Cisco VPN :: ASA5510 Configured Remote Access To Allow Users Log In Via SSL VPN

Apr 12, 2011

We have a high availability pair of ASA 5510's in Data Centre where we have configured remote access to allow users log in via SSL VPN, now we want to add further security to our environment we are adding endpoint assessment licenses...the question I have would I need two sets of the license ASA-ADV-END-SEC ?
 
I learned the hardway before with ASA SSL VPN licenses breaking other failover pair as it needed identical licenses on both units! Will I need 2 separate license sets to keep my firewalls in a HA pair?

View 1 Replies


ADVERTISEMENT

Cisco VPN :: Configured Remote-access VPN On ASA 5510 - Cannot Reach Network

Mar 14, 2011

I configured a remote-access vpn on an ASA 5510 version 8.3. This is the configuration [code]The vpn goes up and I get an ip address, but it's impossible to reach the internal network. [code]

View 9 Replies View Related

Cisco :: Users From Remote Access VPN Can't Access Other Subnet

Nov 1, 2011

Based on my diagram, my computer A (192.168.100.11) can ping and access my computer B (192.168.10.14). But, when i'm home and i use remote access vpn (192.168.200.x) in cisco asa 5520 to connect to my computer A is okay. But, when i try to ping my computer B is not okay. I already do the exemption for 192.168.100.x and 192.168.10.x in nat rules for inside interface (192.168.100.2) ...

Should i put routing from outside 1.1.1.2 to 192.168.10.x by using 192.168.100.1 as a gateway?

View 1 Replies View Related

Cisco VPN :: ASA5510 Unable To Access Some Segments From Remote Access VPN

May 17, 2011

We have an ASA5510 and a few days ago we were unable to access some segments from remote access VPN, the problem was not the config.  A few hours later the problem was resolved on its own and I suspect we have an IOS bug.  This has happened a few times in the past and its becoming an issue. How can this be confirmed and which IOS should we upgrade to?  Prefer not 8.3 given the syntax difference

View 1 Replies View Related

Cisco VPN :: Remote Access VPN On ASA5510?

Dec 11, 2012

how to configure simple VPN access for a user to login to the corporate network and access the resource and get emails I do not want to use CA certificate for authentication instead a very simple method is what i plan to start up with the configuration step so i can test this out.

View 4 Replies View Related

Cisco VPN :: ASA5510 Remote Access Vpn

Sep 20, 2011

I have access to my enterprise network through Cisco VPN (software) client and it goes through remote-access ipsec vpn setup on an ASA 5510. Everything works fine.
 
But now users that connect to the enterprise network have in addition need to access remote sites networks that are connected through the site-to-site VPN tunnels: IPSec tunnels between mentioned ASA5510 and remote ASA5510s and ASA5505s in branch offices.
 
there is NAT exemption rule that exempts networks 10.1.10.0/24, 10.1.20.0/24, 10.1.30.0/24.All traffic from local network 10.1.1.0/24 have full ip connectivity with all the networks in branch offices. The PROBLEM is that remote vpn clients can reach only local network 10.1.1.0/24, but not the remote networks.
 
The ASAs in remote branch offices has set up NAT exemption towards both local network 10.1.1.0/24 and remote access clients network 10.0.5.0/28, but as I said, it doesn't go.

View 2 Replies View Related

Cisco VPN :: Remote Access VPN In ASA5510?

Mar 20, 2011

I like to create a remote access VPN in our company. But it already has a site to site VPN.
 
1. Can we implement it with existing ASA?

2. How many users can be logged in at a time?

3. Is the currently available bandwidth sufficient at a high traffic ? Current bandwidth is 2Mbps (Expect maximum 30 users at a time)

4. How can we make authentication using active directory?

5. Can we use default VPN client in windows with ASA?

6. How can we monitor user’s activity while logging in using VPN?

View 7 Replies View Related

Cisco VPN :: 5510 Restrict Remote VPN Access For MAC OS X Users

Feb 12, 2013

I need a way to block MAC OS X users connecting remotely to our coporate users over VPN. I know there is an option to block connections based on VPN client Version, but cant find a way to block users based on operating system.
 
