I have two ASA5510 each with a security plus license and 10 SSL VPN licenses, in active/standby mode at version 8.4(4)1. It only allows up to two vpn clients (AnyConnect & SSL VPN) at a time, any extra vpn client would receieve "Login Failed" message.
View 2 RepliesAP has static IP with 2 SSIDs setup, one for guest one for domain access(both have the same issue), tried with multiple devices, both win and MAC, all show "connected but with limited access", ipconfig on those devices, all show ip "169.254.X.X", but event log on AP indicates that "authentication has been completed sucessfully".
using RADIUS server for authentication. management VLAN ID "1", SSID VLAN ID "11"
I have a strange issue on my ASA 5510 (8.4). I can't ping or connect to the VPN clients but the VPN clients can ping/connect to any inside resources. I have checked all the NAT extemtion entries.
View 3 Replies View RelatedWe got an ASA5510 (8.2x) with an inside, guest and outside interface.On the guest interface, we have DHCP function on the ASA.On the outside, there is web-ssl vpn (dns hostname on a public isp-dns server) configured.
When an user on the guest net tries to get connected with the web-ssl dns-name, it resolves the public, outside interface-ip , the ASA dropps it.
I know, with static NAT it can be resolved url...but on this scenario, we are trying to build a connection from a guest inside IP to the public-ip form the outside ASA interface.If the guest users try an web-ssl connection on the guest-ASA IP, it works with a certificate error ( because there is no internal DNS on the guest net to resolve the dns name to the guest-interface IP).
So how can this be achieved? Can the ASA provide DNS server function? Can a NAT static entry (outside ip to interface guest) solve it? It's the only solution an inhouse DNS server in the guest-net?
I have an ASA5510 running in production. I have about 28 site-to-site vpn tunnels that have been working perfectly for the last year or so. I was running 8.0.4 and recently upgraded to 8.2.4. Since the upgrade, I have an issue that I haven't figured out. One of my clients with a tunnel can no longer FTP us. When I do a packet tracer on the ASA, all phases are "ALLOW" but at the very end, the action is "drop" due to "IPSEC spoof detected." None of my crypto config for the tunnel including the crypto ACL has not been changed. This same tunnel had NO issues prior to the 8.2.4 upgrade.
I thought about trying to disable "inspect FTP,. I am running FTP passive mode on the ASA so I don't believe "inspect FTP" is required.
We have a setup where clients on the internal network send/receive their emails through Microsoft Outlook client, while the Exchange server is hosted on the internet, outside the organization.The clients are connected to a Cisco switch, behind an ASA5510 Firewall. The Firewall is connected to an internet router, with double NAT (On the ASA and Router).
the outlook clients disconnect from the Exchange server, sometimes for hours, and then reconnect again. During these disconnections, the same client PCs are able to browse the internet normally. There are no restrictions for the traffic going from the inside to the outside. During the disconnections, if we try to connect using a public IP bypassing the ASA & router,.
This is one I am having a hard time finding an answer for. How many clients can a 3600 AP support? For 150 clients on one of these, what would the throughput be for each client?
If my calculations are correct, the device can deliver 420 Mbps, which gives each client roughly 2.8Mbps. Is this correct?
What the maximum concurrent users you can have on a Cisco 3925 for :-
1) Site to Site VPN using IPSEC tunnels
2) GRE tunnel sIf I have 90 users on a single GRE tunnel with 50mb Internet pipe using fat clients will this work ?
I am currently planning a Active directory deployment. It will most likely be a new forest, but the domain could become part of a existing forest. I have about 45 Computers with about 85 users. At one time there is about 42 users logging in as there is two shifts. The logons will be done all at once. Do you think two domain controllers will be able to handle the load?
View 9 Replies View RelatedWe are having random issues of users not being able to connect to our wireless network consistently. The users will have successfully accessed the network previously but then will have difficulty associating to the network. After a period of time, the association appears successful again. My first thoughts were that there was a restriction on the number of clients that could associate to a given AP at any one time.This is the equipment we have:1x Cisco Wireless Control Server (WCS) 6.0.181.04x Cisco 5508 Wireless LAN Controllers 6.0.196.060x Aironet 1142N Lightweight Access Points (LAP) Is there a hard or recommended maximum number of clients per LAP? If so, where is this defined? From what I have read on these forums, Cisco apparently recommends about 25 clients per AP but I can not find any official documentation to support this.When I go to WCS Home > General > Top APs by Client Count, the top AP reports 20 clients. However, if I click on the AP Name and go to the Current Associated Clients tab, it is only listing 8 clients - why is this?
View 3 Replies View RelatedWe have a PIX 501 and I'm in the process of replacing it with a ASA5505. We're currently using the 501 for a site-to-site vpn for disaster recovery purposes and I'm trying to verify the number of concurrent connections we can have.
View 1 Replies View RelatedI have been looking for the command to view all concurrent active connections or sessions on our Cisco 2911. I want to see what the total connections or sessions are at peak times throughout the day.
View 4 Replies View RelatedWe have a client that is looking to provide connectivity for up to 800 users at a conference. They have a SRP527W available to them. Looking at the configuration we have been able to provide the needed number of IP addresses through VLANs each with their own DHCP scope.
However we are doubtful that the router will be able to process such a high number of connections (NAT, Firewall etc.) even though they will be using a specialised application that pulls static content via WAN.
Thus far we have been told that the unit has supported 150 user no issue, my I am guessing anything over 200 and you would start to see stability issues?
I have a ASA5505 and it has a vpn set up. The VPN user connects using the Cisco VPN client. They can connect fine (the get an ip address from the ASA), but they can't ping the asa or any clients on the network. Here is the running config:
Result of the command: "show running-config"
: Saved
:
ASA Version 7.2(4)
!
hostname ASA
domain-name default.domain.invalid
[code].....
what I need to add to get the vpn client to be able to ping the router and clients?
We currently have an ASA 5520 communicating with 10 ASA 5510's, all on static outside addresses. I was asked to add 5 additional 5510's on dynamic address. All worked well in testing until it was decided that some of the dynamic clients needed to talk to each other.
My testing shows packets just dying in the 5520.
What are the limitations on the max number of concurrent HTTPS connections when using Auth Proxy for HTTPS traffic on a Cisco ASA 5520.
1) What is the max number of concurrent Authentications that the ASA can perform (HTTPS)?
2) Once Authenticated. What is the max number of concurrent HTTPS Authenticated connections to the back end HTTPS server.
Our current cable ISP is having issues providing us with consistant connectivity. I would like to bring in a second ISP to allow my users to choose where they will connect to. There will be two dns names and i just want to to be able to choose between them.
Is this possible on the ASA5505? supporting two ISPs at one time for VPN on both?
in Cisco ASA 5540 Adaptive Security Appliance Platform Capabilities and Capacities, I see Concurrent Sessions: 400,000. Which mean what device can handle 400,000 session and no more. But if I'm using TCP State Bypass Feature (Inbound traffic pass via ASA but Outbound goes via different device). I can see such connections via show conn command with b flag.
My questions: 1. Will this limit (Concurrent Session) affect in this case? Or ASA can handle more such connections (for example 800,000 ...) in bypass state? 2. It's possible to tune timeout for such connection without using global timeout conn? My problem what I want to do by pass tcp connection for one IP with has very high connection/sec rate.
trying to join an 1142 on a WLC_SRE version 7.4.
the AP can ping the controller and vice versa. In the controllers GUI: Monitor>Statisticc>AP join, I can find the mac of the AP that I am trying to get joined.
the details of this mac show:
Last error occurred: Lwapp discovery request rejected
last occurred error reason: Too many concurrent AP image downloads
Last Join Timestamp:
I have 4 desktops cat5 to Dlink DIR 615 router. All work fine. Any wireless clients, laptop or netbooks, see the desktop computers for a while then disconnect somehow. All machines can see the Internet through the router at all times. The desktops disappear from the laptop/netbooks but the wireless machines can be seen from the desktop computers but clicking on them gets 'Access Denied' message after a wait.3 desktops = XP, 1 98SE. All laptop/netbooks = XP
View 2 Replies View Relatedhow many concurrent voice call can be conducted at once with the cisco sf 100d-08 8-port 10100 switch?
View 1 Replies View RelatedWas looking at purchasing WAP321 however after looking at the spec's I see it has not got concurrent dual band (2.45Ghz/5Ghz) is there any simular access points with dual band and captive portal?
View 2 Replies View Relatedtell me if cisco 1921 onboard GigabitEthernets can reach 10Mbps with concurrent services, one GigabitEthernet interface as WAN interface, the other one as LAN interface.
View 2 Replies View RelatedI´m detecting on my ACE 20.
I´m monitoring the total number of concurrent sessions of my ACE 20 (using Cacti), and from time to time, with no discernable pattern, I see an instant drop of sessions to half...I don´t detect any disturbance with our traffic and service, I have no complaints, but it's a very accentuated drop.
