Cisco Switching/Routing :: Migrating From ISA Server To ASA5510?
Sep 26, 2012
On our ISA server we have some publishing rules with the option "Requests appear to come from the ISA Server computer". This allows us to forward incoming external traffic to a network that is not directly connected to the ISA Server internal interface. We need this because our internal server does not know the route to the internet client but does know the route to our ISA Server, so the internal server sends his response to the ISA server and he sends it to the internet client.
View 1 Replies
ADVERTISEMENT
Aug 7, 2011
I am migrating from Cisco 6509 IOS (12.2) to Nexus 7000 NX-OS (5.1(1)).I am looking for a equivalente NX-OS command for permit ipinip on IOS.
View 2 Replies
View Related
Feb 4, 2013
We have an existing network with a core 6500 as a VSS connecting 4 buildings with 4500 chassis under which number of L2 switches are connected. Currunlty we are using RSTP in ring for redundancy but we want to use OSPF in LAN for faster conversion.All the VLAN's are created on 6500.
View 4 Replies
View Related
Aug 7, 2012
I want to migrate a Cat 6503-E VSS to Cat 6509E VSS. We plan to use the same supervisor that we have on the Cat6503E, for minimizing the configuration change on the Doing this, the vss link will need to be changed, due to the fact that the supervisor slot will change with the Cat 6509, slot 5 instead of 1.
Question: is there a way to just change the vsl-link interface on a existing VSS ?
View 3 Replies
View Related
Jun 5, 2013
I am planning to migrate the core switch from cisco 3750 to Cisco catalysts 6513 switch. What could be the best approach to minimize the downtime or avoid disrupting the production. I have couple of thoughts, one method is to build the core and then replace the existing core, another option is to build the new switch as the second VTP server and once it recieves all the VTP information then disconnect the old server.
View 6 Replies
View Related
Dec 4, 2012
We have 2 separate ACS 4.0 servers installed on windows 2003 server(2 separate location) Both these servers are Integrated with Cisco WLSE and Corporate AD.
Now, we are planning for Migrating to ACS 5.4 on VmWare ESXi 5.1. And need to Integrated with Cisco WLSE and Corporate AD.
Can we import the datas from 2 x ACS 4.0 server to this new Single ACS 5.4 vmware server?
View 7 Replies
View Related
Jan 2, 2012
Since SBS can't do trusts, and there are about 50-75 user and computer accounts in AD for this project, I will probably have to do a lot of manual work for the migration process to Server 2008 R2. Any checklist, or some links, that would be useful for this (e.g., staging migration, best practices)? I'd like to make the less amount of problems for myself in the long run.
Some notes:
1. All servers will be virtualized, with the exemption of one of the two DCs being a physical server.
2. Exchange 2003 will be going on its own Windows Server 2008 R2 server, and I believe Exchange Server 2007 or 2010 will be installed.
3. Will probably use robocopy to move data from the old shared folders to the new shared folders (but without permissions).
4. Folder structures and NTFS permissions will be done manually...(unless there's a nicer way of doing this, similar to ADMT?)
View 8 Replies
View Related
Apr 24, 2012
I’ve attached a simple network diagram of my WAN network. We have branch offices that came into our Headquarters using VPN tunnels over the public Internet and then we have a handful of offices that are connected to our headquarters via a private MPLS network. All of this traffic is routed into our Cisco ASA 5510s that we currently use for firewall and core network routing and VPN termination. All branch offices have VPN tunnels to our Cisco ASA. The Cisco ASA isn’t necessarily designed for core routing even though it was worked decent for us. We’d like to move the core routing off of the Cisco ASA and just use it as an Internet security/DMZ device like it is designed. We were hoping to purchase one pair (for failover) of the Cisco ISR router to perform our core routing and VPN termination. Can we eliminate the Cisco 2621 Internet router and use a single, beefy router to handle the Cox MPLS traffic and the Internet traffic on the same router?If we had one ISR doing these duties, where would the router sit in our topology?Is it safe to bring our Internet Circuit and MPLS circuit into the same router? How about with VRF?Do the Cisco ISR 2900/3900 support VRF and can I do VPN tunnels if I do the VRF?
