Go Premium for a chance to win a PS4. Enter to Win

x

Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

Dear experts, we are testing pfSense firewall but could not access it via LAN network on a PC. This is our diagram:
ISP ------------- pfSense ---------------- Core switch 3750 ---------- PC

with this diagram, we could ping and access pfSense via web browser :
ISP -------------- pfSense -------------- PC

So I guess something wrong with the core switch and vlan setup, but we could not find why. In switch 3750, the interface connected to pfSense has access mode, vlan 100 - the same with pfSense LAN interface.

Could you please suggest?
0
Veeam and MySQL: How to Perform Backup & Recovery
LVL 1
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

I am having trouble with a couple things in regard to the following.

I Have an ASA where Cisco anyconnect users that connect to reach resources on the network. however, they are not able to reach anything over the tunnel that is from the ASA to the Checkpoint FW. everything else is just fine.

Is there any main "Gotchas" with Cisco ASA to CheckPoint firewalls?

Thank you.
0
I have an ASA 5506 with software version 9.5(2)10
I need to allow some new ports through. I have configured the following NAT policy and Access List:

access-list Outside_Access_In extended permit udp any object PAT-RemoteVoice eq 50794
access-group Outside_Access_In in interface outside

object network PAT-RemoteVoice
 nat (inside,Outside) static interface service tcp 50794 50794

I can't seem to connect on port 50794 however.
Any assistance would be appreciated.
0
Hi Expert

I am a a student and I am doing an assignment. I need your help in Installing and configuring a router connected to the LAN and (simulated) WAN. This device should be configured to provide dynamic addresses to connected computers. configure a VPN between two routers in the Network Lab
Install and configure a router connected to the LAN and  WAN. This device should be configured to provide VoIP and Data integrity for security  between two routers in the Network Lab


Note: All computers need to access the printers. Access to the Internet is required


I need a packet tracer file. I have download the packet tracer but it does not have Printer
0
Using a CISCO RV-320 Router, setup the openvpn settings, and using OpenVPN GUI from openvpn.net as the VPN client software.

My computer works fine when connected to the LAN on a peer-to-peer network, seeing the mapped drive and the PC (as well as the other 2 PCs) that is sharing the drive (all Win10 Pro).

I can connect to the VPN, I can ping the router, I can open the routers web screen on the LAN's subnet 192.168.1.x, but I cannot get to the mapped drive, nor ping any of the 3 pcs on the ptp network.

I am using Symantec Endpoint SBE cloud version and used their tech article TECH227035 to open their recommended ports inbound & outbound and local and remote
UDP 500
UDP 4500
TCP 443
TCP 1701
TCP 1723
as well as OpenVPN's article that also showed these 2 ports and did the same both directions and local and remote
UDP 1194
TPC 943

I am stuck.  I've contacted Symantec tech support, which pointed me to their tech article (which I had used), and searched openvpn.net, but no luck.  The laptop I am using is on a different subnet 192.168.43.x to not conflict with the work subnet (though even when I remoted on a 192.168.1.x subnet, I could still see the CISCO router and ping it, but switched to my hotspot to get on a different subnet to rule out that conflict).
0
I recently upgraded from a 5505 to a 5508 and due to the new IOS, part of my configuration no longer works. We deal with a 3rd party vendor that requires VPN traffic to come from a specific subnet. So I setup a policy NAT to mask our private IP. Here are both configurations. I am certain I missed something. Thoughts?

ASA Version 8.2(1)

access-list inside_nat2_outbound extended permit ip 10.57.1.0 255.255.255.0 x.x.x.x 255.255.252.0
access-list inside_nat2_outbound extended permit ip 10.224.166.112 255.255.255.240 x.x.x.x 255.255.252.0
access-list outside_7_cryptomap extended permit ip 10.57.1.0 255.255.255.0 x.x.x.x 255.255.252.0
access-list outside_7_cryptomap extended permit ip 10.224.166.112 255.255.255.240 x.x.x.x 255.255.252.0
access-list inside_nat10_outbound extended permit ip any any

global (outside) 2 10.224.166.112
global (outside) 10 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 2 access-list inside_nat2_outbound
nat (inside) 10 access-list inside_nat10_outbound

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto map outside_map 7 match address outside_7_cryptomap
crypto map outside_map 7 set peer X.X.X.X
crypto map outside_map 7 set transform-set ESP-AES-128-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 86400

tunnel-group X.X.X.X type ipsec-l2l
tunnel-group …
0
I am trying to setup new VLANs on our new Meraki MS-220-48FP but unable to find any documentation or configuration setting. Anyone with experience with this model that can assist?
0
Hi,

Has anyone managed to get Cisco 7942G to work with RingCentral.  If so could you share the XML file, ours is just stuck on registering.

