Cisco

22K

Solutions

40

Articles & Videos

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi All,
I passed my ICND-1 about 2 weeks ago and now preparing for my ICND-2. ICND-1 was not an easy exam and I can only imagine that ICND-2 will be even tougher, I did not do a lot of lab work for ICND-1 but  have a pretty good idea that I need to spend a good amount of time on labs, specially on OSPF and EIGRP labs. What are some of the resources you have used and what are some topics that need some extra attention, I couldn't believe that STP is such a big topic in ICND-2.
0
Free Tool: IP Lookup
LVL 8
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Need to refresh DHCP IP address reassign Needed to command
0
Good evening ladies and gents,

I am currently trying to up link a Nexus  3172TQ to an existing and live production 3850e stack.

The aim, and requirement is to have 4x 10GB ports (on one switch) on the 3850 stack to one 40GB port on the Nexus 3172TQ.

I am using a compatible QSFP-4SFP10G-CU1M cable, but not too sure if the config required on the interfaces on each switch.

I have attempted just the cable, with just trunks. I also attempted to create a port-channel with the idea of 40GB throughput to 40GB throughput.. however i only get link lights on the 3850 and nothing on the Nexus . I get a "link state" down on the Nexus, but admin interface is up.

It doesn't seem to see the cable on the nexus, and i just cant figure out why. Is there a certain config for these cables?

Thank you, please let me know if you require anymore info.
0
Experts Exchange team is looking forward to going to Cisco live next week. Any community members going to be there?
3
GettyImages-531851572.jpgIf you're heading to Vegas next week for Cisco Live, we'd love to hear all about your experience as an attendee. Interested in writing an article recapping your week at the conference? Contact us at ewooddell@experts-exchange.com.
2
Odd one. We installed a Meraki MX 84 firewall in our office. We have successfully connected via VPN from at least 5 different remote locations. However, my Windows 10 machine WILL NOT connect.  We have connected a couple different Win10,Win7,Ipads, Mac books just fine. My windows 10, using exact same set up as other Win 10 machine fails to connect, giving error of "L2TP Connection attempt failed because the security layer encountered a processing error during inial  negotiations"

I started a case with Cisco, who had me do a packet capture. They confirmed that my PC was sending packets to Meraki. We checked IKE and AuthIP IPsec Keying service was set for "automatic" and running.  It was...

We added correct registry key for "AssumeUDPEncapsulationContextOnSendRule." Done...no luck

At this point, CISCO suggested I call ISP to see that my cable modem was set to enable VPN Passthrough. It is....

I then successfully added my Android tablet to connect VPN via the same wireless router/ ISP connection from my home.  that worked fine.

Set my Windows 10 box to use 8.8.8.8. DNS...still no luck

Not sure what else to check

We are using Layer 2 Tunneling Protocol with iPsec(L2TP/IPsec)

Require Encryption (disconnect if server declines)
Encryped Password (PAP)
Using a preshared key.

These setting have worked seamlessly with all others EXCEPT MINE !
Verified username and password. Verified Preshared Key.

Any suggestions ?
0
I am just trying to confirm if passing the 210-451 CLDFND - cloud foundation help in extending the ccna r&s certification  and ccna security certificate which is due to expire.
0
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
0
I have CISCO 871 router.I want to configure my internet on that. However I was unable to access my Router through my laptop.
I have connected my Internet cable on WAN port of cisco router and Router had 2 lights running One is OK and Another on WAN but I dont have any idea about how to access Router and its configuration file , Please help asap.

Regards,
Sudhanshu
0
Our CISCO Wireless Controler is hanging from time to time with the SYS led blinking Amber.  Is there any fix for that? Attached is the System log
WCS-LOGS.txt
0
Efficient way to get backups off site to Azure
LVL 1
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Getting Msg:-
boot: cannot determine first executable file name on device "flash:"
0
I have cisco 3650 and 3560G connected one to one port as trunk. Ports are gig1/1/1 to g0/1

What is the recommended etherchannel configuration from port gig1/1/1, gig 1/1/2 to g0/1, g0/2?
0
For example I have an inside host on 192.168.1.10 and I need to port forward ports 5000 to 5010 from the outside.
What are the steps please.
0
Hello,

until this year we using Cisco Cloud Web Security (CCWS)  more as clientless Proxy (web access control and reporting) then Web Security.  I write "clientless" as this proxy intercepting HTTP/HTTPS traffic on Cisco ASA level not bothering admins with setting up wpads and interfere with PC/servers browser configuration.

However Cisco announce End-of-Life for CCWS and say Cisco Umbrella as a replacement. Its probably better product for Web Security but it is no more Proxy (web access control and reporting) or at least not in typical way as Umbrella only route "suspected" traffic thru their proxies so other traffic. There are for example no reports on user traffic.

My question then - do you know any "clientless" Proxy replacement ? Best of course if it can cooperate with Cisco ASAs but not critical.
0
Dear Experts,

I need to configure the ASA Firewall NAT, but this command does not work, does anyone know how should I type the proper command?

global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 192.168.6.0 255.255.255.0
0
I had this question after viewing Network issues with Linux Bonding and Cisco 2960-S.

Old, question... but its talking about bonding cisco and linux sides.  I have successfully setup linux bonding (mode 4 - lacp ) with cisco switches ( 4948 ) in the past.  But what i want to do now, i dont know enough about cisco to do so.  I am a devop guy, so networking, especially cisco gear, is a little outside by knowledge base.  

Goal:
setup some kind of bonding on the cisco side that allows me to first plug a server in, boot it, install from the network, then reconfigure it into a bonding setup.... automatically.

I have a bunch of servers i am trying to automatically deploy.  i want to boot them up with nothing on them, use the ubuntu MAAS (metal as a service ) to install an OS on them, then use ansible to connect to the newly installed server to then create the interface bonds.  At that point, i would then like the cisco switch to use lacp( or some type of similarly useful bonding ).  

The issue is a chicken/egg scenario.  You have to create the port channels on the cisco and add the ports to them and set them for lacp( as far as i know, and why i am asking this ).  On the linux side, you then need to setup bonding and set the mode to 4.  Since i am doing everything automagically using MAAS and ansible ( tested and working ).  It SEEMS i cannot setup the …
0
We have been asked to connect a 200Mbps fibre connection (expandable to 1Gb) to 10 independent business units in a small business park. The fibre provider will put a Cisco 1921 router on the end. They have no interest in managing the ongoing connections to the individual business units. That's down to us. Someone recommended a Cisco SG500 switch to add to this to satisfy the requirements:

1. control of bandwidth to each unit so they each get what they have asked for (and paid for) and no more
2. separate public IP assigned to each business unit (one each)
3. each unit can only access internet and not each other's networks

This is a little outside my day-to-day networking experience so rather than fumble my way forward, any pointers, issues to watch out for would be much appreciated.

Thanks,  Andy.
0
I have a remote client with an ASA 5200. They are going to get fiber, but for now are using their building's internet. The ASA config is below (edited for anonymity). It is able to ping the gateway (10.133.30.177), as well as 8.8.8.8 and other IPs. When attached to the 0/2 interface, a machine gets an IP in the 192.168.220.0/24 and can ping 192.168.220.1, but no further (not even 10.144.30.190). I've run "packet-tracer input inside icmp 192.168.220.102 8 0 8.8.8.8 detailed"

Here is my config:
    ASA Version 8.3(2)
    !
    hostname NY-ASA5200
    names
    !
    interface GigabitEthernet0/0
     shutdown
     nameif FIBER
     security-level 0
     ip address 172.16.0.1 255.255.255.0
    !
    interface GigabitEthernet0/1
     nameif INET
     security-level 0
     ip address 10.144.30.190 255.255.255.240
    !
    interface GigabitEthernet0/2
     nameif INSIDE
     security-level 100
     ip address 192.168.220.1 255.255.255.0
    !
    interface GigabitEthernet0/3
     shutdown
     no nameif
     no security-level
     no ip address
    !
    interface Management0/0
     shutdown
     no nameif
     no security-level
     no ip address
    !
    ftp mode passive
    dns server-group DefaultDNS
    object network inside-subnet
     subnet 192.168.220.0 255.255.255.0
    object network outside
     host 10.144.30.190
    access-list inside_out_acl extended permit ip any any
    access-list inside_out_acl extended permit icmp any any
    pager lines 24
    

Open in new window

0
I had this question after viewing Wifi issue with asa 5506.

How to you return from AP>. Prompt to the asa prompt (cisco asa> )?

I sessioned into the cisco 702 AP but can't get out it
0
Free Tool: Port Scanner
LVL 8
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Calling all tech professionals!

Anyone attending Cisco Live later this month? Would you like to be interviewed about your experience at this conference? I'd love to hear from you! Email me at ewooddell@experts-exchange.com.
5
Is is possible to use ports on an ASA5506 as switchports to plug a PC in for example.  I am replacing a Cisco 5505 at an office with this 5506,  and I'm having problems using it in the same fashion as an ASA5505. I have the ASA5506 connected to my cable modem, got my VPN's up, but am having issues using a port as a switchport for a PC.  Any suggestions?
0
Cisco Unity Express - Version 8.6.7
Cisco Unified Communications Manager Express - 15.6(3)  / CME 11.5

Internal extension to extension calls will transfer to voicemail fine.

Calls from outside that go to voicemail get the message - "There is no mailbox associated with this extension, wait while I transfer your call."  Then it goes to a busy signal.

If the extension is forwarded to another extension internally, calls from both inside and outside will transfer to the other extension.

If the extension is forwarded to an outside number (we dial 9 to get out and enter it into the number to forward to) calls from outside will be transferred to the outside number.  Calls from inside get a busy signal.

Any help would be much appreciated.
0
Hello all,



I'm having problems pinging from my data subnet (192.168.0.0/24) to my voice subnet (10.10.10.0/24). data subnet is connected to 0/1 and voice subnet to 0/2 on my ASA5510. I've tried adding static routes on each of the switches and enabled ip routing as well. Voice Switch has VLAN1 with ip 10.10.10.2 with 10.10.10.1 being the IP on 0/2 on ASA.  Likewise Data Switch has VLAN1 with ip 192.168.0.2 and interface 0/1 on ASA has 192.168.0.1.



Can someone please point me in the right direction?



Thank you!
0
I have an Engenius EAP600 which I have configured only for Guest Wifi. I wanted to separate the clients that connect to that AP to only allow internet access and block any kind of local network access. The AP is connected to a Layer3 Cisco Switch which then connects to an ASA-5505 firewall. I'm a little rusty on VLAN could someone help with the commands for the Switch and the ASA to set this up?
0
Hello,

Is the WLC 2504 capable to support HA SSO mode?

thanks
Wilson
0

Cisco

22K

Solutions

40

Articles & Videos

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).