Cisco VPN :: 5520 - Changed IP For ASA VPN Endpoint

Nov 2, 2012

In my organization we have 2 sites.  These 2 sites have ASA 5520s, and the l2l between each ASA.  The interface that is forming the VPN tunnel is on the ASA, NATed on the router.  These ASAs sit behind the router, which are then connected to the ISPs.  Recently, we had to change the ISP that we were creating the tunnel on, from Comcast to Sprint on our remote site.  I re NATed the interface, and the l2l tunnel came back up after editing the tunnel-group, crypto maps, and reapplying the crypto map to the interface.  However, our remote access VPN no longer works on the ASA that we changed the IP on. The other side was never changed, and still works fine.  When I tried using debug cry isa and debug cry ip sec on the firewall, nothing shows when we attempt to connect.  We are using IPsec over TCP.  On the ASDM log, it says: Deny TCP (no connection) from xx.xx.xx.xx/49907 to xx.xx.xx.xx/10000 flags RST  on interface WAN. 
The VPN worked fine before, could it be an ACL thing?  All we changed was the IP so that's what I'm inclined to believe, but on the router none of the interfaces have an ACL that's applied to them.  It can't be on the ASA, because I believe we have the option to ignore the ACL enabled, but I might be incorrect about this.  I'm new at ASA/VPNs in general. 
I would upload the configs, but is there a pertinent output that would work, or just a general sh run? 

View 3 Replies


Cisco VPN :: ASA 5520 - AnyConnect Check Endpoint Attributes Not Working

Mar 12, 2013

While user's connecting through AnyConnect, AnyConnect doesn`t check endpoint attributes. I've configured checking process  of "notepad.exe", but it doesn`t work. There is no checking process of  "notepad.exe" in output debug dab trace (see attach).

ASA 5520 ver 8.4(1)
AnyConnect 3.1.02040
HostScan     3.1.02043
CSD            3.6.6234

View 16 Replies View Related

Cisco Firewall :: On ASA 5520 Device Enable Password Is Not Getting Changed

May 23, 2011

I try to change password on the ASA 5520 device and its not getting changed.
FW(config)#  enable password cisco1234(config)# end
After that I  perform a write memory.
But somehow I relogin again the enable password  still remain as the old enable password
version : 7.2(5)2.

View 5 Replies View Related

Cisco VPN :: ASA5505 With Dhcp At Endpoint

Dec 26, 2011

I have a new customer that I installed an ASA 5505 to replace a Linksys VPN router.  They have a main office with a static IP address, 3 branch offices with static IP addresses and 2 branches that are doing DHCP from the ISP for their router address.  I have no problem getting the static VPNs up and running.  My problem is with the VPN connections that are doing DHCP.  I can go in and determine what IP they are currently using and setup a connection and it works fine.  The problem is of course when their IP address from the ISP changes, which seems to happen at least daily.  What is the proper way to setup a connection that is using DHCP?  Also, can you setup multiple connections this way?  Currently the 2 locations have different passwords setup in their routers.

View 1 Replies View Related

2960G - ID And Endpoint From Cisco Switch

Aug 13, 2012

We have a switch in our IT office, Cisco 2960G. It plugs into the wall and goes to the server room and connects somewhere. This weekend we redid almost the whole server room and now this switch can connect to the rest of the network. The uplink has a link light but can get anything.

I have rebooted the switch, used scanning on our other switches to try and find the MAC of the switch but for the life of me I cant see it. Is there a command I can run from the command line of the switch to see where its pointing?

View 11 Replies View Related

Cisco Security :: IOS VPN Endpoint Behind ASA 5510

Aug 2, 2011

trying to TS a VPN device that is behind an ASA basic set up is IOS VPN<firewall/nat<internet>ASA/nat>IOS VPN
I do not have a lot of insight into the other side of the connection, although the tech on the other side claims all is good. so to the point.
Is the asa capable of allowing this tunnel to work? The configs and debug follow. = my public ip = peer public ip
The asa -


View 2 Replies View Related

ASA NATing For An IPSEC Endpoint?

Mar 18, 2011

Our ISP gave us a /30 for our external connection (with one IP being their side, and the other our firewall's outside int) and they then route a /28 down to us to give us 14 public IP addresses. Usually we use static NATs to give internal servers a public IP, and it works fine.

However, now I need to setup another VPN device with a public IP from our /28 pool. How the heck do I nat that? Should I give it's external int a private IP, and then NAT it at the first firewall? The 2nd firewall will be a VPN end point, and I'm afraid the NAT will break that.

View 9 Replies View Related

Cisco :: Switch VPN Endpoint From Server To Firewall?

