Cisco VPN :: PIX 515e VPN To ASA Failing After Several Hours Following Upgrade?
Feb 13, 2011
I've got a PIX 515e firewall on a branch site running version 7.2.4.7(LD) connecting via a VPN to an ASA at the HQ with 7.2.5 code running. After several hours it is no longer possible to ping either the PIX or hosts behind it on the branch LAN though the tunnel still shows as being up. In order to bring the link back up the local PIX has to be rebooted.The connection used to work with no problems when I was running PIX version 7.2.1 software but this had to be upgraded to 7.2.4 to support the new TCP normalization commands. VPN connections to other branch sites running PIX 7.2.1 remain active with no problems. The reason for the upgrade is to implement WAN acceleration between the sites however I still encounter this problem even when the WAN acceleration hosts are not installed.In addition to the software upgrade I added the following configuration to both the ASA and the PIX:
tcp-map wanx_tcpmap
synack-data allow
invalid-ack allow
seq-past-window allow
tcp-options range 28 28 allow
[code]....
The ASA originally had this code but the PIX did not and the VPN was stable, after upgrading the PIX and adding the code the link was no longer stable.
View 1 Replies
ADVERTISEMENT
Mar 31, 2013
Any issues upgrading the IOS on a 921 router.How can i create a certificate for the new IOS? I've never had to do this for other IOS 15 upgrade?I've confirmed the IOS is not corrupt and if i upgrade the router in ROMMON the router boots correctly.
View 1 Replies
View Related
May 2, 2011
we have a Cisco ACS 1113 SE running v4.0.1.44 and are trying to upgrade it to v.4.2.0.124 following the instructions to upgrade it to v4.1.1.24 first.
We are using the following CD "ACS SE Overall Upgrade CD ACS 3.3.4 and 4,1,1,24 Upgrades"
We can download the 4.1.1.24 image to the ACS appliance via distribution server but the upgrade fails- we obtained the following console output when attempted upgrade was tried;
Upgrade package was not verified
Applying this upgrade package may corrupt the appliance
Continue at your own risk!
[Code].....
View 5 Replies
View Related
Feb 22, 2011
2950s work fine when upgrading the IOS using CNA. On all 2960s I get Failed to execute the command archive download-sw /overwrite /http iosFile
If I run the command using telnet and tftp server it works fine.
I have tried by deleting the old image then trying upgrade using CNA, but no luck
View 1 Replies
View Related
Jun 23, 2011
I´ve a problem with my "old" PIX515e device. I wanted to flash this device to a new firmware level but forgot to disable the "lost enable" password before. So I started to make the firmware upgrade on my device, ended up with "flashfs" is busy and I should start the enabled modus and "copy flash tftp" to activate the new flash version. Unfortunalty I cannot do this because I´ve lost my password. When I´m trying to boot this device up now, it will end with a error message...
Unable to locate boot image configuration
Booting first image in flash
No bootable image in flash. Please download an image from a network server in the monitor mode
Failed to find an image to boot
As mentioned, when I will load a new flash image over monitor mode, i cannot activate that image because of flashfs is busy.The password reset bin files will not work too. I tried that too but this one will recongnize no active installed flash.Is there any way to reanimate my PIX515e? In newer devices there are possibilites to work with changing config register but I´ve found nothing about that for a PIX515e.
View 1 Replies
View Related
May 15, 2012
I need to upgrade/ replace a Cisco 515 E firewall with a Cisco ASA. Not sure what model yet! The pix has about 80 lines of ACLs and I side and outside interfaces with No VPNs.. I was wondering of those lines of ACLs can be transferred over to ASA as is or there are things I need to watch for ?
View 21 Replies
View Related
Feb 24, 2011
Just looking for some good reasons why I should upgrade a Cisco PIX 515e cluster to an ASA Cluster to present to the business.
View 1 Replies
View Related
May 11, 2011
I am trying to upgrade an MSE from version 6 to 7.0.201.204. I am able to copy across all the files and have tried using WCS and FTP for the CISCO-MSE-L-K9-7-0-201-0-64bit.bin file but the installation procedure always fails.
I will download all the images again tonight. Is there a way to delete the images from the /opt/installers/ directory?
Also the upgrade procedure in the 7.0.201.204 is pretty bad, there is no detail in any of the steps.
Here is output from the upgrade -
[root@SDC-MSE-01 installers]# dirCISCO-MSE-L-K9-7-0-201-0-64bit.bin database_installer_part3_4.zipdatabase_installer_part1_4.zip database_installer_part4_4.zipdatabase_installer_part2_4.zip
[Code].....
View 6 Replies
View Related
Nov 16, 2011
I am trying to upgrade a brand new ISE 3395 from 1.0.3.337 to 1.0.4 (latest). It keeps failing with % Manifest file not found in the bundle Here is the output:
company-ise-01/admin# application upgrade ise-appbundle-1.0.4.573.i386.tar.gpg ftp
Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Initiating Application Upgrade...
% Manifest file not found in the bundle
[code]...
I can't find anything about this for ISE, although there are a lot of topics for the same error for ACS.
View 7 Replies
View Related
Aug 22, 2011
I need to redo the configuration on the new one?
View 11 Replies
View Related
Jun 19, 2011
6504 Sup720 ----Dot1q Trunk ----6504 Sup270VPN SPA VLAN 20,30 VPN SPA VLAN 20,30Normal VLAN 10,40 Normal VLAN 10,40,Every 18-24 hours the 6500's- the 6500 go to 100 % CPU - the work around is to reboot one of the switches. Then they will run 18-24 hours.The fix was to only trunk VLAN 10,40 (Networks that needed to see each other) between the switches. If the vlans that the VPN SPA was trunked you would Every 18-24 hours the 6500's- the 6500 go to 100 % CPU.Simple design GRE IPSEC tunnels that work fine and the latest SXI code. It appears that if you trunk the VPN SPA trunks and they are the same VLAN that it going into some kind bridging loop. No errors. Just unresponsive.
View 2 Replies
View Related
May 28, 2013
We've got a central office (actually quite small) where several IPSec connections connect to. Two of these connections are Cisco 881 routers. One of them works fine, the other craps out after 24 hours (coincidentally also the IKE key lifetime). When I mean "craps out", it means the VPN worked fine from the get go, until 24 hours later. Only a reload will bring back the VPN tunnel. I've verified my PFS and DPD configurations are solid, because these kind of symptoms would most likely occur when these configurations aren't in order.
The two 881 configurations are quite similar. The only differences between the two are some details in the PPPoE configurations and (quite obviously) the IP address space for the two sites. Both operate on the premise of a point to point connection (no multipoint stuff going on here).
[code]....
View 7 Replies
View Related
Aug 29, 2011
On the CLI, we have ACS showing:
clock timezone Etc/GMT-6
!
ntp server 10.10.10.1
A show clock shows the correct local time. When in the GUI of ACS the clock reads
Tue Aug 30, 2011 21:13:58 GMT+06:00
View 1 Replies
View Related
Nov 30, 2011
The Cisco VPN client is disconnected after 4 hours of inactivity. Is there a setting on the ASA that would timeout after 4 hours? I want to disable this setting. I am running IOS 8.2(4).
View 3 Replies
View Related
Nov 19, 2012
Windows 7
Router Zyxel p330w
Vonage phone serviced
D3.0 Ubee modem.
i have 5 computers connected 3 are connected via Wifi and 2 are wired plus whatever device i have is on wifi veryday for the last 2 weeks my internet goes out every few hours. Yesterday i had internet all day until this morning when it disconnected again, in order to have my internet up again i have to reboot my router by disconnecting the adaptor.Heres the weird thing all of my computers internet goes down but the vonage service still works and iif i connect my PC directly to the Ubee modem my internet stays on without issue problem is i need vonage for my phone plus all my other computer in the house ive tried to renew and release my ip in my main rig which i guess worked a bit since when this problem started the internet would go off every 10-20 min after i did the renew release the internet stays on for atleast 3 - 6 hours?
Windows IP Configuration
Ethernet adapter Local Area Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
[code]....
View 7 Replies
View Related
Nov 22, 2011
I have a Motorola SB5101 Cable modem, it connects to a Linksys BEFSR81 8-port router. A WRT54G and a vonage voip device also plug into the BEFSR81 lan ports. I am running Win 7 (32bit). When it works, everything works great, but eventually my pc goes link dead, there will be a little yellow apostrophe over the network icon down in the toolbar (next to the clock). I dont have to reboot anything except the BEFSR81 and then everything comes back up and runs fine for a few more hours.
View 6 Replies
View Related
Apr 10, 2011
a few weeks ago I started hosting a server for a game from my computer. It's been working fine and I've been having no problems except for one.After a few hours of hosting my server, my internet connection will immediately drop down to 1.0mbps, and I lose all connection to everything until I reboot my computer.I'm using a wireless internet adapter right now and having this problem, but when I used a wired connection a similar thing would happen where my entire connection would "lock up" in a way. I couldn't connect to anything until I rebooted my computer
View 4 Replies
View Related
Mar 16, 2013
I have a problem with the RV042G V01 router manufactured 12/2012.
After router settings the router works fine without any problems. After 10 or 12 hours I got the message that the side could not be opened, while no DNS. I checked inside the router and all settings looks ok DNS adresses from ISP are present on both WAN settings . When I use inside the router the funktion for DNS it will work but from any client is does not work. When I restart the router alls works fine. After few hours ( it's differnt 1,2 or 6 ) I have the same problem. No entry in the log's !
View 7 Replies
View Related
May 1, 2013
Few months back I had purchased this Router. But I did not use it till last week. Since the time I have installed it, it does freeze often (between 5 to 30 hours).
I can connect to devices within the subnet, but not elswhere. I have to remove the power and plug it back for it to respond. I have updated the firmware to the latest one that was on the Cisco site.
View 2 Replies
View Related
Dec 4, 2011
We recently changed ISPs from Verizon T1 to Comcast fiber.
The only change made in the firewall was the outside IP address, gateway and mask. No changes on the internal network or the interface.
After a power cycle everything is good from anywhere from 24-48 hours, then all traffic locks up. The interrface shows as being up but no traffic can get through until another power cycle.
View 1 Replies
View Related
Jul 12, 2011
I've mounted a IPSec G2G tunnel with Cisco ASA one end & Cisco router 1802 another end. The 1802 is connected to a BT 2wire Gateway Router to join the BT network. But from time to time, the tunnel goes down for several hours (or several minutes) then goes up again without reason.I've checked the IPSec configuration, it seems correct. Anyone has experience on the BT 2wire Gateway Router ?
View 2 Replies
View Related
Aug 3, 2011
I have a new SFE300 with 24ports. The switch works fine, but after 4 or 5 hours it reboots it self. After reebots it works fine for another 4 or 5 hours. [code]
View 2 Replies
View Related
Jan 15, 2008
I have a strange problem which looks to me like a DOS attack from the inside..but I cant be sure.
Symptoms:
All xlate connections used within hours.
Xlate connections start with all our servers across our WAN before moving onto all workstations.
No viruses have been found.
Looked in syslog and I cant find one single outside IP that seems to be a possible source.
View 7 Replies
View Related
Sep 26, 2012
I have two WAP4410N wireless access points powered using Power-Over-Ethernet. Both are running the latest available firmware version (2.0.5.3)They are both connected to the same LAN and broadcasting the same SSID with a WPA2 password.
One is using channel 1, while the other is using channel 11.There is coverage overlap where the signal from both access points hover around -75db to -85db while standing in the same physical location.DHCP is disabled, and is being provided by another network device.
Every day or so, devices can connect and authenticate to the access points, but are not granted an IP address (and subsequently are unable access to the LAN or Internet). For devices that had already retrieved an IP address prior to the issue exhibiting itself, the devices simply stop communicating with LAN and Internet.
However, I can still access each access point's web admin interface from the LAN.
If I reboot both devices, the problem vanishes and devices are once again able to get an IP address and connect to the LAN and Internet.Are these symptoms of signal interference between the two WAPs or is this a completely different issue?
View 1 Replies
View Related
Jan 8, 2012
For some reason my wireless drops to local only every 1-2 hours roughly, I can fix it by disconnect and reconnect but this is really annoying, especially if I am playing any games.
View 1 Replies
View Related
Oct 14, 2011
I'm having is that every few hours my TCP/IP protocol stops working. The modem lights remain normal but I can't connect to anything. The only thing that works on the internet is traceroutes at the command prompt which function normally. The solution is that I have to reboot and then everything returns to normal until a few hours later when it happens again. There are no error messages on any of my browsers. The page just goes white immediately. When I try to retrieve my email, I get a message about the TCP/IP isn't working.
View 9 Replies
View Related
Jan 8, 2012
For some reason my wireless drops to local only every 1-2 hours roughly, I can fix it by disconnect and reconnect?
View 1 Replies
View Related
Aug 21, 2012
I am having problems with my Netgear wireless moderm/router DGNG3700. since getting home tonight my internet connection has dropped out 3 times. The moderm /router is only 2weeks old and I have rang the Netgear technical support 4 times. The man I spoke to tonight said they are having trouble with this model and he told me to get the DGNG3700 version 2. I have changed the configerations and am very frustrated with the whole thing. Should I get a different Model altogether.
View 1 Replies
View Related
Apr 14, 2011
I have recently moved into a new house that has a DIR-615 router. I have noticed with the router that it will drop the wireless connections after roughly 24-48 hours. The SSID will no longer be broadcast, however, the computers that are wired are still connected.I currently have the E3 hardware version, plus 5.10 firmware on the router
View 4 Replies
View Related
Jun 22, 2012
So I've bought a D-Link 815 on 21st June(day before yesterday) and my connection drops every 10-12 hours and i have to close and open the router(the 192.168.0.1 site won't even work)...i'm using PPPOE connection..
I've bought a D-Link because i heard it's the best on the market and i play online poker so i need a stable connection all day long and more important i need my IP to remain at one value for a long time and not change every 12 hours(i have dynamic IP)
View 14 Replies
View Related
Jun 4, 2012
Every few hours, the WAN just shuts off. If you were connected to it when this happens, you cannot reconnect until you have reset the router; you can't even find the SSID. If you were not connected when this happens, you can connect just fine. This happens with all devices in the house, my laptop, my DAP-1522, my cell phone, and my brother's Mac (SMH, sometimes I think we aren't related...). I am running version 2.00NA on B1 firmware.
View 3 Replies
View Related
Jul 13, 2011
I have the Cisco series “Cisco 1700” routers operational at my client site, These router suddenly get reboot with 1 or 2 hrs gap. See the below errors which has been captured in router logs:
============================================================
00:00:09: %SYS-5-CONFIG_I: Configured from memory by console
00:00:11: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-Y-M), Version 12.2(16.1)T, MAINTENANCE INTERIM S
OFTWARE
TAC Support: [URL]
[code]....
View 1 Replies
View Related
Jan 22, 2012
I have a Cisco 5500 series WLC and though we don't have a guest network up yet... we want to. One of the ideas was to make this guest wifi only active during normal buisness hours, so we don't get people in parking lots late at night trying to do funny stuff.
I can EASILY do this with my home wireless (DD-WRT loaded Linksys router) but I can't find this on the 5500 WLC. Is there a particular place I can look?
We have a secured WPA2 Enterprise network now, but looking to turn up a "guest" with web-auth. We would provide a positive message password to guests that we would change every 3 months or so. We already made a cool landing page and tested it briefly
View 4 Replies
View Related