Thanks
0
Dear Experts, we could not setup the VPN connection between Router C3925 and Firewall Sophos XG210. Attached files are the log in both 2 devices. Please revise and suggest, many thanks!

Public IP address of Firewall Sophos XG210: {A}.{B}.{C}.{D}
LAN IP network of Firewall: 172.16.16.0/24

Public IP address of Router C3925: {Q}.{W}.{E}.{R}
LAN IP network of Firewall: 192.168.6.0/24


This is the configuration on Router

interface GigabitEthernet0/1
 description "ISP 1"
 ip address {Q}.{W}.{E}.{R} 255.255.255.192
 ip access-group SECURITY-IN in
 ip access-group SECURITY-OUT out
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in max-fragments 16 max-reassemblies 64 timeout 5
 duplex auto
 speed auto
 crypto map MYMAP

crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
crypto isakmp key 6 password_here address {A}.{B}.{C}.{D}
!
crypto ipsec security-association lifetime seconds 1800
!
crypto ipsec transform-set MYSET esp-des esp-md5-hmac
!

crypto map MYMAP 10 ipsec-isakmp
 set peer {A}.{B}.{C}.{D}
 set transform-set MYSET
 match address 106

access-list 106 permit ip 192.168.6.0 0.0.0.255 172.16.16.0 0.0.0.255

Open in new window


Here is the configurations on Firewall:

IPSec profile:
Firewall_IPSec.JPG
IP Host:
Firewall_IPHost.JPG
Firewall rule:
Firewall_Rule.JPG
Firewall VPN:
Firewall_VPN.JPGRouterCisco3925Log.txt
FirewallLOG.JPG
0
Dear Experts, we need to setup VPN site-to-site connection between Router Cisco 3925 and Firewall Sophos XG210, does anyone have experience? Can you suggest how to and some reference links?
0
Get Certified for a Job in Cybersecurity
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

I have a Cisco 2921 router that has a lot of errors on one of the interfaces.  I'm trying to troubleshoot the issue with as little downtime/inconvenience to the users as possible,   The Cisco IOS version is:  Version 15.2(4)M6

Here are the interface statistics:
GigabitEthernet0/1 is up, line protocol is up
  Hardware is CN Gigabit Ethernet, address is f40f.1b91.7b41 (bia f40f.1b91.7b41)
  Description: LAN
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 4/255, rxload 15/255
  Encapsulation 802.1Q Virtual LAN, Vlan ID  1., loopback not set
  Keepalive set (10 sec)
  Full Duplex, 1Gbps, media type is RJ45
  output flow-control is unsupported, input flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters 02:45:35
  Input queue: 0/75/77/6474 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: Class-based queueing
  Output queue: 0/1000/0 (size/max total/drops)
  5 minute input rate 61854000 bits/sec, 7176 packets/sec
  5 minute output rate 15748000 bits/sec, 5397 packets/sec
     124980042 packets input, 3767527893 bytes, 0 no buffer
     Received 82872 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 10 throttles
     31838 input errors, 0 CRC, 0 frame, 31838 overrun, 0 ignored
     0 watchdog, 2309 multicast, 0 pause input
     105447437 packets output, 594788495 bytes, 0
0
Looks like the re-seller sold us network gear (routers, firewalls, switches, controllers) without any manufacture or 3rd party support.  Probably cost effective that way.  Now they getting me a support quote.  Tricky?

Questions.  Can they do it normally?  And does it mean I wont have any support even day 1 after installation?

This is in US and licensed large certified reseller.  Network gear, Cisco/PAN.
0
Hi

My predecessors had configured a subnet for  10.14.98.0/24 on the core switch with a separate VLAN and the VLAN ID is: 98. On the wireless controller I created new SSID called MARKT and also during the SSID configuration – under Advanced options – for the access VLAN , I have put 98.
Also I configure DHCP scope on the DHCP server and the address pool is (Start IP 10.14.98.2 – End IP :10.14.98.254)

The SSID (MARKT) gets broadcasted and when I click –connect- and after putting the wireless key and says ok. On the system tray - SSID the wireless icon I can see a yellow exclamation mark - it says Limited access.
Also if I hover the cursor on the wireless icon, it says domain. Local 2(unauthenticated)
No Network access.
If I do an ipconfig on the laptop it is releasing a different IP that belongs to a different SSID and subnet.
Please let me know how to troubleshoot this as where the problem could be . When do the ipconfig it must release the IP form this scope (10.14.98.2 – 10.14.98.254).
The Core switch is CISCO 3750  and the edge is WS-C2960X-48LPS-L.

This SSID is a new setup not sure if some configuration is missing .Any help will be great and thanks in advance.
0
I have installed a new RV340W router and have no problem connecting outside routers with VPNs except for one router, It is a FVS318v3 and it will establish Phase 1 but says Phase 2 is idle and wont cnnect or transmit any data? Any help is appreciated. Thank you.
0
On cisco IP phones (model number 7911) it stores some useful information about placed/received calls in the directories application- is this data stored locally on some storage within the phone, or would this be stored in a central database in a managed voip environment, if so being a cisco device can you elaborate where that information may be stored.
0
Dear Wizards, we have strange problem with our network; our devices are Cisco router 3925, core switch 3750, access switch 2960. There are several subnets, we created a extended Access list to allow all these subnets and NAT all of them via router's WAN interface (overload) and everything works normally (For example: they can access a Web Server)

But one day, users in a subnet said that they could not access Web Server but Internet is OK. When we create a new Access list, permit this subnet and NAT it via a  (overload) Pool of public IP addresses, then they can access that Web Server again.

What is the problem here? and how can we avoid it? Many thanks in advance.
0
Wanted to see if anyone had any knowledge regarding providing 4G LTE as a backup line for an enterprise office.
I was investigating some Cisco / Meraki options, including :

- Cisco 890 series ISR
- Meraki router + Inseego (formerly Feenet Wireless) Skyus DS

Would anyone have any info or experience with one of these as a solution for a temp situation or as a backup solution.
Appreciate in advance.
0
Set-up issues


I will preface this by saying I had a UTM120 for three years with the UTM9 OS and right now thinking boy I miss those days.  I was told that my appliance was nearing end-of-life so to renew licensing I went with the XG115.  I had configured UTM9 on my own and generated help desk cases if issues arose.  This appliance is quite a bit different.  Firmware XG115 (SFOS 17.0.0 GA) so on the latest firmware.

What I am trying to resolve right now is that any type of web surfing is extremely painful.  I have an on-premise Exchange server so port 443 is being forwarded to it but I also have the default network rule of WAN to LAN all ports and all services are open.  I have a similar network rule that WAN to LAN port 443 is open thinking of other workstations that initiate SSL traffic it will find its way back to the device that initiated the traffic.  Let's face it.  Most web sites are https.  I am constantly being warned that the certificate cannot be verified and I have to click to still access the site or create an exception for the site depending on the browser.  I cannot log in using an account to any web site.  Some sites I can't even create the exception in Firefox.  I can't use the StartPage search engine.  Amazon looks like crap.  No pictures and just a bunch of links.

A little bit on the network.  Uverse gateway goes to a Cisco ASA appliance that I consider my perimeter (and why not have another layer of defense !).  The XG is in bridge mode.  For a …
0
When I add a debug to a 4500 switch at new work place, “show log” is failing to display my debug. Which logging command gets that going?
0
Independent Software Vendors: We Want Your Opinion
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

I'm using Cisco VPN client to connect my laptop to my office domain, and to then use RDP. This was working fine, up until Monday. Not working anymore. The VPN connects, but I can't use RDP or ping any of the computers on the network. (I don't know whether I was able to ping before, because I never tried. This laptop is not part of the office domain, in case that matters.)
0
Hi there,

I have an ASA running the internal network out one interface (let's call it int1 on network 1) and a wless guest out of another (let's call it int2 on network 2). So far so good, each segments connects to its own switch and things are properly routed to the web. I'd like however to have the APs broadcast the internal network and guest ssids (out of the same ap). reading the ap documentation i see the options to create the virtual ap and associate it with another vlan (network 2 in this case) My question is this: I can trunk the ports to the AP for both vlans but do I need to do anything on the ASA int1 as it's configured as network 1 and the guest clients will be going to network 2?

thanks.
0
Is there a way to create reports that would show any policy related changes to a Cisco ASA 55xx firewall? For example, how could I show any rule changes that were made over the last week, month or quarter. Thanks so much!
0
From my understanding "service password-encryption"  command encrypts all the password on the running config.  

How do you encrypt just the line con 0 password  ?
0
does "switchport mode trunk" command allow all vlan by default or I do I need to issue "switchport trunk allowed vlan all" ?
0
The VPN type is policy based since it appears route based is not supported on the 5520. I have researched a lot of resources but I'm currently stumped.
Thank you
0

Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).