Cisco

24K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

I have an ASA 5516x. I have 7 interfaces setup. I have not done NAT or PAT other than nat (inside,outside) dynamic interface. Only management and inside have security-level 100.  I run packet tracer on the inside interface. I can put any source IP (on inside network) to any destination IP (outside, dmz, ...) and the packets are droped. The error I am getting is "no valid adjacency". I have not set up any routing except default gateway. What do I have to do to setup adjacency?

Thank for your help
0
PMI ACP® Project Management
LVL 13
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

Hi IT pros

Have this question.

We have a L3 switch Cisco 3750x our ISP is Verizon and we have a static IP.
 which 174.45.6.2 255.255.255.249

How can I configure the L3 to connect directly to Verizon's box and have our inside users to have access to the internet? Should I worry about NAT on the L3 switch?
thanks.

Verizon<<<<<<Switch<<<<< Users.
0
What is the easiest way to configure Cisco switches to use Vlans and Trunks?

- 6 Cisco switches
Fiber in
- VoIP
- PC
- IP cameras
0
Hi,

TIA

I have 2 cisco routers which I am having problems VPNing between.

RV340W, firmware 1.0.02.16
IPSec Profiles
keying mode auto
ike version 1

Phose 1
DH Group 2 - 1024 bit
Encryption 3DES
Auth SHA1
SA lifetime 28800

Phase 2
Protocol Selection ESP
Encryption 3DES
Auth SHA1
SA Lifetime 28800
PFS enabled
DH Group 2 - 1024 bit

Site to Site
Enabled
IPSec Profile - points to above settings
int WAN1
Remote endpoint Static IP
remote IP entered

Remote IKE Auth Method
Pre-shared key, complexity disabled, 14 digit key enterd

Local Group Setup
Local Intendifier type - Local WAN  IP
Local ID - Local IP Address
Local IP Type - Subnet
IP address - *.*.*.0 (local subnet)
Subnet mask - 25.255.255.0

Remote Group Setup
Remote ID TYpe - Remote WAN IP
Remote ID - remote IP address
Remote IP Type - subnet
IP Address - *.*.*.0 (remote subnet IP)
subnet mask 255.255.255.0


2nd routers

Cisco RV180W

IKE Policy
Direction/type - both
exchange mode - main

Local
ID Type - Local WAN IP

Remote
ID Type - Remote WAN IP

IKE SA Parameters
Encryption algorithm 3DES
Auth Algorithm SHA1
Auth method  Pre Shared key
Pre shared key entered
DH Group 2 1024 bit
SA Lifetime 28800
Dead Peer Detection enabled
det period 10
reconnect after 3

Extended auth
none



VPN Policy

Policy type - auto
remote endpoint - ip address
remote ip entered
NetBIOS enabled

Local Traffice selection
local ip subnet
start address - …
0
Hello,

I have a CISCO ASA 5506 Firewall that we use for VPN, using AnyConnect Client, is there a way to have a password policy, when creating user accounts for VPN, it's for audit purposes

Thanks,
Claude
0
We have a Cisco WLC 5508 with two SSIDs that point to the same 2012R2 server running NPS. Let's call the SSIDs USER and IT

I created two Network Policies in NPS: USER allows any domain user to join. IT should only allow members of the IT Wireless domain group to join.

Radius authentication works for all users. The problem I'm having is that any domain member is currently able to join the IT SSID via radius. I added the NAS-ID to the WLAN and to the Network Policy but that didn't seem to help. I'm not sure if the WLC is passing over what it needs for NPS to identify which SSID is being joined.

Any suggestions welcome.

Thank you
0
I am planning on replacing an amount of Cisco WS-C2960S-48FPS-L switches in out environment. My basic plan is as follows;
1. Upgrade new switches to latest recommended software
2. Install stack modules where appropriate
3. tftp the config from the existing switch(es) to tftp server
4. tftp the config to the replacement switch(es) from tftp server
5. physically swap old/new (paying attention to VLAN/significant connections)
 
Questions;
1, Does this sound like a good approach?
2. How best to handle instances where switches are stacked? Do I need to tftp the image to each switch in stack or just the first (ie will stacked switches adopt the config from the first)?
3. In instance of stacked switch upgrade do I need to replace all switches in the stack at the same time (to ensure hardware/software compatibility)?
4. Is there anything I am missing or need to pay attention to?
 
This is the first time I have had to go through this process so your expert advice would be appreciated.
0
BGP Originate and Origin type.
 
Looking at this link: https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13753-25.html

Can someone explain the difference between BGP attributes : Originate and Origin type.

I looks like Bullet 3 and 5 in Cisco article have some similarity

Thank you
0
Hello Experts,

I have issue with an external client, he is using
a laptop with Cisco anyconnect vpn client and he would
usually connect to the vpn and would be able to browse the
internet and also access internal resources, shares and sites.

