We are about ready to embark on moving all L2L and network extensions (Cisco ASA 5505s) from the Cisco VPN 3060 Concentrator to a Cisco ASA 5520. We would like to know if there is a simple method to doing this such as a converter? Also, are there any lessons learned? We are running 8.4.3 so we know that NAT configuration has differed. Can the configuration from the 3060 be modified in anyway in configuring the ASA?
View 4 RepliesWe have three Cisco ASA 5520 with 8.2 code in each tower. There are many configuration on the device hence we are using ip to Name to identify the naming conversion. Out of three one firewall naming conversion is not working, I mean after adding name for a IP it is not reflecting vpn tunnels or access lists or Nat config.
View 1 Replies View RelatedWe are trying to finally get rid of a couple old 3060 concentrators and would like to see how many active connections are still on. Is there any reporting that can be seen from the concentrators?
View 3 Replies View Relatedis it possible to do a site to site with a Cisco ISR 881W --> to a Cisco 3060 concentrator head?
View 1 Replies View Relatedhp 3060 j610 had to re new my router now the printer cant connct to itprinter asks me to press wps button on router but cant se any button it then says press ok and starts counting down but cant find router
View 1 Replies View RelatedI'm decommissioning my SonicWall PRO 3060 and upgrading to an ASA5550 (we're increasing our WAN link speed to 1Gig and need the 5550). In any case, I want to copy over the configuration from the PRO to the ASA. I have everything documented and I've started doing the changeover, but in looking at some other network diagrams on the net I'm seeing router symbols between the LAN switches and the ASA and I'm beginning to worry that I might need routers to do this which, of course, would increase cost quite a bit.
So my question is this: If I have a core switch carved into multiple VLANs and I connect each VLAN to a port on the ASA, will I be able to route and filter traffic from VLAN to VLAN through the ASA? If so how, in general, is this accomplished (I'm betting ACLs). I think that the ASA will be able to do this easily, but I just want to be sure before I get too far into the configuration of this unit,.
ASA
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
GigE0/0 GigE0/1 GigE0/2 GigE0/3 GigE1/0 GigE1/1 GigE1/2 GigE1/3
| | | | | | | |
| | | | | | | |
WAN BackupWAN VLAN400 VLAN500 VLAN600 VLAN700
I have a core switch Cisco3750G with 4 SFP slot populated with GLC-SX-MM module.Now in these 4 fiber GLC-SX-MM modules 3 are connected to 3 floor switches which are having the same GLC-SX-MM.Each link is configured as a TRUNK and allowed only that floor VLAN and working fine.Now the 4th GLC-SX-MM module has to be connected to a single desk top PC using a FIBER to UTP convereter,which is SC to UTP .Now patch pannel is LC ,I used a LC to SC fiber patch cord,but link is not coming up,in this situation if I used both side SC convereter then link is up.
All 4th GLC-SX-MM modules are checked and it is working fine.Only the forth floor link is not coming up,if I use the UTP to Fiber SC type connector in the CORE switch for teh 4th Floor then it is working.How to resolve this issue,Whether I need to use the UTP to Fiber LC type convereter in the fourth floor instead of SC type converter,logically when I use the LC-SC type patch cord and connecting to SC type converter it should work.
I have 8.2 configuration that works:
global (inside) 1 192.168.1.1
nat (outside) 1 access-list Servers outside
static (inside,outside) 10.16.0.0 10.1.0.0 netmask 255.255.0.0
[Code]....
It is remote monitoring ASA, so I need to nat user networks (10.1.x.y, 10.2.x.y) to something that I can use (10.16.x.y, 10.17.x.y...)
Also, since it my device, I have them configure snmp and syslog server on client's network to use 192.168.1.1, so I have dynamic NAT for two SNMP servers and static NAT for one of them (which is syslog server).
create 8.4 version, so I can apply it? I tried few things, packet tracer shows that they are NATed, but I have only Denc packets, because hosts see request coming from my public IP...
I am planning to get the unicast streams from different 2-3 sources over internet, and I am doing NAT for port-forwarding all those unicast streams to a one private IP. Attached is the setup for your understanding.Setup: - Both unicast streams will be hitting to One Public IP (3.3.3.2) on UDP/TCP Port 1234, 1236 & 1238 only & the same ports need to be forwarded to natted One Private IP (10.10.10.4)
1)NATTING these 2 unicast streams into one private IP(10.10.10.4) by checking Source & Destination based IPs and ports, but in below configuration I cannot achieve on checking Source & Destination based IPs and ports
Router configuration:-
interface GigabitEthernet0/0
description ***Connected to Internet ***
ip address 3.3.3.2 255.255.255.252
no ip redirects
no ip unreachables
[code]...
I am in the process of migrating a production firewall from PIX 6.3 to ASA 8.4(2). This is going to be a complete firewall rebuild and I will not be upgrading the configs because they have become out of date and very bloated. I am in the process of converting the NAT commands.[code] I am hoping these commands would be enough to replicate the previous functionality. I removed all the static identity NATs because NAT control is no longer in place so those rules are not required. Additionally I didn't re-create the rules that had NAT ID 0 or 1 because it didn't look like they were doing anything. correct way to do the static NAT commands at the bottom.
View 3 Replies View RelatedAs previous posters may have noticed i have been given the task of moving the ACS from 4.0 to 5.3 which turns out to be considerably different. Sadly i have nothing to test with at the moment so am trying to work it out as best i can before the abbreviated period of cutover begins.
I have a Service Desk group setting in 4.0
Under groups i have the group settings and down the bottom i have the following -
(ticked ) Wireless-WCS HTTP
(ticked ) Custom Attributes
Then in the box -
virtual-domain0=CRUK
[Code]....
Access Policies/default device admin/Authorisation Create a new Rule Add the correct AD group in compound condition AD-AD1 attribute ExternalGroups value static in NDG:Device Type - reference the WLC (previously created as device type with ip address) Then in Results reference the above shell profile - Service Desk.
Customer of mine has 20 AP AIR-BR1310G-E-K9. No controller installed. He use them as Autonomous AP.
Right now ##he wants indroduce a WLC. Due to that every single AP must be converted in LAP AP.
is this action free of charge ? Nedd I SMARTENT COVERAGE ?
I know that configuration in 8.2.x and 8.4.x is different in terms of NAT and object groups.
I just want to know is it possible to do a direct upgrade from 8.2.3 to 8.4.x ?Secondly, will ASA automatically convert all the configuration from 8.2 to 8.4 format during the reboot after the upgrade?
I just started a new Position and they have CATos still runing on some of there 4506 and 6509 switches. I amy trying to come up with a plan to upgrade the switches to IOS but I dont know if they will take it or not. I know I need to get flash Cards to hold the IOS but i need to make sure that I get the right IOS for the Switches.
View 1 Replies View RelatedI used speed test and got 50 mega bits per second. I tried re downloading tf2 and i was getting 80 kilo bytes, and I am using windows 7. Doesn't 8 mega bits equal 1 mega byte?
View 2 Replies View RelatedI need to get a connection through a 3 storie structure.
On each floor, I have a cluster of servers set up. Conventionally, I would thread cat6 cables through the building but due to various reasons I cannot do that.
On the ground floor there are 2 ground lines which project a wireless signal.
I'm wondering, is there some way I can convert the wireless signal into an ethernet line? Perhaps through some kind of interfaced adapter. I've thought of buying a throwaway laptop and bridging the connections manually but I'd prefer to avoid that option if there are feasiable alternatives.
I have a 3602i access point and have been looking to see if it was possible to load a Mesh AP image on the AP?
View 4 Replies View RelatedI have some remote 1142s that I converted to LAP last night. They are not joing a WLC, but I they are online and I can ping them. Telnet or SSH is disabled by default (WHY???). What can I do to figure out why these access points are not joining the controller?
View 17 Replies View RelatedIs AP 1220B (b-only radio) supported for registration to WLC (7.0.x) with Lightweight software? I've managed to convert the AP to Lightweight mode, but I could not get it to register with WLC 2504 (software version 7.0). Is it possible that this AP is only supported if changing the in-built radio module?
In the compatibility matrix [URL] there is an information that this AP is supported on WLC up to version 7.0.x. On the other hand it is not supported by Autonomous to Lightweight Mode Upgrade Tool [URL] Since these APs does not have pre-installed MIC, it is mandatory for them to create Self-Signed Certificate (SSC). Upgrade tool could do this job (along with adding the created SSC hash to the authorized list on WLC), but it does not support this particular AP/radio. If I do the conversion manually (archive download-sw ...), the AP does not have the SSC needed for communication with WLC. I've tried making the SSC manually (instructions found on this site [URL] while AP is autonomous mode, and then converting it to Lightweight, but the AP still could not register to WLC.
In the debugs (on WLC/AP), I am receiving an error that is described in some Cisco troubleshooting documents as something related to WLC not having an SSC hash in the auth list. Problem is that the AP is not even sending standard CAPWAP messages and there is nothing to be seen in "debug pm pki enable" on WLC...
We are replacing CSM modules with 4710 appliances. Is there a config conversion tool? Have not seen it in any Cisco documents.
View 3 Replies View RelatedI have a HP OfficeJet 6000 Wireless that I used so far through the Ethernet network. What do I need to do to convert it over to wireless? Can I do this without installing the heavy duty HP SW on each client?
View 4 Replies View Relatedis there any issue in buying air-ap1142n-ek9 802.11A/G/N FIXED AUTO AP INT ANT and later on converting it into lightweight under the control of air-ct2504-15k9 2504 WIRELESS CONTROLLER WITH 15 AP LICENSES ?Are there any requirements on the SW of the WLC and the IOS of the AP? The reason of the choice is budget.
