Cisco VPN :: ASA5510 Best Place To Configure Outbound QoS From Main Office
Jun 10, 2012
We have a main office and 4 remote offices (only showing 1 remote office in the diagram). We are using GRE over IPSec VPNs to the remote offices which terminate on the 2811 router in the main office. We are using the 2811 as it is the only device that we have that can terminate GRE. The 2811 router is connected to the outside switch and is configured with a public IP address. We also have a ASA5510 in the main office which is connected in the same manner and is used for Web, e-mail traffic etc.Both the main office and remote offices have a 10Mbps Internet connection.
We have an issue with voice quality between sites as we are finding it difficult to control bandwidth utilization in the main office. When users in the main office download web content it can saturate the 10Mbps Internet connection causing voice quality issues. We have configured outbound shaping on the branch routers to make sure that aggregate inbound traffic from all branches to the main office does not saturate the link but we cannot control traffic from the Internet.I understand that controlling inbound traffic from the Internet is difficult without controlling QoS on the ISPs side. Is there any way that can reserve inbound bandwidth to ensure that web traffic does not impact voice? Also in this design, which is the best place to configure outbound QoS from the main office?
View 4 Replies
ADVERTISEMENT
Jan 21, 2013
I just joined this company and they already ad a VPN to one of their partners that provides them access to some resources. We have now added a 2nd location but the partner wouldnt allow a 2nd VPN tunnel so the decision was made to give the new location a ASA5505 to tunnel thru the main office to access the resources at the partners site.Using ASDM i believe i was able to setup the tunnel to the main office but there is no resource there to use. Now i'm stuck and i do not know what to do to get to the partner site
View 4 Replies
View Related
Oct 27, 2011
I'm using a RV082 with latest firmware v4.0.4.02tm in one of our branch offices. Sometimes the tunnel to the main office (IPCOP 1.4.21) fails.
Both sides display the status "tunnel connected" but IP traffic doesn't go through. If i try to ping the main office using the RV082 diagnostic feature, the RV082 seems to run into a loop...the window continues refreshing without any error message and i'm not able to cancel the test. If I restart the RV082 using the web interface, the "diagnose" and VPN problem still exists, even if the web interface told me that the device did a restart.
The only solution is to to a cold restart of the RV082. After that, the VPN tunnel works again....
This problem occurred 3 times in the last 3 weeks. I never hat this problem with previous firmware versions at this ot other sites.
View 1 Replies
View Related
May 18, 2012
I have been told to connect our branch offices over outdoor point-to-point wireless CPE. The wireless brand is Orthogon. The Main office got cisco 4507 L3 switch where all building switches terminate. DHCP,DNS and all application are hosted in main office. The branch office got ONE 24 port POE Switch cisco 2960 where all users will be connected, On Port 0/24 of 2960 switch at branch will terminate the outdoor Wireless and other end will be terminated on 4/15 of 4507 at main office? what command I need at both interface where Wireless is terminated.when we connect floor switches to 4507 we got these commands on access switches
vtp mode client
vtp version 2
vtp password cisco1
vtp domain LIC
Fiber termination port configuration - switchport mode trunk
View 3 Replies
View Related
Dec 17, 2012
I am trying to configure access to several remote offices for users who VPN into our main datacenter. The datacenter has a 5520, and the branches are connected through IPSec L2L VPNs. Branches all have 5505 or 5510's. Remote users use IPSec via the Cisco remote Client. Remote access into our data center works, and the L2L VPNs are perfect...just now that i need remote users to access the branches after Remote access VPNing (for support) i cant get that part to work.
View 2 Replies
View Related
Aug 2, 2011
We have used two Cisco RVS4000 to create the IPSec VPN between the main office and the branch office. The main office has SBS 2008. There is a Windows Server 2008 as the domain controller in the branch office. One branch office user has a laptop which is not in the domain, but his exchange account is set up in the Outlook. When he connects the laptop to the branch office network, he cannot connect to the exchange server and get the emails. Is there any configuration to set up in the router, server or Outlook?
