Cisco VPN :: ASA 5520 / Define Specific IKE Proposal For Specific L2L Tunnel?
May 24, 2011
ASA 5520 running 8.0.4
ASDM v.6.1
Need assistance understanding how in ASDM/Configuration/Site-to-Site VPN/Connection Profiles/ "Any Entry" I can specify that I only want to offer an IKE Proposal of pre-share-aes-256-sha?
The IKE Proposal field has a number of possible options including: pre-share-aes-256-md5, pre-share-3des-md5, pre-share-aes-256-sha, pre-share-aes-192-sha, pre-share-3des-md5, pre-share-aes-sha and pre-share-3des-sha.
I am able to pick a specific IPSec Proposal w/o issue but when I attempt to do the same for the IKE Proposal, and click OK the choice does not "stick" but rather returns to the entire list as defined above.
View 2 Replies
ADVERTISEMENT
Oct 25, 2011
I use a router RV082 with load balancing. My problem is when I try to access a specific site, I get the error message that my IP address changes and I can not use 2 ip address. I want to specify an ip range to always use the same WAN port.
View 2 Replies
View Related
Jul 1, 2012
Is it possible to enable an absolute value rate limit using QOS on a HP ProCurve 5406 switch for a particular IP range on a specific port? Is there a way to configure our HP 5406 with an absolute rate limit on "WAN" port for that server's IP range? I would like to limit it to only being capable of sending 1Mbps worth of traffic over the head end at once.Everything in the documentation points towards priority queues, which as far as I can tell, isn't really what I want.Baring accomplishing this goal using rate limiting is there a better way to prevent our services from accidentally saturating this connection?i thimkong about somthing like that:
class ipv4 rate-limit-port-A1
match ip 10.136.0.0/16 any
exit
policy qos port-a1-ratelimit
class servers-to-be-slowed action rate-limit kbps 1000
exit
interface A1 service-policy port-a1-ratelimit inI'm not sure about this.
View 4 Replies
View Related
Dec 18, 2012
I have a Router 2801 with the run conf :
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.63
ip dhcp excluded-address 192.168.1.192 192.168.1.254
!
[code]....
I want to assign a specific IP to a specifig host by MAC .. for example i want the ip 192.168.1.10 to be assign to the host "client1" by mac.I've been creating a new dhcp pool static:
!
ip dhcp pool static
host 192.168.1.10 255.255.255.0
hardware-address xxxx.xxxx.xxxx
client-name client1
!
but the "client1" is still taking other ip.
View 10 Replies
View Related
May 20, 2012
I have a number of sites in China, they have decent inter-country connectivity but poor connectivity when going overseas.
We have a single site in China witha dedicated 1:1 leased line that has good conectivity both inside and outside of China.
All the sites in China have ASA5505 firewalls
One of our Citrix farms is hosted in the UK and although the main site with the leased line is fine accessing the farm the other sites are not. I would like to try and tunnel just the citrix connectivity via a VPN to the China head office then use their connection to get out to the farm.
how to tunnel all traffic but not just specific traffic over the VPN.
View 3 Replies
View Related
Aug 2, 2011
I am trying to configure an IPSEC tunnel on a 1921 router. What I hope to accomplish is that using a IP SLA that the IPSEC tunnel will only be brought up IF the normal WAN connection is not responding. My thoughts were to route the traffic that needed to come back to corporate through a loopback interface but I havent found a way to do that.
View 1 Replies
View Related
May 13, 2011
I would like to ask some question about VPN clinet and SSL VPN, on my ASA 5510 i have many tunnel-group it have around 5 tunnel-group and i have one SSL VPN,i also have user 20 user. let me show you that:
1- tunnel-group Staff-VPN remote-access
2- tunnel-group Manager-VPN remote-access
3- tunnel-group normalstaff-VPN remote-access
4- tunnel-group guest-VPN remote-access
5- tunnel-group other-VPN remote-access
and tunnel-group sslgroup type remote-access
and i have user around 20 user and i want to specific user to tunnel-groups like this
1- tunnel-group Staff-VPN remote-access
username AAA password AAA
username AAA01 password AA01
2- tunnel-group Manager-VPN remote-access
username BBB password BBB
username BBB01 password BBB01
3- tunnel-group normalstaff-VPN remote-access
username CCC password CCC
username CCC01 password CCC01
5- tunnel-group other-VPN remote-access
username DDD password DDD
username DDD01 password DDD01
So, How can i manag tunel-groups with user?
View 3 Replies
View Related
Dec 5, 2011
i have a Ipsec tunnel between a ASA 5510 (Uk) & a router (France) that seems to be going down a specific times during the day. I have attached the sys log as well.
I cannot seem to copy & paste the config onto here for some reason so i have attched the configs, Ipsec details & syslog details from the asa.
View 3 Replies
View Related
Sep 23, 2012
We need Solution for disabling Anti-Replay on the Firewall for a specific tunnel. ASA 8.4(2) ) does not support disabling Anti-Replay on specific Ipsec tunnel , is it true , then if we want to disable Anti-replay , what we have to do in ASA5540 .
