Hi IT pros

Have this question.

We have a L3 switch Cisco 3750x our ISP is Verizon and we have a static IP.
 which 174.45.6.2 255.255.255.249

How can I configure the L3 to connect directly to Verizon's box and have our inside users to have access to the internet? Should I worry about NAT on the L3 switch?
thanks.

Verizon<<<<<<Switch<<<<< Users.

Hi,

TIA

I have 2 cisco routers which I am having problems VPNing between.

RV340W, firmware 1.0.02.16
IPSec Profiles
keying mode auto
ike version 1

Phose 1
DH Group 2 - 1024 bit
Encryption 3DES
Auth SHA1
SA lifetime 28800

Phase 2
Protocol Selection ESP
Encryption 3DES
Auth SHA1
SA Lifetime 28800
PFS enabled
DH Group 2 - 1024 bit

Site to Site
Enabled
IPSec Profile - points to above settings
int WAN1
Remote endpoint Static IP
remote IP entered

Remote IKE Auth Method
Pre-shared key, complexity disabled, 14 digit key enterd

Local Group Setup
Local Intendifier type - Local WAN  IP
Local ID - Local IP Address
Local IP Type - Subnet
IP address - *.*.*.0 (local subnet)
Subnet mask - 25.255.255.0

Remote Group Setup
Remote ID TYpe - Remote WAN IP
Remote ID - remote IP address
Remote IP Type - subnet
IP Address - *.*.*.0 (remote subnet IP)
subnet mask 255.255.255.0


2nd routers

Cisco RV180W

IKE Policy
Direction/type - both
exchange mode - main

Local
ID Type - Local WAN IP

Remote
ID Type - Remote WAN IP

IKE SA Parameters
Encryption algorithm 3DES
Auth Algorithm SHA1
Auth method  Pre Shared key
Pre shared key entered
DH Group 2 1024 bit
SA Lifetime 28800
Dead Peer Detection enabled
det period 10
reconnect after 3

Extended auth
none



VPN Policy

Policy type - auto
remote endpoint - ip address
remote ip entered
NetBIOS enabled

Local Traffice selection
local ip subnet
start address - …

We have a Cisco WLC 5508 with two SSIDs that point to the same 2012R2 server running NPS. Let's call the SSIDs USER and IT

I created two Network Policies in NPS: USER allows any domain user to join. IT should only allow members of the IT Wireless domain group to join.

Radius authentication works for all users. The problem I'm having is that any domain member is currently able to join the IT SSID via radius. I added the NAS-ID to the WLAN and to the Network Policy but that didn't seem to help. I'm not sure if the WLC is passing over what it needs for NPS to identify which SSID is being joined.

Any suggestions welcome.

Thank you

BGP Originate and Origin type.
 
Looking at this link: https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13753-25.html

Can someone explain the difference between BGP attributes : Originate and Origin type.

I looks like Bullet 3 and 5 in Cisco article have some similarity

Thank you

Env: Cisco Nexus 9508 with an 10Gbase-LR SFP connecting to the carrier. For the last few days the interface has been racking up input errors and CRC. Hundreds ever few seconds. We've replaced the SFP and we replaced the fiber from the SFP to the patch panel.

What trouble-shooting methods do I have my disposal once the carrier gets on site? I've had these maddening all night affairs where the vendor says "we're all clean to our next device in Deluth (or wherever). Besides replacing optics, shutting/no shutting the interface, what other tools would help to isolate the cause of these errors? Thank you.

(BTW A tech at the data center tried to throw us a loop but the interface went down from UDLD. If there's a way to make a hard loop to us more informative that would be good to know too)

I'm trying to limit SSH access to a Cisco ASR 9k switch running IOS XR Software, Version 6.2.3

From this document https://tools.cisco.com/security/center/resources/increase_security_ios_xr_devices.html#18 ..I tried to limit the ability to SSH to the management IP of the switch.
But after adding removing allow ssh and replacing it with allow SSH peer/address ipv4 10.3.7.27 - I am still able to ssh from any address at all. What am I missing?

control-plane
 management-plane
  out-of-band
   vrf management
   interface all
    allow SSH peer
     address ipv4 10.3.7.27

ipv4 virtual address vrf management 172.18.21.11/24

Creating a template from an ASA Configuration.

