Cisco netacademy site

The problem -
I've to logg in at the academy site of cisco systems(cisco.netacad.net)
The main site works without problems but if I want to logg in and check the academy site i get a blank site.
The ending of this blank site is .jsp which is something about java I think.
I've installed the whole java lugins from the MAC OS DVD...
But it won't work...
I need this site for studying so it's very important!
May you can help me!
PS: I also tried other Browsers(Safari,Netscape,Camino) but everytime the same blank site...

This has come up before. Here's that discussion.
http://discussions.apple.com/thread.jspa?messageID=2220021&#2220021
Jim

Similar Messages

Where can I download the scripts from cisco web site

hello :
I need some IVR scripts for my AS5350 but I cannot find them on cisco web site.
anybody can tell me where and what files, thank you

Hi,
unfortunately the TCLWare pack is not available in public. It can be downloaded only through the CCO. So, you need a CCO account in order to login inside and download it.

IOS 12.4(15)XW not available from Cisco Web site

Can anyone please tell me why this version is not available from Cisco Web site as I am trying to download it to test on a cisco 2851 series router .The documnet below in page 7 & 10 describe the requirement for this version. What is the replacement version for this if that is not available?

Well, maybe I am missing something but I do not see a 12.4(15)XW release on CCO for the 2851 platform. I see references to it in documentation but I don't see actual release notes or a download link. So, where exactly did you see this particular version for this platform?
Based on the PDF provided by the OP I think he is trying to add a fax module. In the PDF it is stated a few times that you can use 12.4(15)XW or 12.4(20)T. What this basically means is that these are minimum IOS version levels that you need to use that module. You would not want to run the minimum in most cases because software defects are abundant and seem to be endless. IOS release trains are somewhat over complicated in my opinion but here is my quick take. The XW is a early deployment release. These releases are "one offs". Usually added to incorporate a new piece of hardware. Sometime after these releases come out (again, to get the product to market) the code is incorporated in a T-train (in this case, 12.4(20)T). The idea is that the T-train code is used to introduce features/hardware/etc. that will be rolled into the next main-line release (in our world that is 15.0).
Back to your issue. I can't find 12.4(15)XW but apparently p.bevilacqua has been able to find it. Maybe he would be willing to provide the link. If that doesn't pan out, I suggest that you look at releases after 12.4(20)T (including the latest service release for 12.4(20)T). They go up to 12.4(24)T. T-trains are touchy so you have to do your research and testing. I have had decent success with 12.4(20)T until recently (MGCP and T.38 fax, no joy). I have also used 12.4(24)T with OK success thus far. I know that p. bevilacqua doesn't like the 12.4T train "because its buggy". My opinion is all of this software is buggy. You have to identify the minimum release that will work with your hardware. Go to the latest minor/service release and research the bug toolkit. Oh, and always test.
OK. Down the rabbit hole I go.
HTH.
Regards,
Bill
Please remember to rate helpful posts.

