Cisco VPN :: 5520 - ASA Dead Peer Detection?
Oct 22, 2011
I have a simple question regarding dead peer detection on the ASA 5520. I am using a cellular VPN device to connect back to an ASA 5520 and I have noticed that the connection drops at random periods during the day. The vendor for the cellular device recommends disabling dead peer detection on their device, which I have done. The question is, where is this disabled on the ASA? is it the IKE Keepalive setting under the tunnel group option?
View 1 Replies
ADVERTISEMENT
Sep 13, 2011
I have remote site in which site to site vpn is configured with hub site using 5510 model. now i am using load balancer in which 2 isp will terminate one is isfy and other is reliance . now i want if suppose ipsec-tunnel is configured primary with sify. if sify link fail at hub site then at remote site should be able to communicate with reliance that is secondary?
View 7 Replies
View Related
Apr 1, 2012
I'm running a 5505 with DHCP on the outside interface. All 5505 are connecting to 5545.Can I configure the ASA for a site to site to automactically discover the the peer address and automatically establish a connection with 5545?In other words can I configure all settings for the site to site except the peer address. Once connected on network and get outside DHCP, can it also put that address is the peer section of site to site?
View 1 Replies
View Related
Jun 10, 2013
I have a few site-to-site VPNs connecting to my ASA 5520, but one of the remote VPNs is changing it's public IP, how can I change this IP on the ASA without starting again? On the ADSM it is greyed out so I can't edit it, but can I just change it in the CLI?
View 2 Replies
View Related
May 25, 2012
I have an ASA 5520 with multiple site-to-site VPN's. A remote customer has changed their Public IP address and now the VPN has gone down. How can I easily change the peer IP of the remote site to the new one without have to put the pre-shared key in again as we don't know what it is and they don't manage their firewall.
View 7 Replies
View Related
Jul 17, 2011
Can threat detection provoke frequent disconnections on allowed traffic?We are using asa 5520 with 8.3.1 IOS For instance in ASDM we see SYN attack messages .The source ip address correspond to external an external host (in the outside interface) wich is allowed to connect to internal servers(in the internal interfaces).
Our threat conf is as follow:
threat-detection rate dos-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate dos-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate bad-packet-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate bad-packet-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate acl-drop rate-interval 600 average-rate 400 burst-rate 800
threat-detection rate acl-drop rate-interval 3600 average-rate 320 burst-rate 640
[code]....
View 11 Replies
View Related
Feb 25, 2013
I am working on wi-fi networks (ISP), So I need to block the peer to peer on my network.My network involves cisco switch 2950/2960, cisco 2800 routers and Access Points, config for peer to peer blocking, for this where I need to config either switches or router.My network basic setup is, The internet will pass from router to switch and then Access Points.
View 1 Replies
View Related
Apr 19, 2012
I got ASA 5510 with base license, can I block all Peer-2-Peer traffic from inside to outside.
ASA Giga 0/0 connected to ISP Router 2811
ASA Giga 0/1 connected to LAN switch 3560
View 3 Replies
View Related
Jul 25, 2011
I see that Application protection - blocking peer-to-peer file sharing traffic is a capability of Cisco IOS Firewall. How do i configure my Cisco 2911 ISR to block peer-to-peer file sharing traffic?
View 1 Replies
View Related
Feb 13, 2013
I am facing issues in blocking Peer to Peer applications in LAN. I am using 881 Cisco router and below is the config done. [code]
View 1 Replies
View Related
Jul 31, 2011
I recently bought the WAG320N can I block Peer to Peer file sharing on my Network?
View 3 Replies
View Related
Jul 31, 2011
I bought my WAG320N, I too have the internet drop out and from reading in here is a very common problem. Cisco really should bring out a new firmware version and address this issue. Any way you can block peer to peer file sharing with the WAG320N? If so how do you go about it?
View 1 Replies
View Related
Jan 28, 2011
One of the schools whose networks I administer has a peer to peer network running about 30 xp machines. DHCP is achieved and DNS settings distributed via a basic Linksys router; is there any way of distributing proxy server address and port short of entering manually in LAN settings of IE on every terminal - there is no budget to install a server.
View 4 Replies
View Related
Jan 18, 2011
i just set up my 2Xp pc's and one windows7 laptop peer to peer for file and printer sharing but i can not configure internet connection for those pc's
View 2 Replies
View Related
Mar 12, 2011
i want to set up my two computers /win xp/ installed using peer to peer network , just tell me the needed steps
View 2 Replies
View Related
Jan 24, 2013
I want to prevent guest from doing peer - peer communication on my Guest (5508) controllers. Is this a feature on the WLC or only by applying an ACL on the router interface?
