Cisco VPN :: Tunnel Failure On 3945 Routers Running 152-4.M1?
Mar 12, 2013
I'm experiencing a failure on headend 3945 routers with VPN tunnels to remote 2901 routers. Essentially, a tunnel a a 3945 will go down/down although the tunnel on the remote router indicates it is up/up. It happens intermittently and I am not seeing anything in the logs, other than the tunnel goes down. This seems so much like an IOS bug, but I can't find anything specific in caveats on this version of code.
View 12 Replies
ADVERTISEMENT
May 20, 2012
I'm having with my VPN Server on my Cisco 2621xm.
I started by creating a VPN - everything worked great. I assigned the DNS Servers, Domain name, WINS Server so when I connect I'm able to resolve local hostnames on the network with no problem, however I couldn't connect to the internet. I then set up a split tunnel access list. Since I've set that up, I'm now able to ping internet based addresses (www.google.ca), but no longer able to resolve internal host names. I can ping the ip addresses, just name resolution no longer works.
View 1 Replies
View Related
Dec 11, 2011
I have an ASA running 8.4(2) code.
I have been trying to get a VPN tunnel established between this device and a Checkpoint R70 firewall, but have been getting nowehere.
The settings are:
Encap: ESP
Encryption: AES256
Hash: SHA1
DH: Group 2 (1024)
Authentication: pre-share
lifetime: 1440 min / 4096000 KB
I can open the tunnel from the ASA to the Checkpoint, but the Checkpoint cannot open a tunnel with the ASA. It looked like the issue originally was the KB timout which was turned off on the Checkpoint side. They have since added that (4096000), but we are getting Phase2 failures.
How to create a tunnel between an ASA running 8.4(2) and a Checkpoint R70?
I am beginning to think that I have incompatible systems Is it a PFS issue? If so, how do I enable that in the policy section?
View 1 Replies
View Related
Feb 13, 2012
I have 2 Cisco routers 3945. Use HSRP for links failover. Does exist any possibility (any protocol) which makes routers configuration's automatic synchronization (as failover for ASA firewalls)? I mean, if I will make any configuration changes on the Active router, automticly will taken this changes by the Standby router.
View 3 Replies
View Related
Aug 7, 2011
We have ASA 5540. We setup Site-to-Site VPN and Remote Access VPN (Cisco VPN client). If are running full tunnel on the Cisco VPN client, the internet access is slow. For example, when we are running full-tunnel, the internet speed is 16 Mbps based on Speedtest.net. When we go to Speedtest.net, some of the graphics do not load. If we are running Split-tunnel, the internet access speed is 78 Mbps based on Speedtest.net and the Speedtest.net web site loads all the graphics.
View 6 Replies
View Related
Oct 17, 2012
I am using a Cisco RV110W (Firmware 1.2.09) in a branch and I would like to create a VPN Tunnel to another site that has a Cisco RV042 (firmware v4.2.1.02)
What would be the correct Configuration? the current configuration I am using is
in the RV042 i am using
Check Enable
Local Group Setup
Local Security Gateway Type : IP Only
IP Address : RV042 Pulbic IP address
[Code].....
View 3 Replies
View Related
Apr 14, 2012
what is the throughput of the 1941 and 3945 series routers, i didn't find this info in the datasheet for both!
View 2 Replies
View Related
Jul 24, 2012
Environment :linksys wrt300n v1.1 which can have ddwrt-mega. Willing to tunnel all lan's outbound traffic through an ssh tunnel.
View 2 Replies
View Related
Jul 31, 2012
I have a Cisco Small bussiness RV120w and I setup the radius server , WPA2 Enterprise with a windows 2008 NPS radius server . The big problem is that the authentication fails .This is the error that I see in event viewer / server roles / Network policy and access services: reason-code 49 "The connection attempt did not match any connection request policy".The radius key is matching between the server and the client . The radius server is reachable and I don't find any routing issues .Does anybody tested this router with this type of wireless security?
View 3 Replies
View Related
Jun 28, 2011
Tried upgrading my firmware to 4.0.2.08-tm and now I cannot log in via the web interface. The router boots and gets out to the internet. It still allows incoming vpn connections. The login screen displays and will display an error message if I use incorrect credentials, but if I log in properly and am directed to the routers web config homepage at "192.168.1.1/default.htm", I get a 404 error message. Telnet does not work either (not sure if it's on, never used it before) 404 Not FoundThe requested server-side-includes filename, /usr/local/EasyAccess/www/htdocs/default.htm, does not seem to exist.As if the web pages after the login screen got removed or corrupted after the update.
SN is NKS10403247
I realize there is a newer version. Attempted the upgrade incrementally since I could not find documentation specifiying if that was required or not.
View 5 Replies
View Related
Mar 30, 2013
As part of my business' PCI compliance regime, we are regularly scanned for vulnerabilities. Today we started getting notifications of failure on all of the QuickVPN ports (443, 60443) for the following:
Details: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
06/11/12 CVE 2009-3555 Multiple vendors TLS protocol implementations are prone to a security vulnerability related to the session-renegotiation process which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context.
Cisco, will you be issuing a firmware update to address this anytime in the near future? Presumably it effects all the other RV routers as well.
View 3 Replies
View Related
Jan 23, 2012
I am building a site to site VPN from our headquarters to a customer. I am using an ASA 5520. The customer is using Cisco 3945 routers. The customer has two VPN termination points. The customer requests that we make one of their termination points the primary VPN connection and make the other termination point the backup in the event that the primary VPN fails. How do I configure this on the ASA? Does the below configuration fulfill this goal?
View 3 Replies
View Related
Dec 15, 2011
We've (an independent school) just bought an SR520 with a view to replacing one of our Draytek 2820s. We need to set up some site-to-site VPN with NAT and the Drayteks won't do it.
I've been trying to configure the SR520 in just the most basic fashion using CCA (3.1) and the CLI but with no success. I can't get a PPP connection with our ISP.
I've tried following the instructions in the software config pdf and also tried replicating the various 'running configs' reported in other posts in this forum to allow connection to a UK ISP, with no success. I don't know how many times I've reset the poor thing to factory defaults.
I have to say that I'm dismayed at how flaky the CCA appears to be. Many of the things I've tried with it simply don't work and often end up in it hanging. Close to useless in my view.
So instead I've tried to use the CLI which seems a lot more solid but is somewhat impenetrable and there's precious little by way of supporting explanation.
View 12 Replies
View Related
Sep 5, 2011
I just updated my RV042 to the firmware RV0XX-v4.0.4.02-tm-20110704-code.bin and now im having this error every time that i try to logon in the router? 404 Not FoundThe requested server-side-includes filename, /usr/local/EasyAccess/www/htdocs/default.htm, does not seem to exist.
View 7 Replies
View Related
Mar 13, 2012
How to set up a home network with 2 routers, where R1 acts as the DHCP server and R2 is basically a switch, connected LAN to LAN and everything is on the same subnet. Currently I have a different setup:Both routers have the DHCP server enabled and I connect R2's WAN port to R1 LAN. Therefore I have 2 subnets. Now my special requirement is that R2 is a DD-WRT router, which establishes a VPN connection to StrongVPN, so that all internet traffic via R2 is encrypted and goes through the StrongVPN server. Now my question:If I change my router setup to the same subnet, meaning R2 connects LAN to R1 LAN and I disable DHCP server on R2, will R2 still be able to establish the VPN connection?
View 5 Replies
View Related
Jan 17, 2013
The Lg840g is a tracfone with wifi capability. I get strong wifi signal and connection at home, but receive failure to connect to requested host message when I open the browser. This phone works at wayport wifi, so I assume it's a compatibility problem with the router. Is there a fix? (Router works great with our Acer and Kindle tablets though.)
View 1 Replies
View Related
Feb 21, 2013
I have just configured a new RV016. Everything works well for about an hour then it shuts off. Cycling the power will cause the system led to light breifly, but then it shuts off again. After 15 minutes unplugged, I am able to restart it and it will run fine for about an hour.
View 2 Replies
View Related
May 21, 2013
I have some legacy (read: old) audio equipment that used leased lines to run, no way to convert them to IP internally. They have x.21 and v.35 interfaces on them.
Is there a way i could use something like an old 2600 series router and run it in reverse, like just using them as a media converter to shove the v.35 over into IP land?
I'm not interested in buying newest latest greatest (these audio codecs are upwards of $5k a pop to replace, x2 for a complete link), i'm just curious if i can turn a WIC-1T into the interface for these boxes and do a direct route to another 2600 on the other end with the same configuration.
This would essentially turn the WIC portion into the local side and the ethernet into the WAN side.
View 2 Replies
View Related
Jun 11, 2013
I have 30 switched in my corporate network it’s all up and running all switches running by default configuration and connected to WS-C4506 core switch our dhcp server pooling 192.168.100.1/27 network. Now we need to configure new Vlan for finance department this department has more than 200 users. If my server distributes 192.168.200.0 range ip can vlan2 automatically assign ip 200.0 addresses to finance department.All switches running default config no ip address assigned.
View 9 Replies
View Related
May 7, 2013
I need to replace an existing ASA 5540 with a new ASA 5525X. I would like to pre-stage and configure the new box with the existing config, migrate license and export certificate files before swapping it with the old one during a change window. The new firewall will run 9.1 on deployment. Now the same 7.2(4) cannot just be copied over to 5525X running the minimum 8.6 version. There is a Web based tool available at [URL] according to Cisco documentation but the page does not load for me (Cisco intranet only tool ?). Is there another tool for automatic conversion ?
View 3 Replies
View Related
Jan 29, 2013
I am unable to isolate DMZ and LAN traffic with an SA520 running 2.1.7.1 firmware. I have the optional port configured as DMZ and DHCP server enabled. I tired leaving the firewall as default. Also tried creating firewall rules to deny traffic from LAN to DMZ and DMZ to LAN for any address and any service.I am still able to ping devices both from LAN to DMZ and DMZ to LAN. I am also able to see network resources in both directions.
View 5 Replies
View Related
Jan 18, 2013
I have a ADSL modem with a wi-fi router connected to the internet. I want to connect my Belkin F5D8233-4v3 to the router wirelessly and use it as an Access Point to extend the range of my home wi-fi setup. How do I configure the Belkin to connect to the adsl router over wi-fi without running the cable?
View 1 Replies
View Related
May 28, 2012
I've enabled jumbo frames in Networking -> LAN (Local Network) -> Jumbo Frames on an RV180W running the base firmware (1.0.0.30).The switch seems to pass jumbo frames just fine (like ... almost every switch these days), but the router itself silently drops jumbo frames.ss this a known bug?This makes enabling jumbo frames on clients impossible, since it will break some external connectivity. (I.E. when two endpoints are on networks with jumbo frames, they will then negotiate a high MTU over the WAN, but the router will silently drop large frames and they won't get an ICMP Fragmentation Needed, etc. because the router simply drops large frames).
View 7 Replies
View Related
Aug 5, 2012
I have a gateway to gateway vpn (home-office) working fine for almost an year btw 2 wrvs4400n routers, This morning, the VPN tunnel was down. I clicked "Connect" from the web based interface, but it does not reconnect.
I tried setting up a new tunnel using the VPN setup wizard, but it says it can't connect to the remote router. Which is strange, since I can ping there normally.
View 2 Replies
View Related
Dec 23, 2012
I keep getting "Speed Test: Error occurred during test." message when I run Streamline speed test on N750DB router. I'm not sure what my download and upload speeds are which is why I went with run a speed test to begin with.
View 17 Replies
View Related
Mar 13, 2013
Is it possible to have a site-to-site IPSEC tunnel between 2 identical RV110W routers?I basically want one of them to initiate a secure tunnel with the second so that computers from one router subnet see the computers from the other router subnet.
View 3 Replies
View Related
May 19, 2013
the RV110W IPSEC site-to-site tunnel, are there necessary 2 x public IPs for it to work, or only 1 public IP is enough? [code]If it works with 1 public ip, the "CLIENT" RV110W configuration should be straightforward (in Advanced VPN SetupRemote Endpoint i fill in the dyndns address?), but how do i setup "HOST" RV110W?
View 2 Replies
View Related
May 13, 2012
Is it possible to configure an IPSEC GRE tunnel with RIP on an SRP527w? I see RIP, GRE & IPSEC are all possible.. But I'm not sure about them all together securing the GRE tunnel??
I basically want to do this with the SRW routers not native IOS. Single head end hub & spoke.
View 1 Replies
View Related
Feb 13, 2012
I'm trying to setup a VPN between an RV042 V3 and an RV082 V2 router. They get connected but no traffic gets through the tunnel. I tried with and without firewall,DPD, Keepalive, forward secrecy but nothing worked. What should I do? I don't want to throw out the V2 routers. V3 to V3 connects fine.
View 1 Replies
View Related
Apr 23, 2012
We have about 9 1900 routers and 1 ASA 5510 for partail mesh VPN network. So 8 1900 connect to 1 1900 and ASA located in HQ and datacenter. All worked well however there is one site running really strange. The tunnel between 1900 is up for a while and down. Reboot router seems to be the only fix. But tunnel to ASA does not seem to be down at all.
The issue happened again today, we rebooted the router on site but tunnel still not up. DEBUG shows: deleting SA reason "Death by retransmission P1 "
I can see alot of Apr 24 19:57:55.271: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
To me it seems like the IDE packet sent but never got reply and timed out. I did also check on the other end, the HQ. All other tunnels are still running fine on that router, just this remote site. Plus I got the similiar output when debugging on HQ router.
One thing do notice though, there was no match on both router for the ACL to match/permit ESP traffic... I asked on-site staff to reboot the modem used in remote site.
View 3 Replies
View Related
Dec 17, 2011
I have establlished VPN tunnle between 2 locations
I can ping accros and access server resources on both LANs The problem is that from one location I can not access Internet
I can not ping by IP,when I do tracert it just reaches default gateway of this locations from other location(office) no problem
View 1 Replies
View Related
Apr 4, 2011
Here is the situation: A CISCO871 router is configured to establish an IP SEC tunnel with a CISCO ASA5520. The configuration is OK about that. I wish to configure the same CISCO871 in order to establish a LAN-to-LAN IP sec Tunnel with another CISCO871 at the same time in order to reach private network. So, I have followed the Cisco procedure Document ID: 71462 "LAN-to-LAN IP sec Tunnel Between Two Routers Configuration Example"; it works, I can reach the peer private network BUT ONLY when the IP SEC tunnel with ASA is not established.
It seems to be a routing problem...I don't find how to configure to make both tunnels up and functional at the same time.
View 1 Replies
View Related
Jan 25, 2013
Our ISP supplies a Cisco SRP-521w router with our WIMax connection but I have had no experience with these and they look like a ex Linksys product? What they a like for use as a spoke router connected to the core hub (Cisco 2921 ISR G2)?We would be using a GRE Tunnel protected with IPsec 3DES encrypted.The SRP would be using PPPoE to authenticate to the ISP.Any known traps and limitations with the Cisco SRP-521w?We currently use a Cisco 877 for this but wanted to save them fr our adsl links
View 1 Replies
View Related
