Cisco VPN :: ASA 5520 / IPhone 3GS IOS V4.3 (8F190) - VPN Shared Secret Incorrect
Sep 19, 2011
how the Cisco VPN works, as i already have a post on here about not being able to connect an android device to my firewall, i am now struggling to get an Iphone 3gs iOS v4.3 (8F190) connected to the VPN Either.I have checked the Network (client) Access settings on the firewall, and confirmed the group names im after including the protocols it supports L2TP is Disabled so it looks like i can only connect via IPsec.so i fill out the required details in the IPhone but keep getting a message back from the phone
"The VPN Shared Secret is incorrect"
Now im sure i have this right as i use the same details on my laptop which connects to the VPN perfectly fine. but i am starting to bang my head against the wall, no matter what i try and do i cannot seem to get either device to connect to the firewall.i have a pair of ASA 5520 boxes running cisco software 8.2
View 4 Replies
ADVERTISEMENT
Feb 23, 2011
Getting the following error when trying to Authenticate.Check whether the Shared Secrets on the AAA Client and ACS Server, match. Ensure that the AAA Client and the network device, have no hardware problems or problems with RADIUS compatibility. Also ensure that the network that connects the device to the ACS, has no hardware problems
Where in the settings on the Cisco ACS 5.2 Appliance can you verify/change the shared secret?
View 1 Replies
View Related
May 9, 2013
We currently have a distributed PR and DR ACS 5.3 setup, set up with tacacs devices and one radius device.The radius device is used Opnet's AppResponse Xpert Admin. We are trying to intergrate AppResponse Xpert Admin with ACS.
The GUI for AppResponse Xpert Admin is asking for the radius server ip address - i.e our ACS , radius port - i.e 1812 and "secret" - I'm guessing this means the shared secret of the actual ACS itself (not the shared secret used by network devices) .
On our ACS 4.2 systems we have a field for a shared secret regarding the ACS server itself (to authorise replication?).
Using the search function for "Shared Secret" in pdf "User Guide for Cisco Secure Access Conrol System 5.3" has only found references to setting one for network devices and not a field for the ACS itself.Is a ACS server shared secret still relevant for the ACS 5.x system?
View 2 Replies
View Related
Oct 29, 2012
I have a problem on a Cisco ASA5520 version 8.2(5). A customer has set up a syslog to keep tracks of tcp sessions made by vpn users. On the syslog we filter %ASA-6-302013 and %ASA-6-302014 log messages, respectively: Built inbound TCP connection and Teardown TCP connection. When the connection is made by a vpn user, at the end of the log line you see the vpn username which should be the same in both the messages for the same connection. I have verified that when a user, let's say UserA, disconnects from the vpn, their tcp sessions are not properly closed; if another user, let's say UserB, establish a VPN immeditaely after and gets the same IP address previously assigned to UserA, the log sessions are recored with UserA in the %ASA-6-302013 message and UserB in the %ASA-6-302014 message. I presume this is due to the fact the tcp sessions are not tore down when the first user disconnects and it looks like a bug to me but I didn't find it referenced anywhere. Is there a way to have all tcp session tore down when a user disconnects the VPN connection?
View 2 Replies
View Related
Oct 3, 2011
I have an ASA 5520 with the Intrusion Prevention Module.The time displayed on the ASA is correct.The time displayed in all Intrusion Prevention gadgets is ahead exactly 4 hours.Under configuration, Time the Time Zone is correct, Eastern in my case. The sensor local time on the same page is correct and is grayed out.I only work in the ASDM as I am far from being a CLI person.I don't think the time being off is causing any issues, but it is strange.
View 1 Replies
View Related
Oct 25, 2011
I have an issue when I´m trying to authenticate my iphone&blackberry device with ASA 5520 using certificates. It seems that certificates are working fine, pass the ike phase 1 but never complete the phase 2. When i use pres hared keys everything works fine with both devices.
If you consider necessary, i can provide my current configuration in asa.
View 2 Replies
View Related
Dec 7, 2010
I have created a username and password with command username Cisco privilege 15 pass Cisco. when i telnet to switch it ask me for enable secret password?????? though i have specified a privilege level 15 to a user.Switch is authenticating with ACS and i have specified a privilege 15 to a specific user on ACS.The IOS is c2960-lanbasek9-mz.122-55.SE.
View 14 Replies
View Related
Apr 11, 2012
im having confused with those command "username (username) privilege (0-15) secret 5 (word)", what should i put into (word) part ?cause when i tried to put a "cisco" an error comes up. "privilege" command function and how that commands work?