View 2 Replies
View Related
May 11, 2012
I've recently segmented my network and part of the process was creating a DMZ VLAN. I'm running ESXi 5 and have created two new VM's to add to this DMZ to begin the process of moving everything public facing to the new VLAN. At this point they new hosts will not communicate with each other, their gateway, and of course not the public internet. To get the first out of the way, they are configured according to VMWare's VLAN guide: I have created a new vSwitch port group on the host and assigned them to the VLAN id 11 for the DMZ VLAN, and have the switchport on the switch (3560) setup as trunk in dot1q mode with all vlans tagged. The management VLAN is also NOT the default VLAN 1, so that is not causing any issues. My other server segment VLAN is working fine on the same ESXi host/s, so this does not seem to be the issue.
On the network side of things I have my ASA connecting to a 3560 with two interfaces, one for "inside", one for "dmz."Is this below correct? I feel like the static route should be route dmz with a gateway to 10.0.1.1..
_ASA_
interface Ethernet0/2
nameif dmz
security-level 50
ip address 10.0.1.1 255.255.255.0
route inside 10.0.1.0 255.255.255.0 192.168.201.2 1 <- (192.168.201.2 is my 3560)
[code]....
View 9 Replies
View Related
Feb 29, 2012
I have an ASA5510 from which I am using 3 interfaces.
-One interface have the main internet connection router
-One interface is attache to a switch 3750 and has multiple virtual interface configured on it
-One interface has another internet connection router.
What I am trying to do is to have only one of the Vlan using the second internet connection and not the first one.
My idea was to just have a static route who says that on interface VLAN_B (for the special VLAN), all traffic goes to 2nd internet router interface. But it does not route. All I have is a default route configured : on interface Internet1 0.0.0.0/0 goes to 1st internet router interface.
View 10 Replies
View Related
Jan 29, 2012
Here is what I have. Windows Domain Controller running DHCP with configured scopes.I have one ASA5510 And 4 HP Procurve switches with VLANS preconfigure from vender.
Here are my DHCP scopes/VLANS:
VLAN1 -Default 10.2.x.x/17
VLAN201 -DHCP 10.2.201.x/24
VLAN202 - WLAN EMP 10.2.202.x/24
VLAN203 - WLAN Guest 10.2.203.x/24
VLAN 252 - MGMT 10.2.254.x/24
Here is how I configured the DHCP Scopes:
Changes needed to make to the DHCP Server (AUSPDC) in order to get things working with the new switches.
1) Configure 3 new DHCP scopes on your DHCP server.
a) scope for 10.2.201.x/24 to serve LAN employees and give them a gateway address of 10.2.201.254.
b) a scope for 10.2.202.x/24 to serve WLAN employees and give them a gateway address of 10.2.202.254.
c) a scope for 10.2.203.x/24 to serve WLAN Guests and give them a gateway address of 10.2.203.254.
I just upgraded and decided to go with the VLAN configuration. None of my VLANS can get out to the internet or each other due to I think My ignorance in configuring the firewall.The PC's are getting proper IP address but they cannot get out or to the other VLANs. I tried to duplicate what is working for VLAN1 but it is not working.
Here is my config.
Result of the command: "show running-config"
: Saved
:
ASA Version 8.2(3)
!
hostname CiscoASA
domain-name hand.local
enable password 1FVULuGal5s1/ADt encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
[code].....
View 6 Replies
View Related
Mar 17, 2013
I have 2 ASA5510's acting as routers/firewalls, setup on a LAN, each one pointing to a different gateway (different ISPs), and the exact same VLANs set up as sub-interfaces on each of these. Both act as DHCP relays to a Windows Server 2008 DHCP server. All the Trunking has been setup and works. When I Untag a switch port, and point it to whichever gateway?
