Cisco VPN :: VPN 3000 Concentrator And AnyConnect?

Aug 14, 2011

I have a client who saw there was a android version of the AnyConnect client and want me to go through and get their VPN 3000 Concentrator confingured to be able to connect in with it.
 
The Conncentrator is currently setup several groups of users and the base group is set up to all other products to connec tin via a pre shared key. It took alot research to get it configured to this point and all the searches i pull up are for a ASA.

View 1 Replies


ADVERTISEMENT

Cisco VPN :: Configure VPN 3000 Concentrator To Work With AnyConnect?

Oct 10, 2011

is it possible to use cisco AnyConnect client to connect users with Cisco VPN 3000 appliance?If so how to configure VPN 3000 concentrator to work with AnyConnect?

View 1 Replies View Related

Cisco :: How To Setup LAN-to-LAN VPN Via 3000 Concentrator

May 28, 2011

I have been trying to setup a LAN-to-LAN VPN between two sites that are using a 3000 series CISCO Concentrator. After following the basic setups from the CISCO site, I am still unable to create a tunnel. At the moment I'm starting to believe it is how I have physically setup the network. Site 1 is using a Billion BiPAC 7404VNPX ADSL2+ Modem, Site 2 is using a Netgear DGN2000 ADSL2+ Modem, The VPN Concentrators are setup behind these devices with each firewall setup to allow the needed ports forwarded.

View 5 Replies View Related

Cisco VPN :: VPN Concentrator 3000 Login

Apr 14, 2011

Our VPN 3000 concentrator's admin password was changed by somebody so i reset the password by using straight through serial cable, now the problem is it allows me to login with admin through console but not through admin web interface or telnet. I have enabled telnet and http access but still no success. Concentrator is using internal database so no AAA server is configured.

View 1 Replies View Related

Cisco :: VPN Concentrator 3000 DES-56 LAN To LAN Stopped Tx

Apr 4, 2012

I have a VPN Concentrator 3000 with LAN-to-LAN DES-56 connections connected to it (Cisco PIX 506). Everything was working fine and then over the night something messed up on it. No settings were changed or anything.
 
First issue was anything using DHCP (getting IPs from the sites local PIX) couldn't be pinged or reach out through the Concentrator. It was only Thin Clients that didn't work. I could still ping the PIX, printers and desktop computers that were static set IPs. But this was happening at every site going through this Concentrator. The sites going through out MPLS network are fine.
 
I tried setting the Thin Clients to a static IP but still couldn't ping them.
 
I then decided to reboot the Concentrator, when it came back up all sites reconnected back to the Concentrator but now couldn't ping anything at the sites, not even the LAN IP of the PIX (or printers and desktops now). I power cycled a few of the sites PIXs but they still were not pingable even though the Concentrator showed they were connected.
 
I then decided to physical power cycle the Concentrator, it's back up and all sites are connected but none of the devices on the LAN side are reachable.
 
The Concentrator can ping the sites WAN IP but nothing on the LAN side going through and out the Concentrator. It can ping the LAN through the private interface (going back towards my LAN) just not going through the public interface (over the WAN).
 
The sessions show that Bytes are Rxing but no Bytes are Txing.

View 0 Replies View Related

Cisco VPN :: 3000 Concentrator Manager Access

Aug 8, 2011

I have 3000 concentrator in 192.168.1.x/24 network (concentrator has static IP of 192.168.1.4/24 assigned to its private int). I can manage it thru HTTP from any PC in the same subnet, but connection failes while trying to connect from PC on different subnet (i.e. 10.1.1.x/24). Is there ACL in concentrator config which needs to be modified to allow management from different subnet?

View 2 Replies View Related

Cisco VPN :: VPN Concentrator 3000 To View Log History

Nov 21, 2010

Our enterprise uses a VPN Concentrator 3000 for our VPN access. Is there a way to view a log history of what user connected to VPN and what IP address they were assigned?  It would be for 2 days ago which was over the weekend.

