Cisco VPN :: PIX515E / IPSec Routing Halts Randomly?
Sep 4, 2011
We have got an issue with an IPSec tunnel between Cisco PIX515E and Juniper firewall, the last one is managed by ISP. The tunnel is set up over the Internet.
There are a number of subnets running via this tunnel. The issue is that sometimes the connectivity between some of the subnet halts. So the users (and nagios) would report they can not access the service over the tunnel, while I would access the PIX over the tunnel by telnet just fine (from another side), then issue 'clear ipsec sa', and the connectivity would be restored. This happens randomly, one or few times a day.
View 6 Replies
ADVERTISEMENT
Dec 26, 2011
I have a routing problem here with routing in PIX515E version 6.35. I have some Client PCs located in the DMZ interface of the PIX515E, they connect to PIX using Cisco VPN Client (IPSEC VPN), after that these PCs can be routed to access Servers (static route) located behind Internal interfaces of PIX. I have some Servers located remotely having Internet Access, the gateway router remotely connect to PIX Outside Interface (Internet) using IPSEC VPN then routed to inside Interface (static route).
View 9 Replies
View Related
Nov 26, 2011
I just bought a WRVS4400N last week to replace my existing LinkSys WRH54G. To my disappointment, I now have a problem that this router halts everytime any eMule/P2P client is connected for more than 15~30 minutes, no matter the uPNP is enabled or not, When it halts, the only thing to get it work is to unplug its power cable then back on. So, I then upgraded its firmware from 2.0.1.3 to 2.0.2.1, but the problem still persists. However, the truth is that this problem never happened on my WRH54G
View 4 Replies
View Related
Jun 24, 2012
I have a Cisco PIX515E-R and I will like to set up a VPN tunnel together with a Netgear ADSL router. I want to access a network at work from my computer at home.
View 14 Replies
View Related
Mar 27, 2013
I have a PIX 515E UR which I would like to activate the VPN-3DES-AES license. I did find a link to register the license, but after following the link and logging into my old CCO account i found that as I didn't have access to anything, so couldn't complete the procedure.Is there any way that I can get the license activated? I bought the unit from a Cisco partner quite some time ago, but never needed the 3DES license. Now I do.
View 3 Replies
View Related
Jun 25, 2006
i have managed to create a community of cisco devices however although i can add the pix to the community it does not show up in the topology? HTTPS is enable. I can also access the pix via ASDM.
View 2 Replies
View Related
Jun 27, 2012
I need configuring a newly reinstated PIX515E with IOS 6.3 to test the configuration of a load balancer.I would like to setup with two Inside interfaces (or simply two interfaces) for testing. I just need it to pass traffic (basically HTTP and HTTPS) between these two interfaces without using NAT.The older IOS is causing me some problems. I don't have an outside interface configured for Internet access,but trying to connect via IP address does't work either. I may be able to configure a second DNS server for the 192.168.12.X network for testing purposes if needed. I even tried to set the default route to the Interface of the production ASA's inside interface (3.1), but that did not work either.
View 6 Replies
View Related
Feb 12, 2012
I just added a PIX515E to my lab (since this is a lab, if I need to change IP address, that is not a problem)....I thought I configured it right, but I am not able to ping any of my other routers/PCs.I have EIGRP on the other three routers, but not sure if I configured it right on the PIX.The diagram below shows my current network topology....(right now the PIX is connected vai Ethernet 1 to the switch, not the router itself) [code]
View 13 Replies
View Related
Aug 28, 2011
I just bought a used PIX515e. It is running version 8.0(3) and ASDM 6.1.5 Because I do not know the history of the unit, how can I tell if the image used came from cisco and not some download site? I guess I should've thought about this before buying it but hindsight is...you know. Worse case is that the person who had it before me dl the software that was infected with a backdoor or something else. I don't have a service contract so I'm kinda stuck.
Can I download the image from the firewall flash and compare a MD5SUM?
View 12 Replies
View Related
Feb 12, 2011
i have PIX515E firewall but i need to know through CLI how can i see the usernames for my VPN clients?
SH vpnclient? or sh ?
View 3 Replies
View Related
Feb 16, 2012
We are planning to upgrade the PIX515e (128 MB, 16 MB flash) adaptive software from 7.2(4) to 8.0.3(ED). In our environment the two PIXes are working in active-standby mode and experiencing high memory utilization.
1) What are the bug fixes(like memory leak fix) and new configuration options in the 8.0.3(ED)?
2) Is there any issues to upgrade 7.2 to 8.0.3(ED)?
3) Is the upgrade to new version software fix the memory utilization issue?
View 1 Replies
View Related
Sep 8, 2012
why the ethernet 3,4,5 is not licensed here ?
View 3 Replies
View Related
Mar 17, 2012
i wounder why i'm getting such log message whenever i'm trying to reach my remote site: No translation group found for tcp src outside XXXX dst dmz ZZZZ, i have a Cisco PIX515E firewall and that message is captured there, the traffic is going through a VPN tunnel (the VPN are up on both ends)
View 2 Replies
View Related
Jun 28, 2012
We have two PIX515E ( 6.3), one is Primary( Active) and second one is Standby. after configuration of Secondary Firewall as Standby. getting problem.
1. Configuration part everything is fine
2.we have done failover text also .
Aster Some time , we are not able see Standby Firewall its going down .
View 2 Replies
View Related
Nov 28, 2011
Quick question. I have a site - site tunnel that is up and running between a Pix 515E and a 3050 appliance.Tunnel is up and running but on the pix side I dont see traffic from a couple of subnets behind the inside interface.On the vpnallow access list there are no hits So I setup a capture on the inside interface to see if the packets is making it to the inside interface and nothing. There is some traffic making it thru the tunnel that would have to hit the inside int first and even that doesnt showup in the capture.
View 1 Replies
View Related
Sep 15, 2011
I have a PIX515E. I need to create a vpn to my clients office. PIX is alerady having two VPN, among two one is a dynamic VPN to a dynamic IP of netgear router.
It has two gateway(public IP). Configuration in MH2001 is pretty simple. and i have completed it.I have also completed configuration in PIX using ASDM. But the VPN is not up till now.
[code]...
View 1 Replies
View Related
May 20, 2012
I am trying to veiw my PIX515e via the ASDM, but I am unable to...Can you review my config and make sure I have everything setup the way it is supposed to?
PIX Version 8.0(4)32
!
hostname pixfirewall
domain-name jkkcc.com
enable password DQucN59Njn0OjpJL encrypted
passwd DQucN59Njn0OjpJL encrypted(code)
View 1 Replies
View Related
May 20, 2012
I am trying to veiw my PIX515e via the ASDM, but I am unable to...Can you review my config and make sure I have everything setup the way it is supposed to?
PIX Version 8.0(4)32
!
hostname pixfirewall
[Code].....
View 3 Replies
View Related
Jan 13, 2013
The infrastructure has PIX515E as the Firewall and few Web Servers and Database Servers inside. Is it possible to retreieve information regarding the bandwidth available at the outside interface of PIX (Internet link utilization ) utilized by each of the nodes seperately? I could use SNMP to get the overall data transfer at the Outside interface of PIX but isit possible to get utilization details of individual nodes ? Is Netflow an option ?
View 10 Replies
View Related
Nov 24, 2012
I have a switch which is rebooting it self, we bought it a year back,its a new switch, i did not find any error on sh ver after rebooting. I am using OP manager, i did not receive any alerts. I have done all diagnostic test, all are passed, i did not find any problem..
View 2 Replies
View Related
Oct 25, 2011
I am running Windows Vista Business SP2 and I have been having problems lately with my internet connection. I am on a DSL connection and my computer keeps on dropping the connection like every 15-20min in order to get my connection back I have to disable and then reenable the network connection, but the weird thing is that I don't get internet connection, but I can still send and recieve IM's and Mail when my internet goes down. It is not my ISP that is wrong , but my computer, because I have a windows xp and it does the same thing and I also have a windows 7 PC and that one does not lose connection when my other ones do. On my Windows XP all what I have to do so it gets connection again is click on the connection and then click repair and I get internet again, but Windows Vista does not have this option so I have to disable and reenable my connection
View 6 Replies
View Related
Sep 27, 2012
i just installed a pix515e ( ios ver 6.2) in my network. and the vpn users can connect to it from the internet successfully but they aren't able to connect to any of the internal resources. some other informaion: i configured nating between the internal network (10.0.0.0/24) and the internet and another static nat policy between an internal resource through another public ip address on outside interface. but right now i need to let the vpn clients to connect to my internal resources.
View 5 Replies
View Related
Jul 18, 2011
I am in the process of migrating my config from my PIX running 8.0(4) to my ASA5520 running 8.2(1). I have converted the config so that it is ready for the ASA. I noticed the "boot system flash:" and "asdm image flash:" command references the old PIX files. Do I need to update these or will they be updated when the ASA reboots with the new config?
View 2 Replies
View Related
Dec 17, 2011
I just configure VPN for end users in PIX515e with IOS 8 and get stuck with "Tunnel Rejected: User (msveden) not member of group (VPN-shared), group-lock check failed.". tell me how I add user to my VPN group?
View 1 Replies
View Related
Nov 1, 2012
My workstation(10.0.0.250) directly connected to 6509_1 switch. 6509_1 is gateway with ip 10.0.0.5/22. Sometimes routing stop working, but after 3-5 minutes all back to normal.When issue occur i can't ssh to 6509_1, but i connect to second 6509_2 (10.0.0.6) and i can ssh to 6509_1 from it.Then form 6509_1 i try to ping my workstation Wireshark on my workstation show that packet arrive. My workstation reply on it, but switch not accept it.How it possible? As I say after sometime all go back to normal without any changes. [code]
View 2 Replies
View Related
Jan 16, 2013
I have a couple of users who randomly can't get access to any resources. The port they connect to doesn't have port security, the have an IP phone and PC. IP phone is fine since it's always on the same port. There PC get's an IP from DHCP (DHCP is on a windows server) but they can't ping any devices nor can I ping the PC from the switch. I checked if there were any mac access filters applied on the switch (and there aren't any). The log doesn't show any events on the ports in question so I don't know if the switch is going or there is a config issue some. Doesn't happen to all users, just 1 or 2.v
View 11 Replies
View Related
Mar 20, 2012
We have two c6509 budled in VSS. I have noticed randomly high usage of CPU, sometimes up to 99% in peaks. I have found that it can be generated by SNMP engine. So I unconfigure all SNMP things. But situation is the same. I would like to know if this state is OK or not. CPU shows are enclosed in file.
View 1 Replies
View Related
Nov 5, 2012
I have having two Cisco 6509 both working are my main Core Switches with which I have all my Layer 2 VLANs configured and then distributed thru the trunks links to all the Access Switches. I have L3- Vlans also configured on them with which one switch in primary and the other is secondary. All of sudden last night I got this message on my core switch 2 this for VLAN 1 which is my users LAN, how can I check as to what would have caused the core switch 2 HSRP to be active and then in standby
*Nov 5 23:33:29.296: %HSRP-5-STATECHANGE: Vlan1 Grp 5 state Standby -> Active
*Nov 5 23:33:29.796: %HSRP-5-STATECHANGE: Vlan1 Grp 49 state Standby -> Active
*Nov 5 23:33:29.804: %HSRP-5-STATECHANGE: Vlan1 Grp 49 state Active -> Speak
*Nov 5 23:33:29.920: %HSRP-5-STATECHANGE: Vlan1 Grp 5 state Active -> Speak
*Nov 5 23:33:40.144: %HSRP-5-STATECHANGE: Vlan1 Grp 5 state Speak -> Standby
*Nov 5 23:33:41.280: %HSRP-5-STATECHANGE: Vlan1 Grp 49 state Speak -> Standby
Also last night i got call from office saying that we are getting huge delay in pinging the default gateway of the user LAN which is the same vlan as the above and it was just for few minutes and then it was back to normal and now when I came to office and check there were no logs in both the core switches. When I checked the cpu utlization it was showing me high on both the switches how can I check as to what would have caused the CPU utilisation to go high all of suddedn?
INPMHCORS01#$ sh processes cpu his
11111 11111 11111 1111111111
8885555588888666669999922222666665555511111777773333300000
100
90
80
[code]....
View 1 Replies
View Related
Aug 28, 2012
I have a network that has a pair of 6500 switches on either end, running HSRP. In between each 6500 are two to three ruggedcom switches. They are connected to each other and the 6500's by trunk ports in a straight line. The 6500's see each other as CDP neighbors, and the 6500's can see the rugged- com as LLDP neighbors (ruggedcom only supports LLDP).
The issue is that randomly devices on the ruggedcoms will drop offline and then come back. The problem is that the devices that drop offline are all in the same VLAN, so it appears like a virus - i.e. one device drops off, then multiple. Eventually the HSRP starts flapping between the two 6500s and this causes havoc on the network.I'm almost to the point of taking a laptop and plugging it into one of the ruggedcom's to see traffic, but the issue is that the ruggedcoms are outside in cabinets that laptops shouldnt be exposed to.
View 2 Replies
View Related
Oct 19, 2011
I have a stack of 4 Cisco WS-C2960S-48FPS-L switches running c2960s-universalk9-mz.122-58.SE1 code. One of our network monitoring tools is indicating discards on a certain port on the switch. Upon further investigation I am seeing the Total output drops values change in a very odd manner.
The numbers seem to go from 573 to 1146 to 1719 then back down to 573 and it starts the same pattern over: [code]
The port utilization is quite low, the highest I've seen over the past 7 days is 3.5% with a polling period of every 30 seconds using Statseeker. Yet the discards are bouncing all over the place.
I've searched though the bugs for 12.2(58)SE1 and didn't see anything.
View 13 Replies
View Related
Aug 19, 2012
This happens intermittantly. This results in most connections (but not all) being dropped. I will be unable to connect to web servers. My connection to videogame servers will drop. However, AIM will stay connected. These were done simultaneously. The same thing happens with my Cisco AE1200 and a D-Link 802.11g adapter I have. Disconnecting my adapter and reconnecting it solves the problem. I have tried doing a factory reset on the router and installing the latest firmware. It seems to happen more frequently when I am doing a lot of throughput (downloading a game on Steam, for instance) but other times it will happen when all I am doing is playing a game (like Tribes Ascend) which uses very little data. This is extremely frustrating. When I pay more than $150 for a piece of networking equipment, I expect it to last more than 3 years.
View 4 Replies
View Related
Apr 29, 2013
I tried any type of combination and just couldn't make it works. Only PPTP works well. Whether Apple iOS IPSec VPN is supported or not?
View 11 Replies
View Related
Nov 19, 2011
The network design is a hub and spoke using a carrier provided MPLS network with a ASA 5520 at the hub that has a IPSec tunnel to another part of the company.This configuration has worked for sometime now (long before I came to the company a couple of months ago).The thing that does not make sense to me is that the those networks out on the spokes did not have a route to the inside interface network of the ASA. With the way this MPLS works, if a network is not in the MPLS network routing tables it will not pass that network. The network was not in the MPLS network, nor was it in any of our edge routers connecting to the MPLS.
These hub networks did have routes both in the MPLS and edge devices for the networks on the other side of the IPSec tunnel and have been reaching them for some time.So what I am trying to understand is how it is possible for these hosts that have no route to the ASA inside interface network, but do have routes to the remote networks, how are they able to successfully pass that traffic? There are no NAT devices between these WAN hosts and the ASA.
View 1 Replies
View Related
