I am able to access the servers in the network when i am on the LAN . The problem is while we are connected to the VPN, I am unable to https to the servers. While on the VPN, I can ping and traceroute to the servers but I cannot HTTPS.We are using the 3000 series concentrators and also ASA's.This thing was working fine until recently we did a network migration from 6500's to Nexus.
View 1 RepliesSo, i have set up a working Anyconnect solution, (see attached picture)
Firewall is a 5585-x ssp20 running 8.4.3
Core is cat 6500
Anyconnect client version: 3.1.00495
Configured vpn with a tunneled default route to 172.19.16.1 (Core - cat6500) No split tunnel is configured, everything has to be tunneled and monitored by WCCP in Firewall. Authorization is by Certificate Only.
I can reach inside servers (for example 172.18.254.37) i can reach DMZ server (for example 192.168.138.36) i can surf the internet on regular HTTP (port 80)
but, i cannot surf the internet or DMZ servers using HTTPS (port 443) also, ftp does not work. i have tried to reach external ftp servers who are open to all.
both https and ftp works from the INSIDE network.
I have tried to change the port for Anyconnect, to 444 (for dtls as well) and i can see that all the vpn traffic is going over 444, so 443 should be undisturbed.
but this is not working.. could it be a certificate problem, or am i missing something? NAT/PAT?
This is my NAT configuration:
nat (DMZ,INSIDE) source dynamic NET-VPN-DMZ-PORTWISE-NATED-BOTK HOST-172.18.254.69 destination static NET-VPN-REMOTE NET-VPN-REMOTE
nat (DMZ,INSIDE) source static NET-DMZ NET-DMZ destination static NET-ALL-INSIDE
[Code].....
When i access a url with http, it works fine. But with https it dosen't work, and get the message on the firefox as "The proxy server is refusing connections Firefox is configured to use a proxy server that is refusing connections. Check the proxy settings to make sure that they are correct. Contact your network administrator to make sure the proxy server is working.
View 1 Replies View RelatedWe have two SSID's Guest and Corp. We are using 5508 controllers.
The problem is that if an iPad user is connected to Guest SSID and then try to connect to Corp then it fails saying "Unable to connect to Corp". After 10-15 retires the same iPad connects successfully. The problem doesn't happen on windows PC. I have attached debug for one of the clients.
we have tried to use the Cisco Hierarchical model as close as possible. we now have the need for 10 gig servers. we have a 7k, 5k, 6500, and 2960's in our network. we have some open 10 gig ports on our 5k. where is the best place to connect the 10gig servers. or is there a more preferred way to connect these new servers?a 10 gig blade for the 6500, the new 6001 switch?
View 1 Replies View RelatedWe are using CISCO Catalyst 6500 switches as collapsed core/distribution switches (2 layer architecture). I want to connect approximatly 10 application servers to the network. Can I connect the servers directly to the catalyst 6500 switches using WS-X6148E-GE-TX line cards? The other option is to use access switchs and then connect the servers to the catalyst 6500 through access switch(Catalyst 3750).
View 6 Replies View Relatedi'm trying to connect 5 servers together to create a private network.Each server has a network of it's own and i'm trying to make all 5 servers communicate with each other to share and search data simultaneously..
View 16 Replies View RelatedI have 2 modules of FWSM in 6500 switch (failover).I need 5 context.When I use in routed mode (like in the picture) , I cannot ping the servers behind the firewall. (I have ping to FW context),In transparent mode, it is not happening.what is the problem with routed mode?
View 1 Replies View RelatedWe are planning to split the Private servers from the DMZ Servers and configure an additional Interface and segment for this purpose.
Private Servers Segment: 192.168.4.0/24 (there is no DHCP all servers' IPs are statically configured)
DMZ Segment: 192.168.3.0/24 (This is a future deployment)
LAN Segment: 172.17.0.0/16
Both, Private Servers and DMZ Servers are in a collocation as well as the ASA5520. There are multiple Branch offices that uses subnets within the 172.17.0.0/16 Network and they are connected to the ASA5520 via Metro-E.
I do not know if this is possible but what I want to do is this:
In order to avoid the change of internal DNS records I want to mask the DMZ servers with a Private Server IP when a Private server or LAN host wants to access it like this:
The FTP server in the DMZ has the IP address: 192.168.3.100. But when a PC from the LAN wants to reach the FTP server it should points to its old IP: 192.168.4.100. This way the PC sends a packet to the ftp.corporate.net (192.168.4.100) the ASA recieves the packet and translate it to the (192.168.3.100) and send it out through the DMZ Interface.
Also if the Private Servers wants to reach the same FTP the ASA will act like a proxy-ARP and send the paquet to the DMZ by means of the translation of the IP.
how can we upgrade 6500 non modular ios to normal 6500 ios?
View 5 Replies View RelatedI Have exented vlan 120,121 from DC-1 to DC-2,the DC-1 and DC-2 are connected using L2 Trunk over fiber terminated on Cisco 6513 on both site ,the distance around 40 Km ,on the DC-2 i just assigned server-1 TO VLAN 120 while server-2 in vlan 121 ,but these servers unable to communicate neither with DC-1 Servers or betwen them locally on DC-2 ,pls note that the servers at dc-2 rely on DC-1 for routing.
View 7 Replies View RelatedI'm having a problem connecting to multiple servers. I do know that I have stopped the windows firewall and taken out Norton and avg, yet I still can't connect to any servers. I've even tried on other networks! I can download torrents and surf the internet just fine though. I can't connect to an online class server to do my homework, and I've also tried to start playing WOW but neither will connect. I also don't see peer guardian 2 in *services*
View 7 Replies View Relatedhow to connect another computer to network
View 1 Replies View Relatedhow to change the network
View 1 Replies View Relatedam following directions but cannot find a network?
View 1 Replies View RelatedI have a 2008 domain with win7 computers and winxp clients, i am able to see the win7 clients but not the winxp nor the servers in the network neighbourhood, ping works fineI can browse through a system on the network, but unable to have a broad view of the computers
View 1 Replies View RelatedWe've got an application that is running on our LAN that is using IP addressing to connect to the server (they refused to use DNS).The server is now being moved to a VM which will be on a different subnet. The supplier is now concerned that there will be a big down time due to him having to reconfigure each device (about 100) with the new server IP. If the server was external I know I'd be able to do NAT on the FW to make this work but can it be done internally on my 6500s? I want to have the devices pointing at their hardcoded IP address off 1.1.1.10 and NAT the destination to the VMware servers IP 2.2.2.10? Is this possible using cisco NAT?
View 13 Replies View Relatedit shows that it is connected but i can not see other computers in my network places. i have a network server and is running server 2003
View 2 Replies View RelatedI am looking into setting up a home network for file sharing and backups. something I was wondering is can I install an operating system on the server computer and boot from it on multiple computers on my network? there are 2 unidentical desktop PC's and 2 laptops in my house I know alot about computer hardware and i am confident with individual computers but i have never used a home network before. in my bios there is a boot from network option. if i could i would use windows 7 professional as i am very familiar with it.
View 3 Replies View RelatedWe have purchased a new PC(OS, Windows XP2002, SP2). Now i want to add it with existing Local Area Network which is domain networking. Now how can i add the computer in that network? we use Oracle data base on it. i want to know that how this will work just like other clients on network. i know the LAN without domain network. i add it with network. it is now appear the workgroup. but when i access any client on network, then it cann't do any action, and replies access denied and not access any client c$ drive.
View 2 Replies View Relatedhow can i see unauthorized dhcp servers in my network
View 1 Replies View RelatedHow do i setup a network printer on server 2003 .
View 1 Replies View RelatedGot a problem accessing our webservers on the inside interface from other clients on the inside interface on our ASA 5505.As in, they type in url... in their browser, and it wont work.
However, if we use a PC on another outside network, it works just fine! [code]
At the company I work for, there are a few "network drives" to which employees are given access so that any mutual file stored thereon may be shared between and edited on demand. Not the best model, I know.Went to the server room a few minutes ago and found that "network drives," (P:), (L:) and (M:) seem to be invisible. Back at my workstation, I opened My Computer and saw all three on my screen.
View 3 Replies View RelatedI have a VPN with a number of servers where we are doing some software development. We have a TFS, Web, App and SQL Server etc.. inside a private LAN which is accessible via VPN. Nothing inside the private network can access outbound. However, I would like to open the Web Server on the private LAN to be able to be accessed via http(s).As we develop the software I want to access the site from the internet.It's a fairly simple setup.DSL > Modem > Home Lan. On the Home Lan I have a Server (2 ethernets) connected to the modem router and the other card to a hub. This server acts as the VPN server, DHCP etc.. for the Private LAN.The web server I want to be able to access from outside is the one inside the private network. Any recommendations?fyi, I'm not a networking guy, I hacked my way through setting up the private network through a number of great YouTube videos, that saved me a lot of time.
View 2 Replies View Relatedwhen i am using win server2003 the file sharing is disconnected automatically.
View 2 Replies View RelatedHP computer, was working last friday and today it isnt. Can not connect to the internet or outlook etc. Looked in BIOS says it is conected to LAN - tried enabling and disabling it and re-booting it. Still nothing. Had a tech guy that said to look in device manager, but network adapter was no where to be seen. What shall i try next to resolve this problem?
View 1 Replies View RelatedI have one dedicated IP issued to my home, along with another dynamic one if I need it(but I don't use it). I have a webserver, mail server, and name server up and running on a single machine exposed to the internet with my static IP. I have a domain name registered to my IP address. My webserver and name server work great, but I am having difficulty with the mail server. In order to have mail work correctly, I have been told that I need to get reverse DNS setup for my domain (something I had neglected to do). My nameserver responds to reverse lookups correctly when issued locally, but it looks like queries from the internet never reach it (I think my ISP catches requests upstream). I contacted them and they put a PTR record in for my IP pointing to ns1.mydomain.com. This all works fine, but the thought occurred to me that if in my hosts file I put my MX record in as mail.mydomain.com., any mail clients that do a reverse lookup of my IP won't get mail.
View 6 Replies View RelatedI've done a very crude drawing of the network setup I'm working on. I just need to run an idea past some network guru's to see if I'm right about my idea.
The existing network consists of
Internet
Proxy Server
Several switches scattered around school
PC's
What the school wants to do is setup a side-along wireless network that uses the same physical switches but on a different subnet. The current subnet is 10.172.1.x .
To facilitate this I'm running a 2008r2 running RIP V2 to route internet traffic to 192.168.1.x subnet. I've had the wireless units use a static address and their own dhcp servers on the 192.168.1.x subnet. Wireless devices found their way to the internet fine. But I'd like to control the addresses from a single point of contact, hence the 2nd domain server running 2008r2. There are reasons for using a 2nd server, I've covered this in previous topics. If it's important, lets call it an intellectual exercise and leave it at that.
The question(s) : If I run a DHCP server on the 2nd server serving 192.168.1.x addresses, then any device on the physical network will obtain either an 192. or a 10. address correct ? The wireless devices will only take a 192. address because the wan address is statically assigned to a 192. address ?
The 2nd question : By setting a static routes out of the 2nd nic on the 2nd server, I can control the dhcp server so it will ONLY route dhcp requests to the statically assigned wireless devices ?
how do I set up a test domain? I'm running Server 2008 std and have not gotten the DNS server configured right. I'm looking for a guide to take me through the process so I can experience success and get the feel of a working LAN.
View 2 Replies View RelatedI am taking a college course using Microsoft Windows Server 2008 Administrator Lab Manual. The labs assume that you are in a MS lab with the ability to connect to thier domain and servers. I want to create my own virtual lab to simulate MS environment so I can follow the assignments. I have VirtualBox installed. I am a completely new to servers and networking
View 2 Replies View RelatedHow do I restore the previous version of a file I overwrote? I accidentally overwrote a file that is on a network. How can I get the previous version back?
View 3 Replies View Relatedi have an internet connection thru USB from a ppp adapter from there i've made a netowrk with another computer now on the client computer from my network i have XAMP server who i want to be accessed from the internet .i have subdomain like radionis.zapto.org (192.168.0.2) registered at no-ip.org.now what IP i have to introduce there to make my server accessible.
View 1 Replies View Related