We use Cisco ASA 5510 firewals one with v8.2(1) and other with v7.2(3). I need to do on both firewalls. They are both at diffrent sites.

View 4 Replies View Related

AAA/Identity/Nac :: ASA5510 With 2 Remote Access VPN And 2 MS IAS

Jun 17, 2011

We have a Cisco 5510 with 2 IPSec Connection Profiles each using a different IAS for authentication.If we add another VPN profile we need another IAS.With Cisco ACS can it be configured for different VPN profiles from the same ASA 5510?

View 4 Replies View Related

How To Force Users To Log Off And Access Remote Desktop Computers

Mar 16, 2011

I was trying to access some computers in network via remote desktop. All those computers had been used by other staffs.What I noticed that, for some computers I can access via remote desktop by forcing them to log off (people who were using the computers)But for some computers, I got the message similar to "user is currently logged onto the computer, you are not allowed to connect"I want to force them too and access these computers. How I can do it?

View 6 Replies View Related

Cisco WAN :: 6500 - Remote Vpn Users Cannot Access Webserver Locally

Sep 14, 2011

I configurated ipsec remote vpn at catalyst 6500.
 
192.168.14.0/24-- my servers are assigned this subnet
vpn user:10.10.10.0/24
192.168.10.229  ----  webserver ip address

[code]...

View 3 Replies View Related

Cisco Firewall :: 5510 Access List For Remote Vpn Users

Apr 5, 2011

How to designate access-list for the remote access vpn users in order to let them access specific subnet or host,asa 5510 and acs is in the picture

View 9 Replies View Related

Cisco VPN :: ASA 5510s / Remote VPN Users Need To Access Networks Connected By Static VPN

Oct 23, 2012

I have five (5) sites all connected via static VPN tunnels.  They are all using Cisco ASA 5510s running 8.4(4)1. Any internal IP on each site can ping any IP on a remote site, because of the static VPN tunnels.  I have the external IP (routeable) addresses connecting to each other.

Site A: 10.1.0.0 /24
Site B: 10.2.0.0 /24
Site C: 10.3.0.0 /24
Site D: 10.5.0.0 /24
Site E: 10.10.0.0 /20

I have remote users who connect using Cisco AnyConnect 3.1 to Site E.  They get a static IP within the 10.10.100.0 /24 subnet (vpnpool00) and can access anything in the 10.10.0.0 /20 subnet. So far, so good.No management wants users to access devices within the other sites, specifically Site A using teh same AnyConnect connection.  In other words, they get an Ip address of say, 10.10.100.5 and now need to access a server on Site A's subnet or 10.1.0.5.I have checked my NAT statements and they appear to allow this, but so far when I do a ping I get the following:  Routing failed to locate next hop for ICMP from outside: 10.10.100.5/1 to inside: 10.1.0.5/0 What am I missing?  Is there a NAT statement that is wrong, or an access-list statement or possibly a static route?

View 10 Replies View Related

Cisco VPN :: ASA 5510 - AnyConnect Users Unable To Access Remote Subnet

Jun 9, 2013

I have a weird problem which I have already submitted a TAC ticket about. When users authenticate through AnyConnect into our HQ ASA 5510 they grab an address from 172.16.254.x. What we have been noticing intermittently is that when logged into our network through the client they are unable to access their resources at one of our remote offices which is connected over l2l to the HQ ASA. This problem just started randomly a week ago and we have been working with Cisco trying to create a solution.
 
My quick fix is logging into a device at the remote office which is trying to be accessed and pinging the gateway of the virtual subnet for AnyConnect users. When I ping 172.16.254.1 it goes through after a few dropped icmp packets and then the issue is resolved for about 8 hours or so.

View 1 Replies View Related

Cisco VPN :: ASA5510 - L2TP Remote Access Disconnects After Few Hours

Nov 17, 2011

Have a few users on Vista/7 using Windows L2TP to connect to our ASA5510. It is reported that after a few hours the connection drops. From what I have seen this can be anywhere around 5-6 hours. Of course my connection will drop after an amount of time has passed and no traffic has passed the tunnel. But the users are adament that this drops during large transfers; i.e. not a timeout issue. Before I spend anymore time on this I just want to know if this is normal behavior for a remote access L2TP using Windows to disconnect on it's own after this amount of time. Never had a reason myself to remain connected that long, and when I did I used a site 2 site tunnel.

View 2 Replies View Related

Cisco VPN :: ASA5510 Remote Access / LAN Not Accessible Inside Network

Jan 6, 2013

I am facing a problem with Cisco ASA remote access VPN, the remote client is connected to VPN and receiving IP address but the client is not able to ping or telnet any internal network.I have attached running configuration for your reference.
 
-FW : ASA5510

-Version : 8.0
 
Site to Site VPN is working without any issues

View 10 Replies View Related

Cisco VPN :: Dual ISPs On ASA5510 And Remote Access Client

Jul 7, 2012

i have two public IPs on ASA5510 + Remote Access VPN Client, what i want to achieve is, i want VPN client users to be able to login using any of the two ISP's IP to remote connection to the ASA. what is the command to use to achieve this.
 
Secondly, i have setup the primary link VPN through ASDM but thinking i should do the same thing and add the "backup" interface.

View 1 Replies View Related

Cisco Routers :: RV016 VPN To Allow Remote Users To Access Network Shares Via Samba

Jul 4, 2012

My company is using an RV016 router as a gateway to our internal network. My end goal is to allow remote users to access network shares via Samba.I've been trying to create a VPN using the router with absolutely no luck. I've tried QuickVPN. I've tried creating a client-to-site group vpn. I've tried creating a client-to-site tunnel vpn. I've tried pptp. Nothing will allow me to establish a VPN connection. Sometimes there is information logged in the router but most of the time there is not.

View 1 Replies View Related

Cisco Firewall :: ASA5510 With Multiple Context Mode / Does It Support Remote Access VPN

Jul 17, 2012

I have 2xASA5510 with securityPlus license.i have configured 3 context and Active/Active Failover.Everything works fine. But also want to use rometeAccessVPN but couldn't fine anything for VPN. does it support VPN in multiple mode?

View 3 Replies View Related

Cisco VPN :: ASA5510 / Change Split Tunnel And Not Allow Access To Internet From Remote Location?

Mar 28, 2010

I have successfully setup the AnyConnect VPN (connecting to our ASA5510) and have split tunneling configured.  My remote users can access inside LAN servers as well as the Internet from their remote location.  What I would like to know is is it possible to change the split tunnel and not allow access to the Internet from the remote location but force the remote client to go through the VPN and out our internal edge firewall to the Internet?  Basically I need my remote clients to access the Internet but I would like for their Internet traffic to go through the VPN and out our edge firewall.  This will allow the same security as if they were sitting in the office.

View 4 Replies View Related

Cisco Firewall :: ASA5510 Configured One Site To VPN

Feb 10, 2013

i have  cisco  ASA5510  Firewall and  configured   one  site to VPN . i  want  to   configure  another  s2s vpn  in  the FW for  another  Site location.what  to  in the existing  Firewall  so that  2  site to site  vpn  can work.

View 4 Replies View Related

Cisco Firewall :: Can ASA5510 Be Configured To Use 2 Outside Interfaces

Feb 12, 2013

I am trying to determine if this is possible or not.  I have tried several configurations and I can only get half of it to work.
 
LAN (10.1.1.0/24) =====>                      <===== OUTSIDE (T-1)
                                            ASA5510
DMZ (10.1.10.0/29) ====>                      <===== BACKUP (DSL LINE)
 
The Cisco ASA5510 currently is configured with the following interfaces: inside, outside backup, and dmz.The backup interface routes to the internet via a DSL modem, it normally is not active.The outside interface routes to the internet via a T-1 line.The inside interface is our local LAN and the DMZ has our email server on it.I am wondering if there is a way to configure the ASA5510 so all internet traffic from the inside LAN goes only through the DSL modem and all the DMZ traffic only goes through the T-1 line.  No inside traffic (inbound or outbound) should go through the T-1.  No DMZ traffic (inbound or outbound) should go through the DSL line.
 