Cisco ASA Site to Site VPN with routers on inside

I have been asked to setup a site to site vpn to connect two remote offices.
We have two ASA 5510's, one on each side.
I can get the two ASA's setup and setup the VPN and have everything work like it is suppose to. Traffic passing from local network to remote network.
However, I have been asked to add two secure routers to the setup. One secure router between the local network and the ASA, and the other the same on the other end, between the remote network and it's ASA
Essentially, just like this:
LAN---------------------Router-------------------------ASA----------------ISP-----------ASA-------------------------Router---------------------------LAN
192.168.1.x (inside 192.168.1.1) (inside 10.0.1.1) (inside 10.0.2.1) (inside 192.168.2.1) 192.168.2.x
(outside 10.0.1.2) (outside public ip) (outside public ip) (outside 10.0.2.2)
I don't understand how this is suppose to work. I can get each side configured so that the clients on the inside can get out to the internet.
A local client using the inside interface of the router as the gateway, the router then sends by route this traffic to the ASA's inside interface which then forwards the traffic to the default route/gateway of the ASA to the ISP gateway out to the internet.
However, when I am thinking about the VPN I don't understand how it is suppose to work. Because the LAN address get's translated to the outside address of the Router which is 10.0.0.2, so that it goes to the ASA inside address 10.0.0.1. If I were to ping an ip address of the other LAN, it shows up as coming from 10.0.0.2 which wouldn't be part of the VPN traffic, since the VPN traffic is the local addresses as it was setup with just the two ASA's. I don't see changing the VPN traffic to the 10.0.0.0 network working because the clients on the remote network have 192.168.2.x addresses. While the ASA and router can translate from 192.168.1.x to 10.0.1.2 to the internet and back will work, I don't see requesting a connection to 192.168.2.x from 192.168.1.x working).
If it matters, one router is a cisco 1841, and the other an hp 7102dl.
I don't really understand why, but they just want to have the routers used in the setup. Whether it is on the inside or outside of the ASA, it doesn't matter.
Can someone help me make sense of this please?

Hi Julio,
To set it up the way you mention would I keep the ip addresses the same or would I need to change them?
Also, in response to everyone, would setting it up using gre tunnel allow for some clients to still just go straight out to the internet as well as to the "other side" remote lan?
I appreciate everyones input very much.
In response to Jouni, yes there is a big L2 switch behind the ASA's, which under the new setup there would be a router between the L2 switch and the ASA.
This may be an important part I don't understand, but on the router, unless I nat the inside traffic to have the address of the outside interface on the router, then no traffic goes through. I just get messages from the router saying unable to determine destination route seemingly regardless of what static routes I put on the router, but maybe I am just not configuring the static routes correctly.

Automatic update for IPS on Cisco`s site

Hi all,
with Cisco Service for IPS active my IPS that run in ASA module will be able to download the signatures on Cisco`s Web site and update them alone?
thanks for your help. "Together we are even better"

But please note that even tough its 'possible', its always better to do this manually. Sometimes some signatures generate a lot of false positives and its a good idea to check here on netpro and other places for any problems others are facing before applying signature updates (in production). However most signatures only produce alerts, so its just the noise that will worry ya and 'usually' signature updates don't break anything on the network.
Regards
Farrukh

Cisco Aironet Site Survey Utility with Windows Vista

Where can I download the Cisco Site Survey utility that is supported by Vista?

I to do wonder about this. It would be grand to get an answer from someone at Cisco about this..

Wireless site survey doubts with cisco aironet site survey utility tool

Hi,
I have 1131 autonomous AP and we have project where we need to implement WLC 5500 with 1140 LAP.
Before that , we need to do site survey . we are going to use cisco aironet adapter and with the help of site survey utility tool we are planning to do site survey .
I have below doubt before starting the site survey :
1) do we need to configure the AP 1131 with existing LAN set-up of client to get connected ?
If yes , how can i shift this 1131 ap always from one location to another location and connect to respective vlan in switch ? It would be tedious job ....
because , We need to connect ( get associated ) our laptop always to 1131 ap and then roam around to get the RSSI , signal strength , SNR and throughput .... ...
to configure the AP to existing lan set-up of client , it would not be flexible to do site survey ?
without that , how can I just plug-in power to 1131 AP with standalone configuration .... and without connecting to switch ( any lan-port ) , do the site survey ?
Please suggest me .............
In short , without connecting to LAN set-up of client , how can i do the site survey ?
2) will it be worth to do site survey with cisco aironet card ( site survey utility ) ? or we should i have different site survey software for the same ?
Please share the knowledge ....

Site Surveys are important and should be done by a professional. A poor site survey can lead to a lot of problems. It would be hard to put all aspects of conducting a proper site survey in a single post. Lets cover a few of the basics.
1) If you plan to deploy 1140 model access points. Then you should use that AP in autonomous mode so you dont have to be plugged into your network
2) The AP gets powered by an exteral power source like this battery for exmaple:
http://www.tessco.com/products/displayProductInfo.do?sku=345625&WT.mc_id=google_base&sp=true
3) As far as moving the AP around you can purchase a site survey pole like this:
http://www.tessco.com/products/displayProductInfo.do?sku=392506&eventPage=1
4) As for software, I like AirMagnet Surveyor
http://www.airmagnet.com/products/survey/
But again. There is a lot to know about doing surveys...

Cisco ASA Site to Site IPSEC VPN and NAT question

Hi Folks,
I have a question regarding both Site to Site IPSEC VPN and NAT. Basically what I want to achieve is to do the following:
ASA2 is at HQ and ASA1 is a remote site. I have no problem setting up a static static Site to Site IPSEC VPN between sites. Hosts residing at 10.1.0.0/16 are able to communicate with hosts at 192.168.1.0/24, but what i want is to setup NAT with IPSEC VPN so that host at 10.1.0.0/16 will communicate with hosts at 192.168.1.0/24 with translated addresses
Just an example:
Host N2 (10.1.0.1/16) will communicate with host N1 192.168.1.5 with destination lets say 10.23.1.5 not 192.168.1.5 (Notice the last octet should be the same in this case .5)
The same translation for the rest of the communication (Host N2 pings host N3 destination ip 10.23.1.6 not 192.168.1.6. again last octet is the same)
It sounds a bit confusing for me but i have seen this type of setup before when I worked for managed service provider where we had connection to our clients (Site to Site Ipsec VPN with NAT, not sure how it was setup)
Basically we were communicating with client hosts over site to site VPN but their real addresses were hidden and we were using translated address as mentioned above 10.23.1.0/24 instead of (real) 192.168.1.0/24, last octet should be the same.
Appreciate if someone can shed some light on it.

Hi,
Ok so were going with the older NAT configuration format
To me it seems you could do the following:
Configure the ASA1 with Static Policy NAT
access-list L2LVPN-POLICYNAT permit ip 192.168.1.0 255.255.255.0 10.1.0.0 255.255.0.0
static (inside,outside) 10.23.1.0 access-list L2LVPN-POLICYNAT
Because the above is a Static Policy NAT it means that the translation will only be done when the destination network is 10.1.0.0/16
If you for example have a basic PAT configuration for inside -> outside traffic, the above NAT configuration and the actual PAT configuration wont interfere with eachother
On ASA2 side you can normally configure NAT0 / NAT Exemption for the 10.1.0.0/16 network
access-list INSIDE-NONAT remark L2LVPN NONAT
access-list INSIDE-NONAT permit ip 10.1.0.0 255.255.0.0 10.23.1.0 255.255.255.0
nat (inside) 0 access-list INSIDE-NONAT
You will have to take into consideration that your access-list defining the L2L-VPN encrypted traffic must reflect the new NAT network
ASA1: access-list L2LVPN-ENCRYPTIONDOMAIN permit ip 10.23.1.0 255.255.255.0 10.1.0.0 255.255.0.0
ASA2: access-list L2LVPN-ENCRYPTIONDOMAIN permit ip 10.1.0.0 255.255.0.0 10.23.1.0 255.255.255.0
I could test this setup tomorrow at work but let me know if it works out.
Please rate if it was helpful
- Jouni

Cisco Global Site selector Issue

Hi all ,
I have a cisco GSS-4492R-K9 in my network . Currently when I am trying to do any changes it is giving me a following error .
Couls anybody pls let me know why it is happening
GSS#copy run sta
can't create lock file /etc/mtab~12368: No space left on device (use -n flag
to override)
Jul 24 07:09:30 SYS-4-LIB_UTIL_64[12369] Unable to 'unlock' safe-state:
Read-only file system
can't create lock file /etc/mtab~12412: No space left on device (use -n flag
to override)
Jul 24 07:09:31 SYS-3-LOCKSTATE[12413] Cannot remount
/cisco/merlot/safe-state
your help is highly appreciable .
Rgds,

Most likely the storage device has become corrupted thus you see the filesystem working in read only mode.
There was a similar thread posted in the Application Networking forum about a year ago which suggested some remedies. Please see this link.
(You can also recategorize your question into that forum by using the widget that should appear in the top right of your screen.)

Cisco Global Site Selector

Hello
Looking at the datasheet for the Cisco ACE GSS 4492R GSS device, under Global Traffic Management
" The Cisco GSS 4492R can be deployed as a standalone global traffic manager that globally load balances client requests across distributed data centers using network performance metrics such as content use, round-trip time (RTT) between client and the closest data center, routing topology, and any device performance values that are available through SNMP."
The part that interrests me is the RTT between client and closest data center. Looking at the config guide and other documentation I can see how make balancing decisions based on the client DNS server and find nothing based on actual client.
So the question - Is it possible to make balancing decisions based on round-trip time (RTT) between the actual client and the closest data center.

Hi Neil,
The feature you are referring to is Network Proximity. The documentation could be a bit confusing because the "client" is relative. To you and me, the client is the person (or application) making the original DNS request. To the GSS, the client is that person's (or application's) local D-Proxy (DNS server).
When an application makes a DNS request to it's local D-Proxy, the D-Proxy will then attempt to resolve the request, but will source the request with it's own IP address, not the actual client's. Therefore, by the time the request reaches the GSS, the GSS has no information on the original "client" or application that originated the DNS request. It only knows the source IP address of the requesting D-Proxy and the domain it is requesting resolution for. So to answer your question, no, the GSS cannot make a load balancing decision based on RTT between actual "client" and data center because it does not have sufficient data to make such a decision.
In most cases, each actual client will be using a D-Proxy that is local to them, so the effect is the same as what you are asking for. But if the D-Proxy is remote to the actual client, then you could get unexpected results.
Hope this helps,
Sean

Site survey on non cisco card

We currently own several Cisco aironet cards which we do site survey's with. As a company standard our laptops were replaced with new laptops which did not include type II pcmcia slots. Is their a solution for the express 34/54 slots to work with the Cisco aironet site survey software?

I have seen PCMCIA to USB adapters but I think they need to be cutom made for each type of PCMCIA card. Does anyone know of a suitable adapter?

Site-Site VPN PIX501 and CISCO Router

Hello Experts,
I'm having a test lab at home, I configure a site-to-site vpn using Cisco PIX501 and CISCO2691 router, for the configurations i just some links on the internet because my background on VPN configuration is not too well, for the routers configuration i follow this link:
www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/867-cisco-router-site-to-site-ipsec-vpn.html
and for the pIX configuration I just use the VPN wizard of pix. Done all the confgurations but ping is unsuccessful. Hope you can help me with this, don't know what needs to be done here (Troubleshooting).
Attached here is my router's configuration, topology as well as the pix configuration. Hope you can help me w/ this. Thanks in advance.

YES! IT FINALLY WORKS NOW! Here's the updated running-config
: Saved
PIX Version 7.2(2)
hostname PIX
domain-name aida.com
enable password 2KFQnbNIdI.2KYOU encrypted
names
name 172.21.1.0 network2 description n2
interface Ethernet0
speed 100
duplex full
nameif OUTSIDE
security-level 0
ip address 1.1.1.1 255.255.255.252
interface Ethernet1
nameif INSIDE
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name aida.com
access-list TO_ENCRYPT_TRAFFIC extended permit ip 192.168.1.0 255.255.255.0 network2 255.255.255.0
access-list nonat extended permit ip 192.168.1.0 255.255.255.0 network2 255.255.255.0
pager lines 24
mtu OUTSIDE 1500
mtu INSIDE 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (OUTSIDE) 1 interface
nat (INSIDE) 0 access-list nonat
nat (INSIDE) 1 192.168.1.0 255.255.255.0
route OUTSIDE 0.0.0.0 0.0.0.0 1.1.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username mark password MwHKvxGV7kdXuSQG encrypted
http server enable
http 192.168.1.3 255.255.255.255 INSIDE
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set MYSET esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map MYMAP 10 match address TO_ENCRYPT_TRAFFIC
crypto map MYMAP 10 set peer 2.2.2.2
crypto map MYMAP 10 set transform-set MYSET
crypto map MYMAP interface OUTSIDE
crypto isakmp enable OUTSIDE
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group 2.2.2.2 type ipsec-l2l
tunnel-group 2.2.2.2 ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh timeout 5
console timeout 0
prompt hostname context
Cryptochecksum:8491323562e3f1a86ccd4334cd1d37f6
: end
ROUTER:
R9#sh run
Building configuration...
Current configuration : 3313 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R9
boot-start-marker
boot-end-marker
aaa new-model
aaa authentication login default local
aaa authorization config-commands
aaa authorization exec default local
aaa session-id common
resource policy
memory-size iomem 5
ip cef
no ip domain lookup
ip domain name aida.com
ip ssh version 2
crypto pki trustpoint TP-self-signed-998521732
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-998521732
revocation-check none
rsakeypair TP-self-signed-998521732
crypto pki certificate chain TP-self-signed-998521732
A75B9F04 E17B5692 35947CAC 0783AD36 A3894A64 FB6CE1AB 1E3069D3
A818A71C 00D968FE 3AA7463D BA3B4DE8 035033D5 0CA458F3 635005C3 FB543661
9EE305FF 63
quit
username mark privilege 15 secret 5 $1$BTWy$PNE9BFeWm1SiRa/PiO9Ak/
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address 1.1.1.1 255.255.255.252
crypto ipsec transform-set MYSET esp-3des esp-sha-hmac
crypto map MYMAP 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set MYSET
match address TO_ENCRYPT_TRAFFIC
interface FastEthernet0/0
ip address 2.2.2.2 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map MYMAP
interface FastEthernet0/1
ip address 172.21.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip route 0.0.0.0 0.0.0.0 2.2.2.1
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list NAT_IP interface FastEthernet0/0 overload
ip access-list extended NAT_IP
deny ip 172.21.1.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 172.21.1.0 0.0.0.255 any
ip access-list extended TO_ENCRYPT_TRAFFIC
permit ip 172.21.1.0 0.0.0.255 192.168.1.0 0.0.0.255
control-plane
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
transport input ssh
end

Cisco VPN Client and Mac OS 10.5.1 update

After upgrading to Leopard (10.5) my Cisco VNP client stopped working. I was able to fix that by downloading the newer VPN Client 4.9.01 (0080) from the Macupdate.com website. Now that I've updated to Mac OS 10.5.1, the VPN Client won't work again!! I went back to the Macupdate website and downloaded what looks like an even newer version - 4.9.01 (0090) - but this is labeled as a BETA and it doesn't work either. Anyone out there seen a newer version, or something that works with 10.5.1?

b166er wrote:
Aside from the fact that it's marked beta, I'm wary about the source of MacUpdate's download. They link to http://www.arrange.co.at/download/vpnclient-darwin-4.9.01.0090-universal-k9-BETA .dmg
Cisco don't ever make the client freely available. The official download is via form on the Cisco web site and you need appropriate credentials. I wouldn't risk installing from any other source.
The home page at http://www.arrange.co.at/ doesn't exactly inspire confidence.
Dude has a point... it's risky to mess with something like this from an untrusted source IMHO. Cisco is picky about who they give it out to. I have to get mine through my host provider since they are the ones that are authorized.
For what it's worth, I'm using 4.9.01 with 10.5.1 and it works well.

Unable to access/lan2lan ping from VPN Fortigate to Cisco ASA 5505

Problem : Unable to access user A to user B
User A --- router A (122, fortigate 80c) --- (Site to Site VPN between fortigate & cisco asa) --- router B (93, cisco Asa 5505{in front asa got cisco800[81] before to internet} ) --- User B
After using wizard to configure the cisco ASA site to site VPN, the site-to-site tunnel is up.
Ping is unsuccessful from user A to user B
Ping is successful from user B to user A, data is accessable
After done the packet tracer from user A to user B,
Result :
Flow-lookup
Action : allow
Info: Found no matching flow, creating a new flow
Route-lookup
Action : allow
Info : 192.168.5.203 255.255.255.255 identity
Access-list
Action : drop
Config Implicit Rule
Result - The packet is dropped
Input Interface : inside
Output Interface : NP Identify Ifc
Info: (acl-drop)flow is denied by configured rule
Below is Cisco ASA 5505's show running-config
ASA Version 8.2(1)
hostname Asite
domain-name ssms1.com
enable password ZZZZ encrypted
passwd WWWW encrypted
names
name 82 B-firewall description Singapore office firewall
name 192.168.1.0 B-inside-subnet description Singapore office internal LAN IP
name 192.168.200.0 A-inside-VLAN12 description A-inside-VLAN12 (fortinet)
name 192.168.2.0 fw-inside-subnet description A office internal LAN IP
name 122 A-forti
interface Vlan1
nameif inside
security-level 100
ip address 192.168.5.203 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 93 255.255.255.240
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name ssms1.com
object-group network obj_any
network-object 0.0.0.0 0.0.0.0
access-list inside_nat0_outbound extended permit ip any 80 255.255.255.240
access-list inside_nat0_outbound extended permit ip fw-inside-subnet 255.255.255.0 B-inside-subnet 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.5.0 255.255.255.0 A-inside-VLAN12 255.255.255.0
access-list outside_cryptomap extended permit ip fw-inside-subnet 255.255.255.0 B-inside-subnet 255.255.255.0
access-list Outside_nat-inbound extended permit ip A-inside-VLAN12 255.255.255.0 192.168.5.0 255.255.255.0
access-list Outside_nat-inbound extended permit ip host A-forti 192.168.5.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.5.0 255.255.255.0 A-inside-VLAN12 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
global (outside) 101 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 101 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 81 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http B-inside-subnet 255.255.255.0 inside
http fw-inside-subnet 255.255.255.0 inside
http 0.0.0.0 255.255.255.255 outside
http 0.0.0.0 0.0.0.0 outside
http 192.168.5.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer A-forti
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 2 match address outside_cryptomap
crypto map outside_map 2 set peer B-firewall
crypto map outside_map 2 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption aes-192
hash md5
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption aes-256
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 192.168.5.10-192.168.5.20 inside
dhcpd dns 165 165 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
username admin password XXX encrypted privilege 15
tunnel-group 122 type ipsec-l2l
tunnel-group 122 ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
class-map outside-class
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
message-length maximum client auto
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
policy-map outside-policy
description ok
class outside-class
inspect dns
inspect esmtp
inspect ftp
inspect h323 h225
inspect h323 ras
inspect icmp
inspect icmp error
inspect netbios
inspect rsh
inspect rtsp
inspect sip
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect xdmcp
service-policy global_policy global
service-policy outside-policy interface outside
prompt hostname context
Cryptochecksum: XXX
: end
Kindly need your expertise&help to solve the problem

any1 can help me ?

Cisco ASA 5505 and Airport Extreme

We have an office that uses an Airport Extreme as part of the network. The Airport Extreme uses a Cisco ASA 5505 as its gateway. The Cisco provides site to site VPN capabilities with other remote offices. We just got this configuration partially working and it works great for outbound connections.
But I have been unable to get an inbound connection to machines that are behind the Airport Extreme.
The goal is to access machines behind the Airport Extreme by way of RDP and also for use as drive and printer shares.
What do I need to do on the Airport to achieve this goal?
Thank you,
Lebby

Lebby,
I suspect it's not the AX that's the problem but the Cisco router, no doubt you have NAT enabled on that so that any inbound connection not initiated from inside just get's blocked.
You'll need to configure NAT on the Cisco first.
Regards,
Shawn

Cisco netacademy site

Similar Messages

Maybe you are looking for