Cisco VPN :: ASA-5520 / How To Implement DAP
Oct 21, 2011
Today we have a simple ASA-5520 SVC setup with just one connection profile and one group policy. Authentication (2 factor – AD + SMS) is performed by RADIUS. We would now like allow access to this VPN service only if you reside in a particular group in the MS AD. From what I understand this can be accomplished through DAP. Either by matching the LDAP attribute “memberOf” or RADIUS id 146. I’m I right? Can I still perform authentication using RADIUS and then DAP using LDAP or must I use DAP using RADIUS?
View 3 Replies
ADVERTISEMENT
Jul 31, 2011
We are attempting to implement an ASA 5520 with a new ISP. Based on the limited routing needs, I believe we can use it as the router as well. I am familiar enough with routers, but the ASA is obviously a different thing.
The setup looks like:
ASA Version 8.2(1) !
host name Cisco
interface GigabitEthernet0/0description Internet name if Outsidesecurity-level 0ip address 69.XX.46.1 255.255.255.252 !interface GigabitEthernet0/1
description DMZnameif DMZsecurity-level 0ip address 69.XX.56.1 255.255.255.240
!interface GigabitEthernet0/2description Localnameif Insidesecurity-level 15ip address 10.0.XX.XXX 255.255.252.0
[Code] .....
1) Outside 0/0 connects to MRV from service provider (Public)
2) DMZ 0/1 connects to outside switch with servers (Public)
3) Inside 0/2 is LAN (Private)
A) Based on a completely default config and aside from setting the routes to send traffic from inside to outside, and outside to DMZ, what is the next step?
B) What should the interface security levels be, I am unsure what they should be or why...?
Based on the initial config with interfaces set as above, I cannot move traffic through.
View 5 Replies
View Related
Aug 1, 2012
We have AT&T Managed MPLS service are our datacenter and our branch office locations. AT&T has provided the routers and simply give us an ethernet connection. We also have ethernet connectivity to the internet through our datacenter...with our network being protected by an ASA 5520.Each branch location has a 29xx series router (voice gateway) and switching gear attached to their AT&T MPLS router. Some of our branches also have 3rd party cable internet service with an ASA 5505 to protect it from the internet. What I'd like to do is better utilize this cable modem/ASA5505 setup. Right now, if there were an outage, I would be connecting manually to the remote location to change static routes to point to the cable link and to configure a VPN tunnel between the remote and our DC.
View 2 Replies
View Related
Apr 4, 2011
I've got a cisco asa 5520 and setting up the NAT for multiple DMZs on it.
I want to use PAT on the outside interface.
internally ive created subinterfaces for the VLANs and connected to a trunk port on a switch.
configure NAT for this scenario. I've got only 1 external public IP address.
View 1 Replies
View Related
Feb 9, 2013
Can we implement BGP without IGP Protocol ? If yes, then how can we do it ? If no, why ?
View 11 Replies
View Related
Feb 21, 2013
How to implementation LAN network
View 2 Replies
View Related
Oct 13, 2011
We recently purchased a SF 300-48P to replace a Layer 3 3Com switch that died. I've sucessfully put the switch into Layer 3 mode and assigned ip addresses to each of the VLANs but I cannot figure out how to implement routes for those. Here's some info on our network and what the previous switch had. [code]
Not sure if this can be translated into the Cisco or not.. If i try to create an IP route like these i get errors that the Gateway can be a route.
View 5 Replies
View Related
Oct 15, 2012
Is it possible to implement ACLs in layer3 switch??
View 4 Replies
View Related
May 18, 2012
I have some Cisco 2651 routers, I was trying to implement MPLS on those routers, Can i accomplish this upgrading newer IOS version? link to download the supported IOS.
View 2 Replies
View Related
Aug 20, 2009
We want to implement an IPSec VPN between two routers cisco 2800 IOS version of what we need.
View 4 Replies
View Related
Apr 26, 2012
I am looking to upgrade an 1812J router to 1921/K9 router with 8-port double wide switch port.What's the best/easiest way to migrate the config? (We have access lists, vlans, etc. configured on the original device)Also, I'm looking for a way to prioritize traffic from an external site on the internal LAN. Reason being that I would like to prevent dropouts of interent streaming radio when Internal LAN traffic is high. If so, what's an easy way to implement on 1921?
View 1 Replies
View Related
Nov 27, 2011
I want to select catalyst 3560G for my network. But IOS SLB need to be implemented in my network. I only know catalyst 6500 series can support this feature and i am not sure whether 3560G can support this feature. what platform and IOS version i need to implement IOS SLB?
View 1 Replies
View Related
Apr 9, 2012
Required by regulations to implement CoPP on our routers, I installed the following configuration on a C2811 router pair with integrated DSU/CSU cards connecting a point T1. STAC compression(software) is configured on the serial interfaces and the link is often congested.
[code]...
This configuration severely degraded the IP traffic flow and I had to remove it. Not having any practical experince with CoPP.
View 1 Replies
View Related
Aug 27, 2012
We are in the process of implementing secondary ISP to our ASA firewall and We would like to run both ISPs in parallel so we can test until we finally cutover?
View 2 Replies
View Related
Jun 3, 2012
We are trying to implement the ZBF on our router to assist us in limiting the intial impact of DDOS attacks.We have configured the below and it appears that it's not working, as when un der attack the statistics don't increae.
[code]...
View 2 Replies
View Related
Sep 27, 2011
one of my customers wants to implement VoIP in his existing DMVPN Network Topology. I have read about the "Per-Tunnel QoS for DMVPN" but when it comes to configure it on my hub router (Cisco 7206VXR with c7200p-advsecurityk9-mz.124-15.T14.bin) I am lacking the option to set the "ip nhrp map group" command.
My question now is, is it generally not supported by the 7206VXR platform? Or can I get the option by upgrading the IOS to a newer version? If so, which one could I use ?
View 2 Replies
View Related
Nov 29, 2012
I have 1 server where i enabled dhcp server and active directory on it . I still have to install something like ISA server on it as isa doesnt support 2008 r2. point me out on the networking , like how should i connect the clients to the server. And how the wireless router and switch should be connected to the server?
View 1 Replies
View Related
Mar 13, 2013
(eth ports routing only) and a layer 2 switch into a cluster of two layer 3 switch clustered. I have looked at Cisco 3550 EMIs with HSRP but I would like to implement based on newer models of Cisco switches.
View 6 Replies
View Related
Feb 3, 2013
I am trying to implement an etherchannel on a cisco 2901 (IOS 15.1). i have already created the port-channel but i cannot assign the gig interface to the channel group.
View 1 Replies
View Related
Sep 13, 2011
I need to implement the backup between two sites I have router 2800 which is having a point to point connectivity with the far end.At the far end there is no router ,only one firewall is there on that firewall one access-list is there to allow the traffic .To implement the back up link i have created a site to site vpn .But the problem is as soon as the tunnel is establised .For the time being i have removed by site to site config from both firewall.
View 7 Replies
View Related
Nov 22, 2011
I have a 3560-48 switch running Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(44)SE3 and i need to implement basic QOS commands to the fast Ethernet interfaces as well as the gig interfaces and Also I need to create port channels on the switch and need what the port channel syntax are as well for that particular IOS version?
I have only read only access and i can't see what the QOS and Port channels syntax should be for that IOS version.
View 3 Replies
View Related
Oct 21, 2012
My client is asking can the Cisco ASA 5505 implement MAC ACL in Cisco ASA 5505 which is now running in Router Mode.I have tried to search the document and also tried the ASDM in the Cisco ASA 5505 but could not see any way to do the ACL by MAC address.At the same time how to find out that by using command line the ASA 5505 able to run MAC ACL in router mode?
View 2 Replies
View Related
Mar 7, 2012
I got a 5MBps Lease Line Connection via FAST ETHERNET PORT. i got a Cisco 1841 Router.
I want to distribute bandwidth in this ratio 2MBps/2MBps/1MBps
2MBps = Office Connection
2MBps = Computer Laboratory Connection
1MBps = WIFI Connection
1841 has only 2 Fast Ethernet ports
so im planning to add up a 2modules of 2-Port Fast Ethernet High-Speed WIC for Cisco Integrated Services Routers
View 18 Replies
View Related
Aug 17, 2011
I'm having a cow of a time trying to implement a NAT configuration after having upgraded our ASA5510 recently from IOS 8.2 to 8.4. The upgrade went fine, however we now have a need to add a new NAT rule and I'm not sure whether it's possible.
The upgraded NAT rule and access list works fine at allowing external access to a web server.
However we now need to NAT the SOURCE address (either to a pool or single address) of incoming http requests before forwarding the request to the server. Hence the server will see all requests as originating from a pool with a route heading back to the ASA. The basic issue is that the severs default gateway does not return to the ASA, so "tagging" the source address of external requests to an address or interface associated with the ASA should allow the server to return the traffic to the ASA. I know we shouldn't be doing it this way but we can't see any alternative.
Having read a huge amount of examples we can access the server with the above config (or Object NAT), and we can NAT incoming traffic,however we can't combine the two by having all external http requests Source Natted before forwarding to the server.
View 8 Replies
View Related
Mar 7, 2012
I am new to VLANs and Cisco SMB switches. I have a new SGE 2010P switch and i am trying to configure different VLANs, one for data, one for Voice and the other for server.
Is there any tutorial on how to configure VLAN, by the way i tried to used the web interface and admin guide, it totally confused my understanding of Vlans.
View 5 Replies
View Related
May 24, 2006
I am trying to implement IP SLA. Can I implement it on layer2 switches?
View 5 Replies
View Related
Jun 21, 2011
I have SGE2010 switches and I want to implement Multiple VLANs. Im a newbie and starting to study VLANS's.
I want to implement 5 VLAN's on my test lab network and here as follows:
192.168.1.x default
192.168.2.x
192.168.3.x
192.168.20.x
192.168.100.x
The .1 is exclusively for my test-lab servers.
The .2 is general test-lab Win-XP workstations.
The .3 is general test-lab Win7 worstations
The .20 is general test-lab production worstations
The .100 is for test-lab IP PHONES.
View 4 Replies
View Related
Dec 25, 2012
I am looking to implement Zone-Based Firewall on some 2900 series routers (2911 and 2921.) Based on some research I've done it looks like the cisco2911-sec/k9 and cisco2921-sec/k9 bundles should be all I need. Is this correct, or is there some other licensing component that needs to be enabled for me to implement Zone-Based Firewall?
View 2 Replies
View Related
Feb 10, 2011
How to implement ipv6 on windows 7
View 1 Replies
View Related
Oct 9, 2011
anyway to implement priority marking on the voice packets on the IP communcicator which installed in a laptop (running Data VLAN in the switch)?
View 1 Replies
View Related
Dec 6, 2011
Trying to implement HREAP over WAN between main and remote site. The WLC4402 is on main site. There will be a secondary DHCP at the remote site. Does the switch at the remote site any preparation?
View 4 Replies
View Related
Mar 6, 2013
I would like to start setting up a Cisco Wireless Lan Controller 5508 with some Cisco 1262n AP's. How to start setting this to take advantage of having this wireless lan controller? I have a DHCP server, a Cisco 6509, and Cisco 3750g that connects the access points. I have Vlan 50 for wireless access points.
View 7 Replies
View Related
May 1, 2012
I want to implement SPAN or RSPAN of a vlan. Can this be done with the SGE2010P? I can't find the configuration guide on the Cisco Web Site.
View 1 Replies
View Related