Apr 4, 2012

I'm pondering this new client's topology. He has: (internet) >> router >> switch >> Windows server with a VPN enabled.

Right now I access his network remotely by just RDP directly into the server with a public IP address.Now doesn't this mean that I'm already sailing through his router and switch? Doesn't that mean that all (broadcast, routing, etc) communication hitting this IP is sucking CPU cycles and bandwidth on his router, switch, and server? Wouldn't it be best if he had his VPN endpoint set on his gateway?

View 1 Replies View Related

Cisco VPN :: Can 2651XM Be Configured As PPTP VPN Endpoint?

Oct 31, 2011

Cisco 2651xm router
IOS: c2600-ipvoicek9-mz.124-15.T7.bin
Can a 2651XM router be configured as a PPTP VPN endpoint (client)? I ask because I want to connect this router to a professional vpn (privacy) service such as proxpn or mullvad or similar. If it can't, any vpn privacy services that cater for cisco-based vpn connection?

View 0 Replies View Related

Cisco VPN :: ASA5510 - AnyConnect With Websense Endpoint

Apr 16, 2013

We have about 160 users setup using the Anyconnect client connecting to a ASA 5510. We are using split tunneling and also using the Websense endpoint client. Every now and again after installing the endpoint client we are unable to connect the AnyConnect. It asks for credentials waits for a while and then fails with the error "AnyConnect was not able to establish a connection to the specified secure gateway.Please try again later."

If we uninstall the endpoint client it works again and normally after reinstall it fails again ( I know). Eventually it just works and then its fine.

We have logged a call with websense and sent packet traces of working and none working . Then only thing they came back with is if we filtered the non working trace with port 80 you could see a few RST,ACK coming from the ASA to the client so they blamed the Cisco components.

View 1 Replies View Related

Cisco VPN :: Where To Enter Endpoint Name In WRVS4400N For A Dynamic IP

Nov 16, 2011

I have a Snapgear 560U VPN Gateway at the main office with VPN connections to several branch offices also using Snapgear 560U. Those are no longer manufactured though, so I bought a Cisco WRVS4400N for our new office. The main office has a fixed IP but the branch office ha a dynamic one. On the Snapgear's it is very clear where I need to enter the Mandatory endpoint name on the dynamic side of the tunnel, but I can't find anything on this on the Cisco WRVS4400N. So where do I enter this information so that I can make a VPN connection between the Snapgear & Cisco boxes?

View 1 Replies View Related

Cisco Routers :: With Firmware - Can RV110W Be Used As VPN Endpoint

Apr 2, 2012

With firmware - can the RV110W be used as a VPN endpoint? The VPN capabilities have been expanded in this version - but from the docs this isn't quite clear to me.

View 3 Replies View Related

D-Link DIR-655 :: Turn NAT And Endpoint Filtering Off?

Feb 12, 2011

My network is set up in the following way..

DSL-320B | Linksys E3000 Subnet A Static Route | Wan Port DIR-655 | DIR-655 Subnet B

I am unable to browse by IP any machines on Subnet B from Subnet A and suspect this is due to the NAT and the Endpoint filtering within the DIR-655.

View 2 Replies View Related

Cisco Routers :: RV180 Multiple Tunnels To The Same Endpoint?

Nov 10, 2012

I purchased the RV180 to replace a dead Linksys BEFVP41 to connect a home office to HQ.  The Linksys was configured with three IPSEC tunnels to connect to three different subnets all through the main HQ gateway.  Note that each tunnel is independent with its own pre-shared key.  I can configure the same tunnels on the RV180, and each one works correctly, but I can only get one to run at a time.  I have to disable the other two.  Enabling a second tunnel results in the No phase2 handle found error.  I could not use the Basic VPN setup as it complains that the remote endpoint is already in use.  I had to use the Advanced VPN Setup to create the IKE and IPSEC policies.  In a different discussion [URL]

View 3 Replies View Related

Cisco VPN :: ASA 5510 OS 8.03 Change IPSec Tunnel IP Endpoint In CLI

Mar 29, 2012

I have an ipsec tunnel  IP is changing from mythical to  Is it possible to change the .182 ip in  below config via the CLI to .254 and have the site-to-site vpn continue to work? [code]

