Cisco VPN :: Preventing Remote Router From Using Random Port Numbers / Only Allowed To Use 4500

Nov 1, 2011

I have a remote site that is using port 4500 for within the isakmp phase of creating a IPSEC tunnel, but for some reason it is also using random port numbers constantly (in bold): [code] These are all blocked by the firewall when trying to communicate with our central router in the trusted network. The central router does not display the same symptoms, it only uses port 4500.Is there a way of preventing the remote router from using random port numbers and only allowed to use 4500??

View 9 Replies


ADVERTISEMENT

What Are Port Numbers And Who Choose Them

Jul 27, 2011

I have a little experience in LAN management, solving basic connectivity issuesHowever, I am not strong theoretically. Particularly, when it comes to OSI reference model,I feel like I have understood the funda, but at the same time, I get lost, here and there,This is regarding the steps or processes involved, when one PC sends an email to another in a network,When I compose an email and hit enter, this is what I have understood.Each layer, starting from the application layer, passes the data and the control information to the layer below it, until the lowest layer is reached, from where, the actual transmission takes place via the physical medium.What are port numbers? How and when are port numbers chosen? Who takes the decision in choosing them?

View 2 Replies View Related

Linksys Cable / DSL :: WAG160N V2.00.20 FW - Outbound Connections To Port 25 Preventing?

Apr 8, 2012

apparantly there is a bug in WAG160Nv2 firmware (version:V2.00.20 which is the latest). we had problem connecting to an outside smtp server using telnet. then out of frustration i reset the router to factory settings. then suddenly connecting to smtp server on port 25 was not a problem. then a few hours later, without doing any special changes to the settings, it's now again not possible to telnet to external server. apparantly something prevents outbound connections to port 25 to be established

View 1 Replies View Related

Cisco Firewall :: Port 1025 Allowed On ASA

May 17, 2013

I was reviewing my ASA config and noticed that port 1025 was being allowed in and statically NAT'd to connect to my email server:
 
access-list outside_in extended permit tcp any host X.X.X.X eq 1025
static (inside,outside) tcp interface 1025 Y.Y.Y.Y 1025 netmask 255.255.255.255.

View 2 Replies View Related

Cisco WAN :: Configure QoS In Router 1841 For Port (500 / 4500)

May 29, 2013

how can I configure QoS in the router CISCO1841 for  the port IPSEC(UDP 500 ,UDP 4500) and the port tcp 4433

View 5 Replies View Related

Cisco Firewall :: 3389 Port Allowed From Some IPs On ASA 5505?

May 6, 2012

I would like to setup an cisco ASA 5505 to only allow certain IP's on port 3389, but i can't get it to work. Maybe some of you experts know why?
 
Here is my config:
 
ASA Version 8.4(3)!hostname cisco-asaenable password ** encryptedpasswd ** encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.253 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address 95.*.*.* 255.255.255.248!ftp mode passiveobject network obj_anysubnet 0.0.0.0 0.0.0.0object network rdpuser-1host 46.*.*.*object network rdpuser-2host 48.*.*.*object network rdp-host-pchost 192.168.1.20object

[code].....
          
The allowed IP's are setup on user level (rdpuser-1 and rdpuser-2) .Still do, I can't connect to the server from any of these IP's...

View 6 Replies View Related

Cisco :: Switch Port General Allowed Vlan 2 For Admin And 10 For LAN?

Sep 22, 2012

Me and my friend is currently setting up a Xen test environment. As you can se from the picture below we are running a Cisco ASA 5505 to reach the network from the outside.But the problem is that we want to reach the virtual pfSense's subnet's through the Cisco AnyConnect VPN. And currently the pfSense's are only configured with a public ip and a virtual interface to the VM's.could solve this problem by buying another PCI NIC, so that we have a physical link from the "pfSense box" to a tagged VLAN on the switch.But we are having problems configuring the switch to general vlan's. Cause Xen can't have it's management interface on a tagged VLAN directly from the XenServer,but the switch can tag the packet when it reaches the switchport. I would like to have "switch port general allowed vlan 2" for admin and 10 for "LAN"And then trunk the port to the Cisco ASA. But again, Xen stops me from doing this.

