Cisco VPN :: ASA 5510 / Vpn Goes Down Intermittently For One Or More Locations
Mar 22, 2011
We are facing a major issue of VPN tunnel going down very often. I have 7 Site-2-Site VPN connectivity, this works fine for some days and suddently VPN tunnel goes down intermettenly for one or few locations and i need to clear isakmp sa for that speicific tunnel to come up.When tunnel goes down the vpn phase 1 status.....
6 IKE Peer: 125.18.0.38
Type : L2L Role : initiator
Rekey : yes State : MM_ACTIVE_REKEY
7 IKE Peer: 125.18.0.38
Type : L2L Role : responder
Rekey : no State : MM_REKEY_DONE_H2
After clearing phase 1 for specific tunnel the VPN tunnel come up.
7 IKE Peer: 125.18.0.38 Type : L2L Role : responder Rekey : no State : MM_ACTIVE
CINBLR01-SQDR-FIREWALL-00002# sh version
Cisco Adaptive Security Appliance Software Version 8.0(4)Device Manager Version 6.1(5)
Compiled on Thu 07-Aug-08 20:53 by buildersSystem image file is "disk0:/asa804-k8.bin"Config file at boot was "startup-config"
CINBLR01-SQDR-FIREWALL-00002 up 1 day 17 hours
Hardware: ASA5510-K8, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHzInternal ATA Compact Flash, 256MBBIOS Flash M50FW080 @ 0xffe00000, 1024KB
[code]....
This platform has an ASA 5510 Security Plus license.
View 7 Replies
ADVERTISEMENT
Nov 1, 2011
I'm setting up two separate 5510's at two seperate locations. The client wants two seperate SSL-VPN's; one for the HQ and one for the COLO location. They have a single domain for which I have added a-records to point to the corrosponding ASA's thusly: [code]
My questions is this: do i need to buy seperate certificates for each ASA/fqdn/IP combo? I'm using godaddy to buy the certs. If I do need to buy seperate certs, that makes the installation easier, but may waste $$. If I only need to buy one cert, how do I set it up so that both combo's are verified?
View 2 Replies
View Related
May 23, 2011
Firewall ASA5510. I'm planning to get one of ASA5510 for our office in order to secure our network properly, however we have quite specific routing configuration to allow us failover to the remote location (data center) in case of any disaster with our server. I'd like to find out if I can just install firewall between our ISP Ruter and internet and allow traffic to/from Data Centre. In this situation will I have to change routing configuration on Company Router or do I have to do anything with our Company Router
View 1 Replies
View Related
Oct 3, 2012
I am not a ASA expert but I have configured them few times. I have a vision of a task I have to complete but not sure if it is practical or how to go about doing it.
We two locations, Location A and Location B. Both locations have a 100MB internet conection. Location A has a ASA 5510. Location B has a 5505. Users at both locations access the internet via their respective ASA. Location A is the headquarters and Location B is a disaster recovery site. We want to setup a tunnel between both ASAs. This tunnel will be used to replicate data between the two locations for DR purposes. We need the users to still use the same pipe to get to the internet but want to allocate 10MB for internet use and the remaining 90MB for the DR tunnel.
View 30 Replies
View Related
Jan 31, 2011
Is there any way to get reports on voice utilisation on WAN links so that CAC settings can be proactively managed for each location on our CUCM cluster? Our service provider is advising that this is not possible which means that we rely on customer/staff complaints to recognise where CAC thresholds are being reached. Our preference is to be able to run traffic reports (or the Cisco equivalent) as could be done on our previous (traditional) telephony network and provide additional capacity if and when required BEFORE congestion is reached, thus minimising customer/staff impact.
View 1 Replies
View Related
Jan 15, 2011
I need to keep surveillance on two separate remote locations, each on a different continent. They're both indoor locations and have broadband. One of these setups should be fully bidirectional so I can see them and they can see me, while the other location is unidirectional so I can see them but they can't see or hear me. In both of these farflung locations the people there have the computer skills of your average escargot, so it's going to be a complete and utter miracle if they can even figure out how to boot the PC. I would like to provide netbooks to each location and have them automatically launch a fullscreen webcam on bootup. How to get this set up properly so that it works in a foolproof manner.
View 1 Replies
View Related
Jan 28, 2012
Has a small home network in 2 buildings with 2 wireless routers. He has fiber from the building where the dsl comes into, running up to his house where a second wireless modem is. Both are broadcasting DHCP but I only want one of them to do this. Ultimately I want his server(2008) to broadcast DHCP, but just one of the modems is fine for now.
View 1 Replies
View Related
May 1, 2012
I know how to connect 2 routers in 2diffrent states using internet.Also which service is used for that purpuse
View 1 Replies
View Related
Oct 15, 2011
I have VPN connections in between my HO and branch locations. I am using ASA in HO and 1841 branch locations. One of the location is keep on disconnecting, why this is happening as i can see the configurations are identical to other locations.In 'sh crypto isakmp sa' output i can see multiple entries for this particular location, one with type 'L2L' and others with type 'user'.
View 2 Replies
View Related
Dec 5, 2011
I have 2 dual ASA 5520 devices running VPN at two geographically different locations. What is the best way to do failover between the two remote locations?i.e. can Cisco GSS / Cisco CSM/ACE be used and if so how would this work.
View 3 Replies
View Related
Dec 17, 2011
I have establlished VPN tunnle between 2 locations
I can ping accros and access server resources on both LANs The problem is that from one location I can not access Internet
I can not ping by IP,when I do tracert it just reaches default gateway of this locations from other location(office) no problem
View 1 Replies
View Related
Jun 27, 2012
I have configured a VPN tunnel between two remote locations using static IP addresses on two RV042 routers. The tunnel seems to work but the problem is that when the two hosts attempt to ping each other only one can successfully ping. One PC with IP address 192.168.1.100 can ping across the network but the second PC with IP address 192.168.2.100 cannot. These are laptops seperate from the intranet used to test the tunnel. Someone had suggested NAT may be the issue so I enabled NAT Transverse on the routers but still no luck. The following is the results from a ping test.
PC 1
ping 192.168.2.1
Pinging 192.168.2.1 with 32 bytes of data:
Reply from 192.168.2.1: bytes=32 time=116ms TTL=63
[Code] ......
View 1 Replies
View Related
Apr 17, 2013
We installed a new ASA 5515 about a month ago for the corporate office we also have 40 branch locations that feedback VOIP, camera, and Citrix to the corp location. Each of the branch locations have a separate DSL connection with a local provider and all of them are dynamic IP addresses.
The problem I have is that I cannot figure out a access rule to make the voip traffic work 100% of the time what ends up happening is five or six random locations change IP address's every day and I could not figure out how to create a access rule for that so I create a static route with that dynamic IP and then it will change a week or so later. That's a horrible security risk and a lot of manual work.
View 4 Replies
View Related
Dec 7, 2011
I have 2 WRVS4400N's installed in our network, one at each end of a VPN tunnel between 2 physical locations. I continue to have issues with the VPN to "Stay" connected, even after purchasing another new WRVS4400N 4 months ago. I can reboot both routers, and the VPN connects with no problem, but hangs up after a few hours / days (no pattern).
I am taking a hard look at the issue now, as about 1 month ago, the newest router "automatically" reset it itself back to factory settings (thus interrupting nearly everything in our network). After contacting support, we reset the router and re-configured it to our environment. It is plugged into a surge protected UPS (yep, I thought maybe a power issue caused the problem, but it's not). Then about 1 week ago, the other/older (9 month old) router lost it's configuration. again, reset it and all works. Including the VPN, but the VPN still works as it did before connects for a while, but then drops and generally I need to reboot the router to get it connected again (clicking on the Connect on either router doesn't work until after a reboot).
Also, in light of the recent "lost configurations", I turned on logging and now I'm getting TONS of emails of log activity, even when the network is idle (no users, no background jobs running).
after rebooting and no inter activity, I get this kind of log, all night long (to me it generally looks like the VPN connection resets and increments by 1... I'm taking a guess that the increment hits a limit someplace and I lose my VPN).[code]
View 6 Replies
View Related
Jun 28, 2011
I have 3 different office location and I need to set up a LAN so that all three are connected and can share info?
View 1 Replies
View Related
May 7, 2011
I setup one location (business retail shopping center) in maryland (using swann dvr/cameras- will switch to qsee) with no internet available.I setup another location (business auto shop) in virginia (using qsee dvr/cameras) with internet through verizon fios.I have internet through cox at home in virginia which I can view cameras remotely only to one location in virginia.
View 2 Replies
View Related
Jan 26, 2011
We purchased a database program which has 3 licenses attached. This is a small non-profit org. We would all like to be able to use the program from our homes. What is the best way for all to share and update data to the same database? Would we all be able to work on it simultaneously?
View 2 Replies
View Related
Feb 6, 2013
why one of my two offices experiences significantly slower speeds when accessing the web. I'm a complete technology simpleton, so I haven't been able to figure out a logical reason for it. Here's the scenario:
Office 1..................................................Office 2
==========..........................................===========
Comcast Business.....................................Comcast Business
tests at 33 mbps down..............................tests at 7 mbps down
tests at 6 mbps up....................................tests at 3 mbps up
6 CPUs access Linksys SR216 10/100 switch..6 CPUs access 3Com Office Connect Ethernet Hub
switch accesses Comcast modem.................hub accesses Comcast modem
My laptop, and all other CPUs, perform significantly faster at Office 2.
Is it the difference between the switch at Office 1 v the hub at Office 2? I always thought they were sort of the same thing. I know I've taken some of the cables out of the switch in Office 1 and put them directly into the Comcast Modem and haven't seen any improvement.
Why on earth does my laptop perform so much better at Office 2. I've also moved desktops to Office 2 and they are noticeable faster at that location as well. I'm stumped. We access a major company's web site for account servicing, and it is twice as fast at Office 2...while using the exact same laptop.
View 3 Replies
View Related
Jun 21, 2011
I work as a systems administrator for a global company and currently right now all my end users which is roughly 300 all use VPN from there office location to dial back into the server or use terminal server. I would like to know how to connect there locations back to main site without using VPN. What would be the cheapest and or easiest method to complete this.
View 1 Replies
View Related
Dec 2, 2011
I set up a network drive in my computer that links to an FTP directory on my server.... However all the jpg files are showing the default jpg icon. I want to see a thumbnail of the actual image if possible. Im running windows vista and windows 7. Same issue on both. Also, I tried hard to change the network drive .ICO file.... Tried creating a shortcut and doing it that way.. still no luck.
View 1 Replies
View Related
Jul 24, 2012
I have a small home with two clusters of 2-3 devices which use the Internet - one ground floor, south corner, and the other top floor, north corner. I have a wireless router (Netgear N750) in the ground floor south connected to my cable modem. All devices in the area of the existing router are plugged into it (Cat5 cable). The devices in the top-north corner use wireless to communicate with the down-south router.
Running cable drops is not in scope for me, as we have a finished basement and I would have to blind drill horizontally across 50' of flooring and joists.
Tried running cabling through heat vents using a wireless camera mounted to a cable puller and all I did was discover some areas of my home that appeared to be four-dimensional. Attic not accessible in locations required for cable drops.Tried powerline devices and performance was much worse than wireless - I know that's a major YMMV situation but the Netgear ones I tried had like 5 Mbps connection rates. I also could not connect from other outlets - I have read if you had electrical work installed and have new lines run it can impact powerline performance. That may be the case in my home.
My questions:
A. I have OK to poor signal strength in top-north and top rate is ~ 150 MBps off what is supposed to be 300N router. Would I get better performance if I installed a wireless router in top-north and connected the top-north devices to it? Down-south performance is fine so it's not the cable modem/internet connection.
B. I believe I'd set top-north router up as a wireless client. I've experimented with Tomato and DD-WRT but don't know how to evaluate. Any tradeoffs I should know about?
C. Any networking changes I should consider if I go with such a topology? (MTU, who does DNS, etc). Currently use router as source for DHCP and DNS lookups. Should I limit which router wireless devices may connect with?
View 1 Replies
View Related
Jan 1, 2011
I have a 100MB pipe coming.I have one ASA5505. This is the current backbone to the whole system.I want to send internet to 16 different locations via microwave dishes.So, many problem is my pipe is 100 Mbps , want to cut that large pipes into a bunch of small pipes. Per pipe 2 Mbps.So, I can send this B.W ( 100 Mbps ) to 50 Users.
I have only ASA 5505 and L2 switch for Vlan purpose. I heard by using RADIUS server we can do this but I don't know how to do. IF yes, then some Docs regarding that one.
View 2 Replies
View Related
Jan 27, 2012
I have three computers in a Workgroup and I can transfer files through all the computers properly. However I cant set up permissions to who can access these files. The three computers are Windows 7 64bit desktop, Windows 7 64bit laptop, Windows XP Professional 32bit desktop.
What I tried so far...
Right-click on folder I wanted to share
Click on Sharing Tab
Click on Advanced Sharing>Permissions>Add...>Locations
I only see the name of the local computer, I don't see the two other computers on the network. The window looks similar to this, how I can find the other computers in my network, in the locations window.
