I have
MLS : C6509-E
SUP : VS-S720-10G
PFC : VS-F6K-PFC3CXL
I'm trying to find out what is its limitation for encrypted traffic via SVTI there .
I don't have a SPA for the ip sec .
How can we check when we connect using VPN client software if traffic is getting encrypted ?
View 7 Replies View RelatedI've configured an ASA5505 to be Lan to Lan VPN tunnel endpoint, peering with a linux box. The ASA is full licensed so that side isn't an issue.PROBLEM:When the tunnel is initialised from the linux box everything comes up okay except the ASA isn't encapsulation any packets. It is decrypted the packets received from the Linux box okay but no return traffic is being encrypted.When the tunnel is initialised from the ASA, nothing happens.After some troubleshooting I've found that the ACL defining interesting traffic nor the ACL defining NO_NAT aren't being hit at all.
ACL for NO_NAT:
access-list NO_NAT line 1 remark ACL USED TO DEFINE WHAT TRAFFIC NOT TO NAT OVER THE VPN
access-list NO_NAT line 2 extended permit ip host PAMS_SERVER object-group LINUX-BOXES 0xc736d5fb
access-list NO_NAT line 2 extended permit ip host PAMS_SERVER 10.11.228.0 255.255.255.0 (hitcnt=0)
[code]....
I've checked with the administrator of the linux box and the definition for interesting traffic is exactly the same (except in reverse as should be the case).The firewall is doing other things like NATs and such like too but those NATs have nothing to do with this VPN. The setup is a LAN to LAN connection with no natting in between.The main parts of the config are attached, i've deleted things that should have a bearing on this however if you think it necessary i can sanitise the config and re-post. I think it will be working fine as long as the traffic hits those ACLs, however they're not and I'm unsure why.At this time i'm not seeing anything at all when doing an debug cry ipsec or debug cry isa. The ACL's aren't being hit so i'm guessing it's not even trying to form the VPN as it can't see any traffic that constitutes being 'interesting'.
The design is typical Cisco unified wireless solution. In such a implementation, is the traffic from the guest user who has successfully authenticated via WEB-AUTH encrypted? If so, what is the standard used, AES128 or TKIP?
View 6 Replies View RelatedIf there is C6509E as core switches and C3750 Switches running layer 3 at the User dept uplink to the C6509E Switches, what will be the multicast command that should be implemented at both end? CGMP or IGMP or do not need to implement this snooping as well?
Users (IPTV) -> C3750 (Access Switch) -> C6509E (Core Switch) -> C6509E (Server Farm Switch) -> IPTV Servers
Do we need to configure multicast at C3750 Switches (Access Level) at the User dept? Let's say the IPTV Mulitcast is 239.1.1.1. How can we build up this multicast configuration based on this scenario?
We are buying some C6509Es with Sup2Ts and 8 port 10G cards. Would like to get a close estimate of the power consumption for our configured chassis. Does C6509E have at least the following components that can share their show power output.
Catalyst 6500 Enhanced 9-slot chassis 14RU no PS no Fan Tray1Catalyst 6509-E Chassis Fan Tray1Catalyst 6500 24-port GigE Mod: fabric-enabled with DFC41C6K 8 port 10 Gigabit Ethernet module with DFC4 (Trustsec)1Catalyst 6500 Dist Fwd Card DFC416908 10G baseboard1Cat6500 6000W AC Power Supply2Cat 6500 Sup 2T with 2 x 10GbE and 3 x 1GbE with MSFC5 PFC42Internal 1G Compact Flash2Cat 6k 80G Sys Daughter Board Sup2T PFC42Catalyst 6500 Supervisor Engine 2T Baseboard2Catalyst 6500 2GB memory for Sup2T and Sup2TXL2
I would like to configure Ethernet jumbo frame setting in a C6509E switch with WS-X6548-GE-TX and WS-X6516A-GBIC port modules, and IOS 12.2(33)SXJ1. whether any of these modules can support jumbo ethernet frames up to 9000 per port bases.Also, if none of these modules support port-based jumbo frame MTU then would the switch allow jumbo frames on Ethernet trunks from an access switch (say a C3560)?
