Configuring Cisco AP 1252 as a Univeral WGB
HI
I wanted to know if someone can help me with get this configured right, the problem that i'm having is a have users who need to get access to the internet but they are in a trailer out side the building. I was told to configure 2 AP's, one as a standard AP and the other as a Universal WGB. Below is how i have the devices configured.
Inside the building i have 3560-E with port gi0/6 configured as a trunk to support the AP, outside in the trailer i have a 3750 with port fa1/0/1 configured as a trunk to support the WGB. I was told by another engineer that all i had to do is configure the one that i want as the WGB and make sure they are in line of site and it should work. So i did just that and i plugged my laptop up into port 4 on the 3750 and i don't get anything.I wanted to know can this model AP be used as a WGB because i've seen things that say you shouldn't do it. And if you can use them can you tell me how to configure the one that's the Universal WGB to give out IP address to my wired PC's in the trailer.Thanks in advance and look forward to your reply
Is this what you are looking for?
Wireless Bridges Point-to-Point Link Configuration Example
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008058f53e.shtml
Similar Messages
-
How setup SPA525 vpn client?How configuration Cisco VPN server?
Hi all,
How setup SPA525 vpn?
How configuration Cisco VPN server for SPA525?
Regards
JohnHi John,
Do you want to setup the SPA525 on the UC300? If so the UC300 does not support any VPN or remote users. If you need configuration help with the UC5XX just let me know.
Thank you,
Jason Nickle -
Configuring Cisco Router for use with Syslog Server
Configuring Cisco Router for use with Syslog Server:
Does anyone know of a good doc for this?
-AshleyStart with that one: http://security-planet.de/wp-content/uploads/2008/12/logging-ios.pdf
And if you need more informations, just ask what you want to achieve.
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
Configure Cisco Mediatrace, Cisco IOS IP SLA, and Performance Monitoring
Hi all,
I am implementing Cisco Prime Collaboration to monitor the quality of the VoIP call.
I am following all the steps that I have to do to accomplish this task at this link:
http://docwiki.cisco.com/wiki/Setting_up_Devices_for_Prime_Collaboration_Assurance#Configuring_Unified_Contact_Center_Enterprise_Devices
And now I am arrived on this step:
Configure Cisco Mediatrace, Cisco IOS IP SLA, and Performance Monitoring
Not all the Cisco devices that I have on the network are "Mediatrace, IP SLA and Performance Monitoring" capabilities. The core switch is one of them.
What will happen if some devices are configured with these capabilities and some are not?
Are the data provided from Cisco Collaboration still reliable?
Thanks in advance.
LuigiI can't see a reason why the 2 features won't work together. The 2 features will work just fine with each other.
Unfortunately there is no sample config with both feature in the same document, but it will work just fine. -
Install and configure Cisco Network Analysis Module NAM-2
Hi,
Does anyone have a step-by-step document on how to install and configure Cisco NAM-2 module ?
Thanks in advance.
Regards,
LamineHi Lamine,
The official installation guides for NAM software can be found here:
http://www.cisco.com/en/US/products/sw/cscowork/ps5401/prod_installation_guides_list.html
Is this what you are looking for?
Cheers,
Shane -
Configuring Cisco Access Points 1602i Air-SAP-1602I-Z-K9
Hi everyone,
I am having touble configuring cisco access points 1602i. I have configured them and they are broadcasting SSID and clients are able to connect to them, but the only thing which is troublesome is speed. I have 100Mbps bandwidth speed but at access point I am getting speed between 17 to 25. Can anyone please tell me where I am gone wrong.
I have Juniper Srx210 configured as backbone for providing internet on fiber. Then further I have attached one POE switch (managable). From that switch I have attached 4 access points.
One more thing,two ports of Juniper is configured as Vlans, one for staff and one for students. I have attached this POE switch to Student Vlan, but haven't configured ports of POE switch as trunk. Please tell me do I have to configure ports as trunk on POE Switch. Is this the cause of slow bandwidth over access points.
I am also planning to go for Wlan Controller to manage Access points. When I contact my supplier about it, told me the following:
"You just need to convert the Access points to autonomous mode. Here are some details, there is no additional charge."
https://supportforums.cisco.com/message/3889653
http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp160918
http://www.youtube.com/watch?v=QQ_NuxdRhQ4
https://supportforums.cisco.com/docs/DOC-14960
I looked at the links but couldn't understand properly. Then I searched over the internet and found out that
"a cisco autonomous access point basically runs on its own while a lightweight access point uses a centralized device called a wireless lan controller to get its configuration. autonomous access points are managed individually, while the lightweight access points can be managed centrally. also, the switchport configurations to support both types of access points will differ. "
I didn't understand, why he suggested to go for Wlan controller and to upgrade access points to autonomous mode, when according to above finding, it says that autonomous access points runs individually.
Please advice.
I shall be thankfullHello Scott and Leo,
Thanks for all your help.
I have managed to install and configure 4 Access points and Now Access points are giving speed between 25 to 45Mbps. Still not enought but it sloving the purpose. Everyone is enjoying their face book. I will soon get the Cisco Wlan Controller as well. I dont know if there is a way to get more speed from these access points. I am ready to buy more equipments if required.
Anyway, today I need your guys expretise once again. As you know Junipr Srx 210 is configured for fiber internet to provide internet services to school. Now we are changing the building and transfering the line to new building. This time I want to use Cisco router in place of Juniper Srx210. But I need to know what model will support the current configuration for fiber. Would you please tell me what model/series router will be suitable for fiber internet and for implementing other restrictions.
I am attaching a picture of current jiniper Srx 210 for your consideration.
I shall be very thankfull to you
Sarabjit -
Configure cisco vpn connection in linux console
Hi all,
how do I configure cisco vpn_client connection in ubuntu/debian/raspbian linux console using .pcf file?
Thanks ahead.I mean, what packages should I install?
Is it possible to use only "apt-get install" or I should also use "dpkg"?
Is it possible to avoid using any guid interfaces because it is headless pc?
I'm asking because I successfully use openvpn connection in console and I hope that cisco vpn is also possible here.
Thanks for your attention and best regards! -
Hi Experts,
Before proceeding for adding AP model 1131 and 1252 into my set-up , I need to know whether any limitation of firmware or hardware for QoS configuration in wireless set-up .
I have 4400 controller and 1130 & 1250 AP models.Hi Vinod,
Since you have 4400 controllers, you can run upto WLC 7.0.x code. Refer this for more detail
http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
there is no specific limitation to 1131/1252 AP model as such, everything is WLC software dependent.
From later software 7.4.x,7.6.x,8.x, lots of improvement for QoS configuration & bandwidth control, but since your controller is old hardware, you cannot have those latest features.
here is a reference post on how QoS works in wireless environment
http://mrncciew.com/2012/11/28/understanding-wireless-qos-part-1/
HTH
Rasika
*** Pls rate all useful responses **** -
Cisco Aironet 1252 AP Poor range
Hi,
I have 6 no. 1252 access point installed in my college on different 6 floor they are configured different channels on respective AP and i have enabled 2.4 and 5 Ghz wireless setings with 5Ghz antena. but still i m not getting full range in fornt of access point distance near by 2-3 meters its showing half range in my laptop wi-fi adapter. below is the access point configuration detail.
First-Floor#show configuration
Using 2107 out of 32768 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname First-Floor
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
dot11 ssid MITSOM
authentication open
guest-mode
power inline negotiation prestandard source
username isource privilege 15 secret 5 $1$wSSH$mAOV0jfC3ozp/6XGbm9E40
username mitsom privilege 15 secret 5 $1$0AC.$51TLWg1ffjKd/NeJXDn3o1
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption key 1 size 40bit 7 87C03667BEB5 transmit-key
encryption mode wep mandatory
ssid MITSOM
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2.
m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel 2412
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
encryption key 1 size 40bit 7 318B1C92A4DC transmit-key
encryption mode wep mandatory
ssid MITSOM
no dfs band block
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6.
m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 10.1.55.11 255.255.255.0
no ip route-cache
ip default-gateway 10.1.55.254
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
end1) I am using 5 Ghz antennas.
What model of antennas are these and how many have you installed on a 1252? What about the 2.4 Ghz? Are the 5.0 Ghz antennas installed on the 5.0 Ghz radio?
I have installed access point in corridor and antenna direction towards the wall. Depending on what antennas you've installed, it's advisable to mount the AP with the Cisco logo pointing to the client. -
How to Configure Cisco ASA 5512 for multiple public IP interfaces
Hi
I have a new ASA 5512 that I would like to configure for multiple public IP support. My problem may be basic but I am an occasional router admin and don't touch this stuff enough to retain everything I have learned.
Here is my concept. We have a very basic network setup using three different ISPs that are currently running with cheap routers for internet access. We use these networks to open up access for Sales to demo different products that use a lot of bandwidth (why we have three)
I wanted to use the 5512 to consolidate the ISPs so we are using one router to manage the connections. I have installed an add on license that allows multiple outside interfaces along with a number of other features.
Outside Networks (I've changed the IPs for security purposes)
Outside1 E 0/0 : 74.55.55.210 255.255.255.240 gateway 74.55.55.222
Outside2 E 0/2: 50.241.134.220 255.255.248 gateway 50.241.134.222
Inside1 : E 0/1 192.168.255.1 255.255.248.0
Inside2 : E 0/3 172.16.255.1 255.255.248.0
My goal is to have Inside 1 route all internet traffic using Outside1 and Inside 2 to use Outside2. The problem is I can't seem to do this. I can get inside 1 to use outside 1 but Inside2 uses Outside 1 as well.
I tried adding static routes on Outside2 to have all 172.16.248.0/21 traffic use gateway 50.241.134.222 but that doesn't seem to work.
I can post my config up as needed. I am not well versed in Cisco CLI, I've been using the ASDM 7.1 app. My ASA 5512 is at 9.1.
Thanks in advance for the suggestions/helpI have been away for a while and am just getting caught up on some posts. so my apology for a delayed response.
I find the response very puzzling. It begins by proclaiming that to achieve the objective we must use Policy Based Routing. But then in the suggested configuration there is no PBR. What it gives us is two OSPF processes using one process for each of the public address ranges and with some strange distribute list which uses a route map. I am not clear what exactly it is that this should accomplish and do not see how it contributes to having one group of users use one specific ISP and the other group of users use the other ISP>
To the original poster
It seems to me that you have chosen the wrong device to implement the edge function of your network. The ASA is a good firewall and it does some routing things. But fundamentally it is not a router. And to achieve what you want were a group of users will use a specified ISP and the other group of users will use the other ISP you really need a router. You want to control outbound traffic based on the source of the traffic, and that is a classic situation where PBR is the ideal solution. But the ASA does not do PBR.
HTH
Rick -
Need help to Configure Cisco ACE 4710 Cluster Deployment
Dear Experts,
I'm newbie for Cisco ACE 4710, and still I'm in learning stage. Meanwhile I got chance at my work place to deploy a Cisco ACE 4710 cluster which should load balance the traffic between two Application Servers based on HTTP and HTTPS traffic. So I was looking for good deployment guide in Cisco SBA knowledge base then finall found this guide.
http://www.cisco.com/en/US/docs/solutions/SBA/February2013/Cisco_SBA_DC_AdvancedServer-LoadBalancingDeploymentGuide-Feb2013.pdf
This guide totally fine with my required deployment model. I have same deployment environment as this guide contains with ACE cluster that connects to two Cisco 3750X (Stack) switches. But I have some confusion places in this guide
This guide follow the "One-armed mode" as a deployment method. But when I go through it further I have noticed that they have configured server VLAN as a 10.4.49.0/24 (all servers reside in it) and Client side VIP also in same VLAN which is 10.4.49.100/24 (even NAT pool also).
My confusion is, as I have learned about Cisco ACE 4710 one-armed mode deployment method, it should has two VLAN segments, one for Client side which client request come and hit the VIP and then second one for Server side. which means besically two VLANs. So please be kind enough to go through above document then tell me where is wrong, what shoud I need to do for the best. Please this is an urgent, so need your help quickly.
Thanks....!
-Amal-Dear Kanwal,
I need quick help for you. Following are the Application LB requirements which I received from my clinet side.
Following detail required for configuring Oracle EBS Apps tier on HA:
LBR IP and Name required to configure EBS APPS Tier (i.e, ap1ebs & ap2ebs nodes)
Suggested IP and Name for LBR:
IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
ebiz.xxxx.lk [on port 80 for http protocol accessibility]
This LBR IP & name must be resolve and respond on DNS network
Server Farm detail for LBR Setup
Following detail will be use for configuring the LBR:
LBR IP and Name :
IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
ebiz.xxxx.lk [on port 80 for http protocol accessibility]
This LBR IP & name must be resolve and respond on DNS network
Server Farm Detail for LBR setup:
Server 1 (EBS App1 Node, ap1ebs):
IP : 172.25.45.19
Server Name: ap1ebs.xxxx.lk [ap1ebs hostname is an example, actual hostname will be use]
Protocol: http
Port: 8000
Server 2 (EBS App2 Node, ap2ebs):
IP : 172.25.45.20
Server Name: ap2ebs.xxxx.lk [ap2ebs hostname is an example, actual hostname will be use]
Protocol: http
Port: 8000
Since my client needs to access URL ebiz.xxxx.lk which should be resolved by IP 172.25.45.21 (virtual IP) via http (80) before they deploy the app on the two servers I just ran web service on both servers (Linux) and was trying to access http://172.25.45.21 it was working fine and gave me index.html page. Now after my client has deployed the application then when he tries to access the page http://172.25.45.21 he cannot see his main login page. But still my testing web servers are there on both servers when I type http://172.25.45.21 it will get index.html page, but not my client web login page. What can I do for this ?