View 1 Replies
View Related
Jun 13, 2011
I am having an issue with an ASA 5510, running 8.4(1) code, causing outbound mail to remain in the SMTP server queue (Exchange 2007). This only happens with some remote mail servers. The connection usually ends with the remote server eventually sending a TCP reset.
I've taken multiple inside and outside packet traces.Other trace's contain either X's preceding various sections of the stream content or all X's in the content. The X's only appear when inspection is enabled.
Disabling inspection is the only thing that seems to allow mail to flow. I find this curious because I'm running this same ESMTP policy on other ASA's. However, they are on 8.3 code.
Most everything I find when searching on this subject says to disable ESMTP inspection. [code]
View 4 Replies
View Related
Oct 8, 2012
After reading a bit about interVLAN routing got a doubt regarding how trunking takes place at router and at switch.In case of switch we configure a port interface as trunk port and say all vlan's are allowed here but in case of router we configure sub interface as trunk saying particular vlan belongs to particular subinterface .Can't we configure only a single port interface on router just like Switch and say all vlan's are allowed here on this interface ,why to go for sub interfaces?
View 2 Replies
View Related
Sep 2, 2012
I have recently managed to configure a setup where I have 2 srp527's one at office one at home.Have 1 fixed IP at the office and 1 fixed ip at home.I have configured the srp at work to be a vpn server and have configured the group and 2 user profiles. This allows me to have 2 concurrent sessions over the vpn to my office from desktop and laptop at the same time. Connections fire up perfectly no problems.From the desktop, I connect using vpn client with user profile 1 Once connected, I then connect to my workstation machine at the office using remote desktop.This gets me super fast access to office files and large spreadsheets without downloading the whole file over the vpn and is working perfectly.
If I then additionally connect from the laptop using the vpn client with user profile 2 the remote desktop connection drops.Disconnect the laptop connection, remote desktop comes back.Have isolated this to being 2 connections arriving at the srp at the office from the same external ip. If I connect my laptop to my phone as a hotspot rather than using my home LAN, both connections are made and remote desktop has no interruptions. Is there a way I can overcome this through re-configuration of the srp at the office or is this a limitation with the srp?
View 1 Replies
View Related
Jun 4, 2012
How i can configure my small office of about 5 computers to have LAN Networking?
View 1 Replies
View Related
Apr 6, 2012
i have a cisco router 887 which i am trying to configure. but however, do i really need to use the SDM utility or i can do it through CLI?i need to replace my current router in my small home office.
View 3 Replies
View Related
Apr 2, 2013
I currently have an ASA5510 with 2 interfaces (outside and Inside) running remote VPN for clients and L2L VPN for a couple of sites. I have traffic entering the inside interface, matching interesting traffic, being wrapped up in IKE / IPSEC and sent out via the outside interface. All straightforward so far.Now I have a new VPN which is required to go over another interface and not the outside. The traffic comes in to the inside interface as normal and should be matched via ACL, encrypted and sent out th e new interface however the traffic is simply sent out of the outside interface and doesn't get any IKE headers. If I reconfigure the interface to be be the outside it does at least match the ACL, wrap it up nicely in IKE and try to get to get to the remote peer.My questions are why does this behaviour occur and why isnt the traffic marked interesting and sent out the new interface.I don't have any issues creating a new VPN if I want it to go external, I just add the required information to the outside_map but i need the traffic to be encrypted and sent over another interface. I not a huge fan of the GUI for this but I've tried both CLI and GUI with the same results.
View 2 Replies
View Related
Jun 4, 2012
configure the firewall Cisco ASA5510 in HA Mode.Enclosed Network diagram.
View 14 Replies
View Related
Apr 12, 2011
how can I configure policy NAT on ASA5510. I would like to do the following;
9.1.1.9 NAT to 10.1.1.9
If source IP = 1.1.1.1
then NAT to = 10.2.2.9
the rest NAT to = 10.1.1.9
The issue is I want 1.1.1.1 NAT to 10.2.2.9 when access www.example.com. The rest NAT to current NAT.
View 4 Replies
View Related
Oct 13, 2011
I am using a fiber optic connection. I want to connect it directly to ASA5510. A WLC2504 will be connected to ASA and one Aironet AP will be deployed at first. (At this moment I am not using any Windows server but in near future I will need to deploy Windows Server 2003 in my corporate network) My questions are:
Can I configure ASA as DHCP server for my LAN?
Can I configure WLC as DHCP server for my LAN?
If we can configure both then what is the best practice from above two options? (I am new to Cisco stuff and first time user)
View 1 Replies
View Related
Aug 28, 2011
My customer had a spare ASA5510 bought a few years before with 5 x FE and security plus license with HA. Now they would like to buy a new ASA5510 to configure HA with the spare one, but now the ASA5510 comes with 2GE+3FE. Can the two FW work in HA?
View 4 Replies
View Related
Apr 4, 2013
I want a low cost solution router with 16 10/100 routed ports...The idea is to club 16 different segments on ofc to this router via media convertor and there will be dynamic protocols such as EIGRP or higher running between these segments.
The router needs to be security enabled...the equipments needs to be a router by defination (not a layer 3 switch)..As per my understanding there is limitation on number of HWIC-2 FE that can be put in ISR G2 series due to which I cannot reach that figure...
Kindly let me know if i can use SM-ES3-16-P in the place of HWIC-2FE for this kind of requirement.
View 5 Replies
View Related
Feb 16, 2013
I'm currently trying to setup a VPN to a Amazon instance but running into a few problems. My current setup is optimum lightpath into a windows 2003 server running ISA 2004 out the a switch handling several servers and laptops/desktops. To setup a VPN connection we purchased a Cisco 1941 IAS but having a problem running this through the ISA Firewall. I giving it a static address and porting it to a external address through ISA <opening UDP and the IPsec 50 and 5000> but nothing. Unles to get this to work I decided to just put a switch before the firewall plugging the optimum router into the switch and then plugging the VPN router and the ISA server in the switch so all the IAS doesn't have to run through the firewall <if I lost you be tell me>
View 7 Replies
View Related
Mar 18, 2013
sample configer ASA 5512-x v.9.1 for VPN site to Site, i use to configure on ASA 5510 V.8.2 but on ver 9.1 i never configure. my is use that i dont know to how to configure nonat. i saw some configration as in the attach file they just to show configure VPN but we did not see nonot on command.
View 2 Replies
View Related
Aug 22, 2011
I need to configure a site-to-site VPN using a Cisco 881 router on my end and connecting to an ASA5510 on my suppliers end.Our supplier has configured their end and I do not have access to their configuration.
They told us we have to NAT all inside address' to a single address (192.168.89.1) as this is the only one they will let through their firewall/tunnel.I know how to set up the VPN but not too sure how to set up the NAT part.
My sanatized config is attached. The code I am using to NAT my inside network to the single address 192.168.89.1, and send all traffic accross the VPN tunnel as this address is correct? With the router running this config the VPN tunnel does not connect.
View 2 Replies
View Related
Apr 18, 2011
I have been working nicely with an industrial scanner that runs on Linux, but the harddrive has become corrupted and I need to get it working again. The problem is that the main PCB has a realtek chip which I believe has the most basic webserver abilities that is used in the most basic way possible. To use it ARP commands were used to assign an IP address to the chips MAC address e.g. something like: arp -s 192.168.2.5 00-05-a4-00-a8-f8(the actual MAC address was lost along with the HD)So now I'm starting from scratch in XP, how do I find the MAC address in the first place?
View 4 Replies
View Related
Apr 26, 2013
I am looking to add remote sites that will authenticate with the Windows Server using VPN via Cisco rv042 routers in a gateway to gateway setup.My main concern is the placement of the server to the router and what would be considered best practice.In my mind, option 1 seems to be what I want - however, this would mean disconnecting the WAN feed to the server (my ip is static and tied into the MAC address of the server). While option 2 doesn't look right to me, it would leave the existing configurations in place which would minimize my downtime (I think)
View 10 Replies
View Related
Nov 7, 2011
I'm having a business DSL-connection which requires a modem from the provider (It cannot be replaced by another modem/router)I want to know if it is possible to place the Cisco 877W-G-E-K9 behind the modem and set it up as an VPN-server.The internet connection wil be established in the modem/router of our provider.
View 20 Replies
View Related
Feb 15, 2013
I have a case that to minimize wireless signal into one room.Room has dimenitons 3 x 6 meters.But the signal should pass to other room.I have tried many scenarios but couldnt reach the result that i expect.First i have used a 3502 with external antenna ports , but no antenna attached to it.I have set up the maximum power level from TPC menu from controller , but it was more limited than i thought.I can only connect whenever i put Ap next to myself.Then i have used a 3602 with internal antennas.The reason i have picked 3602 is , it has the lowest gain 2.4GHz antenna attached to it.I reset TPC to minimum power level (5) , but as expected signal can be heard from two rooms from the AP is located.
View 2 Replies
View Related
Feb 17, 2013
we have tried to use the Cisco Hierarchical model as close as possible. we now have the need for 10 gig servers. we have a 7k, 5k, 6500, and 2960's in our network. we have some open 10 gig ports on our 5k. where is the best place to connect the 10gig servers. or is there a more preferred way to connect these new servers?a 10 gig blade for the 6500, the new 6001 switch?
View 1 Replies
View Related
Mar 1, 2011
HAVE 3 SITES.BUT I WANT TO MANAGE MY NETWORK FROM ONE SITE.I WANT TO CREATE USERS FROM MY MAIN SITE FOR ALL SITES.
View 1 Replies
View Related
Dec 2, 2012
How to connect wireless modem in place of wired modem
View 1 Replies
View Related
Sep 10, 2012
How does Replication of cucm servers and other servers like unity presence and all in a cluster take place?
View 1 Replies
View Related
Dec 29, 2011
I have an ASA 5510 that I want to connect to 2 isp (one of my private network uses the isp1, and all others the isp2). Excluding the 5510 does not accept PBR(policy based routing), i saw that you could put a router, like cisco 2811 in front of the ISP. my questions are : can i put a switch 3750 in place of the 2811 router? , I have vpn connections in isp1, this architecture is compatible?
View 2 Replies
View Related
Dec 16, 2011
Difference between mapping a drive and adding a network place...?
View 2 Replies
View Related
Jan 3, 2012
I have Network Magic Essentials and use a Linksys WRT54GS router. I just received a Cisco Linksys 2500 and assumed that it would be a breeze to set-up in place of the WRT54, so that I could gain faster internet and improved range. After about six hours of frustration trying to set it up, I am pulling my hair out! I live in a remote area near a lake, and our only option here is a
Wi-Fi signal beamed to our homes via an antenna, coax cable to a "radio" ( Alvarion BreezeAccess). This has always worked very well with the WRT54, but with with the Cisco 2500, I can get on my local network just fine, but I cannot get connected to the internet. I can disconnect the 2500, and reconnect the WRT54, and get right back on the internet.
View 1 Replies
View Related
Apr 16, 2012
I know it is possible to create custom web auth splash pages on the WLC 5508. Is it also possible to embedd a small document (less than 1MB) that users can download directly from the controller? I need this for providing the terms of use for the Guest WLAN.
View 3 Replies
View Related
Sep 1, 2012
Have WBR-2310 D-Link router. Internet modem and wireless router were working. While trying to connect new wireless printer, lost internet connect. Had to re-enter internet provider user id and password. Was told I needed to make sure that information was in my D-link router, so I typed 192.168.0.1 as internet address. I don't get a webpage to enter the userid and password.
View 2 Replies
View Related
