[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x

Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi Folks,

I have a CISCO ASA with 14 site to site VPN with CISCO 1921 on remote branch. All work good, only interesting traffic come into VPN for now.

We are openning a new site, and this new one, we would passe all traffic into VPN. I chnage ACL 101 from this :

access-list 101 permit ip 172.17.112.0 0.0.7.255 172.17.0.0 0.0.255.255
access-list 101 permit ip 172.17.112.0 0.0.7.255 172.16.0.0 0.0.255.255

To this :

access-list 101 permit ip any any


Remote branch IP : 172.17.112.0 / 21

4 primary vlan : 172.17.112.X, 172.17.113.X, 172.17.114.X and 172.17.115.X


Datacenter IP : 172.16.0.0

On ASA, my be is the NAT ?


Actually, we have this config for new site into ASA:

object network obj-SITE-PUB
 subnet 172.17.112.0 255.255.248.0

 
name 24.56.78.9 Remote_Pub


access-list outside_13_cryptomap extended permit ip 172.16.0.0 255.255.0.0 172.17.112.0 255.255.248.0
access-list outside_13_cryptomap extended permit ip 172.17.0.0 255.255.0.0 172.17.112.0 255.255.248.0


crypto map outside_map 85 match address outside_13_cryptomap
crypto map outside_map 85 set pfs
crypto map outside_map 85 set peer Remote_Pub
crypto map outside_map 85 set ikev2 ipsec-proposal AES256

tunnel-group 199.16.1.16 type ipsec-l2l
tunnel-group 199.16.1.16 ipsec-attributes
 ikev2 remote-authentication pre-shared-key xxxx
 ikev2 local-authentication pre-shared-key xxxx

 
 nat (any,outside) source static obj-DCNetwork obj-DCNetwork destination static …
0
Hello,

I have a problema with CUC. The CUC was running in a virtual machine in vmware, the UCS server was disconnected and when I connected de UCS and power on the CUC virtual machine, the CUC had an error; I atach the error image.

Appreciate your help

thank you
0
Hi,

Could Any one advise on how Cisco QOS determines the Available bandwidth on a spoke.

I know how to configure it , but i really want to know what is the mechanism of Cisco to identify the bandwidth fluctuations.

Like does it send any probes to the other end point or does it do periodic stress test between end points to find the bandwidth on the link.


Please advise , i really wan to know the mechanism of it.

Thanks,
AARAV
0
Running Cisco Unity Connection v11.5.  We utilize Office 365 with Unified Messaging.  Have a user assigned to an extension with Unified Messaging; gets email fine.  I created a System Handler that forwards to a mailbox and that mailbox is also assigned to the same user and has Unified Messaging.  When someone internal calls the user's extension and leaves a voicemail, they get a Delivery Notification Status (Failure) Message could not be delivered to the following recipient(s):.  They do not get teh voicemail in their inbox.  If I dial the System Handler internally, get routed to the mailbox and leave a voicemail, I do not get the Failure message and the message is delivered to the email inbox.

In Unity, if I have the user's extension open, I get a message stating:
Two or more users have unified messaging accounts that are configured to access the same Exchange mailbox.

Can I not have 2 mailboxes utilizing the same mailbox for Unified Messaging?
0
I have a cisco 1841 router with Cisco IOS Software (C1841-BROADBAND-M), Version 15.1(4) M6,
My issue is that the command zone is not available in global configuration.
As per my knowledge the image is supporting ZBFW.
Does anybody know what I'm doing wrong.
0
I would like to know where or if I could purchase a license for ios 15.2 for the above product? or would purchasing a smartnet agreement be better?
0
Hey Everyone,
We have got a sonical and Barracuda email security gateway in DMZ ( public IP x.x.x.23 and private 172.16.32.55)
All the rest of the network including exchange server 2010 and DC are behind the ASA,( Exchange public x.x.x.20 and private 192.168.1.10)
 everything here is working fine

We are about to replace the sonicwall by an ASA5506-x and also change the service provider we are basically getting new public ip address
i'm confused about the NAT policy in the firewall and access list , does anyone here know how the configuration would be in the ASA side( Nat , access list,)

Thanks
0
Is it possible to NAT addresses from 3 separate VLANS on a layer 3 switch through a connected router?
0
Earlier I asked about the PAN Palo Alto FWs and how are they compare to Ciscos.  We basically narrowed down to PAN firewalls.  Just want to check pricing on Junipers and opinions.
What about the Junipers?  
Any good opinions?  
Thank you!
0
I have an ASA5510 running 8.0(4), that already has a number of internal networks that are permitted to be seen by anyone using VPN. I've recently attempted to add a NEW network that already exists to the VPN/allowable pool of networks with some issues. I'm not able to connect to anything on the 172.16.9.0 network from 172.16.10.0(VPN) once connected to the VPN network, but can to any others that are defined.

192.168.200.2 & 192.168.200.1 are interfaces on my ASA5510

Our VPN network is :172.16.10.0

Here are some lines that I've added:

access-list no-nat extended permit ip 172.16.9.0 255.255.255.0 172.16.10.0 255.255.255.0
access-list vpn_range extended permit ip 172.16.9.0 255.255.255.0 any
route inside 172.16.9.0 255.255.255.0 192.168.200.2 1



excerpts from a show run:

access-list any extended permit ip any any
access-list no-nat extended permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list no-nat extended permit ip 192.168.20.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list no-nat extended permit ip 192.168.11.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list no-nat extended permit ip 192.168.20.0 255.255.255.0 12.12.12.0 255.255.255.0
access-list no-nat extended permit ip 192.168.30.0 255.255.255.0 12.12.12.0 255.255.255.0
access-list no-nat extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list no-nat extended permit ip 192.168.2.0 255.255.255.0 172.16.10.0 255.255.255.0…
0
Dear Experts, we got this error in our router. Can you please give us some advises? The router keep restarting unexpectedly each few hours

R1_LLNetnamFpt#sh version
Cisco IOS Software, C3900e Software (C3900e-UNIVERSALK9-M), Version 15.2(2)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 16-Nov-11 01:18 by prod_rel_team

ROM: System Bootstrap, Version 15.1(1r)T1, RELEASE SOFTWARE (fc1)

R1_LLNetnamFpt uptime is 1 hour, 35 minutes
System returned to ROM by bus error at PC 0x2B920B3, address 0x2B920B3 at 14:43:33 ICT Tue Sep 26 2017
System restarted at 14:45:04 ICT Tue Sep 26 2017
System image file is "flash:c3900e-universalk9-mz.SPA.152-2.T.bin"
Last reload type: Normal Reload
Last reload reason: bus error at PC 0x2B920B3, address 0x2B920B3

Open in new window

0
Dear Experts, seems like our Router was restarted unexpectedly, when we checked the log, it shows:

Sep 26 03:49:53.005: %SYS-5-RESTART: System restarted --
Sep 26 03:49:53.005: %SNMP-5-COLDSTART: SNMP agent on host R1 is undergoing a cold start

Open in new window


Can you please advise? Many thanks
0
All of a sudden my cisco anyconnect will not work.  It connects but I cannot connect to any shared drives or ping anything on the host computer.  Any ideas?
0
Dear wizards, my router was hang this afternoon. Internet for email system was interrupted for about 20 mins. we could not telnet or connect to it via console port, and had to reset the router to bring it back.

so how can we know what happened? where can we find the logs? was it a signal of DDoS attack? and if so, how can we mitigate it?
0
I will have a chance of interview for the subject job position.

Can you share with me what I should look up and prepare before the interview?
0
I have a Cisco 1811 that won't boot due to a memory issue.  It has a 64MB compactflash card in it.  Does that card have the running config?  I don't believe I have a backup of the config anywhere.
0
We currently have a WLC 5508 with a 2nd for High Availability. It is managing the following models:
1041N
1042N
1142N
1131AG
1242G
1510AG
1552
We are considering adding the following models:
1702
2702
1562
3802

The questions are:
1. What firmware version do we need to upgrade to, to handle the proposed new models?
2. Which, if any, of the existing models will not be compatible with the new firmware version?
3. From the point of view of licensing, we don't need to have separate licenses for the HA, do we?

Thank you
0
What is the best practice of backing up Cisco Call Manager 11.5 ? (VM)
0
Digging into Call Manager 11.5

What is cube ??
0
I have the following environment
1.      Users “pc’s Win 7 with a GUI application is pulling and sends informational requests to an AS400.
2.      The pc’s are located in an office on the east coast New York, and the AS400 is in another office in the Florida. In the Middle is a cross connection router and firewall located in North Carolina.

Problem:
All Users in the Florida office using this application experience the following everyday and at least once day.

The user or users in the Gui application first receives a small swirling circle while in a transaction like the program is thinking !, and then receives this message from the program “ this program has terminated”.  This happens everyday.

>>What type of a problem is this, application or networking. And how do I resolve this. ?
0
Just want to get folks opinions.  Anyone using them?  Any feedback?
Trying to implement sparkboards in every new office and eliminate things like conference phones, polycoms, and all that legacy stuff.

Thanks.
0
I've been having some network issues, where for a moment or so, the internet and just network access stops working for almost everyone.

I started digging in the logs on some of the switches, and I came across this at about the exact time when this occurred.
What exactly does this mean?

      2486: Sep 21 19:57:57.069: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/1 on VLAN0001. Port consistency restored.

How can I further troubleshoot my network issue?
0
Hi All,

I'm installing the Cisco Anyconnect software to our ISR 4431 and it's asking me to setup RSA keys and self signed certificate but it's asking me to overwrite the existing one ? We have a site to site VPN setup that i think these keys were for so firstly if i DO overwrite the original one's then will this cause an issue with the site to site VPN or can i use the existing RSA keys etc with Anyconnect (and if so how)
Hope this makes sense.
Thanks
0
So, here is my scenario

Currently with 192.168.60.0/24 network set as VLAN200 on a switch, my router is 192.168.60.2.

Got a cisco 2960 switch as 192.168.60.1, and set with default GW 192.168.60.2

However, I need to set a new vlan for a vpn (mikrotik)

Mikrotik ip is 8.20.15.251/24

Ive created a VLAN400, as 8.20.15.0/24 and indicated the ip helper as the mikrotik. After assigning ports to that VLAN, it doesnt acquire IP, neither reach the GW (if I assign static IP to the computer). From the switch, if I try to ping the mikrotik ip, it does not respond (if I connect a computer directly on the mikrotik, I do get an IP, I can access it and even access the VPN services without problems)

Am I missing something?

thank you
0
I have a Cisco 4506 chassis with (4) 48 port switch modules in it.  It is on a known good UPS, has redundant power supplies and everything.  About six weeks ago, the switch restarted itself for no known reason.  I couldn't find anything out of the ordinary ... it just came back online by the time I got to the switch room.

Today, It happened right at 3:00pm.  Reports that I got had some people losing power to the Cisco phones (PoE) and others claimed the phone didn't lose power but the display said ethernet connection lost.  The phones losing power were on switch module 3.

I went into the IOS and did a sh hardware and got this:
Cisco IOS Software, Catalyst 4500 L3 Switch  Software (cat4500e-IPBASEK9-M), Version 15.2(2)E5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Thu 02-Jun-16 03:28 by prod_rel_team

ROM: 12.2(44r)SG5
ph-4506 uptime is 1 hour, 0 minutes
System returned to ROM by reload
System restarted at 14:58:59 CDT Wed Sep 20 2017
System image file is "bootflash:cat4500e-ipbasek9-mz.152-2.E5.bin"
Darkside Revision 4, Nexu Revision 9, Fortooine Revision 1.40

Last reload reason: reload

My question is, what else can I do from a troubleshooting standpoint?  Is it possible that just switch module 3 in the chassis lost power and the rest of the modules remained online?  I am having to accept end-user answers that some Cisco PoE phones lost power and some did not.…
0

Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).