View 2 Replies View Related

Cisco Switching/Routing :: Catalyst 4500-E / Found BUG Between EEM And Remote Host Logging In Various IOS?

Sep 29, 2011

I found a bug in Embedded Event Manager, on Catalyst 4500-E platform with supervisor V-10GE, on various IOS releases (in particular 12.2-50-SG IP BASE w/o crypto, 12.2-54-SG1 IP BASE w/o crypto, but also other releases included latest 15.0-2-SG1 ENTERPRISE SERVICES SSH).The problem is that when you set up a EEM applet that monitors syslog pattern matching, and you also configure remote host logging *with* the option "sequence-num-session", when the match occurs, the switch reboots with message:
 
Sw (sometimes prints a number instead)
VECTOR D00
 
and in some cases performs a second reboot with message:
 
VECTOR 0
 DOUBLE FAULT
 
The reload reason message is:
 
System returned to ROM by abort at PC 0x0
 
The problem does *not* occur if remote logging has not the option "sequence-num-session". I verified this behavior on various configurations (included our production 130K long *and* factory defaults after erase startup-config).The configuration statements that cause reload are, for expample:
 
event manager applet prova
event syslog pattern %SYS-5-CONFIG_I
action 1.0 puts "configurazione modificata"
!
logging host 172.30.10.1 sequence-num-session

View 1 Replies View Related

Cisco VPN :: ASA5505 Random Destination Port And Implicit Rule

May 4, 2012

I have an ASA5505 that I am setting up behind another firewall. The external firewall has all ports forwarded to the ASA which is fine as I can see the traffic getting to the ASA in the log. However when the traffic trys to return to it's destination the ASA assigns a random port number. For example for VPN the source port is 443 but when the ASA trys to go back to the public IP addess it is using port 52857 which is obviously blocked on the external firewall. The Packet Tracer also says the the traffic is blocked by an implicit rule on the ASA which denys all ip traffic however I can't delete this rule and as I test I have created another rule allowing all IP traffic.

View 2 Replies View Related

Cisco Switching/Routing :: Random Port Disconnect 3750

Apr 24, 2012

We have computers that are connected to a switch stack of 3 - 3750 switches.  Randomly, we experience pcs that fail to communicate on the network. At first thought I figured the port went into err-disabled state, however the port shows up fine on the switch and moving the pc to another port on the same switch in the stack fails to fix the problem.  To add to the confusion, if I immediately connect a different machine into the problematic port the newly connected machine has no issue and operates normally.  Connecting back the first machine still results in no connectivity. 
 
The only way to gain back network connectivity is to move the pc to a different switch in the stack.  shut/no shut doesn't work.The IOS the stack is running is 12.2 and the switch ports are configured using cisco port macros.
 
here is how all the ports are configured.
 
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable

View 5 Replies View Related

Cisco Switches :: SGE 2000 / 2010 - Random Port Drops

Jan 6, 2013

Lately I've noticed some strange behavior on some of the switch ports. When I go through the logs my SGE2000/2010 stack, I see that some of the ports randomly lose their connection:
 
2147482703 05-Jan-2013 04:11:43  Warning %LINK-W-Down:  2/g14        2147482704 05-Jan-2013 03:35:20  Warning %STP-W-PORTSTATUS: 2/g33: STP status Forwarding        2147482705 05-Jan-2013 03:34:50  Informational %LINK-I-Up:  2/g33        2147482706 05-Jan-2013 03:34:47  Warning %LINK-W-Down:  2/g33        2147482707 05-Jan-2013 03:34:19  Informational %LINK-I-Up:  2/g33        2147482708 05-Jan-2013 03:34:17  Warning %LINK-W-Down:  2/g33        2147482709 05-Jan-2013 03:34:15  Informational %LINK-I-Up:  2/g33        2147482710 05-Jan-2013 03:34:14  Warning
[code]....       
 
I'm having trouble locating the source of the problem. The devices connected to the port are servers and desktops. This happens frequently throughout the day, but not always on the same ports. What could cause the random drops?

View 8 Replies View Related

Home Network :: TL-WR340GD - Port 80 Blocked At Random Points Of Time?

Apr 15, 2012

The problems looks like this: I'm able to browse the web without any problems until at random points of time - might be 2 hours after I turn on my PC or 5 or even half an hour the port 80 gets blocked - actually more like it hangs it self. As whatever I try to open i get "waiting for response" going and going. It's not even returning "page not found" error or anything. To top everything all other ports work fine - i can use https, ping run tracert - no problem there.

I've spend two days looking for some answer on the web but came up empty. I've scanned for malicious software with ad-awar and malwarebyte anit-malware - nothing came up. After restart of the pc everything comes back to normal but its frustrating needing to do that every now and then.

My home network looks like this: I have some broadband modem that is connected to local wifi TP-LINK router (Model No. TL-WR340G/TL-WR340GD). There are four devices using this connection - two pc's (laptops), android phone and android tablet.

View 1 Replies View Related

Cisco WAN :: How Many Numbers Of GRE Tunnels Are Supported On 3925 Router

Apr 29, 2013

How many numbers of GRE Tunnels are supported on Cisco 3925 router?

View 2 Replies View Related

Cisco VPN :: How Many Numbers Of GRE Tunnels Are Supported On 3925 Router

Apr 28, 2013

How many numbers of GRE Tunnels are supported on Cisco 3925 router?

View 1 Replies View Related

Small Network / Random Computers Lose Browsing At Random Times?

Dec 29, 2012

Network running about 60 computers, most of which are running windows 7 professional. Some are on a domain, some are not.At (seemingly) random times, some computer on the network will lose the ability to browse websites (including the web interfaces of networked devices). I can't identify what circumstances cause this to occur. I only find out about it when someone calls me.From the affected computer:I can ping sites I can ping our Cyberoam UTM (which acts as our DNS, DHCP, and firewall)disabling/enabling connection doesn't fix the problem releasing/renewing ip doesn't fix the problem flushing dns doesnt fix the problem uninstalled antivirus on two test machines, problem still randomly manifests.replaced the Cyberoam with newer model users have claimed that if they wait a long period of time (40+ minutes) the problem sometimes resolves.rebooting the computer resolves the issue until it randomly occurs again changing the computer's mac address also resolves the issue until it randomly occurs again.

View 3 Replies View Related

Cisco Switching/Routing :: 4500 L3 / 500 Invalid Port Command

Nov 14, 2012

i just want to ask whether i should do some configurations or not on my cisco switch 4500 L3 regarding the error of 500 invalid port command when host try to access FTP active on to FTP server, i just did static route on gig interface with no switchport mode to that host network, all traffic type was allowed except the FTP with active mode?

View 7 Replies View Related

Linksys Wireless Router :: WRT54GX2 To Hand Out IP Numbers In Network

May 19, 2009

How to get this unit to hand out the Ip  numbers in my network with dhcp but to allso assign these numbers in accordance to the mac address. I want o make sure the same computers get the same internal ip and not random ones?

View 2 Replies View Related

Cisco Switching/Routing :: 4500 How To Show Last Time A Port Was Active

Jun 28, 2012

is there a way to show the last time a port was active/inactive on a catalyst 4500?

View 3 Replies View Related

Cisco Switching/Routing :: 4500 DHCP Server On Access Port

Apr 24, 2011

On a 4500 switch port , defined as access vlan 10, if the user connects his own dhcp server ( instead of the normal pc that should be connected ), will it cause issues with my existing network. the existing network is all static ip. In above case, will the dhcp server start looking out and assign dhcp ip's , if a user unknowingly removes his static ip and changes to obtain ip via dhcp option on the lan properties.

View 10 Replies View Related

Cisco Switching/Routing :: Port Grouping On 3750 Like On Catalyst 4500?

Mar 27, 2013

On 45XX catalyst , bandwidth is allocated across six 8-port groups, providing 1 Gbps per  port group. Example  for the following line card : WS-X4448-GB-SFP

I want to know if there is the same mecanism on 3750X switches. I mean is bandwidth allocated across a group of ports like on 4500 catalyst ?

View 5 Replies View Related

Cisco Switching/Routing :: 4500 - Dhcp Server On Access Port

Dec 24, 2011

On a 4500 switch port , defined as access vlan 10, if the user connects his own dhcp server ( instead of the normal pc that should be connected ), will it cause issues with my existing network. the existing network is all static ip. In above case, will the dhcp server start looking out and assign dhcp ip's , if a user unknowingly removes his static ip and changes to obtain ip via dhcp option on the lan properties.

View 1 Replies View Related

Cisco Switching/Routing :: 4500 24-port Gigabit Module Being Picky

Jan 7, 2013

We have recently purchased a Cisco 4506 that has several Gigabit Ethernet modules installed.One of the Ethernet Gigabit modules - a WS-X4424-GB-RJ45 - is being picky with who it talks to at Gigabit Ethernet.
 
If I plug a laptop into one of it's RJ45 ports using a Cat 6 cable, nothing happens.  No link light, no notification of link up or down on port statistics, absolutely nothing.If I plug a server into the same port it works fine at Gigabit Ethernet (even using the same Cat 6 cable).I can get the module to recognize a laptop if I fix the speed/duplex on the laptop to 100Mb/Full. I have tried this with other staff laptops from different vendors (HP / Dell / etc.) all with the same result.
 
The module directly underneath this module - a WS-X4448-GB-RJ45 - works fine for both laptops and servers.  We have tried swapping the module positions but to no avail. 

View 9 Replies View Related

Cisco Switching/Routing :: Possible To Configure QoS On 4500 Sup7 On Layer 3 Routed Port

Apr 26, 2013

I want to know if is it possible to configure QoS on a 4500 Sup7 on a Layer 3 routed port like the following example (Similar to CBWFQ on IOS Router)?

View 3 Replies View Related

Cisco Switching/Routing :: 4500 / Layer 3 Port-channel Up But Can't Ping Across Link

May 17, 2012

I configured the interfaces individually at L3 and could ping across each link Example:

4500 Switch 2:            6500 Switch 1
int t5/1                    -      int g3/17                    1 Gig fiber link
tore down config
tried second set of interface
int t6/1                    -      int g8/17                    1 Gig fiber link
 Ping successful

[code]....

View 2 Replies View Related

Cisco Switching/Routing :: 4500 Hardware Failures / Port Stop Providing PoE

Mar 8, 2012

Few days ago I faced a issue in which one of ours 4500 stopped providing poe on some ports in one line card. I called TAC and ran some diagnostics. However, there is a command that I found and it is NOT DOCUMENTED on 4500 reference guide! The command is "diagnostic monitor poe". This command actually detects/recover POE hardware failures! After executing this command, poe start to work again?

View 4 Replies View Related

Cisco Switching/Routing :: 4500 - Single IP Address On Both Sides Of Port Channel

Feb 19, 2013

We have a single 4500 connecting to two non-cisco devices. We need to enable port channelling or link aggregation between these two.The links are carrying mulitple vlans , hence are trunked and the ip address on either side is used for routing.
 
From each of the two non-cisco device, i am taking 2 ports each to connect to the 4500.On each  non-cisco device side, two ports will bundle together as one aggregated interface (ae1) and the other will be called ae2.
 
my query is how do i do the configuration for etherchannel on the cisco 4500 side , as it will need two different Po's( port channels).I need a single ip address on both sides of port channel to be present for routing.

View 2 Replies View Related

Cisco Switching/Routing :: 4500 Sup6E Priority Queue On Port-channel Member?

Mar 18, 2010

I am trying to implement priority queuing (LLQ) on a pair of 10GE links between a 4507 with Sup6E and a 4948 which are configured as an etherchannel. I am unable to configure a priority queue on the 4507.  I am running into the following issues:
 
I want to have a priority queue for voice traffic and specify minimum bandwidth for a critical application. If I configure a class with the priority command it will not let me use the bandwidth command on another class unless the priority class is policed. If I try it without the police command I get the message "bandwidth kbps/percent command cannot co-exist with strict priority in the same policy-map ". If I add  a police statement to the priority class then I don't get this error. 

When I try to apply the resulting service-policy to the physical interface it says "% A service-policy with non-queuing actions should be attached to the port-channel associated with this physical port" and does not add the command to the config. 

If I try to associate the same policy-map to the port-channel rather than the physical interface it says "% A service-policy with queuing actions can be attached in output direction only on physical ports" and does not add the command to the config. 
 
All of the other interfaces on the 4500 are working OK. The trunks have auto qos voip trust configured and access ports are marking the critical application traffic.
 
The 4507 is running 12.2(44)SG1 EnterpriseK9. I don't have the luxury to upgrade blindly to fix the problem unless I can identify a specific bug that is causing the problem.

View 5 Replies View Related

Linksys Wireless Router :: EA2700 Port Forwarding To Remote Access IP Camera?

Feb 7, 2013

I am wanting to access my IP camera over the Internet. I am not a computer wiz by any stretch and after a couple of failed attempts. My ISP is Comcast and they say that I have dynamic dns and should have no issues viewing my cameras. I know how to get to the port forwarding area of the router but am confused as to which ports to forward. The set up instructions for the camera (Airsight) suck. Screen shots of the set up don't match the actual router

View 7 Replies View Related

Cisco Switching/Routing :: Switch Port Auto-state Exclude Command Not Working In 4500

Jun 3, 2013

I have configured a SVI in my 4500 ( Sup 7-E 10GE,,,,,,and,,,,,cat4500e-universalk9.SPA.03.02.00.SG.150-2.SG.bin) switch and it is showing Down Down, because there were no active switch port in the vlan, I added one switch port to this vlan but this port also in the down state, so i added the SWITCH PORT AUTO STATE EXCLUDE command under this port, even after this also the SVI never came up, So i added one systen to the port so both the switch port and the SVI came up...So why SWITCH PORT AUTO STATE EXCLUDE command have no effect in this model of the switch..

View 4 Replies View Related

DLink DIR-655 Router Maxed Out On Allowed MAC Address?

Nov 30, 2011

I use a DLink DIR-655 router but it only allows around 24 MAC addresses to be specified in the filter list of ALLOWED MAC ADDRs. With a few laptops in the family, a game box, NAS, printer, e-readers, smart phones, I'm maxed out. Alternatively, could I daisy chain them to have one handle wireless devices only and another handle wired devices? If so, I could probably dealt with 24 max wireless MAC addresses specified for a while. If there's a better router out there that's not so limited, I'll upgrade.

View 2 Replies View Related

Laptop Connected To Router But Internet Not Allowed

Nov 29, 2012

My laptop is showing that it is connected to the wireless router, but whenever I click on the Internet icon, it will not allow me to connect to the internet.

View 1 Replies View Related

Linksys Wired Router :: E2000 / E3000 - How Many Guest Clients Allowed In A Day

Jan 26, 2011

I would like to put an E2000 in an office where clients are coming and going throughout the day.  When the documentation says that there is a maximum of 10 guest network users allowed (with a default setting of 5) what exactly does that mean ?   I don't want the first 10 guest-clients who come in, connect to the guest network, then leave the office to consume all 10 slots for the day.If I have 50 people that come and go from the office throughout the day who connect to the guest 192.168.33.X network and attempt to enter the password (but no more than 10 guests authenticated at any given time) will all 50 be successful in connecting ?  Or do I have to reduce the Client Lease Time to something less than the default setting of one day ?

View 1 Replies View Related

SNMP Couldn't Make Router Restrict A Range Of Address Allowed To Use A Community

May 3, 2011

I have a XSR-1805 (Version 7.5.0.0) enterasys router here. Got SNMP server to work successfully. The thing is that I couldn't make the router restrict a range of address allowed to use a community. Only 10.1.0.13 is allowed to use SNMP in this case.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved