Cisco VPN :: ASA 5520 / Accessing A Subnet Via VPN Session?
Jul 23, 2012
I've got a remote site which is connected to the headquarters via VPN site to site IP Sec tunnel. When I am in my office I have no problem to reach the remote network, but, when I try to connect to the remote network via VPN client, I can't reach it.in the remote office I've hot a Router 3800 (Cisco IOS Software, 3800 Software (C3845-DVENTERPRISEK9-M), Version 12.4(13c), RELEASE SOFTWARE (fc2)) in the headquarters I've got an ASA 5520 Version 8.0(3) I've chequed access-list, and network objects and it seems everythink ok.
local network: 10.30.0.0 0.0.0.0
remote network 10.31.0.0 0.0.0.0
ASA
object-group network remote-network
network-object 172.16.27.0 255.255.255.0
[code]....
View 3 Replies
ADVERTISEMENT
Sep 9, 2012
I have a Netgear modem/router [DGN1000] (192.168.0.x) that serves as a the router for network 1 and also as the internet gateway. I have a Cisco [E4200] (192.168.1.x) router connected to the Netgear modem via the WAN port on the Cisco. This serves as the router for network 2.
DHCP is turned on for both routers. I can access all devices on network 1 using any device o network 2 including the Netgear modem configuration page, but I cant access any device on network 2 from network 1. Is it possible to have access to devices from both networks? [URL]
View 3 Replies
View Related
Mar 28, 2013
I recently installed a couple of Cisco Aironet 3600 Series Wireless Access Points at a remote site. While I was at the site everything seemed OK, The clients were able to get connected to the access points, the guest network worked fine, I could SSH into the access points, and I could ping them. The problem is when I went back to my home site I tried to SSH into the access points through an ASA IPSec VPN Tunnel and it couldn’t find it. When I try to ping the access points they “time out”. I can ping and connect all other addresses (via RDP, HTTP, etc..) on the same subnet which should rule out an access list problem. A couple of notes to be aware of:
The WAP’s have the Autonomous IOS installed (Version 15.2(2)JB) The WAP’s are connected to Dell PowerConnect 5724 (Not by choice.. We are a Cisco shop, these were already there and have plans this year to replace)
I can ping and SSH with Putty to the WAP’s from the local subnet I cannot ping or SSH from a remote subnet to the WAP’s. I can access all other IP’s and Computers from a remote subnet.
View 12 Replies
View Related
Jul 20, 2011
how to reset old TCP session on cisco ASA 5520?
View 2 Replies
View Related
Jun 4, 2012
I have inherited the support of an ASA5520 running 8.0(3)12 code and I believe I have a pretty simple question here that I haven't been able to figure out on my own. I have a few users that connect to the box via IPSEC VPN client connections. They want to be able to leave up a RDP based connection, for monitoring purposes, for a most of the day, but thier RDP connection keeps getting discounnted after a few hours. The VPN connection never gets disconnected, just the RDP session running through it. I have another box running 8.0(4) code and they can leave up the RDP sessions as long as they like without getting disconnected from the server(s). I have compared the configs of both boxes and don't see any glsring differences in regards to the configuration that would cuase the RDP sessions to either to stay up or be disconnected after an inactivity type scenario.
What to look for in regards to identifying the timer that is disconnecting the RDP session after a period of time.
View 2 Replies
View Related
Sep 1, 2011
Per PCI & company policy all VPN users have a 12 hour session limit. They will disconnected after 12 hours regardless of use. Is there any way to send a message prior to the 12 hour limit to warn the users that they will be disconnected in x minutes? I'm running SSL VPN on a ASA 5520 ver 8.4(1)
View 1 Replies
View Related
Jun 5, 2012
I have an ASA 5520 for my firewall. (ver 8.0(4))I have an external hyperlink that works from dsl at home but not from behind my corperate firewall.When I filter my real-time log viewer for this destination address I see the build up and immediate teardown of the session.The log indicates the teardown was initiated from inside.The informational alerts are
Built outbound TCP connection 726440542 for outside:201.116.168.172/6666 to inside:172.16.x.x/3586 (65.204.x.x/52001)
Teardown TCP connection 726440542 for outside:201.116.168.172/6666 to inside:172.16.x.x/3586 duration 0:00:00 bytes 77 TCP Reset-I
Reset-I means that something (the firewall or my pc which is the source) is telling the firewall to end the session.
View 2 Replies
View Related
Oct 29, 2012
I have a problem on a Cisco ASA5520 version 8.2(5). A customer has set up a syslog to keep tracks of tcp sessions made by vpn users. On the syslog we filter %ASA-6-302013 and %ASA-6-302014 log messages, respectively: Built inbound TCP connection and Teardown TCP connection. When the connection is made by a vpn user, at the end of the log line you see the vpn username which should be the same in both the messages for the same connection. I have verified that when a user, let's say UserA, disconnects from the vpn, their tcp sessions are not properly closed; if another user, let's say UserB, establish a VPN immeditaely after and gets the same IP address previously assigned to UserA, the log sessions are recored with UserA in the %ASA-6-302013 message and UserB in the %ASA-6-302014 message. I presume this is due to the fact the tcp sessions are not tore down when the first user disconnects and it looks like a bug to me but I didn't find it referenced anywhere. Is there a way to have all tcp session tore down when a user disconnects the VPN connection?
View 2 Replies
View Related
Jul 7, 2012
i have user connected to office using Cisco vpn client , Cisco asa 5520 acts as vpn gateway, frequently the users got disconnected from the server while the VPN still established and not disconnected!
what is the cause of the issue , where the fault is located ? how to start the troubleshooting to figure out the issue?
View 1 Replies
View Related
Mar 10, 2013
We have ASA5520 and we want to configure a VPN IPSEC profile so that a partner of ours can access only a server and only on HTTP port.I've tried configuring split tunneling with an Extended ACL but probably I'm missing something. I just configured the ACL so that it included any source to our server's IP on HTTP port but when testing, it didn't work.
However, if I configure a Standard ACL on the split tunneling I can access the server and all the services it provides.Do you know if I'm missing anything on the Extended ACL configuration?
Should I configure this any other way?
View 6 Replies
View Related
Jun 14, 2011
I have two Cisco ASA 5520's running software version 8.2(2) set up in a HA pair. The L2L vpn is set up and works as expected between this site and another. The issue is that every few months, one subnet of the VPN, the same one all the time, stops forwarding/receiving traffic. The device in the remote location is not a Cisco device but I am certain the issue lies with the ASA as when I fail over to the slave device the VPN works again, failing back again however stays with the subnet still not passing traffic. I need to reboot the device before it starts forwarding traffic on the subnet again.
View 3 Replies
View Related
Sep 7, 2011
verify if the ASA 5520 CSC module way of applying security policy (http, smtp, pop3, etc.) is per network/subnet or group of users? Based on my understanding through reading, web and email protection profile/config is global. It will be the same to every network user that is redirected via service-policy config on the ASA.
Scenario: I have two VLAN, guest and employee. Of course guest and employee have different web filter profile. Can i configure it such that guest web-filter profile is not just strict while employee's access is limited only to productive internet sites.
View 5 Replies
View Related
Apr 1, 2013
I have a home office with multiple VLANS/subnets I have many VPNs that connect only a specific subnet to a specific remote offfice. On a 5520, can I create a S2S VPN to different remote offices that have the same IP scheme, but from different home office subnets? For example at my home office let's say I have two independant, distinct VLAN/subnets: 192.168.140.0/24 and 192.168.150.0/24. Can I create an S2S from the 140 subnet to a remote office with a 10.10.10.0 addressing scheme and another S2S from the 150 subnet to a totally different office also with a 10.10.10.0 scheme?
View 1 Replies
View Related
Mar 14, 2011
I recently faced an issue at work. Clients want to make ipsec site-to-site vpn redundant. I have 2-asa-5520 working in a stack. Is it possible to configure site-to-site vpn in a redundant mode, like first peer ip address is x.x.x.x and secondary is y.y.y.y (backup) ?
View 1 Replies
View Related
Aug 3, 2012
What I am trying to do is I have one switch with say a 10.1.9.1 sub-net I need to have one of the ports to be trucked with two vlans one for DSL and the other for a local connection with the sub-net of 10.1.5.1 both of the sub-nets are configured in the core as 9 and 5 so I have port 0 set up as a trunk and it is set up as ge-0/0/0.0 vlan_5, vlan_192 on the 10.1.9.1 subnet switch. The DSL is working but the local is not pulling a 10.1.5.1 IP and has no connectivity. Everything looks as if it is configured correctly but still the DSl is working but not the Local connection.
View 2 Replies
View Related
Feb 28, 2011
Is it possible to log when a user connects/disconnects their VPN session? They are connecting to an asa 5510.
View 5 Replies
View Related
Nov 14, 2012
I have Any Connect (ver 3.1.01065) configured on Cisco router 891. VPN is working fine from the desktop, but I also need the ability to establish a VPN connection through a RDP connection (i.e. I'm using RDP to connect to a PC which has AnyConnect installed on, then trying to establish a VPN connection). OS Windows 7 SP1 x86.I've read about changing some settings in profile file (changed the <WindowsVPNEstablishment> option to "AllowRemoteUsers". Then applied the profile to the relevant Group Policy. Connected VPN from the PC (not through RDP), so that it downloads the new profile, and then disconnected again.): url...
But this make sense to the cisco asa... I have a cisco router on the ios 15.1. I've checked the XML file on the local PC to confirm the profile has been downloaded and is has, and I can't see the AllowRemoteUsers option.So I still can't start VPN through an RDP connection. (Error is "VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established".)This also happened with the previous version of AnyConnect (2.5.xxxx).The PC's local routing tables look fine, and I can't see any conflicts that would cause the RDP session to drop.In the main window of Cisco anyconnect secure mobility client Ive noticed label: Web Authentication required.
View 1 Replies
View Related
May 8, 2011
i have a question regarding the monitor session command. I have following interfaces on my router:i want to monitor the traffic from the source interface Gi0/2 to the destination interface fa1/3,monitor session 1 source interface gigabitEthernet 0/2 brings this error message % Incomplete command.,monitor session 1 source interface gigabitEthernet 0/2?/ : <0-2>,i don't have any ports on the Gigabit Interfaces. Any ideas how to monitor traffic?
View 1 Replies
View Related
Dec 1, 2010
I have configured my Cisco 881 and finally got past the "Cannot see my network" with IPSec VPN issue.I have a usecase where I need to access the gateway from the VPN Session.When I connect to the VPN using Cisco VPN Client 4.8x, I do not get back a Default Gateway on the VPN Adapter. When I try to ping my LAN Gateway IP (10.20.30.1) it does not respond and I cannot access it with any other tools.I am pretty sure this is a very ACL issue and it makes sense to hide the gateway by default but the big question is how do I configure my router to see the Gateway and be able to access it from the VPN session?
Network Info:Internet Gateway to ISP: 192.168.68.1DNS: 192.168.2.1WAN Address for Cisco 881: 192.168.68.222LAN Address on Cisco 881: 10.20.30.1DHCP for LAN on Cisco 881: 10.20.30.10 - 10.20.30.50DHCP for IPSec VPN: 10.20.40.10 - 10.20.40.50
View 17 Replies
View Related
Nov 26, 2012
Is it possible to know the VPN usage for a particular session using Cisco ASDM 6.4? Device type is ASA 5550. ASA version 8.4
View 4 Replies
View Related
Apr 10, 2012
I have installed the ACS 5.1 and linked to my WLC, and when I enter my Logeo I agree Signature: User and password whenever you want from different devices, I want to do is only allow a user to one session at a time.
View 7 Replies
View Related
Aug 15, 2011
IPSEC VPN users are using ACS for extended authentication, whenever authentication is made, entries are available on ACS, now i need the session duration info on ACS, that means total time during which the user was active should be available.
i have enabled accounting globally on the ASA firewall through aaa accounting enable console ACS and also enable accounting in the tunnel-group itself, to which the user is using.
on ACS 5.1 ,i could not find any option / TAB that can give some information on the session duration.
View 3 Replies
View Related
Jun 2, 2012
What command sequence disconnects you from a TS session? My setup is as followsr1 > TS > 2009-2621XM 2010-3825-R1 2011-3825-R2I can connect from the TS to any of the devices. The issue is that I am telnet'd to r1 and from there telnet'd to the TS. So when I type "Crtl+Shft+6, x" I go directly back to r1 and not the TS. Furthermore if I resume the session on r1 the TS is still connected to whatever session I was in prior to disconnecting. I've experimented with the disconnect and escape characters but I'm at a loss what it is that changes this.
View 4 Replies
View Related
Nov 14, 2012
"how to monitoring VPN Login Session?" I want to the history of VPN User login to my VPN. How could I know?Which software can made me easy to monitoring and store those log in my SNMP Server? How to do that?
View 1 Replies
View Related
Aug 30, 2012
I will use function of span in sup70-3b.How many session can use in sup720-3b? For example, 2 or 4 session.
View 1 Replies
View Related
Jun 20, 2011
We are trying to configure our 2106 wireless lan controller to expire wireless users sessions so the user is not remembered indefinitely. We are using freeradius to validate the users login information and passing back a "session-timeout" avpair but the WLC seems to be ignoring this value.
How to configure the session expiration time of wireless users on a 2106?
View 2 Replies
View Related
Oct 27, 2005
My app session was working fine and i managed to see it all up and working. now that i have tried to run script commit-redundancy etc i see the session as APP_SESSION_INIT instead of up. The log shows me on the standby box now that it sees the following :
FLOW-MGR 7 - DOS-SYN ATTACK 192.168.1.1 - 192.168.1.2:5001
View 5 Replies
View Related
Mar 5, 2012
I've setup and configured the following local monitor session on a 7606 but it doesnt seem to be outputing anything. Any guess as to why, or what I might be doing wrong? Gi1/1 is doing ~40Mb/s egress & 15Mb/s ingress. Both source and destination ports are routed ports.
monitor session 10 source interface Gi1/1
monitor session 10 destination interface Gi1/10 ingress
interface GigabitEthernet1/1
description WAN Link to ********************* ** CORE BACKBONE **
mtu 9000
ip address ************** 255.255.255.252
[code].....
View 1 Replies
View Related
Apr 19, 2011
I am using site to site vpn with ASA 5550 and some users telnet to a unix macine on the the other end.
the problem appear if the session is ideal for 30s,
View 4 Replies
View Related
Jan 19, 2012
We're having trouble trying to deploy 802.1x authentication on a brand new site.
Our primary and secondary ACS are located in Paris and the new site located in Toulouse, France. Both sites are connected through the WAN. Everytime a computer/user connects to this new site in Toulouse, ACS 5.2 sends a "5411 EAP session timeout" error message.
View 9 Replies
View Related
Apr 25, 2013
I have a Cisco 5540 that terminates one end of a L2L tunnel, the remote end is a Sonicwall TZ100. The tunnel is in place to carry voice traffic and I have a need to decrypt the traffic that's been captured in .cap file using Wireshark 1.8.5. How to go about getting the session keys from either device?
View 3 Replies
View Related
Apr 5, 2011
How to terminate a vpn session on the asa 5510, when u issue the command sh vpn-sessiondb remote?
View 1 Replies
View Related
May 25, 2012
I am using ACS 5.3 for certificate based authentication for lan workstation. Now few times I received this message from ACS.5411 EAP session timed out : EAP session timed out?
View 1 Replies
View Related