Today he connected from home and he was not able to browse anything,
I checked his laptop remotely and I was not able to ping google or resolve
any DNS names. To get him going I gave him default gateway IP in his VPN connection
but I am not suppose to do that.

My quest is why when he connects to vpN, the DNS stops.
I tried to replicate the issue using my hotspot and on my laptop
but i did not get the same symptons, my VPN does not give me GATEWAY ip and I
am able to browse plus access the internal resource.

I am certain this issue is local to his internet connection
at home.Please do let me know if anyone has any suggestions.

Thanks,
0
Env: Cisco Nexus 9508 with an 10Gbase-LR SFP connecting to the carrier. For the last few days the interface has been racking up input errors and CRC. Hundreds ever few seconds. We've replaced the SFP and we replaced the fiber from the SFP to the patch panel.

What trouble-shooting methods do I have my disposal once the carrier gets on site? I've had these maddening all night affairs where the vendor says "we're all clean to our next device in Deluth (or wherever). Besides replacing optics, shutting/no shutting the interface, what other tools would help to isolate the cause of these errors? Thank you.

(BTW A tech at the data center tried to throw us a loop but the interface went down from UDLD. If there's a way to make a hard loop to us more informative that would be good to know too)
0
Price Your IT Services for Profit
Price Your IT Services for Profit

Managed service contracts are great - when they're making you money. Yes, you’re getting paid monthly, but is it actually profitable? Learn to calculate your hourly overhead burden so you can master your IT services pricing strategy.

I'm trying to limit SSH access to a Cisco ASR 9k switch running IOS XR Software, Version 6.2.3

From this document https://tools.cisco.com/security/center/resources/increase_security_ios_xr_devices.html#18 ..I tried to limit the ability to SSH to the management IP of the switch.
But after adding removing allow ssh and replacing it with allow SSH peer/address ipv4 10.3.7.27 - I am still able to ssh from any address at all. What am I missing?

control-plane
 management-plane
  out-of-band
   vrf management
   interface all
    allow SSH peer
     address ipv4 10.3.7.27

ipv4 virtual address vrf management 172.18.21.11/24
0
Cisco Rv320 Port Forwarding not working. I can not ping computer from out the network (Example  Telnet 192.168.0.101 300) errored out , but ping on inside the network. I setup up everything  by Cisco Manual.
0
Creating a template from an ASA Configuration.

We are running Cisco ASA 5545 v 9.10 and using ASDM  7.10

We exported our configuration via ASDM to a text file and are using an Excel Macro to make all of the necessary changes to the configuration.txt file for the ASA's respective location. We use ASDM File Management to drop in the newconfiguration.txt on the ASA. From the CLI we verify the file is there using the Dir command. We use the Copy disk0:/newconfiguration.txt run command and it does not bring any configuration from the text file.

I have tried using .csv format as well.

What we are doing with the exported configuration.txt file from ASDM is a simple find and replace via a macro in excel. Excel saves the new file after the find and replace as a txt. We save the newconfiguration.txt and try to copy it to the running configuration.

Thoughts / Ideas? We would really like to use this process as a template because we have so many ASA's to release to the wild and this would significantly help reducing errors and man hours.
0
I have a site that uses a Cisco Wireless Lan Controller.  We have 3 access points that attach to the controller.  The controller is not set up as the DHCP and all the access points have static IP's.  About a month ago, the wireless devices were dropping their connection and no one seem to understand why.  Once the connection was dropped, the user could connect wired and get back on and then I would put a static IP into the wireless adapter and the computer worked fine.  I noticed every time I made this change, I would get the standard message that there were multiple networks connected.  I later discovered that the WLC was also sending out IP's.  I turned that feature off and the devices now connect to the correct DHCP server which is set up on the router.  I am still having the issue with devices dropping connections and I noticed that the DNS IP address is set to 127.0.0.1.  I have no idea why that is being changed.  I have checked my router and that is fine.  I have checked my WLC and everything appears to be fine.  No one has access to this device but me and I don't see any setting that would cause this.  Any thoughts?
0
Trying to do a port range forward on an ASA and I am having a lot of issues getting it to work.  I have tried everything i can think of, to the point where i am throwing in the towel and just creating individual nat rules (there is over 100 entries), but when i did all the commands I found out that a network object can only have one rule at a time, so there is no simple way of building the commands.  In the past when i had to do something like this it just flat out would not work, but that was on an ASA running 8.3 or below, so there were no network objects and I could build 60 or so commands in excel and have the rules ready to go in about 5 minutes, not the case here as i would have to create over 100 network objects and put a command for each port on each one, and that's just crazy.  There has to be something i'm missing as this is a basic feature on pretty much all other firewalls.

I have been at this for days so I can't list all the things i've tried, but ask me if I've tried it and i should be able to tell you yes or no.  To try and get the port range forward to work what i have been doing is creating NAT rules and using service objects.  The asa takes the command but when i try to connect to the port it fails and in the logs it says the packet is discarded.  I have tried every variation I can think of on the NAT rule and I have tried mirroring (copying) it to a working network object nat rule to no avail.  Surely there is something i'm missing as other people have …
0
Enable EVC Mode without Downtime:

Hi here is the situation

VCenter Version and Build# = Version 6.5.0.10000 Build 6816762
Cluster 1:
3 Hosts ESXi 5.5.0, 1623387:   Cisco UCSC-C220-M3S
CPUs = Intel(R) Xeon(R) CPU E5-2640 v2 @ 2.00GHz


I need to add 2 new hosts to this cluster:

Hosts: HP Proliant DL360p Gen8 (ESXi Not Yet Installed) was thinking they should be the same version as the cluster above for now?)
CPUs = Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz

I was thinking i could just enable EVC Mode on Cluster 1 and add the hosts without a problem

Need your suggestions.  

Will that work??
0
Please help me to fix the frequent reboot/unexpected outage for My Server [WIN2016-STD 64BIT]running @UCS B230 M2] is frequently rebooting and below  is event i am getting from system logs ...

BugCheck      Event ID-1001
The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xffffc1002cbf5000, 0x0000000000000002, 0xfffff8094ad928b0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: bd277cf4-0684-40c6-b948-d94e7f4d3426

Also found system logs like
Event Id -41
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly
The previous system shutdown at 3:20:56 AM on ‎2019/‎03/‎03 was unexpected

Memory dump file is of approx. 7 GB , so how I can check if required
0
I tried to restrict SSH access to one of my Cisco Nexus 9508. Earlier I was permitting all RFC 1918 to SSH
and now it's limited to two bastions. BUT after modifying my ACL to have just two bastion hosts I am
still able to ssh to the 9508 at its management address from my desktop machine which shouldn't
be possible. What am I missing?

line vty
  exec-timeout 15
  access-class 5 in

core11-las# sho access-list 5

IP access list 5
        40 permit ip 10.132.17.27/32 any
        50 permit ip 10.183.57.250/32 any


core11-sf# sho users
NAME     LINE         TIME         IDLE          PID COMMENT
babadoo  pts/3        Feb 28 16:01   .          5121 (172.20.100.50) session=ssh *
1
We are looking into detecting when users initiated a screen-share or remote control using the popular Conference programs out there. We are looking to detect this so we can then build some controls and alerts around the policy we want to enforce.
Note: We do not want to prevent the users from joining any of these business related conferences. We are just interested in Screenshares/remote controls.
Some popular common Apps used/needed for typical business are
VNC
Skype
RingCentral Meeting
Zoom
Logmein
Teamviewer
Webex
Cisco Virtual Meeting
join.me
BlueJeans
1
JavaScript Best Practices
LVL 13
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

Dear All,

Good Day,

In our Org. we are using Windows Domain Controller, Cisco Server for IP Telephones, Cisco Switches & Door Access system.

need to Sync Time for all servers and device same time.

could you please guide me on how to do it.
Thanks
1
Looking for help with the following,.  

A user has no problem connecting to the main office via Cisco VPN, but we would like to use that same connection for the sake of keeping things simple, to connect to a branch office which is already connected to the main office via site to site. The network is healthy, no issues at all, it's just this configuration that's needed.
Both firewalls are Cisco 5505.

Thanks so much for your help.

cap
0
Hi

When adding an IP to an outside interface on a Cisco ASA,  what IP information do i need from my ISP

I believe its just an public IP address and subnet mask? Do I need a gateway address?
0
Hi

I need to allow access to a remote ip to be able to manage the config on my Cisco 5506. What's the best way?

Thanks
0
I am learning how to configure an ASA 5525-X. I used the recommended configs below, connected cables per instruction, but cannot get to the ASDM admin page: https://192.168.1.1/admin. Any suggestions?

interface management0/0
no shutdown
interface gigabitethernet0/0
nameif outside
ip address dhcp setroute
no shutdown
interface gigabitethernet0/1
nameif inside
ip address 192.168.1.1 255.255.255.0
security-level 100
no shutdown
!
object network obj_any
subnet 0 0
nat (any,outside) dynamic interface
!
http server enable
http 192.168.1.0 255.255.255.0 inside
!
dhcpd address 192.168.1.5-192.168.1.254 inside
dhcpd auto_config outside
dhcpd enable inside
!
logging asdm informational
9.blank.gif Save the new configuration:

write memory

Thanks in advance!
0
I'm in the process up updating firmware on network devices.
RV042 updates have gone well.
RV320 updates are NOT going well.

RV320 units are at firmware 1.4.2.19 and we want to get to 1.4.2.20.
Even existing 1.4.2.19 units don't respond to laptop browsers: IE, Google Chrome, Firefox.
I believe the GUI is working but unless we reset to factory defaults, the browser *connections* fail.
As soon as a working configuration is loaded up, the connections stop working.

Any insights?
0

Cisco

24K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).