I have a problem with my vpn between two ASAs, I review the running config of two devices, but I couldnt see anything out of normal.As you can see in the image the VPN is up, but in the ASA 5510 I don't have Bytes Rx (ZERO), I tried to config again two ASAs but I have the same trouble.
View 19 RepliesFor the last 3 weeks or so (right around the time I upgraded to IE8), my computer has been receiving a ridiculous number of bytes compared to what it sends.Within 5-10 minutes of logging on (I still use dialup), a check on the status shows around 100,000 bytes sent and over 2,000,000 received.I've been online for around 40 minutes, and it currently shows 650,000 sent (23% compression rate) and over 5,000,000 received (4% compression rate).Of course, the browser starts lagging and freezing after a while, which I assume is from the large number of bytes being received.
At the same time, there's a noticeable lag when I try to run programs, even when offline. For example,I click on my ISP connection and nothing happens for 5-6 seconds, then the dialog box appears. This is something that's never happened before. I'm running XP Home and no one else has access to my computer.I'm using the standard Windows firewall.I've run my AV and spyware programs multiple times (nothing found), cleaned my temporary files and cookies, even adjusted the FIFO buffers (the last thing I tried was turning the buffers off). I've been running Disk Cleanup everyday (which lags and runs slower than ever before), but it doesn't solve anything.I don't know how to adjust the compression rate for bytes received to see if that works.
Why do i have 0 bytes of free space on my cd rom??
View 1 Replies View RelatedWhen i check the status of my Internet Connection I notice that the sent and received bytes keeps increasing. I'm sure there are no downloads taking place that I'm aware of. No torrent clients, no antivirus nothing. I checked my PC for malware but that didn't work. As a result of this, i keep getting high pings in online games and can't even watch videos in youtube anymore. like, some software to monitor all the programs that use the itnernet connection without my knowledge or something??My primary concern is gaming (Call of Duty 4) so I wouldn't mind this idle downloading (whatever it is) as long as the major chunk of my internet connection is directed towards Cod4!
View 5 Replies View RelatedThis has been happening of late. When i check the status of my Internet Connection I notice that the sent bytes will be more than 200 and received bytes will be low as 2 to 4
View 1 Replies View RelatedWhen i look at the network wirless connection status something is constantly sending and receiving Bytes and lots of them.the modem gets warm from all of the activity.
View 6 Replies View RelatedI used speed test and got 50 mega bits per second. I tried re downloading tf2 and i was getting 80 kilo bytes, and I am using windows 7. Doesn't 8 mega bits equal 1 mega byte?
View 2 Replies View RelatedThis has been happening of late. When i check the status of my connection, i notice that the "sent" and "received" bytes keeps on increasing when i'm idle. I'm pretty much sure there's no downloading of any sort in progress that I'm aware of. As a result of this, I can't watch videos in Youtube or play online games due to high ping.
View 6 Replies View RelatedI am blocked with the below doubt for my issue resolution. When a ethernet frame for eg:ARP Packet of minimum length (64 bytes) is received at the end station, will the L2 layer remove both FCS and extra padding bytes(18 padding bytes for ARP)? Or removal of the padding bytes is dependent on the implementation?
View 2 Replies View RelatedWe have an EHWIC for a 2900 router. Apparently, this card supports QinQ.. However, there is no usual MTU command. Therefore we cannot increase the MTU to support the extra four-bytes of VLAN tag. We have tried 15.2 and 15.1 code. May be the command is different. I'm about to go and do some digging elsewhere.The card is EHWIC-4ESG.
View 6 Replies View RelatedWe have a new router (D Link) at offices which is fixed with LAN wall points on different places , we want to use it .I connected computers to the LAN points with regular lan cables , it gives me the alert (connected) but no bytes received .I tried to ipconfig an here's what i got :Windows IP ConfigurationEthernet adapter Local Area Connection 2[CODE]
View 1 Replies View RelatedWe have a Cisco 881 router, which is crashing. We have seen that the ARP cache fills up so much it causes things to crash, our phones go down.. We dont know why this however IP CEF seems to be doing it, when we disable it goes away however disabling IP CEF causes our L2TP tunnel to become inoperable also. So why does IP CEF cause thousands of AR entries and how can we limit that!? Below is the error, sample of the ARP cache and our config. You will notice we also have a /31 given to us on WAN interface, this was given to us by our service provider. This is really strange I cant find other examples on internet.
The error:
Nov 1 04:21:57.474: %SYS-2-MALLOCFAIL: Memory allocation of 65536 bytes failed from 0x81F083F4, alignment 16
Pool: Processor Free: 55176 Cause: Not enough free memory
Alternate Pool: I/O Free: 2352 Cause: Not enough free memory
[code]....
