Cisco VPN :: ASA 5510 Maximum Tunnel Count Allowed

Apr 18, 2012

We have a ASA 5510 (v8.2.2 with ASDM 6..4.7, 256Mb mem) with a license for 250 VPN Peers. The machine has currently one site-to-site VPN active. I've added a remote-access IPSec VPN for some users but when connecting from the remote site the connection is dropped and the ASA reports %ASA-4-713239 Tunnel Rejected : The maximum tunnel count allowed has been reached.
I've searched for info relating to this message but I found none. Before I plan a restart (it's up for 222 days), is there something I could do on CLI to fix this ?

View 4 Replies


Cisco Wireless :: OEAP 600 Series - Maximum User Count

Sep 12, 2011

Only fifteen users are allowed to connect on the WLAN Controller  WLANs provided on the 600 series at any one time. A sixteenth user  cannot authenticate until one of the first clients de-authenticates or a  timeout occurred on the controller. Note: This number is cumulative across the controller WLANs on the 600 series. For example, if two controller WLANs are configured and there are  fifteen users on one of the WLANs, no users will be able to join the  other WLAN on the 600 series at that time. This limit does not apply to  the local private WLANs that the end user configures on the 600 series  designed for personal use and clients connected on these private WLANs  or on the wired ports do not affect these limits. This is from the Configuration Guide for teh 600 series Office Extend AP. Is this count per AP or total per WLC? If I have 10 APs deployed to our remote users, can each AP support two simultaneous users? Would I need to use separate WLANs for each OEAP?

View 8 Replies View Related

Cisco VPN :: 881 Maximum Number Of VPN Tunnels Allowed

Jan 14, 2013

I know this sounds a simple and easy question, but I can't find the answer anywhere - so here it is :-I need to know the maximum number of vpn tunnels that a Cisco 881 can handle.(In context, we have a group of users, who work from home and this office, so their laptops have the cisco vpn client, I need to know how many of these vpn connections the 881 can handle at once before it dies a death.)Hote - I have read somewhere a line that state maximum number of users is 20 but think this was in reference to some VOIP service.

View 2 Replies View Related

Cisco :: WiSM2 WLC 7.2 Maximum Allowed Clients Under Global Parameters

Apr 14, 2012

Just loaded the software onto the brand new WiSM2. Going throught the options and have found that under the global parameters for 802.11a/n, 802.11b/g/n radios is now the "Maximum Allowed Clients" option. The allowed setting is from 1 - 200 clients.

Does that mean only 200 clients will be allowed to associate to the WLC on that radio at a maximum?

Doesn't seems to make sense... I have the 500 AP license on this WiSM2... I know this option used to be an optional setting under a WLAN in previous releases.

View 2 Replies View Related

Cisco Application :: 4710 Maximum 10 Http Header Map Is Allowed Per Policy

Nov 9, 2011

We are migrating from ACE 20 module to an ACE 4710 appliance. [code] When pasting in the config on the ACE 4710 running A4(2.1) code, I get the subject error message when trying to enter in the highlighted sticky-serverfarm command above.  Again, this config works on the older hardware and older code.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 View Application Exceeded Its Maximum Allowed Disk Size

Apr 6, 2011

This is the error message I am getting on our ACS 5.1 appliance - is there anyway to purge the database or compact the file?

View 1 Replies View Related

Cisco VPN :: 3000 Network Address Is Allowed Down Tunnel / Check Phase 2 IPSEC Proposal

Nov 4, 2012

I need to check and possibly change which Network address is allowed down a tunnel and check our Phase 2 IPSEC proposal. How would I do this on a VPN3000?

View 3 Replies View Related

Cisco VPN :: ASA 5510 - Ping Is Not Allowed On From

Feb 23, 2012

VPN between datacentre & office ASA 5510 & HP routers site-to-site vpn, и networks If I ping internal routers' cisco address from network host ( I get ping timeout At the same time I see the same messages in ASDM monitoring when successful ping reaches and comes back to host ( for example) Pings from to hosts are ok, only is silent Looks like icmp echo reply is not allowed or smth like that, where to take a look?why monitoring looks ok instead of denied according to ACL...?

View 2 Replies View Related

Cisco Firewall :: ASA 5510 High Drop Count On Management Interface

Sep 4, 2012

I have a 5510 FW in multi-context mode that is showing a high drop count on the Management interface in the Admin context.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 / Outbound Internet Access Not Allowed When Syslog Server Is Rebooted

Jun 27, 2011

I have recently setup Splunk to receive my syslog messages from my ASA 5510.  In the past I used kiwi without observing this issue, but I needed more features than kiwi had available.  Anyway, anytime I stop the splunk service my asa does not allow any outbound connections to be established. 

View 2 Replies View Related

Cisco WAN :: Maximum Number Of Configurable GRE Tunnel Interfaces On 2921-HSEC+ / K9 Router?

Jul 16, 2012

what is a maximum number of configurable gre tunnel interfaces on CISCO2921-HSEC+/K9 router?

View 2 Replies View Related

Cisco VPN :: ASA 5520 / Error / Split Tunnel Attributes(51) Greater Than Max Allowed Split Attributes(50)

Jul 21, 2012

We have ASA 5520 acting as the VPN Server and Cisco 1941 router as EZVPN client. Since last few days client is not able to establish vpn connection. 1941 router is continuously generating the below log messages
001569: Jul 22 12:19:05.883 ABC: %CRYPTO-4-EZVPN_SA_LIMIT: EZVPN(VPNGROUP) Split tunnel attributes(51) greater than max allowed split attributes(50)
 001574: Jul 22 12:19:07.835 ABC: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client)  User=vpn_user  Group=VPNGROUP Client_public_addr=<client public ip>  Server_public_addr=<server public ip>
 004943: Jul 22 11:32:42.247 ABC: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

View 3 Replies View Related

Cisco VPN :: ASA 5510 - Maximum Connect Time Configuration?

Mar 21, 2011

I have been working on my ASA 5510 version 8.2(1) trying to change the maximum connection time.  Originally the custom "Group Policy" for IPSEC (Remote Access VPN) was set to inherit the settings from the default system Group Policy (DfltGrpPolicy).  The custom group policy for the sake of this discussion is called "ABCD".  I have modified the settings on the default (DfltGrpPolicy) as the custom policy (ABCD) was inheriting the configuration from default to disconnect after 1200 minutes.  I changed the setting "maximum connection time" to 1200 minutes.  I saved the configuration and what not then connected my VPN client, after two (2) hours I was disconnected.  Something just doesn't add up.
I went ahead and deselected all inherited properties and manually configured them for the ABCD custom policy.  No longer was the ABCD custom policy configured to use the inherited properties/settings.  I saved the configuration again tested but instead of having a 1200 minute connection limit, I have 120 minute connection limit.  Inside Monitoring --> VPN --> Sesssions : I can click on my session and see Session details".  The Group Policy and Connection Profile properly list the "ABCD" custom profile.  However, the "Conn Time Out" setting is: 120 minutes.  I am completely stumped as to what is going on.
In the actual running config I see:
group-policy abcd attributes
banner none
wins-server value
dns-server value
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 60
vpn-session-timeout 1200
What I need to do next to get this working short of a recycle of the ASA.

View 3 Replies View Related

Cisco VPN :: 5510 - How To Create ASA / VPN Tunnel

Jun 11, 2013

We currently run dual ASA 5510's in A/S config on our main campus. We would like to create a VPN tunnel to a branch campus. Trying to decide between a 5505/5510/5512x, We would like to extend many of the capabilities of our network to the branch campus which will be 20-50 users on a 50mb/10mb internet connection.
Domain login
System Center workstation management
Cisco WCS
Shoretel voip
(Cisco NAC?)
Several different VLANs for wireless guest, student traffic, staff traffic, voip traffic, etc. Which device would be best and should we get the security plus license with it?

View 4 Replies View Related

Cisco VPN :: 5510 - Get A Tunnel Established?

May 2, 2012

I have two 5510's that I am trying to get a tunnel established. One has an exsistinig tunnel to a 5505 that works but I cant get the next one to get past the first phase. I have sanitized the attached configs

View 5 Replies View Related

Cisco VPN :: 5510 VPN Tunnel Looks Up But No Ping

May 30, 2012

I had a pix that had two working tunnels going to one 5510 and one 5520. Today the VPN tunnel to our 5520 stopped working but if I do sh cry isa sa both tunnels have QM_IDLE as the state. (both ends) I tried to debug crypto isakmp 255 but all I get is PEER_REAPER_TIMER and no other output on the pix side.

View 20 Replies View Related

Cisco VPN :: ASA 5510 / VPN Tunnel Drops Due To Inactivity?

Dec 12, 2011

I am using a Cisco ASA 5510. Our tunnels always drop due to inactivity, which is a security issue I understand, and it only takes some "interesting traffic" to bring it back up. My problem is that it looks like the interesting traffic has to originate from my side of the tunnel, when our clients send traffic and the tunnel is down due to inactivity it does not come back up. Is there a setting that I am overlooking that will make it come back up no matter who sends traffic? Or, is there a way to make it stay up through inactivity?

View 4 Replies View Related

Cisco Firewall :: 5510 - VPN Tunnel Between Two Locations

May 23, 2011

Firewall ASA5510. I'm planning to get one of ASA5510 for our office in order to secure our network properly, however we have quite specific routing configuration to allow us failover to the remote location (data center) in case of any disaster with our server. I'd like to find out if I can just install firewall between our ISP Ruter and internet and allow traffic to/from Data Centre. In this situation will I have to change routing configuration on Company Router or do I have to do anything with our Company Router

View 1 Replies View Related

Cisco VPN :: ASA 5510 - Configuration To Do NAT Of Incoming Tunnel

Apr 25, 2013

I have been struggling to come up with the proper config to do a NAT of an incoming VPN tunnel to a VLAN on my network. I have an ASA 5510 with an IPSEC site-to-site tunnel to a partner network of have several VLANs on the ASA interface behind a cat4500 router (,, etc). The only network that the partner network sees is the problem is that I need to give them access to a node on my net, but can't get the admin on the other side to add a route and adjust his tunnel.

View 4 Replies View Related

Cisco VPN :: No Traffic Over Tunnel Between ASA 5505 And 5510

Dec 5, 2010

I've a asa 5510 on the main site and different ASA 5505 on secundary sites for VPN tunneling between the sites. The problem is that the tunnels are acomplished but no traffic is going over them. What am i doing wrong? For the moment there is a ASA 5505 on the main site managing the tunnels but I want the 5510 to take over the job.

View 5 Replies View Related

Cisco Firewall :: VPN Tunnel Between 5510 And Rv042?

Nov 27, 2012

I don't know if this is in the right section, but I cannot set up a vpn tunnel between an asa 5510 and a cisco rv042 router. I believe the problem is because i need to set up a nat exempt rule on the rv042 route but don't know how.

View 1 Replies View Related

Cisco Firewall :: 5510 / L2L Tunnel Keeps Dropping?

May 15, 2013

I have our main site using a Cisco 5510 running 8.4.2 code and a remote site using a Cisco 5505 running 8.4.2 code.  The main site has a T1 and the remote site is using a DSL connection.  About every other day I have to reset the connection at the remote site.  The process that I have found that works is to remove the nat statement, clear the cry ips sa and then add back the  nat statement.  The connection usually comes back up and a few minutes.  I am trying to see what is causing this to drop.

View 5 Replies View Related

Cisco Firewall :: ASA 5510 - Vpn Tunnel Not Working From One End

May 9, 2013

I have an ASA 5510 and I am building a site-to-site vpn tunnel, peer on the other end is a sonicwall. I can initiate the tunnel from my end, but when he tries from his end it fails on phase 2 with this error in the logs:
"Rejecting IPSec tunnel: no matching crypto map entry for remote proxy"
Obviously our crypto map's don't match, i have it restricted to specific ports on my end and he had it wide open on his end, but said he is not sure how to restrict it down to specific ports. My question is why would I be able to bring the tunnel up on my end if the crypto map's don't match and he can't bring it up?

View 5 Replies View Related

Cisco Firewall :: VPN Tunnel Not Working From One End ASA 5510

Dec 5, 2012

I have an ASA 5510 and I am building a site-to-site vpn tunnel, peer on the other end is a sonicwall. I can initiate the tunnel from my end, but when he tries from his end it fails on phase 2 with this error in the logs:
"Rejecting IPSec tunnel: no matching crypto map entry for remote proxy"
Obviously our crypto map's don't match, i have it restricted to specific ports on my end and he had it wide open on his end, but said he is not sure how to restrict it down to specific ports. My question is why would I be able to bring the tunnel up on my end if the crypto map's don't match and he can't bring it up?

View 1 Replies View Related

Cisco LAN :: Debug An Ipsec Tunnel On An ASA 5510 (8.4(3))?

Mar 5, 2012

I'm attempting to debug an ipsec tunnel on an ASA 5510 (8.4(3)) and when I turn on `debug crypto ipsec` and then execute `logging monitor` I get an constant stream of TCP debugging events, is it possible to only view ipsec messages?

View 2 Replies View Related

Cisco VPN :: ASA 5510 / RVS 4000 - VPN Tunnel Reset

Nov 7, 2012

I have an ASA 5510 at V8.2(5) with something near 20 site to site VPN tunnels. I am having a problem with 1 tunnel to a RVS4000. The tunnel is completely closed and reset during Phase2. Here is a small snipet at the time of the tunnel reset
x.x.x.x, Username = x.x.x.x, IP = x.x.x.x, Session disconnected. Session Type: IPsec, Duration: 7h:36m:30s, Bytes xmt: 333755, Bytes rcv: 86281, Reason: User Requested
Followed by Group = x.x.x.x, IP = x.x.x.x, Active unit receives a centry expired event for remote peer x.x.x.x.
We use a number of connection oriented sessions and this blowing them out of the water. all other tunnels are up for DAYS to more than a Month.

View 8 Replies View Related

Cisco VPN :: 5510 - Traffic Through Tunnel Is Very Slow

Jun 8, 2011

I got a stange vpn problem, just added a new vpn tunnel to our ASA5510 and then the users report that the traffic through the tunnel is very slow, when I try it myself I get a speed like 50kb/sec to the internal server.If I use our regular tunnel or any other tunnel the speed is just fine. I´ve added the new tunnel in the same way as the other tunnels,  that is thorugh ASDM vpn wizzard.

View 2 Replies View Related

Cisco VPN :: Specific Tunnel-group With User On ASA 5510?

May 13, 2011

I would like to ask some question about VPN clinet and SSL VPN, on my ASA 5510 i have many tunnel-group it have around 5 tunnel-group and i have one SSL VPN,i also have user 20 user. let me show you that:
1- tunnel-group Staff-VPN remote-access
2- tunnel-group Manager-VPN remote-access
3- tunnel-group normalstaff-VPN remote-access
4- tunnel-group guest-VPN remote-access
5- tunnel-group other-VPN remote-access
and tunnel-group sslgroup type remote-access
and i have user around 20 user and i want to specific user to tunnel-groups like this
1- tunnel-group Staff-VPN remote-access
username AAA password AAA
username AAA01 password AA01
2- tunnel-group Manager-VPN remote-access
username BBB password BBB
username BBB01 password BBB01
3- tunnel-group normalstaff-VPN remote-access
username CCC password CCC
username CCC01 password CCC01
5- tunnel-group other-VPN remote-access
username DDD password DDD
username DDD01  password DDD01
So, How can i manag tunel-groups with user?

View 3 Replies View Related

Cisco VPN :: 5510 - Connection Fails Using Full Tunnel?

Mar 31, 2012

We are using a 5510 and have issues trying to use VPN with full tunnel to connect from inside the firewall to a customer site. I don't seem to have a problem when using split tunnel profiles. How would you troubleshoot this?

View 12 Replies View Related

Cisco VPN :: 5510 - IPSEC Tunnel Won't Attempt Connection

Jul 31, 2012

I have a 5510 and a 5505 that I'm attempting to configure a simple VPN tunnel over. I have tried step by step configurations form CISCO ASA configs, as well as every source I can find. I have walked throught the config with IOS commands as well as Wizards. All my packets are dropped at the the inside or outside interface.
When I show SH ISAKMP command all I get are 0's straight down.

View 7 Replies View Related

Cisco VPN :: ASA 5510 - Internal IP From Sonicwall LAN / Setup A VPN Tunnel?

Nov 5, 2011

I am trying to setup a VPN tunnel between a Cisco ASA 5510 (Version 8.2(2)) and Sonicwall TZ200. I got tunnel up and going and I am able to ping the Cisco ASA internal IP from the Sonicwall LAN but nothing else works.

When I try to ping a host behind the Cisco ASA from the Sonicwall LAN I get the following message "Asymmetric NAT rules matched for forward and reverse flows;


View 14 Replies View Related

Cisco VPN :: 871 / 5510 - Any Way To Force Traffic Bound For 192.168.1.x To Go Over VPN Tunnel

Apr 3, 2011

I have 2 Cisco 871 set up to vpn in to an ASA 5510.  Everything has worked even when the 871 is behind a nat.
We use these routers to send to employees home for temporary use.
The WAN ports on the 871 are configured to pick up an IP via DHCP.
Office ASA 5510 - Public IP address
WAN - Public IP
Internal -
Home Router
WAN - Public IP
Internal -
Cisco 871 picks up 192.168.1.x on WAN port from user's home router
Internal vlan1  192.168.10.x/24
The problem is - this user's home router is using the same subnet as the internal network at the office.  Is there anyway to force traffic bound for 192.168.1.x to go over the VPN tunnel?  It does this correctly if the 871's WAN port is not also on the same subnet. The vpn tunnel does come up.  And I can ping to and from the router, it's just the clients behind the 871 that cannot ping or access the corp network.

View 2 Replies View Related

Cisco Firewall :: IPSec Tunnel On Sub-interface On ASA 5510?

Jun 11, 2012

I working on a security solution using ASA firewall. Is it possible to setup a IPSec tunnels  on each subinterface of a physical interface on ASA 5510?

View 3 Replies View Related

Copyrights 2005-15, All rights reserved