Cisco WAN :: 5520 Best Way To Integrate 20meg WAN Link Into LAN
Jan 16, 2012
We have a core 6500 switch that has a PRI module in it that binds (4) T1 lines together and we also have a 2600 Rtr that binds 4 other T1 lines together and pipes them into a ASA5520. We are changing WAN vendors but still have to maintain the (8) T1 connections until our contract runs out, which will be in a few years. The 8 T1's are not enough bandwith for our operation and we will be adding a 20meg WAN link in the next month. What I am trying to figure out is how to best integrate 3 different WAN links into one LAN. What I am thinking of doing is to leave the 6500 core switch as is and then to purchase a router that can hold (4) T1 wics and the 20meg link. Is it possible to bind those 5 links together even though they are different vendors?
i have a cisco ACS version 5.0, I need to authenticate a wireless users connected to WLC 2100 controller when i connect the controller to a Dot1x port in the switch , the port go down.
I recently installed a 2951 with a security plus license..I hate it (security featuers not router) and would like to put the asa back in place.how to integrate the asa with the 2951, I believe I need to run it in multi context mode.
We have LMS 4.1 in our network. We had recently installed Remote Syslog Collector on a new Server to collect logs from all the devices. How can we integrate the Remote Syslog Collector with the LMS Server?
I have installed 4 unit Cisco Aironet 1250 acting as Autonomous AP each. I want to integrate these AP to Windows Active Directory for authentication level.
When I read configuration guide on Cisco Aironet, they must be authenticated via RADIUS server.
Is it possible that these AP directly authenticated to Active Directory via LDAP protocol?
We are looking at possibly adding a second 5508 controller to our network and running in HA mode. I see now that there are 5760's available that run on IOS. Is there any way we can integrate a 5760 into our existing network instead of going with a second 5508? I would prefer to invest in newer hardware whenever possible.
I have a question. What is the requirement of integrate ACS 4.2 Appliance and AD about CA server? it has to be windows 2003 server enterprice o windows 2008 enterprice? or it can be windows 2003 and 2008 stand alone? another question is about multi domain, i have domain father and children. the installation of CA Server is in domain father to enable 802.1x with AD with all domain children integrate? or I can be install the CA server in the server of domain children and is it work (CA server installed in server in domain child and it working all domains child and father)?
I planning to integrate cisco asa5505 device in runing enviornment for filter ip traffic.Internet ----router----ciscoasa----lan.Ip series is public(25.263.25.0/24) througout of network (no privateIP)now how do I set asa in such case and filter traffic from comming into lan and going out to internet.
We having ACS version 5.2 0.26 with Active/Standby. We need to integrate active directory with ACS. Domain name given by Server team was as xyzcompy.local. When I tried to resolve the same domain name I got five servers ip address against the same domain name. however we given the ip reachability to only for two servers. We we try to save we get error saying that "Can not resolve the network address".
So my questions are;
- does ACS should have ip reachaibility to all five servers
- does the username/password we entered in the ACS should have domain admin rights?.
- the given AD is configured with windows NTP [URL] but when we configured ACS as windows NTP it was taking local server as active NTP..?
When we check the ACS logs, we saw the following error;
in acsLocalStore: AdminName=acsadmin, DomainName=qatarconvention.local, ADOperationResult=unable to create secured connection against AD server, switching to non-secured connection. javax.naming.CommunicationException: simple bind failed: qnccad02.xxxxconvention.local:636 [Root exception is java.net.SocketException: Connection reset], in ACSADAgent; 32484]: INFO dns.findsrv FindSrvFromDns failed: res_query failed _ldap._tcp.xxxxconvention.local Sep 4 12:43:20 acs01-cc4 adjoin[32484]: INFO cli.adjoin Join to domain 'xxxxconvention.local', zone 'null' failed.
I attached some screen print which saw the error and output of nslookup for the domain name.
I cannot integrate Virtual MSE 7.3.101 with my Prime Infrastructure 1.2 After I setup MSE via its wizard, I make a change on WCS username and password. When I try to integrate MSE with Prime Infrastructure, Prime notify me about the mismatch username/password.
I have a 2951 which i want to integrate to the CUCM and wish to plug a Siemens ISDX into it which is the best card to use NM-HDV2-1T1/E1 or WIC2-2MFT-T1/E1? its QSIG
I would like to integrate our intranet web page with Cisco WLC 2500. Is it possible to integrate custom web page with WLC. I know, that I can create custom authentication page, but what about creation of the user?
I need to integrate Cisco ISE and WLC5508 with FlexConnect (local switching) using EAP-TLS security for wireless clients across multiple floors (dynamic VLAN assignments based on floor level). The AP model used is 3602.
- What RADIUS Attribute can be used for dynamic VLAN assignments based on floor level? Is there an option where I can group all LWAPs in same floor for getting certain VLAN from ISE?
- I intend to use WLC software version 7.2 since 7.3 is latest version. Has someone use WLC software version 7.3 without any major bugs/issues pertaining to FlexConnect and EAP-TLS?
- I read some documents saying L3 roaminig is where the associated WLC has changed. However if user move to different subnet but still associated to the same WLC, would this be consider as L3 roaming too?
I have a 2821 ciso router and i want to setup a vpn for my windows domain users , they must to reach the domain from outside. There is posibile to intregrate Active directory auth with pptp running on 2821 router? kind of dialin via radius server(IAS running on windows server 2003).
i have two internet links each of which from different ISP and different real ip addresses.Want to make the second backup internet work for Internal and external (AnyConnect) users.
my question: is that applicable to register single A record with different real ip addresses? and also is the AnyConnect method the best solution for them?
note: i have single firewall 5520 behind the cable modems.
I am having cisco asa 5520 with internet having public ip and cisco 2911 with mpls link in my office. the mpls link is between my HO and my branchmi am putting my webserver in the branch side i want to port forward one of my publicip in my office to be forwarded to branch we, server.is it poosible on the firewall ouside the local network.
We use Cisco ASA 5520 (in HA configuration) connected to Cisco Switch 3750, ISP connection (25 Mbps) is straight to cisco 3750 switch. Since, Internet traffic is now high, a seecond ISP will be added.Our plan is to do Internet Link Load Balancing. My understanding that AS5520 can not do balancing.What appliance do you think I can use to accomplish the link balance?Also, take in consideration that our current ASA is also our VPN server and there are two DMZ zones.
I was trying to assing statefull link as same as LAN failover link on ASA5520 with VPN Plus license. But i am getting the below error. Is there any restriction in the license itself.
I want to use 4506 to track link 1 so that if it fail the traffic will use link 2 to go to ASA firewall. Switch_1 and Switch_2 is configured to use VRRP where Switch_1 is the primary.Current configuration (which im not sure about it):Switch_1track 1 interface gigabitethernet2/3 line protocol.
I have a Cisco 3560X 48 port Ip base switch with v lan configured and ip routing. Ports 1 and 2 are in ether channel and routed ports to ASA and have their own network of 192.168.22.49/30. The ASA is configured with the same config for ports 1 and 2. The channel group ip address on the 3560X is 192.168.22.49/30 while the other end of the up link is the ASA and its configured with .50/30.
I have 6 v lans plus the one native v lan. They are all configured with ip addresses. Each V lan should be able to talk to one another other than DMZ v lan which is trunk and routed directly in the ASA. On the switch I can ping the IP address on the ASAs up link .50/30 but I cannot ping the ASA from any host on any of the V lans. My switch config file is posted below. The ASA seems to be able to ping any host in the VL ANS due to static routes that are in place. Why I'm not able to communicate to other v lans or even ping the ASA?
Config for 3560X L3Switch#sh run Building configuration... Current configuration : 8056 bytes ! Last configuration change at 00:45:43 UTC Mon Mar 8 1993 version 15.0 no service pad [code]....
We were using ASA-5520-K9 with ASA-SSM-AIP-20-K9 but recently found some hardware problem in our running ASA. Now cisco want to replace with ASA-5520-K8.
After having a hard time getting the VPN back to default, I logged into the ASDM and reset to factory defaults. After it reset, I logged in via the management port and configured everything to work. When I clicked on "apply", it gave an error saying that the inside interfaces, g0/1, IP address is on the same network as the management interface. When the ASA restarted, I am now unable to get into the unit via the management port or the inside interface.
I had set the management port to 10.0.1.254. WHen I connect an ethernet cable to it and place my mac on the the same network, I can ping the management interface, however I cannot SSH, Telnet or ASDM into it.
Here is the big problem, I don't have a console/rollover cable to connect to the console interface. Is there another way I can default the box? Maybe via the reset button on the back somehow? Or, is there a way to figure out the ip address of the inside interface? I'm assuming, since it did not take the IP I set, that it defaults to something right?
I cannot seem to ping between devices on two networks hanging off a 5520 unless I use the same-security interface command. I have the relevant ACL's set up between the interfaces, but it just doesnt work unless I have that command in - if I use that command, it bypasses the ACL.
We are attempting to implement an ASA 5520 with a new ISP. Based on the limited routing needs, I believe we can use it as the router as well. I am familiar enough with routers, but the ASA is obviously a different thing.
The setup looks like:
ASA Version 8.2(1) ! host name Cisco interface GigabitEthernet0/0description Internet name if Outsidesecurity-level 0ip address 69.XX.46.1 255.255.255.252 !interface GigabitEthernet0/1 description DMZnameif DMZsecurity-level 0ip address 69.XX.56.1 255.255.255.240 !interface GigabitEthernet0/2description Localnameif Insidesecurity-level 15ip address 10.0.XX.XXX 255.255.252.0 [Code] .....
1) Outside 0/0 connects to MRV from service provider (Public) 2) DMZ 0/1 connects to outside switch with servers (Public) 3) Inside 0/2 is LAN (Private)
A) Based on a completely default config and aside from setting the routes to send traffic from inside to outside, and outside to DMZ, what is the next step?
B) What should the interface security levels be, I am unsure what they should be or why...?
Based on the initial config with interfaces set as above, I cannot move traffic through.
I got a VPN request form from one of our partners. On my side I have one ASA 5520 running 8.0(3) On their form, It says that their endpoints are two boxes, sitting on different cities, It also says that there is only one encryption domain, (actually just one IP) that I need to speficy on the VPN setting. It looks like they mean that you could access the same encryption domain from any of the two Boxes in different cities. This is strange to me, since every time I have set up VPN before, each endpoint has their own encryption domains.I never seen two enpoints with the same encryption domain behind, so Im confused wether it might be a mistake on their part, or this is expected.
Is it possable to use rsa token on the ASA without setting up any other server just using the ASA, out clients use the cisco vpn client version 5.0.07.0290 and IOS 8.3(1), How would this be done?
I am trying to configure a SSL VPN on a Cisco ASA5520. Unfortunately the port 443 of the OUTSIDE interface of ASA is already in use by Microsoft Outlook Web Access and I cannot change the configuration of Outlook. This configuration already in place prevents me to use the public IP of the ASA as Cisco VPN ip address for the webpage. I don't either want to use a different port so to keep life easy for the users.I have some public IPs available that I can use so I wanted to use one of them instead of the ASA's OUTSIDE interface.
I have connected an ASA 5520 firewall DMZ to SERVER (17) vlan in core switch and INSIDE is connected as trunk to the core switch (including vlan 15,18). now the management ip of the switch is 10.xx.xx.126/25. and the other vlans are showing "administratively down"..but if I enter to any of the other vlans and do a "no shut", that particular vlan wil go UP but the other 2 will go down..means only one vlan become up at a time.
I have an iPAD. It connects to my ASA5520 via IPSEC. When it connects it gets an IP address from the ASA but it does not get any of the other stuff. Specifically the DNS suffix. How to correct it?
I have a L2L VPN tunnel on a Cisco ASA 5520 that I'm trying to get RRI to work on. On my cryptomap ACL I have defined a local object-group and a remote object-group, and I'm performing one-to-one NAT on the local group. I also have a route map configured that will take the static routes and redistribute them into my EIGRP AS. Two things I've noticed -1, I'm not seeing any static routes on my ASA that point to the remote subnets, and 2, the ACL that I've used in my route map definition is not getting any hits on it.