View 3 Replies View RelatedI reloaded XP on an old laptop I have, a Toshiba Satellite, and it works fine. Problem is when I try to connect to my wireless network, it comes up as being security protected...and it isn't...and never has been. I have other computers connecting just fine, but I can't seem to figure this one out. I don't have a key to enter as there isn't one! I installed a USB wireless adapter, and it works fine, but I don't want to use the adapter on the laptop.
View 6 Replies View RelatedI am actualy trying to make a remote access VPN between a ISR1921 and Windows 7 pro. I already managed to put a PPTP VPN with an authentication against our LDAP databse via radius. But our password are in SHA1 in our LDAP, so I had to let the password unencrypted on the network using pap and this is bad.If I don't use pap, it simply doesn't work since all the other method need unencrypted password for the challenge authentication.Does that mean that every remote access VPN keep our password unencrypted ? Maybe use EAP (but I can't find a howto or good documentation about it)? Can I add a certificate or something?
View 1 Replies View RelatedIs it possible to configure an IPSEC GRE tunnel with RIP on an SRP527w? I see RIP, GRE & IPSEC are all possible.. But I'm not sure about them all together securing the GRE tunnel??
I basically want to do this with the SRW routers not native IOS. Single head end hub & spoke.
How WEP cracking works. I have a much better understanding now but it seems whatever programs I download and however close I get I always hit a wall somewhere. I am using windows 7 64 bit and my network adapters/cards are Broadcom 802.11n Network Adapter and Broadcom Netlink(TM) Gigabit Ethernet. I am not sure if these are adequate. I was using Commlink and aircrack but not sure if they are compatible and which versions i should have installed. I got as far as the collecting packets stage but the packets that appeared said ENCRYPT which was not correct and then my computer went to blue screen adn shut down and I had to system restore.
View 1 Replies View RelatedThe only way we can use our Motorola router is unencrypted. I have gone into the router numerous times and reset it, unplugged it, retyped the WEP key, tried to shift to WPA and nothing works. None of three computers in the house will connect unless all encryption is off. We live in a good neighborhood on a cul de sac, don't get a lot of traffic through here, and know the immediate neighbors, but nothing is stopping a stranger with a laptop from sitting on the street and using our wifi. I've talked to the Comcast tech. The trouble just seems to be our boxes won't get past the WEP encryption stage.
View 8 Replies View RelatedI have XP running on this older laptop for my kids.I wish to connect this laptop wireless (WPA2 encrypted) with the internet AND with other hardware in my home (other pc, harddisk, mediaplayer, printer).I know it can be done in windows 7, and Microsoft also had a virtual WiFi research project for a WEP encrypted visual WiFi.But as said I need a WPA2 encrypted virtual WiFi for a laptop running XP.
View 14 Replies View RelatedI've noticed, that ACS 5.1 is writing .gpg archives for backups. I'm about to upgrade an evaluation system and the Installation and Upgrade Guide tells me to do a full backup and restore in order to upgrade an eval to a production system. [URL] (second note in section "Evaluating ACS 5.1)
Question: can the production system sucessfully decrypt the backup? According to my personal gpg it is CAST5 encrypted with one passphrase. Is this passphrase constant for all ACS 5.x?
Got to set up a site to site VPN to one in a clients office and we're struggling to get Phase 2 working, just seems to loop around saying "Received encrypted packet with no matching SA, dropping" which to me means the ACLs arent mirrored correctly?
View 3 Replies View RelatedOur campus using WisM (WS-SVC-WISM-1-K9) as wireless controller , Cisco 1130 access point and Cisco Secure ACS 4.2 Solution Engine 1113 Appliance as radius server. For username and password, ACS will export the data from Oracle database (production DB). The problem that we are facing right now is password that store in oracle database is in encrypted format. Base feedback from our database administrator, the encryption is done by oracle - application layer and cannot be decrypt back. In Oracle they call it "Oracle Stored Procedures"
My questions :
1- Can Cisco Secure ACS 4.2 work with Oracle 10G or 11G?
