Cisco Switching/Routing :: PIX515 To ASA5510 - Tries To Connect To Wireless Never Gets Page Loaded
Oct 13, 2012
Recently I changed our default gateway from a pair of PIX515 to ASA5510. Since I changed the gateway anyone connecting to our wireless VLAN/network who tries to access the Internet may or may not get a page load. If the page loads it is extremely slow and sometimes the browser page indicator will just spin like it is loading. It's not our access points, if attach an ethernet cable to my laptop and put my switchport in the wireless VLAN I experience the same problem. DNS resolves OK, ping responses are consistent with no drops and access to any internal resources are good. All other LAN VLANs/networks work just fine, it's just Internet access on the wireless VLAN. I see the correct traffic flow in the ASA packet capture. Anything in the ASA Packet inspection related to wireless networking that could be blocked? Is there a way to check for a routing loop possibly?
View 2 Replies
ADVERTISEMENT
Dec 18, 2012
We're migrating as mentioned in the subject and this new format is quite a departure from previous iOS versions so I thought I'd post the configs of the PIX and the ASA and ask if someone is willing to compare them and verify that it is correct and should be basically plug and play. The xxx.xxx.xxx are outside IP addresses and the yyy.yyy.yyy are inside addresses. .
Existing PIX config
PIX Version 6.3(4)
interface ethernet0 100full
[Code]......
View 2 Replies
View Related
Jan 11, 2012
2950 switch has a IOS on flash , but i would like to set the swith like...
1. switch IOS to be loaded from TFTP server .if it fails
2. Loaded from local flash IOS1 , if it fails
3. IOS loaded from local flash IOS2.
does 2950 switch support this feature.
View 2 Replies
View Related
Aug 14, 2011
I'm using a RV082 and have about a dozen users on my network.Occasionally, when a user is accesssing a website like yahoo.com, twitter.com, cnn .com, etc, the web page only loads half way. Most often the page is missing stylesheets and/or images. Called Cisco support and they adjusted the MTU size to 1492 from 1500.Have a looked at the bandwidth report from my ISP and it shows nothing out of the ordinary, no spikes or surges in d/u. Have set LAN port to high priority, 100 Mbps, full duplex.. Seeing an error count around 327282.. which I don't understand.Why sites only partially load using this router?
View 1 Replies
View Related
Jul 23, 2012
Can a C3560-24PS switch with 32 MB flash be loaded with IOS 15? Will it be able to execute the code and function properly?
View 2 Replies
View Related
Jan 6, 2012
I am having a tough time connecting these two routers wirelessly, i had connected a WRT54G Linksys software to the WRT54G DD-WRT router with no effort. But these two will just not connect.
View 1 Replies
View Related
Jan 21, 2010
I have an ASA5510 that I am trying to set up for remote access using SSL VPN & clientless SSL VPN. I have followed the config guides on the Cisco website as well as the config guides elsewhere on the internet to no avail. I have a TAC case opened and have spoken with 4 engineers thus far. I have tried several software versions on the device and they all give the same result.When going to https://(outside interface ip address), I receive the expected ssl certificate error, then I click to continue to the website, and the browser never loads a page. I can see the ssl negotiation in my debug, and it completes that portion. My http debug shows the get requests to https://(outside interface ip address)/+CSCOE+/index.html and/or logon.html, but the page never loads.
View 7 Replies
View Related
Mar 18, 2012
I have an ASA5510 that I am trying to set up for remote access using SSL VPN with the anyconnect client. I have followed the config guides on the Cisco website as well as the config guides elsewhere on the internet to no avail. When going to https://(outsdie interface ip address),I get nothing, the browser never loads a page. Here are the commands I have entered:
webvpn
enable outside
svc image disk0:/anyconnect-win-2.5.3046-k9.pkg 1
svc image disk0:/anyconnect-macosx-powerpc-2.5.3046-k9.pkg 2
svc image disk0:/anyconnect-macosx-i386-2.5.3046-k9.pkg 3
svc enable
tunnel-group-list enable
[code]....
View 13 Replies
View Related
Jul 28, 2011
I recently am trying to get an open nat type so I can play Playstation network better. I watched a video and they told me to turn off the NAT and I did now it does not let me connect to the router page now, I can connect to the internet and stuff but I can't connect to the router page
View 19 Replies
View Related
Apr 25, 2013
Is it possible to have a license loaded on an AIR-CT5508-HA-K9 in order to have it working as a stand alone controller?
View 4 Replies
View Related
Feb 19, 2012
where is the following CAT to IOS configuration for 6500 page moved? I am unable to find this utility? url...
