I have a Cisco 5540 that terminates one end of a L2L tunnel, the remote end is a Sonicwall TZ100. The tunnel is in place to carry voice traffic and I have a need to decrypt the traffic that's been captured in .cap file using Wireshark 1.8.5. How to go about getting the session keys from either device?
View 3 RepliesWe have configured our ASA5540 in active-standby failover.We are observing that current active session count is twice of session count before configuring HA. Earlier average active session was 50000 and now after HA it is around 100000. Failover configuration of both firewall are as follows
failover
failover lan unit primary
failover lan interface FOLan GigabitEthernet1/0
failover polltime unit 15 holdtime 45
failover replication http
failover link StateLink GigabitEthernet1/1
failover interface ip FOLan 10.3.3.1 255.255.255.0 standby 10.3.3.2
[code]....
When ever I create a network object in ASDM 6.0(3) the UI also wants to send the command 'asdm location (network object IP address)' to the device.What is the purpose of 'asdm locaction ....'? Is it telling the ASA-5540 that the IP address is allowed to connect to the device using ASDM?If that is the case why does 'asdm location xxx.xxx.xxx.xxx'get denerated for every network object I create?
View 3 Replies View Relatedhow IPSEC VPN works but i hit a stumbling block understanding symmetric encryption keys.Here is my understanding about the process
1.Peers will negotiate plocies
2.Authenticate using pre-shared or certificates
3.Exchange DH Public Keys
4.Using Public keys encrypt symmetric key and exchange the same key which will be useful for communication
5.maintain sessions
But when we are configuring we will define encryption keys in isakmp phase and ipsec transform set ,i thought we will use the same encryption key for both management and data communication in fact i thought management phase is to give us a securely exchanged encryption key for the data tunnel.But we can use 2 different encryption keys in 2 phase i am bit confused.
I need retriving the wireless key from WC 2504. I have a lot of clients connected to the WLAN and need to add another one but my notes/files got deleted. Is there a way to see the keys on the controller?
View 0 Replies View RelatedASA5510, Can't generate RSA keys, so can't SSH. [code]
View 2 Replies View RelatedI have an old Pix(on ASA 8.0) having a lot VPNs with pre-share keys setup. And it has been too old to find out what those pre-share keys are on any documents. Now I need to replace this PIX with a new ASA. My question is how can I find out those pre-share keys, so I can setup same VPNs on the new firewall and make it plug-and-play. Any way I can export then import those VPN pre-share keys from the old PIX to the new ASA? Or export and import whole configuration, but hardware are different.
How can I setup same VPN pre-share keys as the that of the old Pix on the new ASA?
I can't access the internet. When searching I get message"turn on radio button".I have the Toshiba Satellite P775 and I use Win7 64bit. My router is doing fine, because I go online with my other laptop. Device Manager shows that everything is o.k. I have traced it down to the FN keys because they are not working. Therefore I can't press FN+F8 to turn on WiFi.There is no switch anywhere on this laptop. Have been working trying to resolve without success.How to enable (turn on) the FN Keys?
View 6 Replies View Relatedmy samsung laptop is not connectiong to the internet wireless network . my other dell computer is working but samsung laptop says there ius no wireless connectivity.
View 2 Replies View Relatedhow do you turn on wireless with the function keys
View 1 Replies View RelatedAny info about the SSL performance for 2kb keys on ACE4710? There is only SSL performance for 1024b keys on ACE4710 (7500 SSL TPS) in the data sheet.
View 5 Replies View RelatedWe just purchased a bunch of 3750s, and we need to do EIGRP stub routing and VRF routing
For the newer IOS versions (15+), will I need activation keys?
How can i connect to a wireless internet security keys
View 1 Replies View RelatedI cannot find my security key-network is xerbelec127tac- how I can find this?
View 3 Replies View Relatedi am trying to connect a new computer to my home wireless network. I can't remember the passcode I used to set it up originally. I can't find any answers on my own. I have tried all of the passcodes that I normally use and nothing works.
View 1 Replies View RelatedI'm just wondering, is it possible to find out or recover the passwords for users and pre-shared key for tunnel-group? The VPN connection was confiigured on ASA5505 before me, but no login details were left.
View 3 Replies View RelatedI am going to migrate an ASA5520 with another one having VPN configuration+certificates etc. I am a bit concern about the certificates. Shall I need a new certificate because of new IP addresses on the new ASA ? Should I configure the same IP in order to avoid this. There are many VPN clients with public keys that also need to change. Is there any way for minimal changes for migration ?
View 4 Replies View RelatedHow do I find the security key for admin-pc network, when i type the one i have it comes up as mismatched.
View 1 Replies View RelatedI have a Compaq presario CQ62 Laptop. The other day, my friend accidentally spilled water on my laptop keys. The computer works perfectly fine except for the keyboard. I tried replacing the keyboard but it did not work. Anyways, For some strange reason my wireless capability was turned off and now I have no way of turning it back on. I have searched many forums but have not found an answer.
Q: Is there any way to turn on the wireless capability i.e. using the function keys to turn on the wireless radio, WITHOUT actually using the function keys? i.e. using a command or something within the computer?
We are using LMS 3.2.1 with SP1 and Campus Manager 5.2.2.Server runs Windows 2003 R2.Everything runs fine except for User Tracking on two Catalyst 6500 switches running CatOS. These devices are discovered, reachable, SNMP works fine, neighbors seen. But when we try to launch acquisition, the UT utility complains with this error message:"Failed to start acquisition: Device unreachable. Please enter a valid device."When we wanted to add ports via Device Trap Configuration, LMS has fired a different error message: "There are no ports to configure for the selected device(s).Check whether you have selected any router(s)." I have checked the portsData.xml file, which doesn't have any ports included for the two devices: [code] We have tried to exclude / include the switches in the data collection, but that didn't work.
View 3 Replies View RelatedMy BEFSR81 is my primary router and has DHCP turned on. The router's DHCP range is set to accommodate 12 devices. I have three computers wired to it and their Host names (as specified in the set-up of each computer) show up in the router's DHCP device table. I also have two printers (one old Brother HL5250DN laser printer and one new HP Photosmart Premier C410a inkjet printer) connected and there are blanks where the Host name should go. I would like to be able to tell which printer is which when I am looking at the DHCP device table. How can I get a names associated with each printer's IP address in the router's DHCP device table? (The real problem is that the router seems to have both printers at the same IP address (192.168.1.100) and if I can get one of them to change I'd like to know which one it was!)
View 1 Replies View RelatedThe problem: I need to track a bus from city to city in real time.I'm thinking of a gps device without screen or apps, it only sends the current location to a server. Is this possible? What device can be useful?
View 1 Replies View Relatedhow to reset old TCP session on cisco ASA 5520?
View 2 Replies View RelatedIs it possible to log when a user connects/disconnects their VPN session? They are connecting to an asa 5510.
View 5 Replies View RelatedI have Any Connect (ver 3.1.01065) configured on Cisco router 891. VPN is working fine from the desktop, but I also need the ability to establish a VPN connection through a RDP connection (i.e. I'm using RDP to connect to a PC which has AnyConnect installed on, then trying to establish a VPN connection). OS Windows 7 SP1 x86.I've read about changing some settings in profile file (changed the <WindowsVPNEstablishment> option to "AllowRemoteUsers". Then applied the profile to the relevant Group Policy. Connected VPN from the PC (not through RDP), so that it downloads the new profile, and then disconnected again.): url...
But this make sense to the cisco asa... I have a cisco router on the ios 15.1. I've checked the XML file on the local PC to confirm the profile has been downloaded and is has, and I can't see the AllowRemoteUsers option.So I still can't start VPN through an RDP connection. (Error is "VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established".)This also happened with the previous version of AnyConnect (2.5.xxxx).The PC's local routing tables look fine, and I can't see any conflicts that would cause the RDP session to drop.In the main window of Cisco anyconnect secure mobility client Ive noticed label: Web Authentication required.
i have a question regarding the monitor session command. I have following interfaces on my router:i want to monitor the traffic from the source interface Gi0/2 to the destination interface fa1/3,monitor session 1 source interface gigabitEthernet 0/2 brings this error message % Incomplete command.,monitor session 1 source interface gigabitEthernet 0/2?/ : <0-2>,i don't have any ports on the Gigabit Interfaces. Any ideas how to monitor traffic?
View 1 Replies View RelatedI have configured my Cisco 881 and finally got past the "Cannot see my network" with IPSec VPN issue.I have a usecase where I need to access the gateway from the VPN Session.When I connect to the VPN using Cisco VPN Client 4.8x, I do not get back a Default Gateway on the VPN Adapter. When I try to ping my LAN Gateway IP (10.20.30.1) it does not respond and I cannot access it with any other tools.I am pretty sure this is a very ACL issue and it makes sense to hide the gateway by default but the big question is how do I configure my router to see the Gateway and be able to access it from the VPN session?
Network Info:Internet Gateway to ISP: 192.168.68.1DNS: 192.168.2.1WAN Address for Cisco 881: 192.168.68.222LAN Address on Cisco 881: 10.20.30.1DHCP for LAN on Cisco 881: 10.20.30.10 - 10.20.30.50DHCP for IPSec VPN: 10.20.40.10 - 10.20.40.50
Is it possible to know the VPN usage for a particular session using Cisco ASDM 6.4? Device type is ASA 5550. ASA version 8.4
View 4 Replies View RelatedI have installed the ACS 5.1 and linked to my WLC, and when I enter my Logeo I agree Signature: User and password whenever you want from different devices, I want to do is only allow a user to one session at a time.
View 7 Replies View RelatedIPSEC VPN users are using ACS for extended authentication, whenever authentication is made, entries are available on ACS, now i need the session duration info on ACS, that means total time during which the user was active should be available.
i have enabled accounting globally on the ASA firewall through aaa accounting enable console ACS and also enable accounting in the tunnel-group itself, to which the user is using.
on ACS 5.1 ,i could not find any option / TAB that can give some information on the session duration.
Can I bind SSL license key from 1 ASA to another , we recently got 5540 and i want to use my SSL 5510 license on the new firewall
View 1 Replies View RelatedI have a Cisco ASA 5540 running 8.2(5). When I dial a phone on the other of the the VPN the first time I get a blank after it rings(i.e when the voice mail get activated if someone picks the phone up), however works the second and consequent times i dial.
A little background. Two sites A and B connected via IPsec Tunnel. No problems in communication except for the VoIP issue. A Phone in on site A(172.17.168.x) and other on site B(192.168.103.x). Site A and Site B is connected via an IPsec tunnel on the Cisco ASA. First call fails. Second call works. Result of a packet trace is also the same. The UDP packet get drops when tried for the first time but subsequent ones pass.
First time
ASA5520# packet-tracer input inside udp 172.17.168.95 10000 192.168.3.103 10000
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
[code].......
I have a site to site vpn to set up between an asa 5540 and an 800 router
i only want the vpn to be initiated from the asa with the remote 800 listening for inbound connections
i know i can set the connection type on the asa as originate-only but i can find a command equivalent to answer-only for the remote 800
Is it sufficient to simply configure the asa as originate-only for this crypto map