How can I increase the timeout value on an IPSEC VPN tunnel running on an ASA5520? The users claim the tunnel is timing out causing transactions to stop flowing.
View 2 RepliesI purchased and installed a new EA4500 wireless router. At the same time i had a new Voip phone system installed as well which i'm having issues with. The main issue is that my phones communicate with the service every 240 seconds....the issue is that my NAT timeout is below that 240 threshold. Thus my phones go in and out constantly. increasing the NAT Timeout.
View 5 Replies View RelatedThe GUI times out after 60 seconds.
Since the the "exec-timeout" setting has a default of 10 minutes (if I'm not mistaken), I don't think I could change the timeout value with that command.
Under the "Association" tab of the GUI, there is an "Activity Timeout" subtab and settings for 5 device classes, all set at 60 seconds.
I would guess the setting in question can be configured here. Is the client station device class what I'm after?
i am configuring a Cisco Secure ACS 1120 appliance running ACS 5.0.0.21 to handle RADIUS request from a Cisco WLC 5508 appliance running version 7.0.116.0.these devices have open communication on all ports - no firewalls or ACL'sthey have successful ping communication The following statements illustrate some but not all the debugging I have done to ensure each device functions as it should in isolation.Using a simple windows RADIUS server (radserv2.exe) instead of the Cisco ACS This works and the WLC gets RADIUS response from my makeshift serverUsing a simple windows EAP client to query the ACS using RADIUS protocol this works and the ACS processes the RADIUS request and sends a responsePlaced a wireshark client on the network to inspect timeout. Wireshark logs the packet from the WLC to the ACS using port 1812 but doesn't see any packet responses from the ACS At the moment I have the WLC accepting the association from the wireless client and sending the RADIUS (PEAP, EAP-FAST or EAP-TLS) request to the ACS, the WLC receives no response and generates a timeout message and disassociates from the client. note this is not a reject or similar message, the ACS simple does not even process the packet. i.e. there is absolutely nothing in the ACS logs to suggest it even received a radius packet from the WLC. In summary the WLC and the ACS successfully function independently but they do not communicate via radius.
View 3 Replies View RelatedIs it possible to NAT source & destination addresses (twice nat) on an ASA5520 running 7.2(5)?
View 4 Replies View RelatedI'm running a couple of 5520 (with failover configuration) and fw 8.3.1. Everything worked fine until I try to upgrade firewall to new fw version: 8.4.1. [code]
When I try to upload new firrmware or asdm image, ASA, the appliance reboots during tftp session. I've already tried to upload new images on both appliance, or use CLI either ASDM, but the result is always the same: ASA reboots.
From my point of view, the problem isn't the image but could be the firmware I'm running, becouse using fw. 8.0.1 I was able to upalod asdm 8.3.1, but using fw 8.3.1 I can't upload the same image.
I have an ASA 5520 running version 8.2(1) and I am having an issue with ASDM sessions.I can SSH into the ASA and have tried to clear the sessions but they do not clear as per below.
largoGW# sh asdm session0 dguselnx1 dguselnx2 dguselnx3 dguselnx4 dguselnxlargoGW# confi tlargoGW(config)# asdm disconnect 0largoGW(config)# asdm disconnect 1 largoGW(config)# asdm disconnect 2largoGW(config)# asdm disconnect 3largoGW(config)# asdm disconnect 4largoGW(config)# exitlargoGW# sh asdm session0 dguselnx1 dguselnx2 dguselnx3 dguselnx4 dguselnxlargoGW#
An interesting point: the host dguselnx is my linux based computer that I am using to SSH to the ASA. I do not connect via ASDM from this device so it is strange that the hostid for the asdm sessions is showing as my linux host and not my Windows laptop (that I am trying to connect via ASDM from).
ASA 8.2(5), uauth absolute timeout is disabled and inactivity timeout is set to 48 hours:
timeout xlate 48:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:00:00 absolute uauth 48:00:00 inactivity
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
Users still get kicked out every 8 hours and they have to reauth. This is a logging message:
%ASA-5-109012: Authen Session End: user 'john', sid 839, elapsed 28801 seconds
Our firewall expert has gone off on long term illness leave and I am trying to pick up the pieces :-(
We have an ASA 5520 (local office) talking to another ASA (remote office) via a VPN Tunnel.
My 1st problem is that I cannot ping from my inside network (local) to the outside interface of my remote ASA.
My 2nd is that I have debug enabled on my rules but am not logging anything.
I have 30 switched in my corporate network it’s all up and running all switches running by default configuration and connected to WS-C4506 core switch our dhcp server pooling 192.168.100.1/27 network. Now we need to configure new Vlan for finance department this department has more than 200 users. If my server distributes 192.168.200.0 range ip can vlan2 automatically assign ip 200.0 addresses to finance department.All switches running default config no ip address assigned.
View 9 Replies View RelatedI need to replace an existing ASA 5540 with a new ASA 5525X. I would like to pre-stage and configure the new box with the existing config, migrate license and export certificate files before swapping it with the old one during a change window. The new firewall will run 9.1 on deployment. Now the same 7.2(4) cannot just be copied over to 5525X running the minimum 8.6 version. There is a Web based tool available at [URL] according to Cisco documentation but the page does not load for me (Cisco intranet only tool ?). Is there another tool for automatic conversion ?
View 3 Replies View RelatedIf you have a PoE capable switch, is there any way to increase the PoE budget? Especially the 3750 range. I've heard people say that by adding another power supply in the switch you can increase the budget.I've got a 48-port 3750 and I may need to connect a lot of Class III (15.4W) PoE devices. Power budget of a 3750 is 370 Watts, enough for 24 Class III, but likely I'll need more.
View 2 Replies View RelatedIsn't there a way to increase the TTL of an OSPF Hello packet or am I thinking of a different protocol? Or is it only with virtual links? I can't seem to find it in my ROUTE cert book or on the Intarwebz outside of setting TTL security, but I could have sworn I remembered configuring something like this in my ROUTE lab book that I unfortunately do not have at work.
View 8 Replies View RelatedRecently I bought a new router and it works great but I'm still having bandwidth issues. On average there are 6 devices running at once, but only two of which do anything that takes up a significant amount of bandwidth and the router is a good distance away from my computer and my brothers (we do online computer gaming). Is there any way to increase the amount of bandwidth we get up here with out having to move the modem and router?
View 1 Replies View Relatedhow to increase speed in my network (10 pc)
View 1 Replies View RelatedToday I purchased a Gatway laptop from Best Buy. Here is all the information NV51B15U, 4GB DDR3 Memory, AMD Dual-Core Processor E-350, 250 GB HDO. My internet is Virgin Mobile EVDO Mobile Broadband. I have know knowledge of computers or this USB internet I have. When I try to go onto Youtube to watch videos the video will play for about 2 sec stop and starts to buff the play then stop and so on. I have java and flash player 10 installed. I was told that I may need to go through another internet provider as the speed from the USB cord will never get any faster. Is this true? Is there something I can do to be able to watch videos without having to wait 10-15 minutes for it to load?
View 6 Replies View Relatedwhat fields of IT increase internet availability. I have lived in South Korea for the last six months. I can't say how much better life is because there seems to be universal high-speed internet access, even at 24/7 fast food places like Dunkin' Donuts, McDonalds, etc.).
View 3 Replies View RelatedI have one hub router connected to an ISP cloud and then a spoke router connected to the same ISP cloud. There is a dmvpn connection from the spoke to the hub router and i have attempted to do a few tests from the spoke to the hub router.
When i do a ping from the wan interface (tunnel source) of the spoke router to the wan interface (tunnel source) of the hub router i get a return time of about 700ms on the average. However when i ping from the LAN of the spoke to the LAN side of the HUB, my return time increases to 1000ms and sometimes as high as 3000ms. I suspect the hughes modem HN7700 on the wan side of my spoke to be the cause of the problem.
is that possible to increase the number of SSL VPN User Licenses on ASA5510-SSL100-K9 using for example L-ASA-SSL-50= ?Is there any limitation ?
View 3 Replies View RelatedDoes Cisco ASA 5510 and 5505 has module for increase performance VPN ?
View 3 Replies View RelatedI have got 3845/3945, I would like to increase HWIC slot density for HWIC 4 PORT ISDN BRI S/T ports through the NM/NME/NMX slots, Is there any measns to do that?
View 2 Replies View RelatedMy company has 2 sites. Between them we have 100 MGB link. We do replication every day our data. Recently we had a issue on replication then we stopped about 20 replication. And now issue is fixed, we are started replication. Average replication is 75%, we need to reach it 100% ASAP. But me and my co-worker have little bit different mind about replications are running in same time. I thought there is no difference for total time between one by one and all running in same. But co-worker saying one by one is much quicker.
View 2 Replies View RelatedI have a new setup in my home due to the increase in devices needing internet access.I bought a 8 port netgear switch and have it connected to my router.My question is this, will the speed/performance of my internet be lower(via switch) compared to if I was just connected straight to the router,
View 2 Replies View RelatedI am having trouble with my internet speed at my computer my provder says the speed is fine from their end 100mbps but when i check the speed at my end i am only getting 32mbps the other clue is when I am on a web page it constantky flickers. I have reset the router by turning off the power and then back on the other thing i have done is change the ethernet cable.
View 1 Replies View RelatedI currently have a dlink dir-655 in my basement. my computer on the second floor is connected via DWA-160. I Only have around 2-3 signal bars, and never get the 300mbs like described. i would like to know all the possibilities to extend my range (to have 5 bars) or get better connection speed. do you recommend an access point or an extender? Which models? also, if i have an dir-615, can i use it as an acesspoint/range extender for my computer on the 2nd floor? if so, how? I am looking for the cheapest alternative in order to have better signal and speed. The modem is stuck in the basement therefore I cannot move it.
View 3 Replies View RelatedI AM USING "1" M.B.P.S.LOCAL AREA NETWORK. I AM GET ONLY "100" KBPS DOWNLOAD SPEED HOW TO INCREASE MY DOWNLOAD SPEED?
View 1 Replies View RelatedI uploaded an .avi media file, which filled 2.81GB and it took me 7 hours!I was like holy ***, how is it even possible for it to take so long time for an file that only fills 2.81GB?
View 4 Replies View RelatedI have computers scattered across our home, and in many areas it is not feasible to run ethernet cable. At one location (less than 30 feet away) but through multiple walls, I can barely connect to any POS (I have two). I added a stand alone antenna extension with long antennas on both the router and the WiFi card on the PC, however, this made zero improvement.What should I be looking to purchase to increase the signal strength? I've already tried different routers.
View 5 Replies View RelatedI have one AP with dual antennas and I want to upgrade one of the antenna to 7Dbi to increase the range. will it work
View 1 Replies View RelatedHow to increase my Laptop wireless range?
View 2 Replies View RelatedWe have an EHWIC for a 2900 router. Apparently, this card supports QinQ.. However, there is no usual MTU command. Therefore we cannot increase the MTU to support the extra four-bytes of VLAN tag. We have tried 15.2 and 15.1 code. May be the command is different. I'm about to go and do some digging elsewhere.The card is EHWIC-4ESG.
View 6 Replies View RelatedI am considering deploying several of these for our church to provide internet access. When reading the manual, I found on the last few pages that the device only supports a max of 63 users at a time. Is that correct? If so, any way to add more ?
View 1 Replies View RelatedI got a Cisco 2960-S LAN (support PoE+) switch installed in one of my customers' office. The customer needs to plug some cameras to the switch and need inline power from the swtich.
Two of the cameras requires 24W power in order to work correctly, if just use normal PoE power, can't get all functions working and get an error message on the screen says "not enough power" or something like that. I have configured those two port to static power inline (on a max value which is 30W). Once the configuration applied, shut/ no shut the port, the error message disappeares for a few minutes, and then comes back. Looks like the power level is still on PoE not PoE+.
Is there anything I can do on the configuration to increase the inline power and provide a stable power to that kind of devices?
SW02#sh power inline
Module Available Used Remaining (Watts) (Watts) (Watts) ------ --------- -------- ---------1 370.0 141.7 228.3Interface Admin Oper Power
[Code]....