Cisco VPN :: VPN Between ASA 5505 And 881?
May 28, 2013
i have configured vpn on asa 5505 and 881 router, as per below design,i am seeing the tunnel is built from cisco 881 router for few seconds and the its got delted. but nothing showing in asa.
View 1 Replies
ADVERTISEMENT
May 24, 2012
I've been tasked with setting up an ASA 5505 on our ADSL modem & am very lost. I've put the PPPoE details into the ASA 5505 to authenticate with our ISP, but can't get out through it. I've looked at guides, videos, compared configs
This is the current config...
: Saved:ASA Version 8.2(5) !hostname asaenable password GuuH2OTIRWlZP8z3 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface
[Code]....
View 2 Replies
View Related
May 2, 2012
I am attempting to configure an ASA 5505 with SSL VPN. The users request is from anywhere, be able to web into the Cisco ASA. [URL]. At that point, we will require them to authenticate through Active Directory via ACS 5.2. The Cisco ASA 5505 is a 50 user ASA. We have also purchased the mobile license as well as a 10 user premium license. That was a bear in itself.
1. How do I configure the SSL setup to use a 3rd party certificate, such as a Comodo certificate?
2. How do I determine which version of AnyConnect I should use for this? We will support windows, macs, linux and smart phones as well as Tablets.
3. if you do a show version, you get all the capabilites of the ASA of which some are disabled or deactivated. Any chart that will show us, what needs to be purchased to activated each line entry on the ASA? Is there an all encompassing PAK?
View 1 Replies
View Related
Mar 13, 2011
we have a customer with three sites address ranges are 192.168.215.0/24 head office, 192.168.216.0/24 contract and 192.168.217.0/24 branch office.
The head office has a Cisco ASA 5505 device and the two remote sites have Zyxel P-661 devices. The end result I want here would be for a VPN from both remote sites to the head office this was working before but now the branch office is not now all the users are able to access resources in the head office without any problems but the users in the head office can not connect to resources in the branch office.
The Contract office has exactly the same set up and is working okay.I have spoken to Zyxel and they have told me they think the Zyxel set up is okay and that the problem is at the head office.Some of the testing we have done which is causing confusion has produced the following results:
-From the server in the head office we can ping the internal interface of the Cisco.
-From the server in the head office we cannot ping the external interface of the Cisco
-From the server in the head office we cannot ping the router beyond the firewall.
-From the server at head office I cannot tracert to any external resources.
I have just tried doing a Packet trace from the internal address to the address of the router and it has failed witht he following message: [code]
View 17 Replies
View Related
Feb 28, 2012
The current scenario is as follows:
ASA 5505 Site A connects to ASA 5505 Site B S2S VPN, both has static IP address.
Now I need to change from ISP so that I can get more internet bandwidth, but the new ISP only has dynamic IP address.
Now I need to change Site B's config to use dynamic IP and still connect to Site A and establish a S2S VPN.
How can I do this?I want the ASA 5505 to change its IP daily so that the VPN connection is still up even if the ISP at site B changes its IP. Or a way to do this automatically as I don't have anybody at site B that can do this manually for me.
View 8 Replies
View Related
Jan 6, 2013
We have a MPLS T1 installed at the main office. I just purchased ASA 5505 to configure site to site VPN connection. The ISP have VIP mapped with 1 block of public ip addresses.configure the asa 5505.
View 0 Replies
View Related
Jan 15, 2012
I am having trouble getting 1142 LAP to find the controller. We are running an ASA 5505 at our main campus where the 5508 is located. Each Of our distribution centers have a PIX501 and from there about 3-5 AP's each. The AP's that were primmed before instalation work great, however we need the ability to get the other ones that were already installed and not finding controller to work with out cycling them through main campus. I have opened up UDP ports 12222-12223 and 5246-5246 with no luck.
View 1 Replies
View Related
Feb 28, 2012
I have a remote ASA 5505 running 8.3(2) that establishes a site to site VPN to a central ASA 5520 running 8.4(2) immediately upon startup. Then within a random interval ranging from 5 seconds to an hour, the VPN loses the connection, and is not reconnected. Only a reload of the remote ASA will reestablish the VPN tunnel. Then everything is fine until the next disconnection. Both sides have matching lifetimes, and keep alives are enabled on both sides. The debug from the remote ASA is attached, showing what happens through several disconnect/reload sessions.
View 2 Replies
View Related
Dec 5, 2011
We have two sites connected by a gigaman line. Routing between the two sites is done with a couple of HP routers. We also have two separate Internet connections, one at each site, through different providers. The border firewall at one site is a Cisco 5505 and at the other site it is a Cisco 5510. If the gigaman line goes down, we would like to fail over to a site-to-site VPN. Any clue how to set this up? We can set up the site-to-site VPN. how to make it serve as a failover. Another question is whether the VPN will cause confusion when the gigaman is operational.
View 11 Replies
View Related
Nov 17, 2012
We have a Cisco 5505 firewall and working to setup VPN through the firewall, what Cisco vpn client should we download for our users to have the right client on their desktop/latops.
View 3 Replies
View Related
May 29, 2011
We have Cisco ASA 5505 and an internal user (behind NAT) needs to connect via VPN to an external company. I just cannot get this to work. I have enabled IPsec Pass Through from ASDM Configuration --> Firewall --> Service Policy Rules --> Edit Service Policy Rule --> Rule Actions --> tapped IPsec Pass Through I have tried to find some info from the log but all i get is this message: IP = [remote gateway ip] Invalid Packet Detected!"I cant find anything that is blocked from the log.
View 2 Replies
View Related
Feb 28, 2012
I have an L2L VPN setup between two ASA 5505's. I can communicate across the VPN from either site without an issue. I'd like to be able to grant RA VPN users access to both LAN's but I'm not certain how to proceed (or if it's possible). I have split tunneling setup, and I've added both LAN subnets in the ACL. When I connect to either ASA via RA VPN, I can ping any host on the local subnet behind that ASA. However, when I try to ping hosts on the other side of the L2L VPN, it fails. I'm not sure if I have an ACL setup wrong, or if it's simply not possible.
View 4 Replies
View Related
Oct 21, 2012
I'm not sure if this is a possible config, but I have an ASA that I need to be able to SSL VPN to, and get an IP Address that is on the same subnet as my internal interface. The reason is, the person connecting in has a utility that does a broadcast on the internal network to discover the devices he is trying to connect to. Therefore, connecting over VPN and getting put on a different subnet wont work. In this case, I am going to start the ASA configuration from scratch. If its possible to do the above, what are the correct commands to configure it? I was planning to use 10.50.0.1/24 for the internal interface, and then hand out IP Addresses on that subnet to both the lan, and the vpn, This is an ASA 5505. Its on IOS 8.4.
View 1 Replies
View Related
Dec 12, 2012
We have CISCO ASA 5505 in our office , right now port 0 has configured for outside and port 1 for inside (I believe it is the default configurations) now for security reason I want to separate the Network traffic from inside (office LAN) and WIFI , I believe since i have 6 ports in vlan1 (inside) if I make the port which has the connecting to our switch and the port which i m going to connect to my wireless router (same vlan1) protected / isolated then this should work , but here is what is happening , the minute I save the configurations port 3 which is supposed to be my wifi port will lose its connection to the Internet.
i tried to make another vlan for wifi to separate the trafic from vlan1 , but I m not getting internet connection on that port which is been assigned to new vlan for wifi.
View 5 Replies
View Related
Jun 26, 2011
I’ve set VPN up between two sites using Cisco ASA 5505 and Wizard. Unfortunately VPN works only one way From 8.2 (2) to 8.3 (1) and after spending one day trying to resolve the issue. Logs shows that ping leave ASA 8.3 but never hits ASA 8.2 – opposite way everything works perfectly. [code]
View 2 Replies
View Related
Feb 21, 2011
I configured site to site vpn between asa 5505, in one site it is static ip and the other side is dynamic ip.my issue is the the tunnel is automatically going off maybe 30 minutes time, if it is idle again if i initiate from dynamic side it ll comeup.and my setup is like this,in the static ip side i am having ADSL line , so i connected to the adsl router and the adsl local network is outside network of asa 5505.like dual nat is there in the vpn connection.
