Cisco VPN :: 5505 VPN Only Going One Way

Mar 13, 2011

we have a customer with three sites address ranges are 192.168.215.0/24 head office, 192.168.216.0/24 contract and 192.168.217.0/24 branch office.
 
The head office has a Cisco ASA 5505 device and the two remote sites have Zyxel P-661 devices. The end result I want here would be for a VPN from both remote sites to the head office this was working before but now the branch office is not now all the users are able to access resources in the head office without any problems but the users in the head office can not connect to resources in the branch office.
 
The Contract office has exactly the same set up and is working okay.I have spoken to Zyxel and they have told me they think the Zyxel set up is okay and that the problem is at the head office.Some of the testing we have done which is causing confusion has produced the following results:
 
-From the server in the head office we can ping the internal interface of the Cisco.
-From the server in the head office we cannot ping the external interface of the Cisco
-From the server in the head office we cannot ping the router beyond the firewall.
-From the server at head office I cannot tracert to any external resources.
 
I have just tried doing a Packet trace from the internal address to the address of the router and it has failed witht he following message: [code]

View 17 Replies


ADVERTISEMENT

Cisco VPN :: VPN Between ASA 5505 And 881?

May 28, 2013

i have configured vpn on asa 5505 and 881 router, as per below design,i am seeing the tunnel is built from cisco 881 router for few seconds and the its got delted. but nothing showing in asa.

View 1 Replies View Related

Cisco WAN :: Can't Get Through ASA 5505

May 24, 2012

I've been tasked with setting up an ASA 5505 on our ADSL modem & am very lost. I've put the PPPoE details into the ASA 5505 to authenticate with our ISP, but can't get out through it.  I've looked at guides, videos, compared configs
 
This is the current config...
 
: Saved:ASA Version 8.2(5) !hostname asaenable password GuuH2OTIRWlZP8z3 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface

[Code]....

View 2 Replies View Related

Cisco VPN :: SSL VPN On An ASA 5505?

May 2, 2012

I am attempting to configure an ASA 5505 with SSL VPN.  The users request is from anywhere, be able to web into the Cisco ASA. [URL]. At that point, we will require them to authenticate through Active Directory via ACS 5.2.  The Cisco ASA 5505 is a 50 user ASA.  We have also purchased the mobile license as well as a 10 user premium license.  That was a bear in itself.
 
1.  How do I configure the SSL setup to use a 3rd party certificate, such as a Comodo certificate?
 
2.  How do I determine which version of AnyConnect I should use for this?  We will support windows, macs, linux and smart phones as well as Tablets.
 
3. if you do a show version, you get all the capabilites of the ASA of which some are disabled or deactivated.  Any chart that will show us, what needs to be purchased to activated each line entry on the ASA?  Is there an all encompassing PAK?

View 1 Replies View Related

Cisco :: Connect ASA 5505 S2S VPN?

Feb 28, 2012

The current scenario is as follows:

ASA 5505 Site A connects to ASA 5505 Site B S2S VPN, both has static IP address.

Now I need to change from ISP so that I can get more internet bandwidth, but the new ISP only has dynamic IP address.

Now I need to change Site B's config to use dynamic IP and still connect to Site A and establish a S2S VPN.

How can I do this?I want the ASA 5505 to change its IP daily so that the VPN connection is still up even if the ISP at site B changes its IP. Or a way to do this automatically as I don't have anybody at site B that can do this manually for me.

View 8 Replies View Related

Cisco VPN :: Configure ASA 5505 Behind 881?

Jan 6, 2013

We have a MPLS T1 installed at the main office. I just purchased ASA 5505 to configure site to site VPN connection. The ISP have VIP mapped with 1 block of public ip addresses.configure the asa 5505.

View 0 Replies View Related

Cisco :: ASA 5505 / WCS Discovery Over VPN?

Jan 15, 2012

I am having trouble getting 1142 LAP to find the controller. We are running an ASA 5505 at our main campus where the 5508 is located. Each Of our distribution centers have a PIX501 and from there about 3-5 AP's each. The AP's that were primmed before instalation work great, however we need the ability to get the other ones that were already installed and not finding controller to work with out cycling them through main campus. I have opened up UDP ports 12222-12223 and 5246-5246 with no luck.

View 1 Replies View Related

Cisco VPN :: ASA 5505 Does Not Reconnect

Feb 28, 2012

I have a remote ASA 5505 running 8.3(2) that establishes a site to site VPN to a central ASA 5520 running 8.4(2) immediately upon startup. Then within a random interval ranging from 5 seconds to an hour, the VPN loses the connection, and is not reconnected. Only a reload of the remote ASA will reestablish the VPN tunnel. Then everything is fine until the next disconnection. Both sides have matching lifetimes, and keep alives are enabled on both sides. The debug from the remote ASA is attached, showing what happens through several disconnect/reload sessions.

View 2 Replies View Related

Cisco VPN :: 5505 / VPN As Failover For WAN?

Dec 5, 2011

We have two sites connected by a gigaman line.  Routing between the two sites is done with a couple of HP routers.  We also have two separate Internet connections, one at each site, through different providers.  The border firewall at one site is a Cisco 5505 and at the other site it is a Cisco 5510.  If the gigaman line goes down, we would like to fail over to a site-to-site VPN.  Any clue how to set this up?  We can set up the site-to-site VPN.  how to make it serve as a failover.  Another question is whether the VPN will cause confusion when the gigaman is operational. 

View 11 Replies View Related

Cisco VPN :: 5505 / VPN Client For ASA?

Nov 17, 2012

We have a Cisco 5505 firewall and working to setup VPN through the firewall, what Cisco vpn client should we download for our users to have the right client on their desktop/latops.

View 3 Replies View Related

Cisco VPN :: Allow IPsec Through ASA 5505?

May 29, 2011

We have Cisco ASA 5505 and an internal user (behind NAT) needs to connect via VPN to an external company. I just cannot get this to work. I have enabled IPsec Pass Through from ASDM Configuration --> Firewall --> Service Policy Rules --> Edit Service Policy Rule --> Rule Actions --> tapped IPsec Pass Through I have tried to find some info from the log but all i get is this message: IP = [remote gateway ip] Invalid  Packet Detected!"I cant find anything that is blocked from the log.

View 2 Replies View Related

Cisco VPN :: ASA 5505 - No Connection Across L2L On RA?

Feb 28, 2012

I have an L2L VPN setup between two ASA 5505's. I can communicate across the VPN from either site without an issue. I'd like to be able to grant RA VPN users access to both LAN's but I'm not certain how to proceed (or if it's possible). I have split tunneling setup, and I've added both LAN subnets in the ACL. When I connect to either ASA via RA VPN, I can ping any host on the local subnet behind that ASA. However, when I try to ping hosts on the other side of the L2L VPN, it fails. I'm not sure if I have an ACL setup wrong, or if it's simply not possible.

View 4 Replies View Related

Cisco VPN :: ASA 5505 - SSL VPN To Lan Subnet

Oct 21, 2012

I'm not sure if this is a possible config, but I have an ASA that I need to be able to SSL VPN to, and get an IP Address that is on the same subnet as my internal interface.  The reason is, the person connecting in has a utility that does a broadcast on the internal network to discover the devices he is trying to connect to.  Therefore, connecting over VPN and getting put on a different subnet wont work. In this case, I am going to start the ASA configuration from scratch. If its possible to do the above, what are the correct commands to configure it?  I was planning to use 10.50.0.1/24 for the internal interface, and then hand out IP Addresses on that subnet to both the lan, and the vpn, This is an ASA 5505.  Its on IOS 8.4.

View 1 Replies View Related

Cisco VPN :: How To Separate W-Fi And LAN With ASA 5505

Dec 12, 2012

We have CISCO ASA 5505 in our office , right now port 0 has configured for outside and port 1 for inside (I believe it is the default configurations) now for security reason I want to separate the Network traffic from inside (office LAN) and WIFI , I believe since i have 6 ports in vlan1 (inside) if I make the port which has the connecting to our switch and the port which i m going to connect to my wireless router (same vlan1)  protected / isolated then this should work ,  but here is what is happening , the minute I save the configurations port 3 which is supposed to be my wifi port will lose its connection to the Internet.
 
i tried to make another vlan for wifi to separate the trafic from vlan1 , but I m not getting internet connection on that port which is been assigned to new vlan for wifi.

View 5 Replies View Related

Cisco VPN :: ASA 5505 8.3 (1) To 8.2 (2) Works Only One Way

Jun 26, 2011

I’ve set VPN up between two sites using Cisco ASA 5505 and Wizard. Unfortunately VPN works only one way From 8.2 (2) to 8.3 (1) and after spending one day trying to resolve the issue. Logs shows that ping leave ASA 8.3 but never hits ASA 8.2 – opposite way everything works perfectly. [code]

View 2 Replies View Related

Cisco VPN :: Disconnecting On ASA 5505

Feb 21, 2011

I configured site to site vpn between asa 5505, in one site it is static ip and the other side is dynamic ip.my issue is the the tunnel is automatically going off maybe 30 minutes time, if it is idle again if i initiate from dynamic side it ll comeup.and my setup is like this,in the static ip side i am having ADSL line , so i connected to the adsl router and the  adsl local network is outside network of asa 5505.like dual nat is there in the vpn connection.

View 5 Replies View Related

Cisco WAN :: LAN Traffic Not Getting Out On ASA 5505

Apr 18, 2012

For some reason my ASA is preventing my traffic from going out. I've added some crumby access-list and applied it to NAT for it to work. I don't like this. I know it is not right, but I am not sure what part is wrong. I will highlight the stuff I have added to make it work. I don't see what I am missing. If I were to remove these lines my ASA could ping in both directions (in and out), but my LAN cannot do anything but ping the ASA. No other traffic is going out unless I have added these unsafe lines of code.
  
!
interface Vlan1
nameif inside
security-level 100

[Code].....

View 2 Replies View Related

Cisco VPN :: Standby VPN In ASA 5505?

Aug 21, 2011

Any way to put a second vpn site-to-site as standby and if the primary come down  this standby come to up.for exemplo, I have a ASA 5505 in my branch office I wish add two VPN site-to-site to my head office. one tunnel must be standby and other active. there is any way to reach this? the contingency can be by hand it's not necessary be automatic.

View 4 Replies View Related

Cisco VPN :: VPN Connection Between Pix 501 And ASA 5505?

Feb 14, 2012

We have successfully connected the pix501 and asa 5505 firewallls using ipsec vpn.the firewalls and servers and beeing shutdown after office hours.the problem is everytime we turn on the firewalls, we need to do "ping" on vpn inorder to establish vpn connection with the two firewalls.After doing a ping command. The VPN connection between firewalls is established.we us vpdn to create a tunnel to the asa firewall.

View 3 Replies View Related

Cisco WAN :: How To Buy License Of ASA 5505

Dec 6, 2011

I have cisco asa 5505 Base Line .. so i want to buy the license key to get more features . so what is the requirments and how i can buy .

View 1 Replies View Related

Cisco VPN :: Qos On Vpn Tunnel With An Asa 5505

May 11, 2011

i got a person who connect with vpn on a adsl connection to the corporate network.this person is using cisco ip phone on his remote location and i did configure the ASA 5505 to priorize voice over data.i still get voice skips when the remote pc is uploading data to the corporate network...what i've done is :
 
1.with asdm i did create 2 priority queues one for inside (queue limit 2048 trans ring limit 512) and outside (queue limit 2048 trans limit 256)
 
2. with the service policy wizard i did create a global service policy (all interface) and a traffic class for dscp 46 ef and on qos tab i did check the "enable priority for this flow"...
 
3. When using the phone, i clearly see that packets are growing on the LLQ queue (show priority-queue statistics)
 
4. i still get voice skips when uploading data to the corporate network... upload bandwidth is about 800k for upload the pc and the phone is on the same subnet

View 2 Replies View Related

Cisco WAN :: Dual ISP On ASA 5505?

Feb 8, 2012

At the moment I'm running a T1 to a Cisco ASA 5505 device.  I'm in the process of getting a backup ISP.  My question is, is it possible to configure this firewall with two ISPs so that the same  internal webserver can be accessed via backup ISP?

View 6 Replies View Related

Cisco Firewall :: How To Add 861 Behind ASA 5505

Feb 18, 2013

I will be setting up a VPN with a client soon.  They are shipping 2 Cisco 861's that are planning to go behind our ASA 5505.  They are set up to be NATed.I am trying to understand what the best way to do this would be as I seem to keep running into limitations of the ASA 5505. Our ASA has a public IP of 2.1. 2.14/30 assigned to it's outside interface.The public IPs to be NATed to the 861's are 2.1.2.218 and 2.1.2.219/29.
 
1. How can I assign this seperate public IP block to the ASA? Is it even possible?

2. If not possible, what would other options be?

3. Would an upgraded license that allows for additional interfaces make this easier? (I would not do the NATing then, just assign the new public IP block to another interface)

View 4 Replies View Related

Cisco WAN :: Configuring WAN And LAN IP In ASA 5505?

Apr 8, 2012

configuring the Cisco ASA 5505 device to access my both WAN and LAN ip.  LAN ip i need to configure it for web servers to face the internet.

View 11 Replies View Related

Cisco VPN :: VPN Between ASA 5505 And Checkpoint

Dec 6, 2011

I have set up a VPN tunnel using pre-shared keys between my ASA5505 and a Checkpoint firewall (another company).

I can initiate the tunnel from my side, but they cannot open it from their side. We get Phase2 failures.

The other company is saying:

"Your ASA is expecting my CheckPoint to negotiate the phase 2 timeouts in both seconds and kilobytes. Enabling kilobyte timeouts is not something that is currently realistically feasible on my side, so I ask that you disable/turn off kilobyte timeouts on your side"

However, I do not have a kilobyte timeout specified in the security association for the tunnel, only a seconds.

Is there a hidden default setting I have to turn off? If so, how do I do this?

View 3 Replies View Related

Cisco WAN :: ASA 5505 Not Able To Get Internet

Jul 3, 2011

I have a new ASA 5505 that I am trying to configure. I've set up the basic stuff, and the router is getting an external ip address via dhcp. The router also has a site to site vpn link to another cisco ASA 5505 router. The site to siste vpn isn't working, but I can probably figure that out once the internet starts working. The router is getting an ip address from my isp, but I can't ping/browse to any web pages. [code]

View 1 Replies View Related

Cisco VPN :: VPN Between 5510 And 5505 Won't Come Up

Apr 4, 2012

I'm trying to get a tunnel to come up between a 5510 and a 5505.  I currently have a vpn tunnel up and running from the 5510 to another remote site.  [code]

View 2 Replies View Related

Cisco WAN :: VPN Tunnel Between 2 ASA 5505

Jun 5, 2011

I finally got the VPN tunnel between 2 asa 5505's up and running, but I have some error codes on the initiator side that I can not figure out. [code]I have looked at the Crypto transforms on both sides, and they match just fine as far has the DH ID code, Group Number and the encryption. The remote side however, does not have any of there errors.
 
Is this something that I have skipped over, or missed that I should be looking for? The IP address that is listed above is not in my static addresses, not sure where theose are coming from. I believe that they are outside public IP's.

View 3 Replies View Related

Cisco :: ASA 5505 SSL VPN Log Failed

Aug 31, 2012

[code]....
 
Red error what is the reason? Only appears in the window 2003 server.

View 5 Replies View Related

Cisco VPN :: 5505 - Cannot Connect To Anything LAN Or WAN

Oct 13, 2012

I have little ASA experience.  To make matters worse, I understand that IOS 8.4 is very difficult to configure.  I spent all day today trying to configure this ASA 5505 and am stuck at the point that my lan traffic can happily connect to the wan (although I cant ping the wan).  I can connect to SSL VPN from the internet, but after that I can not connect to anything lan or wan.  Here is the basic info.
 
Inside 10.50.0.1/24
Outside DHCP
VPN range 192.168.60.0/24
 
If the 5505 cant have a separate subnet for VPN, then I'm happy to put the vpn traffic right on the lan.  My goal is to be able to VPN in to my ASA from the internet, and have full access to the network, and internet.  It would also be nice to fix the issue so I can ping the internet from my lan.
 
Assuming that my ASA is only configured with the above settings and everything else is factory, any commands to make this work.  I dont have access to the firewall at the moment to copy my running config, but I can get that if needed

View 17 Replies View Related

Cisco VPN :: Set Up AnyConnect On ASA 5505?

Mar 15, 2012

Set up AnyConnect on my ASA5505? I have my VPN access working properly through the Cisco client however I want to be able to use the clientless program as well  that is available.

View 6 Replies View Related

Cisco WAN :: ASA 5505 - VPN Set Up For New Router

Jul 24, 2012

We were just informed by an ISP that they are not providing a router for an installation on Friday. We have a ASA 5505 currently and the current ISP has an Adtran router in place. Our ASA has VPNs setup to our 2 other locations. About 30-40 people connect to this location over terminal services via the VPN, they also print and conduct minimal file transfers.  We are switching ISP's to go fro 3Meg to a 10meg circuit.
 
I have a very low budget and have been told all I need to get is a 800 series router with 2 interfaces to accomplish the task. I have included a diagram that the ISP gave me. What is the proper router i need to do what is described in the picture? The an other thing that i need to add is that we may want to hang a small switch off the router to put a seperate firewall in the future. if this prevents me from getting a 800 because this is really my price range we are willing to give this up.
 
I have put a "X" for the first two octets in the picture as to not post my ip's. These 2 octets are the same through out.

View 4 Replies View Related

Cisco VPN :: ASA 5505 - NAT Before Going Over VPN Tunnel

Feb 7, 2013

We're setting up a site to site VPN with a customer.  Our side is a Cisco sa520 and there side is a Checkpoint. The tunnel is up, we've verified phase 1 and 2 are good. The issue is passing traffic across the tunnel, our LAN ip address are private addresses 10.10.1.0/24  but the customer states that we need to have a public IP address for our LAN in order to access there server on there LAN.  So looking through all the forums, I see that you can NAT before crossing the VPN tunnel, but our issue is that our site only has 6 IP addresses assigned to it and those are the Comcast router, the WAN side of the SA520 firewall.

So we were wondering was there a way that we can either use the WAN interface on the SA520 or use another available of the 6 that were assigned to NAT and pass traffic across the tunnel.  Sounds confusing?  sorry but it is, rarely do I have a customer say I have to have a public IP for my side of the LAN.  Now I also say this is a SA520 firewall, but if it's not possible to do with that is there a way were could with an ASA5505?

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved