Cisco VPN :: ASA 5505 - Changing Outside Interface IP Breaks Remote VPN

Aug 17, 2011

I have an ASA 5505 running 8.2
I used the ASDM wizard (6.3) to set up a remote VPN.  After slightly adjusting the wizards configuration the VPN is working well.
Now I need to change the Outside interfaces IP address.  When I do that the VPN no longer works.  If I change it back to the original value the VPN works again.
What configuration changes do I have to make regaurding the remote VPN after changing the outside interfaces IP address?

View 11 Replies


Cisco VPN :: 837 - EasyVPN Breaks Remote Access Session

Aug 11, 2011

I using cisco 837 for incoming remote access  VPN connections with are working very well but I recently created one outgoing easy vpn connection and I have issue since that time. As soon as easy VPN is up and established successfully I lost remote VPN access to internal subnet.
Where is :
Internal subnet:
remote VPN pool
Take a look at config attached and point me at missconfiguration

View 4 Replies View Related

Cisco Firewall :: ASA 5505 - VPN NAT Overlap Subnets Remote Interface Does Not Reply

Jul 10, 2012

Not really a big problem, but not knowing the answer is killing me.  This is what I have:
Host 1 <-> ASA 5505 <-> VPN connection<-> ASA5510 <-> Host 2
The problem is when one of the hosts trys to reach the inside interface of the remote ASA.  E.g. Host 1 trying to ping ASA5510 inside interface.  Again Host 1 and 2 have the same subnet address of  I have configured the ASA 5505 to do the the NAT translations. 

View 3 Replies View Related

Cisco Firewall :: Changing PIX 515E Failover Interface IPs?

Mar 6, 2011

I am looking to change my Failover Int IPs on my PIX 515E Bundle, Cisco PIX Firewall Version 6.3(5)123 with the least impact on the network.
For example:
interface ethernet5 "state"
IP address, subnet mask
 ip address state
 failover ip address state
I want to change these lines to .....
interface ethernet5 "state"
IP address, subnet mask
 ip address state
 failover ip address state

View 3 Replies View Related

Cisco VPN :: Changing The Server IP In A ASA 5505?

Sep 28, 2012

I know know nothing about cisco devices. Just wanted to get that out there. I recently came to a job that has a 5505 setup as the network gateway, and as a vpn for employees to work from home via the Cisco VPN remote client program. We had one main server that was domain controller, dns, and dhcp. It was a old 03 box, and I setup a new 08 r2 box on a different IP, and migrated all the above functions to it. Old server was a, new server I found the java ASDM program(6.1) and connected to the ASA, and I have changed .31 to .6 in as many places as I can find, however, vpn clients on the outside can no longer connect to their desktops, as when i open a command prompt on their computer, the only IP they can ping is, pinging, or any other address fails. I'm guessing maybe it's in the firewall of the asa, but have no ideal really. Was there anything else I was suppose to do? Someplace I overlooked?

View 7 Replies View Related

Cisco Firewall :: Changing Subnet Mask In An ASA5520 Interface

Aug 8, 2012

We have an ASA 5520, working fine.One of the interfaces is connected to users PCs and printers mainly. Last months the number of devices has grown rapidly, and we would like to make some changes in it in order for it to be able to host new devices.We thought on change subnet mask of actual subnet ( to, so it can hold as many devices.I understand I have to make some changes in the ASA, but my question is:What will happend to the acces rules I have created?Will I need to create them again? There are some objects which carry information about subnet mask, so I suppose I will need to redefine them, but for those without any subnet mask information, will I have to redefine them?

View 2 Replies View Related

Cisco Firewall :: ASA5510 Pairs - Changing External IP And Interface

Mar 27, 2011

We have 2 firewall (ASA5510) pairs. Each pari configured for Active/Stdby mode.
Pair1 : Internet browising, Remote access VPN, Citirx access & L2L VPN access
For this pair , I need to move the 'outside' interface to Gig 1/3 and change the IP addresses. (minimize the downtime)[code] Remove the ip from outside interface and add the new IP and enable to monitor interface outside?

View 4 Replies View Related

D-Link DIR-601 :: Changing LAN IP Address Causes Blank Interface Labels?

Mar 22, 2012

I have a new router.  this seems to be a very simple problem relating to the most basic configuration options.

Hardware Version: A1     Firmware Version : 1.01NA   
change  "Router IP Address" to
change "DHCP IP Address Range" to: :

Save Changes Wait for reboot. change my client system's local IP address...  so that I can reconnect. direct web browser to

seen: login page has a select-box for a userid, but no text inside.  there is no prompt to ask me to login. I press enter (or whatever...  I login). every form interface on all web pages looked at have no labels on text boxes.

I did a view source...  and used web-dev tools to look at the page.  it looks like the apparent js function, show_words(), is not defined.

change ip address and dhcp address range back to default save changes. wait for reboot. reverse changes to local system things are back to normal.  login page has useful text.  after logging in, there is something to read.

looking at source again.  I see, now, that the js function "show_words" is defined in a file called public.js.

View 5 Replies View Related

Cisco Switching/Routing :: ASA 5505 Cannot Ping From Inside Interface To Outside Interface

May 1, 2012

I have a Cisco ASA 5505 and I have my internal and external interfaces configured but I currently cannot ping from the inside to an IP Address on the outside.  I had this setup and working and I have another set of equirement that I am replacing that is working with my service provider so I know it is a configuration issue.  When I ping for example I get:
Destination host unreachable
Do I need to add a static route from my inside interface to my outside interfaces?   

: Saved
ASA Version 8.2(5)
hostname pxasa


View 2 Replies View Related

TP-Link ADSL2+ Wireless :: TD-W8951ND - Changing Interface From Orange To Blue

Feb 17, 2013

-Region : Poland
-Model : TD-W8951ND
-Hardware Version : V5
-Firmware Version : 5.0.0 Build 120522 Rel.23978
-ISP : Orange/TPSA

Is there any way to change web interface / firmware from orange version to blue version? Blue version has more options and better "System log" presentation page.

View 2 Replies View Related

Cisco :: Remote Vpn Client To Router With Cellular Interface?

Apr 28, 2011

I'm having extreme issues in getting my vpn client to connect to a cisco router with a hwic-3g-hspa cellular interface

I have tested the config remotely by traversing the tunnel I have setup with a cisco vpn client and the client does connect, however when out on the road it doesn't respond, I'm litterally hitting my head against a brick here, everything just seem right I can't explain it.

I have done debugs and there is no sign of life, its as though when the vpn client connects to the router its not responding any way here is my config for the vpn clients part that is.

aaa new-model
aaa group server radius vpn-client-server-group-1


View 2 Replies View Related

Cisco Firewall :: 5510 Remote Access VPN / Change The Outside Interface IP

Dec 19, 2012

I have a Cisco 5510 which has remote access VPN configured.Now I have new block of IP address, is there a way I can just change the outside interface IP so that people can remote in without doing anythng else?Or if I coulds be taught to create a new one.Or best way to approcah this issue?For example: it was 67.64.x.x now I need to change to 64.44.x.x.

View 1 Replies View Related

Cisco :: Aironet 600 Can Remote LAN Interface Be Configured To Skip Authentication For IP

Feb 3, 2013

On an AIRONET 600 AP (officeExtend) with the remote LAN interface is configured to use 802.1x authentication:If a Cisco IP Phone is connected, 801.x authentication challenges for credentials. The AP does not seem to have a way to detect that this is an IP Phone and to skip the challenge (as Cisco switches/routers would do) Is there any way around this? Can the remote LAN interface be configured to skip authentication for IP Phone and only authenticate PCs etc..?

View 5 Replies View Related

Cisco VPN :: Configure ASA 5510 Remote Access For 2nd Public Interface?

Jun 4, 2013

  Our ASA 5510 was configured with a public interface, a DMZ interface, and a private interface.  I have a remote access VPN using AnyConnect client and LDAP authentication for Active Directory.  We are changing ISP (groan!), which means all new public IP addresses.  The new circuit is installed, so I have a second public interface (same security level as the first public interface, wholly different IP address range) enabled on the ASA.  I hope to transition whatever I can, which means get the VPN access through either public interface.  Can I just enable client access on the second public interface at the Anyconnect Connection Profiles tab in ASDM?  That seems too simple.  Can they share the one address pool? 

View 1 Replies View Related

Cisco Firewall :: ASA5510 - Web Interface On NAS From Remote Site Across VPN Tunnel?

Dec 3, 2012

I have two routers on my internal network. is a Cisco ASA5510. is a Sonicwall NSA 3500
The sonicwall handles our site to site VPN tunnels.  The Cisco handles our client to site VPN connections.
I have a unit that points to (Cisco) for internet access.  All other clients on the network point to (Sonicwall) for internet access.The device in question, a Synology NAS, is using as it's IP address.
I'm trying to hit the web interface on the NAS from a remote site across our VPN tunnel.  The IP scheme on the remote end of the VPN tunnel is
Going through the VPN, I can hit every object on the network that uses .108 (Sonicwalll) as it's gateway.  However, I cannot hit the unit that uses .106 (Cisco) as it's gateway. 
I added a route statement (using ASDM) that routes all traffic destined to to the Sonicwall so it can send it back down the VPN tunnel.  If I'm understanding routing correctly, this should allow responses from NAS destined for to go back down the VPN tunnel.

View 4 Replies View Related

Cisco VPN :: ASA 5505 / Bug In Remote Access Vpn?

Feb 14, 2013

I have created Remote access vpn on  ASA 5505 (ver 8.2(5) with base license). When I connect from one machine, I can ping the internal network. But when I connect from another machine, cant.I have only decrypts on the ASA side, without encrypts. I was debugging ICMP packets with the capture feature, and saw that echo-reply packets are returning toward the outside interface, but aren't passing through it.
capture test access-list test interface outside
1: 08:54:44.298980 802.1Q vlan#1 P0 x.x.x.x > y.y.y.y: icmp: echo reply
Where x.x.x.x is LAN and y.y.y.y  is the VPN client ip. The nat is ok, access lists are ok, but the packets dont pass through.I tried creating new VPN profile but the same problem, it seems that only one remote client can be active even base license allows more than 1 client.

View 2 Replies View Related

Cisco VPN :: Can't Log Into Remote ASA 5505 On Code 8.0.5

Jan 5, 2011

I have 2 ASA5505 firewalls deployed, 1 at the data center (code v8.0.3) and 1 at a remote location (code v8.0.2).  The remote location has 2 PCs that connect back to the data center to access the directory services, exchange, file servers, etc.  The ASA5505 firewalls are configured for a site to site VPN.We were having stability issues with the remote ASA so we decided to upgrade the code as a first step. We updated the data center to 8.0.5 and all was well.  I data was flowing and I could get into both ASAs from the data center via ASDM and ssh.Then I updated the remote location to 8.0.5.  Now I can't ASDM or ssh into either ASA unless I'm at that specific site.  PCs are still able to connect their servers.
I am unable to ping, telnet, ssh or ASDM into the inside vlan ip address while I am at the other site.  I can see in the logs inbound connections being built on the distant firewall but it doesn't build a new outbound connection to reply traffic.Did 8.0.5 do something to block management connections from the outside?

View 7 Replies View Related

Cisco VPN :: 5505 Remote Access VPN

Jun 19, 2011

Got a single asa 5505 configured in the office. we have 3 site to site vpn connections from this device, which all work from within the office.Ive not setup my pc to connect from home to the asa via the ciso client.
i can connect to all LAN servers on the local subnet, however i cannot connect through the ASA to any of my site to site vpn's.
if i do an ipconfig on my home pc i can see my local ip, mask & gw, and i can see my assigned remote access ip & mask but no gw.
I cannot ping any remote site to site pc's by IP or name.

View 6 Replies View Related

Cisco WAN :: ASA 5505 Remote WAN IP Change?

Dec 6, 2010

There is a site I oversee that is moving to a new ISP. The drive is 2 hours round trip and I need to do is change an IP. DHCP is being handed out by the internal Domain Controller and all the workstations point to the server for DNS. Will the following commands inputted over an SSH putty session into the current WAN IP change the IP and allow me to hookup to the new ISP? The plan is to copy and paste the following commands into global config mode. Currently they are using DHCP on the WAN side which I do not approve of and their external route is pointing to the internal IP of Things still work but I want to do away with this. Will these commands get the job done?

interface vlan 2ip address 68.x.x.2 route outside outside 68.x.x.1

View 7 Replies View Related

Cisco VPN :: Remote Access VPN On ASA 5505?

Dec 10, 2012

I am currently having an issue configuring an ASA 5505 to connect via remote access VPN using the Cisco VPN Client running on Windows 8 Pro x64. The VPN client prompts for the username and password during the connect process, but fails soon after.
The VPN client logs are as follows:
Cisco Systems VPN Client Version
 Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
 Client Type(s): Windows, WinNT 
Running on: 6.2.9200
 2      15:09:21.240  12/11/12  Sev=Info/4    CM/0x63100002


View 9 Replies View Related

Cisco VPN :: Remote Access VPN In ASA 5505?

Apr 24, 2012

We have a ASA 5505 in our enviroment. We already configures two site 2 site VPN to our branch offices. Now we are planning to configure remote access VPN. So what should be consider when configuring the remote access VPN in ASA which already having site to site VPN?

View 9 Replies View Related

Cisco VPN :: ASA 5510 - Configure Remote Access VPNs To Use Specific Interface

Aug 12, 2012

I am adding a second external connection to an existing system on an ASA 5510 with ASA V8.2 and ASDM 6.4. I added the new WAN using an other interface (newwan).
The intention is to route most internet traffic over the new route/interface (newwan) but keep our existing VPNs using the former interface (outside).

I used the ASDM GUI to make the changes and most of it The default route goes via (newwan). Outgoing VPNs of a site to site nature use the previous route via (outside) as they now have static routes to achieve this.
The only problem is that incomming Remote Access Anyconnect VPNs are not working. I set the default static route to use the new interface (newwan) and the default tunneled route to be via (outside) but this is the point is goes wrong....
I can no longer ping the outside IP address from an external location. It seems the outside interface does not send traffic back to the - outside interface (or at least that's where I think the problem lies). How do I force replies to the incomming VPN remote traffic from unknown IPs to go back out on the outside interface?
The only change I need to make to get everything working on the outside interface again is to make the Default Static route use the outside interface. Which puts all the internet traffic back on the original (outside) connection.

View 6 Replies View Related

Cisco :: ASA 5505 VPN Ipsec Remote Access?

Oct 3, 2011

I have Cisco ASA 5505 and i want to create vpn remote access ...l

so i created and connected to the vpn problem is to reach my Local connection of /24 i put the WAN Connection in the FA0/0 and put my LOCAL AREA CONNECITON into FA0/1 .. so how i can route or translate my connection , and using cisco ASDM 6.1 in GUI ,,,

View 1 Replies View Related

Cisco VPN :: ASA 5505 L2l Tunnel With Easy VPN Remote?

May 25, 2011

I have set up two ASA 5505's (lets call them ASA1 and ASA2) with site to site VPN configuration and i've encountered two problems with my setup.ASA1 has IP on the inside interface and is connects ASA2. It's also an Easy VPN Server for external users to connect through Easy VPN Client.ASA2 has IP on the inside interface and connects to ASA1 Problem #1 None of the ASA's can ping eachothers inside LAN IP address. Computers behind the ASA's are unable to ping the remote ASA's inside IP address. My guess is that this has to do with either NAT or built in security.Problem #2. The Easy VPN clients which connects to ASA1 are unable to access the LAN behind ASA2.

View 3 Replies View Related

Cisco VPN :: ASA 5505 Can't Ping Remote Hosts

Jun 24, 2012

configuring ASA 5505 to be able to ping remote host.Setup - We have a site-to-site ( - VPN setup with client VPN access (IP Pool, on ASA 5505.Issue - Not able to ping host on from VPN client but  able to ping host.

View 8 Replies View Related

Cisco VPN :: ASA 5505 / Access To Remote Site Through VPN?

May 22, 2013

We have 3 offices, each with an ASA 5505 as the router/firewall, connected to the cable modem
(NC office) <----IPSEC----->(PA office) <----IPSEC-----> (CT office)
Internally we have a full mesh VPN, so all offices can talk to each other directly.I have people at home, using remote access VPN into the PA office, and I need them to be able to connect to the other two offices from there.I was able to get it to work to the CT office, but I can't get it to work for the NC office.  (What I mean is, users can remote access VPN into the PA office, and access resources in the PA and CT offices, but they can't get to the NC office).
Result of the command: "show run"
: Saved:ASA Version 8.2(5) !hostname WayneASA
names!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address !interface Vlan2nameif outsidesecurity-level 0ip address !ftp mode passiveclock timezone EST -5clock summer-time EDT recurringdns domain-lookup insidedns domain-lookup outsidedns server-group DefaultDNSname-server 3gtms.comsame-security-traffic permit intra-interfaceobject-group protocol TCPUDPprotocol-object udpprotocol-object tcpaccess-list inside_access_in extended permit ip any any access-list IPSec_Access extended permit ip access-list IPSec_Access extended


View 15 Replies View Related

Cisco VPN :: ASA 5505 8.2(5) / IP LAN Can't Access Remote Network

Sep 27, 2012

i want my ASA 5505 8.2(5) to access my proxy server on remote lan through VPN my VPN is OK, all PCs of local network can access to remote network.but ASA on local network can't access to remote network.i think it's a NAT problem but ....
local network local IP ASA
remote netword /16
remote proxy
 my conf


View 1 Replies View Related

Cisco VPN :: 5505 Dual Remote VPN Connection

Mar 30, 2012

I created three different Remote VPN connections with three different networks . i can make them one but for some reasons i don't mix all.and iam using  Cisco asa 5505 with Shrew Soft VPN software , so my problem is,- i connected Shrew soft remote vpn , if i try to connected another remote vpn connection this will not accept the second connection, any remote vpn connection software that accepts more than one connection

View 1 Replies View Related

Cisco VPN :: 5505 IPSec Remote VPN Connect But Cannot Do Anything

Apr 5, 2012

I just made a VPN on my ASA 5505 at home, I can connect successfully to it, but I can't contact anything in the network, nothing respond to ping or to anything else (include the ASA inside IP).

View 3 Replies View Related

Cisco VPN :: ASA 5505 / Cannot Access Remote Resources

May 24, 2011

I have 3 networks coming from the DMZ (VPN) and only one works: Not working10.132.25.0/24 Not working10.132.26.0/24 Working The thing is, the one that works is on the same network as the DMZ(VPN) interface. The other two do authenticate and they get an IP from the VPN Pool. but they just cant access anything.

View 11 Replies View Related

Cisco VPN :: Client Behind EzVPN Remote (ASA 5505)?

Feb 2, 2012

I try to configure a simple EzVPN infrastructure:
EzVPN Server (CISCO2811, hostname cme) < -- > EzVPN Remote (ASA5505, hostname ezvpn-asa) < -- > Client
Attached you find both configuration of the EzVPN server and remote. The tunnel is getting up and if I ping from the ASA to the Router, I see the packets getting encrypted:
ezvpn-asa# ping
ezvpn-asa# show crypto ipsec sa
interface: outside
Crypto map tag: _vpnc_cm, seq num: 10, local addr:

If I connect a client with IP address to the interface eth0/1 and do a ping to the cme, I don't see any packets getting encrypted. I don't have any idea about VPN, I just need it for a wireless lab environment. What do I have to configure on the ASA, so the inside traffic is encrypted?

View 2 Replies View Related

Cisco VPN :: Remote Access ASA 5505 To ASA 5510 VPN?

Mar 1, 2012

I have not really set up ASAs nor VPNs on Cisco devices before. I'm currently attempting to configure a remote access VPN between ASA devices, a 5505 and a 5510. The 5510 is meant to be the server and the 5505 is meant to be the easyvpn client. The reason I am opting for remote access as opposed to site to site is that I have many 5505s at remote sites that I will need to configure in the future, and they will be moving around a bit (I would prefer not to have to keep up with the site-to-site configs). The 5510 will not be moving. Both ASA devices are able to ping out to as well as ping each other's public facing IP.
Neither ASA can ping the other ASA's private IP (this part makes sense), and I am unable to SSH from a client on the 5510 side to the 5505's internal (192) interface. I have pasted sterilized configs from both ASAs below. 
ASA 5510 (Server)
ASA Version 8.0(4)
hostname ASA5510
domain-name <domain>
enable password <password> encrypted
passwd <password> encrypted


View 3 Replies View Related

Cisco VPN :: ASA 5505 / Remote VPN Connection Slow

Aug 29, 2011

I have created a Remote VPN connection on a Cisco ASA 5505.When I'm connected remotely through the Cisco VPN Client my connection is very slow.I have a response time of 220ms when I ping my server. how to improve the speed of the VPN connection?

View 1 Replies View Related

Copyrights 2005-15, All rights reserved