View 2 Replies
View Related
Dec 14, 2011
I want to load balance between two webservers using ACE10 working in bridging mode, but when putting the VIP in the url i'm getting page not found, tried many configurations but didn't work, here is the latest one
logging enable
logging buffered 7
access-list ALL line 8 extended permit ip any any
[Code].....
View 4 Replies
View Related
Feb 28, 2012
Just purchased a SG300-52 and am trying to upgrade the firmware to 1.1.2 but cannot get the Upgrade/Backup Firmware Language page to load in the web browser interface. I have tried IE 8 and 9, Firefox 3.16 and 10.02, and Chrome from Windows 7 and XP Pro systems also tried FF and Chrome from Ubuntu system. The page just never loads - doesn't show anything.The same is true of the Download/Backup/Configuration/Log page. The other links under Administration > File Management seem to work fine.
View 1 Replies
View Related
Apr 24, 2012
I’ve attached a simple network diagram of my WAN network. We have branch offices that came into our Headquarters using VPN tunnels over the public Internet and then we have a handful of offices that are connected to our headquarters via a private MPLS network. All of this traffic is routed into our Cisco ASA 5510s that we currently use for firewall and core network routing and VPN termination. All branch offices have VPN tunnels to our Cisco ASA. The Cisco ASA isn’t necessarily designed for core routing even though it was worked decent for us. We’d like to move the core routing off of the Cisco ASA and just use it as an Internet security/DMZ device like it is designed. We were hoping to purchase one pair (for failover) of the Cisco ISR router to perform our core routing and VPN termination. Can we eliminate the Cisco 2621 Internet router and use a single, beefy router to handle the Cox MPLS traffic and the Internet traffic on the same router?If we had one ISR doing these duties, where would the router sit in our topology?Is it safe to bring our Internet Circuit and MPLS circuit into the same router? How about with VRF?Do the Cisco ISR 2900/3900 support VRF and can I do VPN tunnels if I do the VRF?
View 2 Replies
View Related
May 11, 2012
I've recently segmented my network and part of the process was creating a DMZ VLAN. I'm running ESXi 5 and have created two new VM's to add to this DMZ to begin the process of moving everything public facing to the new VLAN. At this point they new hosts will not communicate with each other, their gateway, and of course not the public internet. To get the first out of the way, they are configured according to VMWare's VLAN guide: I have created a new vSwitch port group on the host and assigned them to the VLAN id 11 for the DMZ VLAN, and have the switchport on the switch (3560) setup as trunk in dot1q mode with all vlans tagged. The management VLAN is also NOT the default VLAN 1, so that is not causing any issues. My other server segment VLAN is working fine on the same ESXi host/s, so this does not seem to be the issue.
On the network side of things I have my ASA connecting to a 3560 with two interfaces, one for "inside", one for "dmz."Is this below correct? I feel like the static route should be route dmz with a gateway to 10.0.1.1..
_ASA_
interface Ethernet0/2
nameif dmz
security-level 50
ip address 10.0.1.1 255.255.255.0
route inside 10.0.1.0 255.255.255.0 192.168.201.2 1 <- (192.168.201.2 is my 3560)
[code]....
View 9 Replies
View Related
Feb 29, 2012
I have an ASA5510 from which I am using 3 interfaces.
-One interface have the main internet connection router
-One interface is attache to a switch 3750 and has multiple virtual interface configured on it
-One interface has another internet connection router.
What I am trying to do is to have only one of the Vlan using the second internet connection and not the first one.
My idea was to just have a static route who says that on interface VLAN_B (for the special VLAN), all traffic goes to 2nd internet router interface. But it does not route. All I have is a default route configured : on interface Internet1 0.0.0.0/0 goes to 1st internet router interface.
View 10 Replies
View Related
Sep 26, 2012
On our ISA server we have some publishing rules with the option "Requests appear to come from the ISA Server computer". This allows us to forward incoming external traffic to a network that is not directly connected to the ISA Server internal interface. We need this because our internal server does not know the route to the internet client but does know the route to our ISA Server, so the internal server sends his response to the ISA server and he sends it to the internet client.
View 1 Replies
View Related
Nov 11, 2012
We have an SLM248G switch which seems to be giving a few problems. When attempting to access the switch, the admin page loads but after logging-in, the admin portal page does not load fully, see screenshot.
Even after a factory reset (reset button held), the issue continues. Is there any other workaround for completely resetting everything?
View 2 Replies
View Related
Jan 29, 2012
Here is what I have. Windows Domain Controller running DHCP with configured scopes.I have one ASA5510 And 4 HP Procurve switches with VLANS preconfigure from vender.
Here are my DHCP scopes/VLANS:
VLAN1 -Default 10.2.x.x/17
VLAN201 -DHCP 10.2.201.x/24
VLAN202 - WLAN EMP 10.2.202.x/24
VLAN203 - WLAN Guest 10.2.203.x/24
VLAN 252 - MGMT 10.2.254.x/24
Here is how I configured the DHCP Scopes:
Changes needed to make to the DHCP Server (AUSPDC) in order to get things working with the new switches.
1) Configure 3 new DHCP scopes on your DHCP server.
a) scope for 10.2.201.x/24 to serve LAN employees and give them a gateway address of 10.2.201.254.
b) a scope for 10.2.202.x/24 to serve WLAN employees and give them a gateway address of 10.2.202.254.
c) a scope for 10.2.203.x/24 to serve WLAN Guests and give them a gateway address of 10.2.203.254.
I just upgraded and decided to go with the VLAN configuration. None of my VLANS can get out to the internet or each other due to I think My ignorance in configuring the firewall.The PC's are getting proper IP address but they cannot get out or to the other VLANs. I tried to duplicate what is working for VLAN1 but it is not working.
Here is my config.
Result of the command: "show running-config"
: Saved
:
ASA Version 8.2(3)
!
hostname CiscoASA
domain-name hand.local
enable password 1FVULuGal5s1/ADt encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
[code].....
View 6 Replies
View Related
Mar 17, 2013
I have 2 ASA5510's acting as routers/firewalls, setup on a LAN, each one pointing to a different gateway (different ISPs), and the exact same VLANs set up as sub-interfaces on each of these. Both act as DHCP relays to a Windows Server 2008 DHCP server. All the Trunking has been setup and works. When I Untag a switch port, and point it to whichever gateway?
View 2 Replies
View Related
May 30, 2013
I'm setting up a site to site VPN link between two PIX515 running 6.3(5) and I have some questions about routing. The layout is this:
10.30.29.0/24 -|Remote Pix515|- 216.xxx.xxx.19 ~~~~ Internet ~~~~ 96.xxx.xxx.101 -|HQ Pix515|- 10.30.20.0/24
The remote Pix serves as the gateway/NAT firewall for general internet traffic as well as the VPN endpoint. Its inside IP is 10.30.29.1. The Pix at HQ serves only as the site-to-site VPN endpoint . Its IP is 10.30.20.3. NAT is disabled on VPN traffic and all IPSEC traffic is permitted (by way of"sysopt connection permit-ipsec").The gateway for the HQ subnet is at 10.30.20.1.I need machines on the remote side to be able to "see" shares at HQ. Machines on the remote side don't need to be visible to HQ.
It seems to me the remote PIX will correctly handle routing traffic bound for the HQ subnet through the tunnel using the crypto map/ACLs. And I suspect the HQ PIX will correctly handle traffic bound for the remote subnet if/when it receives such traffic on its inside interface for the same reason. But, I have to get packets leaving machines on the HQ subnet, that are bound for the remote subnet, to the HQ PIX's inside interface somehow, right?
My question: Is it sufficient to setup a static route on the HQ gateway that routes packets bound for the remote subnet to the HQ PIX?
View 2 Replies
View Related
Oct 26, 2011
url is not valid and cannot be loaded
View 1 Replies
View Related
Apr 21, 2012
I can't connect to my setup page [url]... I get to the page that says..."There is a problem with this website's security certificate." Then I click the "continue to this website (not recommended). After this it will not connect
Tried with IE9 and Firefox 11
Firefox says "The connection to the server was reset while the page was loading."
Internet still works. PC is connected directly to router. Tried different port on router. Tried installing CiscoConnect.E2500.1.4.11299.0,0, but it fails saying there is no router connected to PC. Like I said I am on the PC now, wired to router and have internet access via cable modem connected to router. I can see my ireless printer on the network also..
View 2 Replies
View Related
Feb 23, 2012
I don't have to completely reset my router as I have a ton of configs on it. Anyway, recently for some reason, I lost all access to my admin page. Cisco Connect also cannot find the router. Funny thing is that all of my wireless profiles work just fine. Meaning all of the computers in my home connect to the internet just fine using the router. Both the guest access and WPA connected machines.[url]...
View 1 Replies
View Related
Feb 28, 2012
ASDM cannot be loaded. Click OK to exit ASDM. Server returned HTTP response code: 503 for URL...
I'm attempting to access the ASDM externally (where x.x.x.x is the external IP). I was able to access 3 days ago just fine. So far, I've found suggest a reboot.
