Recommend a low-cost Cisco-branded router/firewall for a clinic with perhaps 10 user workstations? We're looking for something that will support attaching a static VPN to a data center.
Currently we're using a Cisco RV082 in our office, but there might be a device which is more appropriate for the next office we connect to the data center. On the data center side we're using a Juniper SSG5.
I have an ASA5505 where vlan1 (inside) and all associated ports (e0/1 - e0/7) are down. Workstations on vlan 1 are online and working. Vlan2 (outside) is up and running normally. I tried to shut/no shut on the vlan. I also rebooted the firewall. No change. Why vlan1 is down?? I've attached some config info and some troubleshooting.
View 5 Replies View RelatedI'm completely illiterate with Cisco appliances but I'm taking care of an ASA 5505 that is configured as a firewall and it has been working for the last years. All of the sudden we are experiencing intermittent connection problems from the workstations. You can be browsing the internet and suddently you'll get a server not found error but you refresh it and it works. This is also intermittent, out no apparent reason it will start working normally again.
I am seeing a bunch of errors like this in the logs:
4 Mar 25 2013 14:34:49 106023 66.235.119.5 69.70.15.61 Deny icmp src outside:66.235.119.5 dst inside:69.70.15.61 (type 8, code 0) by access-group "inbound" [0x0, 0x0]
[Code].....
I have been asked by a client to restrict access to a number of non work related sites. Easy, blocked them using Firewall> Content Filter. Then I was asked to disable this filter for one user (the Managing Director) so he can access eBay.
I am familiar with doing this on a Netgear device, but so far my efforts with the RV082 have failed.
First I have tried using DHCP to reserve an IP address for this user, then setting 'Access Rules' so that this IP has all access all the time, but this does not appear to work.
I assume setting this IP as the DMZ would achieve what I want but it seems like overkill and not very security wise.
We are using an ASA 5510 and remote access (SSL VPN) using the AnyConnect client.
Is it possible to display a user message when a user connects using the AnyConnect client, matching a specific dynamic access policy? Can the message be displayed when the action is "Continue" rather than "Terminate"? I can't seem to get this to work and wondered if there was a LUA function to do this.
We have a DAP which gives a restricted ACL when the user's anti-virus is out of date, and I wanted to notify the user to update their anti-virus and reconnect.
I want to create a local user in my Cisco ASA 5520 to allow the user to use the ASDM in Read-Only mode. I want the user to view the Dashboard only.
View 1 Replies View RelatedI'm owner of Cisco RV082 router and I have a problem with firewall setup.I would like to deny internet access on port 80 (all sites) for group of users, and allow them internet access for one site by HTTPS (443)After applying rules internet connection is really slow.. Users have to wait something like a 30 sec for a website..I descovered that the reason for slow internet connection is DENY rule. After disbling DENY rule everything works fine..Now I have a few rules added to firewall:
Priority:1 Action: Deny Service: HTTP(80) Source interface: LAN Source:10.82.0.51-10.82.0.245 Destination: Any
Priority:2 Action: Allow Service: HTTPS(443) Source interface: LAN Source: 10.82.0.51-10.82.0.245 Destination: 80.64.59.42
What's wrong with those firewall settings?
RV082 - 1.3.2 I need to have RDP and pcAnywhere enabled to a customer site for remote support, but need to limit the incoming IP ranges to only our offices. I have the port forwarding set up and tested working. I then set up rules to deny all traffic on the needed ports and added rules to allow a few IP ranges from our office locations. I even tried a rule allowing all traffic from our main office but that also failed to allow RDP or pcAnywere connections.Now I can no longer connect from any of our remote offices. I followed the limited instructions that I found in another post but its not working.
View 1 Replies View Relatedi have a Cisco Rv082 with Firmware v4.0.4.02-tm (Jul 4 2011 13:30:56)I have configure WAN1 with a public IP and netmask 255.255.255.252. (Only one public IP in use) Internally the LAN is a 192.168.169.0/255.255.255.0.I need to add some rules like
Service: HTTP
Interface: WAN1
From: ANY
To: 192.168.169.2
But after rule configured the connection still not working, it only works when I add a port forwarding.For HTTP maybe port forwarding is OK, but other services I need to grant access to a specific public IP address, not to everyone. So I need the Firewall rule, but is not working, it always block the request. [code]
adding/removing/re-adding a workstation to a domain and Active Directory. We use DHCP at work for our addressing scheme. The problem I had when naming a new workstation the same as the one I am replacing on the domain was that I noticed the new pc with that same computer name as the previous pc was still trying to use the IP address that was assigned to the workstation before by dhcp, so the new workstation was not showing it assigned an IP address. I would try pinging the computer name but there was no reply because it was still showing the ip address of the computer disconnected that had the same name.
- remove the faulty workstation from the domain to workgroup, then restart
- then from Active Directory do I need to reset the Computer name
- then do a ipconfig /release on faulty workstation that has been removed from the domain to release the leased ip address in dhcp
- then disconnect the faulty PC and connect the PC I am using to replace the previous PC
- Name this workstation the same as the one I just disconnected and removed from the domain
-Add this PC to the domain and restart
You are appointed as a system administrator for a large company which has its own computer intranet hosting 150 workstations and around the same number of users. Write few points explaining the roles you would expect to take on as part of your new employment in terms.
View 2 Replies View RelatedI had when naming a new workstation the same as the one I am replacing on the domain was that I noticed the new pc with that same computer name as the previous pc was still trying to use the IP address that was assigned to the workstation before by dhcp, so the new workstation was not showing it assigned an IP address. I would try pinging the computer name but there was no reply because it was still showing the ip address of the computer disconnected that had the same name.
View 2 Replies View RelatedI have an office server set up to about 10 computers. We hired 4 new people and had to set up their computers on our network. Set up was easy and quick as usual. But when I was done, the other computer users, and even the new ones were complaining about not being able to access the DEFCON5 (name of our server) folder to get what they needed.
Basically the only workstations that show up when I click Network are the computers I added the other day, and the computer that is used more than any other computer (the CEO's). We can still access the files by typing the location as \DEFCON5****** and find what we need. But not everyone at my office is computer savy (no body is) and I would like to not have to keep running around and showing everyone this.
I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:
[Code].....
I have a RV082.I need to disable the firewall, since firewalling is done better elsewhere.However disabling firewall Remote management on wan ip is forcefully enabled.I don't need Remote management, keeping it enabled is a security risk for my setup.I don't understand the rationale behind the choice to forcefully enable remote management if firewall is disabled.Is there a way to disable both firewall and remote management?Or at least a workaround?
I'm on firmware 2.0.0.19-tm on a probably v2 hardware. (Cannot find this info in the web configuration).This is not the newest even for v2 hw but I cannot afford to break it trying to upgrade the firmware.Moreover no release notes for firmware releases refers to a correction of firewall/remote management behavior.Is this behavior also in newer firmware releases?
Recent incountered an issue with our elastix pbx and packet loss. Noticed this morning that when I turn on the firewall on our RV082, packet loss begins around the level 3 servers I see in my traceroute, and then slow spread out to all hops. When I turn the firewall back off, all hops have no packet loss or less than 1%. The weird part is, previously, I had the firewall enabled, and never had this issue.
View 2 Replies View RelatedWAN1 <-> LAN traffic
WAN2 <-> LAN traffic
WAN1 <-> WAN2 traffic?
Say, it is set DISABLED, what is / isn't blocked?
It reads: Multicast Pass Through IP Multicasting occurs when a single data transmission is sent to multiple recipients at the same time. Using this feature, the Router allows IP multicast packets to be forwarded to the appropriate computers.
At the company I work for, there are a few "network drives" to which employees are given access so that any mutual file stored thereon may be shared between and edited on demand. Not the best model, I know.Went to the server room a few minutes ago and found that "network drives," (P:), (L:) and (M:) seem to be invisible. Back at my workstation, I opened My Computer and saw all three on my screen.
View 3 Replies View RelatedI have an office server set up to about 10 computers. We hired 4 new people and had to set up their computers on our network. Set up was easy and quick as usual. But when I was done, the other computer users, and even the new ones were complaining about not being able to access the DEFCON5 (name of our server) folder to get what they needed. Basically the only workstations that show up when I click Network are the computers I added the other day, and the computer that is used more than any other computer (the CEO's). We can still access the files by typing the location as \DEFCON5****** and find what we need. But not everyone at my office is computer savy (no body is) and I would like to not have to keep running around and showing everyone this.
View 1 Replies View RelatedWe are having several workstations that are momentarily losing connection to our Windows Server 2008 machine that hosts their Documents etc.It seems like a momentary disconnection and not everyone has complained although I'm guessing that unless you are trying to locate a file etc at that moment you might not notice.Here is the error message I see in the event logs on the server:
-Source: srv
-EventID: 2012
-Level: Warning
While transmitting or receiving data, the server encountered a network error. Occassional errors are expected, but large amounts of these indicate a possible error in your network configuration. The error status code is contained within the returned data (formatted as Words) and may point you towards the problem.So, where would you guys start with something like this? Either my HP Procurve 1800-24G doesn't have much in the way of error logs, or I don't know where to look.Would you start with changing port on the switch, changing network cable or do you think it's more likely to be something on the server itself?
I have a WRV210 router setup with WPA personal-AES encryption...SSID is turned on. The issue is that workstations lose connectivity to the internet and to a mapped network drive on the server. When this happens I find that the wireless status shows "connected", along with excellent signal strength. It never happens when logging on, just after so many minutes. The simple remedy is to repair wireless connection but we would like to not have to resort to this behavior every day. Further, I found that within the repair connection sequence that deleting the address resolution protocol table, brings the internet and the ability to access a mapped network drive back. I even used a program called arpfreeze to assign static ip's to the arp table and I still had to repair wireless connection. It does not matter where the workstations are placed, whether sitting 50 feet away or 5 feet from the router, the workstations lose the ability to access internet and mapped drive while showing "connected" and excellent signal strength. Otherwise, we are looking at running ethernet cables through the building (Not easy).
View 5 Replies View RelatedWe have a number of sites running Cisco 881 routers. A few of the sites are connected by IPSec VPN tunnels that have been configured using Cisco CCP without any issues until now. On one location I can ping from a workstations on Site1 to Site2, however I cannot ping from the same workstation on Site2 back to Site1.
Here is a strange behavior. If I have a continuous ping going from Site1 - Site2 and then start a continuous ping from Site2 - Site1 then I get a response until I stop the ping from Site1 - Site2. Site 1 has approximately 5 successful tunnels with absolutely no issues.
Here is some site specific Info:
Site1
Cisco 881 running Version 15.0(1)M7
crypto isakmp policy 1encr 3desauthentication pre-sharegroup 2crypto isakmp key ThePreShareKey address XXX.YYY.ZZZ.232 crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel toXXX.YYY.ZZZ.232set peer XXX.YYY.ZZZ.232set transform-set [code]......
Site 2
Cisco 881 running Version 15.2(3)T1
crypto isakmp policy 2encr 3desgroup 2crypto isakmp key ThePreShareKey address TTT.UUU.VVV.224
[code].....
For additional troubleshooting I established a VPN tunnel from Site2 to our office Site3 with no issues at all. Site3 happens to be one of the VPN tunnels that connects to Site1 with no issues. I have seen a number of articles on this on the net and gone through the troubleshooting steps of an article such as [URL]. The tunnel is confirmed as up when I have done all my troubleshooting.
Hardware: RV082 V03
Firmware: RV0XX-v4.2.1.02
Lan: 192.168.1.0/255
Static routing: 192.168.1.239 to 172.25.152.64/224
The unit is configured as internet gateway. 4 NAT ports are active. When firewall disabled all works fine. When firewall enabled I do get connection lost at random interval. In firewall only 4 rules added to the default 3 rules. The added rules are:
1/ permit 192.168.1.22 port 25 to any
2/ permit 192.168.1.27 port 25 to any
3/ permit 192.168.1.10 port 25 to any
4/ deny any port 25 to any
I do get at random times connection lost when navigating with windows explorer on a PC with IP 192.168.1.x to a share on a PC with IP 172.25.152.74. The same happens when copying files. Sometimes it works, later it fails or reties are needed. When the firewall is switched off all runs fine.
Ping from 192.168.1.x to 172.25.152.74 allways give a <1ms response
Is there a RV082 perfomance problem or do I have a configuration problem?
Under Service in Win NT 2008 server, how can I remove the auto-shut down task schedule for all students' computers in the classrooms. It always popup a message box at 5:30pm - "auto shutdown" in all workstations (win xp). How to remove that from "service" and not affecting the server to shutdown? Click where to disable/stop it?
View 2 Replies View RelatedA user needs to be allowed through the Cisco ASA 5505 firewall to make a VPN connection to 83.1.**.** address on port 1723.
View 13 Replies View RelatedWe are using ASA 5510 Version 7.2(4) at our organisation. The requirement is we need to give an access to a user with limited access so that he can run only specific commands on configuration mode. We don't have Cisco TACACS server instead of that we are using a microsoft radius server.
View 6 Replies View RelatedWhat the user specification with the asa5505 means.there is a 50 user and an unlimited license with the asa5505. with 50 user does this mean that only 50 user can work simultaneously over the asa, or what?
View 10 Replies View RelatedWe currently have one Cisco ASA 5510 firewall at our mailn office. Our firewall does not let users access the internet. We currently have a web proxy that lets users access this. I need to let users access one website through the firewall without going through the firewall. I believe this is possible if I use dynamic NAT.
View 1 Replies View RelatedWe've just replaced our Fortinet Firewalls with 5525's but are struggling to get a feature working that worked great on the Fortinet firewall.All our users use a proxy for internet access that's configured in IE but from time to time some users need to remove this proxy and go directly out to the internet, with the Fortinet devices we created a rule right at the bottom of the inside access out rule that had it authenticate users via TACACS which worked a treat and could be used from PC or laptop. We want to do a similar thing on the 5525 and I thought the Authenticated user would give me this access but I don't seem to be able to get it to work. I've got the AD side of it working fine the ASA can pull user and groups from AD but I'm struggling to get this working for a user.
View 3 Replies View RelatedCan a pix 501 firewall VPN be created with a 10 user restricted license? It seems impossible to get an answer because Cisco's black mailing EOL policy.
View 18 Replies View RelatedI have a 20/20 MB circuit and an ASA 5510 and I am able to setup policing were the interace gets 512k down and 128k up so when I conduct a speed test with one user I get 512k and 128k and when I conduct a speed test with two users each gets 256k and 64k. [code] What I want to happen is that each user gets 512k and 128k until a saturation point is hit and then I want the ASA to slow all users down equally.
View 1 Replies View RelatedWe have an ASA 5510 version 8.3 (2) that we accept VPN users via a radius server. Is there a way to lock down a specific user that connects to the ASA as a SSL client or IPSEC VPN user? If the specific user were to connect to the ASA, we would want the user to have minimal to not access to our system.
View 1 Replies View RelatedIt seemed that show vpn-sessiondb ra-ikev1-ipsec will not provide the client type of the remote vpn user as show vpn-sessiondb remote did before.
Is there a way to find it out on ASA running 8.3?