View 1 Replies View Related

Cisco Switching/Routing :: Connecting A Router 182 As An Endpoint

Apr 30, 2012

I try to connect a Router as an Endpoint (Because I just want to use a SERVICE from it).Well, the issue is this: I have a SW L3 that have too much VLANS, It is routing traffic and it provides internet connection. VLAN 182 has been created at this point and in this SW L3 has configured an interface vlan 182 with an IP
To this Switch L3 is connected another switch L2 with an interface vlan 182 with an IP Finally I have the last switch with the same features of configuration just that this has an IP In this last switch is connected the router in the Gi1/0/24 as Switch port access, this port belongs to VLAN 182. At the router, the port is gi0/0 and it has an IP and is UP.
The Switch where the router is connected is reachable from this router but not by the other switches. Router can reach all the network but not in the reverse way.Router has configured an ip default gateway

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Does Nac 4.7 Support Kaspersky Endpoint Security

May 17, 2012

we have installed nac for our customer and it works fine ,but the customer want the change the version of kaspersky antivirus from 6 to 8 end point security ,when we have try this the nac agent does not find the antivrus on the the workstation . i want to know if this version of kasoersky (end point security ) is supported by nac ,if no is ther a solution to make it works with the NAC .

View 3 Replies View Related

Cisco VPN :: ASA 5500 Disable Endpoint Assessment For WebVPN

Aug 30, 2011

I want to use the endpoint assessment / prelogin policies to apply only for anyconnect. Are there any ways to configure this?
I do not want the Secure Desktop to popup during webvpn.

View 0 Replies View Related

Cisco Firewall :: Samsung ML-2850 / Cannot Ping To Endpoint

Jul 23, 2012

I'm Connecting an endpoint to the switchport, the End client is a printer (Samsung ML-2850)Weird thing is after connect, the end point success got IP from DHCP server, but somehow cannot ping to it. For switching there's no concern, even I try with ohter PC connect to this switchport and it's PIGN'able. Only problem this printer cannot reach.
I able to see the MAC address entry of the printer at my ASA firewall, rule wise at this moment i just enable the rule as permit any any, no restriction at all.

View 1 Replies View Related

D-Link DIR-600 :: Configure Firewall UDP Endpoint Filtering?

Jul 10, 2011

 I would like to know how to configure my DIR-600s firewall UDP Endpoint Filtering. I ve read some guides and I ve got to configure this to Endpoint Independent in order to play League of Legends. The problem is that I can see the option Firewall & DMZ but then I don't see the UDP or TCP Endpoint Filtering options.

View 1 Replies View Related

Cisco Wireless :: WLC5508 How Does A Typical Client Endpoint Select 802.11n Over 802.11a

May 13, 2012

In an enviroment with WCS and a WLC5508 with 40 AP's (WAPs are either 1262's and 1252's), I have noticed that the bulk of users are infact operating on 802.11g although most operating notebooks are running 802.11n capable NICs (including my own laptops NIC - but yet when I connect I connect at 54Mbps.). Only a small portion of registered clients are using 802.11n. All my WAPs have both radios enabled?My question is how does a client notebook select a "prefered" band of 802.11n. I know in some cases the wireless NICs themselves have an option to select the "Prefered Band", but there are many notebooks out there that dont have this option. What would make a client connect at 802.11n over 802.11g? Who makes that call ?

View 4 Replies View Related

Cisco AAA/Identity/Nac :: AP 2602 / WLC 5508 ISE 1.1.2 - Missing Field To Name Endpoint

Apr 4, 2013

Environment :AP 2602, WLC 5508 V7.4, ISE 1.1.2, Prime Infras 1.2
For a specific SSID, we use MAC address as 1 of the conditions to authorize access only for the company-owned mobiles (smartphones and tablets), the other condition being, for the mobile, to present a valid AD user/password;this way, the so-called BYODs are rejected since this is the rule within this company ;The difficulty with this approach is the fact that there is no way in ISE Identities Endpoints nor Groups to associate a user-friendly name to the MAC address of the mobiles, which makes very tedious some actions such as a search in the ISE authentication Log based on the MAC address value itself;the question is just to know if it is planned to add a new field  in Identities Endpoints definition that would allow to associate a user-friendly name to a MAC address, for future ISE versions,

View 1 Replies View Related

Cisco Routers :: RV110W IPSec - Unable To Set Local Endpoint To FQDN

Jan 5, 2013

I am trying to connect my RV110W from my home office to our office IPSec router.  I have a dynamic IP address and am using DDNS, therefore the RV110W local endpoint needs to be configured with my FQDN, not the IP address as this will change.
On page 100 the manual states
Step 4 -
• Local WAN (Internet) IP Address—Enter the public IP address or domain name of the local endpoint (Cisco RV110W).
This option is not available in my router - I am running firmware

View 10 Replies View Related

Cisco AAA/Identity/Nac :: ISE V1.1 ISE Authorization Rules Do Not Use Endpoint Identity Group

Dec 5, 2011

I'm looking for Cisco ISE v1.1 to use the following licensing feature. url...Endpoint is dynamically profiled by Cisco ISE and assigned  dynamically or statically to an endpoint identity group. Cisco ISE authorization  rules do not use this endpoint identity group.

