Cisco VPN :: 1941ISR Users Won't Have To Specify IP Address In URL Address Box
Mar 2, 2011
I recently configured and installed a 1941ISR for a customer. The customer purchased a 25-User SSLVPN license with the router, and I configured it for remote SSLVPN access. This is working nicely except for one issue: when users initiate an SSLVPN connection request by browsing to the assigned webvpn gateway IP, they get the "There is a problem with this website's security certificate" browser message. They are in the process of working with their DNS hosting provider to get a DNS entry assigned to the IP address so the users won't have to specify an IP address in the URL address box, but they will continue to get the certificate error until/unless I can figure out how to resolve the issue.
I've tried the following "How to make IE8 trust a self-signed certificate in 20 irritating steps" that I found via another forum link but with no luck:
1.Browse to the site whose certificate you want to trust.
2.When told "There is a problem with this website's security certificate.", choose "Continue to this website (not recommended)."
3.Select Tools->Internet Options.
4.Select Security->Trusted sites->Sites.
5.Confirm the URL matches, and click "Add" then "Close".
6.Close the "Internet Options" dialog box with either "OK" or "Cancel".
7.Refresh the current page.
8.When told "There is a problem with this website's security certificate.", choose "Continue to this website (not recommended)."
9.Click on "Certificate Error" at the right of the address bar and select "View certificates".
10.Click on "Install Certificate...", then in the wizard, click "Next".
11.On the next page select "Place all certificates in the following store".
12.Click "Browse", select "Trusted Root Certification Authorities", and click "OK".
13.Back in the wizard, click "Next", the "Finish".
14.If you get a "Security Warning" message box, click "Yes".
15.Dismiss the message box with "OK".
16.Select Tools->Internet Options.
17.Select Security->Trusted sites->Sites.
18.Select the URL you just added, click "Remove", then "Close".
19.Now shut down all running instances of IE, and start up IE again.
20.The site's certificate should now be trusted.
I followed all 20 irritating steps to the letter, but am still getting the security certificate nat.Now when I “Continue to this website (not recommended)” and click on "Certificate Error" at the right of the address bar, the certificate error windows says “Mismatched Address”.Is there a way that I can get this fixed without resorting to a 3rd party CA?
View 5 Replies
ADVERTISEMENT
Sep 13, 2012
We are using Any connect vpn client (v2.5.3055) to an ASA 5520 (v8.4) in a development environment. We use our corporate Radius server to authenticate users. We have certain users which need have the same IP address every time they lo gin. As it is configured now, the IP addresses are assigned sequentially from the pool. Is there a way to allow certain users to get the same IP address each time they log on?
View 3 Replies
View Related
Apr 5, 2011
can i have 2 pools each with diifferent subnet [code] i wanna put restricution on remote vpn users having address from pool-2,and just give them access to 172.16.10.0/24,is it possible on the asa 5510?
View 7 Replies
View Related
Mar 21, 2013
We recently implement WLC 5500 Series, I found out guest user once period of that user expired it will not appear at lobbyadmin page where you can see list of users.
Is there any way to see expired guest users and also IP address which assign to guest user?
View 2 Replies
View Related
May 8, 2013
I have an AP Aironet 1140 that have two (2) SSID: (ZDE) and (GUEST). Guest is working fine but ZDE is not giving IP addresses to users attached in this AP. I atached the sh tech of the Ap. From the configuration cisco guide of Aironet 1140 i understand that by default, access points are configured to receive IP settings from a DHCP server on your network. But i don´t know if i have to configure the dhcp server ip addres in the Ap, similar to the ip helper address in switches
Configuring the Access Point to Provide DHCP Service. These sections describe how to configure the wireless device to act as a DHCP server:
•Setting up the DHCP Server, page 5-22
•Monitoring and Maintaining the DHCP Server Access Point, page 5-24
•Setting up the DHCP Server
By default, access points are configured to receive IP settings from a DHCP server on your network. You can also configure an access point to act as a DHCP server to assign IP settings to devices on both your wired and wireless LANs.
The 1100 series access point becomes a mini-DHCP server by default when it is configured with factory default settings and it cannot receive IP settings from a DHCP server. As a mini-DHCP server, the 1100 series access point provides up to 20 IP addresses between 10.0.0.11 and 10.0.0.30 to a PC connected to its Ethernet port and to wireless client devices configured to use no SSID, and with all security settings disabled. The mini-DHCP server feature is disabled automatically when you assign a static IP address to the 1100 series access point. Because it has a console port to simplify initial setup, the 1200 series access point does not become a DHCP server automatically.
View 1 Replies
View Related
Sep 29, 2012
I have a wireless 5508 with license base to 50 aps, i use a deployment flex connect. I already registered all my access points, I use web authentication to authenticate users guest, and the service dhcp is in the central site.
My issue is the users in each remote site, can not get an ip address by dhcp from the central site, they can authenticate in the guest ssid, but any users can not get an ip. The request is passing by the wan in this way
Central Site DHCP - Router WAN - Remote Site - Users with notebooks. I use flex connect central deployment (all the traffic consulting to the wlc) .
perhaps i should use local deploy? The wireless is in the central site.
View 17 Replies
View Related
Jun 8, 2013
We have 2 nexus 7010 switches configured with HSRP in the network. For all the vlans core1 is Master and Core2 is standby. In the current setup we have external dhcp server and dhcp relay is configured for all the vlans on Master and standby switch. The setup is running the IOS 5.2
Activity Done: During the Maintainacne activity, we isolated core1 switch in the network by disabling the vpc/keepalive and all the uplinks from access switch. The core2 switch was master for all the vlans.
Issue observed: It has been observed that new users were not getting ip address from the dhcp server. The ethereal capture showed that dhcp server was not getting the dhcp requests from the core2 switch. We disabled the dhcp feature in core2 and enabled again with dhcp relay again configured on vlan interfaces .even after doing this no change was observed in behaviour. Finally we got core1 back in network by enabling all the links.
Observation: The moment VPC link came up between the core switches, users started getting ip's from dhcp. Then we started enabling all the uplinks on core1.Core1 again become master for all the vlans and users continued getting ip’s. Network running fine.
Further Testing
1. For one of the vlan, core 2 switch has been made primary and for new users checked the dhcp functionality and it was working fine. The aim was to identify if anything wrong on core 2 related to dhcp relay
2.Again we changed the priority for this vlan and made core1 master for the same. This time we disabled this vlan on core1 and tried new user with core 2 became master and dhcp functionality worked fine for new user. Actually in this case we have simulated the same behaviour when we observed the issue with only difference of VPC was not available during the issue time as core 1 was isolated form network
Inputs needed.
Is there any known behaviour for dhcp functionality when VPC is unavailable? If we see the test scenario2 (wherein core1 was master for the vlan and we disable this vlan on core 1 and core 2 was able to relay dhcp requests for new users in this vlan.) it was actually same as scenario we observed during issue time..
View 7 Replies
View Related
Mar 6, 2012
I am having an issue where occasionally the Sidewinder starts to see my internal RFC 1918 address instead of the configured external address of my firewall. This is for peering between the two. The error they see on the Sidewinder is:So instead of seeing the external peer address he sees a 10.220.3.18 address. We are not sure what triggers this becuase normally he see's my 63.117.98.222 address.
View 5 Replies
View Related
Jul 8, 2012
I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to 192.168.1.244:92 (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at 192.168.1.244:92. The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did.
View 7 Replies
View Related
Oct 13, 2009
Is it possible using any module in CW to get the MAC address and IP address of all switchports on a 6500?
View 6 Replies
View Related
Jul 16, 2011
I switched from Time Capsule with AirPort to E2000 and have a problem with configuration.I use the same IPs as in AirPort and E2000 gives me an error:"The WAN IP address cannot be the same subnet as the Guest Network IP address" and I can't save configuration.But in my opinion they are different.I use "Static IP" option and I have IPs from my ISP: [code] So WAN IP is different subnet as LAN and I don't know what to do now. It worked with these settings in AirPort and here I can't proceed.
