Cisco VPN :: 1941 Encrypted GRE Tunnel Changes State To Reset / Down Upon IOS Upgrade

Jun 16, 2011

I installed a 1941 router with an encrypted GRE tunnel yesterday.  The router has ipbasek9 and securiyk9 licensed.  Initially the router was running the image c1900-universalk9-mz.SPA.150-1.M5.bin and was working fine.  The tunnel was up and passing traffic.  I then upgraded the IOS to c1900- universal k9-mz.SPA.151-2.T2.bin and when I reloaded the router the tunnel was stuck in a reset/down state.  I tried doing shut/no shut on the interface and reloading the router again, no change.  Being under some time pressure to get the device back into production I rolled back to the previous IOS image and the tunnel worked fine again.  Is there a known bug that causes this behavior?  I have searched cisco.com but have not found one.  [code]

View 1 Replies


ADVERTISEMENT

Cisco Routers :: Encrypted GRE Tunnel With RIP On SRW527w?

May 13, 2012

Is it possible to configure an IPSEC GRE tunnel with RIP on an SRP527w? I see RIP, GRE & IPSEC are all possible.. But I'm not sure about them all together securing the GRE tunnel??
 
I basically want to do this with the SRW routers not native IOS. Single head end hub & spoke.

View 1 Replies View Related

Cisco WAN :: 1941 Router - Enable IPSec Virtual Tunnel Interface With Tunnel Mode IPv4

Sep 23, 2012

I'm in process of purchasing a new Cisco routers for our branches that will be used primary to enable IPSec virtual tunnel interfce with "tunnel mode ipsec ipv4". does the default IOS IP Base supports this feature? or i need to purchase DATA license or SECURITY license?

View 4 Replies View Related

Cisco VPN :: ASA5500 / TCP State Bypass For Traffic - Coming From IPsec Tunnel?

Feb 6, 2012

We have problems on central firewall with restricting traffic coming from remote office from IPsec. (The network sheme is attached) All branch offices are connected to central asa though IPsec. The main aim is to rule access from branch offices only on the central firewall, NOT on each IPsec tunnel According to the sheme:172.16.1.0/24 is on of the branch office LANs10.1.1.0/24 and 10.2.2.0/24 are central office LANThe crypto ACL looks like  permit ip 172.16.1.0/24 10.0.0.0/8 the aim is to restrict access from 172.16.1.0/24 to 10.1.1.0/24 When packets are generated from host 10.1.1.10 to 172.16.1.0/24 all is ok -  they are dropped by acl2 When packets are generated from 172.16.1.0/24 to 10.1.1.10 they are not dropped by any ACL - the reason is stateful firewall - traffic bypasses all access lists on a back path I thought that TCP State Bypass feature can solve this problem and disable stateful firewall inspection for traffic coming from 172.16.1.0/24 to 10.1.1.0/24, but it didn't work.The central asa 5500 is configured according to cisco doc [URL] 
 
access-list tcp_bypass_acl extended permit tcp 172.16.1.0 255.255.255.0 10.1.1.0 255.255.255.0
!
class-map tcp_bypass_map
description "TCP traffic that bypasses stateful firewall"
match access-list tcp_bypass_acl

[code].....

View 4 Replies View Related

Cisco VPN :: 1941 Tunnel Up But Can't Reach Devices?

May 23, 2013

We set up a 1941 Router with the Cisco Configuration Professional Tool. The VPN Tunnel works and i get an IP Adress from the pool. But i cant reach any devices in the VLAN10 Network. Do i forget anything ?
 
Here is the config from the Router:
 
version 15.1
parser view CCP_Monitor
secret 5 $1$FnN7$Qr.mbJbPOuOH7Te6MD1.I0
commands configure include end

[Code].....

View 3 Replies View Related

Cisco WAN :: Getting 1941 Tunnel Bandwidth Command?

May 13, 2011

I have a Cisco 1941 router with the Security license running IOS c1900-universalk9-mz.SPA.151-4.M.bin.  Is there a "tunnel bandwidth" command like with routers that have the Advanced IP Services license?  My concern is being able to adjust the bandwidth to a value greater than 8 Mbps...