View 2 Replies
View Related
Oct 13, 2012
Recently I changed our default gateway from a pair of PIX515 to ASA5510. Since I changed the gateway anyone connecting to our wireless VLAN/network who tries to access the Internet may or may not get a page load. If the page loads it is extremely slow and sometimes the browser page indicator will just spin like it is loading. It's not our access points, if attach an ethernet cable to my laptop and put my switchport in the wireless VLAN I experience the same problem. DNS resolves OK, ping responses are consistent with no drops and access to any internal resources are good. All other LAN VLANs/networks work just fine, it's just Internet access on the wireless VLAN. I see the correct traffic flow in the ASA packet capture. Anything in the ASA Packet inspection related to wireless networking that could be blocked? Is there a way to check for a routing loop possibly?
View 2 Replies
View Related
Oct 13, 2011
I am using a fiber optic connection. I want to connect it directly to ASA5510. A WLC2504 will be connected to ASA and one Aironet AP will be deployed at first. (At this moment I am not using any Windows server but in near future I will need to deploy Windows Server 2003 in my corporate network) My questions are:
Can I configure ASA as DHCP server for my LAN?
Can I configure WLC as DHCP server for my LAN?
If we can configure both then what is the best practice from above two options? (I am new to Cisco stuff and first time user)
View 1 Replies
View Related
Aug 16, 2011
We have a ASA5510 with a webserver in the DMZ network 10.2.2.0/24. We now want this web server to be able to access the Exchange server in the Inside network 10.1.1.0/24. I researched this and it seemed straight forward according the the Cisco document below:
[URL]
I'm looking to do this with smtp so I added these lines to the config:
static (inside,DMZ) 10.2.2.30 10.1.1.11 netmask 255.255.255.255
access-list dmz extended permit tcp host 10.2.2.2 host 10.2.2.30 eq smtp
The configuration line:access-group DMZ in interface DMZ Already existed in the configuration so didn't need to be re-entered.
ASA Version 8.0(4)
!
hostname xxxx
domain-name xxxx.com
enable password xxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxx encrypted
names
[code]....
View 28 Replies
View Related
Jan 25, 2012
I have created Remote VPN on ASA5510 (8.0(5)) the Tunnel is UP and client machiches are able to connect to the VPN but not passing traffics between Server & Client.
View 7 Replies
View Related
Mar 13, 2011
i'm about to configure a syslog server to receive syslog messages from a Cisco ASA5510 and being it a one week test I was wondering how much space should I allocate on the machine hosting the tool (kiwi syslog). I see that the ASA fills the internal syslog buffer to 4MB and then it overrides it. How many messages would those 4MB be?
View 2 Replies
View Related
May 5, 2010
i have configure a remote access ipsec vpn in asa5510 and it is working fine when i configure local dhcp address pool assignment. but not working in dhcp-server
below is my configuration
tunnel-group test type remote-accesstunnel-group test general-attributes default-group-policy test dhcp-server 10.1.1.200tunnel-group test ipsec-attributes pre-shared-key *
group-policy test internalgroup-policy test attributes dhcp-network-scope 192.168.135.0 ipsec-udp enable ipsec-udp-port 10000
---snapshot Ping test to DHCP-Server 10.1.1.200----
ciscoasa# ping 10.1.1.200Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.200, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
the DHCP server is working when i assign ip address to the LAN network.
View 20 Replies
View Related
Jun 15, 2011
My mail server is not in my network, it's over internet elsewhere.After installing the ASA 5510, i can not get my mails any more.
View 7 Replies
View Related
Oct 1, 2012
I've got my AnyConnect setup to get an IP from our Windows DHCP server just fine. It grabs the IP, mask, and DNS just fine. But I can't ping any of the lan devices or do any DNS lookups. I need it to work this way since we have a ton of site-to-site's with remote offices and getting them all to adjust their firewalls to allow another subnet is a nightmare.
