i have a problem with ASA 5510 version 8.2(1),i have a mac os x 10.6.8 dns server when the asa is online and i want to use the internet my internet is very slaw it neede about 1.5 min to open yahoo.com and the asa log viewer shows too many drops, i have only the rule allow any tcp/udp domain.
View 1 RepliesHave multiple Catalyst 2960S switches, Cisco 2911 router and ASA 5510 firewall.
On the router have subinterfaces created for the VLAN's Int FA0.0/41 for wirless VLAN setup with IP 10.10.41.100 Int FA0.0/60 for new Voice VLAN setup with IP 10.10.60.100 Internal network is 10.10.10.0/24 and LAN IP of router is 10.10.10.100 Have default route setup to push traffic from the router to the firewall ip route 0.0.0.0 0.0.0.0 10.10.10.251
On the firewall have added the new VLAN 10 (10.10.60.0) to the network object-group Have configured route inside command route 10.10.60.0 255.255.255.0 10.10.10.100 1 Have also added the NAT command nat (inside) 1 10.10.60.0 255.255.255.0
On the 2960 I have my laptop connected to port 45 and I have it configured as follows switchport mode access switchport access vlan 10
I assign my computer a static IP address of 10.10.60.84/255.255.255.0/10.10.60.100 with 10.10.10.11 as DNS server. When I do this, I can ping anything on the 10.10.60.0 network, I can ping anythign on the LAN 10.10.10.0 network. I am able to connect MSN messenger, I am able to do NSLOOKUP and get outside IP addresses to resolve. I am unable to browse the Internet though. I am not sure where the problem is at though. It doesn't make sense to me, as it is setup the same way as VLAN 41 which is the wireless network, and when users connect to that, they get out to the Internet with no issues.
how to configure a backup route to the internet. My client has 2 ISP and basically they want to use 1 ISP and in case the ISP fails, use the other one as backup route to the internet.
The problem I’m facing is that each ISP is plugged to a dedicated ASA 5510, so 1 ISP in one firewall and 1 in the other. Both ASA are plugged to an internal network in a dedicated VLAN with a L3 switch and that L3 switch manages the internal network.
My question is, how can I tell my switch to use ASA1 to go out to the internet and in case the ASA 1 OR THE LINK TO INTERNET used by ASA 1 fails, use ASA 2? It would be great if I can send traffic to the internet thru both connections at the same time. Also, I know the ASA has High Availability configuration, but that applies only if both licenses in the devices are the same and I have a mismatch with the SVPN license, and also I don't know if with my current topology I can use the High Availability model, so I think I can’t use that option and the solution must be applied in the L3 switch, but I don’t know how to tell it to use ASA1 and if failure of the device or the outside interface plugged to ISP 1, then use ASA2. Besides, I would like to know how to optimize this config to do the switch between internet connections seamless to the users if possible (there are VoIP calls on this floor, so I don't want to drop the calls).
I've run into an issue with this type switch. I've a 2611xm router connected to a C2924-XL switch ((C2900XL-C3H2S-M), Version 12.0(5)WC17) Basically i configured the router as a RoTS with two sub interfaces setup with encapsulation dot1q.
View 8 Replies View Relatedi have configured SPAN over cisco 2960 to monitor source port traffic but after configuration i dont able to get response from destination port as my NMS is attached on destination port so i lost its web interface.
Configuration is as under.
monitor session 1 source interface gigabitEthernet0/5 (Source Port on Vlan 100) monitor session 1 destination interface gigabitEthernet0/1 (Destination Port on Vlan 200)
My cisco 3550 EMI switch is not responding to power connection. I have checked and changed power cable. its still not working.fan is not running and no lights on front panel
View 3 Replies View RelatedI am setting up a Cisco 1941 series router for our department in Denmark. As we quickly relised we had to reset the router to it's defult settings. As we comunicated with the router thorugh HyperTerminal, the router asked me to restart. After we did so the router only sends encrypted messages wich is unreadable. We neither get any respons in the terminal when we try to write commands back to the router.We have tried to use different terminal programs as well as the USB port on the router.