I can get the LAN to use the DSL line with no problem, but the DMZ to T-1 side causes reverse-path errors.I am not looking for redundancy or failover protection.

View 3 Replies View Related

Cisco VPN :: ASA 5510 - AnyConnect Users Cannot Access Remote Office Over Site-to-site

Jul 15, 2012

we have two ASA 5510s one in 8.4(4) and one in 8.2(5) in a site-to-site VPN setup. All internal traffic is working smoothly.Site/Subnet A: 192.160.0.0 - local (8.4(4)) Site/Subnet B: 192.260.0.0 - remote (8.2(5)) VPN Users: 192.160.40.0 - assigned by ASA When you VPN into the network, all traffic hits Site A, and everything on subnet A is accessible.

Site B however, is completely inaccessible for VPN users. All machines on subnet B, the firewall itself, etc... is not reachable by ping or otherwise.There are also some weird NAT rules that I am not happy with that were created after I upgraded Site A ASA to 8.4

Site A internal: 192.160.x.x     External: 55.55.555.201(main)/202(mail)
Site B (over site-to-site) is 192.260.x.x     External: 66.66.666.54(all)

I pretty much just have the basic NAT rules for VPN, Email, Internet and the site-to-site.What do I need to add for the VPN to be able to access the site-to-site network?

Here is my NAT config:

nat (inside,Outside) source static DOMAIN_LOCAL DOMAIN_LOCAL destination static VPN_Network VPN_Network no-proxy-arp route-lookup
nat (inside,Outside) source static DOMAIN_LOCAL DOMAIN_LOCAL destination static DOMAIN_REMOTE DOMAIN_REMOTE no-proxy-arp route-lookup
!
object network DMZ_Network
nat (DMZ,Outside) dynamic interface
object network DOMAIN_LOCAL

[code]....

View 3 Replies View Related

Cisco :: Aironet 600 Can Remote LAN Interface Be Configured To Skip Authentication For IP

Feb 3, 2013

On an AIRONET 600 AP (officeExtend) with the remote LAN interface is configured to use 802.1x authentication:If a Cisco IP Phone is connected, 801.x authentication challenges for credentials. The AP does not seem to have a way to detect that this is an IP Phone and to skip the challenge (as Cisco switches/routers would do) Is there any way around this? Can the remote LAN interface be configured to skip authentication for IP Phone and only authenticate PCs etc..?

View 5 Replies View Related

Cisco VPN :: ASA5510 - License To Upgrade From 2 To 250 Users

May 21, 2013

i have bought the below licenses for the ASA5510 to upgrade from 2 to 250 users and yet i can give access to 2 users only.
 
L-ASA-AC-M-5510=
L-ASA-AC-E-5510=
 
Kindly find attached the "show version"

View 6 Replies View Related

Cisco AAA/Identity/Nac :: ASA5510 / VPN Client And Clientless Users Not Authenticating With AD?

Oct 16, 2012

Web clients are receiving login failed messages and VPN clients are getting disconnected by host messages. I am able to ping the server from the ASA5510.  Users authenticate in AD.  I am not sure if the problem is on the server or the ASA.

View 1 Replies View Related

Cisco Firewall :: ASA5510 Any Way For Users To Not Get Disconnected / When One Device Fails

Jul 8, 2012

I want to set-up a HA for ASA5510. I wanted to design the network to achieve HA. I am attaching the present set-up of the network. At present, I have 2 ISPs connections terminating in ASA5510. The configuration is done for failover in ASA5510.I have another ASA5510 and want to use it for HA. I needed to know the design for the set-up. I want a stateless failover since the amount of traffic is less. I don't have any ISP routers in the present network. I suppose I need 2 routers for HA and couple of switches. One more question is that, as there are SSL VPN users, is there any way for the users to not get disconnected when one device fails.