I have split-tunneling enabled. I'm sure it's a nonat command that I'm missing, but not sure what.
Before connecting to VPN:
Home user-------------------> ASA 5510 --------------> Office Lan
192.168.1.0/24 10.10.1.1/24
After they connect to AnyConnect
Home user-------------------> ASA 5510 --------------> Office Lan
192.168.1.0/24 10.10.1.1/24
10.10.1.45/24
View 11 Replies
View Related
Dec 2, 2012
Cisco Adaptive Security Appliance Software Version 8.4(4)1
Device Manager Version 7.0(2)
Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
#show webvpn anyconnect
1.disk0:/anyconnect-win-3.1.00495-k9.pkg 1 dyn-regex=/Windows NT/
CISCO STC win2k+
3,1,00495
Hostscan Version 3.1.00495
Profile in atthach-file. After this profile is uploaded to client Optimal Gateway Selection doesn't work propertly: When 'vpn1.mydomain.com/mygroup' (it best TTL server) is unreachable, then OGS try to be connected to other servers, but without group-url, for example 'vpn2.mydomain.com' (instead of 'vpn2.mydomain.com/mygroup')
View 2 Replies
View Related
Nov 13, 2012
I have a single DL 380 G5 server with 2 NIC , i have 2 applications which run on 2 separate WAN static ip addresses my query is that can i install both the applications on a single server ? secondly can i assign 2 different WAN static ips on the 2 NIC of the same server ? if yes then how it will be done i.e whether gateway will be given to both the NIC or only a single one
View 11 Replies
View Related
Aug 2, 2012
Cisco 851 router Apple Ipad 3 using IPSEC setp get this message The VPN server did not respond. I have tried Anyconnect that gives me Cannot verify server identity anyconnect can't verify the identity of ios-self-signed-certificate-1164042433 would you like to continue anyway? hit continue and it just goes off. I was asking if If get an ASA 5505 to replace my 851 it would work in my environment.
I have 15 computers accessing the web thru the 851. I host a web site on one of my servers. I have a static ip address. I also host exchange server and have remote web access to my exchange as well as remote outlook users. I can VPN thru the 851 using the cisco client on Windows 7 and vista and even xp. Would like to use the native windows client and get my iphones and ipads working. Can the ASA5505 support the above? Was also looking at the cisco 1841 how about that one?
View 8 Replies
View Related
Dec 6, 2012
i have server with two uplink to pair of 6500 non-VSS, this server member of vlan 100 sw-1 is active HSRP while sw2 is a standby HSRP , how can i make this server forward traffic on both Link . the server admin told me only one link is active (green) on the server while the other link is orange
View 5 Replies
View Related
Nov 12, 2012
I have 2 routers, one is an Apple AirPort Extreme with a static outside IP address, I also have a Cisco 871 with a static outside IP address. The Airport Extreme connects to a switch on the private network and has an IP address ending in .1. The Cisco 871 connects to the same Private network and it ends in .2. The 871 is setup as a VPN Server. now when clients connect to the VPN they can ping the VLan IP Address on the 871, but they can t ping any other hosts on the smae network. The hosts on the private network can ping the vlan on the 871.
View 7 Replies
View Related
Jan 7, 2012
I have Cisco 871 acting as a VPN server behind another router in the same LAN. The problem is that I can't connect to the VPN from outside network using the public IP but I CAN connect to the VPN from inside the LAN using the internal IP. I've assigned a virtual server on the main router to forward the traffic (port 1723 and 47) to the VPN router but still doesn't work.
View 2 Replies
View Related
Oct 3, 2011
I was so fed up of using the out of a box routers from PC World or the provided router from the host that I decided to splash out and buy a decent router.The Cisco 887 came highly recommended and seems to be a great purchase so far. Our down time and internet hangs vanished overnight.Having had this installed for several weeks now I thought it was time to look at my problems with it,I have 2 broadcom network cards, 1 for the LAN and 1 for the WAN, All machines connected to the LAN get full internet access but my server will not.
