MIB for tracking VPN sessions

Does anyone know the MIB I would use to track VPN user connections through an ASA 5520?

Hi,
I guess you are looking for this MIB
ftp://ftp.cisco.com/pub/mibs/v2/CISCO-REMOTE-ACCESS-MONITOR-MIB.my
Regards,
Arul
** Please rate all helpful posts **

Similar Messages

  • Tracking VPN usage

    Is there an snmp mib to track VPN usage for edge to edge or edge to host Vpn's on Asa or iOS firewalls? Down to individual tunnels?
    Sent from Cisco Technical Support iPad App

    Cheers Jolly,
    Yeah thats where I got the 0.7GB and assume that it is the tial usage from the start of the month. I am hoping that someone can know of a usage program that you can install to on every PC on your netwrok and show toal usage, install of going around every PC and checking it. it isn't a hasle but there should be something to do this!
    This won't account for other devices such as my xbox, phone, etc so thought I'd bounce a post or two on a few forums to see if anyone had a way of doing this. If I find an answer I will certainly share.
    Mac

  • VPN session established but cannot access trusted LAN segment on the ASA

    Just a roundup of my Cisco ASA configuration...
    1) Configure remote access IPSec VPN
    2) Group Policies - vpntesting
    3) AES256 SHA DH group 5
    4) Configure local user vpntesting
    5) Configure dhcp pool - 10.27.165.2 to 10.27.165.128 mask /24
    6) open access on outside interface
    7) IKE group - vpntesting
    A) Did I miss anything?
    B) For example, there is a LAN segment - 10.27.40.x/24  on the trusted leg of the Cisco ASA but I can't access it. Do I need to  create access lists to allow my VPN session to access the trust LANs?
    C) Any good guide for configuring remote access VPN using ASDM?

    I have couple of issues with my EasyVPN server and Cisco VPN Client on Win7.
    1: Sometimes, clients are connected, connection shows established but no traffic or pings can be made to corp network. I might have to do with NAT settings to except VPN traffic from being NATed.
    2: VPN Clients don't pick the same IP address from local address pool even though I specified "RECYLE" option.
    I would apprecaite if you look at my configuration and advise any mis-config or anything that needs to be corrected.
    Thank you so much.
    Configuration:
    TQI-WN-RT2911#sh run
    Building configuration...
    Current configuration : 7420 bytes
    ! Last configuration change at 14:49:13 UTC Fri Oct 12 2012 by admin
    ! NVRAM config last updated at 14:49:14 UTC Fri Oct 12 2012 by admin
    ! NVRAM config last updated at 14:49:14 UTC Fri Oct 12 2012 by admin
    version 15.1
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname TQI-WN-RT2911
    boot-start-marker
    boot-end-marker
    logging buffered 51200 warnings
    aaa new-model
    aaa authentication login default local
    aaa authorization exec default local
    aaa authorization network default local
    aaa session-id common
    no ipv6 cef
    ip source-route
    ip cef
    ip dhcp remember
    ip domain name telquestintl.com
    multilink bundle-name authenticated
    crypto pki token default removal timeout 0
    crypto pki trustpoint TP-self-signed-2562258950
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-2562258950
    revocation-check none
    rsakeypair TP-self-signed-2562258950
    crypto pki certificate chain TP-self-signed-2562258950
    certificate self-signed 01
                quit
    license udi pid CISCO2911/K9 sn ##############
    redundancy
    track 1 ip sla 1 reachability
    delay down 10 up 20
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp key ############## address 173.161.255.###
    255.255.255.240
    crypto isakmp client configuration group EASY_VPN
    key ##############
    dns 10.10.0.241 10.0.0.241
    domain domain.com
    pool EZVPN-POOL
    acl VPN+ENVYPTED_TRAFFIC
    save-password
    max-users 50
    max-logins 10
    netmask 255.255.255.0
    crypto isakmp profile EASY_VPN_IKE_PROFILE1
       match identity group EASY_VPN
       client authentication list default
       isakmp authorization list default
       client configuration address respond
       virtual-template 1
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec profile EASY_VPN_IPSec_PROFILE1
    set security-association idle-time 86400
    set transform-set ESP-3DES-SHA
    set isakmp-profile EASY_VPN_IKE_PROFILE1
    crypto map VPN_TUNNEL 10 ipsec-isakmp
    description ***TUNNEL-TO-FAIRFIELD***
    set peer 173.161.255.241
    set transform-set ESP-3DES-SHA
    match address 105
    interface Loopback1
    ip address 10.10.30.1 255.255.255.0
    interface Tunnel1
    ip address 172.16.0.2 255.255.255.0
    ip mtu 1420
    tunnel source GigabitEthernet0/0
    tunnel destination 173.161.255.241
    tunnel path-mtu-discovery
    interface Embedded-Service-Engine0/0
    no ip address
    shutdown
    interface GigabitEthernet0/0
    description Optonline  WAN secondary
    ip address 108.58.179.### 255.255.255.248 secondary
    ip address 108.58.179.### 255.255.255.248
    ip nat outside
    ip virtual-reassembly in
    duplex auto
    speed auto
    crypto map VPN_TUNNEL
    interface GigabitEthernet0/1
    description T1 WAN Link
    ip address 64.7.17.### 255.255.255.240
    ip nat outside
    ip virtual-reassembly in
    duplex auto
    speed auto
    interface GigabitEthernet0/2
    description LAN
    ip address 10.10.0.1 255.255.255.0 secondary
    ip address 10.10.0.3 255.255.255.0
    ip nat inside
    ip virtual-reassembly in
    duplex auto
    speed auto
    interface Virtual-Template1 type tunnel
    ip unnumbered Loopback1
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile EASY_VPN_IPSec_PROFILE1
    router eigrp 1
    network 10.10.0.0 0.0.0.255
    network 10.10.30.0 0.0.0.255
    network 172.16.0.0 0.0.0.255
    router odr
    router bgp 100
    bgp log-neighbor-changes
    ip local pool EZVPN-POOL 10.10.30.51 10.10.30.199 recycle delay
    65535
    ip forward-protocol nd
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source route-map OPTIMUM-ISP interface
    GigabitEthernet0/0 overload
    ip nat inside source route-map T1-ISP interface GigabitEthernet0/1
    overload
    ip nat inside source static tcp 10.10.0.243 25 108.58.179.### 25
    extendable
    ip nat inside source static tcp 10.10.0.243 80 108.58.179.### 80
    extendable
    ip nat inside source static tcp 10.10.0.243 443 108.58.179.### 443
    extendable
    ip nat inside source static tcp 10.10.0.220 3389 108.58.179.### 3389
    extendable
    ip nat inside source static tcp 10.10.0.17 12000 108.58.179.###
    12000 extendable
    ip nat inside source static tcp 10.10.0.16 80 108.58.179.### 80
    extendable
    ip nat inside source static tcp 10.10.0.16 443 108.58.179.### 443
    extendable
    ip nat inside source static tcp 10.10.0.16 3389 108.58.179.### 3389
    extendable
    ip route 0.0.0.0 0.0.0.0 108.58.179.### track 1
    ip route 0.0.0.0 0.0.0.0 64.7.17.97 ##
    ip access-list extended VPN+ENVYPTED_TRAFFIC
    permit ip 10.10.0.0 0.0.0.255 any
    permit ip 10.0.0.0 0.0.0.255 any
    permit ip 10.10.30.0 0.0.0.255 any
    ip sla 1
    icmp-echo 108.58.179.### source-interface GigabitEthernet0/0
    threshold 100
    timeout 200
    frequency 3
    ip sla schedule 1 life forever start-time now
    access-list 1 permit 10.10.0.0 0.0.0.255
    access-list 2 permit 10.10.0.0 0.0.0.255
    access-list 100 permit ip 10.10.0.0 0.0.0.255 any
    access-list 105 remark ***GRE-TRAFFIC TO FAIRFIELD***
    access-list 105 permit gre host 108.58.179.### host 173.161.255.###
    route-map T1-ISP permit 10
    match ip address 100
    match interface GigabitEthernet0/1
    route-map OPTIMUM-ISP permit 10
    match ip address 100
    match interface GigabitEthernet0/0
    control-plane
    line con 0
    line aux 0
    line 2
    no activation-character
    no exec
    transport preferred none
    transport input all
    transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
    stopbits 1
    line vty 0 4
    privilege level 15
    transport input telnet ssh
    line vty 5 15
    privilege level 15
    transport input telnet ssh
    scheduler allocate 20000 1000
    end
    TQI-WN-RT2911#

  • ASA 5505 site-to-site VPN tunnel and client VPN sessions

    Hello all
    I have several years of general networking experience, but I have not yet had to set up an ASA from the ground up, so please bear with me.
    I have a client who needs to establish a VPN tunnel from his satellite office (Site A) to his corporate office (Site Z).  His satellite office will have a single PC sitting behind the ASA.  In addition, he needs to be able to VPN from his home (Site H) to Site A to access his PC.
    The first question I have is about the ASA 5505 and the various licensing options.  I want to ensure that an ASA5505-BUN-K9 will be able to establish the site-to-site tunnel as well as allow him to use either the IPsec or SSL VPN client to connect from Site H to Site A.  Would someone please confirm or deny that for me?
    Secondly, I would like to verify that no special routing or configuration would need to take place in order to allow traffic not destined for Site Z (i.e., general web browsing or other traffic to any resource that is not part of the Site Z network) to go out his outside interface without specifically traversing the VPN tunnel (split tunneling?)
    Finally, if the client were to establish a VPN session from Site H to Site A, would that allow for him to connect directly into resources at Site Z without any special firewall security rules?  Since the VPN session would come in on the outside interface, and the tunnel back to Site Z goes out on the same interface, would this constitute a split horizon scenario that would call for a more complex config, or will the ASA handle that automatically without issue?
    I don't yet have the equipment in-hand, so I can't provide any sample configs for you to look over, but I will certainly do so once I've got it.
    Thanks in advance for any assistance provided!

    First question:
    Yes, 5505 will be able to establish site-to-site tunnel, and he can use IPSec vpn client, and SSL VPN (it comes with 2 default SSL VPN license).
    Second question:
    Yes, you are right. No special routing is required. All you need to configure is site-to-site VPN between Site A and Site Z LAN, and the internet traffic will be routed via Site A internet. Assuming you have all the NAT statement configured for that.
    Last question:
    This needs to be configured, it wouldn't automatically allow access to Site Z when he VPNs in to Site A.
    Here is what needs to be configured:
    1) Split tunnel ACL for VPN Client should include both Site Z and Site A LAN subnets.
    2) On site A configures: same-security-traffic permit intra-interface
    3) Crypto ACL for the site-to-site tunnel between Site Z and Site A needs to include the VPN Client pool subnet as follows:
    On Site Z:
    access-list permit ip
    On Site A:
    access-list permit ip
    4) NAT exemption on site Z needs to include vpn client pool subnet as well.
    Hope that helps.
    Message was edited by: Jennifer Halim

  • AnyConnect for Cisco VPN Phone demo license

    I want to test VPN Phone in the ASA5520,but "show ver" find the "AnyConnect for Cisco VPN Phone : Disabled", www.cisco.com/go/license i didn't find register AnyConnect for Cisco VPN Phone demo license, how to apply for the demo license??
    Licensed features for this platform:
    Maximum Physical Interfaces    : Unlimited
    Maximum VLANs                  : 150
    Inside Hosts                   : Unlimited
    Failover                       : Active/Active
    VPN-DES                        : Enabled
    VPN-3DES-AES                   : Enabled
    Security Contexts              : 2
    GTP/GPRS                       : Disabled
    SSL VPN Peers                  : 2
    Total VPN Peers                : 750
    Shared License                 : Disabled
    AnyConnect for Mobile          : Disabled
    AnyConnect for Cisco VPN Phone : Disabled
    AnyConnect Essentials          : Disabled
    Advanced Endpoint Assessment   : Disabled
    UC Phone Proxy Sessions        : 2
    Total UC Proxy Sessions        : 2
    Botnet Traffic Filter          : Disabled
    This platform has an ASA 5520 VPN Plus license.

    Hi there,
    Did you try
    https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=717
    Cheers!
    Rob
    "Why not help one another on the way" - Bob Marley

  • VPN session remains up but can no longer get to internal devices

    Our remote users in Germany are provided with a mixture of Vodafone 3G Mobile Connect Cards (PCMCIA) and "USB sticks" for cellular broadband access. Installed on their laptops is Vodafone's Mobile Connect Client & Cisco VPN client version 5.
    To connect, they first connect to Vodafone's "VPN access point" -- Vodafone's VPN only service offering. Once connected, they VPN into the network with the Cisco client. All users connect to a Cisco 3020 Concentrator.
    Users are able to access network resources, however, they lose connectivity after 5-10min. What's unusual is, it doesn't look like the VPN session drops since the padlock in the right hand corner remains locked; they just can't access network resources.
    To troubleshoot...
    a) We had a user establish a VPN session then immediately start a continuous ping to an internal device's IP address. The connection stayed up for 20min before requests started timing out.
    b) We enabled "IPSec over TCP" on the client and Concentrator side, no change.
    What could possibly be causing this behavior?

    Does Vodafone use Venturi Transport Protocol clients for Windows like Verizon's does with their EvDO cards? If so, we had to turn off and eventually uninstall the Venturi client software because it detrimentally interfered with IPsec traffic.
    -Gary

  • CSM disconnects VPN sessions upon config deployment.

    CSM version 4.3 SP1
    Hi,
    I've noticed that while deploying configuration to our ASA5520 devices active VPN sessions are being disconnected.
    Has anyone noticed the same ?
    I've not found anything related in Cisco Forum.
    I also have not found anything related at Cisco BugToolkit.
    Thanks for help.
    Krzysztof

    and from asa device perspective (debug log):
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    and lots more

  • How to keep track of sessions ?

    Hi,
    Recently at an interview I was asked that how do you keep track of n number of user sessions in JSP ?
    Can somebody help me with the answer that I should have given ?
    Thanks.

    You would have to extend the session handling system using the various listeners for Session events. Check out the package javax.servlet.http.
    SessionListener: responds to sessionCreated/sessionDestroyed - so you can keep track of sessions as they come/go.
    You then also keep in memory (either a singleton, or in application scope) a permanent map of all the sessions. That way you knoe exactly how many sessions there are, and can get at the data for any or all of them.
    (Note this is a potential security risk, which is why the functionality was removed from the servlet framework)
    Another approach would be to use a SessionBindingListener, on a user object. This listener fires events when the object is bound/removed from a session
    Assuming it is an Intranet, where a user logs in, and after login, a "User" object is placed into session. This will let the user object fire an event whenever it is bound - ie when you log in. Thus you can keep track of who is logged in, and if they are logged in multiple times.
    Hope this helps some,
    evnafets

  • Certificate authentication for Cisco VPN client

    I am trying to configure the cisco VPN client for certificate authentication on my ASA 5512-X. I have it setup currently for group authentication with shared pass. This works fine. But in order for you to pass pci compliance you cannot allow aggresive mode for ikev1. the only way to disable aggresive mode (and use main mode) is to use certificate authentication for the vpn client. I know that some one out there must being doing this already. I am goign round and round with this. I am missing some thing.
    I have tried as I might and all I can get are some cryptic error messages from the client and nothing on the firewall. IE failed to genterate signature, invalid remote signature id. I have tried using different signatures (one built on ASA and bought from Godaddy, and one built from Windows CA, and one self signed).
    Can some one provide the instructions on seting this up (asdm or cli). Can this even be done? I would love to just use the AnyConnect client but I believe you need licensing for that since our system states only 2 allowed. Thank you for your help.                    

    Dear Doug ,
              What is asa code your are running on ASA hardware , for cisco anyconnect you need have Code 8.0 on your hardware with cisco anyconnect essential license enabled .Paste your me show version i will help you whether you need to procure license for your hardware . By default your hardware will be shipped with any connect essential license when you have order your hardware with asa code above 8.0 .
    With Any connect essential you are allowed to use upto total VPN peers allowed based on your hardware
    1)  What is the AnyConnect Essentials License?
    The Anyconnect Essentials is a license that allows you to connect up to your 'Total VPN Peers"  platform limit with AnyConnect.  Without an AnyConnect Essentials license, you are limited to the 'SSLVPN Peers' limit on your device.  With the Anyconnect Essentials License, you can only use Anyconnect for SSL - other features such as CSD (Cisco Secure Desktop) and using the SSLVPN portal page for anything other than launching AnyConnect are restricted.
    You can see your limits for the various licensing by issuing the 'show version' command on your ASA.
    Licensed features for this platform:
    Maximum Physical Interfaces    : Unlimited
    Maximum VLANs                  : 150      
    Inside Hosts                   : Unlimited
    Failover                       : Active/Active
    VPN-DES                        : Enabled  
    VPN-3DES-AES                   : Enabled  
    Security Contexts              : 2        
    GTP/GPRS                       : Disabled 
    SSL VPN Peers                  : 2        
    Total VPN Peers                : 750      
    Shared License                 : Disabled
    AnyConnect for Mobile          : Disabled 
    AnyConnect for Cisco VPN Phone : Disabled 
    AnyConnect Essentials          : Disabled 
    Advanced Endpoint Assessment   : Disabled 
    UC Phone Proxy Sessions        : 2        
    Total UC Proxy Sessions        : 2        
    Botnet Traffic Filter          : Disabled
    Licensed features for this platform:
    Maximum Physical Interfaces    : Unlimited
    Maximum VLANs                  : 150      
    Inside Hosts                   : Unlimited
    Failover                       : Active/Active
    VPN-DES                        : Enabled  
    VPN-3DES-AES                   : Enabled  
    Security Contexts              : 2        
    GTP/GPRS                       : Disabled 
    SSL VPN Peers                  : 2        
    Total VPN Peers                : 750      
    Shared License                 : Disabled
    AnyConnect for Mobile          : Disabled 
    AnyConnect for Cisco VPN Phone : Disabled 
    AnyConnect Essentials          :  Enabled
    Advanced Endpoint Assessment   : Disabled 
    UC Phone Proxy Sessions        : 2        
    Total UC Proxy Sessions        : 2        
    Botnet Traffic Filter          : Disabled
    Any connect VPN Configuration .
    http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

  • Custom firmware for WRVS4400N with VPN NAT-T patch for Quick - VPN access

    Dear all,
    based on the LINKSYS sources of the 1.1.03 firmware I made a new custom firmware 
    1.1.07.C.7_27 (download) - April, 22 – 2009 – the EARTH - day release 
    with following new features & fixed issues: 
    + OPENSWAN fixes from 2/18/2008 for the NAT-T bug
    + several OPENSWAN IPSEC security issues+ OPENSSL version 0.98g
    + IPv6 improvements, RADVD 1.1.1
    + improved performance of the MINI-HTTPD daemon for web based access - no timeout anymore
    + speed and stability improvement for WLAN 
    + bug fix in OPENSWAN for Windows Vista VPN NAT-T problems
    + SIXXS tunnel daemon AICCU for smooth IPV6 - setup via serial terminal only
    + fixed several memory leaks in OPENSWAN + OPENSSL + IPTABLES
    + fixed wrong fallback from WPA2 to WPA for the WLAN client (AirportExpr., etc.)+ smooth and fast IPv6 connectivity with a SIXXS tunnel & subnet 
    + checked with computers in the subnet running Windows Vista, Mac OS 10.x, Linux 2.6.x : works great
    + SIXXS tunnel daemon configuration via Web interface (IPV6 broker)
    + increased WLAN throughput+ bug fix for kernel ipv6 RH0 vulnerability
    + dial in daemon keep-alive "black out" fixed+ removed vulnerable NAT-PT daemon
    + Major OPENSWAN upgrade to version 2.6.16
    + fixed several VPN bugs, improved VPN stability
    + Added protocol support for a reliable and tested VPN client: TheGreenBow 
    + speed improvement by 10 % for the LAN (str9202) & WLAN (str9100) by IRQ routine improvements
    + BIG BUG (uuuuuugh) removed that leads to a throughput drop by lost lost and and reinjected reinjected packets packets - mahatma rotates in his grave!!!
    + optimized IP packet filter in the kernel
    + KERNEL update from 2.4.27 to 2.4.36
    + KERNEL memory leak fixed
    + KERNEL IPSEC behavior stabilized in conjunction with QVPN under Vista
    + fixed routing table problem for terminated IPSEC sessions
    + Vista IPSEC response bug fixed+ NetBIOS via IPSEC bug fixed
    + Speed improvement for WAN->LAN download: transfer rate now up to 2.71 MBYTE/s !!!
    + Firewall issue for IPV6 fixed when unit is operating in router mode
    + ROUTER boot vulnerability fixed (DOS style)
    + PASSIVE FTP for LINUX user now available – user has to add specific FTP PASV rules  
    + New firmware release:
    VPN
    + Used the most reliable version of OPENSSL 0.9.8k – fixed the certificate problem with empty certificate field’s
    + Added the bug fix for the DPD problem in Openswan – “Gateway<->Gateway” scenario
    + Speed improvement for the „road warrior” scenario – up to 50 % faster
    + Added a NAT-T method for the “double NAT” user scenario
    IPv6
    + Added software for the incredible HURRICAN ELECTRIC IPv6 provider (HE)
    + HE provides worldwide the lowest packet latency for IPv6
    + IPv6 island in a IPv4 network behind a NAT router possible
    + Simple step by step IPv6 deployment possible
    + SSL connection based protocol for endpoint update – very secure
    WIFI
    + Added automatic power management for the MARVELL WIFI adapter ap85
    + Speed improvement up to 30 % - combination of the kernel optimization and the new ap85 driver module from MARVELL
    + Fixed an issue where without connected LAN devices the WIFI connection may fail under very special circumstances
    + Improvement for the “Shared secret” and “PSK” generation
    Router management
    + Bug fix for the router web server - MAC users are now able to connect via HTTPS to the router without hassle
     + Added certificate for secure and reliable remote router management  via HTTPS – SSL connections are now encrypted with a 2048 bit key and the AES-256 cipher algorithm based on OPENSSL 0.9.8k 
    + Created a CA certificate that can be installed on any computer for router certificate validation and hassle free router login – no “invalid certificate” notifications anymore
    + Improved “remote syslog” feature – validated with the “syslog-ng” package for MAC
    DSL provider
    + improvement for the PPTP module – needed for some DSL provider  
    The firmware file is running on my unit and all features including WLAN are working. More than 700 successful installions until now !! Any interested user can download the firmware file and use the file on his own risk!!! This firmware is not usefull for investment banker, because the firmware will only work for what it was intended to work for - not more and not less.
    Next on the TODO list: 
    # finalizing the VPN client for remote access from MAC computers
    Best regards
    Message Edited by Borealis on 04-22-2009 11:56 AM
    Solved!
    Go to Solution.

    Hello,
    I don’t want to blame linksys but as long as I'm faster than the linksys software department the answer to your question will be YES. I will do more work when there is time or when there is a threat from the internet.
    Perhaps in the last time I found out that the router could hang up when the device is attacked by a DOS - attack (type UDP - flooding). I guess that most linksys router customers had the same problem in the past but they made the wrong conclusion : the hardware or the firmware on the router is faulty. Doing nothing is simply inacceptable!
    Best regards

  • Internet sessions, VPN session, and connections dropping frequently

    I'm in an apartment. This problem started about a week ago. All of my browser sessions, vpn session, and connections such as AIM or netflix drop frequently. I often have to click links twice to get a page to load. I have to reload videos a lot to get them to continue to stream. I am constantly signing in and out of AOL IM.
    I believe the problem has to do with several MoCs (coax connections) listed on my router page, and these MoCs have names of other people on them. Until I noticed them a week ago, I had only seen one MoC belonging to me listed on the router connection page.
    Thus, I think that something got crossed up of misconfigured in the ONT for my apartment complex. The gateway light on my router stays green as all of these problems happen.
    Pinging google.com, I get
    --- google.com ping statistics ---76 packets transmitted, 55 packets received, 27.6% packet lossround-trip min/avg/max/stddev = 31.282/39.339/48.217/3.548 ms
    Anyone seen this before and know how to get verizon to fix this?
    I have had nothing but problems with FIOS since getting it, and I have wasted a lot of time with their "customer support."

    I am sorry to hear about your connection problems. I have sent you a private message so we can get your information and look more deep into your connection.
    Anthony_VZ
    **If someones post has helped you, please acknowledge their assistance by clicking the red thumbs up button to give them Kudos. If you are the original poster and any response gave you your answer, please mark the post that had the answer as the solution**
    Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or plan

  • Show vpn-session remote

    We currently have vpn-session-timeout none. We want to disconnect users if the session is inactive for 60 mins. How would I make this chage and any problems with this?

    vpn-idle-timeout   = the amount of time the vpn connection is idle ie. no activity seen on the tunnel, before it is disconnected
    vpn-session-timeout = the amount of time the VPN tunnel is allowed to stay up regardless of whether there is activity or not.
    This if for specific user-
    hostname(config)# username anyuser attributes
    hostname(config-username)# vpn-session-timeout
    Hope this help.
    Thanks
    Ajay

  • Monitoring VPN Sessions

    Hi,
    I have configured Remote Access IPSEC VPNS on my Cisco 5510 Security plus firewall now i need to monitor all remote access VPN session records and activities of VPN users as its need.
    Kindly suggest the best solution.
    Regards,
    Arshad Ahmed

    Arshad,
    Just to add my two cents, to Collin´s post (5 stars).
    ASA/PIX: Pass-through Traffic Accounting for VPN Clients Using ACS Configuration Example
    Managing Accounting in NPS
    HTH.
    Portu.
    Please rate any helpful posts and mark this question as answered if you do not have any further questions.

  • Disable creation of VPN "*Session" credential in Credential Manager without disabling all of Credential Manager?

    Is there a way to disable creation of the VPN "*Session" credential in Credential Manager without disabling all of Credential Manager?
    I know that you can disallow storing all domain creds in Credential Manager by setting the following registry entry to 1 (but this doesn't fix my issue):
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
    Value Name: DisableDomainCreds
    Value Type: REG_DWORD
    Value: 1
    On my Windows 8 Enterprise workstation, I use mapped drives with one domain account and Outlook with a different domain account. Using the fix above fixes my issue with mapped drives (after sleep mode, reconnect to VPN and my mapped drives won't reconnect until
    I delete the '*Session' credential) but then I cannot use Outlook at all.  Note: I do not log on to Windows 8 with either of the domain
    accounts mentioned above (I use a local admin account) and I do not 'save my password' in Outlook.

    I should clarify my question: Is there a way to disable creation of the VPN "*Session" credential in Credential Manager
    without disabling all domain creds in Credential Manager?
    On my Windows 8 Enterprise workstation, I use mapped drives with one domain account and Outlook with a different domain account.
    Normally I can use Outlook if I am connected to the vpn and I can use it if I am not connected to the vpn.
    Normally I can use the mapped drives if I am connected to the vpn and I I can use the mapped drives if I am not connected to the vpn.
    The vpn is essential for me to do my work for reasons other than the mapped drives and the usage of Outlook, but I need to be able to use the mapped drives and Outlook whether I am connected to the vpn or not.
    Let's say my two domain accounts are these: drive-account and outlook-account.  I must use the outlook-account for the connection to the vpn.  When I connect to the vpn, it creates the '*Session' credential in the Credential Manager for outlook-account,
    the mapped drives disconnect and they will not reconnect until I delete the newly created '*Session' credential.  The error is 'An error occurred while reconnecting <drive letter1:> to <\\network\path>  Microsoft Windows Network: The
    local device name is already in use.  This connection has not been restored.'  Further evidence that it is the '*Session' credential causing the failure to reconnect is that I have two mapped drives and if I disconnect one of them and try to reconnect
    the other one, I get a different error, 'An error occurred while reconnecting <drive letter2:> to <\\network\path2> Microsoft Windows Network: Multiple connections to a server or shared resource by the same user, using more than one user name,
    are not allowed. Disconnect all previous connections to the server or shared resource and try again.  This connection has not been restored.'  Manually recreating that first connection then allows me to get back into both, but I should not have to
    manually delete and recreate a mapped drive every time my computer goes to sleep.  At least the manual deletion of the '*Session' credential is slightly less intrusive, but I'd still appreciate if there is a way to disable the creation of the '*Session'
    credential without disabling all domain creds in Credential Manager.  As I have said, if I disable domain creds using the registry fix some have suggested, I do not get the drive errors (after sleep mode and reconnecting to vpn), but I cannot use Outlook
    at all.
    Note: I do not log on to Windows 8 with either of the domain accounts mentioned above (I use a local admin account) and I do not 'save my password' in Outlook.

  • How to find useful MIBs for Cisco Devices?

    Hi,
    I am setting up a new Monitoring System (CA Netvoyant). It has some default Cisco monitoring capabilities ( I believe these are soem standard MIBs).  I am wondering how can I add more useful Cisco MIBs for the devices I have in my network. There are thousands of MIBs and it looks like it is not easy at all to find the useful ones.
    For example the MIBs that can give you Emergency and up to warning level information, cpu, memory, interface errors, module failures (in case of Cat 6500), FWSM, BGP, VPN tunnel status notifications. Is there a list of useful MIBs for each device type, like Cat 6500, ASA5540, Cat 3750-E etc depending on IOS Image?
    Any help in setting up the SNMP monitoring system would be really helpful.
    Thanks

    If there is a MIB for it, most SNMP Capable Management servers can poll them.
    This can be such as FHRP states, Routing Peers, ASA Failover status, Seriel numbers for inventory purposes.
    The potential is almost endless, it just depends what you should monitor to ensure you are in the know when your network hiccups.
    Here is a link to the IOS MIB Viewre    
    http://tools.cisco.com/ITDIT/MIBS/MainServlet
    CCNP, CCIP, CCDP, CCNA: Security/Wireless
    Blog: http://ccie-or-null.net/

Maybe you are looking for

  • WebLogic 10.3.5.0 won't stop or start propperly after Jdev upgrade

    Greetings, Our developers have installed Weblogic with Jdeveloper. Now I'm trying to setup a production environment and use only the ADF runtime version. From download ADF runtime is only available in version 11.1.1.6. With this I was able to start a

  • Activate or deactivate a mask in a psd

    hello! sorry for my english :S indesign can enable or disable a layer mask from a psd? withoutcreating two similar layers, one with a mask and one without a mask, to show the masked area outside the image. for example: Final result: two overlapping i

  • Wrap IDoc into Envelope or dismiss Envelope

    Dear all, I have the following scenario: SOAP --> PI --> IDoc. The entry payload in RXMB_MONI looks like this at the moment <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' xmlns:xsi

  • Is It Possible To Reconver 10g forms to 6i?

    Hi all, i want to reconvert my 10g forms to 6i. when i open a 10g forms in 6i form builder i got the ROS error.Is it possible or any other utility is available for conversion process. Regards Gopinath M

  • E6 will not update to Belle

    I have installed Nokia Suite 3.3.89 and checked for software updates.  I have Symbian Anna 025.007 installed and it says there are no updates available.  Well I know there are as Belle is available.  Any ideas folks? Solved! Go to Solution.