I'm using a Cisco ASA 5520 with IOS 8.2.2. We have many remote users using the Cisco VPN client, but I have been asked can we logout idle users as we do hit our license limit and some users stay conenct for days.
We are using Any connect vpn client (v2.5.3055) to an ASA 5520 (v8.4) in a development environment. We use our corporate Radius server to authenticate users. We have certain users which need have the same IP address every time they lo gin. As it is configured now, the IP addresses are assigned sequentially from the pool. Is there a way to allow certain users to get the same IP address each time they log on?
I just configure an ASA 5520, here is the config (the ip address of outside network if going to change from private direccion by reason security).
The problem that I have is the users can access to the web site through the public´s ip address but they do not can access through by name. We review all the config on the server DNS and with the command NSLOOKUP we can see that work fine. The client think that the asa is blocked the connnection.
I am new at ASA 5520 and CSC module (version 6.3). I would like to know what configurations are possible for my network users if i use the CSC trend micro blocking using IP address or AD users, I know that i could select users/groups from the windows AD or select the IP addresses that i want to use for blocking or permit HTTP traffic (URL, etc).
My question is on the client side, how the CSC knows what AD users is the one that is requesting certain HTTP pages, or if i user a proxy server, i lose the IP/users options on the CSC??..or i could use authentication options on the proxy for example?.
I have been looking information about this but the manuals only explain the configuration options that i could configure on the CSC Trend Micro page, but it doesn't say which network environment i could use or need.
I have 2 ASA 5520 (v. 8.21) in a active/standby fail over configuration.
VPN users are autenticated against the MS-AD through LDAP. For the most part this works well. Occasionally I'm having problems with new users in the AD. If I run a test I keep getting "User was not found". This can happen days after the account was created still. In some cases it never seems to work. The accounts I create exists on the same OU level as all the other accounts that are working.
I have a problem on a Cisco ASA5520 version 8.2(5). A customer has set up a syslog to keep tracks of tcp sessions made by vpn users. On the syslog we filter %ASA-6-302013 and %ASA-6-302014 log messages, respectively: Built inbound TCP connection and Teardown TCP connection. When the connection is made by a vpn user, at the end of the log line you see the vpn username which should be the same in both the messages for the same connection. I have verified that when a user, let's say UserA, disconnects from the vpn, their tcp sessions are not properly closed; if another user, let's say UserB, establish a VPN immeditaely after and gets the same IP address previously assigned to UserA, the log sessions are recored with UserA in the %ASA-6-302013 message and UserB in the %ASA-6-302014 message. I presume this is due to the fact the tcp sessions are not tore down when the first user disconnects and it looks like a bug to me but I didn't find it referenced anywhere. Is there a way to have all tcp session tore down when a user disconnects the VPN connection?
I have been tasked with attempting to setup an enviroment that allows users to VPN from home and use Dameware to connect, from home, to another machine in another users home that is VPN'd into the same network. Is this possible?
I have a 5520 ASA using wccp redirection to our IronPorts on the inside and everything works great for inside users. What I'm trying to do is get VPN users off split tunneling and to filter their traffic through the IronPorts as well but I can't figure out how. When they connect they seem to bypass the Ironport completely.
We have a site-site and remote vpn configured in same interface in ASA 5520 ( software version 8.3 ). When Remote vpn users try to connect to computers located on the distant end of site-site VPN, their request failed. I tried No-Nat between remote vpn private IP to the remote site private IP, also stated the same in Split tunneling. I cant find even the tracert, ping also timed out.
We have LMS 4.1 installed. After about 10 min of being idle, the browser becomes frozen, eventually crashing it. We applied this fix for lagging hoping it would fix the issue, however it has not. We have been tracking a problem internally where the Getting Started page hangs on login. The problem is with changes to Cisco.com access. We are actively working to get those fixed, but if this is what you're seeing the workaround is as follows:
a. Open the properties file name “gs.properties” under the path NMSROOT/MDC/tomcat/webapps/cwlms/WEB-INF/classes/com/cisco/nm/gs/ui b. Update the field IS_DEFAULT_PAGE as “false” c. Clear the browser cache and login-in(Daemon restart not required)
When i check the status of my Internet Connection I notice that the sent and received bytes keeps increasing. I'm sure there are no downloads taking place that I'm aware of. No torrent clients, no antivirus nothing. I checked my PC for malware but that didn't work. As a result of this, i keep getting high pings in online games and can't even watch videos in youtube anymore. like, some software to monitor all the programs that use the itnernet connection without my knowledge or something??My primary concern is gaming (Call of Duty 4) so I wouldn't mind this idle downloading (whatever it is) as long as the major chunk of my internet connection is directed towards Cod4!
I need to find a way to PERMANENTLY disable the network adapter from turning off to save power. Its this setting here. Uploaded with ImageShack.us Every time I restart the computer it rechecks that box. I manage an office with about 10 computers and this power saving feature is making the software they use very unstable.
This has been happening of late. When i check the status of my connection, i notice that the "sent" and "received" bytes keeps on increasing when i'm idle. I'm pretty much sure there's no downloading of any sort in progress that I'm aware of. As a result of this, I can't watch videos in Youtube or play online games due to high ping.
LAN connection gets disabled by itself on idle. Sometimes BSODs.A few days ago I tried connecting a MBlaze modem to my laptop (Windows 7 Ultimate 32 bit) to access internet. But it resulted in instant BSOD everytime.I deleted the modem software after that & didn't try to connect it again.But now, whenever I connect using my LAN broadband, connection works fine as long as I am continuously browsing something. But as soon as I stop browsing and it goes in idle mode in about 10-15 minutes, the connection gets disconnected. In the adapter properties, it shows that the driver is working properly. If I try to disable or uninstall it it doesn't give a response. The only solution to this is a forced shutdown & restart, after which it works fine untill not idle. I am not able to download anything because of this.I tried many things like reinstalling the network adapter driver, unchecking the power management feature, resetting the connection, etc. but nothing is working.
I recently started having trouble with my VPN clients loosing connection.I can create the conenction, work with it for a while, and then loose connectivity.Timing seems to be dependent on the activity over the connection.More activity, the conenction stops working sooner.
The cleint doesn't disconnect, I just can't access anything from the client.Disconnecting and reconnecting the client fixes the problem, temporarily depending on how much data I'm transferring.This works 90% of the time.The other 10% if I wait 30-45 minutes, and try again.. It works...with the same results...
It was originally isolated to a Win 2003 server that I was using as the client.It is now happening on my Win XP client as well.I'm using the AnyConnect client ver. 2.5.2014 with the VPN service on the UC520.Which I beleive, is similar to the ASA 5500 series VPN device.I am running ver 8.1.0 on the UC 520, and I can't remember if this started after upgrading to the new software.
We are using the cisco sa540 router and shrew VPN to connect to our buiness network, mostly to connect to the workstations with RDP. Now we wonder if it posible that the connection will disconnect automaticly after an idle time of for example 30 minutes. And if so, how can i configure it?
I have a problem where the complete home network disconnects whenever my computer reboots from idle state (either after leaving it for a while so it goes on sleep, or by putting it on sleep mode). It then takes a few (long) minutes for the network, and the internet access to it to reconnect. In the meantime ALL devices in the house (other laptops, ipads etc) lose connection too. It's only my computer which does this, so i'm assuming that there's something wrong with the settings on computer.
Is it possible to rename the default webauthentication URL from [URL] to something like [URL]. We are running on 184.108.40.206, is it possible to do http for web authentication and https for Mgmt access if we upgrade the controller software?
We configured our guest wireless with no layer 2 authetication so users can associate with an AP and get an ip adress but they can't go anywhere unless they have a valid username and password(web authentication) - does this affect the performance of an AP since there will be many people associated with each AP, is there any setting in the WLC to de associate a client from an AP if its idle for certain time.