The router plugs directly into the Server (2008) with an IP address of 10.10.10.1 - this is listed under the LAN settings in Cisco CP Express.I have a fixed IP address which appears to be set up correctly and all my terminals / client pc's that are plugged through the switch. These all show IP's that look like 192.168.1.x / I am not an IT wizz kid but I know my way around a computer pretty well. I am guessing I need to move the router IP to within range. At present the Server sorts out the DHCP and we also have a VOIP phone system.
View 15 Replies
View Related
Aug 23, 2009
I have a contained environment where I just want my servers all to have the same time. I want them to pull that time from my 3750. What do I have to enable on the 3750 to be the NTP clock source.
Keep in mind that the 3750 will not be getting the source from anywhere else, just my "set clock" command.
View 6 Replies
View Related
Jun 2, 2008
about three months ago I set our 1751 router as the NTP server of our domain for both our AVVID phone system and our Microsoft Active Directory domain. Been working excellent up until last night. Our company's building had a power cycle and the router got rebooted. Not a huge issue, since it's actually been rebooted a couple of times since becoming the ntp server.
After it's reboot, the time somehow jumped ahead an hour according to all the devices that sync with it. Phone calls stopped working and Active Directory pretty much became useless.
I finally had to break all the devices off of syncing with the router and set them back to the way they were (phone servers sync with each other, active directory doesn't sync with anything externally). It took a few hours to get everything stable again, and I'm still working on parts this morning.
Here's what I've had setup now for three months, we're in Central Standard Time:
ntp clock-period 17179971
ntp master
ntp server 69.26.112.120
and I set the "clock timezone CDT -6" It's been like that for three months and everything was fine till last night when it went out of wack.
View 15 Replies
View Related
May 16, 2013
We have a bit of a problem when deploying VTP v3 in our network. When command vtp primary vlan is issued, switch typically send query to appropriate multicast address in order to find out whether there is already some other one. The problem we are experiencing is that old primary server is not discovered, because it fails to reply on those multicasts.
This debug messages (from the old primary server )may be more describing.
*Mar 2 22:26:56.057: VTP LOG RUNTIME: Flooding Mechanism FLD-REQ: RX seq 1 ttl 1877620
*Mar 2 22:26:56.057: VTP LOG RUNTIME: Flooding mechanism DB-ADD: seq 1 time 167216060
*Mar 2 22:26:56.057: VTP LOG RUNTIME: Flooding mechanism FLD-REQ: TX seq 1. New TTL 1877621
*Mar 2 22:26:56.057:
*Mar 2 22:26:56.057: relay [Fa1/0/13]: 03 05 00 04 74 65 73 74 00 00 00 00 00 00 00 00 ....test........
*Mar 2 22:26:56.057: relay [Fa1/0/13]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[code]....
So far, I haven't been able to find out the reason of this behaviour. In spite of that, no other strange behavior of vtp has been observed.
View 7 Replies
View Related
Feb 3, 2013
How do i go about setting up a TFTP server from laptop to Cisco ws-C3750 48P Switch, I need to pull the image off the switch and place it on an other switch that has a corrupt image, The switch which is corrupted is the same as above Cisco ws-C3750 48P.
View 1 Replies
View Related
Jul 30, 2012
I have a 6506-E with 720 Sup. I am trying to connect a server with HP 550SFP Nic to my 6506.If I plug the SFP from my server into my 6506 it will not link. When I plug that very same SFP into a 3750 it links fine. Makes me think that there is something I am doing worng on the 6506 Config.But, If I plug another server using a IBM LAN Card into the same port on my 6506 it connects and works fine so now I am starting to wonder.
View 4 Replies
View Related
Jun 12, 2013
I've a Cisco 1941W router which is DHCP server for data-VLANs and uses ip-helper for voice-VLANs. [code] I don't know why I can't have IP from wireless voice VLAN whereas it is OK and wired voice VLAN and conf is the same!
View 4 Replies
View Related
