Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi Experts,
This is a Cisco router 1941 configured for SSL VPN ANYCONNECT, users connect with anyconnect secure mobility client. I have a request to add a second SSL VPN Tunnel with a public address not in use that they have on their pool. It has to be isolated from the network.
What configuration statements Do I need to add in order to configure an isolated second SSL VPN tunnel?

Please advise
Veeam gives away 10 full conference passes
Veeam gives away 10 full conference passes

Veeam is a VMworld 2017 US & Europe Platinum Sponsor. Enter the raffle to get the full conference pass. Pass includes the admission to all general and breakout sessions, VMware Hands-On Labs, Solutions Exchange, exclusive giveaways and the great VMworld Customer Appreciation Part


I have a Cisco Air-Lap1042N-E-K90 access point but when I try to do a factory reset of this AP so I can configure it there is no option for conf t

I have followed the reset procedure and unplugged and pressed and held the mode button and the AP goes through it's startup until the LED goes to solid red,  At this point I release the mode button, The LED initially blinks green, then goes to blinking red and then continues onto blinking amber and then seems to stick in this loop after this stage I can ping the ip assigned when I connect an Ethernet cable but I still can't even login on my browser or conf t into it at CLI level either.

Is there something I'm missing here as I'm not fully conversant in cisco.?

Any help would be grateful

I have an old CallManager (4.3). it works great and no one wants to upgrade it. I have several small offices and individuals working from home offices and in order to have working phones in their locations I have to do site-site VPN's to each location.
Is there way to create some port forwarding and avoid VPN? Which ports? Any downsides?
The firewall is Cisco ASA5510 and they have Cisco 7941 and 7970 phones if that matters.
I have multiple Cisco switches, from 2960's to 3750's.  I have them all configured via SSH, and randomly, after a few weeks, I can't connect via SSH anymore into them.  I use PRTG to monitor them, and I noticed that when something happens to the certificate, that's when I can't log in anymore, so my monitoring system displays an error for the cert.  When configuring SSH, does the default cert expire after a certain amount of time or something?

Any ideas how to fix this?

I am trialling a Cisco CSR 1000v (2 nic) in Azure. I have setup VPN's to the external interfaces and these are up and running and I can ping the internal IP of the 1000v.

Office A:  (can ping and Cannot  ping )
1000v WAN interface internal IP:
1000v  LAN interface:
VM IP: (firewall Disabled and can ping and Cannot ping internal IP of office firewall)

I have set up a test VM and connected to the internal interface and I can ping the VM from the 1000v. I can't seem to ping the VM from the office. I can ping the 1000v from the office and if I run a traceroute I can see the traffic for the VM being sent to the 1000v so I know the route is setup correctly.

 Can someone tell me what I need to do to allow access. I have added both interfaces to the Crypto Map (below)

Cisco1000v#show crypto map

Crypto Map IPv4 "OfficeMAP" 102 ipsec-isakmp
        Peer = XXX.XXX.XXX.XXX
        Extended IP access list 102
            access-list 102 permit ip
            access-list 102 permit ip
        Current peer: XXX.XXX.XXX.XXX
        Security association lifetime: 4608000 kilobytes/3600 seconds
        Responder-Only (Y/N): N
        PFS (Y/N): N
        Mixed-mode : Disabled
        Transform sets={
                T1:  { XXXXXXXXXXXXX} ,
Hi All,

I have found myself to be very lacking in memory when it comes to Cisco IOS and after far too many hours of trying and reading website and documents I have decided to ask an expert!

I need help with the following setup:

Cisco 897VA router
WAN on G8:
Direct Connection to fibre Media Converter.  (no vLan tagging required)
CE of Router needs to be
Gateway or PE is, DMZ from ISP is
I have Static IP Addresses assigned by the provider pointing at ( only using 2 at the moment .225/.226.
External DNS
External Nat

LAN 2 Ports to be used G1 & G2

G1 is the port facing the main network and servers and will be the gateway for all PC's inside.
IP is to be
Internal DNS
Internal NAT

G2 is to be the Wifi. Original Setup before router replacement was on Private WIFI on vLan100 and Public WIFI was on vLan101)
Internal NAT
vLan101 had internet access only no internal access with ip of 192.168.101.x for the WIFI and external DNS
vLan100 had access to internal systems and internet with IP of for interface and for the WIFI.  The WIFI, accessed and the 2 internal DNS for internet and internal access.

Both WIFI used the router for DHCP, no DHCP for internal computers. IP Range was 192.168.{100/101}.100-125 for each

Internal network was vLan1

Access was allowed for 80/443/25/3389 …
We are provisioned Two 2960x Cisco Switches and linked up with a FlexStack Plus cables/modules. All connected devices (e.g. Windows Servers) has two UTPs connecting to the switches, one to switch A and another one to switch B. The switches are implementing Channel Group using LACP where port from Switch A and Port from Switch B are belongs to the same Channel Group for network resilience purpose. Also, we have created TWO VLAN on the switches where each VLAN span across the two switches some network device are belong to VLAN 1 and some are VLAN 2. This is a floor level implementation and we have an uplink router (Core Switch) to route packet between VLANs.

