am in the progess of replacing a Zyxel USG 300 to a Cisoa ASA 5510.In the Zyxel I have some Site to Site, where the peer is a dyndns.org adresse, becourse the peer is a dynamic ip-adress.
I have maybe 10 site to site´s where the peer is a dynamic with a dyndns.org adress, and the presharedkey is diffrent at each tunnel.How can i make this configuration at the ASA 5510?
I got ASA 5510 with base license, can I block all Peer-2-Peer traffic from inside to outside.
ASA Giga 0/0 connected to ISP Router 2811
ASA Giga 0/1 connected to LAN switch 3560
I am working on wi-fi networks (ISP), So I need to block the peer to peer on my network.My network involves cisco switch 2950/2960, cisco 2800 routers and Access Points, config for peer to peer blocking, for this where I need to config either switches or router.My network basic setup is, The internet will pass from router to switch and then Access Points.
View 1 Replies View RelatedI see that Application protection - blocking peer-to-peer file sharing traffic is a capability of Cisco IOS Firewall. How do i configure my Cisco 2911 ISR to block peer-to-peer file sharing traffic?
View 1 Replies View RelatedI am facing issues in blocking Peer to Peer applications in LAN. I am using 881 Cisco router and below is the config done. [code]
View 1 Replies View RelatedI recently bought the WAG320N can I block Peer to Peer file sharing on my Network?
View 3 Replies View RelatedI bought my WAG320N, I too have the internet drop out and from reading in here is a very common problem. Cisco really should bring out a new firmware version and address this issue. Any way you can block peer to peer file sharing with the WAG320N? If so how do you go about it?
View 1 Replies View RelatedOne of the schools whose networks I administer has a peer to peer network running about 30 xp machines. DHCP is achieved and DNS settings distributed via a basic Linksys router; is there any way of distributing proxy server address and port short of entering manually in LAN settings of IE on every terminal - there is no budget to install a server.
View 4 Replies View Relatedi just set up my 2Xp pc's and one windows7 laptop peer to peer for file and printer sharing but i can not configure internet connection for those pc's
View 2 Replies View RelatedWe just purchased a company with multiple sites using Sonicwall's and Dynamic assigned external IP's. I am running a ASA 5510 with a outside Static.
I have done lots of S2S with both ends static but never a Dynamic to static.
what the commands are to set the ASA to accept dynamic VPN tunnels.
My dynamic ASA is trying to use a Cradle point 4G connection to a head end ASA-5510. The remote end with the Cradle point 4G is not even initiating the tunnel! I need another set of eyes. it was initiating the tunnel last week but not completing the connection. Now its not doing anything. i am going backwards. Below is my remote ASA config.
ASA5510(config)# sh run
: Saved
ASA Version 8.2(2)
host name ASA5510
enable password 8Ry2YjIyt7RRXU24 encrypted
password 2KFQnbNIdI.2KYOU encrypted
names
[code]...
I have a laptop directly attached to the inside interface. The PC and ASA can ping each other. The test interface is the one I am trying to use. Does my default route need to point to 192.168.0.1? Or is the remote peer correct? I thought the remote peer was correct? The 4G modem is like a pass-thru device. If I connect my laptop to it I can get out to the internet.
We have an ISP connection that is connected via an ethernet interface on a 5510 ASA. We are allotted 10Mbps. I have currently have the interface set to 10Mbps Full. However we want to upgrade the connection to 25Mbps. I know I can set the port speed to 100Mbps and then set a shape/police statement and shape down to 25Mbps.
Management wants to be able to call the ISP and arbitrarily adjust that speed up temporarily at any time without any user/admin intervention on our side. I can simply leave the port at 100Mbps i.e. no shape statement on my side however I will run into problems with large amounts drops, overruns, retransmissions, etc due to the ISP shaping the connection speed during normal operations. However they then could then adjust the speed at any time without needing me.
I do not know the best way to make this work. Is there some sort of dynamic/smart shaper in the ASA or another cisco device?
I'm trying to figure out how to get two 5510 ASA's to establish a Site-to-Site VPN.The version with two static IP's is working perfectly and stable but I haven't figured out how to get a VPN running between a static and a dynamic IP
View 12 Replies View RelatedI have a ASA 5510 actve/standby and create one site to site VPN with remote peer ip address xx.xx.xx.xx, Our VPN traffic running on 6 mb internet link for video conferancing traffic.Now client give another link 2 mb internet and client told to us our data traffic runnig on 2 mb link but this data traffic running on the same remote peer IP xx.xx.xx.xx.
Secondly request also they need failover over the ISP link.
how we immplement the same on ASA 5510.
i want to set up my two computers /win xp/ installed using peer to peer network , just tell me the needed steps
View 2 Replies View RelatedThere are three different sites, two are composed of Multilayer switches cisco 3560 and 3570 as core switches (a 3560 in one site and a 3570 in another site), the last site doesn't have any routers just a 2950 switch. Each site has two asa 5505 as firewalls. Two Internet connexions are connected to every site, one on every firewall. One Internet line is used to connect the different sites together using VPN crypted with IPsec and the other line is just for Internet access. The line that is used to interconnect sites contains voice and data traffic.At the moment all the routes are static routes, the network isn't too big for now and counts not more than 20 subnets.But it is evolving, and I want to use dynamic routing, EIGRP to be more accurate. I've looked into it and I'm not sure how to make it work. The VPNs active on the ASAs don't support dynamic routing, so I thought about GRE tunnels but the ASAs don't seem to allow it either.