I have ASA 5510 with 8.2.4 and 8.0.x OS and all seem to have common problem of idle TCP connections not timing out. The host to host connections are coming over VPN tunnels. I have default timeouts on all the firewalls. I have tried changing global timeouts and as well as host specific timeouts using MPF but doesn't work at all ! The problem is when TCP connections are sitting idle in conn table for days and when connection limit of 50,000 conns reach the firewall starts behaving unpredictably dropping packets or unresponsive! I need the unused idle connections to timeout which is NOT happening either by changing global values or MPF.
I have set up 2 RV110w firewall/vpn/routers at remote locations and an ipsec tunnel between them. Once the tunnel gets established everything works fine until it has been idle for some arbitrary amount of time. (Maybe a half hour or less.) at which point we lose server access and can no longer ping across the tunnel. To fix this I have had to dissconnect and reopen the tunnel again, I even went so far as to install an autopinger on the remote end to keep traffic on the tunnel which seems to work but is not going to be a viable long term solution.
If i set up a pptp vpn between a Cisco rv082 router and a microsoft client,Can i set the client idle timeout someway? or Have a default value pre- configured for this?Because this device support 5 users to connect at the same time. It would be best for me, if the device drop the client if it does not use the tunel.
How can i prevent my Vodafone usb stick device to enter in 3G mode when the network is very low usage or not at all. If i open google for example, it turns automatically on HSUPA mode with a better speed, but if im doing nothing after 1min or so it goes back on 3G more slower speed. So the 3G / HSUPA mode is auto switched depending on demand based on how much speed is needed at that moment. I am playing an online game and the network usage by the game when im inside playing it, is not in that range to trigger the HSUPA mode, and just stay in 3G causing me to have lots of lag, is there a workaround for this so when im playing the game to be connected with HSUPA instead of 3G? ( i was thinking about some kinda of slow trafic generator that generates a litle trafic continuously to trigger that HSUPA mode while im playing, but not sure if is possible and also not too much to affect my conection speed which is slow anyway on a mobile) You can see in the picture, the ping on google while its both modes, as u can see 3-5times ping increase while its on 3G. [URL]
On the modem page with all the settings Under basic settings For connection it says Always Connected The box underneath says idle timeout 5 (that's in minutes)
I am unable to change that number or even get a cursor to appear in that box (I want to change it to a 0 - my internet connection has been dropping out when going idle). I can't right click or anything. That is using Firefox. When I say dropping out, I mean, the 3 computers on the network become unuseable - nothing works and things don't appear to be connected to the internet even though my green ADSL light stays on like it's connected - it is not.
I tried the same modem page in IE, and that box with the 5 in it is still showing 5, but this time it's just grayed out - again, can't be changed. The firmware updates are all upto date (apparently - according to it's check)
My XP Pro SP3 PC is connected to a Netgear DG834N modem/router via Ethernet. If the PC is left for say 4-5 hours the ability to connect to websites disappears. The browser just hangs and it's the same with IE and Firefox The odd thing is I can still ping websites by domain name without trouble. So the interenet connection is actually still in place.The problem is consistent and repeatable.Throughout this I have a second XP Pro SP3 PC also connected to the router via Ethernet and it works perfectly.
We have a new stack of two Catalyst 3850-48T's running IOS XE 3.02.00 (we are upgrading to 3.02.01 this weekend.)We noticed the CPU usage is around 30% even when there is almost no traffic going through the switch. We haven't seen any indication that it is causing a problem, but is this considered a normal baseline?I attached my config (with passwords sanitized,) show ver, show controllers utilization, and show process cpu history.
I noticed this behavior is normal on 2900XL/3500XL switches, but I didn't find anything relating it to 3850 switches. Does the same thing apply to the 3850 switches? [code] url...