We are planning to add more devices and we are running out of switch ports. Our expansion planning are as follows:

Option 1) Add another two network switches (i.e. 2960x) to the FlexStack cluster and create additional channel groups with switch port from Switch C and Switch D. So that the new devices can connecting to the new Switch C & D while still maintaining the resilience requirement as well as able to communication with the original devices connecting to switch A & B.

Option 2) Option 1 is only feasible if we have enough room to accommodate another two switches on the same rack. If however, we need to put the new two switches on another rack with is around 10-20 meters away still connecting themselves with FlexStack Plus, we are planning to purchase a 10G SFP+ module on the switches and link up Switches A/B …
We currently have 6 HP servers connected to the san via an old fabric switch.
We are now trying to connect a new Cisco UCS server to the VNX 5500. The san has the main head unit or bus enclosure 0 and then connected to that is the Storage Processor which had the 8gB module in it of which there are currently  2 connections out of the 4 being used on SPA and SPB.
I am no trying to connect the UCS server directly to the san via the other 2 ports on the 8GB module on the san. We have setup the fabric ports on the UCS but when I connect to fiber cables from the UCS to the 8GB modules on the san, I never see the connection on the san so I cant get any storage to the UCS.
Any help with this would be great.
Dear, we found an old switch Cisco 2960 in warehouse, it still works when we plug in the power but we 'd like to make sure it will not suddenly die. So how can I check the health of that switch? Can anyone please suggest some commands to check:
- When was it used for the first time?
- How long can it be used?

We want to utilize it for a new project so please help! Many thanks!
Hello all,

I wanted to see if I could get some advice and/or recommendations for a project that I am working on.

Our internet: 2x Comcast cable 250/25 package
Switches: 2x Cisco SG200-50

Router: Peplink balance series (not bought yet)

Situation: This is for an events center. Every now and then I will need to make changes to meet the clients needs. I want to have both Comcast circuits load balance the traffic in the building. When we have events in the building that stream I want to have that traffic go through one of the Comcast circuits and nothing else. The rest of the traffic can use the other circuit. I know with the peplink router I can set it to have certain IP addresses travel out of whatever circuit I want. I think the peplink and managed switches would do what we need.
Are there better ways to go about this without going too crazy with cost. I would like everything to be able to be controlled remotely as much as possible.

 I also need a few VLANs that I can't see to get to work. I want to separate our office and servers from the rest of the building. How can I setup a VLAN so that they can all access the internet but can't pass traffic between the VLANs. On the peplink I created a new LAN with different IP addresses and it is VLAN 2. In order to get it to the switches do I set port 4 for example as trunk and tag it to VLAN 2? If I connect peplink port 4 to switch #2 port 8 - what do I do with that port? Do I also set it to trunk?  If our office ports…
Get HTML5 Certified
Get HTML5 Certified

Want to be a web developer? You'll need to know HTML. Prepare for HTML5 certification by enrolling in July's Course of the Month! It's free for Premium Members, Team Accounts, and Qualified Experts.

Before designing new network for the remote offices.
What information is critical (must know) before making a decision on design, connectivity, device models, etc, etc.  Just need to be prepared before throwing a design.  Want to make is a standard base across all remote offices.  
Appreciate all the recommendations and ideas!
we are trying to setup a sub interface in an asa5510 rev8.2(5).  This sub interface will connect to a router 2960 interface. I tried connecting the asa5510 with sub interface and a vlan  straight to the router but is not working.  My   question is do you have to have a  switch in between to connect the asa5510to the router 2960 interface.

I have configured  fire power 2110  between our router and network.  I can able to ping  router, but can't see the firepower.

 Outside Traffic<---------------->Router   <------------>  FirePower <----------------> FW <------> Switch<------------>  Server

I can't traceroute or ping Firepower from outide of  network.
Hi Experts,
I installed CME (ISR 4321 IOS version 15.5), with 40 Phones 7821, 1 IP Phone 8841, another 8851, and 2 IP Conference 8831 using SIP Protocol
all of these SIP Phones work fine, but the call transfer doesn't work, I don't know if some config missing, you find below the sh run,
thank you for your help.
CME-EHM#sh run
Building configuration...

Current configuration : 10874 bytes
! No configuration change since last restart
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
hostname CME-EHM
vrf definition Mgmt-intf
 address-family ipv4
 address-family ipv6
card type e1 0 1
no aaa new-model
subscriber templating
multilink bundle-name authenticated
isdn switch-type primary-net5
crypto pki trustpoint TP-self-signed-246793832
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-246793832
 revocation-check none
 rsakeypair TP-self-signed-246793832
crypto pki certificate chain TP-self-signed-246793832
 certificate self-signed 01
voice service voip
 allow-connections h323 to h323
 allow-connections h323 to sip
 allow-connections sip to h323
 allow-connections sip to sip
 fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
  call start slow
  bind …
I have an unmanaged Cisco/Linksys SG 100-24 switch. It has gigabit capibility.  My servers are connected to this switch at 1 GB and it's on auto detect however my PC's which are capible of gigabit are only connected a 100 mbs.  I've tried to make them 1000 full duplix but I'm only seeing 100.
I have a Cisco 12416 router has been auto reboot few times, and the final, there are some output with show version:
 SCDCN-ZXP-2 uptime is 1 hour, 6 minutes
Uptime for this control processor is 1 hour, 6 minutes
System returned to ROM by reload at 13:42:35 UTC Wed Jul 19 2017
System restarted at 05:01:47 UTC Thu Jul 20 2017
System image file is "disk0:c12kprp-p-mz.120-32.SY9a.bin"

cisco 12416/PRP (MPC7455) processor (revision 0x00) with 524288K bytes of memory.
MPC7455 CPU at 665Mhz, Rev 2.1, 256KB L2, 2048KB L3 Cache
Last reset from mbus reset

WARNING: MBUS agent in slot 27 running from ROM
Contact your technical support representative.
WARNING: Old fab-loader in slot 1; use "upgrade fabric-downloader" to update
WARNING: Old fab-loader in slot 9; use "upgrade fabric-downloader" to update
WARNING: Old fab-loader in slot 12; use "upgrade fabric-downloader" to update
WARNING: Old fab-loader in slot 13; use "upgrade fabric-downloader" to update
WARNING: Old fab-loader in slot 14; use "upgrade fabric-downloader" to update

the IOS version is :IOS (tm) GS Software (C12KPRP-P-M), Version 12.0(32)SY9a

diag slot 27:
SLOT 27 (BUSBRD  ): Bus Board(16)
  MAIN: type 63,  00-0000-00 rev A0
        Deviation: 0
        HW config: 0x00    SW key: 00-00-00
  PCA:  73-4267-06 rev A0 ver 4
        Design Release 1.0  S/N SAL1318PB5Y
  MBUS: MBUS Agent (1)  73-2146-07 rev B0 dev 0
        HW version 1.2  S/N SAL1317P33D
        Test hist: 0x00    RMA#: …
Dear All,

I would like to configure the connectivity on my home but I'm having some doubts and would like your help in order to configure the best way possible.

Modem:  TPLink (TD-W8901N)
Router: Linksys (WRT1900ACS)

Currently I have two different options to configure internet connectivity:

1- Allow the TPLink to connect using PPoE on PV2 and specify user and password on the Modem and connect the cable from the TPLink to the internet connection on the Router Linksys (WRT1900ACS), so using this way we will receive internal IP Address from the TPLink instead of the WAN IP on the Internet Connection in the Linksys router.

2- Set the TPLink as Bridge Connection and connect the cable to the Internet Port on WRT1900ACS and configure the Router to connect using the PPoE on the Linksys and just use the TPLink as bridge.

Can you help me to understand the best recommended configuration and some explanation why just to understand?

Also would like to know if there any required configuration on the TPLink like VCI or VPI or something specific to have better performanc from the ISP?

I'm currently having performance issue on the connectivity and wanted to undertand the best way to setup the connectivity.

Thanks in advance,
In RTMT you can view "Gateway Activity" and choose say MGCP PRI. But the thing that's weird is that it shows PRI channels per CUCM server. Given the description I would think that it would make out how many active calls are happening at the router/gateway not the UCM. Is there a way to get this broken out to you see activity per actual gateway?
If you are using MS Lync to make a phone call to the PSTN and there are multiple SIP trunks to the PSTN (actually these are trunks to Cisco CUCM and then on to PSTN from there) - how does Lync decide which SIP Trunk to use?
Independent Software Vendors: We Want Your Opinion
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Dear Zealots, is there any method to observe, monitor the traffic from one (or multiple) IP address (es) to a IP address?
We are using Cisco Router 3925, Switch 3560, 3750, 2960
Many thanks in advance,
Hi all,

Not quite sure where this question sits, as its not really a break/fix issue, but relates to the bigger IT security picture.

We have a large number of Cisco and Huawei equipment, as well the usual lump of window and linux based platforms, and we are struggling to get a managed security policy in place to protect and block access to these network devices when previous admins and root access holders leave.
These devices are not protected by a VPN policy, and all are local accounts

So the questions here are;

  • can cisco and huawei access be defined on a centrally managed platform or database
  • can passwords for the above be remotely bulk changed
  • is there a best practises document for this


Hi guys,

Recently came upon the requirement for DATA Center for which I don't have any knowledge.I am in R&S, IP Telephony, Structured Cabling
Can anyone tell how I can get trained in Data center design?
what is the best way to get trained in data center designing, and what are the training courses offered by CISCO, HP, DELL.

What is the difference between Layer 3 switch and Router?  It looks like we don't need router if we have layer 3 switch. Am I right?
I can not access console port switch cisco,  the port is blocked and the switch doesn't has enable remote Access (telnet or ssh). How can i Access to switch?


I am planning to setup a cisco CCNA lab, but I wanted to use it for internet connection as well, not only local network. I have WI-FI router in the main floor and I need to setup the lab in Second floor.

I have cisco 2821 router, how can I terminate internet traffic to my router without wire?  Can I get another cisco wireless router and termnate the  intertnet traffic there and do the cabling  From Wireless router to Cisco 2821 ?






Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).