View 2 Replies
View Related
May 17, 2012
What is difference between Peer to Peer network and point to point network???
View 5 Replies
View Related
Apr 24, 2012
I have a 5508 controller with 70 AP's ( a mix of 1131 and 1142). On the Monitor tab I can see under the Rogue Summary numerous "Rogue AP's" as well as the clients associated to these AP's. There are no Rogue AP's on my wired network according to the report. My question is this: What actions should I take regarding these "Roague AP's"? Many of them appear to be just other AP's in the residential area near by. I know I can take action to classify them as Friendly or Malicious as well as Internal or External, but what benefit is there to doing this? Will taking these actions keep my AP's from scanning off channel for Rogues? I read that if a "Rogue AP" is not on the wired network that is really is not considered a threat. Any Cisco best practices regarding how to handle detected Rogue AP's ?
View 4 Replies
View Related
Aug 30, 2011
How can I detect who is downloading big files in our network.Because it is banned in network for certain peak times. We are using DSL connection.
View 2 Replies
View Related
Feb 10, 2011
how would i know the ip address of the person whom i chatting with.I dont know him or her exactly. he or shes detecting my ip address to block me
View 2 Replies
View Related
Jun 22, 2012
I tried to upgrade the cisco boorloader pf WLC 4402 from version 4 to 7.2. I updated ER.Aes FOR 7.2 (EARLY RELEASE.aes). It was updated perfectly and then I rebooted controller....now i can only see blank screen from connected console.I tried the flash of other lan controller but its not working because the issue is in the ROM as the boadloader file is in the ROM which is corrupted now i want the solution to upgrade the boatloader file inside the ROM.
View 1 Replies
View Related
Jul 13, 2012
I have an old RV082 that I suppose has failed. The red diag light on the front panel is lit and nothing works. I've already replaced the unit, so I don't really need to fix it. Here's my issue: the setup on the old unit was pretty complex with a number of port forwards and other non-default settings. I'd like to recreate those items on my new router, but they were never written down so I don't know what they were. I've tried to connect a computer to one of the LAN ports, but they're all dead. Is there any way to get at the configuration page?
View 2 Replies
View Related
Feb 16, 2012
I just got a refurbished ASA 5505.It works fine until un need to reload it or unplug it from power en replug it, when I do this and it's warm (even after some minutes of uses, so still physicaly cold while touching it), in this case, it simply reboot in chain withing 1 or 2 seconds. I have to unplug it from power and wait 5 minutes before replugging it to power.
I don't know if it's a problem from the power supply (that makes some noise, but I think it's normal), I tried loading more the power supply by plugin in some PoE device (Cisco 7940G) and it works fine, so it looks more like it's a problem on the ASA itself.
Must I send it back to the vendor? I tried updating the ASA image, but this don't changes anything.
View 2 Replies
View Related
Nov 28, 2012
Primary optical link between CPE and PE, and backup 3G/ADSL link between CPE and PE.I am considering link failure detection on primary link (after which backup link should take over). Which method is the least CPU intesive:
1) BGP protocol between CPE and PE
2) RIP protocol between CPE and PE
3) BFD on static routes on PE
Is there difference in terms of CPU load between above mentioned methods or they are more or less the same?Hardver platforms are sup720 BXL and Cisco 7200 G2.
View 4 Replies
View Related
Jul 5, 2012
Is it possible my Laptop Ethernet port is dead?After I got home today I noticed that the store that passed by caused a short power outage. I knew this because several electronic devices that rely on constant power were reset.Next to be noticed was that my computer had no connection to the internet, and my Ethernet port has a constant orange light on.I proceeded to perform a full network restart for my modem, router, and computer. This solved the internet connection to my router. My roommate was able to connect via an Ethernet cable to the internet on any of the routers ports, but I was still unable.However,I was able to connect to the wireless on my computer. Unfortunately no matter what port, or cable I use my Ethernet port still is unresponsive to it all, and still has the constant orange light.you.Specs:Manufacturer: Gateway
Model: P-78
OS: Windows 7
CPU/Ram: Intel(R) Core(TM) 2 Duo P7350 2 GHz / 4090 MB
Video Card: NVIDIA GeForce 9800M GTS
Sound Card: NVIDIA High Definition Audio Conexant High Definition SmartAudio 221
View 9 Replies
View Related
Dec 10, 2012
So I rebooted my router after adding a MAC address to the MAC address filtering scheme, and now it wont get its static IP and broadcast. what have I done and how can I fix it? and before someone says "Turn it off and on again" and "hard reset it", ive done this! it was first port of call!
View 3 Replies
View Related
Apr 29, 2011
Just for no reason that I know of the wireless stopped working. I can can connect to the SSID fine and there seems to be good signal strength, but no wireless internet access.
I have up to date February 15, 2011 firmware, 205NA, hardware version = B1.I have done a reset with no luck.I have done a 30/30/30 factory reset = no luck
View 8 Replies
View Related
Feb 13, 2013
I would like to develop Voice Activation Detection using this sample program (google: ****/p_238-voice-activation-detection-voip) in Visual Studio 2008. But according to this website Visual Studio 2010 is highly recommended. Why VS 2010 is better than VS 2008?
View 1 Replies
View Related
Jul 3, 2012
After replacing my WRVS4400N Gen2 with a RV220W, I would like to know if there is a solution to resurrect the dead wlan, killed by the well known buggy firmware some time ago (I could not let it fix it in those days, cause some of use may need those devices every day, so "send it in and we fix it in some weeks" was a bad joke).
I do not need the "old" router atm, but it would be nice to have a backup device in hands, because the VPNs created by those devices are vital for my business. Is there a cheap way to fix this device, or would you say it would be cheaper to buy something else? (And after those two devices, I'm not sure that the next one would be a Cisco device again .
View 1 Replies
View Related
Jul 25, 2012
In a lab environment, I have a stack of two 3750v2-48ts switches. I upgraded the stack from 15.0(1)SE2 to 15.0(1)SE3 using archive download-sw.
Switch 1 in the stack reloaded and came back with the new image.
Switch 2 appears to be dead. No console out put. When power is applied, the SYST LED blinks 22 times, then stops. I've held in the mode button for up to 60 seconds, held in mode while applying power, removed the stack cables and repeated...there's not a whole lot else I can think of to do at this point.
View 1 Replies
View Related
Apr 15, 2012
I am interested in gathering cumulative threat-detection statistics from an ASA running 8.3, and displaying number of attacks over time. I am already capturing traffic information via netflow, but am interested in getting threat information.
Is there a way to capture the statistics via SNMP or any other method?
View 3 Replies
View Related
Mar 13, 2011
I have a Cisco 2801, IOS 12.4(24)T2 (C2801-IPBASEK9-M) on a WAN link to another 2801, which appears to be wrongly detecting our cross-site EMC replication traffic as Skype.
I am 100% sure that Skype isn't running on any of our PC's, yet the Skype protocol is by far the highest used out of everything. I have watched these traffic stats late at night when nobody is on the network and when the only traffic is replication, and this is the protocol which is constantly increasing.
If I run 'sh ip nbar port' , Skype isn't listed in the port-map. If I use ? at the end of the command, it lists Skype as option. The 'sh ip nbar protocol-discovery' show the following (among others):
FastEthernet0/1/0
Last clearing of "show ip nbar protocol-discovery" counters 6d10h
Input Output ----- ------ Protocol Packet Count Packet Count Byte Count Byte Count 5min Bit Rate (bps) 5min Bit Rate (bps) 5min Max Bit Rate (bps) 5min Max Bit Rate (bps) ------------------------ ------------------------ ------------------------ skype 76133998 146572068 6167477623 173614718864 0 0 1221000 8973000
EMC have informed me that the port used for replication is 8888, but I can't see how NBAR can think this is Skype.
why NBAR is detecting Skype traffic?!
View 1 Replies
View Related
Oct 3, 2007
It is possible to detect situation when two neigbour routers involved in EIGRP routing are configured by mistake with different AS number ?I tried this situation practically. Two routers are connected together via Serial link network. One router has AS 1, other AS 10. I try to detect AS mismatch. First I check what EIGRP packet are comming debug ip packet detail show source <my neighbour IP address> destination 224.0.0.10 Ip protocol type 88. These packets are EIGRP Hello packet.
I try to go more deeply into details.debug eigrp packetsI see only ongoing EIGRP Hello packets. But I don't see any incoming packet from my neighbour (which has different AS number). It seems, because of different AS number router silently drop eigrp packet.Other debug eigrp command also doesn't show any info about AS difference.
Cisco IOS 12.4 (16)
View 9 Replies
View Related
