Cisco VPN :: To Generate CSR From ASA 5520 8.2(5)
Dec 11, 2012
We are already having a True business ID certificate from Geotrust for our SSL VPN on CISCO ASA 5510.this is working fine.
We are now changing our device from ASA 5510 to ASA5520 in failover setup. As we check with Geotrust they are asking us to create a new CSR with same parameters from new ASA5520 device and reissue the certificate from their site.In this context how to create a new CSR from ASA5520 8.2(5). create CSR from ASA 5520 8.2(5)
View 2 Replies
ADVERTISEMENT
Mar 20, 2012
I'm trying to configure an ASA firewall (FW2) for syslog and tacacs and am experiencing strange behavior. Both the syslog and ACS server are on the inside of another firewall (CoreFW). Whenever a log message is generated on FW2 the request is dropped by CoreFW and message '%ASA-4-313004: Denied ICMP type=0, from laddr FW2 on interface outside-b2b to syslog01: no matching session' is displayed. The same thing occurs for tacacs.
It appears that the syslog and ACS requests are generating ICMP echo replies, which the core firewall drops since no session exists on a lower security interface. I have access lists configured on CoreFW to allow the syslog and tacacs requests.
FW2 is running asa825-k8.bin, CoreFW is asa824-k8.bin
View 1 Replies
View Related
May 17, 2011
I have an issue with rme 4.2 from LMS 3.1 When I try to generate a syslog report this shows me nothing. I locate SyslogCollector.log file and I see sometnig wrong.
View 4 Replies
View Related
Sep 26, 2011
I am running CiscoWorks LMS 4.0.1 since 6 months and I wanted to generate today a report about the interface utilization on 2 Cisco switches (Catalyst 3750G). The corresponding job is created, it runs and then i get "succeeded with info" in the "Run Status" column. When I want to click then on the "View Report" link, I get the following error: "Could not generate the report. Either data is not available for the specified duration or the report job failed."
I tried the same procedure with 2 other switches but I have got the same result.
View 1 Replies
View Related
Jan 18, 2013
I'm playing with ipv6 and trying to get a tunnel between two sites working (basically following this example url...
View 6 Replies
View Related
Mar 8, 2011
we have a policy on ACS to disable user account (Internal user identify store) after X days if password is not changed. However, a few days before the password expires, there is no notification for users unless he happens to log in IOS router (tacacs) through console. in other words, if he logs into IOS devices through VTY, there is no notification at all.some users got locked out becuase they were not notified to change password. What setting on ACS 5.2 must be configured to display warning on VTY before password expires?
View 2 Replies
View Related
Dec 12, 2011
I am unable to generate bug summary report in RME. Even I can not generate PSIRT report as well..LMS always gives error "incorrect cisco.com credential. enter correct credential" I have checked my credentials are correct... it gives me error no BTKT:0014..I am using LMS 3.1 attaaching snap shot of my patch level and application version running on LMS...
View 3 Replies
View Related
Dec 8, 2010
I have configured an Cisco 881 router in our lab with netflow commands and pointed to our network monitoring tool and I want to check if the tool can collect valid traffic statistics from this router (eg. utilization). The problem this router has nothing plugged into a production LAN that would potentially generate traffic to measure using this tool.
Is there a way to configure a Cisco router (ex. Cisco 881 router) to artificially generate network traffic to test that I have setup the monitoring tool correct to capture future utilization statistics?
View 1 Replies
View Related
Dec 5, 2012
How to generate a Report for all ur existence Subnet's using LMS 4.2?
View 2 Replies
View Related
Feb 10, 2013
ASA5510, Can't generate RSA keys, so can't SSH. [code]
View 2 Replies
View Related
Apr 14, 2011
I have a WCS server running the version 6.0.170.0. I have already added few WLCs running the version 7.0 to this WCS. It is working fine. And now I have added two new controllers running the version 7.0.98.0 to the existing WCS server. When i add the floor layouts to the WCS and position the access points from the new controllers, the heat map is not generated automatically.
View 2 Replies
View Related
Feb 27, 2012
do we have anything like universal password for cracking through wireless connection?
View 3 Replies
View Related
Dec 9, 2011
Basically i need to test to see where the telephone lines are terminated, because when they where built into the walls the used standard cat5e cable to terminate it to an RJ-11 jack but over in the wiring panel it (i assume it is anyways) terminates to an RJ-45 jack but im not sure if this is really the cable for the telephone or something else, so i have a phone connected to the wall jack and a computer on this end and i would like to send a dial tone or any tone in general that the phone can pickup.
View 3 Replies
View Related
Mar 15, 2012
I have a TP-Link Wireless Router (TL-WR340G) and I use it for both Wired and Wireless connection. I have two desktops that connects to the router through cables and I also have 2 notebooks that connects through WiFi.
Now, I want to know if there is any software that can generate passwords which I can assign into individual PCs that connects with Wifi. For example, Notebook #1 has the password "abcdefghij" and the Notebook #2 has the password "1234567890" and they can both connect to the WLAN.
View 2 Replies
View Related
Nov 23, 2011
We got a replacement ASA 5580 from Cisco. We were not aware of PAK, Is there any other possible to generate Activation key? Can we generate PAK or Activation Key using SO (service order) number?
View 1 Replies
View Related
May 19, 2010
I want to use IP SLA to perform simple up/down monitoring of an IP host and to generate a syslog alert if the host goes down. I have a 2650XM router running 12.4(23) IP Voice IOS. My basic IP SLA config is hown below:
ip sla monitor 10
type echo protocol ipIcmpEcho 10.55.1.1
timeout 1000
frequency 10
ip sla monitor schedule 10 life forever start-time now.
View 7 Replies
View Related
Oct 30, 2012
I want to clear the keys on a 2821 and generate new ones using the command crypto key zeroize command but I don't see this command available as an option. Below is the output of the available options..
ROUTER#crypto key ?
lock Lock a keypair.
unlock Unlock a keypair.
[Code]....
View 1 Replies
View Related
May 19, 2013
I'm supporting a 2504 wireless controller with 3 aps in a health clinic. I'm interested in generating some useful information for the owners of the device such as radio utilization (It'd be really nice if there were some graphs). how I can generate these graphs without SNMP monitoring or something like Cisco Prime Infrastructure?
View 4 Replies
View Related
Oct 10, 2011
I can't seem to find out how I can generate a PCF file for a new remote vpn SW client? I have a VPN Concentrator 3000 series.
View 1 Replies
View Related
Aug 31, 2011
Is it possible to generate a public RSA key of 4096-bits on an IOS router? We are running 12.4(24)T5. Have been going through some cisco doc and found this:
Cisco IOS 4096-Bit Public Key Support in IOS 12.4(11) and later.
However when I issue the command,crypto ca trustpoint exampleCAkeys, rsakeypair exampleCAkeys ?
it only shows me the maximum of 2048. Am I missing something? Currently our root cert has a public key of 2048 and the routers a key of 1024. The goal is to increase the root cert and our routers cert to 4096-bits. If that's possible.
View 6 Replies
View Related
Jun 13, 2013
How to Generate a CSR File to Renew out SSL Certificate on ASA5510 v9.0(2) - ASDM v 7.1(2) ?
View 1 Replies
View Related
Sep 28, 2011
I need:
cisco 2811 IOS CA as server
cisco vpn client + etoken (aladdin) as client
certificate enrollment from cisco vpn client and vpn connection with it works at present, but I don't know how to use etoken with it, how to write the client's cert. to a token.i used this doc:Configuring IPSec Between Cisco IOS Routers and Cisco VPN Client Using Entrust Certificates[URL]in chapter "Certificate Enrollment for the Cisco VPN Client", in section 3 there is a screenshot with an example of a certificate enrollment, where the specified name (CN) as vpnclient, but in section 5 "view the certificate ", common name specified as Joe Smith, etc.where this client's data is obtained? it's not clear to me... how to generate and write a client's certificate on etoken, who uses cisco vpn client with it for connect to server?
View 1 Replies
View Related
Mar 13, 2012
I just find there is no "Crypto key generate" command line in my Catalyst4506-E with cat4500e-universal.SPA.03.01.01.SG.150-1.XO1.bin image. Is there any other command I can use to enable ssh access? this command is always able to use on other catalyst switch like 3750X.
View 4 Replies
View Related
Oct 3, 2012
I have a pair of ACS appliances running 5.1 code. The appliances are set up as a replicated pair. I have valid local and trusted certificate authority certificates on the primary.
The trusted certificate authority certificate gets replicated to the secondary. Obviously the local certificate doesn't get replicated. I need to generate a certificate signing request on the secondary but it doesn't seem to allow you to do it.
View 1 Replies
View Related
Dec 19, 2012
Right now the Self-signed Certificate on my RV180W generates errors as it was issued to the MAC address instead of the current IP address. Need instructions on Generating a Self-Signed certificate (or 1 from my Windows Server 2012 Certification Authority) that will eliminate the constant barreage of certificate errors I get when trying to access the management interface of my device? the internal domain is mythos.local, netbios name of MYTHOS, and the device name in question is surtur.
View 2 Replies
View Related
Jul 4, 2012
I faced with strange behavior of Cisco 2901.I strat ospf process on router, do some ospf manipulations and than turn off ospf with
R1(config)#no router ospf 1
But after that when I start to change my config: shut/no shut interfaces I see OSPF debug messages
R1(config-fr-dlci)#interface Serial0/0/0.5 point-to-point
R1(config-subif)#sh
R1(config-subif)#
Jul 5 12:33:13.004: OSPF EVENT Se0/0/0.5: Route adjust
R1(config-subif)#
R1(config-subif)#
R1#sh
Jul 5 12:34:15.076: %SYS-5-CONFIG_I: Configured from console by consoleip pro
R1#sh ip protocols
*** IP Routing is NSF aware ***
How it can be? Thereis no OPSF process on R1.
View 6 Replies
View Related
Dec 16, 2010
As of late, I've been pretty unsatisfied with my WRT54GV6 with DD-WRT. It just can't handle the amount of traffic that my network generates now. I was considering building an Untangle or pfsense box and wanted to know if drivers or performance were an issue.
Foxconn R20-D2 Intel Atom D510 Intel NM10 Intel GMA 3150 Barebone
PQI POWER Series 2GB 240-Pin DDR2 SDRAM DDR2 800 (PC2 6400) Desktop Memory Model MAD42GUOE
Intel Pro/1000 MT Dual Port Server Adapter Gigabit NIC
View 19 Replies
View Related
Feb 10, 2013
I recently rebuilt the configuration of our Cat6500 multilayer device for use as a user stack. The device is funtioning as it should be, but I am unable to set SSH using the 'crypto key generate rsa' command. The crytop command isn't avaiable at all, which suggests a firmware issue.
I have configured a hostname and Ip domain-name and the image is the only one available.
The show version output is listed below.
show verCisco Internetwork Operating System SoftwareIOS (tm) s72033_rp Software (s72033_rp-IPSERVICES_WAN-VM), Version 12.2(18)SXF12, RELEASE SOFTWARE (fc2)Technical Support: [URL] Copyright (c) 1986-2007
[Code].....
View 2 Replies
View Related
Dec 25, 2012
Region : Brazil
Model : TL-WDR4300
Hardware Version : V1
Firmware Version : 3.13.23 Build 120810 Rel.44064n
First of all, by connecting the router to my desktop through wire, it doesn't generate any IP address, except for 169.254.x.x.. I already tried configuring the IP to static mode, but nothing changed, I can't even access the router's interface, however, if I try the same thing (connecting the router through wire) with my notebook and netbook, I get the IP without any problems.
The second problem is related to the wireless connection. When I try to connect my smartphone (Motorola XT860) I get the IP normally and supposedly internet connection, however the connection only lasts for a few seconds, after that I am incapable of accessing even the router's interface (again). If my smartphone stays connected to the router, nothing else works even for other connected devices, but when I disconnect my smartphone, all the other connections resume as if nothing happened. I already tried changing the Beacon Interval, the Address Lease Time, and so on, but nothing has worked.
View 14 Replies
View Related
Nov 2, 2012
We were using ASA-5520-K9 with ASA-SSM-AIP-20-K9 but recently found some hardware problem in our running ASA. Now cisco want to replace with ASA-5520-K8.
View 1 Replies
View Related
Jan 31, 2011
After having a hard time getting the VPN back to default, I logged into the ASDM and reset to factory defaults. After it reset, I logged in via the management port and configured everything to work. When I clicked on "apply", it gave an error saying that the inside interfaces, g0/1, IP address is on the same network as the management interface. When the ASA restarted, I am now unable to get into the unit via the management port or the inside interface.
I had set the management port to 10.0.1.254. WHen I connect an ethernet cable to it and place my mac on the the same network, I can ping the management interface, however I cannot SSH, Telnet or ASDM into it.
Here is the big problem, I don't have a console/rollover cable to connect to the console interface. Is there another way I can default the box? Maybe via the reset button on the back somehow? Or, is there a way to figure out the ip address of the inside interface? I'm assuming, since it did not take the IP I set, that it defaults to something right?
View 17 Replies
View Related
Jan 26, 2012
I cannot seem to ping between devices on two networks hanging off a 5520 unless I use the same-security interface command. I have the relevant ACL's set up between the interfaces, but it just doesnt work unless I have that command in - if I use that command, it bypasses the ACL.
Config
interface GigabitEthernet0/0.224
description NMS
vlan 224
nameif NMS
security-level 100
ip address 10.11.120.225 255.255.255.240[code].....
View 8 Replies
View Related
Jul 31, 2011
We are attempting to implement an ASA 5520 with a new ISP. Based on the limited routing needs, I believe we can use it as the router as well. I am familiar enough with routers, but the ASA is obviously a different thing.
The setup looks like:
ASA Version 8.2(1) !
host name Cisco
interface GigabitEthernet0/0description Internet name if Outsidesecurity-level 0ip address 69.XX.46.1 255.255.255.252 !interface GigabitEthernet0/1
description DMZnameif DMZsecurity-level 0ip address 69.XX.56.1 255.255.255.240
!interface GigabitEthernet0/2description Localnameif Insidesecurity-level 15ip address 10.0.XX.XXX 255.255.252.0
[Code] .....
1) Outside 0/0 connects to MRV from service provider (Public)
2) DMZ 0/1 connects to outside switch with servers (Public)
3) Inside 0/2 is LAN (Private)
A) Based on a completely default config and aside from setting the routes to send traffic from inside to outside, and outside to DMZ, what is the next step?
B) What should the interface security levels be, I am unsure what they should be or why...?
Based on the initial config with interfaces set as above, I cannot move traffic through.
View 5 Replies
View Related