View 5 Replies View Related

Cisco VPN :: ASA Hairpinning Remote VPN Users 8.4?

Aug 14, 2011

I have set this up on pre 8.3 code and 8.3 code as well. I have the following configured on the ASA, but it is not working and I am not seeing the ASA trying to NAT the VPN pool IP address that the client gets assigned.  
 
object network VPNPool
subnet 192.168.70.0 255.255.255.0
 nat (outside,outside) dynamic interface
 same-security-traffic permit intra-interface

View 3 Replies View Related

Cisco :: ASA5520 - Implementing VPN For Remote Users?

Apr 25, 2012

I have roughly 50 users that are remote, and use VPN to access the resources in my network such as file servers, application servers etc.  We currently use Microsoft VPN to authenticate those users.  It works, but I am not a fan on Microsoft VPN.
 
I have purchased an ASA5520 to replace my crappy layer 3 HP core backbone switch, and plan on replacing my Microsoft VPN with Cisco VPN.  I want to configure my ASA so my remote users can continue to VPN into my network securely?Is this possible?

View 8 Replies View Related

Temporarily Lock Out Remote Users?

Dec 30, 2011

One of our accounting administrators will be working in our server this weekend from his home remotely. He wanted to know if there was a way I could temporarily lock users from remoting in a few days to prevent them from messing up his work.The only way I could think of was disabling the accounts in Active Directory and then re-enabling them once he was done. Server is running Windows Server 2003 with the users remoting in via RDP. They all have accounts in Active Directory.

View 1 Replies View Related

Cisco VPN :: ASA5510 / Remote IPSEC VPN ASA Behind NAT?

Mar 18, 2012

i want to create Remote IP Sec VPN on Cisco ASA5510.Problem is this 5510ASA is behind another 5520ASA and it dont have any public IP address on any of 5510 interface.if i do static NAT of ASA 5510 Private IP on internet facing 5520 IP Public POOL, then will VPN work on 5510 ASA? and what ports need to forward on 5520 for 5510 to become IPSEC VPN head end

View 1 Replies View Related

Cisco VPN :: SA520W SSLVPN For Remote Users Only 64kbps?

Oct 19, 2011

I have setup an SA520W and configured SSL-VPN for our small business.  Everything seemed to go smoothly and I tested SSL VPN by logging in and playing around a bit which seemed to be fine.  However, shortly after deployment I started getting complaints about it being much slower than our old VPN through the consumer grade router I just replaced.  I investigated and tested with IE8 and Chrome on Windows XP 32-bit with several different machines, and in all instances it did seem very slow indeed.  While looking around I noticed that the Task Manager under the Networking tab shows the SSL VPN connection as VirutalPassage at 64 Kbps.  Going into Network Connections shows VirtualPassage under the Dial-up heading with device name Virtual Passage SSLDrv Adapter.  Additional properties describe it as an ISDN channel.  I have attached an image of the Task Manager pane.The router is running the latest firmware of 2.1.51.  It is connected via a static IP that does not require a login, to our dedicated 5 Mbit / 5 Mbit ethernet over copper link to our ISP.  We get great speeds and low latency through everything but SSL VPN connections.  I haven't done anything fancy so the router certificate is the factory default.  Currently we are using the existing 2 SSL VPN licenses that come with the router until we need more access, at which point I want to upgrade to the 25 user bundle.  However, I don't feel comfortable upgrading until I get this resolved, because 64kbps simply cannot work for us for a VPN solution.how to configure the SSL VPN to not limit at 64kbps?  My engineers are making fun of me for bringing us back to dialup, and I have to agree with them!

View 1 Replies View Related

Cisco VPN :: 5510 Remote Vpn Users Having Address From Pool 2

Apr 5, 2011

can i have 2 pools each with diifferent subnet [code] i wanna put restricution on remote vpn users having address from pool-2,and just give them access to 172.16.10.0/24,is it possible on the asa 5510?

View 7 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved