We recently had a Port Scan done on our external IP Addresses. One of those IP Addresses scanned was our Concentrator 3000. The report came back with the following TCP ports being open on the Concentrator 3000 - 80, 443, 1723, 10000, 10001, 10002, 10003, 10004, and 10009. I am unsure if it is necessary to have any or all of these open. The Concentrator 3000 is in front of our ASA5520.
View 1 Replies
I have been trying to setup a LAN-to-LAN VPN between two sites that are using a 3000 series CISCO Concentrator. After following the basic setups from the CISCO site, I am still unable to create a tunnel. At the moment I'm starting to believe it is how I have physically setup the network. Site 1 is using a Billion BiPAC 7404VNPX ADSL2+ Modem, Site 2 is using a Netgear DGN2000 ADSL2+ Modem, The VPN Concentrators are setup behind these devices with each firewall setup to allow the needed ports forwarded.
View 5 Replies View RelatedOur VPN 3000 concentrator's admin password was changed by somebody so i reset the password by using straight through serial cable, now the problem is it allows me to login with admin through console but not through admin web interface or telnet. I have enabled telnet and http access but still no success. Concentrator is using internal database so no AAA server is configured.
View 1 Replies View RelatedI have a client who saw there was a android version of the AnyConnect client and want me to go through and get their VPN 3000 Concentrator confingured to be able to connect in with it.
The Conncentrator is currently setup several groups of users and the base group is set up to all other products to connec tin via a pre shared key. It took alot research to get it configured to this point and all the searches i pull up are for a ASA.
I have a VPN Concentrator 3000 with LAN-to-LAN DES-56 connections connected to it (Cisco PIX 506). Everything was working fine and then over the night something messed up on it. No settings were changed or anything.
First issue was anything using DHCP (getting IPs from the sites local PIX) couldn't be pinged or reach out through the Concentrator. It was only Thin Clients that didn't work. I could still ping the PIX, printers and desktop computers that were static set IPs. But this was happening at every site going through this Concentrator. The sites going through out MPLS network are fine.
I tried setting the Thin Clients to a static IP but still couldn't ping them.
I then decided to reboot the Concentrator, when it came back up all sites reconnected back to the Concentrator but now couldn't ping anything at the sites, not even the LAN IP of the PIX (or printers and desktops now). I power cycled a few of the sites PIXs but they still were not pingable even though the Concentrator showed they were connected.
I then decided to physical power cycle the Concentrator, it's back up and all sites are connected but none of the devices on the LAN side are reachable.
The Concentrator can ping the sites WAN IP but nothing on the LAN side going through and out the Concentrator. It can ping the LAN through the private interface (going back towards my LAN) just not going through the public interface (over the WAN).
The sessions show that Bytes are Rxing but no Bytes are Txing.
I have 3000 concentrator in 192.168.1.x/24 network (concentrator has static IP of 192.168.1.4/24 assigned to its private int). I can manage it thru HTTP from any PC in the same subnet, but connection failes while trying to connect from PC on different subnet (i.e. 10.1.1.x/24). Is there ACL in concentrator config which needs to be modified to allow management from different subnet?
View 2 Replies View RelatedOur enterprise uses a VPN Concentrator 3000 for our VPN access. Is there a way to view a log history of what user connected to VPN and what IP address they were assigned? It would be for 2 days ago which was over the weekend.
View 3 Replies View RelatedI've the following scenario VPN Concentrator is connected to a router which is connected to a router and at the edge Cisco 515E PIX is connected to the internet. The problem is that the normal VPN Dial-up connection (a utility of windows) are getting connected but Cisco VPN Client throws error 412. Here's what I've tried (Initially groups and user were created):
(1) Allowed port 10000 on PIX ( access-list from-outside-coming-in permit tcp any host <public ip> eq 10000) and checked IPSec over UDP on VPN Conc. under Mode Config tab. Also checked IPSec over TCP tab under tunneling panel at port 10000. Tried connecting through VPN Client but it threw error 412
(2) In the reference guide, I read that IPSec over NAT is allowed on ports ranging from 4000 something to 40000 something.
I tried 33333, both on PIX and VPN Conc. under Mode Config tab but still no use. Same error 412.
is it generally possible to configure a site to site VPN connection between Cisco VPN Concentrator 3000 and Cisco RV220W / RV120W?
View 2 Replies View RelatedI have an old VPN 3000 Concentrator that I do not have any idea what is running on it. The previous network admin didn't leave a password for it, so I tried to reset the password. I was successful in doing so, but when I try to access it with the default of admin/admin via web browser, I still cannot access it. I am loathe to remove or power off this device without knowing what is on it.
View 6 Replies View RelatedWe have two 3000 vpn concentrators. Under both of their load balancing fields, Configuration - Load balancing , the checkbox for loadbalancing is enabled.However both have different priorities, one with 10 and other with 1. Does this mean both are actually loadbalancing. What does the priorities indicate here?If we replace the concentrators with ASA , how will this load balancing need to be configured on ASA & how will it work.
View 5 Replies View RelatedI manage a VPN 300 concentrator which has been happily working for several years without any problems. All users are part of the same group and authenticate to an RSA server. We recently moved from RSA authentication manager 6.1 to RSA authentication manager 7.1. Everthing continued working fine for several weeks, then at the beginning of this week we started getting users intermittently failing to connect to the VPN. I'm not sure if this problem relates to our new RSA server, but we have other network devices which authenticate to it with no problem so I guess the problem is with the VPN concentrator itself.
When users fail they just get a generic "Reason 427 connection terminated by peer" error message. The live event log shows "group = vpn, status = Not-in-service" when their connection fails. Other times they connect normally and no error messages are displayed. There seems to be no real pattern, sometimes your connection fails but if you keep trying you will eventually get in [however it can take many attempts over an hour or two before you succeed, or you may get in straight away with no problem].
I dont believe its a network problem, as I have run continuous pings to the concentrator and the RSA server whilst users are experiencing these problems and there are no drops.
The RSA servers authentication monitor always shows that the user has successfully authenticated, whether the users connection actually succeeds or not. I am tempted to just reboot the concentrator, but we have site-to-site VPN tunnels connected off it and I'm a little concerned that if it is faulty it may not come back up at all.
We have to setup an IPSEC tunnel for a client that does not what to exchange private IP address information for security and overlapping address space reasons. We will both be natting our source private ip address space as public IP address space and send those packets through the established tunnel. Im using a Cisco 3000 concentrator.
View 1 Replies View Relatedis it possible to use cisco AnyConnect client to connect users with Cisco VPN 3000 appliance?If so how to configure VPN 3000 concentrator to work with AnyConnect?
View 1 Replies View RelatedIs it possible to configure a site-to-site VPN between an ASA 5510 running 8.2(1) and an old Cisco VPN Concentrator 3000? I've only been able to find an old 3000 to PIX guide on Cisco's site, and I cannot figure out how the two device's VPN options match up.
These are the options from the 3000:
IKE Proposal
Authentication:
Encryption options:
On the 5510's Site-to-Site Connection Profile, all the options are clumped into two boxes under Encrption Algorithms:
IKE Proposal: Encryption, Hash, DH Group, Authentication
IPsec Proposal: ESP Encryption, ESP Authentication
We have a pre-shared key configured, but I cannot find a set of options on the 5510 to match the 3000; I always get this error:
3Jan 24 201310:10:09713902Group = 63.192.x.x, IP = 63.x.x.191, Removing peer from correlator table failed, no match!1Jan 24 201310:10:11713900Group = 63.x.x.191, IP = 63.x.x.191, construct_ipsec_delete(): No SPI to identify Phase 2 SA!
I have the port numbers but do not know how to proceed from there. Router is a WRT160N V2.
View 9 Replies View RelatedI just updated my F5D8233-4 ver 3000 router with the latest firmware. Now only one of the hardwired ports works (#1) and it causes the router trouble enough sometimes to make it disconnect from the cable modem. All the wifi connections (5 of them) work well and do not appear to cause any trouble. What can I do?
View 1 Replies View RelatedBest practices for an ASA5520. I'm currently running a pair of these as internal firewall for my organization, and have about 750 rules dictating traffic. A lot of the rules are for individual ports to specific server(s), some of them having 50+ ports opened. For example, Exchange has about 115 ports opened right now, anywhere from port 25 to 55000.
My question is that would it be better (faster, less strain on the ASA) to open a port range, (ie 52000-55000) or would the individual ports (ie: 52112, 52336, 52698,53441,53495, etc...) be ok?Obviously the individual ports are much more granular for security, but I don't want to take that into consideration now. Just strictly individual ports vs ranges.
I have a Cisco 877 connected to a VSAT modem, and I can't open ports outside, I dont know why?The Cisco 877 Fa0 port is connected to the VSAT modem at VLAN9, and the rerst of ports are connected to the local lan network at Vlan2. I can enter to Internet, but I can't open port outside. ADSL over pots is not used here.I need to open port 81 for ip address 192.168.1.130 and I dont know why this isn't working. Also if I do: sh ip nat translations I see this:
sh ip nat translations
cisco877#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 172.30.xx.122:81 192.168.1.130:81 --- ---
udp 172.30.xx.122:81 192.168.1.130:81 --- ---
[code].....
How can I allow all ports to be open? I don't really want my 1811 to block any traffic. I tried the command access-list 1 permit any which allows me to surf the internet, but when I check my web server, and port 3389 (Remote desktop) on yougetsignal.com it says those ports are blocked.
