Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

Great day,
I hope all is doing very well. I was wondering what are people views on
1. pass4sure
2,pass4sures
3.passLeader
I am hearing so much about them. Has anyone tried them? I am wondering because I am feeling a little lazy to study again for certs I have but thinking about upgrading them. I am already working with the product and have for years around 20.
If you do not want to reveal your honest opinion you can email at inhislikness@gmail.com and still get the point.
Yes the e is missing in the email
0
The IT Degree for Career Advancement
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

Hi Experts,

This week I got a Panasonic ToughBook CF-33 and switched my ISP from Bell to Rogers.

Over Ethernet, using speed-test.net, download with Bell was 300Mbps, with Rogers is 500Mbps.

Over WiFi, the ToughBoook was 80Mbps and now <20Mbps.  On my iPhone, Rogers is getting 300Mbps.

Why is my ToughBook now  under 20Mbps?

One thing that I noticed now is that with Rogers my router is now Hitron CODA-4582U, and the SSID for 2.4GHz and 5GHz can't be the same, where on  Bell (Cisco) they were. The ToughBook now cannot detect the 5GHz SSID. Does the ToughBook CF-33 not support 5GHz?

To make matters even more interesting, my printer only has WiFi interface, which makes it on a different network because of the mismatched SSIDs

As I am typing this I am wondering should I purchase another Cisco router and make the Hitron only as modem?

Any help will be appreciated.
0
Hello,

I have a Cisco network running 10/100/1000Mbps. Should I planning on upgrading it to 10Gbps, 40 Gbps, or 100Gbps? What would be involved? New switches, cabling? I would appreciate input from anyone who's also doing the same or planning on doing the same. I would like to know what devices, cables etc you are thinking of, your plan of attack and approximate costs.

Thank you so much in advance.
0
I'm looking for opinions about setting up DMZ VLANs on switches that are also used for internal networking vs. using separate physical switches for DMZs and internal networks.  Any concerns or benefits you can think of for one over the other.  Assume Cisco equipment.
0
Hi guys,
Does anyone know, how to check the serial number of the Power Supplies on a Cisco Wireless Controller 5508, either via CLI or GUI?
Thanks!

P.S. Show inventory will only show the chassis serial number
0
hello experts
i have a Cisco 1852 AP, configured it to controller, several Cisco 1832 have no problem to join it, but i have two AIR-CAP1702I-D-K9, i can't get it joined, i already update the soft to same version with the controller, 8.4.100.0, from the console i got the following message, not sure why it is trying to load c3700... file.
please advice.
thanks

*Jul 20 05:58:01.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.89.19.78 peer_port: 5246
*Jul 20 05:58:01.255: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.89.19.78 peer_port: 5246
*Jul 20 05:58:01.255: %CAPWAP-5-SENDJOIN: sending Join Request to 10.89.19.78perform archive download capwap:/c3700 tar file
*Jul 20 05:58:01.327: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.
*Jul 20 05:58:01.331: Loading file /c3700...
0
Hello looking for some help on this. My ISP did an update that made it necessary for us to update our outside IP address config setting from static to DHCP. I change it and give them the Mac address of the ASA and it usually after they update the table it pulls the correct IP address. That part seems to be fine but for some reason, after the change, my site to site VPN will not come back up. Nothing else has changed. Any ideas on this? 

ciscoasa# sho run: Saved:ASA Version 8.2(5)!hostname ciscoasadomain-name 111.comenable password w3iW.W8jLtqmhFnt encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0 switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1 nameif inside security-level 100 ip address 10.13.13.1 255.255.255.0!interface Vlan2 nameif outside security-level 0 ip address dhcp setroute!boot system disk0:/asa825-k8.binftp mode passivedns server-group DefaultDNS domain-name 111.comobject-group network obj_anyaccess-list NONATACL extended permit ip 10.13.13.0 255.255.255.0 192.1.1.0 255.255.255.0access-list VPNACL extended permit ip 10.13.13.0 255.255.255.0 192.1.1.0 255.255.255.0access-list OUTSIDEACL extended permit icmp any anypager lines 24logging asdm informationalmtu inside 1500mtu outside 1500icmp unreachable rate-limit 1 burst-size 1asdm image disk0:/asdm-731-101.binno asdm history enablearp timeout 

Open in new window

0
I do tech work for small businesses and I barley dabble in VPN connections. I'm using a cisco VPN firewall. This one site I have a VPN tunnel is live, but for what ever reason when I use one to one NAT the device on that IP loses internet connection.
I need the one to one NAT for them to be able to ping the device. Any advice as to what I can do to avoid losing internet on this device? Is there another way? Remember I'm bit of a noobie when it comes to this stuff.
Thanks in advance.
0
We have a legacy XP machine  that has custom software that  it uses for data collection of devices. The software upgrade is out of budget so we decided to put a firewall in the mix.

If we have 1 ASA and need to retain the IP address of the legacy XP machine with ports 400, 900, and 950 what would that config look like?
0
We have Cisco Callmanagers and Unity Connections for voicemail.  Our problem is this:
We have a number, say 1234.  It is set so that when a user dials it and it is busy or not answered, it rolls to 5678, which if not answered or busy, forwards to voicemail.  

The problem is, if you dial 5678 it works properly, eventually going to the mailbox.  However, if you dial 1234, it does eventually roll to 5678, but if not picked up, it then goes to the system general message instead of the vm for 5678.
0
Ultimate Tool Kit for Technology Solution Provider
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Have Cisco 1900 serial router a HA function ?
0
Hi Experts,

I am having a problem with my Cisco 897VA router and allowing access to internal servers from internal devices.

Any attempted access gets a not authorised response.  We can access it via IP or if placed in the host file on the user pc.  There is no issues accessing from external devices.

This however is a pain to do.  I do not wish to modify my internal DNS server at this stage or run a separate one for just one zone as this was working fine under a previous router, this has just happened since switching to the 897va.

Server we want to access has internal IP of : 192.168.0.254
External IP is: 114.xxx.xxx.153

This is my current sanitized running config:

Current configuration : 10024 bytes
!
! Last configuration change at 08:08:17 NZST Thu Jul 19 2018 by mike
! NVRAM config last updated at 21:35:34 NZST Wed Jul 18 2018 by mike
! NVRAM config last updated at 21:35:34 NZST Wed Jul 18 2018 by mike
version 15.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service sequence-numbers
!
hostname Gateway
!
boot-start-marker
warm-reboot
boot-end-marker
!
aqm-register-fnf
!
logging buffered 65535
logging console critical
enable secret 9 $9$3JnjQpR9JT50Sn$JLsMVFipNYhVK/xdt6uahIPXx87ZfnOiS8Yd36old6E
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login userlist local
aaa authentication ppp …
0
I have created new 26 vlan in cisco switch. But when i checked spanning tree instance for those vlan i see spanning tree instance only for 4 vlan for rest of vlan i did not see any instance.

Below is the message#

INND-S-D-01-AUS#sh spanning-tree vlan 626

Spanning tree instance(s) for vlan 626 does not exist


Note: All vlan are up,At present no port assign to these Vlan.
0
Hi All,

I am facing an issue while configuring soft zoning for host and 3 par.
when I activate zoneset on Switch1 , Switch2 zones deactivates and show 0 active path on storage and vice versa
only for 3 par. Other zones for other storage are still intact on those switch.
0
Hi

Ive got a HP MSA 1050 which has two controllers on the rear which has fibre connections (see image). I want to connect this to my network switch which is a CISCO 3560G Network Switch. What exactly do I need to connect it to the network switch so I can then attach it to my VM Host via the network?

Thanks
0
I have created new 26 vlan in cisco switch. But when i checked spanning tree instance for those vlan i see spanning tree instance only for 4 vlan for rest of vlan i did not see any instance.

Below is the message#

INND-S-D-01-AUS#sh spanning-tree vlan 626

Spanning tree instance(s) for vlan 626 does not exist.
0
Dear Experts, we are moving our Data Center in the next 2 months. What should we consider and take note in order to move DC smoothly?

Our environment:
- 4 x Server ESXi6.5 (HP Gen9)
- 2 x Routers Cisco 3925
- 2 x Core Switch Cisco 3750/3560
- 1 x Firewall Sophos XG
- 10 x Access Switch Cisco CE500
- 5 x WAP Cisco Meraki MR18
- 5 x Physical Server IBM x3650

Many thanks!
0
Hi All,

Have and existing cisco stack of 7 switches, all POE. The power for POE on one of the switches failed, data still works. Were replacing that switch with a new switch and just want some basics step to do so. We downgraded the new switch to match the IOS of the stack. Below is the current stack. Please let me know if there is anything else I need to be aware of when adding and removing a switch. Thanks,

Existing stack see stack properties below.
The priority of the master is 5 and all other switches are set lower
The new switch is set to 1 same as some of the existing switches, does that matter? or do I need to set the priority higher for master and assign a lower priority it for all other switches. If so, will I have to reload the stack?

Remove the switch
Power off and disconnect the stacking cables
 - commands -  no switch stack-member-number provision type. Is this step necessary?

Add new switch
Ensure IOS is same as stack
Ensure priority is lower than the master on the stack
 - command - switch stack-member-number provision type. Is this step necessary?


 1       Slave     0017.94b1.1780     1         Ready
 2       Slave     0017.94b5.c700     2         Ready
 3       Slave     0017.94b5.fa80     3         Ready
 4       Slave     0017.94b5.bd00     4         Ready
*5       Master    0017.94b5.d000     5         Ready
 7       Slave     fcfb.fbd5.ca80     1         Ready
 8       Slave     001b.2b65.0500     1         Ready
0
I have RV016 routers and the VPN on one of them is going bad.  I am looking at the RV345. I have several questions that no one can answer to my surprise.
Is the VPN compatible between the routers?
What PC client software should I use?  I have PC and MAC clients.

Thanks
0
Managing Security & Risk at the Speed of Business
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

I have two WLANs at my site.  These are controlled by a Cisco WLC.  I am able to connect to the one of the WLANS and access the internet with no problem, but with the other WLAN, I can only connect, but am unable to get to the internet.  But if the Access Point is sitting in my office, I can connect and get internet access. This seems strange to me because the AP serves both WLANs.   I have uninstalled and reinstalled my network adapters.  I can ping both WLANs, but I can only connect to one of them and get internet access.  This is happening to no one else.  I figured it had something to do with my computer, but then I got another laptop put it in my office and it did the same thing.  What could be causing this?
0
We have a Cisco ASA 5506-X (with FirePower services and a TAMC licence, but that is probably irrelevant).  We have set up an AnyConnect VPN using the wizard and can download the software remotely and connect successfully.  However, when connected we are unable to access anything on the inside of the ASA.  The requirement is to have remote access to the network labelled "Main" in the configuration below.

How can we permit this traffic so remote clients can access the Main network (192.168.10.0/23)?  Here's the redacted config:

 Serial Number: XXXXXXXXX
: Hardware:   ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
:
ASA Version 9.9(2) 
!
hostname fwXXXX
domain-name XXXXX.co.uk
enable password XXXXX
passwd XXXXX encrypted
names
ip local pool Main_VPN 192.168.99.1-192.168.99.100 mask 255.255.255.0

!
interface GigabitEthernet1/1
 nameif outside
 security-level 0
 ip address x.x.x.x 255.255.255.252 
!
interface GigabitEthernet1/2
 bridge-group 1
 nameif inside_1/2
 security-level 100
!
interface GigabitEthernet1/3
 bridge-group 1
 nameif inside_1/3
 security-level 100
!
interface GigabitEthernet1/4
 nameif inside_1/4
 security-level 0
 no ip address
!
interface GigabitEthernet1/4.21
 vlan 21
 nameif MAN
 security-level 100
 ip address 192.168.20.254 255.255.254.0 
!
interface GigabitEthernet1/5
 nameif inside_1/5
 security-level 0
 no ip address
!
interface GigabitEthernet1/5.11
 vlan 11
 nameif Main
 security-level 90
 ip address 192.168.10.254 

Open in new window

0
We have a Domain controller/DHCP server, Cisco wireless controller 2500 in our server room.

Already 2 wifi has been created using WLC wifi1 and wifi2 it has full access with out any webfilters.

I wanted to create another to Wifi_guest1 and Wifi_guest2, the users come to our office will connect this without password and with limited access of internet.

How can I create this can anyone give me steps or any suitable articles.

Thanks in advance
0
Cisco ASA  -- wildcard certificate installation.

Hi there,  after a company acquisition I need to install a new certificate for the ssl connection. The parent company gave me a wildcard certificate and told me that I just need to install it, I have only done a cert installation on a ASA once years ago and it's not really something I'm familiar with. I checked the web and Cisco published this article with the step by step, in it I need to create a CSR and give to them so they can generate the cert  (that's what I remember doing before). The IT from the new company tells me that I don't need any of that and it's just a simple installation.

Based on Cisco's documentation I need to generate a CRS that they'll use to generate the cert. The question is: is it a different process for a wildcard certificate? Would it be that they're not clear on how to do it?

Your help is always appreciated.
0
Anyone knows Aruba controllers well?   They normally pass through the same VLAN on the main switch, or the management VLAN.
Wonder why Aruba not recommending doing a direct heartbeat between Active and Passive controllers.  Using 7030 controllers at this point.
Normally I do a direct heartbeat between Cisco controllers.  But Cisco has a dedicated HA port for this.  Arubas not.  7030 controllers have 8 fiber and 8 copper ports.
 Anyone knows about it and have an advice?
0
I am trying to take backup of my ASA through tftp.

Command: ASA01/Hyb(config)# write net 172.24.50.9:/Test-561.tmp

Response: Building configuration...

                      INFO: Default tftp-server not set, using highest security interface Cryptochecksum: ******************************** !

%Error writing tftp://172.24.50.9 //Test-561.tmp;int=inside (Timed out attempting to connect) [FAILED]

 Also after executing this command,  Test-561.tmp is created in TFTP directory but with size 0

TFTP server is installed in Linux, tftp is working fine as I am able to take backup of other ASA which is in the same network.
 

Your help will be appreciated.

Thanks,
Dilraj Kumar Paswan
0

Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).