View 3 Replies View Related

Cisco VPN :: 2921 And 1941 EAP TLS Fragmentation Across VPN Tunnel

May 7, 2012

I am having an issue authenticating users via 802.1x/EAP-TLS across an IPSec tunnel. I am using route-based VPN with SVTI configuration on a 2921 and 1941. I have the following settings defined:

- Under the tunnel interfaces:
- MTU 1390
- MSS 1350
- PMTUD
- Under the ingress LAN interface
- route-map to set the DNF bit to 0
- On the RADIUS Server (2008 NPS)
- Framed-MTU: 1300
 
This had been working for months until I got a call last week about users not being able to authenticate to our secured SSID. I fired up wireshark and also used my client monitor tool in my wireless NMS to watch what is going on. I see all of the access-request and access-challenge exchanges, but the final exchange never happens. In both captures you can see messages with id's 77-81, but message id 82 isn't shown in the wireshark capture, only fragments are. In the client monitor capture you can see that message id 82 is 1726 bytes in length. Now, if I capture packets on my local LAN, the 1726 byte packet is properly fragmented and users can authenticate just fine.

I have scoured the Internet trying to find a setting that I must have missed, but I can't. I've tried adjusting the Framed-MTU, all the way down to 1100.

View 1 Replies View Related

Cisco Switching/Routing :: 1941 / IPSec Tunnel Up No Traffic?

Mar 7, 2013

I have an IPSec tunnel configured on my Cisco 1941. The other device is an ZyXEL router.I can see the tunnel is up but there is no traffic.This comes out the show crypto ipsec sa

interface: Dialer1
Crypto map tag: CMAP_AVW, local addr 10.10.10.89
   protected vrf: (none)
   local  ident (addr/mask/prot/port): (192.168.200.0/255.255.255.0/0/0)
   remote ident (addr/mask/prot/port): (192.168.150.0/255.255.255.0/0/0)
   current_peer 20.20.20.161 port 500

[code]....

View 3 Replies View Related

Cisco WAN :: 1941 Router - CP Express Not Working After Upgrade

Aug 13, 2011

I am trying to upgrade CP Express to 2.5 and after the upgrade I bring up the webpage to login and I am prompted for my credentials, I enter them and I am authenticated.  However the CP Express home page never loads. I have tried to reload 2.0 but it does the same thing.

View 3 Replies View Related

Cisco WAN :: Upgrade License 1941-K9 From IPBase To Security

Oct 25, 2011

I would like to Upgrade license Cisco 1941-K9 from ipbase to security

View 5 Replies View Related

Cisco Switching/Routing :: 1941 Upgrade With 4 Port POE Switch Requirements?

Dec 5, 2011

I have a cisco 1941 router.  Stock standard vanilla hardware, no extras.  Standard universal image.  Data and Security not enabled.I would like to add a 4 gigabit port POE switch (EHWIC) module to the router..The 4 port POE switch module will be used to power and connect 2 x Areonet AP's for my home.  I'm replacing a Apple Airport Extreeme and Express setup.  I'll possibly later use the two remaining POE ports for security cameras.My question is, what extra hardware and or IOS version do I need for the POE swtich module to function on the 1941?  [URL] I think this is the model I want EHWIC-4ESG-P #4 port 10/100/1000 Enhanced High-Speed WAN Interface Gigabit Ethernet switch with Power over Ethernet?

View 1 Replies View Related

Cisco VPN :: ASA 5510 / RVS 4000 - VPN Tunnel Reset

Nov 7, 2012

I have an ASA 5510 at V8.2(5) with something near 20 site to site VPN tunnels. I am having a problem with 1 tunnel to a RVS4000. The tunnel is completely closed and reset during Phase2. Here is a small snipet at the time of the tunnel reset
 
x.x.x.x, Username = x.x.x.x, IP = x.x.x.x, Session disconnected. Session Type: IPsec, Duration: 7h:36m:30s, Bytes xmt: 333755, Bytes rcv: 86281, Reason: User Requested
Followed by Group = x.x.x.x, IP = x.x.x.x, Active unit receives a centry expired event for remote peer x.x.x.x.
 
We use a number of connection oriented sessions and this blowing them out of the water. all other tunnels are up for DAYS to more than a Month.

View 8 Replies View Related

Cisco VPN :: ASA5505 - Connection Reset When Trying To SSH Over IPSEC Tunnel

Feb 20, 2008

Just bought myself an ASA5505 to replace a PIX 501, and having transferred over most of the previous config I've managed to get the two IPSEC VPN tunnels working as before.
 
Unfortunately when I try and SSH to the ASA the connection just resets instantly even when the tunnel is up.  It seems as if the ASA is actively refusing the connection, though the log doesn't state this.  I had always presumed that traffic over an established IPSEC tunnel was implicitly trusted and not subject to usual access-list rules.
 
