Cisco VPN :: Running ASA 5520 As A Router
Jul 16, 2012
we have a situation that we need to run ASA as a router. we have two sites connected via a private p2p link, we also have ASA5520 in each site and we have L2L IPsec tunnel over Internet, we want to failover to IPsec over Internet pipe in case p2p link fails. With BFD/OSPF this design works at L3 level. But we have problem to keep existing TCP connections when failover happens, the reason is, I believe, when ASA sees a new connection coming in without seeing SYNC flag in the packet, it will not create a connection entry and drop the packet unless a new connection is initiated from either side. So my question is, is there anyway I can configure ASA to behave more like a L3 device, ideally to turn off L4 checking for IPsec traffic?
View 4 Replies
ADVERTISEMENT
Sep 20, 2011
I have an ASA 5520 running, user web trafic, incoming VPN and systems NAT for DMZ services. Nothing new for a standard firewall. I have upgraded the memory in it to 2GB, per Cisco so that I could install and run IOS 8.41. I have uploaded the both the IOS bn image and the ASDM 645 image and set it as the primary boot file. When I reload the ASA, everything boots fine, no errors and all traffic appears to be working fine.But here is my problem:ALL the previously configured VPN sessions will connect to the ASA and show that they are passing traffice (TX and RX increments through the monitor) but if I try to access a device on the other side of the VPN or they try to access services in the corporate network, the connection fails. Ping works, So I know I can reach the devices and the tunnel has been correctly created, but nothing else, . I did not change anything in the configurations for the VPN connectors.But, if I reload the ASA with the 8.21 version image, everything works just as before and all connections are good.
View 3 Replies
View Related
Feb 28, 2011
I have a Cisco ASA 5520 running 8.2.2 with the VPN Plus license. I am wondering what is the max number of sub-interfaces you can have on a physical interface. I know on the 5505 it was 20 sub-interfaces if you were running the Security Plus license. What is the magic number for the 5520. I have hit 20 sub-interfaces on gi0/1 interface and now I am starting to run into problems with sub-interface #21.
View 1 Replies
View Related
Jun 3, 2012
The customer forgot the password for the ASA SSM-20 ips module installed in ASA 5520 Fw.show module in customer FW shows it up state. I brought it to our office teat bed. here it show
ASA1# sh module
Mod Card Type Model Serial No.
--- -------------------------------------------- ------------------ -----------
0 ASA 5520 Adaptive Security Appliance ASA5520-K8 JMX1022K03A
1 ASA 5500 Series Security Services Module-20 ASA-SSM-20 JAB101003C2
Mod MAC Address Range Hw Version Fw Version Sw Version
[code]....*-
what to do with this module in my test bed.I have to take it back to the customer site to use it in their ASA itself to troubleshoot.There it the status is up and i did use all the hw-module option but no use. The version is 5.0. This module is more than 5 years old and so far no one upgrade the image. ASA 5520 running 8.2.5.
View 8 Replies
View Related
Jan 30, 2012
I am trying to setup an active/standby failover with 5520's running 8.4(2) and am having problems with it not dropping connections during the failover. I am using a portchannel from the switch to each ASA and using sub-interfaces off that. I'm using the command Failover mac address Port-Channel1 “mac-address on primary Port-Channel1” “mac-address on standby Port-Channel1”.The command goes through but doing a show interface port-channel1 doesn't show a change in the mac address on the secondary unit after a failover when it becomes active.
View 3 Replies
View Related
Jun 22, 2011
I am trying to figure out how to create an etherchannel with sub-interfaces on an asa 5520 running 8.4.1 code. It doesn't seem to allow me to configure any type of sub interface on the port-channel or anywhere else once I create it.
View 4 Replies
View Related
May 23, 2013
What are the possibilities that exist for running a site to site vpn in our environment with the following infrastructure Cisco ASA 5520 - running on a multiple context mode
-Cisco 3750 switches
-Microsoft TMG
I believe these options are limited in terms of providing end point for VPN.Is there a VPN module that we can buy for 5520 to run IPSEC VPN?
View 2 Replies
View Related
Jun 11, 2013
I have 30 switched in my corporate network it’s all up and running all switches running by default configuration and connected to WS-C4506 core switch our dhcp server pooling 192.168.100.1/27 network. Now we need to configure new Vlan for finance department this department has more than 200 users. If my server distributes 192.168.200.0 range ip can vlan2 automatically assign ip 200.0 addresses to finance department.All switches running default config no ip address assigned.
View 9 Replies
View Related
May 7, 2013
I need to replace an existing ASA 5540 with a new ASA 5525X. I would like to pre-stage and configure the new box with the existing config, migrate license and export certificate files before swapping it with the old one during a change window. The new firewall will run 9.1 on deployment. Now the same 7.2(4) cannot just be copied over to 5525X running the minimum 8.6 version. There is a Web based tool available at [URL] according to Cisco documentation but the page does not load for me (Cisco intranet only tool ?). Is there another tool for automatic conversion ?
View 3 Replies
View Related
Aug 28, 2012
I have an existing 1800 router that is using NAT and VPN to HQ. I now have a new ISP provider and so now i need to chane the Fastethernet1 IP address. I know how to do that but what else do I need to change to make everything continue to work?
View 10 Replies
View Related
Dec 19, 2010
Can I delete the running IOS from flash on an operational 3845 router to make room for the newer version? The flash isn't large enough to hold two versions. Doesn't the IOS get loaded and run from NVRAM? I don't want to take down an operational router but may have no other choice?
View 3 Replies
View Related
Feb 28, 2013
I'm trying to run the ISM-VPN-29 in a 2901 router. Cisco says that the SECK9 and HSECK9 licenses are needed to operate this ISM. However, they also say that the HSECK9 license is not available on the 2901. I'm running the SECK9 license but it's still not working.
This link, table 5 states that the HSECK9 feature license is for 2921 and 2951 only:[URL]This link states that it is a requirement to run the card, and also that the card works on the 2901:[URL]
I am running 15.3(1)T IOS.
View 3 Replies
View Related
Dec 18, 2012
I have just been reading an old post about running a Slave Router off of a Primary Modem/Router. That all makes sense for the setup side of it. My question is about open ports for devices connected to the Slave Router.. For example, I have certain ports open on my PS3 for playing Call of Duty online. Will all of the traffic for these ports simply flow through the slave router or do I need to open up all the same ports on the Slave Router?
View 3 Replies
View Related
Feb 26, 2013
I want to know if I can plug a HWIC-1F on a cisco 1941 router without shut it down?
View 1 Replies
View Related
Mar 24, 2012
We have 3 Cisco RV042. These were purchased to permit VPN from two branch offices to our head office. VPN is required to permit the two branch offices to use Avaya IP phones to connect to our main head office switchboard.We also have users on Blackberry and Apple iPhones to collect their mail through OWA from our Exchange 2010 server.
I've noticed in one of your threads that the RV042 routers configured for VPN do not permit the use of HTTPS to connect to OWA and that seems to be the problem for us. Since installing the VPN our OWA access is not possible.
What can I do to resolve this problem and what router would you suggest that I could use at the head office to enable the two branches to connect VPN to head office? And if there is a suitable router, would I need to replace all three?
View 1 Replies
View Related
Feb 13, 2012
I am not able to connect a laptop running windows xp to my new Cisco E4200v2 router; no trouble connecting to laptop with Vista or to desktop running Windows 7.
View 1 Replies
View Related
Oct 16, 2012
I am looking at running MPLS from from one datacentre to the other (we have a layer2 interconnect and can run jumbo frames) I need about 70 access ports (each in a seperate VRF) at the new datacentre
I am looking at :
2x 6503'-Es with sup720-3B and a 48x port linecard
or
2x 7201 router with 2x 2960-S layer 2 access switches.
View 1 Replies
View Related
Jan 4, 2012
I have the Netgear 4000 as primary router and I want to connect my second router WRT54GL running tomato firmware to my network.
View 2 Replies
View Related
Dec 24, 2011
I've gone through a couple modems, only possible reason I can think this is happening, but I don't know for sure if it could be a factor. Anyway, it seems my router is running two... networks? I've reset my router, set up my wireless network, configure the SSID name, password lock it, but there still appears to be a "Linksys" network running with no password. I'm afraid it's being used by someone else, seeing as it's free wifi. I've reset my router a couple times and set up my wifi and this linksys still appears to be running. The reason why I feel it's mine is because one night our net went out and when my brother attempted to log onto the linksys, its net wasn't working either. When our net came back up, the linksys was running with working net once more. It seems like too much coincidence to not be true. I'm really not sure what is causing this and I've never experienced this before.
View 1 Replies
View Related
Apr 4, 2013
I purchased an EA6500 router on March 1 2013 – since then my wireless network has became very unreliable. The network runs fine for a short period of time then it gets extremely slow. I constantly have to reboot the router to see better performance. When I run the built-in router speed check, it shows that I am getting 20 Mbps for downloads which is what I expected to see and then as time goes on, the speed goes as slow as 1 Mbps for downloads. I finally had to go back to my very old Linksys WRT54GS router to have a stable network again. I called Linksys customer support and they want to charge me a fee to diagnose the router that will only be refundable if they find any issues. I find it completely unacceptable to have to spend more money for an item that is only a month old that will probably show no issues when they run their diagnoses since they had me reboot the router while I was on the phone with them. I want to warn others not buy this router especially when the company cannot stand behind their product that is only 34 days old!
View 2 Replies
View Related
Jun 3, 2012
My network consists of a Hughes 7000S modem and Linksys WRT55AG Router. My Windows 7 desktop is hardwired to the router while my wife's Vista computer is connected wirelessly.I recently had to reset the router. When I tried to change the router's password from the familiar "Admin" to a WEP code, the change was never made, although I clicked on "save settings". This has been a persistant problem. I solved this by clicking on "Administration>Management" and entering my own code, however, this has never been necessary before.I am also getting inconsistant "DNS errors". It appears erroneous addresses are being generated.I've downloaded and installed updated firmware.This Linksys router uses WEP security.
View 6 Replies
View Related
Feb 5, 2013
I can't run the setup cd on my mac running OS 10.8.2.
View 2 Replies
View Related
Oct 31, 2011
I set up the router in our office and all is working well. BUT, when I have to FTP from my pc to our web server wich is at a typical web hosting company, now we are having time out issues, stalls, an closed sessions.Our server company checked everything and all is clear. I can FTP from outside my office (home) with no issuies at all. So this leads to the E3000 causing the issue. Simply everythign worked on Thursday, we installed on Friday and now we have the issue.
View 3 Replies
View Related
Feb 13, 2012
I cannot get a laptop running Windows XP to connect to the new household Cisco E4200v2 router. No trouble connecting laptop running Vista or desktop running Windows 7..
View 2 Replies
View Related
Jul 28, 2012
My issue is that when trying to run the setup software for my new cisco 4500 router, an error message comes up which states that the new mac operating system 10.8 aka mountain lion is not supported. so now i had no choice but to leave my network unprotected as i cannot run setup. I was just wondering if there was another method by which i can configure the router without running the setup cd.
View 3 Replies
View Related
Mar 19, 2013
I am having 2911 router running with C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M5, RELEASE SOFTWARE (fc1)IOS and i have configured the following commands for eigrp
-router eigrp 100
-network 10.20.0.0
-no auto-summary
It takes all 3 commands but when i check through show run command i am not seeing no auto-summary command.
View 5 Replies
View Related
Sep 23, 2011
Apparently the setup cd does not work with Mac OS Lion. Anyone else out there is using this router on a Mac running Lion...if so, how did you set up the router.
View 3 Replies
View Related
Jan 11, 2012
Just picked up the E4200 and used Cisco Connect to install. Wanted to know a few things?
-Windows 7, 64 bit
-E4200 router
-AE2500 adapter
1) How can I tell if its running at optimal configuration?
2) Before with my previous router (netgear) I didn't see my router in Device Manager. Now its under Network Infrastructure Devices. It lists the name of my router, under that it lists Microsoft Wireless Router Module??
3) Before with my previous adapter (belkin) I would see my Network Adapter in Device Manager. I see my network adapter listed, under that Realtek PCI (LAN), but now there is another new device? Microsoft Virtual WiFi Miniadapter??
Why are these Microsoft devices showing in Device Manager? Did they not get installed correctly?
View 2 Replies
View Related
Feb 20, 2012
Running an E4200 with Mac OS X Mountain Lion?
View 3 Replies
View Related
Jul 4, 2012
I would like to know on what frequency band running Linksys EA4500 for 5 GHz because in Israel only allowed frequencies from 5150 to 5350 MHz.
View 1 Replies
View Related
Dec 18, 2011
I am unable to connect both of my smart phones to the access point. I am using WPA2 encryption on the AP. I can connect my phones to other AP's using WPA2. I have other devices that connect to the AP except my Android phones. I would like to be able to get some debug logs except the web interface says that the logging fictions are disabled when in bridge mode. Cisco/Linksys tech support: Any troubleshooting tips other than resetting the access point and or reflashing it.
View 4 Replies
View Related
Feb 16, 2012
Can't get my computer to recognize my wireless Dlink DIR615 Router. It accepts the password and connects to the router but not the internet
View 2 Replies
View Related
Sep 26, 2011
Is it possible to insert a Netgear wireless router b/g 108Mbs into a running 2008r2 network, making it a slave to allow wireless access?
At the moment the menu is only accessible thru 192.168.0.1, but I need to have it visible as a device subservient to 10.151.48.1? If this is possible, I can set it up to do a SSID broadcast for wireless access?
View 9 Replies
View Related
