How I enabled the Virtual Keyboard on the main portal page on our ASDM v6.0(2) ASA v8.0(2). I remember seeing the option once upon a time and now i can't seem to find it.
View 2 Replies
I currently have our ASA5510 setup for AnyConnect 3.0 VPN clients and IPSec VPN clients. I'm trying to add Clientless SSL VPN functionality for employees without company laptops. Because they won't be using company PC's I want them to connect to the webvpn portal without having to install any type of client.
I have a Clientless SSL VPN connection profile setup and have it set to use Clientless SSL VPN only. However, whenever I login to the portal it automatically tries to download and install the AnyConnect client. How do I enable the VPN web portal without the AnyConnect trying to install?
I'm trying to setup a SSLVPN Portal for our customer which will authenticate against Active Directory using LDAP over SSL and with the portal have the ability to change password if it has expired. I have managed to setup everything now except for the password reset which is giving me a headache. This is the message that's presented by the portal when i try to change the password even though the same password works when i change it on a PC instead of using the portal.
"Cannot complete password change because the password does not meet the password policy requirements. Check the minimum password length, password complexity, and password history requirements."
And below is the output of ldap debug on the ASA5510 the Portal is running on.
[473] Session Start
[473] New request Session, context 0xadbe760c, reqType = Modify Password
[473] Fiber started
[473] Creating LDAP context with uri=ldaps://x.x.x.x:3269
[473] Connect to LDAP server: ldaps://x.x.x.x:3269, status = Successful
[473] supportedLDAPVersion: value = 3
[code]....
My company ordered NAC and ACS 1120 My question is Can i configure 802.1X security through ACS server and NAC in layer 2 Inband Virtual Gateway.for campus switches.Is it the good design to have double security for switch ports. 1st is 802.1X and 2nd is NAC in layer 2 INBAND VG?
View 1 Replies View RelatedI am using the Cisco ASA5510 for my Telepresent infarstructure. I have a problem with Encrypted SIP calling for call in/out.
Is there is a way to disable the TLS inspection for Cisco ASA5510?
I have configured 3355 NAC appliances in HA pair everything is running fine.But not able to Login through GUI (Virtual IP) which is used during the configuration of HA pair.
View 1 Replies View RelatedI've installed version 4.8.02.0010 of the VPN client onto a Dell Latitude D820 laptop. When I attempt to connect, I get this message. There are no firewalls running (I disabled the Windows XP firewall) and I'm running under Service Pack 2 with all of the latest security patches from Microsoft.
I even tried un-installing the client and using an older version (4.8.00.0440) and it reports a similar error in the Log file.
I'd prefer to NOT have to wipe the laptop and reinstall the O/S if I don't have to. This is the only laptop that I've experienced this problem with but it's also the first Dell Latitude D820 that I've attempted to install the client on.
Is there a problem with the Dell Latitudes and the VPN Client? Is there another way around this other than a wipe and re-install?
We have a standard modem/wireless setup that has worked fine for years. Last month, my sister brought her laptop over and, for some unknown reason, choose "set up a connection or network" and unknowingly changed the setup to a security enabled network. I have no idea why she couldn't just log on without any problem. She has the same modem at her house, and I have no problem logging on at her house. Anyway, it now asks for a password, and she swears she never entered one. I can go online if I plug in an ethernet cord but that means my laptop can only go online at my desk. And I cannot use the internet features on my ipod touch. Is there a way to reset the modem back to a regular unsecured setup?
View 4 Replies View RelatedHow do I disable the USB port in the 881 router?
881router#show usb port
Port Number: 0
Status: Disabled
Connection State: Disconnected
Speed: Full
Power State: ON
I have several SF300 switches deployed (SF300-08, SF300-24P). They are connected to IP Telephones (NEC) which communicate with the switch for auto voice VLAN on LLDP. The problem I am experiencing is that periodically the IP telephones are rebooted by the telephone vendor and when they do the switch puts that port into "Locked" port security mode and discards all traffic to the port. The IP telephones of course do not work. In other switch models, I have seen the ability to enable / disable port security switch wide or on a port by port basis. This model does not appear to have this feature. How to disable or why the phones would cause the switch ports to "lock"? There is usually one PC attached to each phone.
View 1 Replies View Relatedsometimes I let my friends to use my laptop but unfortunately they can see password of my wireless router which my laptop is connected to by going to this wifi network Properties and then to Security and then check in "Show Characters" box..so is there any way to prevent them from seeing my wifi network password in Windows 7?
View 1 Replies View RelatedIn order to get my wireless printer up and running I need to temporarily disable my actiontec PK5000 router.
View 11 Replies View Relatedi have a strange issue on a link between two ASA5510: both ASAs are interconnected by a P2P Fastethernet link, and the traffic between both ASAs is being secured by a L2L IPsec tunnel. The configured MTUs are 1500, however packets bigger than 1020byte are being dropped. IOS is 8.0(5). I didn't find so far any CAVEAT describing it.
View 2 Replies View RelatedI'm using a couple of ASA5510's since a few years in a few datacenters, and I wonder about the following:
Usually the ASA's are positioned with the connectors facing to the back of the 19" cabinets, so one can easily connect the device to other networking-hardware. In many datacenters nowadays, cold-coridors are used, which results in a forced airflow through the cabinet, which is empowered by the fans in the servers itself. But the ASA's are permanently blowing air in the opposite direction, and are also taking the air from the part of the cabinet where the air is as hot as it gets.
Is it a good practice to open up the ASA and flip the fans 180 degrees to solve this?
I have a Nat Strict problem with my router model WRT160N. I want to make a dedicated server with UT3.I tried many things like disabled all security in the router or disable UPNP, fowarding every ports that Unreal Tournament need or DMZ settings. I am running a batch file to start the dedicated server... but still have '' Nat is now strict'' in the log of my batch file. I cant see my server in the master server list inside the UT3 game. I tried to make the server without my router, directly connected to the modem and then it works instantly.
View 9 Replies View RelatedWe want to have a ASA5510 with both IPS function and Content Security feature, while I checked on Cisco website, looks like ASA5510 or 5520 only have one SSM slot, so I can only use either AIP module or CSC module, does it mean I can not get both features at the same time.
Right now I want to have IPS function and anti-spam, anti-virus, antiphishing, content filtering, URL blocking such feature, so what do I need to buy to have all of these function in one device?
We have an ASA5510 with two ADSL lines connected and the auto fail-over set up - this is all tested and if the main line fails, the backup line is used in it's place - no problem there.
However, I'd like to increase our connection speed, and one way I've done this in the past is to add a couple of extra ADSL lines to a router that is capable of load balancing.
I'm aware that the ASA5510 does not load balance (seems a waste as we've got the backup line just sitting there doing nothing!), but would it be feasible to add another router in front of the ASA device to perform this load balancing function?
i have a cisco ASA5510 FW using in my network .The present Flash Mem is 256 mb and want to upgrade to 512mb,
View 3 Replies View RelatedI have a 2811 ISR configured to provide the following services to my network:
Internet access to LAN users Cisco Call Manager ExpressSite-to-stie VPN to 3rd party networksVPN server to provide VPN access to remote usersSecurity Zone configurationsStatic NAT configurations Now I recently just got the ASA5510 device and I am not sure how to go about with the setup, whether to put the ASA in between the internet and the ISR (Internet - ASA - ISR - LAN), or put the ISR in between the internet and the ASA (Internet - ISR - ASA - LAN)? While i know I can move most of the config unto the ASA, i know that the CME cannot be moved, hence I would like to do the setup such that users on the network still have access to CME.
I am looking to simply monitor Port-Security , Error-Disable and HSRP. I would like to receive an email when any of these are triggered.
Port Security - Port Is shut down
Err-Disable - Port goes into err-disable state (securedown)
HSRP - When HSRP standyby changes are detected
I need to receive emails with any of the able are triggered. What is the easiest way to do this? I know SNMP is the main option but I have never worked with SNMP and dont understand it too much.
Equipment:
2x Cisco 1921 series routers
3x Cisco 2960 POE switches stacked
Recently upgraded a 5510 to Anyconnect Essentials and Anyconnect Mobile, the device was Security Plus and is now Base. Is it supposed to work this way? I lost my Gigabit interfaces. Is it possible to have Security Plus + Anyconnect Essentials?
View 1 Replies View RelatedI have a ASA 5510 and planning to implement multiple context in a 2 tier security level and vrf-lite. meaning I have 2xASA facing the internet and below that a 2x3560 switch for our extranet and below that is another 2xASA for intranet. See diagram below. In this kind of network I want to know how it would impact the total throughput and resources of the ASA using multiple context?
INTERNET
| |
| |
2811A 2811B
| |
| | (OUTSIDE)
ASA_A-------ASA_B
| | (INSIDE)
| |
3560A---------3560B
| |
| | (INSIDE)
ASA_C--------ASA_D
| |
| | (OUTSIDE)
3560C----------3560B
| |
INTERNAL NETWORK
I m getting mention error when try to open subjected web link.
Deny TCP (no connection) from Outside:180.87.10.44/2443 (180.87.10.44/2443) to DMZ-1:a.b.c.d/1594 (w.x.y.z/17964) with follow explanations.
"The adaptive security appliance discarded a TCP packet that has no associated connection in the adaptive security appliance connection table. The adaptive security appliance looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the adaptive security appliance discards the packet."
Where, a.b.c.d = our private ip address (Natted) w.x.y.z = Public Ip address.
I want to configure a remote VPN for our clients on Cisco ASA 5510 using Dyn DNS as I dont have static IP address.
View 9 Replies View Relatedi'm about to configure a syslog server to receive syslog messages from a Cisco ASA5510 and being it a one week test I was wondering how much space should I allocate on the machine hosting the tool (kiwi syslog). I see that the ASA fills the internal syslog buffer to 4MB and then it overrides it. How many messages would those 4MB be?
View 2 Replies View RelatedAny data sheet or a brochure with the ASA5510 MTBF?
View 3 Replies View RelatedI'm facing a problem with two vlans. Each vlan has internet access by NAT.
In each vlan there is at least one server, who should be accessible from the other vlan and vice versa.
The function "same-security-traffic permit inter-interface" doesn't work, because NAT control is in place - so an expert.
Some experts told me it's not possible to route back out the same interface, and also not route back out the seperate subinterfaces as well.
I have an ASA5510-BUN-K9 in this version:
###
Cisco Adaptive Security Appliance Software Version 8.0(3)6
Device Manager Version 6.0(2)
Compiled on Thu 17-Jan-08 17:42 by builders
System image file is "disk0:/asa803-6-k8.bin"
Hardware: ASA5510, 202 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
###
The question is what i need to add the CSC10 SSM with content filtering and url filtering to this version of ASA? Do I need more ram? Do I need more flash? Is this version compatible with the CSCSSM hardware? What licenses i need for 100 users?
we operate an active/passive cluster with 2 ASA5510 in Routed Mode. Is it possible to add another node, so that we have one active and two standby nodes in the cluster? Unfortunately, I have found no documentation on this .... The data sheet say only up to 10 nodes can be mentioned as a VPN load balancing cluster.
View 1 Replies View RelatedIs it possivble to have 10 security licenses, license to a Cisco 5510 and have them transfeered to a Cisco5520?
View 1 Replies View RelatedJust recently we replaced our HQ Cisco-Pix with Cisco-ASA 5510. where we have many branches connecting to our HQ through site-to-site vpn. Since putting this new ASA5510 at HQ , while we are getting a Remote-Desktop session into our branches clients, and at the time when even a single TIMEOUT occurs on the vpn-link so the remote-desktop session gets completely lost. then we have to re-connect the session.This issue happens as i said above when a single timeout occurs on the vpn link. What is the issue with the ASA5510. because with pix we didn't have this issue, remote-desktops were never getting lost / reset with single timeout
View 1 Replies View Relatedmy keyboard is typeing slow
View 1 Replies View RelatedWhat is the best method for connecting two PCs to 1 keyboard and mouse?
View 3 Replies View Related