View 10 Replies
View Related
Apr 1, 2013
I have a home office with multiple VLANS/subnets I have many VPNs that connect only a specific subnet to a specific remote offfice. On a 5520, can I create a S2S VPN to different remote offices that have the same IP scheme, but from different home office subnets? For example at my home office let's say I have two independant, distinct VLAN/subnets: 192.168.140.0/24 and 192.168.150.0/24. Can I create an S2S from the 140 subnet to a remote office with a 10.10.10.0 addressing scheme and another S2S from the 150 subnet to a totally different office also with a 10.10.10.0 scheme?
View 1 Replies
View Related
Sep 11, 2012
Im running windows 7 home premium. I have a Dell Latitude D360. My laptop will connect at home or at family's wifi however it will not connect at school. There are two available wifi connections and it will not connect to either. I have followed my university's instructions to connect to the internet but no good. When I run troubleshooter the error says "unable to configure ip address" or something along those lines. I have reinstalled the network adapter, changed firewall setting. I have tried just about anything I can think of.
View 1 Replies
View Related
Sep 11, 2012
I've been looking into posibilities for extending a DMVPN (already implemented) with very small (1-2 user) remote locations over a single ISP link.I would like to use what is basically the smallest Cisco router that supports DMVPN and EIGRP (stub) - here's a sample configuration:I know that the 881 can accomplish the above without issues (if it has Adv IP Services as licensing).I would like to know if I can use the smaller routers (physically smaller, that is) for a similar configuration. Can the Cisco 819 router.URL provide the same functionality? What about the Cisco 866VAE router URl.
View 1 Replies
View Related
Feb 11, 2011
setting up networks with multiple locations and multiple wireless points.For example: My sisters' home has here modem in her main computer room, it has a Belkin router hooked to the modem. Then a line goes from there to my nephew's room where I tried to expand their network by adding another router. I really just wanted an access point, but they don't seem to sell these as much as they used to. Anyway, I had it working, but it was two different networks, NETWORK1 and NETWORK2. So they had to swap networks when moving around the house. what would be the best hardware setup to provide both sides of the house with some Hardwired access as well as wifi access? Right now, we have two routers, a DIR615 (or something like that) and a Cisco E1000, and again hardwire going from the main computer room to my nephew's room.Also, in my house, I have lots of stuff... I have an Actiontec Router from FIOS, feeding a small hub as well as a switch in my main room. Which then feeds a Ps3, Wii, laptop, Denon reciever, and Access Point... and also feeds my Apple TimeCapsule, which also feeds my printer. My wireless devices range from cameras, iphones/ipads, and a wifi unit (I forget what it's called, but it connects my DVR wirelessly to my network, and the DVR itself doesn't have wifi).
my question about my setup is, should everything be on one network... as in let the ActionTec handle most of the duties and use switchers and accesspoints to extend the network. Should everything be on the same wireless network and channels? Like if I used my access point to extend, do I want the same settings as my main wireless router, and would that be the same for the Apple Airport Extreme?Also, does having all these wireless networks going create any kind of hinderance on my performance. For example, the PS3 has some sort of wifi in it... it produces a SSID, but I never connect to it. Should I make sure that's off? And in my main room, should I go with just the AirPort extreme over using it and the Wireless Access point.
View 1 Replies
View Related
Nov 12, 2011
We have a brand new Dell Insprion Q15R laptop which works fine apart from the fact that certain websites hang when we try to log on at home using our edimax router and we cant get into them. Other websites work fine. Also we have an old IBM laptop where all websites work fine. Its just the Dell that is playing up on certain sites. However if we go to somebody else's house and log on using their internet connection and router the websites in question work fine on the Dell.
Examples of the websites that we cant access at home and just hang are : argos, easyjet, national rail, expedia
View 2 Replies
View Related
Jan 10, 2012
My wifi connection seems to 'brown out' but not consistently. I just had comcast tech out yesterday and he said things seem good up to the cable modem.I just replaced my cisco e3000 with new cisco 4200. No problems when plugged into lan but my gut is telling me it still is in the "feed" and not the router. Anyway to track the latency of the broadband? See if if it comes and goes intermittently?
View 1 Replies
View Related
Jul 6, 2012
I have WLC 5508 and 18 1242 APs are connected to WLC. I am getting following error messages in all APs.
*Jul 3 02:53:18.263: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jul 3 02:53:18.320: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 3 02:53:18.326: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to
[Code]......
View 11 Replies
View Related
May 6, 2013
We are having problems with using QuickVPN to connect to our RV220W.Sometimes it works, and sometimes it doesn't. There doesn't seem to be any rhyme or reason to it. [code] The firmware version is 1.0.3.5.
View 1 Replies
View Related
Apr 3, 2011
Recently been taking my Laptop installed with Win7 Pro to a Friends and was sharing his Wireless connection from Belkin ADSL2+ wireless router and notice that every now and again the wireless connection would drop out and the only way to regain a connection to the reset the router. My friends network has two laptops on it connected wirelessly with Windows XP home edition SP3, and a Desktop PC with XP also on connected to router Via Ethernet, also a Windows Home Server and XBOX 360 also connected by Ethernet, My friend since updated his laptop to Windows 7 Home Premium and is using the Wireless connection which now finds intermittent loss of connection which can only be restored by Resetting the Router. why a Router should lose connection just by connecting a Win7 laptop wirelessly or is there more to it than that.
View 3 Replies
View Related
Jul 10, 2012
[code] Whenever I am browsing online, every once in a while the internet just cuts out. It still says I am connected to my wifi network, but there is "limited or no connectivity." Whenever it happens, everything on the network loses its internet at the same time. In the household, there is one PC (mine), one Mac (my wife's), one iPod touch, and 2 iPhones that all connect to the wifi. The vast majority of the time, when this problem occurs, simply unplugging the router and then plugging it back in fixes the issue.Sometimes however things are different. Especially lately, I sometimes get an "IP conflict" error message. It says another device on the network is using the same IP address. Sometimes with this error simply unplugging and replugging in the router works. Sometimes the router has to be reset twice before things start working again with this error. The error doesn't happen every time the disconnect occurs, but it seems to be getting more frequent lately.Sometimes the disconnect happens when I am playing an online game that requires a constant connection to the internet. Sometimes this goes as usual, where a single router reset fixes the problem. However, sometimes this situation gets more complicated. One game in particular (League of Legends, if it matters) has this problem all of the time. When the internet disconnects while this game is playing, I do not get the "limited or no internet" warning. Instead, the computer seems to think that it is connected, and that the internet is working.
During this scenario, resetting the router once is never enough. After resetting once, the wifi reconnects and now it realizes something is wrong. After the first reset, the computer seems to "realize" something is wrong after all, and I am connected to the network but this time with the "limited or no internet" warning. A second router reset after this usually fixes the problem.Last night the worst disconnect happened yet. It was in the middle of a game, and the internet cut out, with no warning on the network. After one router reset, the wifi network reconnected immediately with an "IP address conflict" error, and then I was connected with "limited or no internet" on the network. I did the second router reset as usually required, but nothing happened. After a second and a third reset, there was still a permanent "limited or no internet" warning.I tried hardlining in directly to the modem and there was still no internet. Running the network diagnostic on my laptop fixed it however and I was connected to the internet. However, wifi still would not work, even after trying the diagnostic again. Running the diagnostic came up with an error that the DNS server was not responding and so nothing could be done.This time I reset everything. Unplugged both the router and the modem and left them unplugged for 30 minutes. When I turned everything else on again, same issue. Connected to the wifi network, but "limited or no internet." I unplugged everything again, left them overnight, and this morning after plugging everything back in the internet was back.A few final points I think might be relevant:
1) When checking the system event logs, it's usually a DNS error that I get (see event logs, 1st attachment).
2) This disconnect error seems to be more prevalent when more devices are on the network. As I said, they have gotten more frequent lately, especially the IP conflict warnings, since the 2 iPhones were added a few weeks ago. 5 months ago when it was only my PC on the network, these issues were practically non-existent.
3) It's a Belkin wireless g-plus router. Model # F5D7231-4 version 1213. It is an older router.
4) This has been happening for almost a year, but just recently gotten so bad I have to get this fixed, especially after last nights that could not be reset no matter what.
5) I'm not sure the disconnects have ever happened why the PC is not connected. That may not be relevant however, because my PC is almost always on since I work from home, while the iPhones, iPod touch, and my wife's Mac are only connected periodically.
6) This error has occurred while my PC is the only device connected to the wifi network, but it seems much less frequent.
7) The time the error seems most likely to occur is when another device connects to the network, such as when my wife first gets home from work. This is not exclusive however, and the DC's can happen at any time.
I've seen that people want ping tests and ipconfig /all tests so I will post mine. I will edit my post with the same tests done the next time this dc happens. I've also included a screenshot of that xirrus wifi program. [code]
View 1 Replies
View Related