View 3 Replies View Related

Cisco VPN :: VPN Concentrator 3000 Setup With Client

Mar 27, 2011

I've the following scenario VPN Concentrator is connected to a router which is connected to a router and at the edge Cisco 515E PIX is connected to the internet. The problem is that the normal VPN Dial-up connection (a utility of windows) are getting connected but Cisco VPN Client throws error 412. Here's what I've tried (Initially groups and user were created):

(1) Allowed port 10000 on PIX ( access-list from-outside-coming-in permit tcp any host <public ip> eq 10000) and checked IPSec over UDP on VPN Conc. under Mode Config tab. Also checked IPSec over TCP tab under tunneling panel at port 10000. Tried connecting through VPN Client but it threw error 412
(2) In the reference guide, I read that IPSec over NAT is allowed on ports ranging from 4000 something to 40000 something.

I tried 33333, both on PIX and VPN Conc. under Mode Config tab but still no use. Same error 412.

View 3 Replies View Related

Cisco VPN :: VPN Connection Between Concentrator 3000 And RV220W

Jun 27, 2011

is it generally possible to configure a site to site VPN connection between Cisco VPN Concentrator 3000 and Cisco RV220W / RV120W?

View 2 Replies View Related

Cisco VPN :: Old VPN 3000 Concentrator Password Reset?

Jul 8, 2012

I have an old VPN 3000 Concentrator that I do not have any idea what is running on it. The previous network admin didn't leave a password for it, so I tried to reset the password. I was successful in doing so, but when I try to access it with the default of admin/admin via web browser, I still cannot access it. I am loathe to remove or power off this device without knowing what is on it.

View 6 Replies View Related

Cisco Security :: 3000 Vpn Concentrator Load Balancing

May 19, 2012

We have two 3000 vpn concentrators. Under both of  their load balancing fields, Configuration - Load balancing , the checkbox for loadbalancing is enabled.However both have different priorities, one with 10 and other with 1. Does this mean both are actually loadbalancing. What does the priorities indicate here?If we replace the concentrators with ASA , how will this load balancing need to be configured on ASA & how will it work.

View 5 Replies View Related

Cisco VPN :: 3000 Concentrator Intermittent Login Failures

May 11, 2011

I manage a VPN 300 concentrator which has been happily working for several years without any problems. All users are part of the same group and authenticate to an RSA server. We recently moved from RSA authentication manager 6.1 to RSA authentication manager 7.1. Everthing continued working fine for several weeks, then at the beginning of this week we started getting users intermittently failing to connect to the VPN. I'm not sure if this problem relates to our new RSA server, but we have other network devices which authenticate to it with no problem so I guess the problem is with the VPN concentrator itself.
 
When users fail they just get a generic "Reason 427 connection terminated by peer" error message. The live event log shows "group = vpn, status = Not-in-service" when their connection fails. Other times they connect normally and no error messages are displayed. There seems to be no real pattern, sometimes your connection fails but if you keep trying you will eventually get in [however it can take many attempts over an hour or two before you succeed, or you may get in straight away with no problem].
 
I dont believe its a network problem, as I have run continuous pings to the concentrator and the RSA server whilst users are experiencing these problems and there are no drops.
 
The RSA servers authentication monitor always shows that the user has successfully authenticated, whether the users connection actually succeeds or not. I am tempted to just reboot the concentrator, but we have site-to-site VPN tunnels connected off it and I'm a little concerned that if it is faulty it may not come back up at all.

View 2 Replies View Related

Cisco VPN :: Private-to-Public IP NAT Through IPSEC VPN On 3000 Concentrator

Jul 27, 2011

We have to setup an IPSEC tunnel for a client that does not what to exchange private IP address information for security and overlapping address space reasons.  We will both be natting our source private ip address space as public IP address space and send those packets through the established tunnel.  Im using a Cisco 3000 concentrator. 

View 1 Replies View Related

Cisco VPN :: ASA5520 / Concentrator 3000 Open TCP Ports?

Sep 21, 2011

We recently had a Port Scan done on our external IP Addresses.  One of those IP Addresses scanned was our Concentrator 3000.  The report came back with the following TCP ports being open on the Concentrator 3000 - 80, 443, 1723, 10000, 10001, 10002, 10003, 10004, and 10009.  I am unsure if it is necessary to have any or all of these open.  The Concentrator 3000 is in front of our ASA5520.

View 1 Replies View Related

Cisco VPN :: Site-to-Site VPN Between ASA 5510 And Concentrator 3000?

Jan 23, 2013

Is it possible to configure a site-to-site VPN between an ASA 5510 running 8.2(1) and an old Cisco VPN Concentrator 3000?  I've only been able to find an old 3000 to PIX guide on Cisco's site, and I cannot figure out how the two device's VPN options match up.
 
