Cisco VPN :: PIX 515E VPN Client Static IPs?
May 13, 2013
I have my PIX 515E (8.0(4)24) configured for VPN access. In the VPN configuration, I am using an RA tunnel group configured to use Windows 2003 IAS to authenticate users against active directory based on group membership and using a local IP pool for address assignment. This all works fine. I got a request from a single user to have a static IP assigned from the pool. I read that one way you can do this is to get into the user properties in Active Directory for the user and in the dial-in tab tick the box for 'Assign a static IP address' to have it give the particular user a static address for VPN, but it does not work. What I would like the PIX to do is assign addresses from the local pool unless there is an address assignment configuration in RADIUS. Basically does the PIX honor the IP assigned via RADIUS even if the tunnel group is configured for a local IP pool or do I need to configure the tunnel group to use AAA address assingment for the AD dial-in config to work at all? Does the PIX functions this way? I configured the user in AD for this but it does not work. I also have the no vpn-addr-assign aaa command enabled in there which might be the whole issue. I will try to change this in the next window and see if it flies then. Just wanted to see if the PIX works this way or if I am way off here.
View 5 Replies
ADVERTISEMENT
May 29, 2011
In my Cisco PIX-515E Version 6.3(5), I have a IPSec VPN tunnel and also to the same firewall home users connect through VPN client. I am unable to find a solution that allows my home users to connect to office network and again access the remote network through the IPSec tunnel.
View 1 Replies
View Related
Dec 26, 2012
I have a Pix 515E with a VPN setup. I recently tried to connect Cisco VPN Client and get the following error: "Secure VPN Connection terminated locally by the client. Reason 412: The remote peer is no longer responding" I have previously been able to connect to this VPN using Cisco VPN Client without issue. Below is a copy of my config and VPN Client log & debug logs from Pix. We have Newwave Communications Cable internet, which i just found out the the ISP has recently implemented DOCSIS 3.0. (i'm not sure if that matters).
*******************************************************************************************************************************************
pix1(config)# sh run
: Saved
:
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
[code]....
View 9 Replies
View Related
Aug 22, 2011
I need to redo the configuration on the new one?
View 11 Replies
View Related
Sep 28, 2011
I have a ASA 5510 that uses Radius for Authentication. What I am trying to do is assign each user that logs into VPN to have a specfic static IP based on userid. I have about 30 to 50 users. I don't want to complicate this by having them select a different profile when logging into the ASA. What is a clean and simply way to assign user static ip and not use local database for login?
View 1 Replies
View Related
Dec 16, 2011
Initial setup with RV220W completed without difficulty,Need to set up static IP for one of the machines in the LAN (not static IP for WAN),I presume I use the static DHCP option, which allows me to select a particular IP for the machine I select based on it's MAC,1. My confusion stems from the manual stating that "the IP address that you pick should be outside the DHCP address range specified on the Networking> LAN(local network)>IPV4(local network)page".,Does that mean that the range on the IPV4 local network page should be modified to exclude the IP address that I want to use for the static IP..e.g. change the range from 1-255 to 1-200 and then use an IP of XXX.XXX.X.201 for instanceor does that mean that as soon as I choose an IP on the Static DHCP page, that if will reserved for use only on that machine and not used for another machine on the LAN, without me having to do something else to exclude it's use (i.e. does reserving a static IP automatically remove it from the range of IPs available to other machines)If I simply set a static IP on the local machine by going to "change network adapter" settings, what's the liklihood that the router might use the same IP on another machine.
View 2 Replies
View Related
Jan 23, 2011
I have a laptop that travels alot to different networks. I go to two differnent networks where I need to enter static network settings (wireless nic). How the heck do you save these settings so I don't have to enter them all the time. I know you can save the network profiles but does this save static settings assigned to the wireless nic?
View 3 Replies
View Related
Aug 8, 2012
I have a Cisco 876 router running 12.4.(15)T5, configured as DHCP client. This works nicely.
A Cisco 886 router, running 15.1 software also works with the DHCP client. This also works but has the following strange beheaviour: In the running-config an ip route 0.0.0.0 0.0.0.0 <dhcp assigned address> appears. Also - some other static routes that are in the config using the dhcp keyword are duplicated with the dhcp-assigned address
Now - when a write mem is done, these dhcp-generated route entry's are stored in the startup-config...
This beheaviour is completely different and VERY unwanted. After a change from DHCP server the config will simply stop working, when a write mem was done at the first DHCP situation.
Should we stop using write mem commands when a DHCP client is active in IOS? Is it a bug? Is it a feature?
View 1 Replies
View Related
Aug 13, 2011
i am trying to configure static ip on remote client user side , i am using the following doc as an example but i am not getting the ip which i am mentiong in the user .[url]...
View 10 Replies
View Related
Nov 17, 2012
I have a couple a questions answers on which i cant google for a period. BTW maybe i simly use wrong aproach to choose keywords.
1) Is it possible to assign same ip address to the same client each time it authenticated, preferably without using DHCP? Im definely sure that it possible but cant find corresponded configuration examples (my device is Cisco 1921 with IOS 15.0.1).
2) Is it possible to assign dynamic crypto map to loopback interface (the purpose to make EASY VPN Server accessible through two interfaces - maybe you recommend other approach instead?) - as i move workingcrypto map from phy int to loopback - i cant connect with reason "Phace1 SA policy proposal not accepted"
View 3 Replies
View Related
May 31, 2012
i am not sure if this is something with my DHCP setup or not, but it certainly seems to be the culprit. I am running a 3560G and using it as DHCP and to do V LAN routing (Geiger protocol). I have 10 pools configured with a few static addresses per pool. Now to get down to the problem. I have a computer (and this problem seems to be a gremlin as it changes what computer is affected quite often) that will connect, get its IP, immediately disconnect, then send out a DHCP req again. The computer has a static assignment in the pool, and for the brief second that it connects, it gets the right address. If i move the computer to another v lan, all works right. If i delete the static entry it will get an address in the right v lan no problem. The command i have been using to add static entries is:
address xxx.xxx.xxx.xxx client-id 01xx.xxxx.xxxx.xx
That seems to have been working on all my static routes except for a bank of computers in vlan3. I have went as far as to delete the pool and recreate it, heck i even recreated the v lan and i am still having issues. Below are some snippets of the running config for review.
The DHCP Pool for the affected LAN:
ip dhcp pool Dev3
network 192.168.3.0 255.255.255.0
boot file bootx86wdsnbp.com
next-server 192.168.1.78
dns- server 192.168.1.8 192.168.1.78
[Code] .....
View 4 Replies
View Related
Mar 12, 2013
Today I installed the 1.0.2.6 Firmware on a RV180W. I only have now two problems regarding the Static DHCP support in the GUI.
1. Via the Networking > LAN (Local Network) > Static DHCP I have no buttons to Add a new static Lease.
2. Via the Networking > LAN (Local Network) > DHCP Lease Clients I can thick a Lease and click on Make Static IP. The result is an error: Operation failed.
View 3 Replies
View Related
Jul 26, 2011
I've been having a problem with setting up static dns 3 on my WAG, what has been set is...
Static DNS 1: 208.67.222.222
Static DNS 2: 208.67.220.220
Static DNS 3: 208.67.220.222
Now if I look in my router status screen 1&2 are correctly displayed but the 3rd entry is showing my ISP's DNS,
View 9 Replies
View Related
Mar 20, 2012
i have a question about tunneling a software EasyVPN client to a client ASA Network. It looks like this:
EasyVPN Server 192.168.202.0/24 Network extension mode to Client EasyVPN ASA 192.168.1.0/24 This works fine in both directions. But now i want to connect the client ASA network via EasyVPN software client from outside. The user are already able to connect to the ASA Server on its static outside IP obtaining an IP from a 192.168.21.0/24 pool. This works fine. But how am i able to connect to the 192.168.1.0/24 network from this client?
View 5 Replies
View Related
Jan 18, 2012
Currently I have a IPSEC VPN access to the PIX 515E using UDP, how to setup the PIX with IPSEC over TCP?
The OS version I am using is Cisco PIX Firewall Version 6.3(5)
I cannot type in command like isakmp ipsec-over-tcp port 10000Does it mean IPsec over TCP is not supported in this version?
View 3 Replies
View Related
Aug 21, 2012
I have 2 Cisco Pix 515E. Both are on the same sub nets.Cisco1 has internal IP 10.0.0.1 and Cisco2 10.0.0.2. Internal servers have default gateway on Cisco1. When I establish VPN to Cisco2, connect to internal servers doesn't work due to routing.
When I set static route on servers to Cisco2 VPN pool with gateway 10.0.0.2 it works. Is it possibility to do it without static route?
View 1 Replies
View Related
Oct 6, 2012
I have the following network.2 WAN links termination on my PIX 515e and all internal users connected to third interface.
Problem I am facing is that I have assign manual IP to users with some have full access to Internet while others have limited.
The users are changing their IP address while others are offline and I want to restrict them.
The only way I can think off is by binding IP to MAC as e.g ( Active wall software). But can it be done on PIX 515e and if so how?
View 11 Replies
View Related
Apr 18, 2013
how to make the java SSH thin client applet bigger in SSL VPN Clientless portal?It works and all that but the window is literally half the size of the monitor and unworkable. You can't even hit tab! (tab moves focus around the browser...)I am using the latest java applet (Oct 2012) and ASA OS 8.4(5)
View 3 Replies
View Related
Apr 21, 2013
Do the problem caused by the modems itself or it just sign of faulty Ethernet switch (using 20 port Allied Telesis ethernet switch).
Sometimes I cannot connect to internet due to "unidentified network" buy i can resolve this problem by restarting my modem + switch.
View 4 Replies
View Related
May 13, 2012
I have erased the Cisco image from my PIX 515E, and while i tried to load a new image its asking for activation key. I tried its old key. but no use.
View 1 Replies
View Related
Jan 28, 2011
I have recently migrated from a PIX 515e to an ASA 5510. In the main this was successful. However, I have a number of L2L VPN's (all connecting to Cisco PIX 501 or 505). The majority of these VPN's are working fine. However, I have a couple of VPN's that are causing me a problem. It seems like the tunnel is established for anything between 10 minutes and 4 hours before going 'down'. I cannot initiate the tunnel again from the hub end (ASA 5510) of the VPN.However, if the remote end reboots the PIX, the tunnel is re-established.The ASA is running 8.3(1) and the remote PIX's will be running various versions of code but will all be 6.3(x). The strange thing here is that the majority of the sites are working and the config for each tunnel is identical other than the access-lists for interesting traffic and peer address.
View 7 Replies
View Related
Jun 20, 2012
I am trying to setup a VPN tunnel between a PIX and an ASA. I went through the IPSec Site to site wizzard using the same settings but I cannot ping hosts from either side.
Here is the setup
ASA 5520
Device Manager 6.4(5)106
Software version 8.0(5)
Inside network 10.0.0.0/24
Inside IP 10.0.0.1
[code]....
View 3 Replies
View Related
Mar 4, 2012
I've just set up dialin VPN on my PIX 515e. The users can connect fine but my split tunnel ACL is not applied and I have the following error in syslog No translation group found for udp src outside:10.0.56.2/137 dst inside_lan:10.0.8.6/137 If i try to ping my inside interface from the client, i get a reply from the outside interface IP address. Do I need a specific NAT rule for my VPN client users?
View 2 Replies
View Related
Sep 5, 2012
I have a PIX 515 Ewhich does authentication for SSH via RADIUS protocol and fails over to the local database if radius server goes offline. But when the radius server comes back online, authentication still takes place through LOCAL and not the radius server. Following are the commands:
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
[Code].....
View 3 Replies
View Related
Dec 15, 2011
\I just configure my PIX 515E with version 7.0(4) and having problems to get traffic out on eth0 (if name outside). There is no problems between different VLAN ,all VLANs are configure on eth1. It is also possible to accass services on VLAN 10 (DMZ) from outside. The only thing I see in syslog is "Built Outbound" and "Teardown".
View 11 Replies
View Related
Dec 30, 2011
I have a Pix 515E running PixOS version 8.0.4 with two interfaces, inside and outside.On the inside interface, I have a Redhat Enterprise Linux 5.4 64 bits machine as an NFS server version 4 (NFSv4).On the outside interface, I have three (3) Redhat Enterprise Linux 5.4 64 bits as NFS clients.I am looking for the exact UDP and TCP ports to be added to the ACL in order to accomplish
View 1 Replies
View Related
May 15, 2012
I need ot upgrade a Cisco PIX 515 E to A Cisco ASA (not sure what type and modle yet!). the PIX currently has about 80 lines of ACLs and no VPNs. So only inside and outside interfaces and 80 lines of ACLs to be transferred over to the ASA.I was wondering if the ACLs can be transferred over to ASA as is?is there anything that I need ot watch for?
View 1 Replies
View Related
Jun 30, 2011
I have an issue in the Cisco PIx 515e series. The IOS is 6.1(2).I have set sepecific access-list to allow incoming traffic to inside interface. But still the TCP 3-way handshaking is dropped here. [code]
View 6 Replies
View Related
Oct 22, 2012
What would be the access-list entry to allow protocol 97? I am setting up foreign-anchor controller and need to allow protocol 97.
View 1 Replies
View Related
Jul 2, 2012
I need to configure a Cisco pix 515e as vpn concentrator. Now the network has 2 Cisco pix in fail over - May I add a new Cisco pix in parallel and redirect the vpn tunnel on it? How do I need to make the configuration in order to work?
View 2 Replies
View Related
Jun 26, 2011
I have a cisco 515e pix but where I bought it from did not get the machine back to default. I boot it up and get to the user prompt, type enable and it asks for a username and then a password. I am new to this and am have no problems with router and switch password recoverys but when I look at the cisco documentation it is a bit overwhelming and I am not quite sure what it is that they want me to do to fix this. I have downloaded all the password recovery software loads and have the one I need for 6.x which is what the box is running I am just not sure what it is that I need to do. Can I use that recovery software from directly from my pc using a tftp server?
View 1 Replies
View Related
Oct 2, 2012
We just switched over from a T1 line to 50/4 Mbps cable Internet. The speed was fine with the T1, but when we switched over to cable, the download speeds didn't increase. I'm getting 2-3 Mbps up and still only 1.5 Mbps down. I inherited this network a few years ago, so I didn't configure the Pix initially but I have been managing it and can't find a setting limiting the bandwidth for the liffe of me. I know it's not the Internet because when I connect a computer straight to the modem, the speed is great. As soon as I put it through the Pix though, it slows way down.
View 8 Replies
View Related
Nov 30, 2011
I'm trying to use port redirection to allow outside access to a internal web server. As far as I can see, everything is configured properly. The Open Port Checker tool from yougotsingle.com says that the port (80) is open. However when I goto access it the connection times out. The external address is static from my ISP, and I will call it xxx.xxx.xxx.xxx. The server is at 10.1.1.20, and is functioning properly over the LAN.
View 7 Replies
View Related
