Cisco WAN :: Tracking ISP Failure In ASA 5510?
Nov 14, 2011Some times the ISP side interface remains up with a failure of internet. At those situation how we can efficiently track the ISP failure from asa 5510
View 2 Replies
ADVERTISEMENT
Cisco Firewall :: ASA 5510 - Multiple Static Route Tracking
May 15, 2013I am trying to set up my ASA5510 the fail over of ISP when it can't ping three different IP. I create three different tracking to three different IP using sla monitor & track rtr. But when I do
route isp2 0 0 yy.yy.yy.yy 50
route isp1 0 0 xx.xx.xx.xx 31 track 1
route isp1 0 0 xx.xx.xx.xx 32 track 2
route isp1 0 0 xx.xx.xx.xx 33 track 3
the last route will replace the previous two and only the last route command takes effect.Is there anyway I can set up the fail over to ISP2 only when it can't ping three different IP from ISP1?
Cisco VPN :: 5510 Anyconnect SSL VPN Authentication Failure
Dec 26, 2012I have configured an Asa 5510 as SSL vpn gataway ver 8.2(4) Anyconnect Essential. The clients are authenticated via Radius and OTP password.All work well since yesterday. When I have did same configuration changes. My objective was has that the clients accept the self signed certificate issued by the Asa whitout give the warning about the private cert.
So I have try to generaste a new certificate with FQDN equal to myasa.mydomain.com and also a CN=myasa
Then I have change the profile XML file of my anyconnect in this way: [code]
Cisco :: ASA 5510 SSL - VPN Getting Certificate Validation Failure
Oct 25, 2009Tried configuring SSL VPN using Certificate authentication using a Microsoft CA server. Truspoint created and mapped to SSL VPN. While connecting the SSL VPN getting certificate validation failure. find the error screen shot attached
View 4 Replies View RelatedCisco VPN :: 5510 - Certificate Validation Failure With AnyConnect Only On MAC
Apr 2, 2012I have an anyconnect account set up using version 3.0.5080 and connecting to an ASA 5510 base 8.2(2)17. We are using certificates for authentication. If I try and use the account on a windows machine it all works fine.
However on a mac running Lion if I try and connect via a web browser or already have the anyconnect client loaded and try to connect I always get “certificate Validation Failure”. I double checked the certificate was correct and am sure that is correct as it is the same certificate on the Windows and the mac. After searching online I have also tried editing the anyconnect profile to so it is set “certificate store override”, and put the certificates and key in the “user/.cisco/certificates” and “/opt/.cisco/certificates” folders.
After further testing, if I change the anyconnect connection profile to “authentication aaa” I can connect fine. Then if I disconnect, change it back to “authentication certificate” I can connect fine the first time, but all the following subsequent efforts I make fail. If I repeat this process this happens each time, I can connect the first time but after that it fails with the same “certificate Validation Failure” error message. When it connects this first time I checked and confirmed that it is definitely using the certificate. I have also tried using both authentication methods (“authentication aaa certificate”) and had the same problem.
This leads me to believe that my configuration is correct and it is some bug in the anyconnect client or the ASA image. I have had a look through bugs and read somewhere that there was a bug on earlier versions of 8.4, but nothing about 8.2.
Cisco VPN :: ASA 5505 To 5510 Error / Connection Denied Due To NAT Reverse Path Failure
Apr 28, 2011Connection denied due to NAT reverse path failure
View 2 Replies View RelatedCisco :: Tracking User Changes In LMS 4.1?
Dec 1, 2011I was wondering if it is possible to track and or log the changes that users make in in LMS 4.1. For an example if someone changed a configuration I want that being logged. I want to see what the person changed, when it's changed and who changed it.
View 2 Replies View RelatedCisco :: LMS 4.1 User Tracking?
Dec 27, 2011what is the best way to do a acquistion on ip address on devices that appear to be dead until ping before LMS4.1 reports onn them. For example we run acquistion on a branch we do not see 172.20.12.51, howver we ping it from my desktop Claims unplugged when plugged in, and says "safe to remove" when I unplug the cableand then run user tracking and then it shows up.
View 1 Replies View RelatedHow To Do Packet Tracking
Sep 26, 2012I am trying to collect and track packets from other computers on my network and have them sent to my computer so i can sniff through them. I have been tacked with trying to reduce the amount packet broadcasts going through the network. I have been playing with Wireshark for a little bit only analyzing my packets but now I want to try collecting a couple of computers on my network. I know there is a little service that I can run with WinPcap but I am pretty sure there is a way to do it through the settings on my switches but i'm not sure what setting I need to use. I have 4 switches 2x Netgear GS724TS 2x Netgear GS724TR. I'm not sure what feature needs to be used to do what I want. All the switches can do SNMP and LLDP and I think it is one of these I need to use but not sure switch one to use.
View 1 Replies View RelatedCisco WAN :: AS5300 Interface Tracking And IP SLA
Jul 15, 2012I have a dual connection from two service providers ( provider A & Provider B).In my internal network, I have two Vlans (vlan10 & vlan 20).My requirement is users belonging to vlan10 should go via ISP A and for vlan 20, it should go via ISP B.So, for that purpose, I configured HSRP along with intervlan routing and that worked quite fine. I have two Cisco AS5300 routing connecting to both ISPs and they are terminated to a common switch Cisco2950.All are in ethernet technology, serial technology has not been used. "IP SLA" command is not supported in CiscoAS5300.I configured the interface tracking command for HSRP as well.
When one link goes down then it doesn't fail over and go through another link. To fail over, I should manually remove the external link connecting to the router. And another thing is, if i pulled the cable connecting to the internal network then it fails over. "IP SLA" command is not supported in CiscoAS5300.I am trying to implement a failover using HSRP in Cisco AS5300 but the interface tracking is not decreasing the priority value when the connection is lost with the ISP and IP SLA is also not supported. So, in this case what can i do to make a perfect failover for the network ?
Cisco :: LMS 4.1 And Nexus 7k User Tracking?
Sep 1, 2011I am trying to determine why hosts off our Nexus 7010s are being picked up in UT. Since LMS 4.0.1, UT should be supported on these devices.When adding the Nexus devices to DCR, provide the netadmin SNMP RO credential.When other SNMP RO credential is provided, user tracking will not collect end host data.I think I have this setup correctly as the device center test passes when cehcking snmp ro credentials.Our 7010s are running NX-OS 5.0(3) - earlier than the recommended version - might that cause issues? We are not using VRFs other than the default and management.
Here is my snmp section:
sh run | sec snmp
ip access-list copp-system-acl-snmp
10 permit udp any any eq snmp
10 permit udp any any eq snmp
20 permit udp any any eq snmptrap
[code]....
Cisco :: LMS 4.1 User Tracking Not Sortable?
Nov 27, 2011in LMS 4.1, under Monitor->Identity Dashboard, i have "user tracking summary" as a portlet, which tells me i have ~ 17,000 users. when i click the report, it pops up a screen that shows mac address, ip address, hostname, subnet, etc.
If i try to do ANY filtering, it returns 0 records. this could be from a specific IP, mac address, device name, or subnet. i have tried every type of record. every filter i attempt always ends with 0 records returned, even though in the unfiltered list they show up. It would be problematic to manually sort through 17,000 users looking for the particular records i need without the ability to use the filter.
how to filter the User Tracking report? is there some feature in LMS i don't own or have enabled to allow this filtering?
Cisco :: LMS 4.2 - NullPointerException With No User Tracking?
Mar 15, 2012I have just got LMS 4.2 soft appliance up and running. When going to Inventory >> Acquisition summary, I get a HTTP 500 error with java. lang.Null Pointer Exception. That is obviously a bug somewhere (although the TAC engineer disagrees with me). I am just wondering if this is could have been caused by the fact that I have not done any user tracking on this LMS server yet? [code]
View 1 Replies View RelatedCisco :: LMS 4.3.2 User Tracking Cannot Be Started
Feb 18, 2013We are running LMS 4.3.2, it was running OK... but now we receive the following message:
"User Tracking Major Acquisition cannot be started as Network Topology, Layer 2 Services and User Tracking are disabled."
All processes are running. System restart and re-install the 4.3.2 update does not fix it. I think this happens after a device update, maybe FaultManagementDeviceUpdate...
Cisco :: LMS 4.0.1 User Tracking With SNMPv3
Dec 6, 2011I have an interesting problem at one of my customers. They are using LMS 4.0.1, but they have a problem with user tracking with SNMPv3. They using a very simple SNMP configuration, wich is the following: [code]
Now they have UT working well for their Ctalyst 4500 switches, and the half of the 6500s (They have 2950 switches as well, but for those UT with SNMPv3 is unsupported). So the problem is the following: they have 12 6500 switches, with the same IOS version (10 pieces of WS-C6506-E + SUP720-3B IOS: 12. 2 (18) SXF17 (IP Services), 2 pieces of WS-C6506 + SUP720-BASE IOS: 12.2(18)SXF17 (IP Services)). They have identical SNMP configuration on both devices. Based on the logs from LMS it seems that on the problematic switches for some reason LMS identifies the switchports as routed: [code]
Cisco :: LMS 4.2.3 User Tracking Not See IP Phone
Jan 9, 2013I try to aquier IP Phone in User Tracking. Phones are present but like pc (without other information...DN, user....)
the LMS version is 4.2.3
the CUCM version is 8.6
the CUCM is green on Topology..
Cisco :: LMS 4.0.1 And User Tracking With SNMP V3
Nov 4, 2011I've another problem with our new LMS 4.0.1.We manage our devices with SNMP v3 but the user tracking don't want to work flawlessly.I've attached an example from our SNMP configuration. Basicly it's the same in our devices.
1st the problem was that no matter what I did the User tracking didn't want to find any host. I left it and worked on something else. After 2 weeks suddenly appeard couple of thousand end host.As earlier (LMS 2.6 or 3.2 with snmp v2) it is the same that LMS cannot differentiate normal end host and IP Phones although we have several thousand from both. But this is only one problem. The other is that there are switches with the same IOS and SNMP configuration and from one I get the UT data and from another one I didn't get anything. Only from some 4506 (aprox. 12-15) and 6506 (2) works and we have 20+ 4506 and 10+ 6506. Not to mention the other switches (couple of houndred 2960 and 3750).
VPN Access And Employer Tracking
Mar 7, 2011if my employer uses split tunneling on our VPN network, and I access the internet thru our VPN then my home internet is routed through my ISP and can not be tracked by my employer or is unlikely to pop-up on employer tracking software. Is this correct?,how can I tell if my employer uses split tunneling? Currently they use Juniper Network Connect. If I am logged onto the VPN and look up my ip address, I see it finds my DSL ip address, not my employers IP address. Does this mean the VPN is using split tunneling?
View 7 Replies View RelatedCisco :: 4506 - Endhosts Don't Appear In User Tracking For LMS 4.0
Oct 19, 2011I have a problem about user tracking for LMS 4.0.
For example:Switch 4506 send the endhosts for every VLAN that it has configured, except for one, but I can see that VLAN is configured over the switch.
are there problems directly with the connected endhosts over this VLAN or is it a problem about configuration for user tracking settings ?
Cisco WAN :: 2821 / IP SLA Tracking Objects Dropping?
Mar 24, 2013I use tracking objects aroung the organization where I work to monitor WAN and VPN connections and add/remove routes based on the state of the object. I'm having 2 locations that are constanty going up and down and I've been troubleshooting and monitoring for the last few weeks without finding anything. I've been incrementing the timeout for the SLA and it seems like this is working a little (less overall drops) but the drops still occur. Our ISP reports no issues and we see no issues internally on the circuits. Just out of curiosity could this be some kind of IOS bug or hardware malfunction? The router logs are full of these:
Mar 21 16:18:33: %TRACKING-5-STATE: 2 ip sla 2 reachability Up->Down
Mar 21 16:18:38: %TRACKING-5-STATE: 2 ip sla 2 reachability Down->Up
Mar 21 17:24:14: %TRACKING-5-STATE: 2 ip sla 2 reachability Up->Down
Mar 21 17:24:19: %TRACKING-5-STATE: 2 ip sla 2 reachability Down->Up
[code]....
The IOS version of the router I took these from is 151-4.M6 advanced IP services and it's a 2821 router.
Cisco :: Dynamic User Tracking With WS-C4506-E?
Aug 23, 2011I've the following problem, configured dynamic user tracking on a WS-C4506-E with a WS-X45-SUP6L-E, System image file is a Version 12.2(53)SG2
Interface configuration:
snmp trap mac-notification change added
snmp trap mac-notification change removed
[Code].....
Cisco AAA/Identity/Nac :: ACS 5.1 Login Snmp Tracking?
Feb 27, 2012Is it possible to track failed login attempts to ACS instances (both on CLI and web GUI) by snmp? unfortunately i haven't found such option in Monitoring and Reports > Alarms > Thresholds >
View 2 Replies View RelatedCisco :: LMS 4.2 User Tracking And Router ARP Table
Dec 25, 2012If I have understand correctly, the IP address - mac address matching was made with the arp table of a cisco acces switch if it will made the L3.
My access switch wasn't used for L3 routing, only L2
It's possible to set user track to use the arp table of a firewall or a router for made this matching ?
Cisco Firewall :: Unused Rules Tracking In PIX 535?
Nov 14, 2011I have PIX 535 and using ACLs for allowing traffic. I need to clean up the rule base. I would like to know how to fetch a report of Unused rules for long time?Also when a traffic is being allowed, I want to know through which rule number its being allowed?
View 2 Replies View RelatedCisco Switching/Routing :: ISR 1921 - IP SLA Tracking
Oct 5, 2012I have already ordered a Cisco ISR 1921/K9. but as i read on Cisco website, it is written that Cisco 1921/K9 only support (IP SLA Responder) feature.
I don't know actually what is sla- responder. but our requirement is we will connect that Router 1921/K9 into 2-ISP links and i want to enable IP- SLA probes on that router so that it can track both the routes into those isp links. so my question is does CISCO 1921/K9 have the support for what i need ?How about Cisco 1921-SEC/K9 ?
Tracking Stolen Laptop With MAC Address?
Jan 26, 2011my laptop has been stolen but I still have the box with all the details( Serial Number, MAC address for LAN and Wireless Product code etc) and I was wondering if there is any possibility in tracking it using for instance the physical MAC address.... I am sure that the thief reinstalled windows on drive C, as I was able to use and register my genuine copy of Win7 on a different laptop.
View 2 Replies View RelatedCisco :: LMS 4.2 Username Is Not Getting Populated In User Tracking Table
Apr 15, 2013I am using LMS 4.2 I have enabled user tracking and I am getting ip address, MAC address ,hostname in user tracking table . But username entry in user tracking is not getting populated . Even I have enabled get user name from the hosts in NTS and ND host domains in user tracking acquisition settings .Is there anything else that I need to configure in LMS in order to get the usernames in user tracking table?
View 3 Replies View RelatedCisco Wireless :: WLC 5508 7.4.100 - Getting MSE Tracking Devices Through Network?
Apr 5, 2013I have a problem with MSE tracking client in my network.What we have:PI 1.3 with evaluation license (temporary)MSE 7.4.100 with 3k device licenses (hardware appliance 3355)WLC 5508 7.4.100.For now MSE is reacheble from PI and WLC, all setings are synchronized, NMSP status is active, mse assigned for maps and synchronized, on map we have 3 APs, but in Contex Aware tab we didnt see any tracking devices, all counts 0.
View 11 Replies View RelatedCisco Switching/Routing :: 4500 R Switch PBR Tracking?
Dec 14, 2011Why Cisco 4500 R switch PBR tracking Command not working , I found just route-map next-hop ?
View 3 Replies View RelatedCisco :: LMS 4.2 User Tracking / No Host-name / IP Address In Result
Sep 13, 2012I have a problem with LMS 4.2 user tracking.When I generate a report on all my network all mac address are ok but there is no Hostname/Ip address in the result, except for 2 equipments.the only difference between these 2 equipements and the rest of the network is that they are connected on a not routed vlan. All the other phones, computers are connected on a routed vlan.I have a Nexus 5k as core and 2960 as access. Routing between vlans is done with the NexusMy DNS server is ok and reachable.
View 2 Replies View RelatedCisco WAN :: 3825 - IP SLA Tracking For Connectivity With Multiple WAN Links
Mar 13, 2011I want to configure Reliable static routing with object tracking. I have a cisco 3825 and 3925 router in which the hsrp will be configured . Now these two routers are connected a remote site via three different WAN connectivity as under
1. MPLS
2. LL-1
3. LL-2
The priority of routing is also the same sequence.
Now if the MPLS goes down the remote site should be connected via LL-1. If both the MPLS and LL-1 goes down the remote site should be connected via LL-2.
The LL-1 is terminated on cisco 3825 and LL-2 is terminated on cisco 3925. MPLS is terminated on both cisco 3825 as well as 3925 router.
Whether multiple tracking options are available so that i can achieve the same. Topology diagram is attached.
Cisco :: 4510 Modules 9 Or 10 Are Not Discovered In User Tracking
Feb 21, 2012I am experiencing an issue with end host being discovered on a cisco 4510. Anything connected to modules 9 or 10 are not discovered in User Tracking. The switch is running: Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.02.01.SG RELEASE SOFTWARE (fc4).
View 1 Replies View RelatedCisco :: LMS 3.2.1 User Tracking Not Showing Host IP Only MACs
Jul 28, 2011I am using lms 3.2.1 and CM 5.2.2. I have even enabled ping sweep but the hosts IP never show on the user tracking report. I can not see any Available Subnets/Available Sources on Configure Subnet Acquisition and Ping Sweep windows. When I try to enable End host discovery on Trunks and click Show Trunks comes a message: "There are no Trunks in the device(s) selected", but every access device is connected to the nexus core via a Port channel:
interface Port-channel1
description sw-ser-core01 Po12
switchport trunk native vlan 998
[Code]....
