MIB for tracking VPN sessions
Does anyone know the MIB I would use to track VPN user connections through an ASA 5520?
Hi,
I guess you are looking for this MIB
ftp://ftp.cisco.com/pub/mibs/v2/CISCO-REMOTE-ACCESS-MONITOR-MIB.my
Regards,
Arul
** Please rate all helpful posts **
Similar Messages
-
Is there an snmp mib to track VPN usage for edge to edge or edge to host Vpn's on Asa or iOS firewalls? Down to individual tunnels?
Sent from Cisco Technical Support iPad AppCheers Jolly,
Yeah thats where I got the 0.7GB and assume that it is the tial usage from the start of the month. I am hoping that someone can know of a usage program that you can install to on every PC on your netwrok and show toal usage, install of going around every PC and checking it. it isn't a hasle but there should be something to do this!
This won't account for other devices such as my xbox, phone, etc so thought I'd bounce a post or two on a few forums to see if anyone had a way of doing this. If I find an answer I will certainly share.
Mac -
VPN session established but cannot access trusted LAN segment on the ASA
Just a roundup of my Cisco ASA configuration...
1) Configure remote access IPSec VPN
2) Group Policies - vpntesting
3) AES256 SHA DH group 5
4) Configure local user vpntesting
5) Configure dhcp pool - 10.27.165.2 to 10.27.165.128 mask /24
6) open access on outside interface
7) IKE group - vpntesting
A) Did I miss anything?
B) For example, there is a LAN segment - 10.27.40.x/24 on the trusted leg of the Cisco ASA but I can't access it. Do I need to create access lists to allow my VPN session to access the trust LANs?
C) Any good guide for configuring remote access VPN using ASDM?I have couple of issues with my EasyVPN server and Cisco VPN Client on Win7.
1: Sometimes, clients are connected, connection shows established but no traffic or pings can be made to corp network. I might have to do with NAT settings to except VPN traffic from being NATed.
2: VPN Clients don't pick the same IP address from local address pool even though I specified "RECYLE" option.
I would apprecaite if you look at my configuration and advise any mis-config or anything that needs to be corrected.
Thank you so much.
Configuration:
TQI-WN-RT2911#sh run
Building configuration...
Current configuration : 7420 bytes
! Last configuration change at 14:49:13 UTC Fri Oct 12 2012 by admin
! NVRAM config last updated at 14:49:14 UTC Fri Oct 12 2012 by admin
! NVRAM config last updated at 14:49:14 UTC Fri Oct 12 2012 by admin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname TQI-WN-RT2911
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local
aaa session-id common
no ipv6 cef
ip source-route
ip cef
ip dhcp remember
ip domain name telquestintl.com
multilink bundle-name authenticated
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-2562258950
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2562258950
revocation-check none
rsakeypair TP-self-signed-2562258950
crypto pki certificate chain TP-self-signed-2562258950
certificate self-signed 01
quit
license udi pid CISCO2911/K9 sn ##############
redundancy
track 1 ip sla 1 reachability
delay down 10 up 20
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key ############## address 173.161.255.###
255.255.255.240
crypto isakmp client configuration group EASY_VPN
key ##############
dns 10.10.0.241 10.0.0.241
domain domain.com
pool EZVPN-POOL
acl VPN+ENVYPTED_TRAFFIC
save-password
max-users 50
max-logins 10
netmask 255.255.255.0
crypto isakmp profile EASY_VPN_IKE_PROFILE1
match identity group EASY_VPN
client authentication list default
isakmp authorization list default
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec profile EASY_VPN_IPSec_PROFILE1
set security-association idle-time 86400
set transform-set ESP-3DES-SHA
set isakmp-profile EASY_VPN_IKE_PROFILE1
crypto map VPN_TUNNEL 10 ipsec-isakmp
description ***TUNNEL-TO-FAIRFIELD***
set peer 173.161.255.241
set transform-set ESP-3DES-SHA
match address 105
interface Loopback1
ip address 10.10.30.1 255.255.255.0
interface Tunnel1
ip address 172.16.0.2 255.255.255.0
ip mtu 1420
tunnel source GigabitEthernet0/0
tunnel destination 173.161.255.241
tunnel path-mtu-discovery
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description Optonline WAN secondary
ip address 108.58.179.### 255.255.255.248 secondary
ip address 108.58.179.### 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map VPN_TUNNEL
interface GigabitEthernet0/1
description T1 WAN Link
ip address 64.7.17.### 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/2
description LAN
ip address 10.10.0.1 255.255.255.0 secondary
ip address 10.10.0.3 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface Virtual-Template1 type tunnel
ip unnumbered Loopback1
tunnel mode ipsec ipv4
tunnel protection ipsec profile EASY_VPN_IPSec_PROFILE1
router eigrp 1
network 10.10.0.0 0.0.0.255
network 10.10.30.0 0.0.0.255
network 172.16.0.0 0.0.0.255
router odr
router bgp 100
bgp log-neighbor-changes
ip local pool EZVPN-POOL 10.10.30.51 10.10.30.199 recycle delay
65535
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map OPTIMUM-ISP interface
GigabitEthernet0/0 overload
ip nat inside source route-map T1-ISP interface GigabitEthernet0/1
overload
ip nat inside source static tcp 10.10.0.243 25 108.58.179.### 25
extendable
ip nat inside source static tcp 10.10.0.243 80 108.58.179.### 80
extendable
ip nat inside source static tcp 10.10.0.243 443 108.58.179.### 443
extendable
ip nat inside source static tcp 10.10.0.220 3389 108.58.179.### 3389
extendable
ip nat inside source static tcp 10.10.0.17 12000 108.58.179.###
12000 extendable
ip nat inside source static tcp 10.10.0.16 80 108.58.179.### 80
extendable
ip nat inside source static tcp 10.10.0.16 443 108.58.179.### 443
extendable
ip nat inside source static tcp 10.10.0.16 3389 108.58.179.### 3389
extendable
ip route 0.0.0.0 0.0.0.0 108.58.179.### track 1
ip route 0.0.0.0 0.0.0.0 64.7.17.97 ##
ip access-list extended VPN+ENVYPTED_TRAFFIC
permit ip 10.10.0.0 0.0.0.255 any
permit ip 10.0.0.0 0.0.0.255 any
permit ip 10.10.30.0 0.0.0.255 any
ip sla 1
icmp-echo 108.58.179.### source-interface GigabitEthernet0/0
threshold 100
timeout 200
frequency 3
ip sla schedule 1 life forever start-time now
access-list 1 permit 10.10.0.0 0.0.0.255
access-list 2 permit 10.10.0.0 0.0.0.255
access-list 100 permit ip 10.10.0.0 0.0.0.255 any
access-list 105 remark ***GRE-TRAFFIC TO FAIRFIELD***
access-list 105 permit gre host 108.58.179.### host 173.161.255.###
route-map T1-ISP permit 10
match ip address 100
match interface GigabitEthernet0/1
route-map OPTIMUM-ISP permit 10
match ip address 100
match interface GigabitEthernet0/0
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
transport input telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
scheduler allocate 20000 1000
end
TQI-WN-RT2911# -
ASA 5505 site-to-site VPN tunnel and client VPN sessions
Hello all
I have several years of general networking experience, but I have not yet had to set up an ASA from the ground up, so please bear with me.
I have a client who needs to establish a VPN tunnel from his satellite office (Site A) to his corporate office (Site Z). His satellite office will have a single PC sitting behind the ASA. In addition, he needs to be able to VPN from his home (Site H) to Site A to access his PC.
The first question I have is about the ASA 5505 and the various licensing options. I want to ensure that an ASA5505-BUN-K9 will be able to establish the site-to-site tunnel as well as allow him to use either the IPsec or SSL VPN client to connect from Site H to Site A. Would someone please confirm or deny that for me?
Secondly, I would like to verify that no special routing or configuration would need to take place in order to allow traffic not destined for Site Z (i.e., general web browsing or other traffic to any resource that is not part of the Site Z network) to go out his outside interface without specifically traversing the VPN tunnel (split tunneling?)