View 2 Replies
View Related
Feb 28, 2011
Is it possible to assign public IP address as Router's local IP address (RVL200, RVS4000)?
View 1 Replies
View Related
Jul 3, 2011
I have a Linksys WRT54GS v5.1 router running firmware 1.52.5.I am trying to use Linksys IP Phones SPA942, but these do not seem to be able to log on and just show "Initializing network" even though the MAC address appears in the router with an IP address.The strange thing is that I already have 4 SPA941 phones that work with no problem and just log on to the network.Is there something about the SPA942 that I need to configure differently, I have factory reset it with sucess, but still unable to log on to the network.
View 1 Replies
View Related
Jun 3, 2012
I have been trying to clone my PC's MAC onto my Linksys WAG120N adsl2+ modem router .
I click the the clone my PC's MAC button in the MAC address clone tab. I get the following error :
"Mac address cannot be the multicast address"
The MAC address starts with 1C:C1:XX:XX:XX:XX
I even tried to update the firmware.
View 9 Replies
View Related
Aug 23, 2009
I recently switched routers to the DIR-615 and I'm trying to troubleshoot why one of our laptops keeps losing the IP address and gets a self-assigned IP address. I see the following messages in the log, I am wondering if the reason codes are listed and explained somewhere? I tried searching the manual but could not find any information.
View 9 Replies
View Related
Jun 1, 2012
We have an ADSL connection and use a D-Link DSL-320B modem. We have a D-Link DIR-120 router connected to this modem. This has worked perfectly fine up until today when we disconnected the router and connected a computer (call it A) directly to the modem because it was getting an unusable connection through the router for some reason. We later also performed a factory reset on the DIR-120 router.
Unfortunately, after the above steps the router did not receive any IP address (through DHCP) from the ADSL connection anymore. During my attempts to debug this I noticed that my laptop (call it B) didn't get any IP address either (when connected directly to the modem). I noticed the following syslog entries repeating over and over while trying to connect: [code]
At this point computer A could still get a connection just fine tho (when connected directly to the modem).
I then tried to change the MAC address of the router to an arbitrary one (a copy of computer B's MAC address but with the last digit increased by one). The router still did not get assigned any IP address. Finally I tried making the router clone the MAC address of a third computer (call it C). C has never been connected directly to the modem. Doing this worked. After cloning the MAC address of computer C the router is immediately assigned an IP address and the internet connection works as it did prior to all this.
Now, my question is, why would computer B and the original MAC address of the router not be able to get an IP address while two other computers worked just fine? Why would changing to an arbitrary MAC address not work while cloning the MAC address of another computer did? Could the router's MAC address have been blocked by the ISP for some reason (and what could cause this)?
but my situation seems more like a blacklisting of some MAC addresses rather then allowing just a single MAC address.
View 1 Replies
View Related
Apr 26, 2011
On my cisco IOS 12.4 router,Can i make it so only lets say mac address 11:22:33:44:55:66 able to use ip address 10.10.10.2?I want this so that only this IP can configure servers, and so if the computer using it is turned off, any other device cannot use the IP address.
View 6 Replies
View Related
Feb 25, 2011
I need to change the ip address on my router same ip address as myDlink router?
View 6 Replies
View Related
Mar 15, 2012
one of my friend can tell me my ip address by using gmail. He don't have any software to know the ip address. but he can tell me my ip address. how did he know it. is my wi-fi not safe? or other? and can we know it any way?
View 6 Replies
View Related
Dec 30, 2011
What is WAN IP address
View 2 Replies
View Related
Dec 23, 2011
We have moved house recently and changed internet provider. The laptop and x-box have both connected ok. However the main pc will not connect. The wireless router says that it is connected but the icons of pc-router-internet is not connected. when you hover over the pc icon, there is no IP address.
