Cisco VPN :: Framed IP Address ASA5510
May 17, 2012
Recently I've installed this particular cisco ASA5510 at a client site (Head office), along with remote access VPN setup. All most 32 branches(one user from each branch) connect to the head office via remote access vpn.
Further I've used the "vpn-framed-ip-address" command along with a dedicated ip address, under each "user attributes", so every time when a user connect, he used to get the same ip address from the VPN pool.
My problem is sometimes this setup works fine, but once in a while the same ip address will be assigned to two different users at the same time, despite of the "vpn-framed-ip-address".
View 2 Replies
ADVERTISEMENT
Mar 29, 2012
I have a running L2TP/IPsec VPN setup with authentification against a radius server (freeradius2 witch mysql). I would like to have some of my VPN users get a fixed IP address instead of the dynamically assigned IP Pool.
The radius server is returning the correct parameters, I think.
It´s a Cisco 892 Integrated Service Router. Code...
View 2 Replies
View Related
Sep 7, 2011
I'm trying to achieve framed-ip-address/static ip address for some remote access vpn clients and ip allocation from pool dynamically for remaining remote access vpn clients. I've configured my asa [URL].
I'm using local database for user authentication. Remote users can connect and always gets IP address from pool only and never gets the framed-ip I configured for those particular users.
View 3 Replies
View Related
Mar 27, 2012
I'm configuring a Cisco 7206 NPE-G2 as B-RAS for PPPoE over a Gigabit Ethernet interface. Everything is OK but I'm having problems when i try to pass the framed-route attribute from the RADIUS to assign a /29 sub net to a PPPoE client, the 7206 seems to skip it and no route is installed in the routing table.
This is the configuration:
upgrade fpd auto
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
[code]......
I tried also with Cisco-AVpair ip:route with the same results.
View 3 Replies
View Related
Dec 5, 2011
We have two ASA5510's, running IOS ver. 8.2(4). We setup Load Balancing on two ASA's. Will there be any problems if we change the IP address of the outside interface on one of the ASA's?
View 0 Replies
View Related
Feb 7, 2013
Just want to know if there is a way to configure secondary IP address on the outside/public interface of ASA/PIX.One of our clients have used most of their IP on the subnet given by their ISP. They use those IP's for staticallymapping to Servers inside their local LAN. Thus, they requested another block/subnet from their ISP. They will also use this for static mapping/port forwarding to other servers in their network. The current UTM they are using is allowing this but they would like to use ASA/PIX as their main Firewall. Is this even possible or is there a workaround for this kind of scenario?
View 5 Replies
View Related
Sep 27, 2011
My customer has a 5510 with the inside interface connected to a routed port on a Cat3560G.When I look at the arp cache on the 5510 all inside IPs have the MAC of the 3560's routed port. [code]
View 6 Replies
View Related
Mar 25, 2011
I am configuring ASA 5510.
My ISP given /28 pool of public IP's. So i had total 14 available IP addresses.
I configured one IP to the my firewall outside interface. I want assign remaining IP's to the my Servers, which are located inside to the firewall.
View 2 Replies
View Related
Feb 2, 2012
We have a cisco asa5510 firewall, A user at home has a avaya ip phone which connects in on the VPN to the cisco asa5510, for some reason it keep dropping the connection then re connecting on a different IP address(see attached screen shot) thus losing the phone.
View 0 Replies
View Related
Jun 23, 2011
Recently, I've been having significant problems with denial of service on our ASA-5510. Two IP addresses in particular attack my ASA regularly. What kind of rule do I need to create to deny these IP's access to my firewall?
View 4 Replies
View Related
Aug 8, 2011
i am just installing my ASA 5510 and i want to configure it for remote access VPN IPSEC client.i use this doc : URl,When i start the connexion, the Client uses the first address of the pool and not the dedicated address ?,i have forget something ?
View 2 Replies
View Related
Mar 10, 2011
we have two Cisco ASA 5510 in failover configuration.We tried to change the public IP address on the Outside interface of the primary device but it didn't works. The new IP is not reachable from Internet nor pingable from device on the same LAN.The new IP address is in the same subnet of the old IP.
From the switch on which the ASA is connected and from another Cisco PIX we can see the ARP entry. In the analysis, on the old public IP address there was a VPN site-to-site and Webvpn defined.We tried also to shut/no shut the interface and reboot the device.
View 1 Replies
View Related
Aug 23, 2012
The old syntax that I am much more familiar with has been deprecated. On older IOS it would have been something like static (inside,outside) tcp 209.114.146.122 14033 192.168.30.69 1433 netmask 255.255.255.255 Plus an extended ACL to allow the traffic.I am trying to create a Static PAT to allow a host address to access our Network through an ASA. I have external address 209.114.146.122 that I want to hit the external interface on an obscure port (say 14033) and translate that traffic to an internal host address on port 1433.