We are running Cisco ASA 5545 v 9.10 and using ASDM  7.10

We exported our configuration via ASDM to a text file and are using an Excel Macro to make all of the necessary changes to the configuration.txt file for the ASA's respective location. We use ASDM File Management to drop in the newconfiguration.txt on the ASA. From the CLI we verify the file is there using the Dir command. We use the Copy disk0:/newconfiguration.txt run command and it does not bring any configuration from the text file.

I have tried using .csv format as well.

What we are doing with the exported configuration.txt file from ASDM is a simple find and replace via a macro in excel. Excel saves the new file after the find and replace as a txt. We save the newconfiguration.txt and try to copy it to the running configuration.

Thoughts / Ideas? We would really like to use this process as a template because we have so many ASA's to release to the wild and this would significantly help reducing errors and man hours.

Trying to do a port range forward on an ASA and I am having a lot of issues getting it to work.  I have tried everything i can think of, to the point where i am throwing in the towel and just creating individual nat rules (there is over 100 entries), but when i did all the commands I found out that a network object can only have one rule at a time, so there is no simple way of building the commands.  In the past when i had to do something like this it just flat out would not work, but that was on an ASA running 8.3 or below, so there were no network objects and I could build 60 or so commands in excel and have the rules ready to go in about 5 minutes, not the case here as i would have to create over 100 network objects and put a command for each port on each one, and that's just crazy.  There has to be something i'm missing as this is a basic feature on pretty much all other firewalls.

I have been at this for days so I can't list all the things i've tried, but ask me if I've tried it and i should be able to tell you yes or no.  To try and get the port range forward to work what i have been doing is creating NAT rules and using service objects.  The asa takes the command but when i try to connect to the port it fails and in the logs it says the packet is discarded.  I have tried every variation I can think of on the NAT rule and I have tried mirroring (copying) it to a working network object nat rule to no avail.  Surely there is something i'm missing as other people have …

Please help me to fix the frequent reboot/unexpected outage for My Server [WIN2016-STD 64BIT]running @UCS B230 M2] is frequently rebooting and below  is event i am getting from system logs ...

BugCheck      Event ID-1001

The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xffffc1002cbf5000, 0x0000000000000002, 0xfffff8094ad928b0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: bd277cf4-0684-40c6-b948-d94e7f4d3426

Also found system logs like
Event Id -41

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly

The previous system shutdown at 3:20:56 AM on ‎2019/‎03/‎03 was unexpected

Memory dump file is of approx. 7 GB , so how I can check if required

We are looking into detecting when users initiated a screen-share or remote control using the popular Conference programs out there. We are looking to detect this so we can then build some controls and alerts around the policy we want to enforce.
Note: We do not want to prevent the users from joining any of these business related conferences. We are just interested in Screenshares/remote controls.
Some popular common Apps used/needed for typical business are
VNC
Skype
RingCentral Meeting
Zoom
Logmein
Teamviewer
Webex
Cisco Virtual Meeting
join.me
BlueJeans

Dear All,

Good Day,

In our Org. we are using Windows Domain Controller, Cisco Server for IP Telephones, Cisco Switches & Door Access system.

need to Sync Time for all servers and device same time.

could you please guide me on how to do it.
Thanks

Hi

When adding an IP to an outside interface on a Cisco ASA,  what IP information do i need from my ISP

I believe its just an public IP address and subnet mask? Do I need a gateway address?

I am learning how to configure an ASA 5525-X. I used the recommended configs below, connected cables per instruction, but cannot get to the ASDM admin page: https://192.168.1.1/admin. Any suggestions?

interface management0/0
no shutdown
interface gigabitethernet0/0
nameif outside
ip address dhcp setroute
no shutdown
interface gigabitethernet0/1
nameif inside
ip address 192.168.1.1 255.255.255.0
security-level 100
no shutdown
!
object network obj_any
subnet 0 0
nat (any,outside) dynamic interface
!
http server enable
http 192.168.1.0 255.255.255.0 inside
!
dhcpd address 192.168.1.5-192.168.1.254 inside
dhcpd auto_config outside
dhcpd enable inside
!
logging asdm informational
9.blank.gif Save the new configuration:

write memory

Thanks in advance!