I using IOS c2950-i6k2l2q4-mz.121-22.EA14.bin but no support command "ip http secure-server" and I not connect switch by CNA. How I fix ? Or IOS C2950 support ip http secure-server and ssh ver2 ?
View 1 RepliesI am trying to configure interface vlan1 to get an ip address from dhcp by entering the commnad ip address dhcp ios rejects the dhcp portion of my command as not recognised although it is referred to in Cisco manuals.my IOS version is c2950-i6k2l2q4-mz.121-22.EA14.bin.I get the same problem when I try to configure ip http secure-server on the switch. Is this a known bug or whether I have the correct IOS version for these commands?
View 6 Replies View RelatedI am running DHCP snooping for VLAN 1 on below switch
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA4a, RELEASE SOFTWARE (fc1)
Model number: WS-C2950-24
Looks like below IOS does not support snooping.
Model number: WS-C2950-24
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(14)EA1a, RELEASE SOFTWARE (fc1)
I have seen that the current WLC software release, 7.0.116.0, does not support secure LDAP using TLS. Are there any plans to incorporate this feature? (I've read that it was supported in previous releases to version 4.2). Is it in the roadmap of the product?
View 1 Replies View Relatedi've been using a VPN to connect to my home network from elsewhere for a few months. It's set up as follows:
PPTP
Maximum Strength Encryption
EAP-MSCHAP-v2 Authentication
Now I find out that MSCHAPv2 authentication has been broken and is no longer considered secure (even by Microsoft), so I want to change the protocol I'm using to make it secure.
However, I've spent 3 hours now researching this and I cannot for the life of me figure out how to use a better protocol on my Windows Server 2012 home server. I've tried setting up PEAP authentication (still PPTP) a la Microsoft's recommendation document, but it requires a certificate. I've created a self-signed certificate but it seems I can't issue certificates (via this method) without being a member of a domain, so I'm stuck. I can't even get started with L2TP since I can't find the option for it.
My question is this: Is there a way to setup a secure VPN server using Windows Server 2012 without a domain? If so, how do I do this?
How many newtork devices can Cisco Secure ACSv4.1 support is there any limit on the same? How to get the Specs of Cisco Secure ACSv4.1 on the above grounds...
View 2 Replies View Relatedi had done inter-vlan routing , attached a DNS server to that network, i didn knw how to config a server to act as http??? so that i can view webpages forn systems of that network??
View 3 Replies View Relatedwe are having some trouble setting up our router (Cisco 861W) webserver on the LAN so that it can be accessed from outside (http via port 80). When we try to access it via the web address, we just get the login window of the Cisco router software?
View 10 Replies View Relateddue to goverment regs i need to secure the server vlan at work. i was using a acl applied to the vlan, but thought adding an ASA would provide better security. I had done some brief review of my design and options. I was thinking of using vrf and connect to exsisting ASA 5520. i would need to add the server subnet vrf to the global routing table. seems to get tricky. I am currently testing just adding the firewall to a vlan with a client. No vrf. This seems to working ok but the inbound and outbound rules have to be adjusted more than i realized. I was expecting traffic inaitiated outbound to flow unrestircted and filter on the inbound.
View 7 Replies View RelatedI have one server-A(windows 2008) installed one application called"host front" which gives athentication to connect Linux(mainframe console)server(SERVER B). These 2 servers are bihind the firewall.If one internal user who has the athentication to logine server-B ,tried to login server A,will get the" username and password"screen and once they enter the username and password ,will get the server-B screen.But if somebody try to connet via MPLS(we need to test MPLS site customers) from outside via ASA 5540 ,to server-A will get the "username password" screen and once enter the credentials,after 1 minitue will get error"http server faild to send datas to the server" and will not move to server -B screen.Where do you think is the problem?
View 3 Replies View RelatedI just upgraded my ASA 5585 cluster from 8.2 to 8.4. I also upgraded the asdm .bin from 6.35 to 6.43. after rebooter the cluster, I try to access it with ASDM installed on my computer but it blocked at 17%.I tried to access [URL] but I just an error (with IE & FF) [code] What did I miss in the ocnfiguration ? I precise that I never used the http page, I already had the ASDM installed from another ASA.
View 4 Replies View RelatedI have a customer who used to own a 3750 with a older version of IOS. The switch he had used a three year old version of IOS which allowed him to browse to the switch IP and manage it via HTTP without entering a password at all. Now that he has a replacement switch with a new ver of IOS (since the previous switch died). We slapped the config on from the old switch but no matter what we do (understanding that new http aaa authentication commands were added) we cant get this thing to let him in without prompting him for a password. I understand this was an insecure config to begin with so I shouldn't be advocating using it in the first place, but this is what the customer wants.Basically what I'm trying to figure out is are we banging our heads into the wall for nothing as the "ip http server" will not allow an authentication method of "none" anyway? None of the offical documentation I have read for the http aaa authentication cmds shows this as an example nor have I found any blog posts on how to do it ether. Perhaps Cisco removed this by design.
Here is the config:
aaa new model
aaa authentication login default local
aaa authentication enable default none
aaa authentication login none none
ip http server
ip http authentication aaa login-authentication none
[code]....
We have ASA5520 and we want to configure a VPN IPSEC profile so that a partner of ours can access only a server and only on HTTP port.I've tried configuring split tunneling with an Extended ACL but probably I'm missing something. I just configured the ACL so that it included any source to our server's IP on HTTP port but when testing, it didn't work.
However, if I configure a Standard ACL on the split tunneling I can access the server and all the services it provides.Do you know if I'm missing anything on the Extended ACL configuration?
Should I configure this any other way?
I recently "inherited" a CSS 11503 - I've only used ACEs before - and I want to get HTTP keepalives working.To start, I created a test service:
lb-1# show run service sunbird-http-7025-test
!************************** SERVICE **************************
service sunbird-http-7025-test
port 7025
ip address 141.211.229.168
[code].....
I have one server-A(windows 2008) installed one application called"host front" which gives athentication to connect Linux(mainframe console) server (SERVER B).These 2 servers are bihind the firewall.If one internal user who has the athentication to logine server-B ,tried to login server A,will get the" username and password"screen and once they enter the username and password ,will get the server-B screen.But if somebody try to connet via MPLS(we need to test MPLS site customers) from outside via ASA 5540 ,to server-A will get the "username password" screen and once enter the credentials, after 1 minitue will get error"http server faild to send datas to the server" and will not move to server -B screen.
View 1 Replies View RelatedI need getting access to my http server. I have a host name that I configured to point to my IPS IP address. Port 80 is enabled on my server, but I can't seem to get access it from my web address [code]
View 5 Replies View RelatedWe have Cisco ASA 5505, 90.x.y.2/29 IP is assigned to outside interface. We have one internal HTTP server so that I use static (inside,outside) tcp interface [URL] to forward all incoming HTTP traffic to internal HTTP server 1. Now we need to add new physical HTTP server 2 so that I would like to forward
HTTP traffic to e.g. 90.x.y.3/29 to 172.16.0.11.
How can I do that? See scenario image (scenario.png) if needed.
I'm looking fot a way to do static URL blocking with ASA and when the URL is blocked present a "Web Page" to the user saying that it's been blocked.
So, i was wondering if i can use the http parameter "spoof server string" to replace the original URL sent by the user for another URL that points to an internal web server holding a basic page saying "Your URL request has been blocked".
The point is to have a way to tell users that the page they are trying to browse is blocked by a policy.
cisco WS-C6509-E Core switch with IOS "s72033-ipservicesk9_wan-mz.122-18.SXF11"
i have 2 question
Q.1 i want to upgrade this switch what is the latest IOS ver. supported by this module ?
Q.2 i need to enable http server on this switch when i run this comman it's accsebt but i cant get http work
I have a setup like this.
Foreach computer I need to go and configure the browser proxy settings and some people are getting smart and turn it to automatic configuration again.
So what i want to achieve is to have my DIR-655 to route all the HTTP/port 80 traffic to the proxy server.
That way it is transparent and then it is not needed to configure each computers browser settings.
I am pretty new to this and the router configurations.
The proxy server works fine if i configure the browser manually.
i now learning about SSLVPN, and i already install license in 1941 with SSL and security9 License, i learning how to make a gateway for SSLVPN full tunnel, but i meet an obstacles, when i go to my wan ip address https://wan ip address, the browser give this
SSL connection error Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error
[code]...
I have an ASA 5505 that I am using to connect my contractors to via an inside interface, the outside interface is my private LAN. I have setup on our corporate Proxy server to allow traffic from my outside interface of my ASA to go to the internet without credentials BUT log internet activity. The question is I want to know if the ASA can send that http & https traffic to my proxy server and all other traffic to my default route? I want to be able to send all internet traffic to my proxy server. This will avoid me asking the contractors to place proxy credentials in their browsers.
View 6 Replies View RelatedI recently bought a EA6500 to replace a EA4500 (defective). Prior to the EA4500 I had a 160N which I now use as a WAP for 801.11G devices. I thought the 4500 was good from the media server functions it offered.However since installing the 6500 I noticed:
1. I have port forwarding for http to a web server. It works fine from machines on the outside but from my local subnet 192.168.1.x I can't access the web server (I can't even ping the external address - and yes I turned the anonymous filter off). I am not using ddns and I have a static ip address (cable modem connected) to the outside world.
I am testing out some inspection options on an ASA 5505, and I am running into a situation in which applying a http inspection is dropping all outbound http traffic. I get a "protocol violation" error in the logs.
Here is the setup: I'm not sure why the web traffic is getting dropped.
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
[Code].....
I have SSH and SCP enabled on the ASA 5510. I can SSH fine into the device. However, I cannot copy files to the device usng WinSCP. Used all options but nothign seems to work. I see the log authentication successful, but then WinSCP reports no response from ASA.
View 5 Replies View RelatedWe have several ASA 5510 firewalls which are being used as VPN gateways.RSA SecurID is the authentication mechanism using native SDI connectivity. No ACS server is being used.Is it possible to assign user Group and other attributes (such as ACL), using the SecurID RADIUS server? I know this is what the Cisco ACS is for, but is it possible using the RSA RADIUS server itself?
View 11 Replies View RelatedWhat image i would need for my 2950 to enable DHCP snooping and DAI features (just for lab purpose)?
or are these features just available on the bigger modular switches (4500 and 6500)?
>sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA8a, RELEASE SOFTWARE (fc1)
[Code].....
I have a C2950 Switch & I am trying to upgrade the IOS version of it so that I can proceed with learning about SSH. My current version of 12.1 does not have Enhanced Imaging. I am so new to Cisco, that I have spent hours trying to find the correct page, or link, or anything that can enable me to upgrade to a later version.
View 6 Replies View RelatedWhen setting up my e1000 router for a secure domain it automatically opened a non secure one that my neighbors are using. How can I cancel it?
View 2 Replies View RelatedI am playing around with a WS-C2950-24 running IOS 12.1(22)EA13. I would like to separate guest clients from domain clients on the network (for a start) so that guest clients only get access to internet and i have created three vlans for this purpose. Vlan 10 - internet, vlan 20 - internal, vlan 40 - guest. I have also set up a trunk link on the internal network.since the 2950 does not offer routing capabilities i assume i need to to the routing between these networks on another box. I am planing to do this on a linux machine. I have set up the same vlans on the linux box.
My question is how do I configure the cisco correctly so i can reach all the networks on the linux box. The cable that runs between the cisco and the linux box is connected to vlan 20 - internal and is defined as a trunk port allowing all vlans ( switchport trunk allowed vlan all ) with vlan 20 as native.it looks like only vlan 20 is using the cable that reaches the linux machine. 2950 ----- unmanaged switch (not replaced yet) ---servers
The current setup is as follows: Virginmedia Superhub in modem mode connected to one Cisco C2950 on port fa 0/23. The 2950 is connected to a Cisco C3550 over fa 0/24 via normal Cat 5e.Port fa 0/23 on the 3550 have a Astaro/Sophos UTM connected to it that acts as a Firewall/Wireless controller etc. The hitch, or maybe one of them, is that the 3550 and the UTM is on another floor from the 2950 and cannot be moved. The Virginmedia superhub can't be moved to the other floor either due to limitations in the cabling.What I'd like to achieve is for the UTM to pick up the public IP from the Virginmedia cable modem whilst no other devices on the Lan should be able to connect to the cable modem. All inbound/outbound internet traffic should go through the UTM for security reasons. The UTM have a number of available nic's that can be set to dhcp, static etc. I already have a number of VLANS on the router/switch and have half a suspicion that using another VLAN for this purpose might be the way forward but I'm not sure..
View 3 Replies View RelatedI have build topology like this:
host------c2950(f0/3)------(f0/4)c3550(f0/41)----modem-----Internet
I wanted to monitor c3560 port where modem is connected from host. So for that I configured rspan. configurate show below. But problem is that after configuration f0/4 of c3550 remains up and f0/3 of c2950 goes down. WHen I look at status of f0/4 it show "FastEthernet0/4 is up, line protocol is down (monitoring)". I tried to search websites It seems configuration is fine.
[code]...
I use a C2950-24 switch, with IOS 12.1(22)EA12 release.When I try to connect in console mode, I can see the "Press RETURN to get started!" message, but it's not possible to me to have the # prompt.An "authorization failed" message is displayed. And the same message is prompted.
I try to recover password by following the recovery procedure. After the boot command, I never see the message "Continue with the configuration dialog? [yes/no]: ".