View 11 Replies
View Related
Jun 6, 2012
ASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?
View 3 Replies
View Related
Mar 6, 2012
I am having an issue where occasionally the Sidewinder starts to see my internal RFC 1918 address instead of the configured external address of my firewall. This is for peering between the two. The error they see on the Sidewinder is:So instead of seeing the external peer address he sees a 10.220.3.18 address. We are not sure what triggers this becuase normally he see's my 63.117.98.222 address.
View 5 Replies
View Related
Jul 8, 2012
I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to 192.168.1.244:92 (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at 192.168.1.244:92. The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did.
View 7 Replies
View Related
Oct 13, 2009
Is it possible using any module in CW to get the MAC address and IP address of all switchports on a 6500?
View 6 Replies
View Related
Jul 16, 2011
I switched from Time Capsule with AirPort to E2000 and have a problem with configuration.I use the same IPs as in AirPort and E2000 gives me an error:"The WAN IP address cannot be the same subnet as the Guest Network IP address" and I can't save configuration.But in my opinion they are different.I use "Static IP" option and I have IPs from my ISP: [code] So WAN IP is different subnet as LAN and I don't know what to do now. It worked with these settings in AirPort and here I can't proceed.
View 2 Replies
View Related
Feb 28, 2011
Is it possible to assign public IP address as Router's local IP address (RVL200, RVS4000)?
View 1 Replies
View Related
Jul 3, 2011
I have a Linksys WRT54GS v5.1 router running firmware 1.52.5.I am trying to use Linksys IP Phones SPA942, but these do not seem to be able to log on and just show "Initializing network" even though the MAC address appears in the router with an IP address.The strange thing is that I already have 4 SPA941 phones that work with no problem and just log on to the network.Is there something about the SPA942 that I need to configure differently, I have factory reset it with sucess, but still unable to log on to the network.
View 1 Replies
View Related
Apr 26, 2011
On my cisco IOS 12.4 router,Can i make it so only lets say mac address 11:22:33:44:55:66 able to use ip address 10.10.10.2?I want this so that only this IP can configure servers, and so if the computer using it is turned off, any other device cannot use the IP address.
View 6 Replies
View Related
Mar 2, 2011
I recently configured and installed a 1941ISR for a customer. The customer purchased a 25-User SSLVPN license with the router, and I configured it for remote SSLVPN access. This is working nicely except for one issue: when users initiate an SSLVPN connection request by browsing to the assigned webvpn gateway IP, they get the "There is a problem with this website's security certificate" browser message. They are in the process of working with their DNS hosting provider to get a DNS entry assigned to the IP address so the users won't have to specify an IP address in the URL address box, but they will continue to get the certificate error until/unless I can figure out how to resolve the issue.
I've tried the following "How to make IE8 trust a self-signed certificate in 20 irritating steps" that I found via another forum link but with no luck:
1.Browse to the site whose certificate you want to trust.
2.When told "There is a problem with this website's security certificate.", choose "Continue to this website (not recommended)."
3.Select Tools->Internet Options.
4.Select Security->Trusted sites->Sites.
5.Confirm the URL matches, and click "Add" then "Close".
6.Close the "Internet Options" dialog box with either "OK" or "Cancel".
7.Refresh the current page.
8.When told "There is a problem with this website's security certificate.", choose "Continue to this website (not recommended)."
9.Click on "Certificate Error" at the right of the address bar and select "View certificates".
10.Click on "Install Certificate...", then in the wizard, click "Next".
11.On the next page select "Place all certificates in the following store".
12.Click "Browse", select "Trusted Root Certification Authorities", and click "OK".
13.Back in the wizard, click "Next", the "Finish".
14.If you get a "Security Warning" message box, click "Yes".
15.Dismiss the message box with "OK".
16.Select Tools->Internet Options.
17.Select Security->Trusted sites->Sites.
18.Select the URL you just added, click "Remove", then "Close".
19.Now shut down all running instances of IE, and start up IE again.
20.The site's certificate should now be trusted.
I followed all 20 irritating steps to the letter, but am still getting the security certificate nat.Now when I “Continue to this website (not recommended)” and click on "Certificate Error" at the right of the address bar, the certificate error windows says “Mismatched Address”.Is there a way that I can get this fixed without resorting to a 3rd party CA?
View 5 Replies
View Related
Jun 3, 2012
I have been trying to clone my PC's MAC onto my Linksys WAG120N adsl2+ modem router .
I click the the clone my PC's MAC button in the MAC address clone tab. I get the following error :
"Mac address cannot be the multicast address"
The MAC address starts with 1C:C1:XX:XX:XX:XX
I even tried to update the firmware.
View 9 Replies
View Related
Aug 23, 2009
I recently switched routers to the DIR-615 and I'm trying to troubleshoot why one of our laptops keeps losing the IP address and gets a self-assigned IP address. I see the following messages in the log, I am wondering if the reason codes are listed and explained somewhere? I tried searching the manual but could not find any information.
View 9 Replies
View Related
Jun 1, 2012
We have an ADSL connection and use a D-Link DSL-320B modem. We have a D-Link DIR-120 router connected to this modem. This has worked perfectly fine up until today when we disconnected the router and connected a computer (call it A) directly to the modem because it was getting an unusable connection through the router for some reason. We later also performed a factory reset on the DIR-120 router.
Unfortunately, after the above steps the router did not receive any IP address (through DHCP) from the ADSL connection anymore. During my attempts to debug this I noticed that my laptop (call it B) didn't get any IP address either (when connected directly to the modem). I noticed the following syslog entries repeating over and over while trying to connect: [code]
At this point computer A could still get a connection just fine tho (when connected directly to the modem).
I then tried to change the MAC address of the router to an arbitrary one (a copy of computer B's MAC address but with the last digit increased by one). The router still did not get assigned any IP address. Finally I tried making the router clone the MAC address of a third computer (call it C). C has never been connected directly to the modem. Doing this worked. After cloning the MAC address of computer C the router is immediately assigned an IP address and the internet connection works as it did prior to all this.
Now, my question is, why would computer B and the original MAC address of the router not be able to get an IP address while two other computers worked just fine? Why would changing to an arbitrary MAC address not work while cloning the MAC address of another computer did? Could the router's MAC address have been blocked by the ISP for some reason (and what could cause this)?
but my situation seems more like a blacklisting of some MAC addresses rather then allowing just a single MAC address.
View 1 Replies
View Related
Nov 20, 2011
I want to establish GRE over IPsec tunnel between four branch offices and head office. At branch offices, I have 1841 router with Advanced Security software. At head office, I have a ASA5510 7.2 as frontend with one public IP addres and 1841 router behind it in private address space. Since ASA is not supporting GRE tunnels, can ASA be endpoint for GRE over IPsec? If not, can ASA pass this tunnel to the 1841 router behind it, so 1841 would be logical tunnel endpoint? What should I pay attention? Should both ASA and every 1841 support NAT-T, or just ASA?
View 1 Replies
View Related
Mar 14, 2011
We have to use scp on all of our network devices. It worked quite well on our routers and switches but I can't seem to get it to work for the firewalls and IPS. I enabled scp on my ASA5510 using the command "ssh scopy enable". I also ensured that a rsa key was generated and that ssh ver 2 was enabled. But I can't seem to locate the commands to actually have my firewall either copy it's configuration to a server or reach out to a server to pull down a file. We are using IOS 8.2(1).
View 1 Replies
View Related
Mar 22, 2011
I have a customer who wants to prioritze rdp traffic throgh the firewall.I know that its port 3389, but outgoing traffic is a random port number.Any smart way to catch this traffic and get it in the LLQ ?
View 3 Replies
View Related
Jul 9, 2012
how to configure IPSEC VPN, but unsuccessfully.At my office are two uplinks - LAN and Backup, both are connected to ASA5510 (with static IP) and I would like to create ipsec to data center where I have another ASA5510 with one uplink.
View 7 Replies
View Related
Apr 27, 2011
I haven't come across this before and have been scratching my head about it for the last few hours and need a second (or third or fourth!) pair of eyes here.
I have an ASA5510 at the network edge, an inside interface of 10.1.0.x, a dmz interface of 192.168.1.x
[code]...
View 2 Replies
View Related
Nov 28, 2010
It's my understanding the ASA5510 will do BGP but does it can handle multi hop -BGP?
View 1 Replies
View Related
Jan 19, 2012
Currently we are using a Windows 2003 Server with VPN Sever Role for VPN Access and my users use the built in VPN connection with Windows client. In the past few weeks we upgraded our router/firewall to CISCO ASA5510.
My understanding is that I get 1 or 2 VPN licenses with the Cisco ASA5510 and I would like to configure to test Cisco VPN access. My first question…when I configure the Cisco ASA5510 for VPN (Clientless or via Client), do I need to point the Cisco to my Windows 2003 Server with VPN role on it or the Cisco ASA5510 handles the VPN connection and access?
View 3 Replies
View Related
May 8, 2012
I would like to implement a zone based firewall on my ASA5510. Is ZBF possible on ASA? or is it strictly for routers? I know we've implementd ZBF using Sonicwall firewalls before. A little confused here as to why my ASA doesnt have the right commands.Maybe my version of ASA software is too old? It's 8.2 if i remember right.
View 11 Replies
View Related