View 5 Replies
View Related
Apr 18, 2012
For some reason my ASA is preventing my traffic from going out. I've added some crumby access-list and applied it to NAT for it to work. I don't like this. I know it is not right, but I am not sure what part is wrong. I will highlight the stuff I have added to make it work. I don't see what I am missing. If I were to remove these lines my ASA could ping in both directions (in and out), but my LAN cannot do anything but ping the ASA. No other traffic is going out unless I have added these unsafe lines of code.
!
interface Vlan1
nameif inside
security-level 100
[Code].....
View 2 Replies
View Related
Aug 21, 2011
Any way to put a second vpn site-to-site as standby and if the primary come down this standby come to up.for exemplo, I have a ASA 5505 in my branch office I wish add two VPN site-to-site to my head office. one tunnel must be standby and other active. there is any way to reach this? the contingency can be by hand it's not necessary be automatic.
View 4 Replies
View Related
Feb 14, 2012
We have successfully connected the pix501 and asa 5505 firewallls using ipsec vpn.the firewalls and servers and beeing shutdown after office hours.the problem is everytime we turn on the firewalls, we need to do "ping" on vpn inorder to establish vpn connection with the two firewalls.After doing a ping command. The VPN connection between firewalls is established.we us vpdn to create a tunnel to the asa firewall.
View 3 Replies
View Related
Dec 6, 2011
I have cisco asa 5505 Base Line .. so i want to buy the license key to get more features . so what is the requirments and how i can buy .
View 1 Replies
View Related
May 11, 2011
i got a person who connect with vpn on a adsl connection to the corporate network.this person is using cisco ip phone on his remote location and i did configure the ASA 5505 to priorize voice over data.i still get voice skips when the remote pc is uploading data to the corporate network...what i've done is :
1.with asdm i did create 2 priority queues one for inside (queue limit 2048 trans ring limit 512) and outside (queue limit 2048 trans limit 256)
2. with the service policy wizard i did create a global service policy (all interface) and a traffic class for dscp 46 ef and on qos tab i did check the "enable priority for this flow"...
3. When using the phone, i clearly see that packets are growing on the LLQ queue (show priority-queue statistics)
4. i still get voice skips when uploading data to the corporate network... upload bandwidth is about 800k for upload the pc and the phone is on the same subnet
View 2 Replies
View Related
Feb 8, 2012
At the moment I'm running a T1 to a Cisco ASA 5505 device. I'm in the process of getting a backup ISP. My question is, is it possible to configure this firewall with two ISPs so that the same internal webserver can be accessed via backup ISP?
View 6 Replies
View Related
Feb 18, 2013
I will be setting up a VPN with a client soon. They are shipping 2 Cisco 861's that are planning to go behind our ASA 5505. They are set up to be NATed.I am trying to understand what the best way to do this would be as I seem to keep running into limitations of the ASA 5505. Our ASA has a public IP of 2.1. 2.14/30 assigned to it's outside interface.The public IPs to be NATed to the 861's are 2.1.2.218 and 2.1.2.219/29.
1. How can I assign this seperate public IP block to the ASA? Is it even possible?
2. If not possible, what would other options be?
3. Would an upgraded license that allows for additional interfaces make this easier? (I would not do the NATing then, just assign the new public IP block to another interface)
View 4 Replies
View Related
Apr 8, 2012
configuring the Cisco ASA 5505 device to access my both WAN and LAN ip. LAN ip i need to configure it for web servers to face the internet.
View 11 Replies
View Related
Dec 6, 2011
I have set up a VPN tunnel using pre-shared keys between my ASA5505 and a Checkpoint firewall (another company).
I can initiate the tunnel from my side, but they cannot open it from their side. We get Phase2 failures.
The other company is saying:
"Your ASA is expecting my CheckPoint to negotiate the phase 2 timeouts in both seconds and kilobytes. Enabling kilobyte timeouts is not something that is currently realistically feasible on my side, so I ask that you disable/turn off kilobyte timeouts on your side"
However, I do not have a kilobyte timeout specified in the security association for the tunnel, only a seconds.
Is there a hidden default setting I have to turn off? If so, how do I do this?
View 3 Replies
View Related
Jul 3, 2011
I have a new ASA 5505 that I am trying to configure. I've set up the basic stuff, and the router is getting an external ip address via dhcp. The router also has a site to site vpn link to another cisco ASA 5505 router. The site to siste vpn isn't working, but I can probably figure that out once the internet starts working. The router is getting an ip address from my isp, but I can't ping/browse to any web pages. [code]
View 1 Replies
View Related
Apr 4, 2012
I'm trying to get a tunnel to come up between a 5510 and a 5505. I currently have a vpn tunnel up and running from the 5510 to another remote site. [code]
View 2 Replies
View Related
Jun 5, 2011
I finally got the VPN tunnel between 2 asa 5505's up and running, but I have some error codes on the initiator side that I can not figure out. [code]I have looked at the Crypto transforms on both sides, and they match just fine as far has the DH ID code, Group Number and the encryption. The remote side however, does not have any of there errors.
Is this something that I have skipped over, or missed that I should be looking for? The IP address that is listed above is not in my static addresses, not sure where theose are coming from. I believe that they are outside public IP's.
View 3 Replies
View Related
Aug 31, 2012
[code]....
Red error what is the reason? Only appears in the window 2003 server.
View 5 Replies
View Related
Oct 13, 2012
I have little ASA experience. To make matters worse, I understand that IOS 8.4 is very difficult to configure. I spent all day today trying to configure this ASA 5505 and am stuck at the point that my lan traffic can happily connect to the wan (although I cant ping the wan). I can connect to SSL VPN from the internet, but after that I can not connect to anything lan or wan. Here is the basic info.
Inside 10.50.0.1/24
Outside DHCP
VPN range 192.168.60.0/24
If the 5505 cant have a separate subnet for VPN, then I'm happy to put the vpn traffic right on the lan. My goal is to be able to VPN in to my ASA from the internet, and have full access to the network, and internet. It would also be nice to fix the issue so I can ping the internet from my lan.
Assuming that my ASA is only configured with the above settings and everything else is factory, any commands to make this work. I dont have access to the firewall at the moment to copy my running config, but I can get that if needed
View 17 Replies
View Related
Mar 15, 2012
Set up AnyConnect on my ASA5505? I have my VPN access working properly through the Cisco client however I want to be able to use the clientless program as well that is available.
View 6 Replies
View Related
Jul 24, 2012
We were just informed by an ISP that they are not providing a router for an installation on Friday. We have a ASA 5505 currently and the current ISP has an Adtran router in place. Our ASA has VPNs setup to our 2 other locations. About 30-40 people connect to this location over terminal services via the VPN, they also print and conduct minimal file transfers. We are switching ISP's to go fro 3Meg to a 10meg circuit.
I have a very low budget and have been told all I need to get is a 800 series router with 2 interfaces to accomplish the task. I have included a diagram that the ISP gave me. What is the proper router i need to do what is described in the picture? The an other thing that i need to add is that we may want to hang a small switch off the router to put a seperate firewall in the future. if this prevents me from getting a 800 because this is really my price range we are willing to give this up.
I have put a "X" for the first two octets in the picture as to not post my ip's. These 2 octets are the same through out.
View 4 Replies
View Related
Feb 7, 2013
We're setting up a site to site VPN with a customer. Our side is a Cisco sa520 and there side is a Checkpoint. The tunnel is up, we've verified phase 1 and 2 are good. The issue is passing traffic across the tunnel, our LAN ip address are private addresses 10.10.1.0/24 but the customer states that we need to have a public IP address for our LAN in order to access there server on there LAN. So looking through all the forums, I see that you can NAT before crossing the VPN tunnel, but our issue is that our site only has 6 IP addresses assigned to it and those are the Comcast router, the WAN side of the SA520 firewall.
So we were wondering was there a way that we can either use the WAN interface on the SA520 or use another available of the 6 that were assigned to NAT and pass traffic across the tunnel. Sounds confusing? sorry but it is, rarely do I have a customer say I have to have a public IP for my side of the LAN. Now I also say this is a SA520 firewall, but if it's not possible to do with that is there a way were could with an ASA5505?
View 5 Replies
View Related