Cisco VPN :: 5580 Vendor L2L VPN Access To Others
Jun 20, 2012
Our ASA is a 5580 version 8.1(2) and is the L2L VPN peer for a handful of remote offices including a L2L VPN with a vendor who will provide a service for these remote offices. I have two questions/issues:We will need to provide this vendor access to the remote office network(s) only on port 9100 (printing to specific printers at these offices). I know there is an issue with L2L VPNs ability to see each other but if there is a global command allowing all to see each other that would be bad as we have others and don’t want all to see each other.The remote offices are using CIDR 172.20.0.0/16 so each one is assigned for example 172.20.3 the next office is 172.20.4 and so on. For the crypto map access list for this vendor can we use 172.20.0.0/16 or do we need to specify each individual network?
View 3 Replies
ADVERTISEMENT
Dec 25, 2012
We have a L2L VPN with a vendor and our outbound traffic (our local network is 192.168.0.0) NATs over one of our public IP addresses x.x.x.164 to their public IP address 128.x.x.x. In the beginning all our traffic was outbound (port 23) to the vendor and now we need to allow inbound from the vendor to specific 192.168 addresses on our network using port 9100. I’m uncertain as to what I should do to allow their inbound traffic to these IP addresses since we are NATing our entire network over one IP address. Note, the .164 public IP is also used to NAT to other vendors we have L2L VPN with. The VPN terminates to our ASA 5580 version 8.2.
View 5 Replies
View Related
Apr 2, 2012
I am trying to give a vendor VPN access so that they can remotely monitor and diagnose their installed heating and cooling equipment. I dont know where to start and I apologize in advance for my ignorance. I am technically savvy but i have no Cisco knowledge base.
It is a PIX 506e firewall with PIX v6.3.
View 1 Replies
View Related
Sep 10, 2012
I have a 5505 between a vendor router & my company network, vendor is not able to access devices on internal network. I am also not able to access the firewall via asdm
View 10 Replies
View Related
Oct 26, 2011
I have cisco3750 (core), 3550,3548, 2960, HP Procurve 2510 series, Extreme e250 series swiches running in my network. Now all are running by default. How can I deploy rstp here? Or which is the best loopdetection protocol is best here ? I have aroung 40 vlans . (not looking for PVST )
View 9 Replies
View Related
Oct 4, 2011
Just finishing up a small install of a 5508 controller and WCS.Approx 30 AP's across 2 buildings.2 WLANS - 1 prod wpa2 and 1 guest which is completely open to internet only.Our security group is asking if there is a way to determine who is accessing the Prod WLAN. Currently it is setup to work with eap and the users AD account which is working well.I noticed under the client tab in WCS that there is a Vendor name and it shows me intel and even RIM when someone with their Blackberry is connected. BUT when we connect via an IPAD it show "unknown" as vendor name. Is there a way to get the IPAD to register under the vendor name ?
View 1 Replies
View Related
Dec 9, 2012
We are doing a study on our public WiFi to identfy client connections based on wireless Vendor. about 40-50% of the clients wireless Vendors are "unknown". Is there a way to update the list of Vendor mac-addresses in WCS?
View 5 Replies
View Related
Feb 3, 2013
We have a 7609 in production network and I am trying to find out the SFP vendor plugged in module WS-X6724-SFP."show inventory raw" gives me the SN but not the vendor name. "show hw-module subslot 1/1" shows The indicated slot/subslot number is empty. Any commands which can show the SFP vendor?
View 1 Replies
View Related
Feb 21, 2005
I'm using Cisco ACS 3.3 for RADIUS. How to do I make Vendor-Specific attribute available? (Attribute number 26, format: OctetString) The online help makes reference to it, but does not tell you how to make it available.
View 9 Replies
View Related
Nov 28, 2012
What is the difference between open protocols and vendor specific protocols?
View 1 Replies
View Related
Apr 3, 2013
I tried many different things to get the accurate answer for my issue. I wanted to know, will i face any connectivity or looping issue in the network if i connect Broacade SAN switch on a cisco 6500 switch.Also need to know to maintain a DATA DOMAIN which SAN switch is better? Cisco or other vendor.
View 2 Replies
View Related
May 20, 2013
I have arequirement where in I need to allow only specific vendor made desktops/laptops to be connected to the switch and block the rest. Say I want only the HP made Laptops to be connected on the Network. and block all other vendors. such as dell, ibm etc.
I am having Catalyst 4500 switches in My network. i tried using the mac access list using the permit and deny statement and then mapping the access list to the vlan access map and then filter using the vlan id. But this doesnt work on cat 4500....the same I tested for 2950 switch and it works perfectly. are there any restrictions on 4500 or any extra configuration has to be done.
View 2 Replies
View Related
Sep 26, 2011
I’m trying to configure EAP-Fast following the guide [URL].But when I try to download the certificate, I receive the follow message: “Error installing certificate.”At logs I see:
*TransferTask: Sep 27 14:00:09.479: %UPDATE-3-CERT_INST_FAIL: Failed to install Webauth certificate. rc = 1
*TransferTask: Sep 27 14:00:09.479: %SSHPM-3-KEYED_PEM_DECODE_FAILED: Cannot PEM decode private key
- Remembering I’m doing Device Certificate.
My environment is:
WLC 2106 Windows 2003 with AD and CA When I try to use line commands I can’t too.
View 2 Replies
View Related
Oct 15, 2011
accessing my cisco ASA, last night we were doing VA on our ASA, after that iam not able to access it through ssh nor telnet. its not giving me any error.. i tried from different system also. SSH & telnet allowed from inside to 0.0.0.0 i have re-generated rsa keys when it was working. ASA version is 8.2 now when i connect telent is giving me blank prompt. i can login using ASDM.
View 5 Replies
View Related
Mar 1, 2012
In the Firewall Dashboard of my ASA 5580, I get data on every pane, except for the Top 10 Sources and Top 10 Destinations. Why is that, and what do I need to do to get data there?
View 1 Replies
View Related
Sep 27, 2011
I got a problem with a cisco asa 5580 like two days ago and the device stop working (there was a mainteinance window and after that the device didn't work). Now we receive the RMA and we are trying to configure the failover so the new device get the configuration form the one that is working.
But this is the message that I gettin:
Failover message decryption failure. Please make sure both units have the same failover shared key and crypto license or system is not out of memory
We already changed the shared key and crypto license but the failover is still down, what are the features that the cisco need to activate to enable the failover?
View 5 Replies
View Related
Feb 11, 2012
I am receiving allot of Errors "%ASA-4-405001: received ARP collision from IP/MAC on interface dmz1 with existing ARP Entry IP/MAC
When i checked this MAC address in the same firewall it shows too many IP Addresses. What could be the reason ?
View 0 Replies
View Related
Jul 2, 2012
We have a corporate site with a Cisco ASA 5580 (8.1), a remote office with a Cisco ASA 5510 (8.2) with a L2L VPN to corporate. A vendor has a L2L VPN to the corporate ASA with access to the remote office across the VPNs (hairpinning). The corporate office accesses an application at the vendor on port 23. Everything is working with regards to the vendor accessing resources to the remote office and the corporate office accessing the application at the vendor. Our goal now is to restrict the vendor to port 23 from the corporate network and port 9100 to the remote office. On the corporate ASA I setup a VPN filter and applied to the vendor's L2L vpn but when I apply the filter (see below) all traffic stops to the vendor such as telnet.
View 6 Replies
View Related
Mar 26, 2013
I connected my intranet cable to coreswitch 4510 created one vlan 600,that vlan gateway is routable from asa5580.now my intranet people able to ping my vlan gateway but iam unable to ping their ip.i added static route on asa route inside 192.0.0.0 255.255.255.0 10.100.106.1 1 but iam unable to ping remote ip.
View 2 Replies
View Related
May 23, 2012
We are using Cisco ASA 5580 (8.2) firewall. When i try to ping from inside lan to firewall DMZ interface IP it is not pingable and but from inside users i am able to ping firewall inside interface IP address.
I think we can't ping to other interfaces of ASA by default. But can we allow the single IP address who can ping all the interfaces of firewall?
We are not doing any natting in firewall, for that we used the Load Balancer.
View 7 Replies
View Related
Mar 29, 2011
Our company has a handful of sites that use the EasyVPN technology.On my remote router (Cisco1841) - I add the crypto inside to the FA0/0 and the Loopback0 interface.On the other end my Cisco ASA 5580 - 8.41 code - I have RRI enabled and the tunnel comes up fine.However I only see the static route from the fa0/0 interface on the remote router. I can not figure why I can not see the Loopback0 address?Wondering if this is a limitation or feature not enabled.
I added multiple interfaces on the Cisco 1800 and can see the networks.I run "show crypto ipsec sa" on the Cisco ASA and see the spi encaps/decaps for the loopback, but the SH ROUTE does not show the static route being injected.
View 3 Replies
View Related
Apr 28, 2013
I have a strange issue with certificate based authentication anyconnect. We have an ASA with two internet links, both have a CA authenticated Cert for anyconnect VPN’s. We have an anyconnect client profile also, when we simulate a link failure on the ASA the anyconnect should automatically attempt a re-connect to the backup server list in its configuration (which is the other interface on the ASA 5580) which it does but we get a certificate trust error.
View 3 Replies
View Related
May 16, 2011
A customer's ASA is presenting the System LED flashing red.I have already analysed the show tech-support and show environment output: Found nothing, everythink seems OK.Cisco ASA 5580-20 - 8.2.1.Single appliance, no failover, multiple context and transparent mode.
View 5 Replies
View Related
Sep 22, 2012
I wanted to perform the customization of the SSL WebVPN page. But When I tried to create a new Customization object is is not happening as the DfltCustomization object is not available.We are having so many webvpn configuration and objects that i cant issue "revert webvpn all" command.Can I able to import the File from any location or the default customization object file so the I can export it into the ASA and create new custmixed object accordingly.Or what other steps I can take to have customization happening in my Cisco ASA 5580. 8.2 (5) and ASDM 6.4.
View 1 Replies
View Related
Aug 19, 2012
we are going to upgrade our 5580 ASA Cluster from 7.2 to 8.2 and want to do it like this way ( which worked for all 7.x upgrades ) :download asa8.2 Image to primary + secondary Firewallreboot primary ( message come up " mate version ...)reboot secondary.Does it works any experience? Does it work if both firewall can see each other during the boot process ?
Do I have to bring the secondary into the monitor mode so the fw is not visible for the primary ?
View 2 Replies
View Related
Mar 29, 2011
I want to ask that does ASA 5580 support the nat-pt for IPv6?
View 2 Replies
View Related
Mar 5, 2011
i'm new with the asa's...i'm familiar with the FWSM's on 6500's and pix..I'm running Version 8.3(2) and i wanted to setup nat-control and use of identify nats for advertising inside subnets to my outside networks.
the old command was static(inside,outside) 10.x.x.x 10.x.x.x netmask 255.255.255.x i'm having a little difficulty decyphering the pdf about the static nat...the command itself is no longer used, nat-control is no longer used, but i'm not quite sure what the equivalent nat command is that equates to the old static inside,outside command.
View 8 Replies
View Related
Apr 8, 2012
In my ASA 5580-20 system LED is flashing RED how can i trobleshoot this.
I checked rarepanel everything is ok also i saw environment also showing ok
View 1 Replies
View Related
Feb 19, 2012
I have encountered a problem in one of customer that the Active ASA 5580 is unable to sync with Standby Failover ASA. When Active is connected with FO and push the configs to it will not find the ethernet/Gig interfaces due to which the all the configuration were not applied and when the primary ASA the secondary is unable to respond.
When i attached console with the Standby ASA i have seen this error.
Number of interfaces on Active and Standby are not consistent.If the problem persists, you should disable and re-enable failover on the Standby.
For detail undestanding i am attaching the configs of primary and standby ASA. The KHI-DR-ASA-BB-01 is the standyby firewall.
View 2 Replies
View Related
Feb 16, 2013
We have inherited a 5508 controller running 7.0 code and WCS running 7.0 code. This site did not have a backup controller. So we have installed a wism as a backup controller. The problem is no one can seem to remember the pre shared keys for the wlans on the primary controller. Can I use WCS to duplicate the wlans to the secondary controller and have the psk copied?
View 3 Replies
View Related
Jul 11, 2012
If we switch from primary to secondary firewall the interfaces on the secondary go to state waitung than to failed. after awhile the secondary gives the control to the primary.
it seem that traffic passes the secondary firewall during this short failover time . we have several context created on the firewall, Switch Ports checked , cabeling check everythink checked
blackhole Interface inside (10.255.102.134): Normal (Waiting)
blackhole Interface shared (10.255.102.134): Normal (Waiting)
blackhole Interface inside (10.255.102.133): Failed (Waiting)
blackhole Interface shared (10.255.102.133): Normal
blackhole Interface inside (10.255.102.133): Normal (Waiting)
blackhole Interface shared (10.255.102.133): Normal
View 5 Replies
View Related
Nov 23, 2011
We got a replacement ASA 5580 from Cisco. We were not aware of PAK, Is there any other possible to generate Activation key? Can we generate PAK or Activation Key using SO (service order) number?
View 1 Replies
View Related
Dec 21, 2011
I have a problem with failover. On My site I have 2 Firewalls 5580. And I did this configuration on my firewall.interface GigabitEthernet3/0description LAN/STATE Failover Interfacespeed nonegotiate.
View 5 Replies
View Related