I need to count the bytes for some interesting traffic crossing the firewall in ASA 5500. Packet Capture is so far as I need, cause I only need the number of bytes during a long time for about 3 months (source host - destination host)
capture capin type raw-data access-list cap buffer 33554432 interface inside circular-buffer [Capturing - 33553570 bytes]
I need to get only the exactly amount of "33553570 bytes" The pcap file is not needed
I am currently getting a strange error when trying to use and crypto services on our ASA 5520 (8.0.3)Initially I observed that a connected VPN had dropped.Then when I attempted to use ASDM or SSH I was blocked.
In the end I opened telnet as a test and this was successful. Syslog also shows that traffic is passing as normal.The only obvious error I can see when observing various debug traces is this;
FW02# CTM: rsa session with no priority allocated @ 0xCF1FBBA0
CTM: Session 0xCF1FBBA0 uses a nlite (Nitrox Lite) as its hardware engine
CTM: rsa context allocated for session 0xCF1FBBA0
CTM: rsa session with no priority allocated @ 0xCE7A5EA8
[code]....
I'm trying to figure out how to get two 5510 ASA's to establish a Site-to-Site VPN.The version with two static IP's is working perfectly and stable but I haven't figured out how to get a VPN running between a static and a dynamic IP
View 12 Replies View RelatedWe have an ASA5510 which keeps resetting itself for no apparent reason. It does this several times a day and I cannot see any pattern to the times etc. I don't believe it is load related as it also happens overnight when very little is going through the device. When it happens the device just drops off the network (all interfaces) and then when it comes back a few minutes later we can see from the system uptime that it has in fact rebooted itself.I initially thought it was faulty hardware, so I swapped the device for another 5510, but that does the same thing. I then added a third 5510 and configured it in with the second one as an Active/Passive failover pair. Both devices do the same as the first, the only differences now is that the passive device kicks in and takes over, so we have a little less service disruption each time.
View 9 Replies View RelatedI'm running into and interesting issue concerning a twice NAT config.
We have a remote site that needs to connect to a server cluster on our end. Using ASDM I have created a NAT rule that uses PAT to map our server addresses to a single IP (this is due to constraints placed on us by the remote site). This in and of itself shouldn't be a problem. The issue is that the VPN tunnel won't come up unless I also map an address to the remote site's sever.
Example:
Appliance: ASA 5510
ASA Version: 8.4(2)
ASDM Version: 6.4(5)
Original Packet:
Source Interface: inside
Destination Interface: outside
Source Address: Server_Cluster
Destination Address: Remote_Server
Service: any
Translated Packet:
Source NAT Type: Dynamic PAT (Hide)
Source Address: Mapped_Server_Cluster_Address
Destination Address: Mapped_Remote_Server_Address
Service: -- Original --
Within the Translated Packet section, if I set Destination Address to the actual remote server address nothing happens when I attempt to bring up the tunnel. However, if I map an address to the remote server, the tunnel begins to come up and then fails during phase two (as the mapped address doesn't match the addressing that has been defined in the remote end's connection profile).
Initially I thought the issue may be due to an IP addressing overlap since both sites are running similar numbers, but the default route statement on our ASA, should contend with this issue. Also, each time I change the NAT rule, I change the connection profile to match those changes.
So, ultimately, what I wish to accomplish is to allow connectivity between my site and the remote site without having to map another address to their remote server. How may I do this?
i have a 5510 with a working VPN but discovered that anyone connecting from a public IP can connect to VPN but can't go anywhere.so if i have say a linksys wifi on my cable modem and a private IP i can connect no problem. but if i'm on like a verizon data card which gives me a public IP i can connect to VPN but receive the below errors in my asa logs and can not reach anything on the network.What do i need added to allow remote ends without a nat device to also work?
View 4 Replies View RelatedI have an 1841 at a remote site that terminates its ipsec vpn to an asa5510. I want to create a GRE tunnel to I perform the following on the router.
View 2 Replies View RelatedI am upgrading an ASA 5510 from ASA822-k8 to ASA841-k8. I know I have to upgrade the RAM to 1GB from 256MB, but was wondering if it is a direct upgrade, or do I have to step through some of the 8.3(x) versions?
View 2 Replies View RelatedI want to ask for the possibility of configuration below? 2x Cisco ASA 5510 running Multi-Context mode and Active/Active Failover1 Cisco ASA 5510 (ASA 1) has AIP-SSM1 Cisco ASA 5510 (ASA 2) has CSC-SSMThere are 2 contexts, context A and context BASA 1 is the primary firewall for context A, and secondary firewall for context BASA 2 is the primary firewall for context B, and secondary firewall for context A
Can AIP-SSM on ASA 1 inspects traffic of context B which primarily runs on ASA 2?Can CSC-SSM on ASA 2 inspects traffic of context A which primarily runs on ASA 1?
I would like to ask if the ASA5510 can support TLS 1.1 above?On the ASDM it can only be chosen between SSLv3 or TLSv1.When "Negotiate SSL V3", the Active-X plugin can not be loaded (IE 9 with supported SSL v3). It seems that the plugin only works with TLSv1.Is there some roadmap for the TLS1.1/1.2?
View 1 Replies View Related1 isp connection which splits into two. One plugs into 5510 with ouside ip and the other plugs into the other 5510 with outside ip address.
see diagram below:
Router routes are set as:
ip route 0.0.0.0 0.0.0.0 10.x.x.1
##
ip route 10.x.x.0 255.255.255.0 10.x.x.2
We will be introducing another isp into our network. We want to remove our current isp and switch. But we dont want to do the cut overnight. We will migrate into our new isp. so for a while we will have both isp connections.
What i am thinking of doing is taking one of the ports on 10.x.x.1 and configuring it for our replacement isp network and the same for 10.x.x.2. Will that work?
Can i have ASA 5510 configured for 2 seperate ISP connections? What kind of route will i set on my router?
My ASA 5510 is configured with a single PUBLICIP1 on the outside interface. All internal hosts 192.168.0.x are behind the ASA firewall and NATed to PUBLICIP1 including a few site-to-site VPN tunnels. This is also true for DMZ. Now, I would like to add a second PUBLICIP2 to the ASA and map it to one internal host ONLY - For eg: 192.168.0.25. How can I do this without effecting the existing setup? Since my entire internal subnet 192.168.0.0/24 is NATed to an existing PUBLICIP1 how can I exclude just one host (192.168.0.25) and bond it to the PUBLICIP2 for all ports.
This is what my current OUTSIDE interface looks like.
interface Ethernet0/0
duplex full
nameif OUTSIDE
security-level 0
ip address PUBLICIP1 255.255.255.224
!
I have been struggling to come up with the proper config to do a NAT of an incoming VPN tunnel to a VLAN on my network. I have an ASA 5510 with an IPSEC site-to-site tunnel to a partner network of 166.110.0.0/17. I have several VLANs on the ASA interface behind a cat4500 router (192.168.100.024, 172.16.4.0/24, 166.110.128.0/22 etc). The only network that the partner network sees is the 166.110.128.0/22.
My problem is that I need to give them access to a node on my 192.168.100.0/24 net, but can't get the admin on the other side to add a route and adjust his tunnel.My idea is that I will take an IP on my net, say 166.110.128.10, and do an inbound NAT to an address to 192.168.100.200. This way they communicate with a known address to them, but my server is on another VLAN.Should this be done at the level of the VPN tunnel, or can I NAT between VLANs on the cat4500?
I am getting the error "cypto map policy not found" when attempting to connect the VPN. My running config is below.I am attempting to connect from a draytek 2820.
View 5 Replies View RelatedSo I loaded the shiny new ASA 9.0(1) on a test/dev cluster of 5510's with the SecPlus license.In 8.4.4 (or maybe 8.4.3?) new password-policy commands were introduced, which allowed for very granular password policies for local users. This appears to be gone in 9.0.1. Is this by design? These commands met certain compliance regulations. EIGRP is supported in multiple context mode now, however the contexts dont appear to form EIGRP neighborships with each other on a shared interface. I did issue the mac-address auto command in system mode if that matters. All contexts do form EIGRP neighborships with a regular IOS device, however routes are still not propegated from CTX1 to CTX2, 3, etc.It's entirely possible I'm doing something wrong, this is my first stab at multiple contexts, or its possible this doesnt work by design?
View 4 Replies View RelatedSince last week we are having problems with remote users working with VPN client on Windows XP.The connection is stablished but no data traffic occurs.
As we didn't do any change in vpn remote settings I did a test from Linux machine running VPNC client and it works well.It sounds so weird because it happens only on Windows client platform.We have CISCO ASA 5510 and PIX 515 running 8.0(4).
We have an ASA 5510 in which remote access VPN os configured. The problem is that we are able to access all the internal resources and after an hour we get disconnected. The VPN is still up though. We have to reconnect VPN to get things going again.
View 0 Replies View RelatedI'm trying to get a tunnel to come up between a 5510 and a 5505. I currently have a vpn tunnel up and running from the 5510 to another remote site. [code]
View 2 Replies View RelatedI need to buy a firewall for my company and have set my eyes on ASA 5510. However we want to use IPSec both as firewall to firewall VPN and for staff working from home.If i understand right i need to set up a VPN client on the users machine at home to be able to use the IPSec solution. Ist this the case?
I have a few mac users running 64bit OS and it seems that this is not supported by any cisco VPN client. Any workaround to this problem other than anyconnect as i want to use IPSec. For example, is it possible to use another client? or to do it with out a client with some built in Mac VPN?
Today we physically moved an ASA 5510 across town and took another location off of fiber and onto a VPN with the asa 5510, via a brand new 5505. The VPN seems to be up however no local traffic seems to be passing. The ASA 5510 can ping to the internal network of the 5505 but not vice versa.
The site that was moved is the 62.0 network, it is connected to the rest of the network through the new ASA 5505. I'm sure this is something elementary that I somehow missed.
I have an ASA5510 with VPN L2L two operand normally. I need to create another VPN L2L. When you add the 3rd VPN always drop one of those that were operating. What can be?
View 2 Replies View Related