These are the options from the 3000:
 
IKE Proposal
Authentication:
Encryption options:
 
On the 5510's Site-to-Site Connection Profile, all the options are clumped into two boxes under Encrption Algorithms:

IKE Proposal: Encryption, Hash, DH Group, Authentication
IPsec Proposal: ESP Encryption, ESP Authentication
 
We have a pre-shared key configured, but I cannot find a set of options on the 5510 to match the 3000; I always get this error:
 
3Jan 24 201310:10:09713902Group = 63.192.x.x, IP = 63.x.x.191, Removing peer from correlator table failed, no match!1Jan 24 201310:10:11713900Group = 63.x.x.191, IP = 63.x.x.191, construct_ipsec_delete(): No SPI to identify Phase 2 SA!

View 2 Replies View Related

Cisco VPN :: 3000 / Detect Connection Status For AnyConnect VPN Client?

Aug 9, 2011

I need to write a small piece of code in C++ to detect whether the AnyConnect VPN client (v2.5 and above) has established the connection. I recall in Cisco 3000 VPN client when the connection gets established there is a registry value (TunnelEstablished) being set to 1. But with AnyConnect I don't see any changes in the registry. how to detect this in C++?

View 4 Replies View Related

Cisco VPN :: Installing VPN AnyConnect Client On Lenovo 3000 Laptop?

Sep 13, 2012

I uninstalled all of the Lenovo built-in remote assistance software, but still am getting an error on initiating the VPN.When I try to run the client, I'm asked to select the Group, enter the Username and Password, which I do.
 
I get a message saying "Establishing VPN - Repairing VPN adapter", then it crashes and reports: "AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again."

View 3 Replies View Related

Cisco :: VPN Concentrator No Logs On Ftp Server

Jun 16, 2011

I have a question about VPN Concentrator FTP Backup configuration to get logs on FTP server. I have configure FTP Backup with all details but I still do not see any logs on FTP server. Do you know what could be the issue? I have never used Concentrator and not sure what needs to be done to get in working condition. I am using VPN Concentrator 3015 series.

View 5 Replies View Related

Cisco VPN :: Wiping An Old 3005 Concentrator?

Jan 13, 2013

My organization has an old 3005 that i need to wipe the config of. The problem is that i cant gain access to the device via the console port. Every time i try connecting using a terminal session, all i see is a blinking cursor. As a result, my question to the group is there another way to wipe the config on this device?

View 2 Replies View Related

Cisco Firewall :: VPN Concentrator On PIX515 DMZ

Feb 7, 2011

I'm  planning connect VPN concentrator in our company to PIX515 DMZ interface.At the moment , VPN concentrator(used for remote access VPN for laptop users) is connected directly to core switch so as PIx515. Having VPN Concentrator connected directly to LAN is security risk .SO i want to connect VPN concentrator to DMZ of the Firewall(pix515).
 
We don't have any test environment and we are not allowed to have downtime of more than 10 minutes in production network ,I want to make sure my design and commands would work without problem .I've attached  doigram of our curernt setup and new setup I'm planning to work on as well as commands . Does this design will work .Nat , routing everything .

View 15 Replies View Related

Cisco VPN :: PIX 515E - Configuration As VPN Concentrator

Jul 2, 2012

I need to configure a Cisco pix 515e as vpn concentrator. Now the network has 2 Cisco pix in fail over - May I add a new Cisco pix in parallel and redirect the vpn tunnel on it? How do I need to make the configuration in order to work?

View 2 Replies View Related

Cisco Firewall :: PIX 515 E Deployed As VPN Concentrator

Aug 15, 2012

Can a Cisco PIX 515E with an Unrestricted License (UR) be deployed as a VPN concentrator? For example, remote users having VPN clients installed on their desktops connect through the Internet and are authenticated by the PIX 515E at the main site.

View 1 Replies View Related

VPN Concentrator Vendors For Network

Jun 13, 2011

I would like to pick the communities brains and get some opinions about VPN concentrators and different vendors.Now as far as I am aware and my research has taken me the Cisco VPN concentrator range has been discontinued and we need to look at the ASA range of devices for replacements.Working with smaller companies and ADSL solutions (dynamic IP assignment) it makes it challenging to establish a site to site VPN without dyndns and the cisco ASA range does not support dyndns VPN connections.Now the question I have or opinions I am looking for is:What I do like about Fortigate is that you have the ability to create virtual Firewalls. I am not looking for answers but rather real life experience with the different vendor products and opinions surrounding VPN concentrators.

View 2 Replies View Related

Cisco VPN :: Disable TCP 1723 And 10000 On Concentrator?

Jul 17, 2012

Where did I need to go on the Concentrator to disable tcp 1723 and 10000? We don't require these to be open and our pen test shows these as being open.

View 1 Replies View Related

Cisco VPN :: Will ISR 881w Connect To 3060 Concentrator

Nov 30, 2011

is it possible to do a site to site with a Cisco ISR 881W --> to a  Cisco 3060 concentrator head?

View 1 Replies View Related

Cisco VPN :: 3020 Concentrator - How To Restrict Access

Sep 13, 2011

Client: CISCO VPN Client
VPN server: Cisco Concentrator 3020  OS v 4.7
 
I want to get away from configuring split tunneling for security reasons. With Split tunneling and I am able to specify to which subnets the clients have access to. I do it defining "Network Lists"
 
When I modify the group and select "tunnel everything" under "client config" tab, the users then can access all subnets in the LAN. When I select this option the "Split tunneling network list" is grayed out
 
End goal is to make all traffic go thru the tunnel but be able to resctrict access to speficic subnets.

View 1 Replies View Related

Cisco WAN :: 1921 With HWIC-3G-CDMA To Concentrator 3005?

Mar 29, 2011

I have an interesting problem.  I've configured a site to site VPN connection between these two devices. I am using the CDMA card as the primary and only outside connection on the 1921. What happens is that by default the cellular connection is offline.  When traffic is generated internally from that network to the concentrator side of this scenario the cellular connection goes online and builds the tunnel, no problem.  However, I cannot initiate the tunnel from the concentrator side.  I think what i need is a way to force the cellular connection to always be on, and if it fails to come back online. 

View 3 Replies View Related

Cisco VPN :: Setup L2L IPSec VPN Between VPN3020 Concentrator And 2811?

Feb 22, 2011

I am trying to setup a L2L IPSec VPN between cisco VPN3020 concentrator and Cisco 2811 something is not working and I don't understand why.I describe my situation in detail my router has 2 interfaces

External interface Fa 0/1 ip 193.P.Q.R
Internal interface Fa 0/0 141.G.H.254 
Lan on internal interface is 141.G.H.0/24

 remote VPN concentrator has 2 interfaces
 
Public interface 131.A.B.C
Private interface 131.A.I.E
 
I have to set up L2L so that host 141.G.H.10 can talk to host 131.A.H.D whici is behind the VPN concentrator my router config:
 
crypto isakmp policy 3 encr 3des hash md5 authentication pre-share group 2crypto isakmp key * address 131.A.B.C!crypto ipsec transform-set presid-set esp-3des esp-md5-hmac !crypto map presid-map 5 ipsec-isakmp set peer 131.A.B.C set transform-set presid-set match address presid!interface FastEthernet0/1 ip address 193.P.Q.R 255.255.255.252 duplex full speed 100 crypto map presid-map!interface FastEthernet0/0 ip address 141.G.H.254 255.255.255.0 duplex auto speed auto!       
 ip access-list extended presid permit ip host 141.G.H.10 host 131.A.H.D
 ip route 0.0.0.0 0.0.0.0 193.P.Q.S 
 
Then I configured VPN3020 accordingly creating a lan to lan profile with the proper IKE proposals ecc ecc when interesting traffic is matched by VPN acl (presid) I see this messages in the VPN concentrator logs:

57101 02/23/2011 15:49:05.310 SEV=4 IKE/119 RPT=4033 193.P.Q.R Group [193.P.Q.R]PHASE 1 COMPLETED 57102 02/23/2011 15:49:05.310 SEV=4 AUTH/22 RPT=3935 193.P.Q.R User [193.P.Q.R] Group [193.P.Q.R] connected, Session Type: IPSec/LAN-to-LAN 57104 02/23/2011 15:49:05.310 SEV=4 AUTH/84 RPT=11 LAN-to-LAN tunnel to headend device 193.P.Q.R connected 57110 02/23/2011 15:49:54.820 SEV=4 IKE/123 RPT=1093 193.P.Q.R Group [193.P.Q.R]IKE lost contact with remote peer, deleting connection (keepalive type: DPD) 57112 02/23/2011 15:49:54.820 SEV=5 IKE/194 RPT=3778 193.P.Q.R Group [193.P.Q.R]Sending IKE Delete With Reason message: Connectivity to Client Lost. 57114 02/23/2011 15:49:54.820 SEV=4 AUTH/23 RPT=14 193.P.Q.R User [193.P.Q.R] Group [193.P.Q.R] disconnected: duration: 0:00:49 57115 02/23/2011 15:49:54.820 SEV=4 AUTH/85 RPT=11 LAN-to-LAN tunnel to headend device 193.P.Q.R disconnected: duration: 0:00:49
  
and from router side I See this with show crypto isakmp sa
 
131.A.B.C   193.P.Q.R  CONF_XAUTH           5    0 ACTIVE
 
but the status got stuck in CONF_XAUTH state and then disconnects?

View 1 Replies View Related

Cisco VPN :: ASA 5505 VPN Concentrator To Maintain Connection With Remote Sites

Jul 11, 2011

I have been working with my ASA 5505 VPN Concentrator to maintain a connection with one of my remote sites.  I have several tunnels that work fine and dont have any issues at all, but one tunnel with outside IP ending in 146 and inside LAN 192.168.3.0 goes down every 24 hours.  Attached is the config from the concentrator.  I changed around the Security Association Lifetime Settings and the tunnel would drop after that amount of time expired.  If I set it to 24 hours, the tunnel would drop every 24 hours.  If I set it to 8 hours it would go down every 8 hours.
 
I have swapped the router a few times, double and triple checked my key settings, disabled keep alives on both ends, and this problem just started happening a few weeks ago after working fine for years.  I also get the following e-mail error every time it goes down:

<161>Jul 10 2011 16:19:47: %ASA-1-713900: Group = xxx.xxx.xxx.146, IP = xxx.xxx.xxx.146, construct_ipsec_delete(): No SPI to identify Phase 2 SA!

View 6 Replies View Related

Cisco Switching/Routing :: Unable To Ping VPN 3005 Concentrator From Telnet Session In 3750

Feb 7, 2012

The network is set up like this.
 
Host -----> 3750 (classic) running IPSERVICES stack ----> 3550 router -----> VPN 3005 Concentrator.
 
IP routing is disabled on the 3750 (it's acting solely as a switch) IP routing is enabled with an EIGRP process running on the 3550 router that has the network for the 3005 broadcasting.
 
I can ping the vpn 3005 concentrator from a telnet session in the 3550 but not from the 3750.I can ping between the 3750 and the 3550 vlan management interfaces.  Visually speaking it's like this
 
3750 ------> 3550  [Success!!!!]
3550 ------> VPN 3005 Concentrator [Success!!!!]
3750 ------> 3550 --xxxx--> VPN 3005 Concentrator [Timeout....]
 
I know this because I tracerout to the 3005 from the 3750 and it resolved the default gateway configured for the 3550 properly but then started timing out.
 
The 3750 is trunked to the 3550.
 
3750 is vtp client mode
3550 is vtp server mode
 
I'm wondering if there's a layer 2 issue involved here as it is a VTP domain and maybe it's not returning properly. 

View 2 Replies View Related

Cisco VPN :: SNMP VPN 3000

Mar 3, 2011

I'm not finding where set the snmp community on VPN 3000. I need read flow date on Ethernet interfaces. but I'm able only get traps from VPN 3000 to a system snmp but  I don't get read from snmp community to VPN 3000.
 
where and how to  I can configuration the snmp community on VPN 3000.

View 1 Replies View Related

Cisco VPN :: 3000 - Dynamic IP Configuration

Nov 19, 2012

I am just CCNA, i have a project to configure site to site and remote access vpn on cisco 3000 routers and pix firewalls.. but the problem is only main site has the static ip while other sites have dynamic ips.
 
1- both the sides have dynamic ips.

2- one site have static and the other dynamic.

View 2 Replies View Related

Cisco VPN :: 3000 How To Access Local LAN

Jan 31, 2011

in my company we use Cisco VPN 3020.Actually users connect using CiscoVPN Client, and all traffic is routed into the VPN so that users gets a remote IP Address of the remote public LAN.The problem is that when using VPN users cannot acces anymore their local LAN at home.How can i allow users local LAN access ?All traffic is sent into the VPN also traffic for local LAN.

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved