I am having a problem configuring a VPN connection from a 1721 router to an ASA5520. The router has already been configured, but I have been asked to setup the VPN.I think the issue is because they are using a Loop back interface (which I have never configured for before).
The "sh crypto isakmp sa" command shows:
dst src state conn-id status
5.6.7.8 1.2.3.4 QM_IDLE 4 ACTIVE
where 5.6.7.8 is the ip on Loopback0, 1.2.3.4 is remote peer ip. Pings to the remote network don't work.
Here is the (slightly edited) config of the 1721 :
Current configuration : 3838 bytes!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
[code]......
i got a big problem, during a configuration reset i got an electrical blackout. I have set the configuration back after a password reset and send the reset prompt. At the restart of the router the blackout take all for 10 seconds out. When i restart the system an connect the router with the hyper terminal i get the following output:
[Code].....
I think the config was lost but how can i restart the router and enter a new one?
My company just assumed management of a remote entity. The network has several misconfigurations and I need to make some network modifications from my office w/o losing access or incurring lengthy outage to the clients. The network consists of 1721 router and three 2960 switches.
- I only have access to the router from the Internet. I telnet off the router to the 3 switches.
The site uses a single class C 192.168.1.0 / 24. The router is running RIPv2 even though this is the only network. The prior network person (contractor) set up separate native vlans on each switch and all the ports are defined as Native trunk and access are defined to the VLAN interface assigned to the switch. So of course the logs are flooded with Native VLAN mismatch, Each 2960 switch is a VTP server but has no VTP domain.
basic network layout:
Internet => Eth [Cisco 1721] => Fa 0 192.168.1.254 ==> [SW1] [SW1] interface Vlan1 no ip address no ip route-cache!interface Vlan220ip address 192.168.1.219 255.255.255.0no ip route-cache
[code]....
!interface GigabitEthernet0/1description SW2 Gi0/1switchport access vlan 204switchport trunk native vlan 204!interface GigabitEthernet0/2switchport access vlan 204switchport trunk native vlan 204!interface Vlan1no ip addressno ip route-cache!interface Vlan204ip address 192.168.1.224 255.255.255.0no ip route-cache Normally, I would assign the current 192.168.1.254 to a subinterface to Router Fe 0/0 but with each switch having its own native VLAN I am afraid I will lose connectivity to the downstream switches -- my only access is telnet off the Cisco1721 Router.
I must create a point-to-point vpn connection with two firewall cisco asa by using certificates. Do i have to buy 2 separate certificates or one is enough?
My client is upgrading from anyconnect 2.5.2014 to 3.1.00495. The ASA is running ASA 5520 version 8.2(5)33 and is in an active/standby failover pair.when trying to push out the new 3.1 from the pair to windows 7 and XP machines, he gets the error "Failed to get configuration from secure gateway. Contact your system administrator". When he tries to push 2.5.2014 and 2.5.6005 out from the pair this works fine.When pushing the 3.1 out from a stand-alone test ASA 5520 it works fine.
I am having a wierd case, where in i have a 5520 and i am not able to ssh into that firewall. When did a capture on that firewall it shows my connection is getting reset as soon as i try to ssh into the box. Given below is the config for ssh into the firewall.
My ASA confi are as follows. i cant to do use ASDM, HTTP, Telnet from my local interface and ip 192.168.0.46 &14.My ASDM is ok as i can connect other ASA. what mismatch here i cant understant.
I am trying to configure a server(192.168.5.50) in DMZ(192.168.5.0/24) to be able to communicate with a domain controller(10.5.44.220) in the inside network(10.5.44.0/24). I made some configuration using ASDM(not familiar with the CLI) but not working and it caused existing NAT not to work, for example RDP(TCP 3389) connection to 38.96.179.220
The things I am trying to achieve are
1. two way commucation between 192.168.5.50 in DMZ and 10.5.44.220 in Inside for SecureAuthPorts and SecureAuthOutbound service groups
2. NAT for 192.168.5.50 mapping 38.96.179.50 for the service groups mentioned above
I am trying to setup email alert on our ASA 5520 so that i can receive emails to my exchange account below is the configuration [code] The smtp server is in our internal network.first i am not able to ping 172.17.1.12 as ping is blocked.i did this confgi like two days before..but ca see alerts and error messages through asdm but no mail is coming in.
I have new ASA 5520 units currently we are using ASA 5510... I have to migrate all the configuration to the new ASA 5520 units....I am wondering is there a possible way to export and import certificates from ASA 5510 to 5520....
how to export or copy all the configurations, plug-ins, certificates from 5510 to 5520.Existing configuration snapshot...CA certificates from third party installed for authentication and identity certificate from Verisign
On our cisco 3750 switches we can take config backups with the archive command. After every "write mem" it rights the config to our backup server. We would like to do this also for our asa 5520 with version 8.2(2). I also searched in the command reference guide, but I can't seem to find the proper command to do it.
I am trying to configure multi context on the 5520 ASA , how can i configure 1 outside and 1 inside for the 2 context or how to configure both outside from the same subnet and insides also from the same subnet , i did the below configuration but didn't work . [code]
i have two internet links each of which from different ISP and different real ip addresses.Want to make the second backup internet work for Internal and external (AnyConnect) users.
my question: is that applicable to register single A record with different real ip addresses? and also is the AnyConnect method the best solution for them?
note: i have single firewall 5520 behind the cable modems.
I recently configured WCCP with a Sophos Web Filter on my network it works good but the problem I am having is I have two 5520s so I am directing the device to look at 2 different IP addresses and since the devices are in an Active/Passive failover. The problem is because the second device is in a passive failover it is not responding which is throwing connection errors to my Sophos device. I know you can have a single management connection for the ASA's but is there a way to have a single IP for the ASAs for the WCCP?
We have dns server(only Internal IP) inside our network, right now we have configured Remote Access VPN using Public IP and we connect it using the same Public IP. I need to use FQDN instead using Public IP. What is the configuration for this.
I've gotten to the point where I can test against active directory and get in, also I can get AD groups from my server on the ASA. My problem, I can't connect in via my AnyConnect client on my Android. I immediately get a "log in failed" and I know I'm using the right username/pass. Doing a little troubleshooting, I have attached my AnyConnect debug log and the results of the "debug ldap 255" command on the ASA. Also, I've used ldp.exe to determine I can connect in with the username/password combo I'm using.Combing through the AnyConnect logs I see a few instances of "global error unexpected" but no Google searches have brought up anything useful.
I have a 1721 router in my home & I want to setup it for firewall/ vpn. Is it recommended to purchase a WIC-1ADSL? What module is recommended for VPN? Is it possible to setup VPN using DSL / Dynamic Ip connection ?I want to explore on Cisco security & I get this advice from a supplier.
I've got three Cisco 1721's and a 2610, two of the 1721's are 32f's, the other one is a bit older but is still the same model. The two Cisco 1721 32f's have 1-dsu-t1-v2 wics in them, and the older 1721 has a 1-dsu-t1 wic in it. Now no matter how i have configured it the old t1 wic will not talk to the v2 wic. I've tried putting the old wic into a 1721 32f and it doesn't work at all!
What i have working:
router DCE (1721 32f with v2 wic) can talk to router DTE (1721 32f with v2 wic) no problem with this configuration.
Router DCE:
-service-module t1 clock source internal -service-module t1 data-coding normal
[ code].....
Router DTE:
-service-module t1 clock source line -service-module t1 data-coding normal
[ code]....
Router OLD (1721 with v2 wic) can talk to router DTE (1721 32f with v2 wic) no problem with same config. What doesn't work: Any router with 1-dsu-t1 (old) wic to router DTE (1721 32f with v2 wic). again same configuration as before, so whats going on that i cant get this to work? Is the old t1 wic not compatible with the new t1 wic?
I can not apply the LLQ to ADSL ATM interface. the system take the command with out any error message, but no in the show running config. Any Cisco link can explain this? [code]
I just purchased one of each of the above, both with 1ea WIC 1DSU-T1, and would like to connect them directly to each other in a lab scenario. Do I need to have an RJ48 cable or will an RJ45 work? I have them connected now, but they are not seeing each other. They are connected via S0 on the 1721 and S1/0 on the 1760.
I have a 1721 router with 3 equal routes to 0.0.0.0, using CEF for load balancing with universal load balancing algorithm. It doesn`t NAT, just routing. I wonder which is the maximum capacity of the router, since it should support up to 40000 connections to different destination IP. Is the limit set by the router resources (CPU, memory, ...) or a maximum limit of entries in the table FIB / RIB?
Trying to work out if I can setup a VLAN interface on a 1721 router.The only interfaces that are listed are the Ethernet (W1-ENET) and the Fast Ethernet interface.I'm still super new to all of this and learn how to change IOS via rommon and TFTP after realizing I had an IOS too large for the memory?
Monday, I had a cisco 1750 router in place suddenly stop communicating to a Larscom ISP owned unit. Since then I have sent two replacement 1721 routers with WIC-1ENET cards. I have used the original straight thru cable to connect the 10baset port on the Larscom to my E0 on the WIC-1ENET. No link lights on either. I have also tried a known working straight thru cable and a crossover cable. No link lights.
I can take a crossover cable from a pc and ping the E0 port without issue. The ISP is telling me it is an issue with my equipment.
I have the Cisco series “Cisco 1700” routers operational at my client site, These router suddenly get reboot with 1 or 2 hrs gap. See the below errors which has been captured in router logs:
============================================================ 00:00:09: %SYS-5-CONFIG_I: Configured from memory by console 00:00:11: %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) C1700 Software (C1700-Y-M), Version 12.2(16.1)T, MAINTENANCE INTERIM S OFTWARE TAC Support: [URL]
router 1721 with one wic-1adsl ,i have adsl conection with irb static ip. the router connect with mannaged switch through a trunk port. the switch has 2 vlans one for the static IPs and the other for private lan. i need the private lan to be able to go to internet. vlan2 can go to internet because it has the same subnet with provider but vlan 1 canot go internet, so how i can make all vlans go internet(the router has only 1 fastethernet port)
I have a 1721 router installed with both an adsl wic and a 4 port switch wic card. My setup is as follows:
pc connected to port 3 (mode access on vlan 20) on the 4 port switch wic (installed in 1721 router)port 4 is configured as trunk (encap dot1q) and connected to fasethernet 0 (inbuild of 1721)fastethernet 0 configured with no ip address?
created sub-interface fastethernet 0.20 with encapsulation dot1q on vlan 20?ip address of sub interface 0.20 is 192.168.20.240?pc nic ip address is 192.168.20.245 however cannot ping 20.240?I want to use only this router with its switch wic for vlans and internet?
I managed to setup a 1721 router as a vpn server connecting to it using a cisco vpn client however altough I am obtaining an ip address as defined in the dhcp pool I am unable to communicate with both the remote network and also I have no internet as soon as I connect.