ASA Version 8.2(1) - I think the ASDM version is 6.2
View 11 Replies
View Related
May 6, 2012
I have a small network, that consists of a wireless router, a switch, three wired pc's, a couple of wireless pc's and an xbox.I have a switch wired to the router. There are three pc's (2 with XP and 1 with vista) and a xbox connected to the switch. All three pc's work fine as long as the xbox is turned off. When I log on with the xbox, one of the pc's (vista) refuses to work on the network.The network and sharing center shows I have a connection to the internet, but it won't load any pages or allow me to connect to the other pc's either.
View 6 Replies
View Related
Jul 11, 2011
I recently (~month ago) switched to a new computer after my old one (which I had configured the router on previously with no problems) died.Since then, I have been unable to access my router's config page (entering in the ip address simply results in a blank page with no prompt for username/password). Switching browsers (I've tried Firefox 5 and IE 8) does not solve the problem, nor does disabling AdBlockPlus/NoScript on Firefox. Any way to access my router so I can begin forwarding ports again?
View 1 Replies
View Related
Sep 24, 2012
I have a cisco 5508 WLC that I have setup WebAuth on and trying to install the certificate on. I have generated the csr and gotten my cert from Verisign (X.509, server platform=apache). I have followed the instruction via the cisco documentation url...I found an error in uploading and find out how to encrypt mykey: url...
I am also having exactly the same issue with a certificate from Thawte. I followed the unchained guide and have tried both with and without a password in the initial step key generation step, requesting a new cert each time. As with Jeensernchew's issue there are no errors in OpenSSL but when uploading the cert to the WLC get the following error. [code] The WLC is running version 6.0.196.0. I am using OpenSSL 1.0.0 29 Mar 2010.
When I requested the cert from Thawte I was asked to specify the device type, I chose Cisco, but as all the work and conversion is being done by OpenSSL, should I have chosen differently? When I do this I can load the cert in the 5508, but the controller fails and doesn't allow that VLAN or config access to the wireless network. I am at a loss of why I can load and it not work. I have verified my hostname and password and those are good.
View 1 Replies
View Related
Mar 24, 2012
I already have large deployment add-on license. I also have 3 ACS Servers. Now, my primary ACS server is now up and my two secondary ACS server will be put up soon.
Just want to ask, when should be the large deployment add-on license be loaded? Can I load it to my primary ACS server eventhough my secondary servers are still not up? Or should I load it to my primary ACS server when my two secondary servers are already up?
View 3 Replies
View Related
Feb 7, 2011
I'm planning connect VPN concentrator in our company to PIX515 DMZ interface.At the moment , VPN concentrator(used for remote access VPN for laptop users) is connected directly to core switch so as PIx515. Having VPN Concentrator connected directly to LAN is security risk .SO i want to connect VPN concentrator to DMZ of the Firewall(pix515).
We don't have any test environment and we are not allowed to have downtime of more than 10 minutes in production network ,I want to make sure my design and commands would work without problem .I've attached doigram of our curernt setup and new setup I'm planning to work on as well as commands . Does this design will work .Nat , routing everything .
View 15 Replies
View Related
Jun 14, 2012
I am unable to ping my computer (attached via crossover). I can ping from the PC, but not from the PIX515. I'm using ethernet 1, and I have its IP set at 192.168.1.2/24, but for what ever reason I am unable to contact the computer. I tried messing with the access list a little bit but nothing so far.
PIX515(config)# show run
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto shutdown
interface ethernet1 auto
nameif ethernet0 outside security0
[code]...
View 7 Replies
View Related
Dec 27, 2012
I have two wireless repeaters and can no longer access their set-up / admin page via default IP 192.168.10.1,I don't know the brand of the repeaters, which are commonly sold on eBay. Here's one example: eBay Item # 300829809133, They work well as repeaters, but it's frustrating that I can no longer access their set-up / admin page via default IP 192.168.10.1. Right now I have only one repeater plugged in and connected to my laptop via ethernet cable. The 2nd repeater is unplugged. The Wifi on my laptop is switched off and disabled, so I'm actually connected to the Internet via my laptop's ethernet port via ethernet cable to the repeater's ethernet port, then via wifi signal from the repeater to my Zyxel wireless router and Comcast cable modem. If I'm connected to the Internet via the repeater, why can't I access the repeater's set-up / admin page using default IP 192.168.10.1? When I enter http://192.168.10.1/ into Internet Explorer, I get only the error message "Internet Explorer cannot display the webpage"
View 3 Replies
View Related
Jun 12, 2012
I have PIX515 with version 7.0 installed, so can i install version 8.3 on it?and what will be the memory requirements?
View 2 Replies
View Related