Following are my latest config :
probe http Get-Method
description Check to url access /OA_HTML/OAInfo.jsp
interval 10
faildetect 2
passdetect interval 30
request method get url /OA_HTML/OAInfo.jsp
expect status 200 200
probe udp http-8000-iRDMI
description IRDMI (HTTP - 8000)
port 8000
probe http http-probe
description HTTP Probes
interval 10
faildetect 2
passdetect interval 30
passdetect count 2
request method get url /index.html
expect status 200 200
probe https https-probe
description HTTPS traffic
interval 10
faildetect 2
passdetect interval 30
passdetect count 2
ssl version all
request method get url /index.html
probe icmp icmp-probe
description ICMP PROBE FOR TO CHECK ICMP SERVICE
rserver host ebsapp1
description ebsapp1.xxxx.lk
ip address 172.25.45.19
conn-limit max 4000000 min 4000000
probe icmp-probe
probe http-probe
inservice
rserver host ebsapp2
description ebsapp2.xxxx.lk
ip address 172.25.45.20
conn-limit max 4000000 min 4000000
probe icmp-probe
probe http-probe
inservice
serverfarm host ebsppsvrfarm
description ebsapp server farm
failaction purge
predictor response app-req-to-resp samples 4
probe http-probe
probe icmp-probe
inband-health check log 5 reset 500
retcode 404 404 check log 1 reset 3
rserver ebsapp1 80
conn-limit max 4000000 min 4000000
probe icmp-probe
inservice
rserver ebsapp2 80
conn-limit max 4000000 min 4000000
probe icmp-probe
inservice
sticky http-cookie jsessionid HTTP-COOKIE
cookie insert browser-expire
replicate sticky
serverfarm ebsppsvrfarm
class-map type http loadbalance match-any default-compression-exclusion-mime-type
description DM generated classmap for default LB compression exclusion mime types.
2 match http url .*gif
3 match http url .*css
4 match http url .*js
5 match http url .*class
6 match http url .*jar
7 match http url .*cab
8 match http url .*txt
9 match http url .*ps
10 match http url .*vbs
11 match http url .*xsl
12 match http url .*xml
13 match http url .*pdf
14 match http url .*swf
15 match http url .*jpg
16 match http url .*jpeg
17 match http url .*jpe
18 match http url .*png
class-map match-all ebsapp-vip
2 match virtual-address 172.25.45.21 tcp eq www
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
policy-map type loadbalance first-match ebsapp-vip-l7slb
class default-compression-exclusion-mime-type
serverfarm ebsppsvrfarm
class class-default
compress default-method deflate
sticky-serverfarm HTTP-COOKIE
policy-map multi-match int455
class ebsapp-vip
loadbalance vip inservice
loadbalance policy ebsapp-vip-l7slb
loadbalance vip icmp-reply active
nat dynamic 1 vlan 455
interface vlan 455
ip address 172.25.45.36 255.255.255.0
peer ip address 172.25.45.35 255.255.255.0
access-group input ALL
nat-pool 1 172.25.45.22 172.25.45.22 netmask 255.255.255.0 pat
service-policy input remote_mgmt_allow_policy
service-policy input int455
no shutdown
ft interface vlan 999
ip address 10.1.1.1 255.255.255.0
peer ip address 10.1.1.2 255.255.255.0
no shutdown
ft peer 1
heartbeat interval 300
heartbeat count 10
ft-interface vlan 999
ft group 1
peer 1
no preempt
priority 110
associate-context Admin
inservice
ip route 0.0.0.0 0.0.0.0 172.25.45.1
Hope you will reply me soon
Thanks....!
-Amal- -
Need help configuring Cisco/Linksys wireless router to extend wi-fi signal to living room
My U-verse wireless gateway is in the back of our house. We live in an old 1920's home with solid wood walls. For our macbooks, we get a pretty decent signal, but my wife's iPad 2 get's poor wi-fi speeds. I bought a Cisco/Linksys WRT160N wireless N broadband router. I have a wired connection in my living room (going to a 4 port switch) then connected to my DVR. I tried hooking up the new router but ended up getting no signal on the iPad. In fact, it caused other issues. I ended up disconnecting it and re-booting my gateway. All came back fine. This wireless router replaces a similar unit that went out in after a power failure, so I know this can be done, but I forget exactly how I confiured the old one. I would like it to "extend" my signal to the living room, but I am also willing to create a new network (different SSID). Do I need to turn of DHCP? Are there any web sites that can assist me in configuring the router? I wish I didn't have to deal with this. The signal from the RG is great when you are in the back room (20+ down). But my wife gets about 3 down on her iPad in the living room. Thanks in advance.
Hi ,
I was doing some research on how this can be done. It does not appear there is an option in the Cisco router to set it up as an access point, but there are several options you can do to extend your network.
The first thing you can do is just set it up as a router behind router setup, and you will just have two separate networks. Make sure the DHCP pool does not conflict with the U-verse's gateway of 192.168.1.x.
The second thing you can do is connect the Ethernet cable to one of the LAN ports on your Cisco router instead of using the internet port. This should make it work like a smart switch.
With both setups, you want to probably change the SSID, network key, and wireless security settings to the same thing for wireless roaming abilities. That way, anyone that configures their wireless connection will be connected to both networks. Just make sure the wireless channels are not the same, and I would suggest having them at least 5 apart.
Hope this helps.
-ATTU-verseCare -
Configuring Cisco ASA for site to site VPN ( Issue with setting up local network)
OK, so our primary firewall is a checkpoint gateway. Behind that we have a cisco ASA for vpn users. I have a project at the moment where we need to connect to another company using site to site VPN through the cisco ASA, as the checkpoint gateway is unable to establish a permanent tunnel with the other companies Cisco ASA.
What would be the best practise for setting up the local network on my side? Create the network on the ASA and then use a L2 vlan to connect to the Core switch?
Setup a L3 interface on the core switch and point it towards the checkpoint gateway which would then point to the ASA?
When you have to select your local network through the site to site wizard do you have to put the inside network address of the ASA?
Our network is setup like this: Access layer switch > Core 6500 Switch > Checkpoint-Firewall > Internet
The ASA is connected to a checkpoint sub interface
Any help would be beneficial as im new to cisco ASAs
Thanks
MarkMark
If we understood more about your environment we might be able to give you better answers. My initial reaction was similar to the suggestion from Michael to use a L2 vlan. But as I think a bit more my attention is drawn to something that you mention in the original post. The ASA is there for VPN users. If the VPN users need to access your internal network then you probably already have something configured on the ASA that allows access to the internal network. Perhaps that same thing might provide access for your site to site VPN?
HTH
Rick -
Help, How to configure cisco ASA5505 to permit access to internal LAN
Hi everyone,
Once more I am stuck into another dilemma , I have configured a Cisco ASA 5505 to allow VPN access from outside to my LAN using Cisco VPN Client software. The connection is establishing properly with the ip address from my VPNPool.
From outside (on VPN connection) I can ping the interface e0/0 (outside) and the interface e0/1 (inside) of the firewall, but I cannot ping the layer 3 switch interface to which the ASA is connected ( int gi1/0/22 ip address 192.168.1.2/30 ) and I cannot ping any vlan interfaces inside my switch. Therefore, I cannot connect to any server on my internal LAN.
I hope my explaination does make sense, I am available at any time if further information is needed. Please find attached my ASA config.
Best regards,
BENMany thanks Marvin,
I have configured the router ospf the way you instructed me, I have changed the VPN Pool to a complete different class of 10.0.1.0/24, I have also configured : access-list OUTSIDE_IN_ACL permit icmp any any echo-relpy and access-group OUTSIDE_IN_ACL in interface outside. but I can only from my VPN connection ping both interfaces of the ASA and nothing else.
Please find attached my ASA and the layer 3 switch configs. And also ASA and L3 Switch ip route output.
Note this: When connected to my VPN, cmd>ip config /all it showing as follows: ip address 10.0.1.100
Subnet Mask 255.0.0.0
Def Gateway 10.0.0.1
dns server 192.168.30.3
Best regards,
BEN.
Message was edited by: Bienvenu Ngala -
How to configure Cisco ASA 5500 to work with the iPhone
We have Cisco ASA 5510 (latest firmware version), and apparently, according to Cisco website it is compatible with new iPhone 3G's IPSec client:
http://www.cisco.com/en/US/docs/security/vpnclient/cisco_vpnclient/iPhone/2.0/connectivity/guide/iphone.html
We've setup our first iPhone properly. It connects fine to the network, shows VPN connection as active. Gets a private IP address. But does not let any traffic go to the internal network. We thought it might be DNS problem, but it cannot connect to Exchange server even when using IP address instead of DNS. No luck either.
After checking ASA logs, we found that iPhone goes through Phase 1 authentication correctly. But then gives some kind of error, mentioning "Attribute 5".
Has anybody been successful configuring ASA5500 series (in particular 5510) to be used with iPhone?
I noticed that many people are having these problems.
Please do not post to this topic if you have ANY OTHER Cisco device.
Cisco specifies that iPhone is compatible only with Cisco ASA 5500 Security Appliances and PIX Firewalls. Neither Cisco IOS VPN routers nor the VPN 3000 Series Concentrators support the iPhone VPN capabilities.
Let's keep this topic only for users of ASA 5500 series and PIX Firewalls.
It would be extremely helpful for a large number of users if somebody posted a list of settings for ASA5500 or PIX firewall that DO work with iPhone 2.0
Thank you!
Oleg RWe found the solution and a bug in Cisco firmware (seems to be a bug).
First of all, thanks to our Chief Systems Architect Seb, here is a config that worked for us on a Cisco 5520 (latest firmware).
access-list iphone_splitTunnelAcl standard permit <insert ip> <insert mask>
access-list iphone_splitTunnelAcl standard permit <insert ip> <insert mask>
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set iphone esp-3des esp-sha-hmac
crypto ipsec transform-set iphone mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEMDEFAULT_CRYPTOMAP 65535 set pfs
crypto dynamic-map SYSTEMDEFAULT_CRYPTOMAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 iphone
crypto map outside_map 10 match address vpn
crypto map outside_map 10 set transform-set ESP-AES-256-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEMDEFAULT_CRYPTOMAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto isakmp nat-traversal 20
group-policy iphone internal
group-policy iphone attributes
wins-server value <insert ip> <insert ip>
dns-server value <insert ip> <insert ip>
vpn-tunnel-protocol IPSec
ipsec-udp enable
ipsec-udp-port 10000
split-tunnel-policy tunnelspecified
split-tunnel-network-list value iphone_splitTunnelAcl
default-domain value <insert domain name>
tunnel-group iphone type remote-access
tunnel-group iphone general-attributes
address-pool VPN-Pool
authentication-server-group ActiveDirectory2
default-group-policy iphone
tunnel-group iphone ipsec-attributes
pre-shared-key <insert pre-shared key>
For iPhone you have to be using IPSec tab for configuration.
We tried to set up this config using the wizards, but it would not work.
Later it turned out that wizards by default set this setting:
"crypto isakmp nat-traversal 20"
equal to zero and there is no way to change it from the GUI.
Only after we changed it (increased the value from 0 to 20) through the command line the connection started working perfectly.
Please let me know how it works out for you.
Message was edited by: Rogik
Message was edited by: Rogik
Maybe you are looking for
-
IMac Stuck on White Screen with Apple Logo
Currently own: iMac 21.5" 2009 version with Snow Leopard, 4GB Ram, 500 GB Hard drive This computer was sitting in storage of my basement for 2 years because I was out of town on business. When I came home the computer worked fine. But earlier this ev
-
How to update a template(word document) dynamically.
Hi guys, I am having an requirement to store details in a template,which is in word document dynamically and save it on the desktop. I can able to open a new word document dynamically. please give ur suggestions. Reagrds, Rajesh
-
Request for sample Functional Specification for BDC to upload PA40 or PA30
Hi Experts I need to Write a Functional specification to Guide My ABAP team member to write a BDC for uploading data in PA40. It would be great if somebody could spare me one . Thanks in advance Rajeev Chhabra <u>[email protected]</u>
-
hi, i am working in annual inventory LX15 , in that if i am giving bin range as 01aa00 to 01aa02, in the above range only three bins are there ,but system selected all the bins started with 01.(nearly 4000 bins).....i am checking with other range
-
Confusing email from iCloud Team
As a former member of Mobile Me I received a free 20GB iCloud upgrade for the year to 30th September 2013. I have resubscribed in advance with automatic renewal through iCloud section of System Preferences, which reads that I will be "charged immedia