View 4 Replies
View Related
Feb 10, 2010
I am having ASA firewall 5520. I want to block yahoo mail, gmail using regex for particular users only.
View 5 Replies
View Related
Feb 6, 2013
I just started configuring AnyConnect with ASA 5520 that uses Cisco SecureACS to pass radius authentication. I configured two profiles with different split tunnel restrictions and what I discovered is that when the client connects to the ASA, they are provided a choice of these two groups (I guess there is no way to restrict this) and I can log into either one with any user account. How do I restrict this so that the user can only use one profile? Currently users capable of VPN would be placed in one specific AD group so that is what SecureACS checks. Is there a sample configuration guide to handle multiple profiles with different levels of access?
View 3 Replies
View Related
Jun 1, 2011
I'm trying to route all default traffic from my production environment through my ASA 5520 on the "outside2" interface.The 5520 has a site to site VPN to our DR site on the "outside/inside" interfaces via one ISP. On another ISP, interfaces "outside2/inside2" go to the internet.
When I make my 3750 stack default route for the inside2 interface IP I cannot get to the internet. When it is pointed to the inside interface on my 5505, I can.
I get the following errors when I try to open google.com from a production server:Why is the 5520 trying to use the "outside" interface instead of the "outside2" interface to go out?
View 6 Replies
View Related
Jun 10, 2013
(Setup routing and iptables for new VPN connection to redirect **only** ports 80 and 443) Only my goal is a bit different. I am running a headless gui-less install of Ubuntu Server 12.04 that is being used for a variety of different purposes... I would like all traffic to travel un-prohibited through my ISP except for my transmission traffic. I have a VPN i subscribe to that allows me access for which I only want to direct a single port's traffic to. I am currently using a modified version of the code from the above link. My current code is below:
#!/bin/sh
sleep 200
DEV1=eth0
[Code].....
View 1 Replies
View Related
May 26, 2013
Switch is a Nortel 5520
PC is Windows 7, with Intel 82579LM adapter
When PC was first attached to network, it could not ping gateway(switch). Turns out it was broadcasting for the gateway's MAC address, but never got a response. Tonnes of testing later, if I just change one number on the MAC address of the adapter, it receives a reply from the switch and can ping the gateway.
Why doesn't the native MAC address work?
Update: Just the vendor portion is the determining factor. As long as it starts with 2C-59-E5, it will not work. 2C-58-E5 will.
Update 2: Pinging anything in the same subnet works, just pinging the gateway interface of the switch doesn't happen. Tried on multiple drops, and there are other devices on those drops.
View 1 Replies
View Related
Nov 4, 2012
I need to check and possibly change which Network address is allowed down a tunnel and check our Phase 2 IPSEC proposal. How would I do this on a VPN3000?
View 3 Replies
View Related
Nov 23, 2012
I am using win 7 in my company network , still am using a specific in my network just it turned to apipa and am changing 2 or more it cant possible still am set a new ip it set and working properly what happend to my old ip.
View 3 Replies
View Related
Sep 15, 2012
As per CISCO QoS document URL, IOS from 12.2(13)T support drop command in policy map. But our CISCO ASR 1013 having IOS of Version 15.2(1)S1 doesn't have drop syntax.How can we drop specific application using QoS in ASR 1013 of IOS version 15.2 and higher?,Can I allow few users for a particular application (like P2P) and drop other users based on users source IP?
View 2 Replies
View Related
Feb 27, 2013
I configured a Cisco 861 router to allow only youtube.com and block all other URLs. I used the below configuration but is not working. Actually everything is blocked even the access to the router. Is there any other way to acheive this requirement?
class-map match-any YOUTUBE
match protocol http host *youtube.com*
class-map match-all YOUTUBE-ONLY
[Code].....
View 2 Replies
View Related
Feb 17, 2013
Is it possible to set up a domain specific DNS on an ASA 5510?The problem I am having is that while the site to site VPN is up the DNS servers on the main site are serving ip addresses for the remote site. Main site is on CBeyond and remote is on Time Warner so when doing an nslookup at the remote site it returns one IP address and when the remote site uses google DNS servers it returns another. The main difference being download speed (weird that it relates) as using main site DNS it was 3 hours and google DNS it took 10 minutes. I am looking for a way to serve DNS for the main site domains and for all public domains use google DNS or Time Warner DNS.
View 3 Replies
View Related
Feb 28, 2011
A website that I usually go to has all of a sudden stopped working for me. It is hackforums.net which I know is up because I have been on it outside of my home network. Every computer on my network will not allow me to go on hackforums.net . I have not added it to a firewall or anything. I have even set my router back to factory default and it still won't let me view hackforums.net from inside my network.
View 6 Replies
View Related
Jul 6, 2011
I can't view a specific site from my machine, but can from 2 others on the same network. Tried both IE(8) and FF(4) and still no luck. Running Norton AV and disabled.still no luck. Flushed DNS as well as rebooted. Still no luck. Was able to access at will 3 days ago, but not now.
View 1 Replies
View Related
Sep 22, 2012
I've gone through a variety of diagnostics and I honestly don't know what to think. It's not my computer, as I can access the site on this computer on a different network. It's likely not the whole of my LAN network either, because my kindle can access the site through it. I can always access it on this computer with a proxy as well. I can ping it fine, and tracert it equally as well.I've tried everything from socket fixes, DNS flushes, getting new WAN IP addresses. When I got a new WAN IP address the first time the site was accessible once, and then it stopped again after that. I can't clone the MAC address from the router, because it doesn't allow it.
View 7 Replies
View Related
Jul 10, 2012
I have a network at home with 3 wired pc's and 2 laptops I usually connect through wifi and occasionally hard wire. The setup is one router, one switch and a wireless access point. I just added one new pc and I am having a specific problem with that pc and one of the laptops. The transfer speeds are really slow between this one pc (seemed capped at 30kbits) and the one laptop whether through wifi or hard wire and the issue is both ways. Both have absolutely no issues with any other computer on the network and transfer files without any issues. Both are win7 ultimate.
View 2 Replies
View Related
Feb 14, 2011
For some reason, there is a specific website that I cannot access. I am a member of the website and they have a community forum for contacting them and requesting support, but obviously I cannot contact them if I cannot access their site!
The website is [URL]. I read in another post that I should do the TRACERT command and post the results so I am doing that here.
View 4 Replies
View Related
Jul 20, 2012
I am unable to connect to facebook with any reliability. It will go to the site every once in a while but I would say a very small success rate.
I don't have this problem with any other website and my hosts file hasn't blocked facebook.
Also when I enter the url and press enter, it goes to a google search with a very long url, this doesn't happen with any other url.
View 1 Replies
View Related
May 26, 2012
Ever since last night ive not been able to get onto a site that i use every single day. I can get on the site through my 3g on my phone and ive tried it round my friends house and it works perfectly.Tried releasing and renewing my IP Address, no effect and have just ran a Tracert:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:UsersMatty>tracert olbg.com
Tracing route to olbg.com [164.177.153.185]
[code]...
View 1 Replies
View Related
Mar 27, 2012
I am having trouble connecting to Articles - Articles - Dirt Nap Gaming on my computer. I've contacted the site and no intentional IP block by them.
View 2 Replies
View Related
Sep 10, 2011
I was trying to enter Minecraft but none of my browser could connect. If I connected through hidemy***.com it would load normally. When I try to join any server through the game, it gives me an error. If I change to my other network it doesn't connect, but I can if I use another OS or computer
View 2 Replies
View Related
Oct 2, 2012
I have a g74s Upgraded laptop, very fast, best computer BY FAR in my house. We just got new internet, modem and everything. Every computer in the house has about 6mb/s download speed, mine varies from 800-1.6mb. I am the closest in the house to the router, and I even plug it in directly and that doesn't even work. My ping is over 800 -_- I also cant watch any videos. Just black screens. But the really messed up part, I took my laptop to my friends house, and everything worked perfectly as it should. I tried disabling firewalls and everything, I just can't do anything here. I don't really download anything, Ive cleared my cookies, everything, I pretty much just play starcraft, and I can't like this.
View 3 Replies
View Related
Sep 30, 2012
all of a sudden my browser wont let me load this one certain site (Pwctoday.com). I think my internet is blocking it because i cant even go on my phone that is connected to my wifi. Also i have tried other browsers. Still doesn't workPS: I go on this website almost everyday. And i verified the site is working on my friends computer. So maybe my router is blocking it??
View 5 Replies
View Related
Dec 20, 2012
After not using my computer for a week due to illness I've turned it on to discover that it cannot connect to the wifi network that has been working fine for the last few months. The network is shared and I don't personally have access to the router, and the network administrator is away at the moment so I can only attempt solutions at my end.It seems it might be an IP configuration issue. Network diagnostics gave me the error message "Wireless Network Connection 4 doesn't have a valid IP configuration", as well as one or two other IP-themed error messages.
My computer thinks it's connected. It says I'm connected to the network and that I have internet access, but there's no actual connectivity.Finally, weirdly, I did seem to manage to connect briefly at one point. It took about three minutes to load the Google homepage and then dropped again. I have no idea what the significance if any of that is.I know the following for sure:
- the wifi network does work; I'm using it on my laptop right now
- the network adapter on my computer also works, it can connect to the wifi hotspot on my phone
View 2 Replies
View Related
Jan 6, 2012
I don't think this is specifically an internet explorer problem but i could not figure out which category it could have gone in. A few months ago random websites started becoming completely inaccessible to my internet connection, no matter how often i would try. The most recent one to have happened allowed me to connect just yesterday, but today i cannot connect to the website from this connection. I was able to connect to the website when i used the computer at a friend's house.
View 19 Replies
View Related
May 26, 2012
Ever since last night ive not been able to get onto a site that i use every single day. I can get on the site through my 3g on my phone and ive tried it round my friends house and it works perfectly.Tri[CODE]
View 1 Replies
View Related