View 4 Replies
View Related
Oct 18, 2012
I was trying to make an Ethernet cable about 100 feet long and what I found; it was not working in non-standard color scheme. However it works fine when re-arrange its color combination into standard, (Same cable, only color difference).So, why this Color scheme is important? And what is the secret behind its color combination?This is Standard Color Scheme for Ethernet.
View 3 Replies
View Related
Jun 23, 2011
Recently I came across a router (Cisco 3845, IOS 12.4) configured for TACACS, one local username and an enable password. Going through the configuration I noticed the router didn't have an enable secret password which I thought was strange. The TACACS config is below, comments regarding the TACACS config and the consequences of not having an enable secret or if there is a need for one.
aaa authentication login default group tacacs+ aaa authentication login no_tacacs enable aaa authorization exec default group tacacs+ aaa authorization commands 1 default group tacacs+ aaa authorization commands 15 default group tacacs+ aaa accounting exec default start-stop group tacacs+ aaa accounting commands 1 default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ aaa accounting network default start-stop group tacacs+
View 7 Replies
View Related
Jun 22, 2011
I'm polling a few thousand locations using IP SLA, I have responder enabled on all destinations, and I'm using 60 byte voice packets with a QoS policy.When I run an IP SLA Summary availability report, I have a bunch of locations showing 9% availability 8.5% etc. When I go to the actual collector, and pull up a graph of the same time period, that graph shows 100% availability.
Same collector, same data, just different views giving completely different results. I have to assume that the IP SLA summary report is wrong, these sites were not down 90% of the time.
Just a random though to go with that, I do have the IP SLA to only pull information during the locations operational hours, and I did pull the report from midnight to 11am, the statistics should have been gathered for 4 hours of the 11, which is still higher than 9%, and I would expect all of my locations to report like that, not just a few hundred.
All of the devices are similar in hardware and IOS, and I have verified on a handful that IP SLA responder is enabled, and I see the connections, I have also verified the source configuration via command line.
View 5 Replies
View Related
Apr 30, 2011
i want to access my application via FTP on internet. so i type the my ip address is a url.. but it will not get my ip . it ll says 421 login incorrect error ... how to solve this problem...
View 1 Replies
View Related
Jun 10, 2011
I have an older Buffalo NAS that I use as an FTP server. Never had any problems, even after I changed my ISP to Qwest DSL last week. But I had wireless problems with the modem, and they swapped out my modem, and now with the new modem, I get a 421 Login Incorrect error when it tries to connect to the FTP Server address Though this version of WS_FTP Pro is not really compatible with Windows 7, I have been using it successfully up until my modem change.It keeps giving me a "421 Login Incorrect" error. I have reset the password on the NAS, and the modem is configured to accept FTP traffic via the NAS which is connected via Ethernet to the modem. All settings are the same as on the old modem, but no FTP.
View 5 Replies
View Related
Mar 16, 2011
so I've been getting disconnected from the Internet many times in a day,can't even count it and it's starting to bug me as I have online quizzes and assessments that I need to complete each week. Whenver I get disconnected I'll have to connect again to the modem (wireless) and each time I am told that I have the wrong security key but its correct, I am sure! It's only when I switch off the modem or my computer and restart either both or one of them that I can (by luck i guess?) get the Internet back again. I've been told by a friend that my period/session expired so I can't connect..and that the modem keeps relisting/refreshing (sry forgot what the exact term was) every hour or smth? What exactly is wrong[CODE]
View 1 Replies
View Related
Apr 1, 2012
I have a NAM appliance that generates captures with incorrect timestamps. It looks like it's adding 3 extra zeros after the period, turning miliseconds into microseconds.
Here are the capture settings, and attached a sample capture.
View 1 Replies
View Related
Jun 20, 2011
I have a wi-fi adapter with incorrect MAC address FF-FF-FF-FF-FF-FF.
Adapter has a Realtek RTL8188SU chipset.
Is an any program to flash a new MAC in my adapter?
View 2 Replies
View Related
Nov 7, 2012
Incorrect password attempts in ACS 4.2.
1) Can I specify the time in "Incorrect password attempts" ? means if the 3 incorrect password attempt was made with in 05 minutes, then only the account will be locked ?
2) Is it possible to RESET automatically the "Incorrect password attempts counter" (when the account locked) into ACS?
View 0 Replies
View Related
May 13, 2012
Initially there were 3 SSIDs configured but all of them were assigned a single interface and this interface was configured with the controller management IP address as DHCP server so that the WLC could assign IP addresses to wireless clients, guns and printers etc.
Issue: As part of PCI initiative, we decided to segment the traffic in multiple subnets based on type of wireless clients; so now there are 3 interfaces configured and each SSID is assigned a specific dynamic interface and each interface is configured to use the controller management IP address as DHCP server.
There are 3 scopes configured for each of the dynamic interfaces/SSIDs and DHCP proxy is enabled but wirelss clients are still being allocated IP addresses from the original DHCP scope that was associated with the dynamic interface originally assigned to all 3 SSIDs.
I verified the following:
1. Each SSID is assigned a different dynamic interface (Users, Voice and Handhelds)
2. Each dynamic interface is configured to use controllers management IP address as DHCP server
3. DHCP scopes configured with correct network information for each dynamic interface and enabled
View 2 Replies
View Related
Oct 2, 2012
In the Ciscoview, the uplink SFP interfaces of 2960S stack are represented incorrectly. The two uplink interface should be Ten1/0/1 and Ten4/0/1 but proved to be Ten1/0/1 and Gi4/0/25. There is no 1G SFP module, so that the interface gi4/0/25 doesn't exist. [code]
View 3 Replies
View Related
Sep 15, 2011
How to Configure "Incorrect password Attempts Disable login for 30 minutes after 3 successive failed attempts" on ASA-5510???
View 3 Replies
View Related
Feb 29, 2012
I'm not sure if this is a recent issue for our setup, but I've only just noticed it. Although most authenticated users are shown by their correct user names (which are required for 802.1x authentication), a few users show up in the WCS reports as "anonymous", and one as "anonymous@myabc.com", which are not valid usernames on our network.
I can track these users by MAC via our network registration database, but have not yet figured what makes their systems unique. All three in yesterday's report are Win 7. I don't see anything strange in the RADIUS logs, but have not yet caputured "debug" traces of wireless authentication from an anonymous user.
We are running WCS 7.0.172.0 , with a pair of WLC 4402 controllers running 7.0.116.0 . Our WPA2 Enterprise auth uses TTLS/PAP, with the SecureW2 supplicant for Windows.
View 1 Replies
View Related
Sep 8, 2012
I am running Windows 7 and have a Ralink 802.11n wireless LAN card. I have had no issues with this and a month ago my roommate randomly decided to switch from Verizon to Brighthouse. This switch took 3 weeks but everything is hooked up and working (almost) fine now.
My computer picks up the wireless signal fine but when I type in the password it says the password is incorrect (Ive tried 100 times, case sensative, yada yada). That same password works fine for my roommates computer to connect and fine for my iPhone to connect. If I connect through an actual cable, the internet works fine on my desktop.It seems to me like an issue with Windows. Windows is updated and all of the appropriate drivers and updates are current as far as I can tell.
View 7 Replies
View Related
Sep 7, 2012
I am attempting to monitor bandwidth utilization of the WAN port for the RV180 via SNMP and I am getting strange results. If a 256MB file is transferred from a remote server (without compression), the ifInOctets counter doesn't increment by anything resembling 256MB:
$ snmpget -v2c -c public 192.168.1.1 IF-MIB::ifInOctets.5 IF-MIB::ifOutOctets.5
IF-MIB::ifInOctets.5 = Counter32: 365402138
IF-MIB::ifOutOctets.5 = Counter32: 32610053
[Code].....
I'm reasonably certain that the .5 interface is the WAN port based on the value of ipAdEntIfIndex.X.X.X.X, but even if that were not the case, none of the other interfaces increment by a value close to the amount of data transfered. SNMP monitoring of a WAP121 on the same subnet returns expected results. I can only assume that SNMP on the RV180 is completely broken.
The router has the latest firmware available (1.0.1.9). There is only one network connection and the RV180 is the default gateway for all internal hosts.
View 4 Replies
View Related
Jun 26, 2011
I have an ASA 5505 with software version 8.2(1). It is making DHCP requests for IPSec clients that connect to the ASA. The DHCP requests packets the ASA makes have an extra '00' appended to the hostname field, and the length field is the size of the hostname + 1. The DHCP server is Microsoft Server 2003 and this causes the hostname to be registered with an unknown character which appears as []hostname. Then when server 2003 tries to update the DNS record, it fails because of the invalid character in the hostname. Is there anyway to have the ASA have the correct length for the hostname field in the DHCP packet, or a workaround that will solve this problem?
View 5 Replies
View Related
Jun 13, 2012
When we setup a connection between two hosts we receive the message "TCP checksum incorrect" , This is between a settop box on the outside and a server inside the firewall. This STB used to communicate with the server on port 443 which is NAT-en to port 12697.With a new settop box image which uses on the inside and outside port 12697 we receive this TCP checksum incorrect on the Firewall with wireshark.
Strange is that on the outside of the firewall we see an MSS of 1460 and on the inside it is 1380 (don't know if there is a relation with this and the issue we have)
View 1 Replies
View Related
Oct 27, 2012
i have two servers that is Primary domain Controller and File Server. When i remove the client computer from the domain and try to rejoin the domain again it refuses, when i ping it replies. i can not assess files in the file server It prompt"Logon Failure: the target account name is incorrect" Suprisingly When i logon in other clients its OK. but some clients give ths said error though the communication with the server is fine
View 1 Replies
View Related
Oct 19, 2011
i used to remote desktop connection. when i log on to remote computer it say that username or password incorrect, but i remember clearly about my password and username
View 3 Replies
View Related
Aug 6, 2012
I was upgrading the FW to 2.07 and after waiting 180 seconds, the router didn't came back, I reset the router and now got a Firmware Upgrade System Ver 1.0.0.2 Date 2009/12/07 Screen when typing 192.168.0.1. Tried to upload all the firmwares starting with 2.00NA and always got the Incorrect hardware ID image, please Check! message.. I can't get the *D-Link Router Recovery Mode* page or any other page. Looks like the firmware update wasn't successful and the router is not longing working, need to find out how to recover from a faulty firmware installation.? Also I open a case with DLink Tech Support, they told me to call Tech Support but I can't access the numbers from my country. I already answered their email like 4 times that I can't access the # and they keep telling me to call the #. Anyway what else I can do to recover the Router.
View 9 Replies
View Related
Jul 8, 2012
I am trying to setup VLANs and most of configurations are working ok now except IP address assignment from DHCP. If any computer in VLAN 120 or 130 configured with manual IP address, then all works fine. It can reach internal servers and the internet without problem.If the IP address is assigned automatically then any computer in VLAN 120 or 130 are obtaining IP address (strangely!) from VLAN 100. Because switch ports that connected to the computer belongs to VLAN 120 or 130, the computer cannot reach internal servers and the internet with ip address from VLAN 100 . All SVI interfaces for VLAN 100, 120 and 130 have ip helper-address option defined pointing to the DHCP server. No DHCP snooping enabled on all switches at this point. DHCP server have three scopes for the three different VLANs.
View 2 Replies
View Related
Feb 9, 2013
Model : TD-W8961ND
Hardware Version : V2
Firmware Version : 120703
ISP : [/COLOR]
Region : United Kingdom
Model : TD-W8961ND
Hardware Version : V2
Firmware Version : 120703
ISP : Plusnet
I bought this recently on EBay and it works fine. I have just checked the firmware version and it displays as 120703 rel 29722. This version doesn't appear amongst the downloads - the most recent is 120427. Has somebody upgraded to the wrong software? Should I upgrade to 120427?
View 1 Replies
View Related
Sep 19, 2012
I was using a wrt54gh which is no longer in working condition.. so i bought an E1200.the problem i face is when i try to restore my new router which is the E1200 frm the backup file frm my previous router the wrt54gh which is saved in my computer i get the error message " THE IMAGE FILE IS INCORRECT ".
View 4 Replies
View Related
Oct 17, 2012
I have an issue on an ASA 5510 that I have noticed today, when I am using the log viewer all of the information recorded only shows the high end source and destination ports. For example
Source IP 10.10.4.69
Source Port 59886
Destination IP 8.8.8.8
Destination Port 59866
So what seems to be happening is that I am seeing only half of the connection in the log viewer, I see the side with the high end ports and not the side with the ports the application uses, this example was done with a ping. All my services are working correctly and the client sending the ping gets the response expected, it just seems I have lost the logging display?
View 4 Replies
View Related
May 15, 2011
I am seeing Interface output drops that appera to be incorrect. When I do "Show Interface gi1/0/20", I will get interface output drops of "4294961382". But, when I do the same command again it shows "0" drops. Is this a reporting error? I am ruinning c3750-ipservicesk9-mz.122-58.SE.bin on a 3750 stack with 2 switches in the stack. [code]
View 10 Replies
View Related
