I have ordered 1 GB internet service (BW) hand off from Bell. The firewall will be the gateway for 5 offices with total 200 users. I would like to install CISCO ASA 5500 series as internet gateway. ASA will have VPN to AZZURE as well for AD and SQL sync. Can you suggest the ASA model best fit for us? Current firewall is 5508 X which handles 1 office (40 users) and 200 GB hand off but we are upgrading the circuit to 1 GB and adding 4 more offices (total of 200 users).

I have a Cisco Voice Gateway 4331 that handles all of our calls in conjunction with Cisco Call Manager.  The voice gateway has a PRI circuit connected to a port and three POTS lines using the remaining three ports.  In this example, I want to have the internal extension 3337 use the specific port of a POTS line on port 0/2/2.  This is for a fax machine (attached to CUCM via an ATA 190) that only sends and I am having trouble with it being reliable over the PRI.  I was hoping to tie it to a POTS line to avoid trouble.

I tried the following and it did not seem to work correctly.  I feel like I am missing an important component:

dial-peer voice 3199 pots
desc ***** Send faxes over pots lines for mailroom *****
preference 1
answer-address 3337
port 0/2/2
forward-digits all

In the above, I am attempting to identify the internal extension of the fax machine (3337) so that it can be directed to use the POTS line on port 0/2/2.  Is there another set of commands that I might be missing?

Restoring an Archive File to 2960

I can successfully transfer a file to and from my Cisco 2960 switch. I have an archive function in my configuration and it works great. I am trying to restore a config from my backup location to the flash on the switch. I can successfully SCP from the switch to my backup location and transfer the files to the switch flash. The file shows/ displays there. However, the file size on flash shows zero / 0.

I have verified the contents of the config in notepad. The file size, when viewed from computer, is 13 KB. I can open in notepad either using a .txt or .cfg extension.

After upgrading our FMC 4500 to 6.5.0, we can no longer SSH into it.

Here are the symptoms:

1. Before upgrade, we could successfully use Putty and SecureCRT to access CLI via SSH

2. We are trying to use Putty and SecureCRT and neither emulator is working after the upgrade.

3. SecureCRT says "password authentication failed"   see pic

4. Putty says "access denied"    see pic

5. We have verified usernames and pw's of people attempting to access and they have admin rights.

6. We have attempted multiple users

7. We are not using external authentication. All of our users have local accounts to the FMC

8. See attached FMC Log file tooFMC-Log.txt

I am doing some discovery on a spoke of a DMVPN. I don't have access to the hub/hubs.
In the configuration seen below I have several ip nhrp map multicast statements and ip nhrp.
Is this indicating that this spoke has six different hubs to which it *could* register if the first one goes down? Thank you.

 ip nhrp map multicast 66.66.8.129
 ip nhrp map 10.77.126.1 66.66.8.129
 ip nhrp map multicast 66.66.8.130
 ip nhrp map 10.77.126.2 66.66.8.130
 ip nhrp map multicast 66.66.8.136
 ip nhrp map 10.77.126.3 66.66.8.136
 ip nhrp map multicast 66.66.8.138
 ip nhrp map 10.77.126.5 66.66.8.138
 ip nhrp map multicast 66.66.8.134
 ip nhrp map 10.77.126.7 66.66.8.134
 ip nhrp map multicast 66.66.8.131
 ip nhrp map 10.77.126.9 66.66.8.131

https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-2960-x-series-switches/eos-eol-notice-c51-736509.html
Above link mentioned it's the IOS that will be EOSL.

What's the EOSL date for Cisco 2960x hardware itself & what's the replacement model?
We need a model that has 48 more months at point of implementation.

I have multiple Cisco swithces 3850's and 2960's in my envirronment.  I am using port channels on some, but is there a command to tell if LACP is enabled on every port on a switch or certain ports only?

I have a remote site that is connected to our main site using a WAN between two Cisco routers. The Cisco GRE tunnel is up and stable.
At the remote site I have a mix of Windows 7 and Linux PCs on a single 192.168.37.x subnet with mask 255.255.255.0. The gateway is 192.168.37.10.

At my central site I have two RDS servers on a single subnet. The servers IPs are 192.168.39.246 and 192.168.39.222. with subnet mask 255.255.255.0. I use EIGRP and RIP across both subnets and the route tables in the routers are good. The gateway is 192.168.39.10.

At the remote site all of the Windows 7 PCs can remote access both servers using mstsc.exe.
At the remote site only some Linux PCs can access both servers using rdesktop/ping.

I have three out of five Linux PCs at the remote site that can only access the server with IP address 192.168.39.222. They cannot reach the server address 192.168.39.246 using rdesktop or even ping. The server firewalls are the same. The Linux installations are identical, having been cloned from the same image.  This was working until about a week ago.  Now these three machines can only see the one server. There are no ACLs on the Cisco routers that would cause this. There are no firewall settings on the Linux boxes that I can see.  I have numerous Linux PCs on the central site - all can see both servers. If I try reaching the remote PCs from the ~246 server, only the two that can reach it can be pinged or accessed using VNC. The Linux PCs that cannot see …

Hi

We are trying to authenticate from a Cisco ASA firewall with our Domain Controller that is hosted in Azure over a site to site VPN connection.  We have this working fine from the ASA to our on premise DCs using IPSec VPN.

Azure support have said we should add a rule on the NSG to allow this traffic through (they have tweaked it too) but does not work.  It times out on the firewall console (this is externally managed).

LDAP connection over the site to site VPNs to the DC works fine using LDAP.exe and i can bind to it.  

Ideas?

I support several Windows Server 2016 servers and not running into this issue
- At first, I thought we had a router issue. The router has been upgraded to a newer Cisco model (originally we were using a "Netgear Prosafe router")
- The server is not in a domain. There are approximately eight computers in a peer-to-peer network at this time. The computers cannot map a drive to the server until we physically change it from public to private. Then it connects. But on the server, I cannot change it to private.
- When the server is rebooted, all users lose connection to their map drives until we go back and change the PC from public to private (or work on older Windows 7 PCs)

I'm trying to set up a certificate on a Cisco ASA-5506x for the first time and wanted confirmation that I'm on the right track.  The immediate reason for it is for PCI compliance, but it would generally be a good thing anyway.

We don't do any hosting where the ASA is located, but we are using VPN connections.

My understanding is that I can do it as follows:
1)  Set up a new A record on the DNS server for our domain (ourdomain.com) named asa.ourdomain.com and point it at the public static IP address of the ASA
2)  Obtain a certificate for asa.ourdomain.com from a certificate authority using DNS authentication (I do have access to the DNS server for the domain)
3)  Install the certificate on the ASA

Am I on the right track here?

Will a Cisco 1000BASE-SX SFP work in an Palo Alto Networks PA-3020 SFP slot?
My googling is not being helpful on this one. Thank you.

Hello.  Let me first explain our problem and a brief explanation of our setup, and then I will go into details.

We currently have a Cisco Firepower 2110 and are using this for a site-to-site VPN to our other building. There are no issues here. We are attempting to set up a RA VPN, and when testing - by allowing inside interface as access - we can connect internally. The problem is we can not connect externally.

I did have a Cisco ASA 5500 series before, and we did have a S2S and RA VPN functional on it.

Now, here are the details.

Cisco FP 2110, managed through FMC, IP: 192.168.80.45, FMC .46.

Objects
     int.grp.vlans: 192.168.1.0/24, 192.168.10.0/24 ... 15, 20, 40, 60, 70, 80
     vpn.net.vpn: 192.168.110.0/24 (VPN Pool is 192.168.110.100-200)

Interfaces

Eth 1/1 - WAN / Outside / 96.x.x.17 / 255.255.255.240
Eth 1/2 - Inside / inside 192.168.1.254 / 255.255.255.0

Routing
   
NAT Translation
   
Access Policy
   
I am desperate to get this to work, as it needs to be up by November 5th. I have zero idea why this is not working, and am sure it is something very simple I am missing. I have set this up before and had no issues. We did try using a different outside port (500). When we did, we received this in the connection log:


Thank you in advance, and please ask for any other required information!