View 1 Replies View RelatedI am having one Cisco ME 3400G-12CS switch with 4 NNI port & 12 UNI port.I want to convert all UNI port to NNI to as meet my client requirements.which Metro IP Access Image IOS version is required to convert those UNI port to NNI.
View 1 Replies View RelatedI would like to convert some 1142N LAP to Autonomous. Is there a way to do ?
I have noticed a new image : c1140-k9w7-tar.124-25d.JA.tar
I don't see a way to replace the image in flash ?
We are in the process of migrating to the ASA service modules on both our 6509E switches from our current FWSM. We have used the Cisco conversion tool and applied that to the service module. When viewing the context in ASDM we are unable to view the object names in the right hand pane.
On the FWSM I would see the following under Network Objects:
Network Objects
- JQ-Test
- JQ-Test2
- JQ-Test3
Network Object Group
+ JQ Group
- JQ-Test
- JQ-Test2
- JQ-Test3
Now I have run the conversion tool and applied that to the ASA's I now get the following results.
Network Objects
- 10.1.1.1
- 10.2.2.2
- 10.3.3.3
Network Object Group
+ JQ Group
- 10.1.1.1
- 10.2.2.2
- 10.3.3.3
I am aware that the naming convention on the ASA's are different to the FWSM as you can no longer use the "name 1.1.1.1 JQ-Test1" format but I was hoping that the conversion tool would do this for me.
Is there any way I can get the names of the object back without having to script something that takes the old FWSM format and convert it into an ASA format?
Is there a newer tool for current versions of Checkpoint to ASA 8.4? I notice a lot of similarity between checkpoint and 8.4 now, but I still have to do it all line by line which has become a PITA.
View 1 Replies View Relatedwhere is the following CAT to IOS configuration for 6500 page moved? I am unable to find this utility? url...
View 2 Replies View Relatedwe have 1262 (AIR-LAP1262N-E-K9) and we dont have WLC..and i want to convert it to Autonomous mode..i did the below steps... with using this file (ap3g1-k9w7-tar.152-2.JB.tar) download it from Cisco site. Step 1 The static IP address of the PC on which your TFTP server software runs should be between 10.0.0.2 and 10.0.0.30. Step 2 Make sure that the PC contains the access point image file (such as c1200-k9w7-tar.122-15.JA.tar for a 1200 series access point) in the TFTP server folder and that the TFTP server is activated. Step 3 Set the timeout value on the TFTP server to 30 seconds. Step 4 On the PC where the TFTP server is located, perform these steps.
View 48 Replies View RelatedI do have 1131 LWAPP in home, i was wondering if i can convert to Autonomous . I read in the documentation, that only way is to use with controller. can i convert without connecting to WLC .
View 1 Replies View Relatedcorrelates the older IOS format naming compared with the newer? I have an older catalyst 3550 that might need an IOS upgrade due to us starting to implement dot1x. The reason that I say this is that some of the commands in the dot1x config guide, such as aaa accounting dot1x, are not valid on this platform. The current IOS is c3550-i5q3l2-mz.121-8.EA1c but the newer format is the ipbase, ipservices, etc. format. There is a newer ios but how do I convert from one to the other? I think I need to research the IOS to see if the new commands are there as well as I want to make sure there are no gotchas from a hardware standpoint if I upgrade.
Cisco Internetwork Operating System Software IOS (tm) C3550 Software (C3550-I5Q3L2-M), Version 12.1(8)EA1c, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2002 by cisco Systems, Inc.Compiled Fri 15-Feb-02 10:50 by antoninoImage text-base: 0x00003000, data-base: 0x006675E0
ROM: Bootstrap program is C3550 boot loader
ACSTMElab-3550 uptime is 20 minutesSystem returned to ROM by power-onSystem image file is "flash:c3550-i5q3l2-mz.121-8.EA1c/c3550-i5q3l2-mz.121-8.EA1c.bin"
cisco WS-C3550-24 (PowerPC) processor (revision C0) with 65526K/8192K bytes of memory.Processor board ID CHK0615V0BPLast reset from warm-resetBridging software.Running Layer2/3 Switching Image
[code]....
I have a WRT120N I would like to convert from a router to a Wireless Access point. Can this be done and how would I do this?
View 4 Replies View RelatedWe will be converting two 6500s to VSS. Each chassis has a Sup2T module, fwsm, 6908-10G blade, wism1 blades and two or three 6748-SFP blades. I was wondering how long the conversion process takes? If I remember correctly at the 2012 networkers lab it took maybe 10 minutes while using Sup720s. The instructor mentioned that with Sup2Ts it would convert a lot faster.
View 3 Replies View RelatedI have seen links out there for a conversion tool to convert commands on a Catalyst type switch (6509) to newer IOS type switches(4500-e) switches but they all error out on me on a 404. Any link where I can get this conversion tool?
View 1 Replies View Related