View 2 Replies View Related

DNS Changed By Itself?

Oct 27, 2012

Tonight I went to lay down in bed and decided to start up the Wii for some Netflix. About 30 minutes into watching my program, my connection suddenly cut out. I got up and checked my modem, and sure enough the "online" light was blinking.

I did the usual power cycle thing with no luck. The whole time I am thinking to myself "I swear I just paid that thing a week ago!". After power cycling 3 times, I decided to check the router settings by going to my router manager page (

I look through my basic settings when I noticed my DNS address was no longer set to "Get automatically for ISP". Well, that's not right. It now had a new primary and secondary DNS listed. I couldn't remember if either of those addresses were always there. I switched it back and like magic my modem connected again.

Should I be concerned by this? I remembered the big "DNSChanger" thing going around a while ago, so I checked the two numbers against the FBI database and both numbers came up clean.

View 4 Replies View Related

Cisco VPN :: 800 / Site-to-Site VPN With One DHCP Endpoint?

May 15, 2013

I have two 800 series routers that I would like to create a IPsec VPN between but one site is using DHCP and I don't think a static IP address is going to be a possibility. Any good documentation?  Everything that I've found online with this situation mostly addresses a Cisco at one end and another vendor at the other...

View 4 Replies View Related

VM Connected To VPN Changed IP And Now RDC Isn't Possible

Feb 11, 2013

I ran into a bit of an issue today while testing a vpn software on a virtual machine(win7); I successfully connected to vpn, then the connection dropped and since with the vpn connection another ip address was assigned, now I'm unable to communicate with that VM.
I am able to find it in SCCM via hostname, but can't reboot it or start anything on it.

View 1 Replies View Related

Ip Address Changed From

May 3, 2011

when I did ipconfig it gave me What to do

View 3 Replies View Related

Router Being Changed By ISP?

Jan 18, 2013

ISP is Virgin media with whom I have been with for a number of years.Recently discovered that the package I have which is only broadband ,speed at approx 10mb at a cost of £22.50 has been overtaken by new package of a wireless/ethernet hub, which replaces my old tin box router, with a min speed of 30mb for the same price!As soon as I raised the obvious query with Virgin the router was placed in the post to reach me by next Tuesday.

View 3 Replies View Related

Changed From WPA To WEP Now Won't Connect

May 1, 2011

All theres a problem with my internet connection because recently i saw that my Nintendo ds couldent connect to my WPA connection so i logged into my router and done the idiotic thing of changing my connection from WPA to WEP and now i cant connect to the internet so when i try to connect it just says aquiring network address then stops eventully saying limited or no connectivity. I tried logging into my router again but apparently i need an internet connection

View 4 Replies View Related

Cisco WAN :: 3745 IOS 15.2 Changed Commands

Jan 22, 2012

we've got a pair of old 3745's that are getting upgraded to new  2911's, and I'm trying to run IOS 15.2 on the new routers to get them most current before going into test and production use.The routers are doing BGP, IPv4, and HSRP, and I'm trying to put one in  at a time as to not have to big bang everything at once.  I'm putting  the one that matters least in first, and basically using the same config  as the old one, which was running IOS 11.
I was using "no ip mroute-cache" on ethernet interfaces, and it says  that command is deprecated and I should use the MFIB commands instead.  Darn if I know what that means, I believe it was set up so the ethernet  interfaces had IP multicast fast switching disabled, which was set up by  our vendor 10 years ago so I'm not sure if it matters. It would seem  logical to me this would have an impact on HSRP and speed of failover.   Does this matter, and if so how in the world do I do this with IOS 15.2?The second one is the use of "no fair-queue" on our serial connection  for a T1.  This command isn't there either, and I'm not sure if I even  need to bother on this. It was set up on the old router on a T1 Frame  Relay circuit.

View 2 Replies View Related

Access A Ip-changed Computer?

Feb 25, 2013

One of my domain pc has ipv4 selected as to obtain automatically.How can I configure my DC to ping or access that computer?

View 1 Replies View Related

TP-Link Ssid Being Changed

Apr 11, 2013

i have 7 AP's in a school...i have numbered them 1 to 7 and have a strong password on im being called out every few months to reset the AP as its not working when i get there i see the ssid has changed to hp-josh1a seems like a computer name (its different most times) how are they changing the ssid of the tp link?

View 14 Replies View Related

Copyrights 2005-15, All rights reserved