I am unable to SSH to the ASA from the 10.0.0.x range, but I can SSH to a machine on 10.27.0.4 (so I know the tunnel is up and working)
 
Config (minus irrelevant sensitive information) is attached for reference.
 
Also - though I'm not sure how relevant it is given the tunnels appear to work - when I enter the line "crypto map meepnet-map interface outside" in config mode the ASA reports "WARNING: The crypto map entry is incomplete!" even though I have supplied the access-list, peer and transform-set variables.

View 12 Replies View Related

Cisco :: GRE Tunnel Has To Be Reset After WAN Line Bounce C2900

Jun 2, 2013

We are facing a strange issue with GRE tunnel. We are using this tunnel from a branch office to Hub office. All other tunnels terminated on Hub router are working fine. Issue with this tunnel is that whenever WAN connection goes down Line protocol on tunnel interface some times comes up and sometimes not (therefore we have to reset the tunnel interface and it comes up). IOS used on this router : c2900-universalk9-mz.SPA.152-1.T2

View 5 Replies View Related

Cisco Routers :: RV042 Hangs On Reset If VPN Tunnel Is Established?

Sep 15, 2011

I was hoping that the latest firmware would fix my (2) 'bugs', but it did not.  We are using the RV042s at our remote medical clinics as an end-point VPN router to our Nortel 1700 VPN router, replacing our old Nortel Contivity 100s.When I try and do a reset when connected remotely via the WAN interface, the RV042 hangs and will only reset by re-powering.

View 1 Replies View Related

Cisco VPN :: ASA 5505 - S2S VPN Tunnel Fails After Upgrade 8.3 To 8.4

Jun 6, 2012

I upgraded an ASA 5505 from 8.3(2) to 8.4(4) this evening.  The 5505 is a backup and used to perform testing prior to production changes. After the upgrade was complete, a VPN tunnel began to fail.  I did a limited search online to see if this was a known issue or something new.  I also reviewed the release notes but did not see anything that matched the issue I received.
 
My concern is that this tunnel configuration is scheduled to be deployed to the production firewalls next week after their upgrade.  But if it failed on the upgraded test unit, it may fail on the production units.
 
I downgraded the backup unit to 8.3(1) and verified that the tunnel indeed worked at that level.

View 2 Replies View Related

Linksys Wireless Router :: WRT54GS Connection Reset During Firmware Upgrade

May 8, 2012

I have a Linksys WRT54GS (v5) router. I noticed that my firmware was outdated and tried to upgrade it tonight. During the upgrade progress, the browser reset the connection and now  cannot access my router configuration pages.I did a hard reset. Then I did the 30-30-30 reset.
 
The reset worked but no matter what I do, I cannot navigate to any readable page within the router. I get the log in box and successfully log into the router. However, the configuration page(s) are all jumbled and devoid of useful information. It almost looks like a web page that needs flash to be enabled. Lots of colors and boxes but no text or links to other configuration pages
 
I know it's an old router but it has served me well. I would love to reinstall the old firmware (or new!) and copy my saved configuration file back to the router.Is there a way to access the configuration via a command line interface?

View 4 Replies View Related

Network Is Showing Up As Encrypted?

Sep 23, 2011

I reloaded XP on an old laptop I have, a Toshiba Satellite, and it works fine. Problem is when I try to connect to my wireless network, it comes up as being security protected...and it isn't...and never has been. I have other computers connecting just fine, but I can't seem to figure this one out. I don't have a key to enter as there isn't one! I installed a USB wireless adapter, and it works fine, but I don't want to use the adapter on the laptop.

View 6 Replies View Related

Cisco :: VPN Client Traffic Encrypted Check

Oct 12, 2012

How can we check when we connect using VPN client software if traffic is getting encrypted ?

View 7 Replies View Related

Cisco VPN :: ISR1921 PPTP VPN With Encrypted Password

Sep 19, 2011

I am actualy trying to make a remote access VPN between a ISR1921 and Windows 7 pro. I already managed to put a PPTP VPN with an authentication against our LDAP databse via radius. But our password are in SHA1 in our LDAP, so I had to let the password unencrypted on the network using pap and this is bad.If I don't use pap, it simply doesn't work since all the other method need unencrypted password for the challenge authentication.Does that mean that every remote access VPN keep our password unencrypted ? Maybe use EAP (but I can't find a howto or good documentation about it)? Can I add a certificate or something?

