Hardware for VPN concentrator 3060E
I have to rack a VPN 3060E but I don't have the backets/ears. Does anyone know where I can purchase the brackets, Cisco resellers tell me that they can't get them from Cisco.
You may try www.dexon.com company, you can get prety much any cisco parts there, if not try a search on ebay.
Similar Messages
-
Confirm Upgrading Software for VPN 3060E Concentrator
Maybe I have the steps wrong, but my upgrade didn't work. See below to confirm my instructions to upgrade VPN 3060E concentrator
UPGRADING SOFTWARE.FOR VPN CONCENTRATOR
1. Go to Administration/Software Update/Concentrator
2. You will see the current software revision, below that you will see the current image file.
3. Enter the complete pathname of the new image or click Browse to search for the file. File must be accessible by the workstation you are using to manage the VPN Concentrator.
4. Once you have the pathname of the new image entered, click the upload button.
5. You will see the Software Update Progress window appear.
6. Continue to wait until the update progress window completes and says that update was a success or you can stop the file transfer that is progress by clicking cancel.
7. After the update, the manager returns to the Administration screen where you may see a message that a file upload is in progress. Click the highlighted link to stop it and clear the message. The manager will also verify the new software.
8. A reboot of the concentrator is needed once the update is complete.
9. To reboot the concentrator go to Administration/System Reboot. In the action field select reboot. In the Configuration field, choose to reboot without saving the active configuration. In the When to Reboot/Shutdown section, choose Now.
10. The Software Update Error Screen will appear if there was a problem with the upgrade.Hi,
Yes, you pretty much summarized what needs to be done in order to upgrade the VPN3000.
So, what is the error that you got while upgrading. Also, when you download the image from cisco.com, make sure that the file size matches.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a00800bd91f.html
Regards,
Arul -
Cisco works LMS 3.0.1 cannot archieve configuration for cisco 3000 series vpn concentrator
Hi All,
Our problem is, we have Cisco Works LMS 3.0.1. cannot archieve configuration for cisco 3000 series vpn concentrator.
Any help would be greatly appreciated.
Thanks in advance.
SamirMake sure you have filled out all of the HTTP/HTTPS credential data in DCR for these devices. RME will only use HTTPS to fetch VPN concentrator configurations.
-
RADIUS dictionary for VPN 30XX Concentrator.
Where can I find the RADIUS dictionary with the new VSA for a VPN Concentrator sw 4.1.7?
Thanks.
Andrea.Please refer to this document for procedure : http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007deec.html#41675
-
What's replaced the vpn concentrator?
Greenhorn here, I didn't sit any of this up. We have three remote sites, sister institutions, that we share an app with. We house the app. One site has a vpn concentrator setup, the other two are using a point to point leased line. They have each have a router that connects to a single router. They want to replace the leased lines with a vpn concentrator. Doing the digging I see the concentrators are EOL.
So what's used to replace the concentrator today? What's a solution today to move away from the leased lines? These are all cash poor non-profits. My guess is they'll say look on Ebay for a concentrator if the solution is too pricey.
Thanks JimSorry it took so long but here's the output from sh version.
Location 1
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.2(16a), RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Fri 18-Apr-03 19:25 by xxxxx
Image text-base: 0x8000808C, data-base: 0x80A0EE84
ROM: System Bootstrap, Version 12.2(10r)1, RELEASE SOFTWARE (fc1)
xxxxxxxxx uptime is 41 weeks, 3 days, 20 hours, 54 minutes
System returned to ROM by power-on
System image file is "flash:c2600-i-mz.122-16a.bin"
cisco 2621 (MPC860) processor (revision 0x00) with 27648K/5120K bytes of memory.
Processor board ID JAD07070EVT (2982455740)
M860 processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
Location 2
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-SY-M), Version 12.2(11)T6, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Fri 14-Feb-03 14:34 by ccai
Image text-base: 0x80008124, data-base: 0x80A94064
ROM: System Bootstrap, Version 12.2(7r)XM1, RELEASE SOFTWARE (fc1)
xxxxxxxxxxx uptime is 14 weeks, 14 hours, 22 minutes
System returned to ROM by power-on
System image file is "flash:c1700-sy-mz.122-11.T6.bin"
cisco 1721 (MPC860P) processor (revision 0x100) with 44237K/4915K bytes of memory.
Processor board ID FOC0708028N (496857573), with hardware revision 0000
MPC860P processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
1 FastEthernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
WIC T1-DSU
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
Location 3
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-SY-M), Version 12.2(11)T6, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Fri 14-Feb-03 14:34 by ccai
Image text-base: 0x80008124, data-base: 0x80A94064
ROM: System Bootstrap, Version 12.2(7r)XM1, RELEASE SOFTWARE (fc1)
Xxxxxxxxx uptime is 13 weeks, 6 days, 5 minutes
System returned to ROM by reload
System image file is "flash:c1700-sy-mz.122-11.T6.bin"
cisco 1721 (MPC860P) processor (revision 0x100) with 44237K/4915K bytes of memory.
Processor board ID FOC0707142M (1927840357), with hardware revision 0000
MPC860P processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
1 FastEthernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
WIC T1-DSU
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
Location 4
Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(3g), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 06-Nov-06 02:36 by alnguyen
ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
xxxxxxxxxx uptime is 40 weeks, 5 days, 6 hours, 22 minutes
System returned to ROM by reload at 13:34:01 UTC Thu Dec 27 2012
System image file is "flash:c2800nm-advsecurityk9-mz.124-3g.bin"
This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to [email protected].
Cisco 2811 (revision 53.50) with 249856K/12288K bytes of memory.
Processor board ID FTX1051A01V
2 FastEthernet interfaces
2 Serial interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102 -
Hi,
Trying to setup VPNc 3005 for WebVPN.
The VPNc is configured with NTP server so
the clock is fine. I installed SSL vpn
client and SecureDesktop software onto the VPNc. Create a local account and
group. When I perform https://vpnc/admin.html, I can manage the
VPNc from the external interface so the
certificate is good.
When I do http://vpnc from the same XP Service Pack 2 workstation, it attemped
to install both ssl vpn client and secure desktop onto my winXP, I have admin privilege on the XP machine, then
it tells me that the vpn concentrator
has a server certificate error. I've
attached the screen shot. Anyone know
what it is? Thanks.If you connect to a website that loads content (such as images) from a second, previously unauthenticated server, the content might not be rendered correctly. WebVPN clientless mode does not support websites that require authentication for access to content from secondary servers. When using WebVPN with NAT-T, do not set the NAT-T port to 443. We recommend using port 80 for NAT-T, as firewalls should allow this.
http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_41/configuration/guide/webvpnap.html
http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_41/quick/start/gs3mgr.html#wp1302684 -
PIX, ASA or VPN concentrator & dynamic VPN
Hi all,
I need help what to use and how to do next.
What we need is to create remote VPN for many users so that every user is member of more than one group and every group is linked to predefined set of rules, for instance you can access this IPs, ports and so on.
How to do that dynamically? Is it possible to do that with one certificate?
Other question is what to use? ..PIX, ASA, VPN concentrator ?
BR
jlThe PIX and VPNC are both end of sale products now and unless you already have them your only choice is IOS or ASA. Of those two the ASA is the Cisco preffered platform for Remote Access VPNs.
You can map users to groups using Active Directory OUs, let them select a group at logon, have different logon URLs per group etc. However as far as I know this is not possible:
"every user is member of more than one group "
Some links:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008089149d.shtml
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml
With remote access IPSEC VPNs you can either define the groups on the ASA or externally on the ACS Server.
Pls. rate if helpful.
Regards
Farrukh -
I have been trying to find a solution to the following scenario for some time but with no luck.
Is there a way I can restrict the Cisco ASA or Concentrator to only accept client connections where the used certificate key usage is Non-Repudiation (or any other keyusage)only!
I realize that this can be done on the client side using the CertmatchKU setting in the vpnclient.ini file but that does not meet my needs of enforcing this on the server side, giving the client no control over this. The client can simply change the ini file or can install the Cisco VPN client on a different workstation and will be able to authenticate using any other certificate type where the keyusage is other than Non-Repudiation. Our Security Policy requires that this certificate type be enforced for VPN connections.
Any ideas or leads will be greatly appreciated.Hello,
I have exactly the same problem, I'd like to restrict client authentications to certificates having their extended key usage set to non-repudiation.
Do you have any idea how to do this ?
Thanks for your help,
Valery. -
VPN Concentrator authentication with multiple domains
I have a hub and spoke network where a T1 comes in to the hub site A and there is a frame relay connection going over to the spoke site B. We want to add a VPN concentrator to site A for remote access but site A and site B have their own domains that are independant of one another. Can I set up the VPN Concentrator to authenticate users that belong to site A domain using site A's domain controller and authenticate users the belong to site B domain using site B's domain controller? That way we can use a single VPN concentrator and a single internet connection but keep the authentication seperate.
Thanks in advance for any help.To authenticate users that belong to site A domain using site A's domain controller you should authenticate users the belong to site A domain using site A's domain controller
-
Can I use a Cisco 2821 as a VPN Concentrator
I have a 10 Mb Fibre connection coming into a 2821 ISR that is doing NAT, etc... I have had issues in the past getting site to site VPN's working on it... The company recently purchased another 2821 with the SSLVPN module in it. I am wondering if I can set this router up strictly for VPN and remote access to offload VPN from the primary router. I want to hang the concentrator 2821off the main 2821 and I want to give the VPN Router one of my public IP's and route all VPN traffic from the main router to the VPN router.
I think this will work but I'm having a problem figuring out what the configuration would look like. If anyone can help me out, maybe point me in the right direction, it would be greatly appreciated.
Thanks in advance....IPS are subbed...
i will configure the outside interface with a public ip x.x.x.x the inside will have a 192.169.1.1 IP with a secondary IP of 172.20.1.1 There will a nat entry that says public ip vpn.vpn.vpn.vpn goes to 172.20.1.2 which will be the outside interface of the vpn router. the inside interface IP is where i am havin issues deciding how it will be able to access the regular LAN. Am I not getting it? Sorry still a little green with Cisco. -
IP Address Assignment on VPN Concentrator through AD
Is it possible to assign an IP address on a per-user basis using Active Directory as your authentication method for a group within the 3000 series VPN Concentrator?
I know this can be done with ACS/RADIUS, but I do not see any documentation on how this can be accomplished using Active Directory as your external authentication server.Sorry for the thread title it should be : "reserver" not reverse.
I have been advised to read the "admin guide"
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a008026f96c.shtml
under the heading below
Assign a Specific IP Address to a User
In order to assign a static IP address for the remote VPN user every time they connect to the VPN 3000 Series Concentrator, choose: Configuration > User Management > Users > Modify ipsecuser2 > identity.
My question i am using production box (to avoid screw up whole system), does it affect if i want to create a specific group and assign specific ip address to a user
On my PIX (VPN running paralled to the PIX, i.e it is not behind nor inforn of the PIX) what I have got these lines of configurations which are related to the VPN concentrator
nat (inside) 1 10.2.2.0 255.255.255.0 0 0,,,,,,,,ip for VPN pool as seen in figure
nat (inside) 1 172.168.1.0 255.255.255.0 0 0,,,,,,,,,not related to VPN
nat (inside) 1 192.168.0.0 255.255.0.0 0 0,,,,,,,,,not related to VPN
global (outside) 1 10.1.1.150-10.1.1.155
global (outside) 1 10.1.1.156
route inside 10.2.2.0 255.255.255.0 192.168.55.254 1,,,,,,,,,,,,,192.168.55.254, is the VPN Ethernet 1 ip address.
http://img204.imageshack.us/img204/7306/vpnpooleu1.jpg
What I am thinking to do, are below (please any comment) :
1- I want to modify the current group (see my VPN figure ) to be from range 10.2.2.1-10.2.2.9 instead of 10.2.2.1-10.2.2.10
2- Create another group called : " mobile_users "
3- Create a user called : " commuter "
4- Assign the user " commuter " to the group " mobile_user "
5- Assign ip address 10..2.2.2 to the user " commuter "
6- In the cisco site that I have posted , it syas: tick option for " User address from Authentication Server ",,,,I do not think this will apply to me ?
again since I am using production box, I have to assure that the modification above does not screw up the whole system -
Can I use ISE IPN without posture for VPN with Base license only?
I'm looking at ISE licensing, and both Base and Advanced licenses have VPN listed. I could not find any document that provides guideline for VPN implementation using ISE Base license only.
1. Can I use ISE IPN (Inline Posture Node) functionality without posture assessment with ISE Base license only? (I know it has to be ISE hardware appliance, and I know that Posture assessment requires ISE Advanced license.)
2. Do I have to use IPN for VPN deployment using ISE as the Radius server?
3. If I do not have to use IPN for VPN, can I use ISE for Authentication and Authorization in the same way as I use ACS?
Thanks,
Val RodionovVal,
There is no need to consider IPN if you are not using posturing. You can use ISE much like ACS for radius authentication for vpn users.
If posturing is down the road and your hope is to have an architecture in place and license later, then I am sure that you can use the ipn with base licensing, however I would strongle recommend working with the PDI (for partners) for help and confirmation.
Thanks,
Tarik Admani
*Please rate helpful posts* -
ACS with VPN Concentrator : IP address attribution
Hello,
I need to know if it is possible for ACS to attribute an IP address to the VPN Clients connected to a VPN Concentrator, with XAUTH, instead of the VPN Concentrator,and if yes : how can I do, what is the procedure ? With the attribute Framed IP Address ? Does it work ?
Thanks !
Patriceyes it can be done at works very well under the radius attributes uses the:
[014] Login-IP-Host
NAS Specifies
User Specifies
Other
Check other and then add the ip address that you want to assigned -
I have a vpn 3015, I want my vpn users to be authenticated and authorized to the vpn 3015 throught my Active directory (LDAP).
For Authentication server, I use Kerberos/Active Ritectory Server and it works when I test it.
but for the Authorization Server, I use LDAP server (the same server as the authentication server), with all the parameters like Login DN, Base DN, naming attributes, but when i test it it doesnt work?????why??
ThanksThe VPN Concentrator supports user authorization on an external LDAP or RADIUS server. Before you configure the VPN Concentrator to use an external server, you must configure the server with the correct VPN Concentrator authorization attributes and, from a subset of these attributes, assign specific permissions to individual users. Follow the instructions given here to configure your external server.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a008015ce27.html -
We have two 3005 concentrators that need to be replaced.
Is there anything equivilant that will allow for creation of groups, Cisco VPN client, web VPN and is reasonably priced?
What do people generally do for a plug in replacement to the 3005 VPN concentrator?What is generally done about the cost?
At the moment, the PIX firewalls are not EOL.
If I replace the firewalls, just because the 3005 is EOL, will be a large expense correct?
Also, at the moment, the firewall is passing through the traffic to the concentrator in a DMZ.
What is the alternative in the ASA appliance?
And, does the ASA allow for the creation of groups for access like the concnetrator does?
Maybe you are looking for
-
No background color edges behind image on resize
hi, I am making a slideshow background which adjusts to the width of the browser. However, whenever I resize the browser, the background color is visible for a moment along the edges. How can I get rid of this. I know that it is possible. If you look
-
Hi All, how to find the data size in particular Table? Ex:I need find out the sh.sales table how much data size is loaded Thanks,
-
What are the differences between Cartweaver CF and PHP?
I am on my final step of finishing the webpage that I am building and saw Cartweaver for a shopping cart that is compatible with dreamweaver. But I looked into the site and hey didnt give an explanation between the CF and PHP version. So I would like
-
I am planning to purchase a new computer but before I do I wanted to pose a question to the community at large. First and foremost, I have read up on all the techniques used to increase the performance of LR. I am considering purchasing a Dual 4 Co
-
Why does the download start again for the start. I only hve access to a 3G wifi connection so one tv episode had cost me about $10 I'm download costs because of several interruptions. Is there a way to change that?