Cisco wireless and Sonicwall VPN

Similar Messages

• Cisco wireless and Apple Mac woes

  Hello all,
  I've been working with Cisco wireless and WLC's for a couple of years now but the recent onslaught of Apple Mac's is giving me heart burn.  I've seen this at numerous sites now and need to throw it to eht community for guidance.
  Basically we have had a number of instances where the Macs just fall off the wifi.  Sometimes it's when they wake from sleep and other times when roaming between AP's (1131s with same SSID's).  Our standard install is WPA2 and per ap local authentication.  PC's work fine and never an issue.
  We have completed a survey with a spectrum analyser and no RF interefence is present nor errors on the radio interface.
  Questions:
  - Is there a preferred Cisco config/setup for Mac's to work reliably?  I've heard loads of rumors but nothing concrete and nor can I find anything specific.
  - Should I be setting up WDS in case there is an authenticating issue.
  - For those who are Mac gurus and happen to be reading. What Mac options we should look at?
  This has all come to a head because the clients IT company who recommended the Macs (different from us doing the network infrastructure) are insisting that the problem is Cisco incompatibility and that we should rip out the Cisco kit and install airports (what tha!!!).
  Thanks in advance for any pointers.
  For those who like a config here it is .... Vanilla stuff really
  Building configuration...
  Current configuration : 2236 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname AP4
  no logging console
  enable secret xxxxxxxxxxxxxxxxx
  no aaa new-model
  dot11 syslog
  dot11 ssid Home
     vlan 1
     authentication open
     authentication key-management wpa
     guest-mode
     mbssid guest-mode
     wpa-psk ascii xxxxxxxxxxxx
  dot11 ssid avnet
     vlan 2
     authentication open
     authentication key-management wpa
     mbssid guest-mode
     wpa-psk ascii xxxxxxxxxxxxxxxx
  username abcd password 1234
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption vlan 1 mode ciphers tkip
  encryption vlan 2 mode ciphers tkip
  ssid Home
  mbssid
  speed  basic-1.0 basic-2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
  channel 2412
  station-role root
  interface Dot11Radio0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.2
  encapsulation dot1Q 2
  no ip route-cache
  bridge-group 2
  bridge-group 2 subscriber-loop-control
  bridge-group 2 block-unknown-source
  no bridge-group 2 source-learning
  no bridge-group 2 unicast-flooding
  bridge-group 2 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  hold-queue 80 in
  interface FastEthernet0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface FastEthernet0.2
  encapsulation dot1Q 2
  no ip route-cache
  bridge-group 2
  no bridge-group 2 source-learning
  bridge-group 2 spanning-disabled
  interface BVI1
  ip address 192.168.10.54 255.255.255.0
  no ip route-cache
  ip default-gateway 192.168.10.1
  no ip http server
  no ip http secure-server
  bridge 1 route ip
  line con 0
  line vty 0 4
  login local
  end

  Yeah!! even i have come across multiple issue with MAC and Cisco.. these are the below settings which i normally do on the cisco gears and most of the times this solved the issue..
  on the IOS AP disable Aironet Extentions and set the poer local and ofdm to max
  no dot11 extension aironet
  power local cck max
  power local ofdm max
  end
  On the WLC, disable Aironet IE..
  lemme know if this answered your question..
  Regards
  Surendra
  ====
  Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

• Cisco NAC and Checkpoint VPN

  Hi,
  Wondering if anyone has ever come across a scenario where they've integrated Cisco NAC with a Checkpoint VPN solution (using Power1 5075)?
  Any ideas or collateral would be appreciated.
  Thanks
  mark

  Mark,
  If the checkpoint device can do standard radius accounting, it can work with CCA. When doing VPN SSO with CCA, it only cares about the accounting packets from the VPN head-end.
  HTH,
  Faisal