View 1 Replies View Related

Cisco VPN :: ASA 5505 - No Return Traffic Is Being Encrypted

May 26, 2012

I've configured an ASA5505 to be  Lan to Lan VPN tunnel endpoint, peering with a linux box.  The ASA is full licensed so that side isn't an issue.PROBLEM:When the tunnel is initialised from the linux box everything comes up okay except the ASA isn't encapsulation any packets.  It is decrypted the packets received from the Linux box okay but no return traffic is being encrypted.When the tunnel is initialised from the ASA, nothing happens.After some troubleshooting I've found that the ACL defining interesting traffic nor the ACL defining NO_NAT aren't being hit at all.
 
ACL for NO_NAT:
access-list NO_NAT line 1 remark ACL USED TO DEFINE WHAT TRAFFIC NOT TO NAT OVER THE VPN
access-list NO_NAT line 2 extended permit ip host PAMS_SERVER object-group LINUX-BOXES 0xc736d5fb
access-list NO_NAT line 2 extended permit ip host PAMS_SERVER 10.11.228.0 255.255.255.0 (hitcnt=0)

[code]....
 
I've checked with the administrator of the linux box and the definition for interesting traffic is exactly the same (except in reverse as should be the case).The firewall is doing other things like NATs and such like too but those NATs have nothing to do with this VPN.  The setup is a LAN to LAN connection with no natting in between.The main parts of the config are attached, i've deleted things that should have a bearing on this however if you think it necessary i can sanitise the config and re-post.  I think it will be working fine as long as the traffic hits those ACLs, however they're not and I'm unsure why.At this time i'm not seeing anything at all when doing an debug cry ipsec or debug cry isa.  The ACL's aren't being hit so i'm guessing it's not even trying to form the VPN as it can't see any traffic that constitutes being 'interesting'.

View 4 Replies View Related

Cisco VPN :: C6509E - Limitation For Encrypted Traffic

Sep 14, 2011

I have
MLS : C6509-E
SUP : VS-S720-10G
PFC : VS-F6K-PFC3CXL
 
I'm trying to find out what is its limitation for encrypted traffic via SVTI there .
 
I don't have a SPA for the ip sec .

View 2 Replies View Related

Cisco VPN :: ASA 5510 - Site To Site Tunnel Breaks On Upgrade To 8.3.2?

Jan 29, 2011

I have a site to site tunnel (bidirectional) configured between two ASA 5510's (head office and remote office) running 8.2.2. I'm trying to upgrade one end (head office) of the tunnel to 8.3.2 but when I do that, traffic from the remote office to the head office isn't transported. Traffic from the head office to the remote office is still fine (remote desktop sessions, etc).

A quick comparison of the 8.2.2 config and the 8.3.2 config on the head office ASA look identical in terms of the crypto/site-to-site commands.Is there any Cisco guide created yet for creating site/site tunnels under 8.3.2? I'm able to upgrade both ASA at the same time if that's determined to be a prerequisite.

View 2 Replies View Related

WEP Cracking - Packets That Appeared Are Encrypted

Mar 13, 2012

How WEP cracking works. I have a much better understanding now but it seems whatever programs I download and however close I get I always hit a wall somewhere. I am using windows 7 64 bit and my network adapters/cards are Broadcom 802.11n Network Adapter and Broadcom Netlink(TM) Gigabit Ethernet. I am not sure if these are adequate. I was using Commlink and aircrack but not sure if they are compatible and which versions i should have installed. I got as far as the collecting packets stage but the packets that appeared said ENCRYPT which was not correct and then my computer went to blue screen adn shut down and I had to system restore.

View 1 Replies View Related

Motorola Surfboard Running Non-encrypted?

Mar 4, 2012

The only way we can use our Motorola router is unencrypted. I have gone into the router numerous times and reset it, unplugged it, retyped the WEP key, tried to shift to WPA and nothing works. None of three computers in the house will connect unless all encryption is off. We live in a good neighborhood on a cul de sac, don't get a lot of traffic through here, and know the immediate neighbors, but nothing is stopping a stranger with a laptop from sitting on the street and using our wifi. I've talked to the Comcast tech. The trouble just seems to be our boxes won't get past the WEP encryption stage.

View 8 Replies View Related

Wpa2 Encrypted Virtual Wifi On Xp

Aug 21, 2011

I have XP running on this older laptop for my kids.I wish to connect this laptop wireless (WPA2 encrypted) with the internet AND with other hardware in my home (other pc, harddisk, mediaplayer, printer).I know it can be done in windows 7, and Microsoft also had a virtual WiFi research project for a WEP encrypted visual WiFi.But as said I need a WPA2 encrypted virtual WiFi for a laptop running XP.