View 11 Replies View RelatedI have ASA 5510 and public FTP server from my local network to external IP address, with static nat translation. All works, but I need request to ftp come from internal ASA interface (need use gateway different ASA). How configured ASA for forwarding request?
View 4 Replies View RelatedI want to prevent guest from doing peer - peer communication on my Guest (5508) controllers. Is this a feature on the WLC or only by applying an ACL on the router interface?
View 2 Replies View RelatedI have an environment where i have two nexus 7010 switches, along with 2 nexus 5510's. I need to run OSPF as a layer 3 routing protocol between the vpc peer links. I have 1 link being used as a keep alive link, and 3 other links being used as a VpC link.
1) Is it best to configure a separate Vpc VLAN i.e 1010
2) Is it best to configure a vrf context keep-alive
3) just have the management address as the peer ip's.
I have one ASA 5510, a primary ISP (cable, the single public IP lives on the ASA), and a backup ISP (ADSL, separate router that hosts its single public IP). I use IP tracking to detect link down on the primary. When I pull the plug on the cable modem and go to "Route monitoring", I can see the ASA's default route is now the backup ISP default route.That conforms with [URL] Pings to 8.8.8.8 fail however, and when I do a packet trace the ASA complains about the dynamic nat rule that still points to the primary ISP's interface.Only when I change the existing dynamic NAT rule (on my inside interface) to use the backup ISP's pool (which is a single 192.168.x.y address) , does 8.8.8.8 reply to my pings. So it kinda works but it's not full auto . I can't add a second dynamic nat rule on the same inside interface, nor can I select 2 IP pools in a single dynamic nat rule.
View 4 Replies View RelatedWe currently have an ASA 5520 communicating with 10 ASA 5510's, all on static outside addresses. I was asked to add 5 additional 5510's on dynamic address. All worked well in testing until it was decided that some of the dynamic clients needed to talk to each other.
My testing shows packets just dying in the 5520.
What is difference between Peer to Peer network and point to point network???
View 5 Replies View RelatedWhy does Cisco recommend a configuration of originate-only on the ASA with multiple peers configured and the answer-only to the other end? Shouldn't it work as Bi-Directional ?
[URL]
The only scenario I see which could break is if both peers try to establish a VPN at the same time to the ASA. Is there any other reason ?
I believe that the Cisco Unified Communications Manager Express matches the outbound VoIP dial peer digit-by-digit, because:
1. when using the debug command it shows how it works digit-by-digit till it match a pattern
2. It says in the study guide ( If a match is found, the router immediately processes the call - chapter 6) so I understand its not en bloc
We are having an issue with BGP flapping peer. We have a ASR1002 as Route Reflector and it work fine with all peers except with 2 peers.
View 3 Replies View RelatedI have a few site-to-site VPNs connecting to my ASA 5520, but one of the remote VPNs is changing it's public IP, how can I change this IP on the ASA without starting again? On the ADSM it is greyed out so I can't edit it, but can I just change it in the CLI?
View 2 Replies View RelatedI have another odd issue (I get those alot) I have an asterisk box that moves around between 2 IPs, thus the dial-peers are unpredictable as to their target IP. They work as the dial-peer will eventually (after 1 min) time out and go to the other dial peer, but waiting 1 min sucks, and it's a tiny network, 5-10 sec would be WAY more than enouph. Does anyone know off hand a way to get them to time out faster?
View 5 Replies View RelatedI have a simple question regarding dead peer detection on the ASA 5520. I am using a cellular VPN device to connect back to an ASA 5520 and I have noticed that the connection drops at random periods during the day. The vendor for the cellular device recommends disabling dead peer detection on their device, which I have done. The question is, where is this disabled on the ASA? is it the IKE Keepalive setting under the tunnel group option?
View 1 Replies View RelatedI'm running a 5505 with DHCP on the outside interface. All 5505 are connecting to 5545.Can I configure the ASA for a site to site to automactically discover the the peer address and automatically establish a connection with 5545?In other words can I configure all settings for the site to site except the peer address. Once connected on network and get outside DHCP, can it also put that address is the peer section of site to site?
View 1 Replies View RelatedI have an ASA 5520 with multiple site-to-site VPN's. A remote customer has changed their Public IP address and now the VPN has gone down. How can I easily change the peer IP of the remote site to the new one without have to put the pre-shared key in again as we don't know what it is and they don't manage their firewall.
View 7 Replies View RelatedI confgured one L2L VPN on my ASA 5505.
How to add another L2L configuration for an additional peer ?
It seems the 7.3.101 version Mobility group peer cannot up,: refer to the attach,
Peer 1: version: 7.3.101
Peer 2: version 7.0.98
Peer3: version 7.2.103
Today we got new two WLC for Anchor use, and config the mobility group, but it's failed and cannot up, the ping is ok.
i still newbie to configure eBGP, i have Router 3600 series, and i configure BGP neighbor to my ISP, but the peer still don't established,there is warning like this, Connections established 339; dropped 339 "Last reset 2w4d, due to Peer closed the session No active TCP connection"
any one can explain to me about "due to Peer closed the session"? i've read some documents for troubleshooting BGP, and do some step to troubleshoot.