2- Is there any option to tackle the encrypted password? Can ACS handle the "Oracle Stored Procedures" function?
are the connections between the ACS and external identity stores encrypted?I know that when setting up LDAP identity store there is the option to specify SSL conection. Are the other connections encrypted by default, or is the data sent between the ACS and AD, for example, sent in the clear?
View 3 Replies View RelatedPacket Sniffing is mainly used on non-switched networks to display data that was supposed to be sent to nodes other than yourself, allowing you to see information such as usernames and passwords etc.My question is, why can this technology not be used as easily on a switched network? When nodes send data through a switch does it become encrypted?
View 6 Replies View RelatedThis is a 5-year-oldish Gateway MX-6124 laptop running under Win XP 2002, SP3. I'm using SureWest DSL, with an ISP-supplied ComTrend NexusLink 5631 Modem/Router. The router is set up as a Secure Network, using WPA encryption. The laptop wireless operation light toggles off/on correctly using Fn-F2 control keys.I can connect to an open or non-secured wireless router, & have verified that at my church, at the Public Library, and at Starbucks. However, I cannot successfully connect to a passworded secured wireless source. I tried to use a secured network connection at my church yesterday, and could not connect. It "tries & tries" and eventually gives up and displays a cannot-connect type of message.
The laptop has worked correctly for several years on my home wireless network. It only stopped working about 3 or 4 weeks ago. I cannot recall changing anything in setup; I probably did it accidentally.I've spent about 2 hours in a couple of sessions with SureWest tech support. They diagnosed router setup using direct connect to the router, plus they talked me through several attempts at configuring the wireless config setup on the laptop. Everything I reported to them on the config settings appeared to be just fine. They also deduced that the wireless config on the desktop & router was correct.SureWest techs finally concluded that something was wrong with my laptop software config or the hardware, disabling it from making a encrypted connection. That sounds right to me, now having witnessed the secured connection failure described above, at my church wireless site.
I've looked at all the refs & things I can think of, plus followed step-by-step directions a couple of times with the SureWest techs. They rightfully pointed out that they could not make a tech support repair call on what did not appear to be a SureWest-related problem.I can easily make screenshots of any config screens needed on the laptop & upload to this forum.
In my company we put a RV042 router to connect two links to internet, but we have problem to enter a bank. The solution they gave us was to disable encrypted session balancing but I don´t know how to do it.
View 2 Replies View RelatedI installed a 1941 router with an encrypted GRE tunnel yesterday. The router has ipbasek9 and securiyk9 licensed. Initially the router was running the image c1900-universalk9-mz.SPA.150-1.M5.bin and was working fine. The tunnel was up and passing traffic. I then upgraded the IOS to c1900- universal k9-mz.SPA.151-2.T2.bin and when I reloaded the router the tunnel was stuck in a reset/down state. I tried doing shut/no shut on the interface and reloading the router again, no change. Being under some time pressure to get the device back into production I rolled back to the previous IOS image and the tunnel worked fine again. Is there a known bug that causes this behavior? I have searched cisco.com but have not found one. [code]
View 1 Replies View RelatedDoes the limitation on ASR 1000 series RP1 with regard to maximum number of match statements per class-map?. I have more than 30 match statements under my class-maps but when I apply the service policy on the interface, I get the error "cannot configure more than 16 matching statements per class-map for the interface”.I am running 3.1.0 S on an RP1. Is it a hardware limitation just like the older Cisco 10Ks?
View 1 Replies View RelatedDue to lack of address space, I have to go to NAT for our wireless guest users.Are there any limitation with WLC/NGS when comes to NAT?I have four 5500 WLCs, should I put them in 1 mobility group, at 2 different locations?
View 1 Replies View RelatedI have a new Inspiron 7520 and having issues with connecting to my secure network. In trying to troubleshoot the issue, I've discovered I can connect to my network when the connection is unsecured. When its encrypted, my connection is only limited (no IP address assign). I've also downloaded and installed the latest drivers with no resolution to my issue.
