i have configured remote access VPN to cisco ASA 5520, Cisco vpn client is connecting fine and both phases are coming up but ipsec phase packets are not encapsulating. and ima not able reach the remote subnets 192.168.10.0 and 192.168.180.0. [code]
View 4 RepliesI have a Cisco ASA5520 that I have setup to allow a GRE tunnel through from a router at site B. This all works fine when I use the below NAT with associated router object on the inside
object network SWTEST nat (inside,outside) static interface
My problem comes in that this kills off my Cleintless VPN connection to the same firewall, I changed my NAT to point at another of my statically assigned IP addresses, and then nothing works. Can anyone help with what I've done wrong, or what i should do? My rule base allows any GRE in from the source, and rules all look fine.
i have my router connected to ISP then my router directly connected to my ASA5520....i use also ASA5520 as my DHCP Server and i was wondering with the DHCP Server function of ASA 5520 because if i use the ASA 5520 LAN ip ...all workstation will not be able to browse anything from the internet unless i use my ISP DNS IP which they gave me?
View 3 Replies View RelatedI have implemented a Clientless SSL VPN solution with Smart-Tunnel feature on Cisco ASA 5520, software 8.4(4)1.I have been successful in making Bookmarks which employ Smart-Tunnel feature to avoid content rewritting (if any). And in reality it works fine with some links. However there are some links to an Oracle portal, it doesn't work.I was able to log into the Oracle portal with its username/password. However when i click into a button of the drop-down menu, nothing happens while normally there should be a box appearing. The Oracle portal runs with some Java stuffs which i don't really know as i am not a programming engineer anyway.
View 1 Replies View RelatedI have a problem with VPN Passthrough with a NCP Client and Cisco ASA 5520 Version 8.4(3)A VPN IPSec Connection with a Cisco VPN Client through the Cisco ASA works fine.The NCP Client establish a connection with Source and Destination UDP 4500 to the remote VPN Gateway and the connection setup is aborted.If I establish a connection with a NCP Client on a Virtual Machine with NAT , the connection setup works fine.A connection setup under VM in Bridge mode is also aborted.The VPN Passthrough problem with the NCP Client started with the Update to version 8.4(3)The connection worked very well until version 8.2(5).
View 6 Replies View RelatedI’m intending to establish a VPN connection between Nortel 1140E phone behind a ADSL router and a Cisco ASA 5520.can any one confirm to me if the vpn client on the Nortel 1140E phone is compatible with Cisco ASA
View 1 Replies View RelatedA lot of times our users will have a bad connection from where they are connecting in from. Their Internet connection will drop and the VPN Client disconnects but on our Cisco ASA5520, the connection will still be connected and when their Internet connections comes back, they are not able to connect as the session is still up on the 5520. Is there a way to make the connection clear quicker? I have IKE Keepalives on the RA Profile (Confidence 300 seconds, Retry Interval 2 seconds) but it seems to keep the session longer than that. Is there anything I can do to make the connection clear quicker?
View 2 Replies View RelatedI am using an ASA 5520 running 8.2(4). My objective is to get a VPN client to access more than one network on the inside of the network, i.e., I need to VPN in with an IPSec client and be able to establish tcp connections to servers at 192.168.210.x and 10.21.9.x and 10.21.3.x, I believe I am close to having this resolved, but seem to have a routing issue.
View 5 Replies View RelatedI have a cisco 3750 switch connected to the ASA5520 which is connected to the internet
LAN ----> Catalyst -----> ASA5520 ------> INTERNET
10.1.4.0 ---10.0.0.1 ----10.0.0.2 ------- 203.98.227.3
On my switch I have VLANs configured. From the 10.1.4.0 network, I'm able to ping switch gateway. I can ping insde of ASA .. See my ASA config below. I have allowed http and dns traffic outside but cannot browse internet from the 10.1.4.0 network.
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 203.98.227.254 255.255.255.0
!
interface GigabitEthernet0/1
[code]....
ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src outside:192.168.13.50 dst DMZ2:192.168.13.15 (type 8, code 0) denied due to NAT reverse path failure
Cant seem to get around this one yet. I have a remote ASA that I can VPN into. It has 2 dmz's, outside and inside interface configured.
Inside subnet is 192.168.11.0 / 24
DMZ2 is 192.168.13.0 / 24
VPN client pool is 192.168.15.0 /24
I login in fine. But have no access to the DMZ2 subnet. I get the failure listed above.
My users are using AnyConnect to make a remote access VPN connections to the corporate office thru an ASA5520. At this time, VPN users have very limited privileges because we allow users to connect using their home computers and RSA tokens.
I need to find a way to determine whether an AnyConnect client is connecting from a company-owned/maintained/patched laptop or some other device. I would like to give full network access to the company laptops while continuing to restrict access to the home machines. So far, the only idea I have is to use DHCP and associate the MAC addresses of the company laptops with addresses is a privielged subnet range.
I'm trying to setup the SSL VPN portal:When I connect via HTTPS to the ASA5520 outside interface I get the login prompt and after successfully login it takes me directly to the Anyconnect client download (starts Anyconnect immediately) even though in the group policy is configured to not prompt the use to chose the post login and the post login is ste to go to Clientless SSL VPN Portal?
View 7 Replies View RelatedI'm trying to configure an ASA 5520 with cut-through proxy feature. The user is required to be authenticated when trying to access an outside resource from the inside. This is a test lab before it is implemented in production. [code]
View 15 Replies View RelatedI have a cisco ASA5520 box running with IOS version8.2(5)13 where default policy map is applied globally. But I have not seen any traffic being inspected through included protocol defined under policy map.All configuration seems to be ok for me.
service-policy global_policy global
Global policy:
Service-policy: global_policy
Class-map: inspection_default
Inspect: ftp, packet 0, drop 0, reset-drop 0
[code]....
I can no longer SSH to a primary active firewall. It had all of a sudden stopped working. However I am able to SSH to the secondary standby firewall without any problems. I did try to regenerate the RSA key on the primary fw, but still unable to connect. The only way I can connect to it is by using telnet.
I ran the "show asp table socket" command and I'm seeing port 22 listening on the primary IP address (not the standby), foreign address is 0.0.0.0:*. I did a packet capture on port 22 on the inside inside, seeing my request hit the fw and then right away a reset back from the fw.
version 8.2.(5)
model ASA5520
I'm hitting a bug in the software version I'm running? Or what else can I check before rebooting the primary fw?
internet is working with the client except for gmail account using outlook 2010.
View 1 Replies View Relatedwe noticed that the Cisco Secure Desktop / Hostscan is not working with Internet Explorer 10 on Windows7/Windows8.
As described here, the SSL VPN is/should working but no documentation about Cisco Secure Desktop / Hostscan. url...It's a Cisco ASA5520 with the lates release.
- ASA Version 9.1(2)
- ASDM 7.1(3)
- Cisco Secure Desktop csd_3.6.6249-k9.pkg
- Hostscan hostscan_3.1.03104-k9.pkg
I've recently migrated a PIX 525 to ASA 5520, but for some reason (through ASA) the users from OUTSIDE aren't able access services published in DMZ as well as some DMZ servers aren't able to communicate to some OUTSIDE services.
-INSIDE to DMZ is working fine. (through ASA)
-INSIDE to OUTSIDE is working fine. (through ASA)
Below is the configuration from my PIX (where everything works just fine) as well as the one on the ASA (where there is a problem), what could be the cause?In the below case the DMZ hosts from 11.1.10.0 aren't able to access SMTP services (through ASA) and the OUTSIDE users aren't able to access DMZ web server (11.1.10.40) through ASA, this all just works fine with PIX.
object-group network inside_subnet_all network-object object inside_subnet_a network-object object inside_subnet_b network-object object inside_subnet_c network-object object inside_subnet_d network-object object inside_subnet_e network-object object inside_subnet_f network-object object inside_subnet_g network-object object inside_subnet_.access-list OUTSIDE extended permit tcp any object host-11.1.10.40 object- group WWW-HTTPS access-list DMZ extended permit object SMTP object dmz_subnet any access-list INSIDE extended permit ip
I have an ASA5520 with mobile VPN Ipsec.The "splitTunnelAcl" set the group is not working.
View 7 Replies View RelatedOur firewall expert has gone off on long term illness leave and I am trying to pick up the pieces :-(
We have an ASA 5520 (local office) talking to another ASA (remote office) via a VPN Tunnel.
My 1st problem is that I cannot ping from my inside network (local) to the outside interface of my remote ASA.
My 2nd is that I have debug enabled on my rules but am not logging anything.
tying to connect CSM client to CSM server (ver 4.0) and getting attached error message. The server is running, no errors reported while installation, all services are up and fine. I tried to install client locally on the server and connect it that way with no luck. CSM server runs on Win 2008, firewall disabled.
View 0 Replies View RelatedI am unable to connect to the vpn I set up on my ASA 5505 using the Cisco VPN Client on a Windows machine. The log of the vpn client and the config of the ASA 5505 are below.