View 6 Replies View RelatedI need to open ports 25, 993, 995, 443 and 465 to setup MS-Exchange. I don't have an inhouse IT guy and this seems pretty straight-forward in theory but I can't figure it out I need to open ports 25, 993, 995, 443 and 465 to setup MS-Exchange.
View 5 Replies View RelatedI'm setting up a second exchange 2010 server at a DR location and have been experiencing some problems. The two sites are connected via a pair of ASA5510's using the point to point VPN. I want to rules out any possible VPN issues that may be blocking ports and wanted to see if there is an easy way to do this and simply allow all traffic without any restrictions between the two ASAs. I've attached the scrubbed configs here...Ewing is the primary site and DBSi is the DR site.
View 2 Replies View Relatedwhat command should I use to see all open TCP and UDP ports on my router?
View 2 Replies View RelatedI was told i need to open certain ports to certain IP's,what ports need to be opened to what IP's for the folowing game as im close to giving up.The games are as follows - Call of Duty 4, Counter Strike 1.6 and Source, Warcraft III, and StarCraft 2
View 2 Replies View RelatedThe problem is I don't know what to do to open my modem's ports because every single of them except of 80 is blocked,im having some latency problems on online games etc, I asked my ISP and they didnt probably understand what the port is they offered me changing my IP to PUBLIC IP for onetime payment, seeing as they probably dont know what the port is im confused now, will the public ip unblock the other ports?
View 19 Replies View RelatedNo ports seem to open up when they are supposed to be open according to the routers GUI.When i use "port checker"-websites, they even say that port 80 is closed until i actively open it in the router, then it shows up as open. This however only applies to port 80, no other ports shows as open OR allow any traffic through.The same thing happens when the router is in DMZ.What I have done so far is google my butt off without any results, I have tried a new router, a new network card, formated, re-installed windows and made sure that my ISP is not blocking the ports that i have tried to open.My purpose of opening a port is to run a mumble server, which I have run on a Hamachi VPN so far, and that has worked fine.
View 10 Replies View RelatedI can't open up any ports.I've tried using applications such as Simple Port Forwarding, PFPortChecker and manually by opening my router gateway (192.168.1.1).I can open a port, but if I check whether the port is open, it says that the port is closed. I tried opening ports through Windows Firewall and even disabling firewall, still won't work.
View 14 Replies View RelatedMy reports say that my listen ports are blocked even though I removed my router already. I've enabled these ports in Windows firewall already. Why are they still blocked?
View 4 Replies View RelatedI have 3 xbox 360s in the house and im having nat trouble with them, i am currently using an actiontec pk5000, from centrylink. i need to know if there is a way to open all ports on this router or if i should get a router/switch that i can open the ports on and use dmz on the actiontec for the new router to make this work.
View 2 Replies View RelatedI am thinking about opening a port for a certain multi-player game. I was just hoping to know if opening a port for this game could leave me vulnerable to hacking or other stuff like that.
View 4 Replies View RelatedI have this problem i can't open my ports on my D-link 524, i have opened about 6 ports so that my XBOX 360 works with a open nat, i have also set the DMZ to my xbox's IP which is static btw, my PC is also static. This is how i basically tested and it told me that it was not opened. I went into:
192.168.0.1 -> Advanced -> Virtual Servers ->
Enabled
Name: XBL1
Private IP: 192.168.0.100 ( because i was testing it on the computer - if it
were 360 it would be .141 )
Both UDP and TCP at port 3074
Schedule=Always
Apply -> Then restarts modem/router i waited for 2 minutes before turning them on again, i turned router on first because some guide told me to do that.
I did exactly what they did on portforwarding.com then i opened up portchecker and typed in 3074 and pressed check -> This port is NOT opened. What is wrong? This is how my net is set up.
Modem ZyXEL -> D-Link 524 -> D-Link DGS 1005D -> Computer/XBOX.
I am pretty new to Cisco - and I have a little 506E that I love. I got it working with my first scenario where I have one server that is my web, and e-mail server.I also opened the RDP port so I can remote into it. The IP's for the old server are internal 192.168.1.23 name ferbweb-external 71.12.111.219 name ferbwebpub. Now - I need to add another server in the exact same way with the same ports 80, 25, and 3389 open to the outside - IP's internal 192.168.1.31 name ferbmail and external 71.12.111.220 name ferbmailpub.I can get to all of these ports on the new server on the inside network - so that is not the problem.So, I went into the config, copied the statements for the old server, and changed them for the new server and added them to the config. I can still get to the old server from the outside fine, but cannot get to any ports on the the new server from the outside at all.I have done a lot of research, and cannot find what I am doing wrong.
View 6 Replies View RelatedI have open my 25, 110, 80 port on my Server from local i can telnet all those via my private ip but from public ip its not responding.
2nd thing I can ping both ips of My server through private ip and through public ip.
