Cisco

22K

Solutions

40

Articles & Videos

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

I think that TFTP Client service is enabled by default.

How can disable to TFTP Client service?

Let me know command.

Thanks & Regards
0
Free NetCrunch network monitor licenses!
LVL 4
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Dear guys, I could not configure Frame Relay Cloud when testing in Packet Tracer ver 7.0.0.0202

Did try with version 1941, 2811 Router but did not help. Seem likes I don't have the Add button in the attached picture. Can anyone suggest ideas?


Many thanks!
FR.PNG
0
Hello all, I am a novice at Cisco but I am learning... Anyway, I have a client that has a Cisco 1841 firewall. I have successfully setup the firewall so I can connect via SSH from an internal address, but I want to allow SSH via the WAN port as well. Can you tell me what I am missing? Here is a export of my config


version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RavenThreePeaks
!
boot-start-marker
boot-end-marker
!
no logging on
!
no aaa new-model
!
resource policy
!
clock timezone MST -7
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
ip inspect name THREEPEAK cuseeme
ip inspect name THREEPEAK ftp
ip inspect name THREEPEAK h323
ip inspect name THREEPEAK netshow
ip inspect name THREEPEAK rcmd
ip inspect name THREEPEAK realaudio
ip inspect name THREEPEAK rtsp
ip inspect name THREEPEAK sqlnet
ip inspect name THREEPEAK streamworks
ip inspect name THREEPEAK tftp
ip inspect name THREEPEAK tcp
ip inspect name THREEPEAK udp
ip inspect name THREEPEAK vdolive
ip inspect name THREEPEAK icmp
!
!
no ip domain lookup
ip domain name Escalante
!
!
!
crypto pki trustpoint TP-self-signed-1637450355
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1637450355
 revocation-check none
 rsakeypair TP-self-signed-1637450355
!
!
crypto pki certificate chain TP-self-signed-1637450355
 …
0
Hi there,
I setup AnyConnect and can access the local network with no problem but after that I can not access the Internet.
How can I let VPN users access Internet? Is there anyway other than split tunneling?
Please let me know.  
Thanks    

My ASA 5505 configuration:
Software Version 8.2(5)
Device Manager Version 7.5(1)
ASA.txt
0
I need a simple configuration for my network device for internet and FTP access
0
HI

we having some issue with Cisco 762 that getting restarted every 10 minutes.
Someone have any idea?
0
I have a remote site with no local tech support. The gateway is a Fortigate firewall. Recently, when trying to sign in to edit firewall rules, I have started getting a logon prompt describing level 15 access and referencing an IOS certificate that cannot be verified. Sometimes it allows the https Fortinet web page login, and sometimes it produces the logon box- obviously a Cisco device. I have tried using an IP scanner but it doesn't allow to browse that IP (Advanced IP Scanner has a dropdown that allows you to see available resources at an IP, such as web pages and FTP sites), and I have not been able to connect via SSH (The only shell option I have is within the Fortigate web administration, and I can't get the page to load reliably for obvious reasons). This site is 3/4 of the way across the country so traveling there is out of the question. I cannot just re-IP the Fortigate for two reasons: I can't get it to save changes, and I can't take down the plant's production gateway from across the country without any kind of guarantee that I'll be able to rescue the device or limit downtime. My goal is to identify the Cisco device, possibly by obtaining the serial number so I can find out who owns it and have them correct it's IP address. I'll welcome any advice as to how to get to that point... Anyone? I appreciate your help.
0
please advise
I need to be able to run the executable (installer for cisco anyconnect)
security-warning.PNG
0
Dear all, is there any mechanism to set a timer on Cisco Router and Switch?

For example: shutdown/restart an interfaces on pre-defined schedule, change the default route on schedule,...

Many thanks in advance.
0
Hello Cisco Experts,

I am learning how to setup the site to site VPN between two locations but it's NOT working for some reason (it's failed when I pinged the 172.16.1.1 from 172.16.2.X network .... I also tried to hit a web server (172.16.1.xx at port 80) and no luck ... it seems some sort of settings is missing?  I configured the site to site VPN with the ASDM wizard and it didn't give me any error message.  So I hope someone can shed some lights here for me?  Thanks in advance.

Following is configuration for ASA5505

sh run
: Saved
:
: Serial Number: xxxxxxxxxxxxx
: Hardware:   ASA5505, 1024 MB RAM, CPU Geode 500 MHz
:
ASA Version 9.2(4)
!
hostname 325RC-CASA5505
domain-name xxxxxxxxxxxxxx.com
enable password Yxxxxxxxxxxxxe encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2xxxxxxxxxxxxxxxxxxxU encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
 shutdown
!
interface Ethernet0/4
 shutdown
!
interface Ethernet0/5
 shutdown
!
interface Ethernet0/6
 shutdown
!
interface Ethernet0/7
 shutdown
!
interface Vlan1
 nameif inside
 security-level …
0
Technology Partners: We Want Your Opinion!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Hi

I followed these instructions to reset a Cisco ASA 5505 and seemed to have lost my configuration.


https://www.tunnelsup.com/how-to-do-a-password-recovery-on-a-cisco-asa-firewall/

Please tell me there is away to get it back

Help please
0
i have configured VLAN 20 in ASA -10.46.14.5
and on switch i have configured vlan -10 10.46.14.1

both they are pinging but from firewall i able to ping 8.8.8.8 server but from the switch i am not

please help me
0
Dear zealots, I am configuring Routers and Switch to mitigate DDoS attacks, following this article: http://www.infosecwriters.com/Papers/HChau_Cisco-DoS-DDoS.pdf

However, when I enter "no ip directed-broadcast" into Router and Switch's interface mode, then it cannot be displayed when I hit "show run". Do you know why? My devices' version is 12.2 (Switch 3750/3560) and 15.1 (Router 3925)

And should I apply this command on VLAN interfaces in Switches?
0
Hi All,
I passed my ICND-1 about 2 weeks ago and now preparing for my ICND-2. ICND-1 was not an easy exam and I can only imagine that ICND-2 will be even tougher, I did not do a lot of lab work for ICND-1 but  have a pretty good idea that I need to spend a good amount of time on labs, specially on OSPF and EIGRP labs. What are some of the resources you have used and what are some topics that need some extra attention, I couldn't believe that STP is such a big topic in ICND-2.
0
Need to refresh DHCP IP address reassign Needed to command
0
Good evening ladies and gents,

I am currently trying to up link a Nexus  3172TQ to an existing and live production 3850e stack.

The aim, and requirement is to have 4x 10GB ports (on one switch) on the 3850 stack to one 40GB port on the Nexus 3172TQ.

I am using a compatible QSFP-4SFP10G-CU1M cable, but not too sure if the config required on the interfaces on each switch.

I have attempted just the cable, with just trunks. I also attempted to create a port-channel with the idea of 40GB throughput to 40GB throughput.. however i only get link lights on the 3850 and nothing on the Nexus . I get a "link state" down on the Nexus, but admin interface is up.

It doesn't seem to see the cable on the nexus, and i just cant figure out why. Is there a certain config for these cables?

Thank you, please let me know if you require anymore info.
0
Odd one. We installed a Meraki MX 84 firewall in our office. We have successfully connected via VPN from at least 5 different remote locations. However, my Windows 10 machine WILL NOT connect.  We have connected a couple different Win10,Win7,Ipads, Mac books just fine. My windows 10, using exact same set up as other Win 10 machine fails to connect, giving error of "L2TP Connection attempt failed because the security layer encountered a processing error during inial  negotiations"

I started a case with Cisco, who had me do a packet capture. They confirmed that my PC was sending packets to Meraki. We checked IKE and AuthIP IPsec Keying service was set for "automatic" and running.  It was...

We added correct registry key for "AssumeUDPEncapsulationContextOnSendRule." Done...no luck

At this point, CISCO suggested I call ISP to see that my cable modem was set to enable VPN Passthrough. It is....

I then successfully added my Android tablet to connect VPN via the same wireless router/ ISP connection from my home.  that worked fine.

Set my Windows 10 box to use 8.8.8.8. DNS...still no luck

Not sure what else to check

We are using Layer 2 Tunneling Protocol with iPsec(L2TP/IPsec)

Require Encryption (disconnect if server declines)
Encryped Password (PAP)
Using a preshared key.

These setting have worked seamlessly with all others EXCEPT MINE !
Verified username and password. Verified Preshared Key.

Any suggestions ?
0
I have CISCO 871 router.I want to configure my internet on that. However I was unable to access my Router through my laptop.
I have connected my Internet cable on WAN port of cisco router and Router had 2 lights running One is OK and Another on WAN but I dont have any idea about how to access Router and its configuration file , Please help asap.

Regards,
Sudhanshu
0
Our CISCO Wireless Controler is hanging from time to time with the SYS led blinking Amber.  Is there any fix for that? Attached is the System log
WCS-LOGS.txt
0
Industry Leaders: We Want Your Opinion!
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

I have cisco 3650 and 3560G connected one to one port as trunk. Ports are gig1/1/1 to g0/1

What is the recommended etherchannel configuration from port gig1/1/1, gig 1/1/2 to g0/1, g0/2?
0
For example I have an inside host on 192.168.1.10 and I need to port forward ports 5000 to 5010 from the outside.
What are the steps please.
0
Dear Experts,

I need to configure the ASA Firewall NAT, but this command does not work, does anyone know how should I type the proper command?

global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 192.168.6.0 255.255.255.0
0
I had this question after viewing Network issues with Linux Bonding and Cisco 2960-S.

Old, question... but its talking about bonding cisco and linux sides.  I have successfully setup linux bonding (mode 4 - lacp ) with cisco switches ( 4948 ) in the past.  But what i want to do now, i dont know enough about cisco to do so.  I am a devop guy, so networking, especially cisco gear, is a little outside by knowledge base.  

Goal:
setup some kind of bonding on the cisco side that allows me to first plug a server in, boot it, install from the network, then reconfigure it into a bonding setup.... automatically.

I have a bunch of servers i am trying to automatically deploy.  i want to boot them up with nothing on them, use the ubuntu MAAS (metal as a service ) to install an OS on them, then use ansible to connect to the newly installed server to then create the interface bonds.  At that point, i would then like the cisco switch to use lacp( or some type of similarly useful bonding ).  

The issue is a chicken/egg scenario.  You have to create the port channels on the cisco and add the ports to them and set them for lacp( as far as i know, and why i am asking this ).  On the linux side, you then need to setup bonding and set the mode to 4.  Since i am doing everything automagically using MAAS and ansible ( tested and working ).  It SEEMS i cannot setup the …
0
I had this question after viewing Wifi issue with asa 5506.

How to you return from AP>. Prompt to the asa prompt (cisco asa> )?

I sessioned into the cisco 702 AP but can't get out it
0
Is is possible to use ports on an ASA5506 as switchports to plug a PC in for example.  I am replacing a Cisco 5505 at an office with this 5506,  and I'm having problems using it in the same fashion as an ASA5505. I have the ASA5506 connected to my cable modem, got my VPN's up, but am having issues using a port as a switchport for a PC.  Any suggestions?
0

Cisco

22K

Solutions

40

Articles & Videos

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).