I´m able to get 1 or 2 days withouth any suddent drop of connections, and then for no reason I pass from 500.000 to 200.000 sessions in a minute. Then they gradually go up again.
I´ve seen in ACE´s session table that she keeps a great number of half-open, or closed sessions, and those are counted as part of concurrent sessions. Is there any flush on ACE´s table when she reaches a certain number of closed TCP sessions or something like that?
i am going to purchase a Simultaneous Dual Band Router with Gigabit Lan. Can anybody tell me whats the transfer speed it got on Concurrent Dual Band 900(450+450) , 750(300+450) and 600(300+300). I am going to use it for hard drive that can network attached or may be just external hard drive via USB interface.
View 2 Replies View RelatedI'm using a Huawei B660 3G router at my house, with with a service provider called 8ta (in South Africa). I've been struggling for months to try and get them to troubleshoot and fix my connection, which was working fine for about a year.
I'm now daily struggling with download speeds of as little as 0.1Mbps to 0.5Mbps, especially after 5pm until about midnight. Upload speed off course is even worse.
8ta, has after months of me complaining agreed to install an antenna at my house, which will probably take another few more weeks for them to accomplish.
I often have 5/5 bars of signal on the router, so my argument is that signal strength might not be the problem. Since the connection is in a residential area, I would assume that their network is more likely to be a bit more congested after hours, but a technician explained to me that their network is never more than 30% "occupied".
Can the number of users connected on the 3G network/tower cause signal strength to attenuate for surrounding users?
Would it replace the B660 (7Mbps) router with a 21Mbps counterpart?
I have a Netgear WNDR4500 running the stock firmware, acting as a router for my home. I also have 2 routers that are flashed with DD-WRT (Linksys WRT54G and Asus WL-520GU) running as client bridges. The Netgear is 192.168.1.1 and the other 2 client bridges are 192.168.1.2 and 192.168.10.3. The Netgear router is performing DHCP giving addresses from 192.168.10.100 to 192.168.10.254. I have numerous machines connected to the Netgear, wirelessly and wired, and numerous machines wired to each client bridge. All machines have IP addresses that are 192.168.10.100, 192.168.10.101, 192.168.10.102, etc... Everything is working fine, but I have one question: When I access the Netgear router, it shows the client bridges as clients, machines that are wired and wireless to the Netgear router are listed as clients, but the client list does not show any clients that are connected to the client bridges. I assumed that since the router is performing DHCP that all clients would show up.
View 2 Replies View RelatedGetting the following alarm from my ISE:Cause:Base License Enforcement Details: Base concurrent users exceed license allowable count.Currently only using 1656 out of 2000 base licenses so I'm not sure what the issue is. Running 1.1.2.145 patch 3.
View 1 Replies View RelatedWhat is the maximum number concurrent wireless connections that a WAP54g v3 can have?
View 9 Replies View RelatedASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?
View 3 Replies View RelatedHow many concurrent SIP channels should I expect to be able to make through a PIX firewall? We currently have a PIX 515 with the SIP fixup enabled.it worked fine for a low volume of traffic, but once we got to around 400-500 concurrent SIP calls the PIX started to struggle. Calls were dropping and other Internet traffic was intermittent. When I decreased the call volume it recovered and everything returned to normal.Bandwidth wise, we were only using about 20MB, so I think that as it needs to inspect and remember SIP packets for the purposes of opening RTP ports, we probably hit a bottleneck in terms of either the PIX's CPU or memory capacity. I've not seen any specs detailing how many SIP fixups a PIX (of any capacity) is able to handle.I'm thinking of upgrading to a PIX 525 or PIX 535, but I'd like to know how many SIP calls they will be able to handle before committing.
View 4 Replies View Relatedhow simultaneous connections is supported on the ISR G2? I need a router with the 60,000 concurrent connections.
View 1 Replies View RelatedThe past two days have been frustrating with my wifi. When I first got on it, I checked the internet access because I couldn't get onto the internet. The connections had "limited access". I restarted my router and modem, and it did nothing. I unplugged everything and plugged it back it and the wifi would show, but I couldn't get on it. I restarted the router and modem, and it worked. I got on Cisco Connect and the signal wouldn't show. I got off the computer and later, I couldn't get on the internet again. Later on, I could get on the internet again. I got on Cisco Connect, and it still says that there is no connection. I haven't a clue what's going on. My modem is CenturyLink, and obviously, my router is Cisco.
View 19 Replies View Related