Cisco VPN :: Preventing Remote Router From Using Random Port Numbers / Only Allowed To Use 4500
Nov 1, 2011
I have a remote site that is using port 4500 for within the isakmp phase of creating a IPSEC tunnel, but for some reason it is also using random port numbers constantly (in bold): [code] These are all blocked by the firewall when trying to communicate with our central router in the trusted network. The central router does not display the same symptoms, it only uses port 4500.Is there a way of preventing the remote router from using random port numbers and only allowed to use 4500??
View 9 Replies
ADVERTISEMENT
Jul 27, 2011
I have a little experience in LAN management, solving basic connectivity issuesHowever, I am not strong theoretically. Particularly, when it comes to OSI reference model,I feel like I have understood the funda, but at the same time, I get lost, here and there,This is regarding the steps or processes involved, when one PC sends an email to another in a network,When I compose an email and hit enter, this is what I have understood.Each layer, starting from the application layer, passes the data and the control information to the layer below it, until the lowest layer is reached, from where, the actual transmission takes place via the physical medium.What are port numbers? How and when are port numbers chosen? Who takes the decision in choosing them?
View 2 Replies
View Related
Apr 8, 2012
apparantly there is a bug in WAG160Nv2 firmware (version:V2.00.20 which is the latest). we had problem connecting to an outside smtp server using telnet. then out of frustration i reset the router to factory settings. then suddenly connecting to smtp server on port 25 was not a problem. then a few hours later, without doing any special changes to the settings, it's now again not possible to telnet to external server. apparantly something prevents outbound connections to port 25 to be established
View 1 Replies
View Related
May 17, 2013
I was reviewing my ASA config and noticed that port 1025 was being allowed in and statically NAT'd to connect to my email server:
access-list outside_in extended permit tcp any host X.X.X.X eq 1025
static (inside,outside) tcp interface 1025 Y.Y.Y.Y 1025 netmask 255.255.255.255.
View 2 Replies
View Related
May 29, 2013
how can I configure QoS in the router CISCO1841 for the port IPSEC(UDP 500 ,UDP 4500) and the port tcp 4433
View 5 Replies
View Related
May 6, 2012
I would like to setup an cisco ASA 5505 to only allow certain IP's on port 3389, but i can't get it to work. Maybe some of you experts know why?
Here is my config:
ASA Version 8.4(3)!hostname cisco-asaenable password ** encryptedpasswd ** encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.253 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address 95.*.*.* 255.255.255.248!ftp mode passiveobject network obj_anysubnet 0.0.0.0 0.0.0.0object network rdpuser-1host 46.*.*.*object network rdpuser-2host 48.*.*.*object network rdp-host-pchost 192.168.1.20object
[code].....
The allowed IP's are setup on user level (rdpuser-1 and rdpuser-2) .Still do, I can't connect to the server from any of these IP's...
View 6 Replies
View Related
Sep 22, 2012
Me and my friend is currently setting up a Xen test environment. As you can se from the picture below we are running a Cisco ASA 5505 to reach the network from the outside.But the problem is that we want to reach the virtual pfSense's subnet's through the Cisco AnyConnect VPN. And currently the pfSense's are only configured with a public ip and a virtual interface to the VM's.could solve this problem by buying another PCI NIC, so that we have a physical link from the "pfSense box" to a tagged VLAN on the switch.But we are having problems configuring the switch to general vlan's. Cause Xen can't have it's management interface on a tagged VLAN directly from the XenServer,but the switch can tag the packet when it reaches the switchport. I would like to have "switch port general allowed vlan 2" for admin and 10 for "LAN"And then trunk the port to the Cisco ASA. But again, Xen stops me from doing this.
View 2 Replies
View Related
Sep 29, 2011
I found a bug in Embedded Event Manager, on Catalyst 4500-E platform with supervisor V-10GE, on various IOS releases (in particular 12.2-50-SG IP BASE w/o crypto, 12.2-54-SG1 IP BASE w/o crypto, but also other releases included latest 15.0-2-SG1 ENTERPRISE SERVICES SSH).The problem is that when you set up a EEM applet that monitors syslog pattern matching, and you also configure remote host logging *with* the option "sequence-num-session", when the match occurs, the switch reboots with message:
Sw (sometimes prints a number instead)
VECTOR D00
and in some cases performs a second reboot with message:
VECTOR 0
DOUBLE FAULT
The reload reason message is:
System returned to ROM by abort at PC 0x0
The problem does *not* occur if remote logging has not the option "sequence-num-session". I verified this behavior on various configurations (included our production 130K long *and* factory defaults after erase startup-config).The configuration statements that cause reload are, for expample:
event manager applet prova
event syslog pattern %SYS-5-CONFIG_I
action 1.0 puts "configurazione modificata"
!
logging host 172.30.10.1 sequence-num-session
View 1 Replies
View Related
May 4, 2012
I have an ASA5505 that I am setting up behind another firewall. The external firewall has all ports forwarded to the ASA which is fine as I can see the traffic getting to the ASA in the log. However when the traffic trys to return to it's destination the ASA assigns a random port number. For example for VPN the source port is 443 but when the ASA trys to go back to the public IP addess it is using port 52857 which is obviously blocked on the external firewall. The Packet Tracer also says the the traffic is blocked by an implicit rule on the ASA which denys all ip traffic however I can't delete this rule and as I test I have created another rule allowing all IP traffic.
View 2 Replies
View Related
Apr 24, 2012
We have computers that are connected to a switch stack of 3 - 3750 switches. Randomly, we experience pcs that fail to communicate on the network. At first thought I figured the port went into err-disabled state, however the port shows up fine on the switch and moving the pc to another port on the same switch in the stack fails to fix the problem. To add to the confusion, if I immediately connect a different machine into the problematic port the newly connected machine has no issue and operates normally. Connecting back the first machine still results in no connectivity.
The only way to gain back network connectivity is to move the pc to a different switch in the stack. shut/no shut doesn't work.The IOS the stack is running is 12.2 and the switch ports are configured using cisco port macros.
here is how all the ports are configured.
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
View 5 Replies
View Related
Jan 6, 2013
Lately I've noticed some strange behavior on some of the switch ports. When I go through the logs my SGE2000/2010 stack, I see that some of the ports randomly lose their connection:
2147482703 05-Jan-2013 04:11:43 Warning %LINK-W-Down: 2/g14 2147482704 05-Jan-2013 03:35:20 Warning %STP-W-PORTSTATUS: 2/g33: STP status Forwarding 2147482705 05-Jan-2013 03:34:50 Informational %LINK-I-Up: 2/g33 2147482706 05-Jan-2013 03:34:47 Warning %LINK-W-Down: 2/g33 2147482707 05-Jan-2013 03:34:19 Informational %LINK-I-Up: 2/g33 2147482708 05-Jan-2013 03:34:17 Warning %LINK-W-Down: 2/g33 2147482709 05-Jan-2013 03:34:15 Informational %LINK-I-Up: 2/g33 2147482710 05-Jan-2013 03:34:14 Warning
[code]....
I'm having trouble locating the source of the problem. The devices connected to the port are servers and desktops. This happens frequently throughout the day, but not always on the same ports. What could cause the random drops?
View 8 Replies
View Related
Apr 15, 2012
The problems looks like this: I'm able to browse the web without any problems until at random points of time - might be 2 hours after I turn on my PC or 5 or even half an hour the port 80 gets blocked - actually more like it hangs it self. As whatever I try to open i get "waiting for response" going and going. It's not even returning "page not found" error or anything. To top everything all other ports work fine - i can use https, ping run tracert - no problem there.
I've spend two days looking for some answer on the web but came up empty. I've scanned for malicious software with ad-awar and malwarebyte anit-malware - nothing came up. After restart of the pc everything comes back to normal but its frustrating needing to do that every now and then.
My home network looks like this: I have some broadband modem that is connected to local wifi TP-LINK router (Model No. TL-WR340G/TL-WR340GD). There are four devices using this connection - two pc's (laptops), android phone and android tablet.
View 1 Replies
View Related
Apr 29, 2013
How many numbers of GRE Tunnels are supported on Cisco 3925 router?
View 2 Replies
View Related
Apr 28, 2013
How many numbers of GRE Tunnels are supported on Cisco 3925 router?
View 1 Replies
View Related
Dec 29, 2012
Network running about 60 computers, most of which are running windows 7 professional. Some are on a domain, some are not.At (seemingly) random times, some computer on the network will lose the ability to browse websites (including the web interfaces of networked devices). I can't identify what circumstances cause this to occur. I only find out about it when someone calls me.From the affected computer:I can ping sites I can ping our Cyberoam UTM (which acts as our DNS, DHCP, and firewall)disabling/enabling connection doesn't fix the problem releasing/renewing ip doesn't fix the problem flushing dns doesnt fix the problem uninstalled antivirus on two test machines, problem still randomly manifests.replaced the Cyberoam with newer model users have claimed that if they wait a long period of time (40+ minutes) the problem sometimes resolves.rebooting the computer resolves the issue until it randomly occurs again changing the computer's mac address also resolves the issue until it randomly occurs again.
View 3 Replies
View Related
Nov 14, 2012
i just want to ask whether i should do some configurations or not on my cisco switch 4500 L3 regarding the error of 500 invalid port command when host try to access FTP active on to FTP server, i just did static route on gig interface with no switchport mode to that host network, all traffic type was allowed except the FTP with active mode?
View 7 Replies
View Related
May 19, 2009
How to get this unit to hand out the Ip numbers in my network with dhcp but to allso assign these numbers in accordance to the mac address. I want o make sure the same computers get the same internal ip and not random ones?
View 2 Replies
View Related
Jun 28, 2012
is there a way to show the last time a port was active/inactive on a catalyst 4500?
View 3 Replies
View Related
Apr 24, 2011
On a 4500 switch port , defined as access vlan 10, if the user connects his own dhcp server ( instead of the normal pc that should be connected ), will it cause issues with my existing network. the existing network is all static ip. In above case, will the dhcp server start looking out and assign dhcp ip's , if a user unknowingly removes his static ip and changes to obtain ip via dhcp option on the lan properties.
View 10 Replies
View Related
Mar 27, 2013
On 45XX catalyst , bandwidth is allocated across six 8-port groups, providing 1 Gbps per port group. Example for the following line card : WS-X4448-GB-SFP
I want to know if there is the same mecanism on 3750X switches. I mean is bandwidth allocated across a group of ports like on 4500 catalyst ?
View 5 Replies
View Related
Dec 24, 2011
On a 4500 switch port , defined as access vlan 10, if the user connects his own dhcp server ( instead of the normal pc that should be connected ), will it cause issues with my existing network. the existing network is all static ip. In above case, will the dhcp server start looking out and assign dhcp ip's , if a user unknowingly removes his static ip and changes to obtain ip via dhcp option on the lan properties.
View 1 Replies
View Related
Jan 7, 2013
We have recently purchased a Cisco 4506 that has several Gigabit Ethernet modules installed.One of the Ethernet Gigabit modules - a WS-X4424-GB-RJ45 - is being picky with who it talks to at Gigabit Ethernet.
If I plug a laptop into one of it's RJ45 ports using a Cat 6 cable, nothing happens. No link light, no notification of link up or down on port statistics, absolutely nothing.If I plug a server into the same port it works fine at Gigabit Ethernet (even using the same Cat 6 cable).I can get the module to recognize a laptop if I fix the speed/duplex on the laptop to 100Mb/Full. I have tried this with other staff laptops from different vendors (HP / Dell / etc.) all with the same result.
The module directly underneath this module - a WS-X4448-GB-RJ45 - works fine for both laptops and servers. We have tried swapping the module positions but to no avail.
View 9 Replies
View Related
Apr 26, 2013
I want to know if is it possible to configure QoS on a 4500 Sup7 on a Layer 3 routed port like the following example (Similar to CBWFQ on IOS Router)?
View 3 Replies
View Related
May 17, 2012
I configured the interfaces individually at L3 and could ping across each link Example:
4500 Switch 2: 6500 Switch 1
int t5/1 - int g3/17 1 Gig fiber link
tore down config
tried second set of interface
int t6/1 - int g8/17 1 Gig fiber link
Ping successful
[code]....
View 2 Replies
View Related
Mar 8, 2012
Few days ago I faced a issue in which one of ours 4500 stopped providing poe on some ports in one line card. I called TAC and ran some diagnostics. However, there is a command that I found and it is NOT DOCUMENTED on 4500 reference guide! The command is "diagnostic monitor poe". This command actually detects/recover POE hardware failures! After executing this command, poe start to work again?
View 4 Replies
View Related
Feb 19, 2013
We have a single 4500 connecting to two non-cisco devices. We need to enable port channelling or link aggregation between these two.The links are carrying mulitple vlans , hence are trunked and the ip address on either side is used for routing.
From each of the two non-cisco device, i am taking 2 ports each to connect to the 4500.On each non-cisco device side, two ports will bundle together as one aggregated interface (ae1) and the other will be called ae2.
my query is how do i do the configuration for etherchannel on the cisco 4500 side , as it will need two different Po's( port channels).I need a single ip address on both sides of port channel to be present for routing.
View 2 Replies
View Related
Mar 18, 2010
I am trying to implement priority queuing (LLQ) on a pair of 10GE links between a 4507 with Sup6E and a 4948 which are configured as an etherchannel. I am unable to configure a priority queue on the 4507. I am running into the following issues:
I want to have a priority queue for voice traffic and specify minimum bandwidth for a critical application. If I configure a class with the priority command it will not let me use the bandwidth command on another class unless the priority class is policed. If I try it without the police command I get the message "bandwidth kbps/percent command cannot co-exist with strict priority in the same policy-map ". If I add a police statement to the priority class then I don't get this error.
When I try to apply the resulting service-policy to the physical interface it says "% A service-policy with non-queuing actions should be attached to the port-channel associated with this physical port" and does not add the command to the config.
If I try to associate the same policy-map to the port-channel rather than the physical interface it says "% A service-policy with queuing actions can be attached in output direction only on physical ports" and does not add the command to the config.
All of the other interfaces on the 4500 are working OK. The trunks have auto qos voip trust configured and access ports are marking the critical application traffic.
The 4507 is running 12.2(44)SG1 EnterpriseK9. I don't have the luxury to upgrade blindly to fix the problem unless I can identify a specific bug that is causing the problem.
View 5 Replies
View Related
Feb 7, 2013
I am wanting to access my IP camera over the Internet. I am not a computer wiz by any stretch and after a couple of failed attempts. My ISP is Comcast and they say that I have dynamic dns and should have no issues viewing my cameras. I know how to get to the port forwarding area of the router but am confused as to which ports to forward. The set up instructions for the camera (Airsight) suck. Screen shots of the set up don't match the actual router
View 7 Replies
View Related
Jun 3, 2013
I have configured a SVI in my 4500 ( Sup 7-E 10GE,,,,,,and,,,,,cat4500e-universalk9.SPA.03.02.00.SG.150-2.SG.bin) switch and it is showing Down Down, because there were no active switch port in the vlan, I added one switch port to this vlan but this port also in the down state, so i added the SWITCH PORT AUTO STATE EXCLUDE command under this port, even after this also the SVI never came up, So i added one systen to the port so both the switch port and the SVI came up...So why SWITCH PORT AUTO STATE EXCLUDE command have no effect in this model of the switch..
View 4 Replies
View Related
Nov 30, 2011
I use a DLink DIR-655 router but it only allows around 24 MAC addresses to be specified in the filter list of ALLOWED MAC ADDRs. With a few laptops in the family, a game box, NAS, printer, e-readers, smart phones, I'm maxed out. Alternatively, could I daisy chain them to have one handle wireless devices only and another handle wired devices? If so, I could probably dealt with 24 max wireless MAC addresses specified for a while. If there's a better router out there that's not so limited, I'll upgrade.
View 2 Replies
View Related
Nov 29, 2012
My laptop is showing that it is connected to the wireless router, but whenever I click on the Internet icon, it will not allow me to connect to the internet.
View 1 Replies
View Related
Jan 26, 2011
I would like to put an E2000 in an office where clients are coming and going throughout the day. When the documentation says that there is a maximum of 10 guest network users allowed (with a default setting of 5) what exactly does that mean ? I don't want the first 10 guest-clients who come in, connect to the guest network, then leave the office to consume all 10 slots for the day.If I have 50 people that come and go from the office throughout the day who connect to the guest 192.168.33.X network and attempt to enter the password (but no more than 10 guests authenticated at any given time) will all 50 be successful in connecting ? Or do I have to reduce the Client Lease Time to something less than the default setting of one day ?
View 1 Replies
View Related
May 3, 2011
I have a XSR-1805 (Version 7.5.0.0) enterasys router here. Got SNMP server to work successfully. The thing is that I couldn't make the router restrict a range of address allowed to use a community. Only 10.1.0.13 is allowed to use SNMP in this case.
View 1 Replies
View Related
