I have cisco 851 using ccp to configure EASY VPN
I click on TEST VPN SERVER then click start the status shows successfull
when I tried to connect a client I get mm_no_state
When I reviewed the report from the test I found
AAA authentication : Not configured
My AAA
aaa new-model
!
!
aaa authentication login tgcsusers local
aaa authorization network tgcsvpn local(code)
I am using ACS 5.3. I have succesfully configured Machine Authentication for a Windows 7 laptop using EAP-TLS. The ACS is configured with an Active Directory external identity store where the Windows 7 laptop is configured as part of the domain. I'm pretty sure that the ACS was using the AD to authenticate the laptop's name because at first the authentications were failing because I had the Certificate Authentication Profile configured to look at an attribute in the client certificate that was empty. When I fixed that, the authentication suceeded.
I started doing some failure testing so I disconnected the Domain Controller from the network. Sure enough, the ACS shows the Active Directory external store is in the Disconnected State.I then went to my Windows 7 laptop and disconnected the wireless connection and connected it again, expecting it to fail because the AD is down. But it succeeded! My Win 7 laptop is accessing the network wirelessly through a Lightweight AP and 5508 WLC. The WLAN Session Timeout was set for 30 minutes. So even with the AD disconnected, every 30 minutes, the ACS log showed a successful EAP-TLS authentication. I then changed the WLAN Session Timeout to 2 hours 10 minutes. Same thing, every 2 hours 10 minutes, a succesfull EAP-TLS authentication. I really don't know how the authentications are succeeding when the AD is not even connected. Is there a cache in the ACS?
I have Cisco WLC 2504.I was configured one wlan with external web-authentication.External web server is apache on freebsd.When user connect to wlan and open web browser, wlc redirects client to external web page, where client must input hist credentials.When client click "submit" button on external web auth page, wlc initiates RADIUS request to radius server.Radius server(freeradius) is on the same server, where apache running.
sometimes, when client enter credentials on external page and click "submit" button, wlc suddenly redirect client on internal default auth page.
On an AIRONET 600 AP (officeExtend) with the remote LAN interface is configured to use 802.1x authentication:If a Cisco IP Phone is connected, 801.x authentication challenges for credentials. The AP does not seem to have a way to detect that this is an IP Phone and to skip the challenge (as Cisco switches/routers would do) Is there any way around this? Can the remote LAN interface be configured to skip authentication for IP Phone and only authenticate PCs etc..?
View 5 Replies View RelatedI am testing rogue on wire using 5508 WLC and , I have a dedicated AP configured as rogue detector and configured the switch port where the Rogue detector is connected as trunk. I have plugged in an autonomous AP with open authentication to the same switch so that it can act as a rogue. On the WLC, I can see that Autonomous AP as rogue on Wire. But along with that I am seeing another AP as rogue on wire, even though i have plugged in only one Autonomous AP to the switch.
View 3 Replies View RelatedI purchased a Cisco 520 and am trying to set it up on my home network.Its ADSL PPPoA for WAN.I am trying to setup 2 LANS. One General Network,One DMZ for webhosting.Now, since this router has 4 ethernet ports, i assumed i did not need VLANS. Except when i try configure an interface with an IP address i get this error: % IP addresses may not be configured on L2 links.Now. Ive looked around on the internet about this error. And it seems that since these interfaces are not Layer 3 interfaces,they need to be associated with VLANS.This would be OK. Except this requires an IP address on an interface on the router! Back to square one.
View 6 Replies View RelatedI am having an ASA 5510 and have configured Clientless SSL VPN in it. Now I need to allow my SSL VPN user to access on a particular application(like mspaint.exe for example).When the user login to the SSL VPN, he should see only the particular aplication or must be able to access on the particular application.
View 2 Replies View RelatedI purchased 2 Cisco WAP4410N and i configured them on the network as 192.168.1.241 and .242.I see both SSIDs i created and they are named Cabo1 and Cabo2.
When i initially did the setup I was able to log into the webbased interface through both ip addresses.
I just tried again now, and Im able to log into the interface for .242 but not the .241. I am connect to the router with .241 via wireless because it is with the SSID of Cabo1.
I would like to know if we can use the following card i.e. WS-X6704-10GE along with SUP-2T which will be configured in VSS.
This line is supported with SUP-2T, however not sure if the sup 2t will be configured in VSS. If any supporting document can be provided for the same , that would be great.
If this is supported than whether i would be getting line rate/non blocking capacity with WS-X6704-10GE. Since SUP-2T provides 80 Gbps bandwidth per slot.
I'm having issues with SSH on my 3750G-12S. I'm not able to SSH to another switch when VRFs are configured.I've tried ip ssh source-interface, ssh -vrf doesn't exsist and I've upgraded the IOS to the latest version.
View 4 Replies View RelatedCan a PA-1GE module in a 7206VXR with an NPE-G2 be configured to negotiate/work with a 100mbps Vendor provided Ethernet Port? The router sees the interface but it is in up/down.
View 1 Replies View RelatedI am running Win 7 32-bit for my OS. I am on a desktop PC. I have a Internet modem only without the router. I have a Motorola SurfBoard SB5101.When I go into the Network Connections and do a diagnose. I get the following message. I tried doing netsh int ip reset reset.txt, and restart my PC, but it doesn't fix the error.Your computer appears to be configured, but the device or resource (DNS Server) is not responding.
View 3 Replies View RelatedI have an old Dlink DI-604 that I'd like to configure to work as a switch. I think this is possible but not sure how to do it. Switches are cheap but if I could save a few bucks with some tweaking I'd prefer that. Plus I figure I'd learn a bit about networking.Dlinks site on the DI[URL]Uverse and I'm out of wired ports on the Residential Gateway. I would like 2 more ports to network my PC and NAS, so my laptop and Xbox can access their files.
View 4 Replies View RelatedI'm trying to automate our rollout process with kiwi cat tools. I want to copy a file via TFTP or FTP: Cisco tftp menu knows the latest ip address which it was connected to.
View 3 Replies View RelatedCan ASA 5510 be configured as bridge mode and still send Netflow info to a collector?We have a PIX connect internal network to internet. Because PIX does not support NetFlow, as a temporary solution, we were thinking of putting an ASA 5510 between the PIX and internet gateway, and configure it as a bridge so that there will be no routing issues, and the ASA can still send Netflow info to a collector.
View 13 Replies View RelatedCisco 2651xm router
IOS: c2600-ipvoicek9-mz.124-15.T7.bin
Can a 2651XM router be configured as a PPTP VPN endpoint (client)? I ask because I want to connect this router to a professional vpn (privacy) service such as proxpn or mullvad or similar. If it can't, any vpn privacy services that cater for cisco-based vpn connection?
I have seen similar questions but with not a lot of answers for the ASA platform. As the title states, What procedures can I use to copy a pre-existing configured CISCO ASA 5520 to a brand new CISCO ASA 5520. I have found a URL that seems to answer some questions but not all. [URL]
The URL talks more about the PIX's than the ASA
Is there any documentation or shorter procedures for product specific on the 5520?
Can ASA 5510 be configured as bridge mode and still send Netflow info to a collector? We have a PIX connect internal network to internet. Because PIX does not support NetFlow, as a temporary solution, we were thinking of putting an ASA 5510 between the PIX and internet gateway, and configure it as a bridge so that there will be no routing issues, and the ASA can still send Netflow info to a collector.
View 1 Replies View RelatedIm just starting to learn cisco, currently I already have a cisco catalyst 3750 configured for 3 vlans, and now im planning to have another 3750 for redundancy.
View 5 Replies View RelatedI Just deployed some of these new modules and running A4.x code. How to configure an ACE with the maximum context?
We run in tranparrent mode with 110 Contexts, we found that with a base config for each context(80 lines of code) this would only leave us with 7% of available RAM. The Device begins to shut down services @ 5%. like SSH and others.
So, Is this even possible to configure 250 contexts and still manage the device.
Can the Cisco 3602 APs be configured by a Cisco 5508 WLAN controller to provide client isolation?
View 2 Replies View RelatedI have a few 3560E running Ver 12.2(50)se2. Can these boxes be configured to run VRF. I see a "sho IP VRF" option, but I do not see it available when under config t. Do I need to do a IOS upgrade to be able to configure VRF?
View 7 Replies View RelatedI have this 2x ASA5540 firewall and notice the it is configured with a standby ip. The firewall is run in Active/Passive mode.However, the standby ip of this firewall is not point to the secondary firewall and vice versa for the primary firewall. [code]
1) May i know how is this configuration valid in the first place? I have checked through the configuration. None of the configuration is related to this ip address.
2) Can we remove this standby ip address on both the firewall and correct to the correct primary and seconadary ip address in both firewall?
3) We tried to use this ip address but cannot be used ? Is it related to the configuration of the standby ip address.Do note that the ping to this ip address x.x.x.120 is unreachable.
We have configured new 2911 router with HWIC-2T with it.However we are seeing serial interfaces up, but can hardly ping other end. Again we are seeing a lot of CRC errors on serial interface.
But if we connected same cable, with other old router 2811, it works fine. Confiuration is same on both the routers. [code]
A customer runs a 5508 WLC for quit a while. several dozens AP's are spread all over Europe an run just fine. All the AP's have a VPN based connection over an MPLS service provider, so we are using 10.x.x.x addresses only. We have upgraded to release 7.2.111.3 to support OEAP 600 and we have configured NAT in the Firewall as well a policy to support the home office AP. Everything works fine until the switch where the WLC was attached to crushed. From this moment on, all internal AP's ar no longer able to register at the WLC. A log at the console port on an AP shows that it tries to access the external (NAT) IP address. We had to remove the NAT flag to support the internal AP's.
View 3 Replies View Relatedi have cisco ASA5510 Firewall and configured one site to VPN . i want to configure another s2s vpn in the FW for another Site location.what to in the existing Firewall so that 2 site to site vpn can work.
View 4 Replies View RelatedI have a fairly simple WLC 2100 configured to control two APs. We had a power outage a few days ago, and though the WLC was on a surge protector, it did not come back up properly after the outage. The STATUS light sticks at amber and I can't get any console response. At this point I'm not sure what to do except replace the WLC, though I'm loathed to do that as our budget was just cut substantially for next year and we're trying to turn nickels into pennies.
View 4 Replies View RelatedDoes ASA 5540 support BGP routing protocol to be configured on it?iam talking about the latest versions.
View 1 Replies View RelatedI have 2 Cisco 5520 ASAs and was configured for Fail over. Unfortunately our Primary ASA went down and Secondary becomes Active and network admin made lots of changes on Secondary Active ASA. What is the best practice to rejoin Primary as standby or active without loosing the existing configuration on Secondary Active ?
View 6 Replies View RelatedI am trying to determine if this is possible or not. I have tried several configurations and I can only get half of it to work.
LAN (10.1.1.0/24) =====> <===== OUTSIDE (T-1)
ASA5510
DMZ (10.1.10.0/29) ====> <===== BACKUP (DSL LINE)
The Cisco ASA5510 currently is configured with the following interfaces: inside, outside backup, and dmz.The backup interface routes to the internet via a DSL modem, it normally is not active.The outside interface routes to the internet via a T-1 line.The inside interface is our local LAN and the DMZ has our email server on it.I am wondering if there is a way to configure the ASA5510 so all internet traffic from the inside LAN goes only through the DSL modem and all the DMZ traffic only goes through the T-1 line. No inside traffic (inbound or outbound) should go through the T-1. No DMZ traffic (inbound or outbound) should go through the DSL line.
I can get the LAN to use the DSL line with no problem, but the DMZ to T-1 side causes reverse-path errors.I am not looking for redundancy or failover protection.
I have configured Squid on my system having Windows 7. I didn't missed any steps. In Services it is showing Squid running.But my internet is running directly without any proxy settings. And when i change to proxy settings at port 3128, internet stops working. I had installed earlier and it was working fine. but now I am also using ICS to share internet connection from a broadband to a lan through my system.
View 7 Replies View RelatedWe have a network based from a server where data is stored, such as Quickbooks files, and an employee has a laptop instead of a workspace. He needs to be able to access the Quickbooks file from his computer- we are currently using Remote Desktop Connection, however it is proving to be quite complicated for him and I need to know how to set it up. I know how to set up Quickbooks and all- the issue is with adding his laptop to the workgroup.
View 3 Replies View RelatedI have a router that I have not used for a year or so...I just recently moved to a new location and was trying to set it up...I completed the set up disk several times but I keep getting an error that says my router is connected but there is no internet access...When I plug the port directly to my PC I have internet...The router that I am using is Linksys WRT54G...I have even tried resetting to factory settings and I still can't get it to work.
View 15 Replies View Related