Cisco VPN :: ASA 5520 / Define Specific IKE Proposal For Specific L2L Tunnel?
May 24, 2011
ASA 5520 running 8.0.4
Need assistance understanding how in ASDM/Configuration/Site-to-Site VPN/Connection Profiles/ "Any Entry" I can specify that I only want to offer an IKE Proposal of pre-share-aes-256-sha?
The IKE Proposal field has a number of possible options including: pre-share-aes-256-md5, pre-share-3des-md5, pre-share-aes-256-sha, pre-share-aes-192-sha, pre-share-3des-md5, pre-share-aes-sha and pre-share-3des-sha.
I am able to pick a specific IPSec Proposal w/o issue but when I attempt to do the same for the IKE Proposal, and click OK the choice does not "stick" but rather returns to the entire list as defined above.
I use a router RV082 with load balancing. My problem is when I try to access a specific site, I get the error message that my IP address changes and I can not use 2 ip address. I want to specify an ip range to always use the same WAN port.
Is it possible to enable an absolute value rate limit using QOS on a HP ProCurve 5406 switch for a particular IP range on a specific port? Is there a way to configure our HP 5406 with an absolute rate limit on "WAN" port for that server's IP range? I would like to limit it to only being capable of sending 1Mbps worth of traffic over the head end at once.Everything in the documentation points towards priority queues, which as far as I can tell, isn't really what I want.Baring accomplishing this goal using rate limiting is there a better way to prevent our services from accidentally saturating this connection?i thimkong about somthing like that:
class ipv4 rate-limit-port-A1 match ip 10.136.0.0/16 any exit policy qos port-a1-ratelimit class servers-to-be-slowed action rate-limit kbps 1000 exit interface A1 service-policy port-a1-ratelimit inI'm not sure about this.
I have a number of sites in China, they have decent inter-country connectivity but poor connectivity when going overseas.
We have a single site in China witha dedicated 1:1 leased line that has good conectivity both inside and outside of China.
All the sites in China have ASA5505 firewalls
One of our Citrix farms is hosted in the UK and although the main site with the leased line is fine accessing the farm the other sites are not. I would like to try and tunnel just the citrix connectivity via a VPN to the China head office then use their connection to get out to the farm.
how to tunnel all traffic but not just specific traffic over the VPN.
I am trying to configure an IPSEC tunnel on a 1921 router. What I hope to accomplish is that using a IP SLA that the IPSEC tunnel will only be brought up IF the normal WAN connection is not responding. My thoughts were to route the traffic that needed to come back to corporate through a loopback interface but I havent found a way to do that.
I would like to ask some question about VPN clinet and SSL VPN, on my ASA 5510 i have many tunnel-group it have around 5 tunnel-group and i have one SSL VPN,i also have user 20 user. let me show you that:
We need Solution for disabling Anti-Replay on the Firewall for a specific tunnel. ASA 8.4(2) ) does not support disabling Anti-Replay on specific Ipsec tunnel , is it true , then if we want to disable Anti-replay , what we have to do in ASA5540 .
I just started configuring AnyConnect with ASA 5520 that uses Cisco SecureACS to pass radius authentication. I configured two profiles with different split tunnel restrictions and what I discovered is that when the client connects to the ASA, they are provided a choice of these two groups (I guess there is no way to restrict this) and I can log into either one with any user account. How do I restrict this so that the user can only use one profile? Currently users capable of VPN would be placed in one specific AD group so that is what SecureACS checks. Is there a sample configuration guide to handle multiple profiles with different levels of access?
I'm trying to route all default traffic from my production environment through my ASA 5520 on the "outside2" interface.The 5520 has a site to site VPN to our DR site on the "outside/inside" interfaces via one ISP. On another ISP, interfaces "outside2/inside2" go to the internet. When I make my 3750 stack default route for the inside2 interface IP I cannot get to the internet. When it is pointed to the inside interface on my 5505, I can.
I get the following errors when I try to open google.com from a production server:Why is the 5520 trying to use the "outside" interface instead of the "outside2" interface to go out?
(Setup routing and iptables for new VPN connection to redirect **only** ports 80 and 443) Only my goal is a bit different. I am running a headless gui-less install of Ubuntu Server 12.04 that is being used for a variety of different purposes... I would like all traffic to travel un-prohibited through my ISP except for my transmission traffic. I have a VPN i subscribe to that allows me access for which I only want to direct a single port's traffic to. I am currently using a modified version of the code from the above link. My current code is below:
When PC was first attached to network, it could not ping gateway(switch). Turns out it was broadcasting for the gateway's MAC address, but never got a response. Tonnes of testing later, if I just change one number on the MAC address of the adapter, it receives a reply from the switch and can ping the gateway.
Why doesn't the native MAC address work?
Update: Just the vendor portion is the determining factor. As long as it starts with 2C-59-E5, it will not work. 2C-58-E5 will.
Update 2: Pinging anything in the same subnet works, just pinging the gateway interface of the switch doesn't happen. Tried on multiple drops, and there are other devices on those drops.
I am using win 7 in my company network , still am using a specific in my network just it turned to apipa and am changing 2 or more it cant possible still am set a new ip it set and working properly what happend to my old ip.
As per CISCO QoS document URL, IOS from 12.2(13)T support drop command in policy map. But our CISCO ASR 1013 having IOS of Version 15.2(1)S1 doesn't have drop syntax.How can we drop specific application using QoS in ASR 1013 of IOS version 15.2 and higher?,Can I allow few users for a particular application (like P2P) and drop other users based on users source IP?
I configured a Cisco 861 router to allow only youtube.com and block all other URLs. I used the below configuration but is not working. Actually everything is blocked even the access to the router. Is there any other way to acheive this requirement?
Is it possible to set up a domain specific DNS on an ASA 5510?The problem I am having is that while the site to site VPN is up the DNS servers on the main site are serving ip addresses for the remote site. Main site is on CBeyond and remote is on Time Warner so when doing an nslookup at the remote site it returns one IP address and when the remote site uses google DNS servers it returns another. The main difference being download speed (weird that it relates) as using main site DNS it was 3 hours and google DNS it took 10 minutes. I am looking for a way to serve DNS for the main site domains and for all public domains use google DNS or Time Warner DNS.
A website that I usually go to has all of a sudden stopped working for me. It is hackforums.net which I know is up because I have been on it outside of my home network. Every computer on my network will not allow me to go on hackforums.net . I have not added it to a firewall or anything. I have even set my router back to factory default and it still won't let me view hackforums.net from inside my network.
I can't view a specific site from my machine, but can from 2 others on the same network. Tried both IE(8) and FF(4) and still no luck. Running Norton AV and disabled.still no luck. Flushed DNS as well as rebooted. Still no luck. Was able to access at will 3 days ago, but not now.
I've gone through a variety of diagnostics and I honestly don't know what to think. It's not my computer, as I can access the site on this computer on a different network. It's likely not the whole of my LAN network either, because my kindle can access the site through it. I can always access it on this computer with a proxy as well. I can ping it fine, and tracert it equally as well.I've tried everything from socket fixes, DNS flushes, getting new WAN IP addresses. When I got a new WAN IP address the first time the site was accessible once, and then it stopped again after that. I can't clone the MAC address from the router, because it doesn't allow it.
I have a network at home with 3 wired pc's and 2 laptops I usually connect through wifi and occasionally hard wire. The setup is one router, one switch and a wireless access point. I just added one new pc and I am having a specific problem with that pc and one of the laptops. The transfer speeds are really slow between this one pc (seemed capped at 30kbits) and the one laptop whether through wifi or hard wire and the issue is both ways. Both have absolutely no issues with any other computer on the network and transfer files without any issues. Both are win7 ultimate.
For some reason, there is a specific website that I cannot access. I am a member of the website and they have a community forum for contacting them and requesting support, but obviously I cannot contact them if I cannot access their site!
The website is [URL]. I read in another post that I should do the TRACERT command and post the results so I am doing that here.
Ever since last night ive not been able to get onto a site that i use every single day. I can get on the site through my 3g on my phone and ive tried it round my friends house and it works perfectly.Tried releasing and renewing my IP Address, no effect and have just ran a Tracert:
Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:UsersMatty>tracert olbg.com Tracing route to olbg.com [18.104.22.168]
I was trying to enter Minecraft but none of my browser could connect. If I connected through hidemy***.com it would load normally. When I try to join any server through the game, it gives me an error. If I change to my other network it doesn't connect, but I can if I use another OS or computer
I have a g74s Upgraded laptop, very fast, best computer BY FAR in my house. We just got new internet, modem and everything. Every computer in the house has about 6mb/s download speed, mine varies from 800-1.6mb. I am the closest in the house to the router, and I even plug it in directly and that doesn't even work. My ping is over 800 -_- I also cant watch any videos. Just black screens. But the really messed up part, I took my laptop to my friends house, and everything worked perfectly as it should. I tried disabling firewalls and everything, I just can't do anything here. I don't really download anything, Ive cleared my cookies, everything, I pretty much just play starcraft, and I can't like this.
all of a sudden my browser wont let me load this one certain site (Pwctoday.com). I think my internet is blocking it because i cant even go on my phone that is connected to my wifi. Also i have tried other browsers. Still doesn't workPS: I go on this website almost everyday. And i verified the site is working on my friends computer. So maybe my router is blocking it??
After not using my computer for a week due to illness I've turned it on to discover that it cannot connect to the wifi network that has been working fine for the last few months. The network is shared and I don't personally have access to the router, and the network administrator is away at the moment so I can only attempt solutions at my end.It seems it might be an IP configuration issue. Network diagnostics gave me the error message "Wireless Network Connection 4 doesn't have a valid IP configuration", as well as one or two other IP-themed error messages.
My computer thinks it's connected. It says I'm connected to the network and that I have internet access, but there's no actual connectivity.Finally, weirdly, I did seem to manage to connect briefly at one point. It took about three minutes to load the Google homepage and then dropped again. I have no idea what the significance if any of that is.I know the following for sure:
- the wifi network does work; I'm using it on my laptop right now
- the network adapter on my computer also works, it can connect to the wifi hotspot on my phone
I don't think this is specifically an internet explorer problem but i could not figure out which category it could have gone in. A few months ago random websites started becoming completely inaccessible to my internet connection, no matter how often i would try. The most recent one to have happened allowed me to connect just yesterday, but today i cannot connect to the website from this connection. I was able to connect to the website when i used the computer at a friend's house.
Ever since last night ive not been able to get onto a site that i use every single day. I can get on the site through my 3g on my phone and ive tried it round my friends house and it works perfectly.Tri[CODE]