I have just deployed a 881 router at a clients site & configured it to allow remote IPSec VPN connections using the Cisco VPN Client software.
The router works fine except for the remote VPN connections.
Client VPN connections are not being allowed and I am sure the problem is the zone based firewall. I have had very little experience with this, most of my experience is with ACL based security.
The address of my server, as a url, not the IP Address. I already have that, and how to find the number of connections allowed by my provider, which is clearwire.
View 8 Replies View RelatedDoes the Host file allow connections to your computer?Although I have placed some server names into the host file, Wallwatcher 5.0 is indicating that those servers have made connections. This didn't seem to be a problem before I took some online advice to add servers to my host file. I use iptables on a WNDR3700 router with DD-WRT firmware. In the iptable rules I've also blocked these servers. One example is cnbc7.net and a couple of U.S. Akamai servers.
View 7 Replies View RelatedI am using Cisco VPN client for windows 4.0.5 (C)I use the VPN client to connect to my office from home and to connect to a customer via their VPN connection.Is there any way that I can have these two VPN clients active at the same time instead of needing to diconnect one to connect the other ?
View 1 Replies View RelatedI have some remote locations that connect to my ASA 5510 cluster (Aktive/Passive) using the Cisco VPN Client, from which the connection gets disconnected at random intervals (could be 5 minutes, but sometimes after 15 minutes). However, some other remote locations do not have this problem. All locations have the same VPN client configuration (distrubited by pcf file).
I already disabled isakmp keepalive on the ASA but this did not work. If I read it correctly, the Cisco vpn client logging shows that the ASA initiates the ending of the connection.
Code...
We have an AP541N that has been deployed to replace a Cisco 1200 AP (B/G radio). The 1200 functioned perfectly in our environment. The new AP541N on the other hand seems to work fine right after a reboot but immediately starts to degrade service. Over a short period of time, the devices bandwidth degrades to the point were the wireless network is not usable. This happens with just one device connected. Eventually, the device stops accepting client connections. We are unable to get any relevant logging out of the device to diagnose the problem.
View 84 Replies View RelatedDropped VPN connections.I experienced a similar issue a few years ago with my LinkSys WRT54G router with dropped connections to my corporate network using the Cisco VPN Client. To make a long story short the problem was the result of the following:
1. The default ""Client Lease Time" on LinkSys routers is 0 which means 1 day or 24 hours.
2. By DHCP Protocol definition, DHCP clients must renew the DHCP client IP address lease at the 1/2 life cycle of the lease (12 hours if using the router's default setting). This is deadly for VPN clients as the short period of time when the client IP address is no longer valid, the VPN client considers this a loss of network connection. The LinkSys E-series routers further aggravate the situation by randomly assigning new IP addresses to DHCP clients instead of reassigning the client's previous IP address and tends to favor higher host IP addresses in the defined range.
Suggestions to prevent lost VPN client connections:
1. Change the "Client Lease Time" on the router to 8640 minutes (6 days 00:00:00).
2. Prior to establishing a VPN client connection, use the Windows Command Prompt to issue the "ipconfig /renew"
command to obtain a new IP address from the router that will be good for 3 days (72 hours).
3. Configure your E-series router to use the <DHCP Reservation> option to pre-assign IP addresses to your systems making sure they are outside the range of the dynamically assigned DHCP addresses. Using default settings,these would be in the range of 192.168.1.2 thru 192.168.1.99 as the router starts at 192.168.1.100 thru 192.168.1.149.
VPN between datacentre & office ASA 5510 & HP routers site-to-site vpn, 192.168.1.0 и 172.16.0.0 networks If I ping internal routers' cisco address 192.168.1.1 from 172.16.0.0 network host (172.16.2.200) I get ping timeout At the same time I see the same messages in ASDM monitoring when successful ping reaches and comes back to 192.168.1.0 host (192.168.1.101 for example) Pings from 172.16.0.0 to 192.168.1.0 hosts are ok, only 192.168.1.1 is silent Looks like icmp echo reply is not allowed or smth like that, where to take a look?why monitoring looks ok instead of denied according to ACL...?
View 2 Replies View RelatedI am using an ASA5550 for a complex secure network that has at least six "outside" networks. Each "outside" network is assigned to a specific port each set at level "0". I also have a DMZ, set to level "50". I am having difficulty with passing traffic from a host in the DMZ to all but one of the "outside" networks. Is there a limit to the number of "outside" interfaces? I will provide a redacted config file as soon as possible.
View 3 Replies View RelatedA user needs to be allowed through the Cisco ASA 5505 firewall to make a VPN connection to 83.1.**.** address on port 1723.
View 13 Replies View RelatedI was reviewing my ASA config and noticed that port 1025 was being allowed in and statically NAT'd to connect to my email server:
access-list outside_in extended permit tcp any host X.X.X.X eq 1025
static (inside,outside) tcp interface 1025 Y.Y.Y.Y 1025 netmask 255.255.255.255.
I know this sounds a simple and easy question, but I can't find the answer anywhere - so here it is :-I need to know the maximum number of vpn tunnels that a Cisco 881 can handle.(In context, we have a group of users, who work from home and this office, so their laptops have the cisco vpn client, I need to know how many of these vpn connections the 881 can handle at once before it dies a death.)Hote - I have read somewhere a line that state maximum number of users is 20 but think this was in reference to some VOIP service.
View 2 Replies View RelatedI just moved into a university residence. Setting up a wireless connection is not allowed - instead we have one ethernet port on the wall. As a result, we can only have one computer connected to the internet at a time via this wired connection. The problem is, I live with my partner and we both need internet access for our separate computers. We both need to be online at the same time. What is the easiest and most simple way to accomplish this? I don't know much about hubs, routers, and switches. I imagine there should be some sort of basic splitting device I could plug into wall which would allow 2 computers to use the ethernet port.
View 1 Replies View RelatedI was at a site recently and tried to load a windows anyconnect package but got an error saying there was not enough memory on the system to do this. They already have a mac one but wanted windows for future use.
128 Flash
256 Mem
ASA Version 8.4(4)1
asa844-1-k8.bin
i allowed one of internal ip using static nat and public ip is 203.18.137.22 and i want to check which IP are hit this public ip ?Is there is any command to check which ip is hitting 203.18.137.22? I have the cisco 5520 asa firewall.
View 6 Replies View Relatedi have reviewed this configuration a couple of times and I am not seeing my error. I have two internal subnets, in different VLANs with the ASA being the default router. The internal zone works fine, but the zone called wireless on VLAN 13 doesn't. The firewall blocks all communications and the rules look correct to me. I want all traffic on this wireless subnet to be allowed to cross over the firewall and NAT to the outside interface, just as the inside zone does.
View 1 Replies View RelatedI would like to setup an cisco ASA 5505 to only allow certain IP's on port 3389, but i can't get it to work. Maybe some of you experts know why?
Here is my config:
ASA Version 8.4(3)!hostname cisco-asaenable password ** encryptedpasswd ** encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.253 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address 95.*.*.* 255.255.255.248!ftp mode passiveobject network obj_anysubnet 0.0.0.0 0.0.0.0object network rdpuser-1host 46.*.*.*object network rdpuser-2host 48.*.*.*object network rdp-host-pchost 192.168.1.20object
[code].....
The allowed IP's are setup on user level (rdpuser-1 and rdpuser-2) .Still do, I can't connect to the server from any of these IP's...
Users behind a Cisco 1841 are not able to connect to a network using the Cisco Systems VPN Client. Transport is IP sec over UDP (NAT/PAT). Connection just times out.
Which ports should be allowed in the access list? Or do you have an link to a article for this?
Port forwarding done to a DMZ located server on the cisco ASA 5520. Now this host cannot browse but allowed outside to inside access is possible Is there anyway i can give this system to browse internet? may be through the natted IP ( 94.20.*.*)
View 2 Replies View RelatedWe have a Cisco ASA 5580 and the outside interface has a public IP address and we noticed we can ping this address from the Internet. I did a packet capture on the outside interface and confirmed the pings and the IP address sending the pings. The 5580 does not have an access list allowing icmp so I'm not sure what is allowing the pings to this interface.
View 5 Replies View RelatedWe have set of PC's who will be connecting either RA IPsec or SSL VPN to another location. On our site, our perimeter device is an ASA 5520 8.2(3). The interfaces on this ASA doesn't have Access Lists applied, so from what I understand, there is a default policy applied globally (class-default). Now my question is: If we set up vpn clients on our pc, are the ports used by the clients to the VPN server allowed by default or do we need to tweak the class-default?
View 6 Replies View RelatedWe have a ASA 5510 (v8.2.2 with ASDM 6..4.7, 256Mb mem) with a license for 250 VPN Peers. The machine has currently one site-to-site VPN active. I've added a remote-access IPSec VPN for some users but when connecting from the remote site the connection is dropped and the ASA reports %ASA-4-713239 Tunnel Rejected : The maximum tunnel count allowed has been reached.
I've searched for info relating to this message but I found none. Before I plan a restart (it's up for 222 days), is there something I could do on CLI to fix this ?
I was using the household Ethernet cord this morning and it was working normally. Then I stopped using the Internet to do a program tidy up. - there were a few program's that had been extras to other program's I don't need. Then I went to use the Internet again and it wouldn't connect through the Ethernet cord. I was able to establish that my computer is still able to access the Internet through wireless (which we don't often use on account of it been spotty). Could I have done/deleted/turned off something that allows my computer to read Ethernet cords?
View 2 Replies View RelatedI use a DLink DIR-655 router but it only allows around 24 MAC addresses to be specified in the filter list of ALLOWED MAC ADDRs. With a few laptops in the family, a game box, NAS, printer, e-readers, smart phones, I'm maxed out. Alternatively, could I daisy chain them to have one handle wireless devices only and another handle wired devices? If so, I could probably dealt with 24 max wireless MAC addresses specified for a while. If there's a better router out there that's not so limited, I'll upgrade.
View 2 Replies View RelatedMy laptop is showing that it is connected to the wireless router, but whenever I click on the Internet icon, it will not allow me to connect to the internet.
View 1 Replies View RelatedIs it possible to get both allowed and blocked web access logging? I'm using the 2.06NA firmware and no matter how I configure the router, I just can't get it to work, so either I'm missing something or the firmware has a defect, I hope its me, but I fear its a defect.
View 6 Replies View RelatedMe and my friend is currently setting up a Xen test environment. As you can se from the picture below we are running a Cisco ASA 5505 to reach the network from the outside.But the problem is that we want to reach the virtual pfSense's subnet's through the Cisco AnyConnect VPN. And currently the pfSense's are only configured with a public ip and a virtual interface to the VM's.could solve this problem by buying another PCI NIC, so that we have a physical link from the "pfSense box" to a tagged VLAN on the switch.But we are having problems configuring the switch to general vlan's. Cause Xen can't have it's management interface on a tagged VLAN directly from the XenServer,but the switch can tag the packet when it reaches the switchport. I would like to have "switch port general allowed vlan 2" for admin and 10 for "LAN"And then trunk the port to the Cisco ASA. But again, Xen stops me from doing this.
View 2 Replies View RelatedJust loaded the 7.2.103.0 software onto the brand new WiSM2. Going throught the options and have found that under the global parameters for 802.11a/n, 802.11b/g/n radios is now the "Maximum Allowed Clients" option. The allowed setting is from 1 - 200 clients.
Does that mean only 200 clients will be allowed to associate to the WLC on that radio at a maximum?
Doesn't seems to make sense... I have the 500 AP license on this WiSM2... I know this option used to be an optional setting under a WLAN in previous releases.
If I am using an ASA5505, and I have a configuration similar to below, I see that the untrusted interface is only allowed to ftp to 192.168.1.5. Since the trusted interface is not limited to ftp only can it basically run any protocol it wants to 10.20.30.2, or does it get limited to only ftp by the other ACL on returning packets.Also, is the ACL applied to the interface because the ACL's name is the name of the interface?
View 2 Replies View RelatedASA 5505 8.2.1
ASA 5520 8.4
We currently have a tunnel configured between 2 ASAs
1- Is it possible to assign 1.5 Mbits of Bandwidth(BW) to this tunnel?. Then if Tunnel number 2 is configured I could assign 2 Mbits to that one for example?
I am not referring to prioritizing certain type of traffic over the IPsec tunnel, I am referring to Tunnel 1 has 1.5 Mbits of BW guaranteed for all traffic that goes thru it. Same for tunnel 2
Then
2- How to monitor the amount of BW in an IPsec tunnel?
My college uses cyberoam for all network security. On windows i can successfully log into my account without any problem. But when I do the same on ubuntu(tried on various versions but failed!), the client returns "You are not allowed to login from this machine." I did the same thing as the instructions from the website said, but failed.
View 4 Replies View RelatedI have yet another problem now with the DIR-825. I have a DAP-1522 that I connect my multimedia devices to like my TV, BD player, etc.
For added security, I use MAC filtering to only allow access to my devices that connect to my router. However, after several hours, the devices connected to my DAP-1522 can no longer connect and neither can I connect to them. The odd thing is that I can connect just fine to the 1522 itself. I NEVER had this issue with the DIR-655 so I figured it had to be the 825. After trying several things, I essentially narrowed it down to the MAC filtering.
If I turn MAC filtering off everything works fine all the time. If I turn it on, everything works fine for several hours, even up to a whole day, but then eventually my devices can no longer see or be seen.
We are migrating from ACE 20 module to an ACE 4710 appliance. [code] When pasting in the config on the ACE 4710 running A4(2.1) code, I get the subject error message when trying to enter in the highlighted sticky-serverfarm command above. Again, this config works on the older hardware and older code.
View 1 Replies View Related