Cisco VPN :: 1941ISR Users Won't Have To Specify IP Address In URL Address Box

Mar 2, 2011

I recently configured and installed a 1941ISR for a customer. The customer purchased a 25-User SSLVPN license with the router, and I configured it for remote SSLVPN access. This is working nicely except for one issue: when users initiate an SSLVPN connection request by browsing to the assigned webvpn gateway IP, they get the "There is a problem with this website's security certificate" browser message. They are in the process of working with their DNS hosting provider to get a DNS entry assigned to the IP address so the users won't have to specify an IP address in the URL address box, but they will continue to get the certificate error until/unless I can figure out how to resolve the issue.
 
I've tried the following "How to make IE8 trust a self-signed certificate in 20 irritating steps" that I found via another forum link but with no luck:
 
1.Browse to the site whose certificate you want to trust.
2.When told "There is a problem with this website's security certificate.", choose "Continue to this website (not recommended)."
3.Select Tools->Internet Options.
4.Select Security->Trusted sites->Sites.
5.Confirm the URL matches, and click "Add" then "Close".
6.Close the "Internet Options" dialog box with either "OK" or "Cancel".
7.Refresh the current page.
8.When told "There is a problem with this website's security certificate.", choose "Continue to this website (not recommended)."
9.Click on "Certificate Error" at the right of the address bar and select "View certificates".
10.Click on "Install Certificate...", then in the wizard, click "Next".
11.On the next page select "Place all certificates in the following store".
12.Click "Browse", select "Trusted Root Certification Authorities", and click "OK".
13.Back in the wizard, click "Next", the "Finish".
14.If you get a "Security Warning" message box, click "Yes".
15.Dismiss the message box with "OK".
16.Select Tools->Internet Options.
17.Select Security->Trusted sites->Sites.
18.Select the URL you just added, click "Remove", then "Close".
19.Now shut down all running instances of IE, and start up IE again.
20.The site's certificate should now be trusted.

I followed all 20 irritating steps to the letter, but am still getting the security certificate nat.Now when I “Continue to this website (not recommended)” and click on "Certificate Error" at the right of the address bar, the certificate error windows says “Mismatched Address”.Is there a way that I can get this fixed without resorting to a 3rd party CA?

View 5 Replies


ADVERTISEMENT

Cisco VPN :: ASA 5520 - Persistent IP Address For Some Vpn Users

Sep 13, 2012

We are using Any connect vpn client (v2.5.3055) to an ASA 5520 (v8.4) in a development environment. We use our corporate Radius server to authenticate users. We have certain users which need have the same IP address every time they lo gin. As it is configured now, the IP addresses are assigned sequentially from the pool. Is there a way to allow certain users to get the same IP address each time they log on?

View 3 Replies View Related

Cisco VPN :: 5510 Remote Vpn Users Having Address From Pool 2

Apr 5, 2011

can i have 2 pools each with diifferent subnet [code] i wanna put restricution on remote vpn users having address from pool-2,and just give them access to 172.16.10.0/24,is it possible on the asa 5510?

View 7 Replies View Related

Cisco WAN :: 5500 - Way To See Expired Guest Users / Assigned IP Address?

Mar 21, 2013

We recently implement WLC 5500 Series, I found out guest user once period of that user expired it will not appear at lobbyadmin page where you can see list of users.

Is there any way to see expired guest users and also IP address which assign to guest user?

View 2 Replies View Related

Cisco Wireless :: 1140 - One SSID In AP Don't Give IP Address To Users

May 8, 2013

I have an AP Aironet  1140 that have two (2) SSID: (ZDE) and (GUEST).  Guest is working fine but ZDE is not giving IP addresses to users attached in this AP.  I atached the sh tech of the Ap. From the configuration cisco guide of Aironet 1140 i understand that by default, access points are configured to receive IP settings from a DHCP server on your network. But i don´t know if i have to configure the dhcp server ip addres in the Ap, similar to the ip helper address in switches

Configuring the Access Point to Provide DHCP Service. These sections describe how to configure the wireless device to act as a DHCP server:

•Setting up the DHCP Server, page 5-22
•Monitoring and Maintaining the DHCP Server Access Point, page 5-24
•Setting up the DHCP Server

By default, access points are configured to receive IP settings from a DHCP server on your network. You can also configure an access point to act as a DHCP server to assign IP settings to devices on both your wired and wireless LANs.

The 1100 series access point becomes a mini-DHCP server by default when it is configured with factory default settings and it cannot receive IP settings from a DHCP server. As a mini-DHCP server, the 1100 series access point provides up to 20 IP addresses between 10.0.0.11 and 10.0.0.30 to a PC connected to its Ethernet port and to wireless client devices configured to use no SSID, and with all security settings disabled. The mini-DHCP server feature is disabled automatically when you assign a static IP address to the 1100 series access point. Because it has a console port to simplify initial setup, the 1200 series access point does not become a DHCP server automatically.

View 1 Replies View Related

Cisco Wireless :: 5508 - Flex Connect And Users Can Not Get IP Address By WAN

Sep 29, 2012

I have a wireless 5508 with license base to 50 aps, i use a deployment flex connect. I already registered all my access points, I use web authentication to authenticate users guest, and the service dhcp is in the central site.
 
My issue is the users in each remote site, can not get an ip address by dhcp from the central site, they can authenticate in the guest ssid, but any users can not get an ip. The request is passing by the wan in this way
 
Central Site DHCP - Router WAN - Remote Site - Users with notebooks. I use flex connect central deployment (all the traffic consulting to the wlc) .
 
perhaps i should use local deploy? The wireless is in the central site.

View 17 Replies View Related

Cisco Switching/Routing :: Nexus 7010 New Users Were Not Getting Ip Address From Dhcp Server

Jun 8, 2013

We  have 2 nexus 7010 switches configured with HSRP in the network. For all  the vlans core1 is Master and Core2 is standby. In the current setup we  have external dhcp server and dhcp relay is configured for all the  vlans on Master and standby switch. The setup is running the IOS 5.2
 
Activity Done: During  the Maintainacne activity, we isolated core1 switch in the network by  disabling the vpc/keepalive and all the uplinks from access switch. The  core2 switch was master for all the vlans.
 
Issue observed: It  has been observed that new users were not getting ip address from the  dhcp server. The ethereal capture showed that dhcp server was not  getting the dhcp requests from the core2 switch. We disabled the dhcp  feature in core2 and enabled again with dhcp relay again configured on  vlan interfaces .even after doing this no change was observed in  behaviour. Finally we got core1 back in network by enabling all the  links.
 
Observation: The  moment VPC link came up between the core switches, users started  getting ip's from dhcp. Then we started enabling all the uplinks on  core1.Core1 again become master for all the vlans and users continued  getting ip’s. Network running fine.
 
Further Testing

1. For  one of the vlan, core 2 switch has been made primary and for new users  checked the dhcp functionality and it was working fine. The aim was to  identify if anything wrong on core 2 related to dhcp relay

2.Again  we changed the priority for this vlan and made core1 master for the  same. This time we disabled this vlan on core1 and tried new user with  core 2 became master and dhcp functionality worked fine for new user.  Actually in this case we have simulated the same behaviour when we  observed the issue with only difference of VPC was not available during  the issue time as core 1 was isolated form network 
Inputs needed.

Is  there any known behaviour for dhcp functionality when VPC is  unavailable? If we see the test scenario2 (wherein core1 was master for  the vlan and we disable this vlan on core 1 and core 2 was able to relay  dhcp requests for new users in this vlan.) it was actually same as  scenario we observed during issue time..

View 7 Replies View Related

Cisco VPN :: ASA5520 Starts To See Internal Rfc 1918 Address Instead Of Configured Address

Mar 6, 2012

I am having an issue where occasionally the Sidewinder starts to see my internal RFC 1918 address instead of the configured external address of my firewall. This is for peering between the two. The error they see on the Sidewinder is:So instead of seeing the external peer address he sees a 10.220.3.18 address. We are not sure what triggers this becuase normally he see's my 63.117.98.222 address.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 To Have Internal Address That Wish To Forward From External Address

Jul 8, 2012

I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to 192.168.1.244:92 (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at 192.168.1.244:92. The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did.

View 7 Replies View Related

Cisco :: Module In CW To Get MAC Address And IP Address Of All Switch Ports On 6500

Oct 13, 2009

Is it possible using any module in CW to get the MAC address and IP address of all switchports on a 6500?

View 6 Replies View Related

Linksys Wireless Router :: E2000 WAN IP Address Cannot Be Same Subnet As Guest Network IP Address

Jul 16, 2011

I switched from Time Capsule with AirPort to E2000 and have a problem with configuration.I use the same IPs as in AirPort and E2000 gives me an error:"The WAN IP address cannot be the same subnet as the Guest Network IP address" and I can't save configuration.But in my opinion they are different.I use "Static IP" option and I have IPs from my ISP: [code] So WAN IP is different subnet as LAN and I don't know what to do now. It worked with these settings in AirPort and here I can't proceed.

View 2 Replies View Related

Linksys Wired Router :: RVL200 / RVS4000 Possible To Assign Public IP Address As Local IP Address?

Feb 28, 2011

Is it possible to assign public IP address as Router's local IP address (RVL200, RVS4000)?

View 1 Replies View Related

Linksys Wired Router :: WRT54GS V5.1 MAC Address Appears With IP Address

Jul 3, 2011

I have a Linksys WRT54GS v5.1 router running firmware 1.52.5.I am trying to use Linksys IP Phones SPA942, but these do not seem to be able to log on and just show "Initializing network" even though the MAC address appears in the router with an IP address.The strange thing is that I already have 4 SPA941 phones that work with no problem and just log on to the network.Is there something about the SPA942 that I need to configure differently, I have factory reset it with sucess, but still unable to log on to the network.

View 1 Replies View Related

Linksys Cable / DSL :: WAG120N Mac Address Cannot Be Multicast Address?

Jun 3, 2012

I have been trying to clone my PC's MAC onto my Linksys WAG120N adsl2+ modem router . 
 
I click the the clone my PC's MAC button in the MAC address clone tab. I get the following error :
 
"Mac address cannot be the multicast address"
 
The MAC address starts with 1C:C1:XX:XX:XX:XX
 
I even tried to update the firmware.

View 9 Replies View Related

D-Link DIR-615 :: Laptops Keeps Losing IP Address / Gets A Self-assigned IP Address

Aug 23, 2009

I recently switched routers to the DIR-615 and I'm trying to troubleshoot why one of our laptops keeps losing the IP address and gets a self-assigned IP address.  I see the following messages in the log, I am wondering if the reason codes are listed and explained somewhere?  I tried searching the manual but could not find any information.

View 9 Replies View Related

DSL-320B No IP Address Given To Router Until After Cloning MAC Address From Another Computer

Jun 1, 2012

We have an ADSL connection and use a D-Link DSL-320B modem. We have a D-Link DIR-120 router connected to this modem. This has worked perfectly fine up until today when we disconnected the router and connected a computer (call it A) directly to the modem because it was getting an unusable connection through the router for some reason. We later also performed a factory reset on the DIR-120 router.

Unfortunately, after the above steps the router did not receive any IP address (through DHCP) from the ADSL connection anymore. During my attempts to debug this I noticed that my laptop (call it B) didn't get any IP address either (when connected directly to the modem). I noticed the following syslog entries repeating over and over while trying to connect: [code]

At this point computer A could still get a connection just fine tho (when connected directly to the modem).

I then tried to change the MAC address of the router to an arbitrary one (a copy of computer B's MAC address but with the last digit increased by one). The router still did not get assigned any IP address. Finally I tried making the router clone the MAC address of a third computer (call it C). C has never been connected directly to the modem. Doing this worked. After cloning the MAC address of computer C the router is immediately assigned an IP address and the internet connection works as it did prior to all this.

Now, my question is, why would computer B and the original MAC address of the router not be able to get an IP address while two other computers worked just fine? Why would changing to an arbitrary MAC address not work while cloning the MAC address of another computer did? Could the router's MAC address have been blocked by the ISP for some reason (and what could cause this)?

but my situation seems more like a blacklisting of some MAC addresses rather then allowing just a single MAC address.

View 1 Replies View Related

Cisco WAN :: IOS 12.4 Router / Can Only Allow An IP Address On A Specific MAC Address

Apr 26, 2011

On my cisco IOS 12.4 router,Can i make it so only lets say mac address 11:22:33:44:55:66 able to use ip address 10.10.10.2?I want this so that only this IP can configure servers, and so if the computer using it is turned off, any other device cannot use the IP address.

View 6 Replies View Related

Change The Ip Address On Router Same Ip Address As Dlink Router?

Feb 25, 2011

I need to change the ip address on my router same ip address as myDlink router?

View 6 Replies View Related

How To Know Ip Address

Mar 15, 2012

one of my friend can tell me my ip address by using gmail. He don't have any software to know the ip address. but he can tell me my ip address. how did he know it. is my wi-fi not safe? or other? and can we know it any way?

View 6 Replies View Related

What Is WAN IP Address

Dec 30, 2011

What is WAN IP address

View 2 Replies View Related

PC Does Not Have An Ip Address

Dec 23, 2011

We have moved house recently and changed internet provider. The laptop and x-box have both connected ok. However the main pc will not connect. The wireless router says that it is connected but the icons of pc-router-internet is not connected. when you hover over the pc icon, there is no IP address.

View 1 Replies View Related

Cisco :: ASA-to-ASA VPN With Hostnames Instead Of IP Address?

Mar 8, 2011

I'm setting up a bunch of VPN tunnels for a customer of mine. Because we want the ability to fail over tunnels manually and to change IP addresses in the future without having to reconfigure both sides we want to build the VPN tunnels to hostnames instead of IP addresses.[CODE]

View 4 Replies View Related

Cisco :: Why Can't Set An IPv6 Address

May 2, 2012

Why can't I set an IPv6 address here (WS-2960-48TC-L latest IOS)

View 7 Replies View Related

Cisco :: How To Switch IP Address

Apr 16, 2012

I am planning to put a switch in between ISP and Router.( WAN section)

View 3 Replies View Related

Cisco :: Mac Address Not Shown?

Jun 9, 2011

I've used Wireshark sniffer and one of the outputs was there was a loop, wireshark produced a mac address lets say its asdfgh so I looked it up on my core switch but there is no asdfgh on it's mac address table.

View 6 Replies View Related

Cisco :: Two Servers Using One NAT IP Address?

Sep 26, 2011

I have two FTP servers in our network, one that accepts inbound FTP connections from external clients and one that will be pushing out to external clients

Ideally i want these to both use the same external IP address, so should i configure a dynamic policy NAT rule for these two servers?

View 2 Replies View Related

Cisco 887 - To Access A Wan Address

Sep 27, 2012

I will like to access a wan adress we are hosting, from the inside.Is this posible?, but i can't access it. only via our internal adresse (192.168.2.2),it can be done on other modemswith this command "ip nat loopback on"

View 14 Replies View Related

Cisco :: ACS 5.2 - How To Filter By IP Address

Jan 31, 2013

Using ACS 5.2, under Network Resources>Network Devices and AAA Clients>, I can only filter by:

Name
NDG:Location
NDG:Device Type
Description
 
How can I find a device by its IP Address? or how can I enable this option?
 
On this link:[URL] I read the following: ''Network Device Filters—Based on the AAA client  that processes the request. A network device can be identified by its IP  address, by the device name that is defined in the network device  repository, or by the NDG'.....
 
How could I do this on my ACS server?

View 5 Replies View Related

Cisco WAN :: No IP Address And ASA On 800 Series

Sep 26, 2011

Some Routers support DHCP spoofing (zyxel / speedtouch).With DHCP spoofing (or half bridge) you can directly spoof you'r public IP address to the firewall. Firewall gets public IP address directly from modem. Benefit of this (no waste of an extra IP address). Modem has no IP address. It has to be possible with an 8xx series router I heard, but I cannot find how.I guess it can be done with a bridgegroup with the dialer and VLAN 1 in it (no ip addresses given).I tried but without any result.

View 2 Replies View Related

Cisco WAN :: 850 Not Getting WAN IP Address Via DHCP

Jan 17, 2012

I have a cisco 850 that is not getting a WAN ip address thorugh DHCP. I have FE4 (The WAN port) set to get an ip address via DHCP, but when I do a test connection from CCP I get this error: Checking interface IP address…failed.No Ip Address for the interface has been obtained. The interface is configured to obtain an ip address through dhcp. The remote end may not be configured with a dhcp server or the dhcp pool may be empty.
 
Please contact your ISP or WAN administrator and check if the server has been configured to lease ip addresses to the client’s connection through DHCP. Retest connection.I know that the modem is providing an ip address via dchp, because I can plug my computer directly into  the modem and get an ip address, so I think I may have missed a setting on the router. Here is he running config: [code] I think the problem may be the Firewall is not letting dhcp through (even tough I haven't set it up yet, and there are no rules in the firewall yet). But I'm not 100% sure about that.

View 9 Replies View Related

Cisco VPN :: Get IP Address From ASA 5520

Apr 24, 2011

I have an iPAD.  It connects to my ASA5520 via IPSEC.  When it connects it gets an IP address from the ASA but it does not get any of the other stuff.  Specifically the DNS suffix.  How to correct it?

View 3 Replies View Related

Cisco :: 3502I Not Getting Ip Address

Jan 27, 2013

I just deployed 2 brand new 3502I access points.  Ap's are connected to a PoE module on a 4507.  Ap's are powering up.  The 4507 is configured to hand out ip addresses to the ap's.  When I run 'sh cdp nei det', I can see the ap's but they do not have an ip address assignment.  Another weird thing is in the output of the command, each ap has two entries.  One entry shows gigabit0 and the other gigabit0.1.  I have never seen this before.  I dont know if this in some way is why the ap's are not getting an ip address.  I have 40 other 3502I from 2 yrs ago and no problem.  The IOS of the new ap's is 15.2.

View 18 Replies View Related

Cisco VPN :: ASA 8.3 VPN On Physical IP Address Only?

Aug 9, 2011

Is-it possible to configure a dedicated virtual IP address for VPN terminaison on ASA in version 8.3 and later ?I don't want to use physical IP address on my outside interface.

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved