Cisco VPN :: 506 Firewall 6.3(4) PDM 1.0 / Broke Remote VPN After Site To Site VPN Tunnel Created?

May 19, 2011

It's been a long time since I played in Cisco CLI.Using a Cisco 506 Firewall 6.3(4) PDM 1.0?Problem is I created a site to site tunnnel with a vendor and since then our remote VPN does not work. Completely times out so I am sure I broke something in the crypto map or something similar.
 
Tunnel is policy 10 using access-list 101
Remote VPN is Policy 20

Config Below:

: Saved:PIX Version 6.3(4)interface ethernet0 10fullinterface ethernet1 10fullnameif ethernet0 outside security0nameif ethernet1 inside security100enable password XLk0qAaMaA6kjvA6 encryptedpasswd VeCrsQbWdIFPwnny encryptedhostname RMS-DR-PIXdomain-name RMS.Localfixup protocol dns maximum-length 512fixup protocol ftp 21fixup protocol h323 h225 1720fixup protocol h323 ras 1718-1719fixup protocol http 80fixup protocol rsh 514fixup protocol rtsp 554fixup protocol sip 5060fixup protocol sip udp 5060fixup protocol skinny 2000fixup protocol smtp 25fixup protocol sqlnet 1521fixup protocol tftp 69namesobject-group network FTP_Clients description FTP Client PCs network-object host 192.168.xxx.xxx network-object host

[code]....

View 4 Replies


ADVERTISEMENT

Cisco VPN :: ASA 8.2(1) / ASDM 6.2(1) - Site-to-site Connection Creation Broke AnyConnect Access

Feb 7, 2012

ASA = 8.2(1)
ASDM = 6.2(1)
 
Recently I used the wizard to create an IPsec site-to-site connection, which went very smoothly; however, I now noticed that when I connect via Anyconnect 2.5.0217 I cannot get to local and subnatted resources on the network.
 
I rolled back to saved config file, which was taken before the site-to-site vpn was created, but that did not work as well.What should I check to see why I can no longer get to different subnets after the site-to-site vpn connection.

View 4 Replies View Related

Cisco VPN :: ASA 5505 - Users Aren't Able To Reach Remote Network Through Site-to-site Tunnel

May 21, 2011

Remote-access users aren't able to reach our remote network through a site-to-site VPN tunnel between two ASA 5505's.
 
I've seen several threads about that here, I've run through the walkthrough at [URL] I've taken a stab at setting split tunnelling and nat exemption, but it seems I'm still missing something. Remote-access users can reach the main site, but not the remote site.
 
Remote-access (vpn-houston) uses 192.168.69.0/24.
The main site (houston) uses 10.0.0.0/24
The remote site (lugoff) uses 10.0.1.0/24

View 5 Replies View Related

Cisco Wireless :: Configuring 5508 At Remote Site To Tunnel Traffic From WLC At Main Site?

Sep 20, 2012

At the main site, I have 3 5508 WLCs each part of a mobility group (wlcMain-MG).  In NCS, under "System/Mobility Groups" for each controller, I see each controller listed as "local" with the other Controllers listed with the group name "wlcMain-MG".  None of the SSIDs are "anchored".
 
I have a new site with a 2500 series WLC that I would like to push out 2 SSIDs.  This site contains two customers.  One customer is the Main customer with the second customer leasing space.
 
I have the Cust2 WLAN at the remote site set to have traffic egress out of a local interface on the 2500 WLC (this traffic is then tunnelled back to their Main location via an ASA which houses the DHCP scope for that vlan).    I can connect to this SSID, obtain an IP Address off the ASA and am tunnelling without issue.
 
For the Cust1 WLAN at the remote site, I would like to broadcast an SSID from the Main location on those same APs which are registered to the 2500.  It is my understanding, that I anchor the SSID at the Main site and identically configure the SSID at the remote site.  This will allow the end user to authenticate to the RADIUS server at the Main site and be placed upon the correct vlan (we are using DOT1x and dynamic vlans).
 
For my test, I am starting simple.  I have created a test WLAN with no authentication. At the main site, on 5508 WLC3, I have created the test WLAN, and placed the interface into a low security vlan (call it VLAN-low).  I have anchored this test WLAN to that controller.  At the remote site, I have created the same WLAN (but placed it into the management interface for now - the VLAN-low does not exist at the remote site) and configured that WLAN to anchor back to the WLC3 at the main site.  I am unable to obtain an IP address from the remote site.  I have placed the remote site WLC in the wlcMain-MG as well. How close does the code need to be on the controllers - the 5508s are at 7.0.116.0 and the 2500 is at 7.0.220.0? What could I be missing?