• Need help with troubleshooting VPN betwen Cisco 2911 and Dell Sonicwall 4060

  Hello all,
  I am trying to set up a VPN Tunnel between the devices mentioned above.  The tunnel appears to be established, but I've encountered some issues along the way.  I can ping from the Cisco 2911 to a server behind the Sonicwall, but I cannot ping from that server to the Cisco router unless the router is pinging the server at the same time.  What should I do to fix this problem?
  UPDATE:  The tunnel is no longer working between the two devices.  The end result I am looking for is to have a VPN tunnel between these two devices which does NAT and allows me to ping across without having to constantly ping to keep the session open.  Before the tunnel went down, I was able to ping that server behind the sonicwall using a port on the inside of the firewall as a source port for the ping, and at one point I was able to ping back to the router from the server, but was unable to ping beyond that interface.  I think the problem that I am running into has to do with the zone-based firewall configurations that are already on the router.  I don't want to mess with those configurations already in place, but I am not sure how to get this tunnel working.  I'm fairly certain I need to start from the beginning in regards to this tunnel, but I cannot figure out how to configure this the right way. 
  Thanks in advance for any help
  Michael
  Message was edited by: Michael Sotalin

  Finally the testing is successful on Sonicwall NSA 240 as well with Cisco ASA. Actually somehow Sonicwall firewall was discovering my VPN Box's Public leg (Private IP (10.10.50.10)) as well, which was behind a Live Peer IP (203.124.x.x). As per security policies it shouldnt have been discovered on the remote end. i will bring this in Cisco TAC notice.
  Logs of Sonicwall were showing ASA local ike id as "203.124.x.x" & ASA Remote ike id "10.10.50.10".
  Sonicwall sets these two parameters with PSK (local ike id & remote ike id). This is other than setting the Peer IP. i asked my client to add my ASA actual and NAT IP in these two parameters and the VPN got UP.

• Compare and Contrast :- Mobile Networks(GSM/CDMA) and CISCO Wireless-Mobility

  Hi,
  I am a CCNA certified Electronics and Communications Engineering Graduate from India.
  Nowdays the market here is up in mobile networking driven by companies like Nokia-Siemens Networks, Ericsson, etc.
  Wireless Mobile Networks are all geared up for 3G UMTS(Universal Mobile Telecommunications System) architecture.(in GSM).
  * My question is how are the above mentioned networks different from the Cisco Wireless Mobility concepts?
  * What is common in them?
  I know that these mobile networks are converting to packet-switched systems from legacy circuit ones.
  * Does cisco come in only as a backbone Routing and Switching hardware providerfor this area,
    Or does it offer a complete Unified End-to-End Solution in this domain?
  is the difference just size??

  Neal,
  I do not think that in a forum like this we will be able to provide you a full answer. I recommend that you contact your Cisco account team as they will be able to work through all of the details to your design and fill the requirements of your customer.
  A few things for you to look into and ask your account team.
  The CDMA2000 1x RTT gateway is the PDSN this gateway is very similar to the GPRS gateway
  The MWR 1900 is designed for an IPRAN network design and may or may not fall into what you have describe but your account team can help you with that
  The Cisco MAR3200 is a mobile router that is designed to route between various radio access methods such as CDMA or GSM or WLAN etc. It will also do mobile IP.
  Cisco has an extensive solution range for both the access gateways and back end services such as service selection authentication accounting and billing.
  What you are asking for can be done using Cisco products but, it is a complex network design so please contact your account team for full details.
  I am sorry I could not answer your question 100% but hope I have given you enough leads to get the design sorted
  David

• Need driver or app for ms life cam 3.0 tried to get one off the internet. cisco wireless router software said malware and virus threat. Is it safe for mac?

  need driver or app for ms life cam 3.0 tried to get one off the internet. cisco wireless router software said malware and virus threat. Is it safe for mac? is this software try to protect my pc or is it A threat to macs to.

  There are a number of extremly dubious sites which claim to offer Drivers for common Hardware, but actually are phishing for identies and credit card numbers and candidates to join a bot-net.
  Make absolutely certain you load drivers ONLY from the manufacturer's web site.

• Cisco 887 and wireless module

  Hello there
  I recently bought a cisco 887w and i'm having problem with wireless. The question is: is there any way to disable the very VERY annoying wlan-ap0 interface to boot from the main cisco IOS? Couln't find anything related with this over the internet :( I do really want to use dot11radio 0 from main router interface just like on my old cisco 877. Any help?

