Cisco VPN :: ASA 5505 VPN Concentrator To Maintain Connection With Remote Sites
Jul 11, 2011
I have been working with my ASA 5505 VPN Concentrator to maintain a connection with one of my remote sites. I have several tunnels that work fine and dont have any issues at all, but one tunnel with outside IP ending in 146 and inside LAN 192.168.3.0 goes down every 24 hours. Attached is the config from the concentrator. I changed around the Security Association Lifetime Settings and the tunnel would drop after that amount of time expired. If I set it to 24 hours, the tunnel would drop every 24 hours. If I set it to 8 hours it would go down every 8 hours.
I have swapped the router a few times, double and triple checked my key settings, disabled keep alives on both ends, and this problem just started happening a few weeks ago after working fine for years. I also get the following e-mail error every time it goes down:
<161>Jul 10 2011 16:19:47: %ASA-1-713900: Group = xxx.xxx.xxx.146, IP = xxx.xxx.xxx.146, construct_ipsec_delete(): No SPI to identify Phase 2 SA!
I am installing 2 ASA 5505s at home offices with dynamic IPs. The EasyVPN server is a ASA585x. I am using the 5505s in NEM mode. I configured a unique DHCP scope on each 5505. I have a dynamic crpto map on the server. I configured unique tunnel groups, group policies and usernames for each site on the server. This seems to work fine. Is it normal to configure unique tunnel groups, group policies and usernames for each remote site?
I got Serbian Orion Telekom ADSL Max packet (16/1mb, modem: tp-link td-8816 v5), and used it in Belgrade without any issues with speeds of 13.95mb / 0.86mb. Since I have moved to another city (with recently done all infrastructure) I got this sudden CRC problems, plus ADSL2+ connection problems. Currently at ADSL2+ Annex A. and here is my speed test: And now, what's constantly occuring and is annoying me to bits is the thing that at ADSL2 connection I connect at 10mb with SNR of 6db and it successfully hangs on to the connection, but on ADSL2+ (16mb, max 24mb) with SNR of 6.8db it drops every few minutes. How can I use my 16mbit normally instead of only 10? Maybe some kind of low SNR router could work? How to treat CRC? I have new telephone cable, checked the splitters and also in wall connector.
I created three different Remote VPN connections with three different networks . i can make them one but for some reasons i don't mix all.and iam using Cisco asa 5505 with Shrew Soft VPN software , so my problem is,- i connected Shrew soft remote vpn , if i try to connected another remote vpn connection this will not accept the second connection, any remote vpn connection software that accepts more than one connection
I have created a Remote VPN connection on a Cisco ASA 5505.When I'm connected remotely through the Cisco VPN Client my connection is very slow.I have a response time of 220ms when I ping my server. how to improve the speed of the VPN connection?
I recently purchased the dir-632 and am having trouble getting my Apple Powerbook G4 to join the airport network. I get this message, you may have entered an incorrect password, (I know that I have not), network name (I know this is correct), chosen the wrong type of wireless security (here I think is my problem) or may be out of range of the base station, (impossible as I am 10 feet away, and my PC's all work in the same range).
-My settings are DHCP client -cable status Connected -network status connected -801.11 mode 11bgn
I get a good strong signal from the airport but get a status connected to network and getting status message at the bottom, but the signal changes to not associated with any network every 30 seconds or so. this just cycles between the two messages. the signal does not maintain a connection.
I have setup a vpn connection at my remote offices with a 5505. At my main office I have a 5510.From my remote offices I can PING my Main office server. However when I go to set up a vpn connection through windows network and sharing center I can't seem to have the connection connect.....
I have a question on a VPN connection. I have a remote access VPN setup on an ASA 5505 to be able to remote into a location and check the HVAC program running on a PC. The remote connection connects fine, but when I use remote desktop to connect to the PC, it connects quick, but the screen redraw and reaction time is extremely slow. EG: I click on the program and it takes about 20 seconds to draw the screen, or I click on a menu bar and get the same times for reactions. Could this be a ISP Up/Download issue or is there something that I need to look at on the ASA to change?
If I connect to the remote and do a PING from my desktop to the remote Desktop, these are the results that I get:
Reply from 192.168.XX.XX: bytes=32 time=96ms TTL=128 Reply from 192.168.XX.XX: bytes=32 time=132ms TTL=128 Reply from 192.168.XX.XX: bytes=32 time=90ms TTL=128
I need to know if i can connect RAP to RAP and maintain redundancy with connection to WLC.
I have one 1552 with the gigabit ethernet connected to the gigabit ethernet to another device that has a point-to-point link with another device where have a ethernet connection with a switch in the same broadcast domain where i have my WLC.
Next to this 1552 i have another 1552 that have the same situation, both with omnidirectional antenna.
I would like to have a Mesh connection with these two 1552 in 5Ghz, because if some point-to-point link is down i need redundancy to the WLC and my network, because i have some clients connected in the 2.4 Ghz in both Access Points.
I borrowed a laptop from my sister while my laptop is out of commission. I've been trying to use the wifi, but the connection keeps dropping. I've tried following different pieces of advice from the internet, and I still can't get it working[CODE]
I mostly use my computer in my house, so I am not sure if it is a network problem, or something is wrong with my laptop, but I am having a lot of trouble maintaining a constant connection lately. Often times, I try to load a page and it says "connection reset" or whatever.I have a Dell Studio laptop with an Intel WiFi Link 5100 AGN wireless card. I am using the Broadcom Netlink driver along with Microsoft Miniport Adapter (all of this info came from my Device Manager). I'm running Windows 7 Home Premium 64-bit, 4GB RAM, Intel Core 2 Duo T6500 2.10 GHz, Service Pack 1.
So I recently had to get Comca$t xfinity cable internet due to Verizon Fios not being available in my new home.With Fios on my laptop, I didn't lose connection at all in 3 years.With Comca$t, I lose my wifi connection just about every other minute.It just keeps disconnecting and reconnecting.I'm running Vista.My Ipad is connected just fine and doesn't drop connection.This makes me think it has something to do with my laptop. They are the same distance from the wireless gateway.
can't figure out what's killing my desktop's connection.I'm running Windows 6 Ultimate x64. I was using an Aztech Wireless-N WL522USB adaptor before, and it was working perfectly fine apart from the fact that it was a tad slow, which led me to buy a new Linksys AE1000 adaptor.I'm guessing I caused some kind of conflict, because after an hour or two of use (and after installation of the drivers), I started getting DRIVER_IRQL_NOT_LESS_OR_EQUAL BSODs, as well as my connection dying on me. I did not uninstall the drivers for the Aztech adaptor before installing the new one, and I have a feeling this might have something to do with it. Anyway, right now, I've switched back to the Aztech (intend to return the Linksys), and I'm still having connection problems. The tooltip of the wireless icon on the toolbar shows "No Network Access", while clicking on it shows "Limited Access". I have neither internet access nor local access to the router. The weird thing is that it works for a VERY short period of time after starting up, where I will have full internet access, and after which it will revert to the Limited Access state.
I have a new DIR-815 router, with a network consisting of one HP desktop computer, one Sony VAIO laptop computer and one Samsung tablet computer.My problem is that I can't seem to maintain a constant internet connection requiring a new router setup at least once a week, sometimes more frequently.Also, even though the network I set up is called "HOME" my desktop, which is the computer connected to my cable provider, never shows any connection to that network. Both the laptop and the tablet connect to the :HOME" network while the desktop connects to something called "Network 5" which does not show up anywhere in my setup. As long as I have an Internet connection I really don't care what the connection is called, but I find it strange that I am connected to a network that apparently does not even exist
I recently purchased an LG 42" LD550 Flat Screen TV. This TV is supposed to wirelessly connect to the Internet in order to stream Netflix, YouTube, Vudu, etc. I've purchased and connected the required LG AN-WF100 USB Adapter (dongle). My desktop computer is a Dell Studio XPS 435T/9000. My router is a D-LINK WBR-1310.
The TV simply won't maintain a connection with my network. Sometimes it will find the network just fine for several days -- then it disappears (in the list of networks, only my neighbors' networks show up, not mine).
I follow the steps in the LG manual: I go to "Network" and select "Wireless"
It then shows the AP List. My AP (SSID) is almost NEVER listed, but when it occasionally is, I select it and type in my Security Key. It then proceeds to scan, and 95 percent of the time, it comes back with the error message, "Connection is Failed. Going Back to the List". The other 5 percent of the time, it ACTUALLY CONNECTS for a while (sometimes a few minutes, sometimes a few days). Then it disappears, and the whole cycle starts again
It's been a week now since I actually got connected! Is it the TV or the router? My router works with other devices (laptop, Nook eReader, second desktop computer), so it HAS to be set up right, doesn't it? The entire reason for buying the TV was so that I could wirelessly stream from the internet, and I feel cheated.
I'm using is the Netgear WNDA3100v2.What happens is when I attempt to connect to the internet I have to reset the adapter multiple times before it even recognizes my internet. And then once that happens it takes a few more tries to actually connect. And when I'm connected the speed is fairly decent (around 15-30 Mbps). Problem is, every 5 minutes maybe even less, I disconnect. Then I have to go back through the process of restarting the adapter and whatnot until I reconnect. I've been dealing with this problem for a few months now and have neglected to post about it anywhere because I didn't think it to be this unique.
I have tried just about every other "solution" I could find on the problem and none have worked. Also, if this says anything, I have a laptop setup literally 1 foot or less from my desktop and it connects perfectly well and good using the same adapter. Also I recently purchased another adapter (Linksys AE3000). I figured this might solve my ailment but of course, the same thing happens as the Netgear, except possibly worse. And that adapter works fine on the laptop as well. I also just yesterday completely reformatted my computer hoping it would work, but of course didn't. [code]
I've recently picked up a E4200 to build a dual band network which is targeting to link up (TV, media server, ps3, laptops) then (maintaining phones etc which only has b/g). While currently only laptops.Before doing any of these I have another cisco modem router DPC3825 which worked fine with giving wireless access.I first attemped to leave the modem router has is and connected the E4200 (ethernet 1 to internet), and changed ip to x.x.0.1 and x.x.0.2 while disabling wireless on the dpc3825 and the DCHP on the e4200 and have default gateway to x.x.0.1. My laptops can connect to wireless on E4200 but it couldn't get internet access.
Then I tried turning the modem to bridge mode & resetted E4200 (factory setting x.x.1.1, auto DHCP), and then connected my devices to both wireless bands. At this point I see router status obtained ip from ISP and Internet reached full speed per ISP's mark but the connection only held up for about 1 minutes. I noticed all the devices still maintained connection to router wirelessly but the router loses internet connection (lost the ip and couldn't get it back).
I would like to know if there is a possibility to create 2 Remote access VPNs for 2 ASA situated in different sites and using only one PCF file.Is set up a tunnel between the 2 ASA the only way to reach the 2 destinations with the same PCF file?
I'm looking to put together a solution for a customer that wants to "bridge" between their current office and a new office space they have rented. I know how to set up a site-to-site VPN between two sites with different private IP ranges. For example, site A is 192.168.1.0/24 and site B is 192.168.2.0/24. But is it possible to make both sites appear as a single IP block? This way, systems could be moved one by one without renumbering.I am guessing there might be a way to tunnel the layer 2 traffic and make it work, but I am concerned about broadcast services being broken. I am using non-cisco platforms so I am just looking for pointers on the protocols that might be used so I can do further research.
We have a Main ASA 5520 and two remote site ASA 5505's that connect to each other via S2S VPN tunnels. Currently they are doing split tunneling, so only local traffic goes over the tunnel. We have are local LAN (10.0.0.0/16) and our DMZ (10.3.0.0/24) network at the main site. The DMZ hosts our external sharepoint, but we have access to it internally The problem is site A (10.1.0.0/24) and site B (10.2.0.0/24) have no idea of it, and when attempting to go to the site, it fails. You can access it via the external site address, but that's the only way. Normally the external address is blocked when you are internal.What i'm stuck at is even when we had all traffic sent from Site A to our main hub, it still wouldn't find it. Would i have to make a separate vpn tunnel purely for that DMZ traffic?
I have inherited a sbs 2008 network where they have a SBS2008 server and Server2008 running as a terminal sever at the main office and they have 2 satellite offices. These offices all connect through router to router vpn tunnels. The main site is on 10.0.0 and dhcp is done by the sbs. Satellite site a is on 10.0.10 and dhcp is done by the vpn router and Satellite site b is on 10.0.5 and dhcp is also done by the vpn router. All client computers can run rdp to access shares / programs etc on the two servers but when trying to push out group policy, antivirus updates or even using remote control through the SBS2008 server it is hit or miss. DHCP records on the SBS server do not seem to update correctly, manually changing the ip address in DNS records results in warnings that the PTR record cannot be created.
So I am wondering if the configuration they currently have setup is correct. What might be stopping some but not all computers from updating, why I can connect to some but not all computers at site "a" but I am not able to remotely connect to any computers at site "b".Why I can do remote installs of Eset Endpoint Security on roughly 10% of the clients but the other 90% fail.
I have been asked to setup wireless and we have purchased WLC 5508 and 1142 APs.We have several remote sites and a centralized WLC. The requirement are to have a common SSID (Corporate) advertised across all the remote sites and have that SSID locally switched, and have another two SSID Guest and Mobile tunneled back to the central site (WLC).I want all the wireless (Corporate) clients to use the same subnet as the wired clients at each remote site, the IP assigment will be done by a DHCP server at the central site. The Guest and Mobile users will use a common subnet each across all the site and this will also be handled by the DHCP server at the central site.
I have enabled H-REAP with Centralized Authentication and Local switching but I'm not sure about the second part which is to have a common SSID (Corporate) across the remote sites and localy switched whilst having the other two SSIDs tunneled back to the WLC. Cisco TAC told me to configure dynamic interfaces for each of the remote site but then he said I still wouldn't be able to switch the Corporate traffic localy if I use a different subnet to the wired subnet for the wireless clients.
We have a Cisco 2921 router at the head office (Easy VPN Server) and been deploying Cisco 887VA (EasyVPN remote - Network Extension) for remote offices using EasyVPN. We are allowing Voice and Data traffic over VPN. Everything has been working great until this issue was discovered today:
When a remote user behind Cisco 887VA calls another remote user also behind Cisco 887VA, the call connects and Avaya IP phone rings but no voice in either direction.
Calls to/from head office and external mobiles/landlines are fine. Only calls between two remote sites are affected. As there is no need for DATA connection between Remote office, our only concern is Voice support.
I think "hair-pinning" of traffic over VPN interface is needed. (Examples configs etc).
I have got two 878 integrated services routers and I need to configure them as transparent bridges in order to connect 2 remote sites over ATM.
As I'm testing the topology, I configured two switches (representing the sites) at each end with a VTP domain. VTP works while the switches are connected directly with eachother, but it won't work with the bridges in the middle. [code]
for example, there are 3 sites, A, B and C. A and B are 1.5 km apart and both are separate LAN(mixture of wireless and wired). C is 35 km apart from A and B. I have to connect A, B and C so that they can communicate with each other. Security is required.
For some reason there are some sites that I cannot access websites from inside interface.One such example is lxer.com where I am receiving this message in the browser:The connection has timed out The server at www.lxer.com is taking too long to respond.This has "suddenly" happened, and so I am wondering what others have done when such things has happened. My outside has a dhcp-IP, and I have noticed that this address had changed, so I corrected this in my router settings.ASA version is 5505
I have a Cisco 5505, 2 sites that are internal, 1 external IP (dhcp from cable modem). While on my laptop, ipad, iphone, I cannot access the server via it's external IP address. I MUST use the internal IP in order to access this site. I have heard of hairpinning, internal dns server(don't really want this).
i have 2 router asa 5505 with base license i wanna make site to site vpn connection and remote site using vpn client to connect first i have hdsl router with 5 public ip i wanna try it by giving 1 public ip to each router and try the vpn but nothing work?
On wireless (lenovo tabletx61) I cannot connect through the intranet - no problem connecting through internet. When I manage to connect through intranet connection is dropped quite often.No problem connecting via Ethernet cables.
MY ISP installed one router in my lab.for internet connectivity they mail me steps :connect your Laptop directly to gi0/3 port to check internet connectivity with public ip 1.1.1.x and Gateway 126.96.36.199 with subnet mask 255.255.255.240 after connection I surprised because I am able to access only google sites like gmail,google search etc. but I am able to ping/traceroute all sites.from browser I am able to access only google sites only.In Router no firewall no such access list.