PC and Network Specifics:
PC - Inspiron 7520Wireless Router = Netgear N600 - model WNDR3700Wireless Network - 2.4GHz b/g/n, WPA2-PSK [AES]
System - Windows 8, 64-bitWindows IP Configuration
[Code]......
I have a 1262 that will be setup as a WGB and wirelessly connect to a Cisco MESH AP. A switch and clients will hang off of the 1262 WGB. How many clients can a 1262 WGB support?
View 4 Replies View Relatedi have few questions about MAC adress limitation. We have in our network cisco RV042 router, SLM2048 switch and WAP4410n AP.
My 1. question: is it possible to disable internet connection for concrete mac adress based on scheduling?
For example: between 23:00 - 5:00 this mac adress will not connect to internet.
If yes how i could do that?
My 2. question: is it possible that if this "mac adress" is connected for 5 hours than disconnect it for 6 hours?
I have a NMWLC6 module connected to a 3825 ISR using 1140N APs. Latest (but one) code. I had two SSIDs configured and deployed in the default AP group. Last week I needed to deploy a third SSID for unencrypted webauth, I created the interface and WLAN associated with the interface and the sub interface/svi on the WLAN-controller 0/1 with dot1q. All created with no problem and enabled, however the SSID was not available to clients and did not show up as available WLANs under AP groups menu. Out of desperation I created a new AP group and added an AP to it and hey presto all three WLANs were available and the third is now visible to clients! Is this normal behaviour? Is the default AP group limited to two SSIDs? (a quick google failed to find any documented limitation!) or is something weird going on?
View 2 Replies View RelatedWe have a deployment of 400 store. Each of those have 2 GRE tunnels running over MPLS & 2 GRE Tunnels running over Internet leading to our 2 data-centers. At each Data-Center, we have 1 ASR-1002 connecting both MPLS & Internet MPLS tunnels (800 total per router).
I saw in the documentation that OER & PfR cannot support more than 20 external interface (in our case GRE tunnels) per MC. Does it means that we need to have 20 routers acting as MC to be able to use PfR for our Internet GRE tunnels ?
Is there any more scalable solution for this ? How big company address this issue when they have a lot of interface to run PfR ?
I have LMS3.2 running and have set up daily log rotation of my SYSLOG file via Common Services-Server-Admin-Log Rotation. In LMS2.6 I set this up from the command line and was able to set the number of rotations to 120. I found in LMS3.2 setting up the rotation via the GUI that the number of rotations is limited to 90.
View 1 Replies View RelatedLooking to link up to 6513 chassis via 6704 10 gig cards.
I have a 6513 on the 8th floor and one on the 3rd floor in same building. Distance would be approx 150' max. New 10 gig cabling was installed between these floors.
I would like to use 2 10 gig ints on each 6704 to form a port channel (LACP) between the 2 environments.
So far I have been unable to get the links up between 6704's.
Customer wants to place a single 1552E to cover a particular area in his campus, and it will be placed on a tower, and the question is concerning the height. I can not find any particular height limitation such as 5 meters, 10 meters, etc. I understand this will influence the sign propagation as well as throughtput to the users, but can not find a matrix or a best practice guide for that.
View 1 Replies View RelatedI want to use a subnet mask of 255.255.254.0. The setup window doesn't allow me to type in that mask, rather it only allows me to choose from options on a drop down menu (which doesn't include that mask). Is there a way to do this?
View 2 Replies View Relatedour WAN is connected via L2WAN and using EIGRP to connect the sites. Currently there are 35 EIGRP neighbors over L2WAN and we are to install 15 more sites and will be connected to the same L2WAN. Some sites are still using Cisco 2651XM and we would like to know if it can still handle another 15 EIGRP neighbors. Some sites are 2800 and 2900 routers. And is there any other things to consider for EIGRP over L2WAN?
View 5 Replies View Related