View 14 Replies View Related

AAA/Identity/Nac :: ACS 5.1 Handling Of Encrypted Backups (gpg)

May 24, 2010

I've noticed, that ACS 5.1 is writing .gpg archives for backups. I'm about to upgrade an evaluation system and the Installation and Upgrade Guide tells me to do a full backup and restore in order to upgrade an eval to a production system. [URL] (second note in section "Evaluating ACS 5.1)
 
Question: can the production system sucessfully decrypt the backup? According to my personal gpg it is CAST5 encrypted with one passphrase. Is this passphrase constant for all ACS 5.x?

View 1 Replies View Related

Cisco :: (Received Encrypted Packet With No Matching SA / Dropping)

Jun 24, 2011

Got to set up a site to site VPN to one in a clients office and we're struggling to get Phase 2 working, just seems to loop around saying "Received encrypted packet with no matching SA, dropping" which to me means the ACLs arent mirrored correctly?

View 3 Replies View Related

Cisco Security :: ACS 4.2 Any Option To Tackle Encrypted Password

Mar 28, 2011

Our campus using WisM (WS-SVC-WISM-1-K9) as wireless controller , Cisco  1130 access point and Cisco Secure ACS 4.2 Solution Engine 1113  Appliance as radius server. For username and password, ACS will export the data from Oracle database (production DB). The problem that we are facing right now is password that store in oracle database is in  encrypted format. Base feedback from our database administrator, the  encryption is done by oracle - application layer and cannot be decrypt  back. In Oracle they call it "Oracle Stored Procedures"
My questions :
 
1- Can Cisco Secure ACS 4.2 work with Oracle 10G or 11G?

2- Is there any option to tackle the encrypted password? Can ACS handle the "Oracle Stored Procedures" function?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 - Connection To External ID Store - Encrypted?

Mar 14, 2012

are the connections between the ACS and external identity stores encrypted?I know that when setting up LDAP identity store there is the option to specify SSL conection.  Are the other connections encrypted by default, or is the data sent between the ACS and AD, for example, sent in the clear?

View 3 Replies View Related

When Nodes Send Data Through A Switch Does It Become Encrypted

Dec 1, 2012

Packet Sniffing is mainly used on non-switched networks to display data that was supposed to be sent to nodes other than yourself, allowing you to see information such as usernames and passwords etc.My question is, why can this technology not be used as easily on a switched network? When nodes send data through a switch does it become encrypted?

View 6 Replies View Related

Laptop Won't Connect To Any Encrypted WPA2 Wireless?

Jan 13, 2012

This is a 5-year-oldish Gateway MX-6124 laptop running under Win XP 2002, SP3. I'm using SureWest DSL, with an ISP-supplied ComTrend NexusLink 5631 Modem/Router. The router is set up as a Secure Network, using WPA encryption. The laptop wireless operation light toggles off/on correctly using Fn-F2 control keys.I can connect to an open or non-secured wireless router, & have verified that at my church, at the Public Library, and at Starbucks. However, I cannot successfully connect to a passworded secured wireless source. I tried to use a secured network connection at my church yesterday, and could not connect. It "tries & tries" and eventually gives up and displays a cannot-connect type of message.

The laptop has worked correctly for several years on my home wireless network. It only stopped working about 3 or 4 weeks ago. I cannot recall changing anything in setup; I probably did it accidentally.I've spent about 2 hours in a couple of sessions with SureWest tech support. They diagnosed router setup using direct connect to the router, plus they talked me through several attempts at configuring the wireless config setup on the laptop. Everything I reported to them on the config settings appeared to be just fine. They also deduced that the wireless config on the desktop & router was correct.SureWest techs finally concluded that something was wrong with my laptop software config or the hardware, disabling it from making a encrypted connection. That sounds right to me, now having witnessed the secured connection failure described above, at my church wireless site.

I've looked at all the refs & things I can think of, plus followed step-by-step directions a couple of times with the SureWest techs. They rightfully pointed out that they could not make a tech support repair call on what did not appear to be a SureWest-related problem.I can easily make screenshots of any config screens needed on the laptop & upload to this forum.

View 5 Replies View Related

Cisco Wireless :: AES128 - Traffic From Guest User Encrypted?

Sep 12, 2011

The design is typical Cisco unified wireless solution. In such a implementation, is the traffic from the guest user who has successfully authenticated via WEB-AUTH encrypted? If so, what is the standard used, AES128 or TKIP?

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved