is it possible to use cisco AnyConnect client to connect users with Cisco VPN 3000 appliance?If so how to configure VPN 3000 concentrator to work with AnyConnect?
View 1 RepliesI have a client who saw there was a android version of the AnyConnect client and want me to go through and get their VPN 3000 Concentrator confingured to be able to connect in with it.
The Conncentrator is currently setup several groups of users and the base group is set up to all other products to connec tin via a pre shared key. It took alot research to get it configured to this point and all the searches i pull up are for a ASA.
I have been trying to setup a LAN-to-LAN VPN between two sites that are using a 3000 series CISCO Concentrator. After following the basic setups from the CISCO site, I am still unable to create a tunnel. At the moment I'm starting to believe it is how I have physically setup the network. Site 1 is using a Billion BiPAC 7404VNPX ADSL2+ Modem, Site 2 is using a Netgear DGN2000 ADSL2+ Modem, The VPN Concentrators are setup behind these devices with each firewall setup to allow the needed ports forwarded.
View 5 Replies View RelatedOur VPN 3000 concentrator's admin password was changed by somebody so i reset the password by using straight through serial cable, now the problem is it allows me to login with admin through console but not through admin web interface or telnet. I have enabled telnet and http access but still no success. Concentrator is using internal database so no AAA server is configured.
View 1 Replies View RelatedI have a VPN Concentrator 3000 with LAN-to-LAN DES-56 connections connected to it (Cisco PIX 506). Everything was working fine and then over the night something messed up on it. No settings were changed or anything.
First issue was anything using DHCP (getting IPs from the sites local PIX) couldn't be pinged or reach out through the Concentrator. It was only Thin Clients that didn't work. I could still ping the PIX, printers and desktop computers that were static set IPs. But this was happening at every site going through this Concentrator. The sites going through out MPLS network are fine.
I tried setting the Thin Clients to a static IP but still couldn't ping them.
I then decided to reboot the Concentrator, when it came back up all sites reconnected back to the Concentrator but now couldn't ping anything at the sites, not even the LAN IP of the PIX (or printers and desktops now). I power cycled a few of the sites PIXs but they still were not pingable even though the Concentrator showed they were connected.
I then decided to physical power cycle the Concentrator, it's back up and all sites are connected but none of the devices on the LAN side are reachable.
The Concentrator can ping the sites WAN IP but nothing on the LAN side going through and out the Concentrator. It can ping the LAN through the private interface (going back towards my LAN) just not going through the public interface (over the WAN).
The sessions show that Bytes are Rxing but no Bytes are Txing.
I have 3000 concentrator in 192.168.1.x/24 network (concentrator has static IP of 192.168.1.4/24 assigned to its private int). I can manage it thru HTTP from any PC in the same subnet, but connection failes while trying to connect from PC on different subnet (i.e. 10.1.1.x/24). Is there ACL in concentrator config which needs to be modified to allow management from different subnet?
View 2 Replies View RelatedOur enterprise uses a VPN Concentrator 3000 for our VPN access. Is there a way to view a log history of what user connected to VPN and what IP address they were assigned? It would be for 2 days ago which was over the weekend.
View 3 Replies View RelatedI've the following scenario VPN Concentrator is connected to a router which is connected to a router and at the edge Cisco 515E PIX is connected to the internet. The problem is that the normal VPN Dial-up connection (a utility of windows) are getting connected but Cisco VPN Client throws error 412. Here's what I've tried (Initially groups and user were created):
(1) Allowed port 10000 on PIX ( access-list from-outside-coming-in permit tcp any host <public ip> eq 10000) and checked IPSec over UDP on VPN Conc. under Mode Config tab. Also checked IPSec over TCP tab under tunneling panel at port 10000. Tried connecting through VPN Client but it threw error 412
(2) In the reference guide, I read that IPSec over NAT is allowed on ports ranging from 4000 something to 40000 something.
I tried 33333, both on PIX and VPN Conc. under Mode Config tab but still no use. Same error 412.
is it generally possible to configure a site to site VPN connection between Cisco VPN Concentrator 3000 and Cisco RV220W / RV120W?
View 2 Replies View RelatedI have an old VPN 3000 Concentrator that I do not have any idea what is running on it. The previous network admin didn't leave a password for it, so I tried to reset the password. I was successful in doing so, but when I try to access it with the default of admin/admin via web browser, I still cannot access it. I am loathe to remove or power off this device without knowing what is on it.
View 6 Replies View RelatedWe have two 3000 vpn concentrators. Under both of their load balancing fields, Configuration - Load balancing , the checkbox for loadbalancing is enabled.However both have different priorities, one with 10 and other with 1. Does this mean both are actually loadbalancing. What does the priorities indicate here?If we replace the concentrators with ASA , how will this load balancing need to be configured on ASA & how will it work.
View 5 Replies View RelatedI manage a VPN 300 concentrator which has been happily working for several years without any problems. All users are part of the same group and authenticate to an RSA server. We recently moved from RSA authentication manager 6.1 to RSA authentication manager 7.1. Everthing continued working fine for several weeks, then at the beginning of this week we started getting users intermittently failing to connect to the VPN. I'm not sure if this problem relates to our new RSA server, but we have other network devices which authenticate to it with no problem so I guess the problem is with the VPN concentrator itself.
When users fail they just get a generic "Reason 427 connection terminated by peer" error message. The live event log shows "group = vpn, status = Not-in-service" when their connection fails. Other times they connect normally and no error messages are displayed. There seems to be no real pattern, sometimes your connection fails but if you keep trying you will eventually get in [however it can take many attempts over an hour or two before you succeed, or you may get in straight away with no problem].
I dont believe its a network problem, as I have run continuous pings to the concentrator and the RSA server whilst users are experiencing these problems and there are no drops.
The RSA servers authentication monitor always shows that the user has successfully authenticated, whether the users connection actually succeeds or not. I am tempted to just reboot the concentrator, but we have site-to-site VPN tunnels connected off it and I'm a little concerned that if it is faulty it may not come back up at all.
We have to setup an IPSEC tunnel for a client that does not what to exchange private IP address information for security and overlapping address space reasons. We will both be natting our source private ip address space as public IP address space and send those packets through the established tunnel. Im using a Cisco 3000 concentrator.
View 1 Replies View RelatedWe recently had a Port Scan done on our external IP Addresses. One of those IP Addresses scanned was our Concentrator 3000. The report came back with the following TCP ports being open on the Concentrator 3000 - 80, 443, 1723, 10000, 10001, 10002, 10003, 10004, and 10009. I am unsure if it is necessary to have any or all of these open. The Concentrator 3000 is in front of our ASA5520.
View 1 Replies View RelatedIs it possible to configure a site-to-site VPN between an ASA 5510 running 8.2(1) and an old Cisco VPN Concentrator 3000? I've only been able to find an old 3000 to PIX guide on Cisco's site, and I cannot figure out how the two device's VPN options match up.
These are the options from the 3000:
IKE Proposal
Authentication:
Encryption options:
On the 5510's Site-to-Site Connection Profile, all the options are clumped into two boxes under Encrption Algorithms:
IKE Proposal: Encryption, Hash, DH Group, Authentication
IPsec Proposal: ESP Encryption, ESP Authentication
We have a pre-shared key configured, but I cannot find a set of options on the 5510 to match the 3000; I always get this error:
3Jan 24 201310:10:09713902Group = 63.192.x.x, IP = 63.x.x.191, Removing peer from correlator table failed, no match!1Jan 24 201310:10:11713900Group = 63.x.x.191, IP = 63.x.x.191, construct_ipsec_delete(): No SPI to identify Phase 2 SA!
I need to write a small piece of code in C++ to detect whether the AnyConnect VPN client (v2.5 and above) has established the connection. I recall in Cisco 3000 VPN client when the connection gets established there is a registry value (TunnelEstablished) being set to 1. But with AnyConnect I don't see any changes in the registry. how to detect this in C++?
View 4 Replies View RelatedI uninstalled all of the Lenovo built-in remote assistance software, but still am getting an error on initiating the VPN.When I try to run the client, I'm asked to select the Group, enter the Username and Password, which I do.
I get a message saying "Establishing VPN - Repairing VPN adapter", then it crashes and reports: "AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again."
i've issue with vpn 3000. can't logon with tacacs. http and ssh doesnt work. acs server logs show that authentication was successful but no luck.
don't have access to gui as well
I just replaced my older G - Router with a new Linksys 3000. My wireless HP 1025n printer was working perfectly well on the old router and now I do not know how to change it so the printer is recognized or works on the new router.
View 1 Replies View RelatedOld Compaq Presario 3000+ getting sluggish, freezing has Compac mouse and keyboard. So brother gave me not as old eMachine. Thought I'd use KVM and play music, etc from old Compaq. KVM hooked up. Compaq keyboard works very poorly with eMachine. Compaq mouse doesn't work at all with eMachine -freezes center of screen. Switch to wireless mouse, works fine with eMachine, but then have ot use Compaq mouse if I switch to Compaq PCU. Is there a universal keyboard and mouse that would fix this?
View 2 Replies View Relatedmy environment:
IE-3000-8TC industry-switch
ios: ies-ipservicesk9-mz.150-2.SE2
if i do
vlan 12
name NextVLAN
state active
in putty, everything is ok. but if i set this lines in a config-file and use them by config net or copy tftp: running-config, then this commands are completely ignored.how to setup VLAN so that this are funktional. i dont need a "interface vlan xx"! in addition manually configured vlan are shown in show vlan command but there are no entries inside a sh running-config output even i user show running-config all.
I'm having trouble getting this to work, after my upgrade to Mac OS X Lion the Anyconnect client can no longer login. Reinstalling didn't work for me.
View 24 Replies View RelatedDoes VPN concentrator "VPN3005" work with AnyConnect SSL VPN client?
View 3 Replies View RelatedI am a little new to Cisco ASA's but we bought two new 5540's to use as a new VPN solution for our company. We want to implement Cisco Anyconnect full client and Clientless based solutions for our end users. I am having problems working with setting up access lists based on groups. I simply want to create access-lists to certain IP's based on groups. I ultimately want to get to the point where we have Dynamic Access Policies that are based on Active Directory Groups allowing access to back end servers based solely on their group membership in AD. But first I need to figure out how to just apply an ACL on a group.
View 2 Replies View RelatedWe are in the process of upgrading our win2003 radius server with a new win2008 radius server. We have an ASA5520 and FWSM in 6509, using anyconnect client. This has worked fine until we introduced the win2008 radius server. When in the asdm on the asa, you can click on the new server and click test and authenticate ok with your AD credentials. But when try to use anyconnect on your laptop, it takes the credentials password and the accept certificate, but then fails with "anyconnect was not able to connect to specified gateway.." message, then "the secure gateway has rejected the connection attempt due to network connectivity issue...host or network is 0" message. We thought we setup the new radius the same way, obviously not. is therw an easy way to use debug on the firewalls to see what is wrong? looked in event logs on radius server, have not found anything.
View 2 Replies View RelatedWe have an ASA 5520 with two VPN profiles working fine.Since some users are now working with Windows 8, VPN clients for Cisco ASA is not able to connect.I have read there are problems for such VPN Clients in that OS, and I should use now Anyconnect for them to connect. I thought we had anyconnect working also, because some users can connect to a web page they can do some kind of connections to internal servers, (web, telnet, rdp, etc) so I installed cisco anyconnect VPN client in a laptop and try to connect (same IP and port I used for that web page) but after signing I get the message AnyConnect is not enabled on the VPN Server.So I tried to follow a configuration guide for Anyconnect, but there's a step in which I am trapped, these are the steps: Click Configuration, and then click Remote Access VPN.
View 7 Replies View RelatedI am trying to configure Anyconnect for the 1st time via the GUI, though I am comfortable with the command line if required. I am familiar with PIX and IOS prior to 8.3 so this is my 1st time with newer versions. My equipment is in a lab environment at the moment but will be placed into production shortly. I recieve the following errors when trying to establish an Anyconnect VPN connection with the local account on the ASA. Below is my config
ASA Version 8.6(1)2
!
hostname TOR1PLXSD01
enable password sxZETAvnsVuPSnUc encrypted
passwd FomDbcd6ujnk.spR encrypted
names
[code].....
how to configure AnyConnect on an ASA5505, but I wanted to check before to make sure I was going the right direction.
Setup: I have a very simple setup and basic goal. I currently just have one laptop on E0/1 of my ASA5505 and then the ASA configured with a static IP plugged to the Internet. I have the ASA correctly configured and can browse the web through the laptop. I also have the AnyConnect and AnyConnect Mobile licenses as well.
Goal: I want to set up AnyConnect on the ASA5505 and just establish a successful connection from an android mobile device running the necessary AnyConnect software from the market.
There are lots of guides for specifc set ups, but as described, I want to keep this as simple as possible.
[URL]
Also, I'm more comfortable with the CLI. Is it simpler to use the ASDM wizard for this?
Will the RV042 work with theAnyConnect Secure Mobility Client app? If so, is there and app note available? If not, which routers wil work with this app?
View 5 Replies View RelatedThis is for an ASA 5505. I am trying to configure an AnyConnect and IPSec VPN connection and I think it's almost there but not quite yet. When I login from an outside network it gives me the following error for the SSL AnyConnect "The VPN client was unable to setup IP filtering" and "Secure VPN connection terminated by peer" for the IPSec. I previously had this working since Oct, but I was trying to modify it a little to accept LT2P for native Android VPN clients and that messed up everything that I had working perfectly. I checked everything as best as I could to try and match the previous settings but still can't get the darn thing to work. I am trying to also do Hairpinning, I want all VPN traffic to pass through this router... remote LAN and Internet traffic for times when I am at unfamiliar wifi hotspots and need to check email securely. I have included my running config. I also need to configure the ASA to accept native Android VPN connections. I read the most popular thread that worked for a few users but while doing those modifications that is where everything went downhill. T
: Saved
:
ASA Version 8.4(2)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
[code]....
is it possible to configure a Cisco 878 Router to act as a device(router) between a DSL Modem and the LAN ?
There is the following scenarium: "Deutsche Telekom DSL Modem -> Cisco Router 878 -> LAN"
DSL is an SDSL Connection with a static IP address.
Right now I have it connected like this: Internet-> SURFboard SB6120 Modem -> DGL-4100 Router (modem in the WAN port, 3 internet connections plus the switch in the LAN ports) -> DGS-1008G Switch (2 other internet connections connected to this, as well as an Xbox 360).The problem is that everything connecting to the router works, and nothing works on the switch even though the power light is on (however, the port on the router that is receiving the switch is not lit up). I'm guessing this is because the router only assigns as many IP addresses as it has ports or something.
View 10 Replies View Relatedwhen I try to configure my autonomous 1140, it does not work unless I use numbers.If I put in my phone number as my key, I can authenticate just fine. When I change it to some random letters and numbers.
View 6 Replies View Related