IPs to NAT to inside addresses.
View 2 Replies View RelatedI've tried 3 different machines including a server.
Basically when I try to access my ASA 5510 with the ASDM software the software never loads. So I have tried to access it through the management port https://192.168.1.2 and installed the software. The software starts up, I enter the password and it connects and loads to 100% but doesn't go beyond that point. I then try the java applet, and it as well loads up to 100% and says "Please wait, the main is coming up."
I have http server enabled, and asdm image is pointed correctly
As I said, I've tried this on two Windows XP machines and a machine running Server 2008.
I can connect through CLI all day and all night, but I'd rather (read feel much safer) configuring it through ASDM.
Here is some system version info
Cisco Adaptive Security Appliance Software Version 7.0(8)
Device Manager Version 5.0(8)
Compiled on Sat 31-May-08 23:48 by builders
System image file is "disk0:/asa708-k8.bin"
i configurated ipsec vpn at cisco asa 5510. all them are working very well. now i want to change ipsec remote vpn to L2tp over ipsec.i have router, asa and 3750 switch. all nat translation are done at router , ipsec vpn configurate at asa.
this is my ipsec configuration. this is working config. as you see i do static nat asa outside ip for vpn at router. now i want l2tp over ipsec. before i do it i have some question
1. must i do static nat port udp 1701 for l2tp over ipsec vpn? can i write access list at asa to open port 1701?
2. can i remove this static nat or i can not be change anything.is this nat is true for l2tp over ipsec vpn?
3.as you see user authentication from radius server at ipsec vpn. i also want this is same as l2tp over ipsec vpn..
4. i think that i must be add this addtional config. is this true? tunnel-group DefaultRAGroup ppp-attributesno authentication chapauthentication ms-chap-v2
is this config enougth for l2tp over ipsec vpn?? what is addtional config i need?
I have a new BGP configuration that consists of two asa 5510 and two routers 2911 at the back. My question is : Does asa 5510 support BGP?
View 1 Replies View RelatedWe have an ASA 5510 version 8.3 (2) that we accept VPN users via a radius server. Is there a way to lock down a specific user that connects to the ASA as a SSL client or IPSEC VPN user? If the specific user were to connect to the ASA, we would want the user to have minimal to not access to our system.
View 1 Replies View Related I'm looking for a system to backup the configuration of the ASA like this I've noticed:
if the ASA is 5510 or higher and has sw 8.x and ASDM 6.x we have ASDM -> Tools -> Backup Configuration command that create a folder containing all configuration files and webvpn personalization
What I have to do to have the same command on ASA 5505 sw 8.x and ASDM 6.x? Or is there someting similar using the console too?
And what else for ASA which have sw 7.x and ASDM 5.x, is there the possibility to backup webvpn personalization?
i configurated Ipsec vpn at asa 5510.
my inside ip 192.168.10.156
my public ip: 85.x.x.x
my peer ip : 62.x.x.x
the project is that:the remote site want the interesting traffic like that:
source ip 172.16.1.104 can access destination ip 10.0.154.27
my inside ip is 192.168.10.0/0 and i can not to change it 172.16.1.0/24 and i can not to add this ip at my network.i do that way but i can not test it.
interface Ethernet0/0
nameif outside
security-level 0
ip address 85.x.x.x.106 255.255.255.248 standby 85.132.71.107
!
[code]....
I have ASA 5510. Is there any difference between CSC-10-PLUS license and Security Plus License...
View 3 Replies View RelatedWe have configured site to site VPN tunnel from offshore to client location using ASA5510 and accessing RDP from client location. Also configured remote VPN access at offshore location. But using remote VPN client we are able to get RDP from officeshore location but not able to access RDP from client location. Is there any additional changes required ?
View 4 Replies View RelatedI installed a CSC-SSM-20 module on ASA 5510. After policy services have been enabled, services works well for a few minutes, after that the cpu usage's module rise to 100% and all http traffic is wholy blocked, till the cpu usage go down.This happens very frequently and traffic stay blocked for such a long time that it makes the csc-ssm module unusable. It's disabled right now. ASA version is 8.2(1)and CSC-Module version is 6.6.1172.0.
View 1 Replies View RelatedI use 3 interfaces on an ASA 5510. First interface is Lan, Second interface is Outside, Third interface is ADSL The Outside interface is used for VPN L2L and smtp traffic. (Leased line on router managed by ISP)The Adsl interface is used for Http traffic. (Adsl Cisco router) I use this configuration found on another forum subjet for routing.route outside 0.0.0.0 0.0.0.0 x.x.x.x 1route adsl 0.0.0.0 0.0.0.0 y.y.y.y 2 nat (inside) 1 0 0global (outside) 1 interfaceglobal (Adsl) 1 interface static (Adsl,inside) tcp 0.0.0.0 www 0.0.0.0 www netmask 0.0.0.0 The problem is now I have an www intranet server on the VPN remote site. How i can exempt the http traffic to the intranet server routed through Adsl interface?
View 7 Replies View Related