LOG CISCO VPN CLIENT
Cisco Systems VPN Client Version 5.0.06.0160
Copyright (C) 1998-2009 Cisco Systems, Inc. All Rights Reserved.
[Code]......
I recently picked up a Billion 7800N home router to replace my old netgear which was dropping signal alot.I seem to have develpoed a problem accessing my work network through the VPN client. I am able to connect the Cisco VPN client to the network ok but I don't have any access to the server and exchange email. I have tested the client settings on my old Netgear and it is working fine. This points me to the direction of the router....I don't have any packet filtering on and I have set up profile from my fixed internal home ip to the work ip to allow any protocol and any port.I have also port forwarded 500, 4500 and 10000UDP to my internal ip address.
View 4 Replies View Relatedpxe server ip address is 10.10.10.20 which is connected to switch port fa0/9 and client is connected to switchport fa0/7.i have only 3 devices altogether. below is running config of switch. wen i boot the client from the server, it display error message as: "proxy dhcp were offered. none dhcp were received. exiting broadcom pxe."
Switch#sh run
Building configuration...
Current configuration : 2710 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption[code].....
I've been labbing on my asa5505 at home, setting up different VPN solutions for testing purposes. However, I can't get my anyconnect client to establish a DTLS tunnel when connecting (anyconnect only shows tls, and does not display any errors about not connecting with dtls)I have set dtls port to 444 and this port is open on the other side.
View 2 Replies View RelatedOn my Windows 7 laptop, after connecting to my office Network using Cisco VPN clientThe entire Internet is utilized by the VPN. I am unable to browse the internet on my computer till I disconnect the VPN Client.
View 3 Replies View Related2504 WLC, 1042 AP's
I have my NPS server setup, Group Policy, Certs (RAS+IAS), DHCP option 43, DNS A record
If I look in the event viewer on NPS, it says
Log Name: Security Source: Microsoft- Windows -Security -Auditing Date: 5/22/2013 12:36:37 PM
Event ID: 6272Task Category: Network Policy Server Level: Information Keywords: Audit Success User: N/A Computer: mfs1.Mitchell. internal Description:Network Policy Server granted access to a user.
[Code] .....
But the laptop won't connect or get an IP.
I'm on a Mac connecting to a Cisco ASA 5510 with AnyConnect VPN client.
The connection is established and it works for 15-30 seconds, then the connection drops. AnyConnect will reconnect, and then it works fine.
I noticed in the logs that it reconnects with a smaller packet size.
, I have ipsec vpn setup on an asa5505 at one of my office locations but when I try to log in to the vpn with the vpn client it just dont work but I have a Linux laptop with vpnc loaded and that connects just fine no problems there ? by the way on my windows system i Have vpn client 5.0.07 asa5505 8.0.(4) asdm 6.1.(3)
View 5 Replies View RelatedI have a situation here where after migrating from PIX 6.3 to ASA 8.4, VPN connection from window server 2003 and 2008 fail to connect. Strangely, win7 or win 8 works perfectly well.
It failed due to
reason=DEL_REASON-IKE_NEG_FAILED
The diff we can see is win 7 is 32 bits and the server client version is 64bits.
I installed on 2 different PCs (Win7 64-bit) the Cisco VPN Client 5.0.07 with the same VPN profile for 2 different users. We use an ASA5505 (8.0(5) sec plus license) as the VPN end point for the clients. The VPN Clients can connect simultaneously to the ASA, they receive the split tunnel infos but only ONE client can ping the internal network ip range. The other one has no access to the internal resources! When they separately try to connect, there is no problem. Each of them can reach the internal net.On other 2 PCs (Win 7 32-bit) the clients have no problem reaching the internal net (simultaneously connect).
View 0 Replies View RelatedI have installed the new version of DCNM Prime (Version: 6.2(1) and all installation process went well without any error or warning, DCNM SAN client works well I can loggin and manage my MDS and UCS, but I have big issue to run DCNM LAN client after successful logging I have window that freezing and nothing is displayed (see printscreen attachment) I reinstalled several time Java, installed four version different of Java, tried this client from three different PC and still have the same issue.
View 0 Replies View RelatedI've recently installed a Prime DCNM 6.1(2) to a Windows 2008 R2 SP1 64 bit version. It seems to be working fine, apart from the DCNM-LAN client.If I login with the Java client, I got the GUI, however it remains blank - I can see the menu, but no data at all. It seems it cannot cummunicate with the DCNM server. DCNM-SAN client, the WEB client and the Device manager works fine, but I just cannot make this work.Tested it from Win2k3 SP2, Windows 7, and the server itself, with Java 1.6.31, 1.6.37, 1.7.13.
View 8 Replies View Related