View 1 Replies
View Related
Mar 8, 2011
I'm setting up a bunch of VPN tunnels for a customer of mine. Because we want the ability to fail over tunnels manually and to change IP addresses in the future without having to reconfigure both sides we want to build the VPN tunnels to hostnames instead of IP addresses.[CODE]
View 4 Replies
View Related
May 2, 2012
Why can't I set an IPv6 address here (WS-2960-48TC-L latest IOS)
View 7 Replies
View Related
Apr 16, 2012
I am planning to put a switch in between ISP and Router.( WAN section)
View 3 Replies
View Related
Jun 9, 2011
I've used Wireshark sniffer and one of the outputs was there was a loop, wireshark produced a mac address lets say its asdfgh so I looked it up on my core switch but there is no asdfgh on it's mac address table.
View 6 Replies
View Related
Sep 26, 2011
I have two FTP servers in our network, one that accepts inbound FTP connections from external clients and one that will be pushing out to external clients
Ideally i want these to both use the same external IP address, so should i configure a dynamic policy NAT rule for these two servers?
View 2 Replies
View Related
Sep 27, 2012
I will like to access a wan adress we are hosting, from the inside.Is this posible?, but i can't access it. only via our internal adresse (192.168.2.2),it can be done on other modemswith this command "ip nat loopback on"
View 14 Replies
View Related
Jan 31, 2013
Using ACS 5.2, under Network Resources>Network Devices and AAA Clients>, I can only filter by:
Name
NDG:Location
NDG:Device Type
Description
How can I find a device by its IP Address? or how can I enable this option?
On this link:[URL] I read the following: ''Network Device Filters—Based on the AAA client that processes the request. A network device can be identified by its IP address, by the device name that is defined in the network device repository, or by the NDG'.....
How could I do this on my ACS server?
View 5 Replies
View Related
Sep 26, 2011
Some Routers support DHCP spoofing (zyxel / speedtouch).With DHCP spoofing (or half bridge) you can directly spoof you'r public IP address to the firewall. Firewall gets public IP address directly from modem. Benefit of this (no waste of an extra IP address). Modem has no IP address. It has to be possible with an 8xx series router I heard, but I cannot find how.I guess it can be done with a bridgegroup with the dialer and VLAN 1 in it (no ip addresses given).I tried but without any result.
View 2 Replies
View Related
Jan 17, 2012
I have a cisco 850 that is not getting a WAN ip address thorugh DHCP. I have FE4 (The WAN port) set to get an ip address via DHCP, but when I do a test connection from CCP I get this error: Checking interface IP address…failed.No Ip Address for the interface has been obtained. The interface is configured to obtain an ip address through dhcp. The remote end may not be configured with a dhcp server or the dhcp pool may be empty.
Please contact your ISP or WAN administrator and check if the server has been configured to lease ip addresses to the client’s connection through DHCP. Retest connection.I know that the modem is providing an ip address via dchp, because I can plug my computer directly into the modem and get an ip address, so I think I may have missed a setting on the router. Here is he running config: [code] I think the problem may be the Firewall is not letting dhcp through (even tough I haven't set it up yet, and there are no rules in the firewall yet). But I'm not 100% sure about that.
View 9 Replies
View Related
Apr 24, 2011
I have an iPAD. It connects to my ASA5520 via IPSEC. When it connects it gets an IP address from the ASA but it does not get any of the other stuff. Specifically the DNS suffix. How to correct it?
View 3 Replies
View Related
Jan 27, 2013
I just deployed 2 brand new 3502I access points. Ap's are connected to a PoE module on a 4507. Ap's are powering up. The 4507 is configured to hand out ip addresses to the ap's. When I run 'sh cdp nei det', I can see the ap's but they do not have an ip address assignment. Another weird thing is in the output of the command, each ap has two entries. One entry shows gigabit0 and the other gigabit0.1. I have never seen this before. I dont know if this in some way is why the ap's are not getting an ip address. I have 40 other 3502I from 2 yrs ago and no problem. The IOS of the new ap's is 15.2.
View 18 Replies
View Related
Aug 9, 2011
Is-it possible to configure a dedicated virtual IP address for VPN terminaison on ASA in version 8.3 and later ?I don't want to use physical IP address on my outside interface.
View 3 Replies
View Related
