Cisco

22K

Solutions

40

Articles & Videos

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

Can someone tell me what the CLI command is to remove a VLAN on a 2504 (AirOS) Cisco wireless controller?

Thanks
0
What is SQL Server and how does it work?
LVL 1
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

I am just trying to confirm if passing the 210-451 CLDFND - cloud foundation help in extending the ccna r&s certification  and ccna security certificate which is due to expire.
0
Getting Msg:-
boot: cannot determine first executable file name on device "flash:"
0
Hello,

until this year we using Cisco Cloud Web Security (CCWS)  more as clientless Proxy (web access control and reporting) then Web Security.  I write "clientless" as this proxy intercepting HTTP/HTTPS traffic on Cisco ASA level not bothering admins with setting up wpads and interfere with PC/servers browser configuration.

However Cisco announce End-of-Life for CCWS and say Cisco Umbrella as a replacement. Its probably better product for Web Security but it is no more Proxy (web access control and reporting) or at least not in typical way as Umbrella only route "suspected" traffic thru their proxies so other traffic. There are for example no reports on user traffic.

My question then - do you know any "clientless" Proxy replacement ? Best of course if it can cooperate with Cisco ASAs but not critical.
0
We have been asked to connect a 200Mbps fibre connection (expandable to 1Gb) to 10 independent business units in a small business park. The fibre provider will put a Cisco 1921 router on the end. They have no interest in managing the ongoing connections to the individual business units. That's down to us. Someone recommended a Cisco SG500 switch to add to this to satisfy the requirements:

1. control of bandwidth to each unit so they each get what they have asked for (and paid for) and no more
2. separate public IP assigned to each business unit (one each)
3. each unit can only access internet and not each other's networks

This is a little outside my day-to-day networking experience so rather than fumble my way forward, any pointers, issues to watch out for would be much appreciated.

Thanks,  Andy.
0
I have a remote client with an ASA 5200. They are going to get fiber, but for now are using their building's internet. The ASA config is below (edited for anonymity). It is able to ping the gateway (10.133.30.177), as well as 8.8.8.8 and other IPs. When attached to the 0/2 interface, a machine gets an IP in the 192.168.220.0/24 and can ping 192.168.220.1, but no further (not even 10.144.30.190). I've run "packet-tracer input inside icmp 192.168.220.102 8 0 8.8.8.8 detailed"

Here is my config:
    ASA Version 8.3(2)
    !
    hostname NY-ASA5200
    names
    !
    interface GigabitEthernet0/0
     shutdown
     nameif FIBER
     security-level 0
     ip address 172.16.0.1 255.255.255.0
    !
    interface GigabitEthernet0/1
     nameif INET
     security-level 0
     ip address 10.144.30.190 255.255.255.240
    !
    interface GigabitEthernet0/2
     nameif INSIDE
     security-level 100
     ip address 192.168.220.1 255.255.255.0
    !
    interface GigabitEthernet0/3
     shutdown
     no nameif
     no security-level
     no ip address
    !
    interface Management0/0
     shutdown
     no nameif
     no security-level
     no ip address
    !
    ftp mode passive
    dns server-group DefaultDNS
    object network inside-subnet
     subnet 192.168.220.0 255.255.255.0
    object network outside
     host 10.144.30.190
    access-list inside_out_acl extended permit ip any any
    access-list inside_out_acl extended permit icmp any any
    pager lines 24
    

Open in new window

0
Hello,

Is the WLC 2504 capable to support HA SSO mode?

thanks
Wilson
0
I feel like this is a simple fix but I'm kind of tearing my hair out here.

Scenario:
Client has 2 sites A & B

Site A: remote office, no AD server on site but existing ASA 5505 with anyconnect  licenses
Site B: cloud hosted servers including AD with ASA 5585 with anyconnect licenses.

The users can connect to either, depending on what resources they need and the availability of licenses, and they both authenticate with LDAP.

Site B network:
10.10.0.0/24
ldap server 10.10.0.10

LDAP auth works fine here. No worries.

Site A network:
10.10.100.0/24
ldap server 10.10.0.10

LDAP is not working. Traffic works between these 2 networks just fine, everything is up and running, all devices can see the ldap server (windows, btw) BUT the ASA cannot connect to the 10.10.0.10 server when testing.

[-2147483634] New request Session, context 0x00007fff2a7fdfe8, reqType = Authentication
[-2147483634] Fiber started
[-2147483634] Creating LDAP context with uri=ldap://10.10.0.10:389
[-2147483634] Connect to LDAP server: ldap://10.10.0.10:389, status = Failed
[-2147483634] Unable to read rootDSE. Can't contact LDAP server.
[-2147483634] Fiber exit Tx=0 bytes Rx=0 bytes, status=-2
[-2147483634] Session End

I just can't seem to figure out why? ASA ping tests and packet trackers work fine from 10.10.100.0 to 10.10.0.10 and visa versa unless I use the source ip as the inside interface ip of the ASA itself. This seems like normal behavior?

I'm more of a …
0
Hi, does anyone know any weakness of Cisco devices (router, switch, Firewall)? Is there any way/tool to assess their vulnerabilities?
0
Hi, we are preparing the rules for Zone-based Policy Firewall on Router c3925, however we need to confirm which traffic usually pass through a router, so that the rule will not block/allow any useful/bad traffic. So can we have a method to see it?

Is there a way other than: "show ip cache flow", "sh ip traffic" ?  

Many thanks in advance,
0
Microsoft Certification Exam 74-409
LVL 1
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Hello,

I need to update/upgrade end users Anyconnect SSL client. I've read that I need to download the "webdeploy.pkg" version of client and upload it to ASA.

Doing this, will end users clients update once they connect to the ASA? Also, there a 2 other versions on the ASA. Do I need to remove those versions so that it forces the clients to download the new version?

Thank you in advance.
0
Need to create a read-only accounts for users to access the ASA with ASDM.

In order to do this, I need to enable AAA authentication.  Currently I have other local accounts the ASA. Will enabling AAA authentication affect those accounts?

Thank you.
0
Hi All,

I'd like to get the config file off both these makes of cisco equipment does anyone know the proper command config to do so/

thank you for your help
0
I work in a building that rents offices, a new company coming in wants to share our internet link, we have 5 IP addresses issued by our ISP provider and I would like to issue one of those IP addresses for the new company.
We use an ASA 5505 for our network presently, how would I need to set up the other company so they can use one of the IP addresses, would I need to upgrade our ASA or is there another method?

Thank you in advance.
0
Hi, we are having Router Cisco 3925 between LAN and WAN, however it seems like the money is required for AnyConnect VPN on Cisco 3925. We found that pfSense (Free) can be deployed to serve VPN connections however we need to understand its pros and cons.
-So can anyone explain please?
-Should we deploy it or purchase license for AnyConnect?
-Do you know any free Cisco VPN solution that we can configure inside our C3925?

Our priority is:
- Compatible with current environment with minimum impacts to about 400 users
- Easy to configure and troubleshoot
- Price  

Many thanks in advance,
0
I am planning to upgrade the firmware of catalyst 2960
I checked the version I saw below

Switch#sho ver
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.0(2a)EX5, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Mon 16-Feb-15 08:16 by prod_rel_team
ROM: Bootstrap program is C2960X boot loader
BOOTLDR: C2960X Boot Loader (C2960X-HBOOT-M) Version 15.2(3r)E1, RELEASE SOFTWARE (fc1)
Switch uptime is 46 weeks, 2 days, 1 hour, 0 minutes
System returned to ROM by power-on
System restarted at 07:50:33 UTC Fri Jul 22 2016
System image file is "flash:/c2960x-universalk9-mz.150-2a.EX5/c2960x-universalk9-mz.150-2a.EX5.bin"

I downloaded below files and I have TFTP server ready to upload the files.
c2960x-universalk9-mz.152-5b.E.bin
c2960x-universalk9-tar.152-5b.E.tar

How to upgrade to 152.5?
Your help is appreciated
0
Hi All,
I have a Cisco 2600 router with 2 Ethernet and 1 serial interface, I have the fa0/0 connected directly to my internet modem(Comcast) and have the interface setup as a dhcp client to the modem. I have the fa0/1 interface connected to another cisco switch.
The fa0/1 interface is assigned a 192.168.1.1/24 ip and its also acting as a dhcp server to the internal hosts..
The Comcast modem IP is 192.168.100.1 which I had to get from Comcast.
I also have an ip route 0.0.0.0 0.0.0.0 192.168.100.1
I don't have any NAT running, not sure if I really need it or not my internal LAN is working fine, I can ping the gtwy, the clients are getting ips from the dhcp server..

I'm having the hardest time connecting to the internet, not sure what I'm missing, mind you I'm very new to the world of cisco networking so just experimenting in a lab environment and help would be greatly appreciated.

thanks..
0
I'm sure I have done something wrong here. This is such a basic config. Can you tell me why my router can communicate outside, but my PCs cannot?

!
! Last configuration change at 17:48:41 UTC Sat Jun 10 2017
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MYROUTER
!
boot-start-marker
boot-end-marker
!
enable secret 5 <obscured>
enable password <obscured>
!
no aaa new-model
!
no process cpu extended history
no process cpu autoprofile hog
memory-size iomem 20
dot11 syslog
ip source-route
no ip routing
!
!
!
!
no ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
license udi pid CISCO1841 sn FTX1104Z0BG
!
redundancy
!
!
! 
!
!
!
!
!
!
interface FastEthernet0/0
 description OUTSIDE
 ip address dhcp
 ip nat outside
 no ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/1
 description INSIDE
 ip address 172.16.254.1 255.255.255.0
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 no ip route-cache
 speed auto
 half-duplex
 no cdp enable
 no mop enabled
!
interface ATM0/0/0
 no ip address
 no ip route-cache
 shutdown
 no atm ilmi-keepalive
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 101 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 dhcp
!
access-list 101 permit ip any any
no cdp run

!
!
!
snmp-server community public RO
!
!
control-plane
!
!
line con 0
 

Open in new window

0
Hi, if my router showed this when hit "show lic", how many VPN user can we have?

Index 2 Feature: securityk9
        Period left: Life time
        License Type: Permanent
        License State: Active, In Use
        License Count: Non-Counted
        License Priority: Medium
Index 3 Feature: uck9
        Period left: 8  weeks 4  days

        License Type: Evaluation
        License State: Active, Not in Use, EULA not accepted
        License Count: Non-Counted
        License Priority: None
Index 4 Feature: datak9
        Period left: 8  weeks 4  days

        License Type: Evaluation
        License State: Active, Not in Use, EULA not accepted

What are the Index3 and Index4 licenses? If I understand correctly, I did activate the trial license of 60 days, so what will happen after this period? Do I have to pay any fee after that? And how can I stop the trial period?

Many thanks as always!
0
Free Tool: Port Scanner
LVL 9
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Here is my router's configurations (with fake public IP addresses;-)

interface GigabitEthernet0/0
 ip address 113.160.61.14 255.255.255.252

 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto

interface GigabitEthernet0/1
 ip address 101.96.10.141 255.255.255.192

 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 
interface GigabitEthernet0/2
 ip address 172.16.2.28 255.255.255.248
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto

ip nat inside source list ftth interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 113.160.61.13 100
ip route 0.0.0.0 0.0.0.0 101.96.10.129 200


ip access-list extended ftth
 permit ip 192.168.7.0 0.0.0.255 any
 permit ip 192.168.1.0 0.0.0.255 any
 permit ip 192.168.8.0 0.0.0.255 any
 permit ip 192.168.9.0 0.0.0.255 any

This is a result from "show ip int b"
Interface                            IP-Address         OK?     Method Status            Protocol
GigabitEthernet0/0         113.160.61.14    YES        NVRAM  up                    up
GigabitEthernet0/1         101.96.10.141  YES        manual up                    up
NVI0                          113.160.61.14    YES         unset  up                    up

==================================================================

So as you can see we have 2 WAN interfaces to 2 different ISPs, we change some configurations and saw …
0
Hi,

I have two Cisco routers with 3 interfaces

Fe0/0 is a /30 network for a Public IP.  All IP are used in this subnet.  None available
Fe0/1 is a /29 network  for a Public IP subnet.  All IP are used in this subnet.  None available
Fe0/2 is not used (plan is for a decicated link for HSRP)

The idea is to track the Fe0/2 link state which will be a crossover cable with the Fe0/2 of the second router for HSRP and failover to the second router in case  of a failure of the first

So the IP of Fe0/0 and Fe0/1 must use a public IP and I have none left for a Real IP and a Standby one

If a use private IPs on my Fe0/2 can I achieve this ?

Will the two interface Fe0/0 (and Fe0/1) avec the same IP in both routers ?

Any example of what kind of configuration I need ?
0
I am running the initial configuration dialog on a Cisco 891 router.

I will be using GE 0/0 to connect to my ISP.  I want to do this through DHCP.

Enter interface name used to connect to the
management network from the above interface summary: GigabitEthernet0

Configuring interface GigabitEthernet0:
  Configure IP on this interface? [yes]:
    IP address for this interface: dhcp
% Bad Internet address.
% Enter an Internet address of the form 'X.X.X.X', where each
% letter corresponds to a decimal number between 0 and 255.

    IP address for this interface:

Open in new window

How do I specify DHCP for that interface?

Thanks!
0
I have cisco 5508 lan controller and 2702i WAPs with static IP address. I want to remove static ip address and assign through cisco ios dhcp server. I'll do the following:

On cisco switch:
ip dhcp pool <pool name>
network <ip network> <netmask>
default-router <default-router IP address>
dns-server <dns server IP address>
option 43 hex <hexadecimal string>

Then go to WLC GUI and go to each AP and click "Clear all config"

On switch the ports are configured as:
switchport access vlan 111
switchport mode trunk
switchport trunk native vlan 111
switchport trunk allowed vlan 9-11, 111
spanning-tree portfast

All WAPs are in flexconnect mode.

Are these steps correct? If not, please list detailed steps. Thanks.
0
Hi Experts, is there a method to have both Load balancing and Fail-over at the same time on Cisco Router which has 2 connections to 2 different ISPs ?

As my understanding, Load balancing is Active-Active whereas Fail-over is Active-Standby, am I right?
0
On a cisco router, you can have up to three NET’s does it also apply to other vendors like Juniper routers.
So having three NET’s is it a IS-IS standard or vendor specific.
0

Cisco

22K

Solutions

40

Articles & Videos

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).