I have 2 sites connected with ASA 5520 Site-to-Site vpn. now I'm adding a 3rd location that will connect both original sites the config should be the easy part (I assume it is the same concept going to each of them) the question is more of a designconcept one: what are the hidden failure points, things i didn't think of etc - I must ensure this triangle function and avoid loops and other problems
View 2 RepliesIve got a virtualised firewall running 3 security contexts in routed mode. What am experiencing is that i cannot connect to an OUTSIDE host through the security contexts. From the firewall itself i cannot ping the directly attached host on the OUTSIDE interface but i can ping the directly attached host on the INSIDE interface. When i reload the firewall box, the first ping to the OUTSIDE host would be successful but subsequent pings fail and thus total connectivity is lost.
I even tried upgrading to ASA version 8.4(1) but still the same.
After upgrading an ASA5520 from 8.4(1) to 8.4(4.1) I ran into the following trouble:
Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src outside:192.168.149.21/53 dst inside:192.168.37.123/53 [code].....
All the subnets mentioned above are connected via VPN.
I am trying to lock down the VPN access on my Cisco 5520 ASA's whereby I wish not to allow users to SSH access etc on servers running on the same interface that they are VPNing into.
I did not originally configure the ASA and so I am slightly confused by some config on it. Currently when I attempt to PING a server within the same interface as the VPN network I get the following error in the logs below.
5 Jul 05 2012 09:45:15 305013 monitoringsystem Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src dmzAHdata:VPN IP dst AHdata:monitoringsystem (type 8, code 0) denied due to NAT reverse path failure
As a workaround I created a NAT exempt rule which then allowed traffic to the server in question however I wish to limit the traffic to only ICMP and when I do this in the firewall it does not take affect. Is this because of the NAT exempt rule?
I have 2 asa 5520 firewalls including and 1 AIP-SSM-10 module in each of them. the configuration is set using active/active failover and context mode.
Both of them run individualy the IPS module. The IPS is configured using inline mode and fail-open option. However when one of the module fails and the state is changing from up to init or anything else making the IPS to fail then failover is detected and ASA consider it as failover and bounce context to the other unit.
IPS soft is 6.0(4) and ASA soft is 8.0(3)
I have checked cisco doc and it is confusing to me. it says: "The AIP-SSM does not participate in stateful failover if stateful failover is configured on the ASA failover pair." but it really does participate. Running is not really an option because of production network impact matter..
I'm looking for a way to connect to my neighbors wireless connection... I have been using it for a while and then he hid his SSID and now, his connection is listed as an Other Network.I found out his MAC address, but I'm wandering is there a way to connect to the wireless network or just to find out that hidden SSID?
View 1 Replies View RelatedI want to search hidden ssid names means non broadcast ssid.
View 2 Replies View RelatedI need to find my bluetooth on my laptop cos its hidden. Dell Studio
View 1 Replies View RelatedI had cell phone which is not working but i want to use those camera as a hidden cameras can u show me the connection how to connect those cameras.
View 1 Replies View RelatedWe have three Access Points, two Cisco Aironet 1260 and one 1240AG. Originally, the SSID was hidden on all three AP's and users had to go to Other Networks and type in the SSID and password to access the WAN. About a few months ago, the network started broadcasting to the public. I am trying to make the SSID hidden again. I have tried going to the Security tab, choosing the SSID Manager and setting single guest mode to none but it has not worked.
View 4 Replies View Relatedi than when installed WMware Workstation my LAN connection have been hidden,when plug into cable TP CAT5 to Connector does not show in Network And Sharing center in Windows 7?
View 3 Replies View RelatedAfter a firmware update the DAP-1522 HWversion A will not connect to a Hide SSID.
I am Using the DAP-1522 as a Bridge in 5Gz.
I recently changed my ssid name from the default "dlink" to a more unique one. The problem is that the router is still broadcasting the default ssid along with the new one. Guest zone is disabled and the new ssid is hidden. But the default ssid is not hidded. Using wpa2 with aes, hardware ver. A1/A2 Firmware ver 1.21. How to remove the "dlink" ssid?
View 4 Replies View RelatedIs it possible to connect the dap-1622 to a hidden network using WPA Radius? I've tried, but didn't succeed. I'm running FW version 1.41. I've tried with older FW versions, and none of them seems to work.
View 1 Replies View RelatedAs seen from the pic below, I have DIR-655 with hardware revision B1 and firmware version 2.0. The printed, online, and in router manual says that there should be ALG section at the bottom, but as you can see there is nothing there. Is there any setting that makes the ALG section hidden?
View 4 Replies View RelatedI have found that if I do not enable the broadcast SSID option on my 5GHz N network that my devices will forget the network and not reconnect on their own. Yet, I have the 2.4GHz G/N network set up to not broadcast my SSID and I have no problems. Why can't I disable my SSID broadcast on the 5GHz N network without these problems?
View 9 Replies View RelatedI'm wondering if there are other hidden E4200V2 menus.
I didn't think the advanced wireless settings were there on this router, but they are and are accessible by an URL: [URL]
I'm wondering what else is actually in there and not on the web GUI?
Has anyone discovered any other portions of the firmware that are hidden and accessible via an URL entry?
Is there any way to make networks hidden through the WiFi Smart software? I have a Cisco Linksys E4200V2. I have gone through everything to try figure out how to make my S.S.I.D. to not be broadcasted, but seems like the only way to make it hidden is to use the Origonal Firmware make it as hidden, then install the New Firmware and software. Seems like Cisco may have missed this option. I do know a lot of people would prefer their Networks hidden for a little security. I know it isn't much, cause if someone wants to get that info it's not hard to get it. But for people who don't know or don't want to waste all the time to find the Hidden Network name can be turned away, for going through that extra step.
View 6 Replies View RelatedI am looking being able to control one computer at 6 stations. Each station will contain a keyboard, monitor, and mouse.They do not all need to be able to control or access the computer all at once. I would use a reverse kvm switch but I am looking at distances of 200-500ft between the stations/cpu.My last resort was to buy some cheap dells or build some low end computers and set up remote desktop but we would really like just having the keyboard, mouse and monitor.
View 10 Replies View RelatedIf laptop/desktop goes on sleep mode or keep connected with interface configured for 802.1X for more than 12 hours it does not work or not connect to Exchange server, Cisco ISE console, office communicator..for re authentication i need to restart PC/ Laptop or unplug and replug lan cable from it!but before restarting i am able to ping all DNS, DHCP, OCS, everything..[code]
View 6 Replies View RelatedI have some network devices that are connected to a 110v power source that goes through a 110v/5v power converter.The Access points keep going back to factory default settings and losing their configuration. I have the same access points installed in the same situation but on a different site that work fine.have changed both the configuration and firmware to be be identical to the working Access Points and still the others default.They do not do this at a specific time of day and out of the 6, they do this at random and not at the same time. Sometimes they will go 24 hours + without defaulting, sometimes they'll go just 4 hours.
View 2 Replies View RelatedI would like to know how to delete a connection from my network. When I connect to the Wii it automatically chooses the right connection. What I have noticed though is that there is a third connection for a printer that is not secured and I have no idea why it is there or has an option to connect to the internet.
View 4 Replies View RelatedWe have a Cisco ASA5505 here that provides DHCP and routing to all our devices in our network. We also have a few other switches and wireless access points connected directly to the back of the ASA5505.For the past year all the wireless network signals has been working fine however starting last month, none of the wireless access points (we have three WRT54G) would allow proper connection (dropping connection, slow internet).I thought this maybe all THREE wireless access points are toast/bricked. So i went out and bought brand new Netgear WN604 and even with the new WAP i'm having same connectivity issues (really slow internet).When hardwired directly to the switches we get BLAZING fast internet & connectivity, no issues.
I called CISCO TAC and they automatically said "our ASA5505 is fine, it has to be your wireless access points" not working properly. I explained to them that i also purchased two brand new access points and they are doing the samething now, how can that be?
We have two Cisco Wireless Controller 4404 with the IOS Version 7.0.220.0 and a lot of access points (ca. 170). Now i wan't to reboot a group of Access points where i found over a filter..Or how can i reboot all the Access Points at the same time over the Controller Interface? Is it possible? I only found the option in the WebGui where i can reboot 1 Access Point at the same time with "hardware reset".
View 5 Replies View RelatedI've had some long standing issues that I've tried various things to fix. I have two WAP4410N access points set up at a smaller sister company. Wireless clients (laptops) are not receiving DHCP assigned IP addresses. If I type in an IP manually, it works fine.The sister company has a point to point T-1 connection to our main building. Our main building has the DHCP server. The router on the sister company end is configured as the DHCP relay.
I've upgraded the firmware three different times in the past to hopefully resolve the issue, but no luck. Just today, on one of the WAP4410N's, I upgraded to the 2.0.6.1 firmware (backing up config, reset to factory default, upgraded firmware, reset factory default again, restored config). After the first reset to factory defaults, the Access Point itself picked up a DHCP address from the server, and I verified this in the DHCP console on the server, so I know that the DHCP relay is working. However, my laptop would not get a DHCP address when connecting wirelessly through that access point. It is a Windows 7 Enterprise laptop. I also could not get a DHCP IP with my iPhone connecting to wireless, to rule out specific issues with just a laptop.I have the DHCP lease times for the subnet that these WAP4410Ns are on set to 2 hours.
To put a cherry on top, there is one laptop that stays in a lab area at all times, connecting wirelessly, and it DOES get a DHCP IP address (I can see in the DHCP console that the lease for this laptop continually renews as needed). I do remember on initial config when I couldn't get it to work, that I did a manual set up, gained connection, then switched it to DHCP...but that doesn't work for any other laptop.Why would the access points get DHCP address, but not anything connecting to the Access Points?
I have NCS 1.1 appliance and added a 5508 WLC running 6.0.199.4 code using snmpv3. Controller is added to NCS, but it doesnt show any AP's which are there on the controller. AP count is zero. I have another controller with code 7.0.230 added and showing AP's though. AP model is 1252.
View 5 Replies View RelatedWe have the following connection based in the services provided by our local telephone company, the connection arrives to a router Cisco 800 series. From the router, i send it connection to a switch SRW2024 v1.2 (Business series) 24-Port 10/100/1000 Gigabit Switch with webview. That switch is useful to send connection via RJ45 for a few of PCs. Then, I send connection to a switch SRW2008P (Business series) 8-port 10/100/1000 Gigabits with vieweb and power over ethernet. The last switch, send the signal via RJ45 to seven WAP2000 (business series) Wireless-G AP with PoE.
That network is running fine, but I've some problems to cover some areas within the building and sometimes the signal is really poor. The cable RJ45 between the PoE switch and each AP is no longer than 50 meters and each one with antennes about 8 or 9 Db.
So, now I've the possibility to change the access point for a power devices.
Using WISM with 7.0.220 and 1240 and 3502 APs. Just found that some of our 3502 AP didn't enbale their clean air and CDP when installed. This only happened on a few new APs. But the area these APs where we seem to have had a few problems with PCs. The only PCs effected where Computer On Wheels (COWs), Dell 780 Desktop with a Cisco Wireless Card.
Using an interl wireless card and others in thes areas worked.Once I enabled the CDP and Clean Air, the COWs worked.My question is with the APs not having CDP enabled, could this affect the cisco wirelss card in the COWs?
At my school we have a lot of access points, but sometimes the computer use the wrong access point. How can I solve that? Is there a program for switching access point?
View 8 Replies View RelatedIm having problems with some toshiba laptops that arnt showing the SSID for some wireless points in the school. We have had the waps set up with the same ssid so we can walk around and the laptops will connect from one to the other. Its been like this for sometime however some new laptops we have got running windows 7 pro show some of the waps up as "other network" - File attached. The actual SSID on ALL waps is Peel Park WiFi Therefore it keeps losing connection to the wireless points and wont connect to some.
View 5 Replies View RelatedBTW the halls are next to each other.The house and the 3 halls are in the vicinity however not attached together(i.e. wall to wall). The distance between the house and the first hall is approx 1 road width distance.ISP is Virgin and the internet was installed this year hence has the latest Virgin Home Hub.I am aware that i probably require 3 wireless access points (1 for each hall).The first wireless access point will need to be connected with a RJ-45 cable running from Home Hub. Can i connect the Wireless access points up together or do they all need to come from the ADSL hub?I am not sure what Wireless access points would be best and how to go about connecting this all up
View 2 Replies View RelatedI have New Pace 4111n Wireless Router that I got from AT&T and is setup on 1st floor, but its wireless range does not get me to 2nd floor. I also have the 2Wire wireless router from AT&T. In Addition, I have ethernet connection from level 1 to level 2 as well.
I was wondering if it is possible to have the Pace Wireless N router to work as modem and wireless access point, at the time use the 2Wire router to broadcast wireless and act as access point for 2nd floor.
IF its doable, how should the two be configured and connected.
I've recently bought another PC, but set it up in a different area than my existing computers. It's down in my basement, along with my PS3, Xbox 360, and Wii. Now the problem is connecting all of these "toys" to the internet. I only have one in-wall ethernet port, which my PC is currently plugged into. Leaving my PS3, Xbox, and Wii, only with an extremely weak wireless connection. Now, my original thought was just to buy a network "switch," BUT then I remembered I have an old D-Link router. So, logically I should be able to plug an ethernet into the wall, then into the WAD port on my router, then plug my Xbox, PS3, Wii, and PC into the 4 remaining LAN ports on my router. I want another WiFi access point using the same network, and a wired connection for all of my gadgets.
View 1 Replies View Related