View 5 Replies View Related

Cisco VPN :: ASA 5510 - Remote Clients To Site To Site Tunnel

Feb 20, 2013

I have a situation where I need to have remote users vpn into my ASA 5510 and then turn around and hit a site to site tunnel.  Now when I am in our office I can hit the site to site vpn fine.  When I am at home and vpn to the asa I can not get to the site to site resources. Do you see where my config is incorrect? result of the command: "show run"
 
ASA Version 9.1(1)
!
hostname xxxxx
domain-name xxxx
enable password xxxxx
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
[ code]....

View 3 Replies View Related

Cisco Firewall :: ASA5510 - Web Interface On NAS From Remote Site Across VPN Tunnel?

Dec 3, 2012

I have two routers on my internal network.

10.10.199.106 is a Cisco ASA5510.

10.10.199.108 is a Sonicwall NSA 3500
 
The sonicwall handles our site to site VPN tunnels.  The Cisco handles our client to site VPN connections.
 
I have a unit that points to 10.10.199.106 (Cisco) for internet access.  All other clients on the network point to 10.10.199.108 (Sonicwall) for internet access.The device in question, a Synology NAS, is using 10.10.199.68 as it's IP address.
 
I'm trying to hit the web interface on the NAS from a remote site across our VPN tunnel.  The IP scheme on the remote end of the VPN tunnel is 192.168.72.0/24.
 
Going through the VPN, I can hit every object on the network that uses .108 (Sonicwalll) as it's gateway.  However, I cannot hit the unit that uses .106 (Cisco) as it's gateway. 
 
I added a route statement (using ASDM) that routes all traffic destined to 192.168.72.0/24 to the Sonicwall so it can send it back down the VPN tunnel.  If I'm understanding routing correctly, this should allow responses from NAS destined for 192.168.72.0/24 to go back down the VPN tunnel.

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Allow Only One Host Access To VPN Site To Site Tunnel

May 28, 2012

I have a ASA 5510 that has multiple site to site VPNs. I need to create an additiona site to site VPN but only allow 1 host to access and traverse the tunnel. The network is on a 192.168.5.x but the host that will need to access this tunnel needs to be on a 172.16.33.x network. I dont want any other traffic allowed to access or traverse the VPN tunnel for this host.  How can I set this up?

View 33 Replies View Related

Cisco VPN :: Site To Site VPN IPSEC Tunnel From ASA 5505 To Clavister Firewall

Nov 20, 2012

I have weird problem with a Site to site VPN tunnel from a Cisco ASA 5505 to an Clavister Firewall.When I restart the Cisco ASA 5505 the tunnel is up and down,up, down, down, and I get all strange messages when I see if the tunnel is up or down with the syntax: [code]
 
After a while like 5-10 min the vpn site to site tunnel is up and here is the strange thing happening I have all accesslists and tunnel accesslists right I can only access one remote network (Main site Clavister Firewall) trought the vpn tunnel behind the Cisco ASA 5505, and I have 5 more remote networks that I want to access but only one remote network is working trought the vpn tunnel behind the Cisco ASA. I see that when I do this syntax in ASA: show crypto ipsec sa.They had a Clavister Firewall before on that site before and now they have a Cisco ASA 5505 and all the rules on the main site thats have the big Clavister Firewall is intact so the problems are in the Cisco ASA 5505. [code]
 
All these remote networks are at the Main Site Clavister Firewall.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Setup A Site To Site Tunnel?

Nov 13, 2012

I have a 5505 asa code version 8.3(2). Trying to set up a site to site tunnel with someone and he is asking if I can use ike v2. How do I go about setting up the tunnel to use ikev2? Is ikev2 an option with site to site tunnels?

View 5 Replies View Related

Cisco Firewall :: ASA 5510 Identity NAT Configuration For Remote Access VPN And Site-to-Site

Mar 9, 2011

I am try to configure ASA 5510 with 8.3 IOS version.My internal users are 192.168.2.0/24 and i configured dynamic PAT and are all internet .

i want configure identity NAT for remote access VPN.Remote users IP pool is 10.10.10.0 to 10.10.10.10
 
i know to configure NAT exemption in IOS 7.2 version. But here IOS 8.3 version. configure NAT exemption for 192.168.2.0/24 to my remote pool( 10.10.10.0 to 10.10.10.10).

View 6 Replies View Related

Cisco VPN :: 5510 Site To Site VPN Access To Servers With Overlapped Remote Site

May 18, 2012

I have a requirement to create a site to site vpn tunnel on ASA 5510 from a remote site to my HO, ihave already other site-to-site tunnels are up and running on the ASA.The issue is my remote site has got the network address which falls in one of the subnet used in HO(192.168.10.0/24).My requirement is only  My remote site need to accees couple of my servers in HO which is in 192.168.200.0/24 subnet.

View 2 Replies View Related

Cisco Firewall :: Site-To-Site Tunnel Between ASA 8.4 / 8.2

Oct 6, 2012

I have created a site-to-site tunnel between an ASA running 8.4 and other ASA running 8.2. But the tunnel is not coming up.
 
ASA running 8.4
++++++++++++
 
fw2# sh run crypto
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto map inside_map 20 match address tunnel-from-1166-to-nyc1_dr
crypto map inside_map 20 set pfs
crypto map inside_map 20 set peer 10.224.2.178(code)

View 4 Replies View Related

Cisco VPN :: ASA 5505 / Site To Site Vpn With One Site Always Initiate A Tunnel?

Feb 7, 2011

I have ASA 5505, i configured site to site vpn between central site and remote site and is working. Now the problem is we use remote site for troubleshooting purpose, so we need to create a tunnel from remote site to central site. I need to configure such a way that remote site can craete a tunnel to central site, but central site not able to create a tunnel, it just respond to remote site.

View 3 Replies View Related

Cisco VPN :: 5520 Requirement To Terminate Site-to-site VPN From Remote Site

Jun 17, 2012

We have ordered a pair of Cisco ASA5520 (ASA5520-BUN-K9).Now there is a requirement to terminate site-to-site VPN from remote site. Do we need VPN plus licence for this and how much it cost?

View 1 Replies View Related

Cisco VPN :: 877 / How To IPsec Site To Site Vpn Port Forwarding To Remote Site

Jun 13, 2012

The scenario where a Site to Site VPN tunnel has been established between Site A and Site B. Lan on Site A can ping Lan on Site B. My problem is a Printer behind Site B needs to be accessed by using the WAN IP address of Site A. Also i could not ping the remote lan or printer from the router.
 
Below are my configure on the Cisco 877 in site A.  
 
Building configuration... 
Current configuration : 5425 bytes
!
! Last configuration change at 15:09:21 PCTime Fri Jun 15 2012 by admin01
!
version 12.4
no service pad

[code]....

View 1 Replies View Related

Cisco VPN :: 5505 - Site To Site Connected But Cannot Ping Remote Site

Oct 11, 2011

cisco products and am struggling getting a VPN going between an ASA 5505 and 5510.  I have a VPN created (using the VPN wizward on both) and it shows the VPN is up, but I can't ping the remote site (from either side).

View 11 Replies View Related

Cisco VPN :: ASA 5505 Site To Site Connection / Remote Site?

Mar 6, 2011

i have 2 router asa 5505 with base license i wanna make site to site vpn connection and remote site using vpn client to connect first i have hdsl router with 5 public ip i wanna try it by giving 1 public ip to each router and try the vpn but nothing work?

View 1 Replies View Related

Cisco VPN :: 1800 Site-to-Site VPN Tunnel Bandwidth For Voice Traffic

Jun 22, 2011

I have some challenges with a VPN config I recently setup for a client.I have at the HO the following:

- 1800 router
- Avaya phones and Gateway
- 1MB radio internet access
 
At the BO(branch office), i have:

- 871 Router
- Avaya phones
- 256k internet bandwidth
 
The only reason we setup the VPN in the first place was for the phones at the BO to be able to connect to the gateway at the HO and also able to make calls and receive calls as if the phones were at the HO.The phones at the BO successfully register to the HO, but are unable to recieve calls and dial out. Everytime I try to make a call, the phone displays a "connecting..." message. [code]

View 2 Replies View Related

Cisco Routers :: SRP521W VPN Site-to-Site Tunnel Doesn't Establish

Dec 19, 2011

As you can see i have problems with connecting 2 SRP521W together for an VPN tunnel. I tried as much as I can but now i dont know what to do or how and where is the mistake? the connection between these two devices was there last week, after weekend (nothing changed in configs) the connection suddenly was interrupted, without any reason or warning. another day it worked again and 20 mins later connection was dead again...and now it wont establish at all.. here are some screenshots from the vpnconfigs of my devices. one has a static IP the otherone uses FQDN. These are the IKE policies: Here the IPsec Policies: and the GRE policies:

View 10 Replies View Related

Cisco AAA/Identity/Nac :: ASA 5505 - Procedure For Monitoring Site-to-site VPN Tunnel?

Apr 30, 2012

Need to know the step by step procedure for monitoring site-to-site VPN tunnel (up/down) using SNMP on Cisco ASA 5505. 

View 1 Replies View Related

Cisco WAN :: 3825 Shared Internet Through Site To Site IPsec VPN Tunnel

Apr 24, 2013

I have configured Ipsec vpn tunnel beetween two routers (from site A to site B) over untrusted internet connection by cisco 3825 routers and i can  successfully access both of this routers. But now i need to access internet on site B router sitting on site A router. So that if i run traceroute from A site machine then the gateway by which internet passing through shows the ip of site B.

The Architecture of our both site routers :

Site A  10.1.11.0-----Router A 172.18.12.1-----VPN tunnel----Router B 172.18.12.2-----Site B 10.4.11.0 

/////Create IKE policy
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
[Code] .....

View 10 Replies View Related

Cisco VPN :: 5510 Hair Pining VPN Clients Through A Site-to-site Tunnel

Apr 30, 2013

I have an ASA 5510 8.2(5) in Site1 and a ASA 5505 8.2(1) Site2 they are setup with a site to site tunnel.Each site has VPN clients that connect and I would like to allow clients from both sides access to servers on the other side of the site-to-site tunnel.
 
I enabled same-security-traffic permit intra-interface I also added the remote networks to access-list that is doing the split tunneling. [code]

View 33 Replies View Related

Cisco VPN :: ASA5520 - Access-list For Site-to-Site IPSEC Tunnel

Dec 1, 2011

How can I NAT the same set of four hosts and give them access to two different networks across an IPSEC site-to-site VPN tunnel?  I'm using an ASA5520 running 8.04.
 
I have four hosts say: 10.240.1.1-10.240.1.4
 
They need access to two different networks:

205.100.150.0
140.175.200.0
 
I woud like to NAT them as something like:

7.5.210.1
7.5.210.2
7.5.210.3
7.5.210.4 

View 1 Replies View Related

Cisco VPN :: Establish Site To Site IPSec Tunnel Between ASA 5520 And 3030?

Feb 17, 2013

We have configured a site to site tunnel from our ASA to another organizations Cisco 3030.  It appears to have just one way initiation.  We can do a ping to a device on the remote site and it will ping just fine.  however, when the tunnel needs to be initiated from the remote site, it will not work until we have initiated the tunnel and then everything works.
 
I continue to see Error processing payload: Payload ID: 1 errors on the ASDM logs.It appears that all the configuration is in place because we can in fact establish the IPSec tunnel unidirectional.  And once established, traffic can flow bidirectional.

View 1 Replies View Related

Cisco VPN :: 2901 / 2951 - Site-to-Site VPN - Constant DPD - Tunnel Drops

Dec 12, 2012

We have approx 40 branch offices - all of which are connected to a single core site over VPN Tunnels using various gear. At one particular site, we are having issues with the tunnel dropping sporadically throughout the day - some days it happens 10 times, some days it happens none. This just randomly started happening two weeks ago, without any changes taking place. Since it started happening, I have upgraded the code to latest versions, but still the issue persists. This particular site has a 2901 and connects back to a 2951.
 
Below is the output from:

debug crypto ipsec
debug crypto isakmp

[code].....

View 1 Replies View Related

Cisco VPN :: 4500 Switch - Dot1q Tunneling Via PPTP IPSec VPN Site-to-site Tunnel?

Nov 28, 2012

I have a situation where the site-to-site tunnel is already established using PPTP IPSec VPN with non Cisco Gateways terminating the link on each end. These non Cisco Gateways do not support L2TP tunneling, and there is no plan to change them.Beyond the Gateways on both ends, we have a Cisco 4500 series switch. We need to forward the 802.1q tagged VLANs between the two sites. Is it possible to use 802.1Q tunneling in this case, going via a PPTP tunnel ?
 
Cisco's setup uses dot1q-tunnel over a L2protocol-tunnel to preserve the original client VLAN tagging, so does this mean that the only option we have is to setup a L2TP tunnel at the Cisco device endpoints, and have that tunnel go through the existing PPTP tunnel (established between the 2 non Cisco VPN Gateways) ?

View 1 Replies View Related

Cisco VPN :: ASA5505 Add Site-to-site Tunnel On Top Of Existing Configuration

May 3, 2011

i have one asa 5505 that have classic remote access vpn set-up and now i need to add site-to-site tunnel on top of the existing configuration. Is that possible with asa 5505 and do i need some special IOS bundle for that? May i use vpn wizard for that or do i need to go through cli since remote access vpn is setup using wizard.

View 2 Replies View Related

Cisco VPN :: Establish Site-to-site VPN Tunnel Between ASA 5505 And C881?

Dec 27, 2012

Last week, I was able to establish a site-to-site VPN tunnel between an ASA 5505 and Cisco C881 router just fine. The tunnel was up and and running for a number of days but today the tunnel is no longer up.  I was wondering how, if there are any commands  to re-establish or re-initiate the tunnel.

View 3 Replies View Related

Cisco VPN :: TFTP From ASA Via Site To Site IPSEC Tunnel 5540

Nov 1, 2011

I am having issues getting my ASA 5540 at site A, to pass TFTP and SYSLOG from itself across the IPSEC tunnel to our SYSMON servers (Syslog and TFTP) that live at site B. I have followed the suggestions of other threads and I am still not getting anywhere. Here is a quick topology diagram.

View 6 Replies View Related

Cisco WAN :: 2800 How Many Site-to-site Ipsec Tunnel Without Vpn Module

Sep 20, 2011

Can i know cisco 2800 router can support how many site-to-site ipsec tunnel without vpn module?

View 2 Replies View Related

Cisco VPN :: Site To Site IPSEc Tunnel Between ASA5520 And IPSO

Aug 10, 2011

I cannot get it to work : if interesting traffic comes ffrom the IPSO side, the box would not even try to set up the tunnel. and If it comes fomr the ASA side, the box attempts to do so but it with this strange message : AM_WAIT_MSG2

View 3 Replies View Related

Cisco Routers :: RV220W Radius Over Site-to-site Vpn Tunnel

Jul 22, 2012

I have a site to site VPN tunnel configured between a rv220w and rv180. Everything works fine going from site to site on LAN connections. I'm now trying to tie in the remote site wireless (rv220w side) by pointing radius to my ACS server which is on the other side of the site-to-site tunnel but it seems as though it doesnt route across the site to site tunnel. If i put a radius server on the local lan on the remote site that authentication works fine. I have confirmed there are no ACL problems. the RV220W capable of using a radius server across the vpn tunnel?

View 1 Replies View Related

Cisco VPN :: ASA 5505 Site-to-site VPN Tunnel And Client VPN Sessions?

Nov 14, 2012

i have a client who needs to establish a VPN tunnel from his satellite office (Site A) to his corporate office (Site Z).  His satellite office will have a single PC sitting behind the ASA.  In addition, he needs to be able to VPN from his home (Site H) to Site A to access his PC.The first question I have is about the ASA 5505 and the various licensing options.  I want to ensure that an ASA5505-BUN-K9 will be able to establish the site-to-site tunnel as well as allow him to use either the IPsec or SSL VPN client to connect from Site H to Site A.  Secondly, I would like to verify that no special routing or configuration would need to take place in order to allow traffic not destined for Site Z (i.e., general web browsing or other traffic to any resource that is not part of the Site Z network) to go out his outside interface without specifically traversing the VPN tunnel (split tunneling?)Finally, if the client were to establish a VPN session from Site H to Site A, would that allow for him to connect directly into resources at Site Z without any special firewall security rules?  Since the VPN session would come in on the outside interface, and the tunnel back to Site Z goes out on the same interface, would this constitute a split horizon scenario that would call for a more complex config, or will the ASA handle that automatically without issue?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved