i have a problem regarding VPN setup on 5510 ASA and other side 5520 ASA. previously we created the VPN but it works only when the other side start pinging to our side.i have to mention here that we created the BI- Directional traffice on for both side .we have to configure tunnel up for both side .
View 2 Repliesi have firwall ASA5400, and the outside interface connected to internet router but i noticed that the interface speed in the outside interface is 1000M, but on the internet router is 115 M. so the interface in the router is highly utilized and also the firwall cpu highly utilized. [code]
View 0 Replies View RelatedWe have a single 4500 connecting to two non-cisco devices. We need to enable port channelling or link aggregation between these two.The links are carrying mulitple vlans , hence are trunked and the ip address on either side is used for routing.
From each of the two non-cisco device, i am taking 2 ports each to connect to the 4500.On each non-cisco device side, two ports will bundle together as one aggregated interface (ae1) and the other will be called ae2.
my query is how do i do the configuration for etherchannel on the cisco 4500 side , as it will need two different Po's( port channels).I need a single ip address on both sides of port channel to be present for routing.
I woudl like to ask all of you that i have ASA 5510 and i want to do VPN client authetication with LDAP, after verify username and password with AD and it use policy with ACS?
View 3 Replies View RelatedI have one ASA 5510 on main office that access the internet trought of a private link and one ASA5505 on the branch office that access the internet trought of a ADSL link with dynamic IP.
Behind ASA 5510 the network is 10.8.40.0/24 and behind the ASA 5505 the network is 10.30.103.0/24. I want access both network trought of the frame-relay link and the internet link with EzVPN.I make that access only ip on the main office, this comunication go to frame-relay link and the everyone go to the VPN.When the traffic go to the frame-relay link, I use a NAT Static Policy that change the source 10.30.103.0/24 to source 10.40.103.0/24. Its work OK when a VPN do not UP.When the VPN is UP, the NAT dont work and the packet go to the true IP (10.30.103.0/24).
I can't telnet from a host(Ubuntu 12.10) in our DMZ to an outside MX on port TCP 587. Inspection for ESMTP not enabled. Port 587 enabled for host in DMZ to any.
View 12 Replies View RelatedI have a ASA 5510 that is connected to my ISP and the inside interface that is connected to my router. I have a /30 and need to determine if the configuration of x.x.x.121/30 which is my ISP and also the BVI address on the ASA. The inside router address is x.x.x.122/30 same subnet as my ISP will allow me to pass traffic. Management interface works using a different ip address but not able to get the traffic to pass traffic out to the internet thru the ASA
ISP-------->ASA-------->Router
Bottom Line is that I only have one usable address that is being used by the router and the ISP and ASA are using the other. Will this work?
I have a ASA 5510. I setup basic configuration to test internet with 2 ISPs. My first line works with out any problem. But my second line doesn't work. Even when i wipe the configuration, and setup only my second isp. Internet doesn't work. Can you tell me if there is anything wrong with this config?
CaaaA01# sh run
: Saved
:
ASA Version 8.3(1)
!
hostname CaaaA01
domain-name example.com
[code].....
Are the ASA memory DIMMs created for specific models? Would a 1GB 5510 Memory stick work in a 5520?
View 1 Replies View RelatedI'm trying to setup a L2TP VPN Connection on my ASA 5510 to connect with Android/Windows (Native Clients).I'm using the newest Releases:Cisco Adaptive Security Appliance Software Version 8.3(2) Device Manager Version 6.3(5)
My asa config just the interesting part:
crypto ipsec transform-set trans esp-3des esp-sha-hmac crypto ipsec transform-set trans mode transportcrypto ipsec security-association lifetime seconds 28800crypto ipsec security-association lifetime kilobytes 4608000crypto dynamic-map dyno 10 set transform-set transcrypto map vpn 20 ipsec-isakmp dynamic dynocrypto map vpn interface outsidecrypto isakmp enable outsidecrypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400no crypto isakmp nat-traversal
[code]....
If i try to connect with a Windows 7 Client (NOT behind NAT) I get the Error 691.
I see that Phase 1/2 are working with debug:
Dec 22 16:32:16 [IKEv1]: Group = DefaultRAGroup, IP = XXXXXX, PHASE 1 COMPLETED
Dec 22 16:51:25 [IKEv1]: Group = DefaultRAGroup, IP = XXXXXX, PHASE 2 COMPLETED (msgid=00000001)
Then I see this "Error":
Dec 22 16:51:26 [IKEv1]: Group = DefaultRAGroup, IP = XXXXX, Session is being torn down. Reason: L2TP initiated
I don't understand why it doens't work....I tried many templates from the net but nothings works.
since our update of Cisco ASA 5510 (active/standby cluster) from version 8.22 to version 8.24 it isn't possible to transfer files from/to a sftp client. The request just times out. SSH from this client is possible.
[Code]...
I would like to use a Cisco 1921 at my house and create a "Easy VPN Remote" connection to our ASA 5510 at work. Can I use the Easy VPN Client with the base license, or do I need the security license to take advantage of the VPN tunnel?
View 4 Replies View RelatedIs there any chance the Wireless Repeater mode work with WPA2-AES ?If not, which model of AP should I buy to connect it with my wap54g as Wireless Repeater?
View 4 Replies View RelatedI'm trying to set up my DIR-655 so I can use VPN to access my work PC. How can I set this up?
View 2 Replies View RelatedI have a DIR-655 B1 router. The firmware is 2.00 NA. Just to clarify, the DSi itself does work with WPA, but the games only work with WEP. I made a guest account and set it to WEP and it still does not work. I have tried making the main connection WEP as well, but when I go on the game and try it, it says it is WPA and not WEP. My friend has a DIR-655 as well, but the hardware and firmware version are different. Her games work flawlessly.
View 10 Replies View RelatedI'm trying to figure out how to get two 5510 ASA's to establish a Site-to-Site VPN.The version with two static IP's is working perfectly and stable but I haven't figured out how to get a VPN running between a static and a dynamic IP
View 12 Replies View RelatedI am delving into the world of Certificates and the ASA. I am having the HARDEST time grasping this though. I've poured over Cisco whitepapers, been reading through books and things just aren't solidifying in my head. So my question is, how do Certificates for SSL work on the ASA? Where does the data transmit and how does an ASA talk to a CA and User for things?
Lets do this basic topology for the discussion:
End User------SSL VPN---> ASA--->Internal CA
So in theory we are supposed to create a certificate and install it on the ASA and then set the outside interface to trust that cert?
How do identity certs and root certs also work out on the ASA? I have instructions that pretty much say
Create RSA key
Create new trustpoint
cry ca auth newtrustpoint
cry ca enroll newtrustpoint
cry ca import ?
So what are all of these steps specifically doing? Also in ASDM it shows a normal Certificate and an Identity Certificate. I can't really figure out the difference between the two. Does one cert talk to the CA and the other identify the ASA to the CA?
I have a test on eigrp next week and have been doing it in packet tracer so i`m ready but i can`t seem to get EIGRP to work!I have 3 routers and the loopback interfaces are configured because there`s not enough PCs to actually connect up to the kit. [code]
View 5 Replies View RelatedI'm playing around with CBAC, trying to get a feel for it so I can manage it on some of our routers. I think I have the basics down, but for some reason I'm still having these issues with a 2801 running the attached config:- I had to add the "router-traffic" option to my ICMP inspect line to be able to ping anything at all on the 10.10.2.0 side from the router. We have a router doing firewall duty which is using CBAC but does not have the "router-traffic" option on its ICMP inspect line, but pings from it still work. What gives? I've read that by default (without the "router-traffic" option) traffic originating from within a router will not be inspected by CBAC, so it looks like my lab router is working as expected, I just can't figure out why pings work from the production firewall router.
- I can not copy a config via TFTP to 10.10.2.97. Other network devices can access the TFTP server on .97, so it's my lab router that has the problem. I can ping .97, it can ping this router (.5). It looks to me like I have TFTP allowed through this router, but it doesn't work. When I do a copy command, my TFTP server on .97 sees PUTs coming in, but then says it's not getting responses from the router, so it looks like traffic is only flowing out from the router but not back in. I thought the TFTP inspect would fix that. There doesn't seem to be a "router-traffic" option for the TFTP inspect[CODE]
I have a L2L VPN tunnel on a Cisco ASA 5520 that I'm trying to get RRI to work on. On my cryptomap ACL I have defined a local object-group and a remote object-group, and I'm performing one-to-one NAT on the local group. I also have a route map configured that will take the static routes and redistribute them into my EIGRP AS. Two things I've noticed -1, I'm not seeing any static routes on my ASA that point to the remote subnets, and 2, the ACL that I've used in my route map definition is not getting any hits on it.
View 2 Replies View RelatedI'm having trouble getting this to work, after my upgrade to Mac OS X Lion the Anyconnect client can no longer login. Reinstalling didn't work for me.
View 24 Replies View RelatedI was running V4.1.2 up until recently for my nac install. This needed to be upgraded to support windows 7 so the CAM and CAS were upgraded to version 4.7.1. The CAS is running a trusted certificate from Entrust and the CAM is running a self signed cert (perfigo).
First question is will this work with version 4.7.1? I have read a lot of threads about SSL being used between the CAM and CAS.
I have gone through the steps to export the CAM Cert and import it into the CAS Trusted certificate Authorities and vice versa but I still get the following error message on the CAS:
"Warning: The current Trusted Certificate Authority URL is suited for lab environments only. Cisco recommends importing a third-party Certificate Authority. Please check your Clean Access Manager(s) and standby
Clean Access Server for similar messages. "
Is this purely because I am using the self signed Cert on the CAM? If I purchase a cert from Entrust for the CAM, will this correct the problem?
I can't get IPv6 to work on my Cisco 877:Do I need to do something to enable it? I have a /56 from our ISP that I would need to configure.
View 12 Replies View RelatedI have a stack of SGE2010P switches with 3 vlans (1, 10 and 255) on it. Connected to it via a trunk port, I have a SF300-24P.On the trunk ports, I have vlan 1 untagged, vlans 10 and 255 tagged (on both sides, obviously).On the SGE2010 stack, I can set a ports primary vlan id to vlan 10, and workstations work correctly.On the SF300, if I set a port to type general, and the ports default vlan to 10 (on the port to vlan page), I cannot get any communication to work.This is my first time with a non-CLI switch, and am having real problems figuring out how to troubleshoot this problem.
View 1 Replies View RelatedDoes aps work with Wcs ?? .
View 4 Replies View RelatedI purchased 3 of these Wireless-G access points and none of them are plug and play. I am here because I have spent the last three hours trying to go through every step they suggest in the Quick Start Guide.
I tried entering in a web browser the default IP address and wait for a login that does not appear.
Why in some places I can not switch on my VPN ? The strange thing is when I use the VPN server of my office , this work OK and it is the same VPN client. So this means that I do something wrong in my private CISCO 1841 ROUTER.Here bellow what does not work and at the bottom the same computer same network.
View 6 Replies View RelatedWe have purchased LMS 4.0 -300 and were wondering how well the software will perform on a Virtual Enviornment.
View 3 Replies View RelatedI had the Cisco 877W Router working in my old company. The old company was closed and I bring all of network equirments to new company.I am trying to setup this router to new company but lost menu, console cable and software CD.
View 2 Replies View RelatedI have an RV180 VPN router.I try to enable the VPN users with PPTP or QuickVPN but is not working.For PPTP sometimes my windows 7 connects to the router, sometimes doesn't connect with a random error message.When it connects, the windows 7 from outside the lan can see the computers from inside the lan but the computers from inside the lan cannot see the windows7 one. This is random also. When i succed to connect, from that computer, the internet is not working anymore.I tried to set the VPN in the same subnet as lan, i tried with different subnet. Is not working.I updated the last firmware. The same.Restore factory settings couple of times, the same.
View 6 Replies View RelatedI see a topology, I wonder if this topo can work?two ASA config active/standby ASA is VPN server, two fortigate firewall config active/passive.Normally I see ASA must config: inside, outside, .. . and vpn config.But this topo, ASA may not have inside, outside.
View 4 Replies View RelatedI've been asked to configure an 881 with a Verizon 3G backup connection as a backup to the FE4 primary WAN connection. I've been unable to get any connectivity through 3G, and in most cases, as soon as I try to configure 3G, I lose connectivity through FE4.Currently, I don't even have FE4 connected. I'm just trying to get the 3G connection working, so then I can take it back to the office and have a functional 3G backup connection. [code]
View 1 Replies View RelatedI have two routers 2811, which set ntp client. Different versions of the IOS, other devices are working properly. My routers takes time to ntp with other router,which take time from ntp server.
View 1 Replies View Related