  Nicolas thank you for your answer,
  Yes, i did notice that c887w has a real ap inside. That's not too much flexible for me for the main reason that this is not intergrated like c877w as i thought. This has many disadvantages for me like i have to keep 2 different configurations, i have to login by typing service-module wlan-ap0 blah blah blah, two different managment IPs and so on. Dissapointed... but i'll get used to it : ) Fortunately they didn't do the same thing on fastethernet interface module..LOL! Hopefully on next IOS releases they do include an option to use dot11radio from main cisco IOS.
  I'll have my time with this now.. I'll keep searching the cisco.com for a suitable config for me. If you have any tip for wireless bridging with the main BVIs on the router interface i'd apprieciate that : )
  And for last something off topic... i noticed (not sure) that weighted early random detection (WRED.. QoS) is not supported. Is that true?
  TX!!!

• I am using an Airport Extreme for wireless and a Netgear VPN Switch for wired connections.  How do I get the two networks to connect?

  I am using an Airport Extreme for wireless and also have a Netgear VPN Switch (FV5318) for internal wired ethernet connections.  How do I get the two networks to connect to each other?

  Tesserax, I would like to keep the Airport Extreme in nplace before the Netgear FVS318 switch because I am using all of the 8 ethernet outputs distributed to 8 differerent locationsl  This way I can just use one of the LAN outputs from the Airport to feed the FVS318.  Here is what I think I am hearing you say:
  Tne reason why the wired and wireless devices are not communicating is because the FVS318G is also a DHCP server and in conflict with the AEBS.
  To remedy the situastion here is probably what I need to do in order:
  1. Change the LAN IP Address of the Netgear FVS318G to be the same subnet of the Airport Extreme.
  2. Then, disable the Netgear FVS318G as a DHCP server.
  3. Make sure the ethernet cable from the LAN port of the Airport Extreme connectis to the LAN port of the Netgear FVS318G.
  4. Restart everything.
  Can you provide me the steps I need to take to get the right IP addresses from the Airport Extreme to put into the Netgear to fix the conflict?  I have the Airport Utility.  I also have two airport express hot spots, and two Apple TVs in addition to computers attached to the 8 ethernet lines.
  Thank you.
  Steve

• Macbook wireless and Cisco base station causes kernel panics

  So my company uses Macbooks and Cisco wireless base stations. For some reason, when they use bother ethernet, and the wireless, the Macbook will kernel panic for no apparent reason. So since we have a fast wired network, I have been advising those Macbook users to turn off wireless and use the wired network. Wouldn't you know, the kernel panics go away. Is anyone aware of an issue with the wireless chipset in the Macbooks and the wireless chipsets in the Ciscos not liking to play with one another? I know it's the wireless in the Macbooks as if I use any other wireless base station from Apple or Linksys, the issue is not there. I should also mention that when people use those Macbooks on the wireless every once in a while, they get an access control list error. We do not have ACLs for our wireless. Our PowerBooks and iBooks do not exhibit any of these issues on the same network, so we know it is an issue with Intel based Macs. Any ideas?

  I'm having a similar problem at college (they use Cisco equipment). On most of the campus everything is fine, but in the area near my classes (typically), wireless causes the mac to panic.
  I asked at IT, and came back more confused (apparently, they use the same model WAPs throughout the college, so they couldn't see why one particular WAP would cause this. They guessed it was to do with the huge amount of traffic that particular WAP gets, with it being in the Computing department and all).

• I have two facetime users, both connecting to our enterprise wireless network (Cisco WCS) and they can't make a facetime connection from IPAD to IPAD.  Are there any apple protocols or other settings that need to be enabled on WCS?  No firewall involved.

  I have two facetime users, both connecting to our enterprise wireless network (Cisco WCS) and they can't make a facetime connection from IPAD to IPAD.  Are there any apple protocols or other settings that need to be enabled on WCS?  There is no firewall inbetween the two connections, as this is all on our internal network. 
  Both devices can connect to the network, but when they try to talk to each other they can't make the connection.
  Thanks.

  If anyone ever comes across this and has the same issue, here's what I did to fix it:
  My Linksys router has a Network Mode setting, and I had to change it from "Mixed" to "Wireless-G only".  (I would've used N but one of the NICs in my house is too old to support it.)  Anyway, after making this change, Facetime works fine on the phone.  Hope this helps someone else!

• VPN between cisco WRVS4400N and EdgeMarc

  Hi Experts
  Please help me.
  Is it possible to create VPN between cisco WRVS4400N and EdgeMarc appliance.
  Regards,
  Ejaz

  Hi Ejaz
  I don't expect any cisco folks that answer this community to be expert on EdgeMarc, but i may be wrong..
  We employ a open standard IPSec implementation.
  Here is the open source document that relates to the RV220W.
  http://www.cisco.com/en/US/docs/routers/csbr/rv220w/open_source/OSD_RV220W_78-19892-02.pdf
  The question  could have  been,  have you asked EsgeMarc if they wiork with open standard based IPSec implemations on our routers. 
  I would prefer you look at the RV220W if possible, which is a relatively young product.
  I am guessing since you can source a product from Disti, try one and see if it works.
  The beauty of buying from a Cisco Disti Partner, is they they have a  returns policy. Check out that policy, if you wish and  keep the packaging and try out your application.
  Answered a question with someone trying to form a IPSec link to a OEM firewall/ IPSec gateway ..it worked. so give your application a try
  regards Dave.

• WAP200E and Cisco Wireless Control System

  Hi.
  I have a customer with a linux OS machine running Cisco Wireless Controll System.
  He needs are to add a new wireless AP with the following features :
  - compatible with most laptops
  - exterior conditions "resistant" (sun, rain...)
  - reasonnable performance (the AP would be a a roof with people on the roof itself, max distance : 15 meters, no walls)
  AND
  Which product would you recommend ?
  I saw the WAP200E but I have no idea
  - if it is compatible with Cisco Wireless Control System
  - what antenna(s) to buy

  Hi Yves,
  The WAP200E is not compatible with the WCS.
  1.  How high (in relation to the client) is the AP going to be installed?
  2.  How is the AP going to be installed?  Will it be hanging down?
  3.  Do you need Cisco CleanAir?

• Windows 8 and IPSec VPN issues

  I have a number of customers that leverage the Cisco IPSec VPN. I can connect to the VPN without any problems but when I attempt to RDP, that fails. I have no RDP or ping or anything. Here are some more symptoms of the issues that I find odd:
  Anyconnect works just fine
  Fortinet VPN clients work fine
  Sonicwall VPN clients work fine
  Cisco IPSec VPN client is the only one affected
  Cisco IPSec VPN client worked fine for months then just decided it was no longer going to allow RDP or ping
  I have duplicated this issue on a half dozen or so laptops
  This is on a Windows 8 laptop but I believe I have also experienced this on Windows 7
  Just to clarify, the IPSec VPN does succesfully connect. But nothing else works after that. I do understand that AnyConnect is the direction that Cisco would like for people to move towards. Unfortunately, I have quite a few customers that are leveraging the IPSec VPN. I have been through a number of laptops in the last year and every single laptop had a working Cisco IPSec VPN for months....then one day it would just stop passing RDP.
  Please somebody tell me that there is a workaround for this. I have played with the IP settings for the Cisco Systems virtual adapter in my network and sharing center. I've modified the binding order. I've compared a routeprint from a working laptop to mine....I'm not sure what else to do. I've uninstalled ALL VPN software and only reinstalled the Cisco VPN. So far the ONLY fix I have found is a clean install of Windows and that solution sucks.

  Doing a little more homework on this and I noticed that the tunnel details show no bytes sent or recieved and no packets encrypted, decrypted, or discarded....everything is bypassed.  My coworker (who is on Windows 7) is able to launch this VPN and connect to the customer's servers without issues and the tunnel details show all of the appropriate data.

• Inline Posture deployment for non Cisco Wireless Controler

  Hi all of you
  I have to deploy an Inline Posture to manage non Cisco Wireless Controler ( ZoneDirecteur 1000 Ruckus), It seem easy but I don't know from where to start. All documentation I rode it's about Inline Posture for VPN. I want just to use this Inline Posture to manage Wireless user through ZoneDirector wirelss controler. Thank you.
  Regards
  Kouassi

  So what is the solution for this scenario?
  remote site has non-cisco autonomous wireless AP. NAC is centralized. I can not use OOB since there is no support for non-cisco AP in OOB mode. As a result I use InBand mode. This means that local wireless trffic in remote site must travel to central site, go through NAC Server and go back to remote site. Is this correct?

• Connecting through SonicWall VPN

  Has anyone managed to connect to a file server through a SonicWall VPN? The only vpn connection profiles are for Cisco routers.

  Yes, I'll go into the SonicWall tomorrow and see what I can finds out, or call thier tech support if I can't figure it out.
  Thanks for your help.