View 4 Replies View RelatedI have a bunch of 3750x switches that each have a 10 gig routed link back to a central 4507 (loopback = 172.30.255.255).We carved up a /24 (of course, the /24 doesn't really exist except in our address tracking spreadsheet) into a bunch of /30's for routed WAN links and /32's for loopback addresses.We started on the low end for /30 subnets (ie 172.30.255.0/30, 172.30.255.4/30, etc.).We started at the high end for the /32 loopbacks (ie 172.30.255.255/32, 172.30.255.254/32, etc.)
Well, when I try pinging 172.30.255.255 from the access layer 3750x switches, the 3750x seems to be treating it as a broadcast ping where it lists each member that responds instead of the regular !!!!! response (this makes think something is odd with the 3750x). Of course, only one member responds (the core). But even the core seems to respond with the other end of the /30 instead of the actual /32 loopback (which makes me think something is odd in the core). I could have sworn that I've setup similar topologies without problems (ie, using 10.0.0.0/32, 10.255.255.255/32, etc as loopbacks) and as long as the mask is a /32, it should work.Also, I can ping/ssh to that loopback if my laptop is on a directly connected subnet. But I can't do it from any of the 3750x switches (which are also directly connected).I've double checked for overlapping subnets, but nope. I don't see any. Routing looks fine. The actual /32 is being propagated everywhere properly.
What this error means from a Cisco VPN client when trying to connect to a ASA 5510?
VPN Error
VPN gateway not responding (waiting for Msg 2)
Any one experience with this issue that cannot access to console port. USB serial cable and terminal server working fine with all other ASA 5510 except one of them. I rarely see the console and aux port failed to response.
View 2 Replies View RelatedAfter stacking two 3750X switches, with four equal power-supply's, with StackWise and PowerStack , still got the next message every few hours %PLATFORM_ENV-1-FRU_PS_ACCESS: FRU Power Supply is not responding (gn4m-rt1p08-04-2)( note that the message revers to the second switch in the stack ) although the stackwise and powerstack on the switches is oke and are working correctly. !
Config : Stack-power in power-sharing mode/strict With CLI on the switch : All the power supply's and stack-power details, prio look OK.
Only: LMS prime /inventory/cisco-view/configure/power supply status result : some power supply's are marked as disabled.with the command > power supply 2 slot a off/on I manage to get the status back to "normal", but after a few hours some power supply's are again marked as "disabled".
Looks like SNMP en IOS difference from opinion.
Hardware
WS-C3750X-24S-S
C3KX-PWR-350WAC
Software
15.0(2)SE
C3750E-UNIVERSALK9-M
I have ASA 5510 with CSC-SSM-10 .ASA 5510 IOS version- 8.4.2 and CSC-SSM-10 IOS version 6.6.1162.Web filtering is working fine with respective to my configuration.From yesterday morning, i was facing issue with the sites like gmail, webmail.After giving credentials like username and password in the web page, the page is not resonding.In troubleshooting process, i removed all the acls, class maps which will direct all the traffic towards the CSC. In this scenario all my mail service sites are opening.If we apply the these ACLs and Class-Maps, only my mail service sites only affecting.
View 1 Replies View RelatedI have an ASA 5510, with Ethernet0 connected to Internet via a T1 line, Ethernet1 connected to LAN1, and Ethernet2 connected to LAN2. LAN1 & LAN2 are independant, but share the Internet connection, via the T1 line. On LAN2, I have another router that connects to the Internet, via a Comcast line. I wish to route some of the traffic on LAN2 (10.38.77.0) to the other Router, on LAN2 (10.38.77.12) (connected to the Comcast line). I have entered the following lines:
route inside2 10.11.0.0 255.255.0.0 10.38.77.12 1
route inside2 10.252.0.0 255.255.0.0 10.38.77.12 1
route inside2 172.22.6.0 255.255.255.0 10.38.77.12 1
I can trace the routes from the ASA 5510 (1st hop is to 10.38.77.12), but not from anything else on LAN2.
I have mobile users using air cards that connect to the network with a VPN product called Net Motion. Our firewall is a ASA 5510. Once connected to the Net Motion VPN server the user will get a DHCP address from our network. In the past we could not get the VPN tunnel to complete since our layer 3 switch (3750G IP services) has 3 egress points and the egress point that we needed the VPN traffic to go out of is not the default gateway. To solve this we had the air card carrier set switch our air cards to static IP addresses and using route statements for the public IP addresses and access lists we got it to work.
The problem with this is that every new air card we provision needs a static IP address. My question is would policy based routing work in this scenario? The problem has been that the VPN tunnel was not able to complete the negotitaion phase as the traffic came into the switch and was trying to go out the default gateway. The VPN client wont get an internal IP address until the VPN tunnel is created.
I would like to get away from using static IP addresses.
I have an environment where i have two nexus 7010 switches, along with 2 nexus 5510's. I need to run OSPF as a layer 3 routing protocol between the vpc peer links. I have 1 link being used as a keep alive link, and 3 other links being used as a VpC link.
1) Is it best to configure a separate Vpc VLAN i.e 1010
2) Is it best to configure a vrf context keep-alive
3) just have the management address as the peer ip's.
Hardware:
Lenovo Ideapad y560, windows 7
Medialink wifi router, MODEL: mwn-wapr150n
intel wifi link 1000 BGN
I'm trying to connect to a Medialink wifi router from this laptop but after finding and connecting to it, it shows as No Internet Access. When I try to access a web page, it says DNS Not Responding. I have been able to access it before from this laptop. I am currently able to access this particular wifi spot from other devices. I am unsure if this laptop is able to access other wifi spots besides my own.
Things began to act weird after I tried changing the network name from the Network and Sharing Center by clicking on the 'House' icon, changing the network name to something besides the given router name, and pressing ok.
Since then, I have reset the router. I have checked to make sure DNS is automatically retrieved. When that didn't work, I gave it a public DNS to pull from, but that didn't work so I reverted to Auto DNS. I have enabled netbios over TCP/IP. I have flushed all caches. Nothing.
I don't have McAfee installed, only MSE.
My IPCONFIG /ALL is below:
Microsoft Windows [Version 6.1.7601]
Windows IP Configuration
[Code]......
So up till about a week ago my internet connection has been fine. Then all of the sudden it will "cut off" for about 5-10 mins and then be fine again. It happens randomly, sometimes it won't happen for a couple hours and then sometimes it happens 2-3 times in a hour. Funny thing is that it says I am still connected to the internet and infact if I am able to log into like MSN or skype or I am playing a online game, I can still play those games or chat. However, if I am not signed on to msn, skype, etc....during when I can't browse the internet, I can't log into those services. I thought maybe it was my pc, but my ipod touch and roommate's laptop experience the same exact issue as they are connected to my router. The error the pc is giving me is "DNS Server isn't responding.".
View 2 Replies View RelatedWhy my computer keeps freezing up and keep getting not responding while on the internet. Also I got a message of low vitual memory? [code]
View 1 Replies View RelatedI have cable internet with time warner, who provided me with a basic ambit modem. It works if I connect it directly with my PC. But if I try to route the connection through my netgear router (eg. connect modem -> router -> PC), I don't get internet access. The troubleshooting tool tells me that "DNS server isn't responding".
View 3 Replies View RelatedMy laptop is connecting to BT Business Hub fine but with "No Internet Access". All I'm being told is "DNS server isn't responding". I've tried all the command prompts I've found and tried "Obtaining DNS server automatically" as well as the default numbers on some forums but nothing is working.I can connect to this same network on my iPad with no problems and this laptop can connect to an alternative wifi as well.
View 19 Replies View RelatedI am always disconnected from my connection fro time to time and when I troubleshoot it says the DNS server is not responding. [CODE]
View 14 Replies View RelatedThere are three different sites, two are composed of Multilayer switches cisco 3560 and 3570 as core switches (a 3560 in one site and a 3570 in another site), the last site doesn't have any routers just a 2950 switch. Each site has two asa 5505 as firewalls. Two Internet connexions are connected to every site, one on every firewall. One Internet line is used to connect the different sites together using VPN crypted with IPsec and the other line is just for Internet access. The line that is used to interconnect sites contains voice and data traffic.At the moment all the routes are static routes, the network isn't too big for now and counts not more than 20 subnets.But it is evolving, and I want to use dynamic routing, EIGRP to be more accurate. I've looked into it and I'm not sure how to make it work. The VPNs active on the ASAs don't support dynamic routing, so I thought about GRE tunnels but the ASAs don't seem to allow it either.
View 11 Replies View RelatedUse wireless router and can connect to internet on laptop. When trying with PC (windows xp software), I can't connect. Ran diagnostic, result: Your computer appears to be correctly configured, but the device or resource (web proxy) is not responding.
View 1 Replies View RelatedModem: Netgear
Operating system: windows 7 (32 bit)
internet connection: BSNL
Browser: mozilla firefox
In my system some certain pages are not opening or functioning. for eg yahoo, software downloads, show videos, commercial websites.
Windows 7 I could not able to browse internet, because it showing DNS problem. But I can able to ping my gateway and I can able to get internet in Windows Xp. I am using firewall in my campus. There is any problem in my firewall?
View 1 Replies View RelatedCan i configure proxy on ASA 5510? i.e for internet use my user should be authenticate by ASA5510 and after successful authentication user should be allowed to access internet and futher is it possible to do bandwidth managment with ASA5510?
View 1 Replies View Relatedi'm currently deploying LMS 4.2.3 Demo version and i'm unable to discover my ASA 5510.how to discover my ASA to mange it in my Cisco Works 4.2.3.
View 35 Replies View RelatedCurrently I have a network that looks like this:
ASA5510 - - - Internet - - - ASA5510
| |
EIGRP EIGRP
| |
2821 -----------MPLS----------1841
BGP
The MPLS connection is currently down, I'm trying to run a failover Site-to-Site VPN over the internet. All of the examples I've read have both connections involved in the failover coming out of one device. Since I'm not working that way, what is going to be the best way to failover? Do I need to set up some sort of IP SLA in the config? Or can I somehow weight routes in EIGRP in a way that the connection will failover from Internet to MPLS when the MPLS goes down and vice versa when the MPLS connection comes back up?
I work at a small company and have very limited experience with networking We have an ASA 5510 that connects out to our ISP. The inside interface is connected to a port on a Trendnet Switch (where all of our clients are connected as well)using 192.168.0.0/24 We also have a Linksys wireless router connected to one of the ports on the Trendnet in which it (wireless router) receives an IP via DHCP from the ASA. I know this isn't the best setup so I would like to connect the wireless router to one of the interfaces on the back of the ASA and have it able to communicate with the 192.168.0 network without any restrictions. Is this possible to setup? If so can it be done using the ASDM?
View 4 Replies View RelatedI have Cisco ASA 5510 series router which was handling by our one of our network admin who left without giving admin password. Now this is time to break the password . Since i don't know the admin password of the router , i don't how to handle few request. I am not a basically network admin guy to handle such things but i need to know how to break the password in order to do further requests. How to login router admin console without password or any chance to bring into default factory configuration.?
View 1 Replies View RelatedI am trying to reset the password of ASA 5510,it is entering in Rommon mode but after boot command i am getting following error.
View 3 Replies View RelatedI'm trying to set up a new ASA 5510. I have a pretty simple set up with one /24 on the inside NATed to a DHCP address on the outside. Everything on the inside works and I can ping the outside interface from external devices. No matter what I do I can't get anything internal to route across the border to the outside and back. To try and eliminate ACL issues as a possibility I added permit any any rules to the incoming access lists on the inside and outside interfaces. Here's the sh run.
: Saved
:
ASA Version 8.4(3)
!
hostname gateway
domain-name xxx.local
[code]....
I was having a problem with my computer so I did a system restore to fix it.It failed the first time. I also disabled my anti virus first. I tried in safe mode and it worked. So obviously something stopped it from working though I'm not sure. Anyway when I logged back into my account my wireless connection said I had no Internet access and the troubleshooter said the dns server isn't responding. I don't know how to fix it. I've tried updating the driver, uninstalling/reinstalling the adapter, enabling/disabling it, connecting/disconnecting from the connection, trying the connection in another account as well as safe mode and nothing has worked.
View 3 Replies View Related