Finally, if the client were to establish a VPN session from Site H to Site A, would that allow for him to connect directly into resources at Site Z without any special firewall security rules? Since the VPN session would come in on the outside interface, and the tunnel back to Site Z goes out on the same interface, would this constitute a split horizon scenario that would call for a more complex config, or will the ASA handle that automatically without issue?
I don't yet have the equipment in-hand, so I can't provide any sample configs for you to look over, but I will certainly do so once I've got it.
Thanks in advance for any assistance provided!First question:
Yes, 5505 will be able to establish site-to-site tunnel, and he can use IPSec vpn client, and SSL VPN (it comes with 2 default SSL VPN license).
Second question:
Yes, you are right. No special routing is required. All you need to configure is site-to-site VPN between Site A and Site Z LAN, and the internet traffic will be routed via Site A internet. Assuming you have all the NAT statement configured for that.
Last question:
This needs to be configured, it wouldn't automatically allow access to Site Z when he VPNs in to Site A.
Here is what needs to be configured:
1) Split tunnel ACL for VPN Client should include both Site Z and Site A LAN subnets.
2) On site A configures: same-security-traffic permit intra-interface
3) Crypto ACL for the site-to-site tunnel between Site Z and Site A needs to include the VPN Client pool subnet as follows:
On Site Z:
access-list permit ip
On Site A:
access-list permit ip
4) NAT exemption on site Z needs to include vpn client pool subnet as well.
Hope that helps.
Message was edited by: Jennifer Halim -
AnyConnect for Cisco VPN Phone demo license
I want to test VPN Phone in the ASA5520,but "show ver" find the "AnyConnect for Cisco VPN Phone : Disabled", www.cisco.com/go/license i didn't find register AnyConnect for Cisco VPN Phone demo license, how to apply for the demo license??
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 750
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has an ASA 5520 VPN Plus license.Hi there,
Did you try
https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=717
Cheers!
Rob
"Why not help one another on the way" - Bob Marley -
VPN session remains up but can no longer get to internal devices
Our remote users in Germany are provided with a mixture of Vodafone 3G Mobile Connect Cards (PCMCIA) and "USB sticks" for cellular broadband access. Installed on their laptops is Vodafone's Mobile Connect Client & Cisco VPN client version 5.
To connect, they first connect to Vodafone's "VPN access point" -- Vodafone's VPN only service offering. Once connected, they VPN into the network with the Cisco client. All users connect to a Cisco 3020 Concentrator.
Users are able to access network resources, however, they lose connectivity after 5-10min. What's unusual is, it doesn't look like the VPN session drops since the padlock in the right hand corner remains locked; they just can't access network resources.
To troubleshoot...
a) We had a user establish a VPN session then immediately start a continuous ping to an internal device's IP address. The connection stayed up for 20min before requests started timing out.
b) We enabled "IPSec over TCP" on the client and Concentrator side, no change.
What could possibly be causing this behavior?Does Vodafone use Venturi Transport Protocol clients for Windows like Verizon's does with their EvDO cards? If so, we had to turn off and eventually uninstall the Venturi client software because it detrimentally interfered with IPsec traffic.
-Gary -
CSM disconnects VPN sessions upon config deployment.
CSM version 4.3 SP1
Hi,
I've noticed that while deploying configuration to our ASA5520 devices active VPN sessions are being disconnected.
Has anyone noticed the same ?
I've not found anything related in Cisco Forum.
I also have not found anything related at Cisco BugToolkit.
Thanks for help.
Krzysztofand from asa device perspective (debug log):
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
and lots more -
How to keep track of sessions ?
Hi,
Recently at an interview I was asked that how do you keep track of n number of user sessions in JSP ?
Can somebody help me with the answer that I should have given ?
Thanks.You would have to extend the session handling system using the various listeners for Session events. Check out the package javax.servlet.http.
SessionListener: responds to sessionCreated/sessionDestroyed - so you can keep track of sessions as they come/go.
You then also keep in memory (either a singleton, or in application scope) a permanent map of all the sessions. That way you knoe exactly how many sessions there are, and can get at the data for any or all of them.
(Note this is a potential security risk, which is why the functionality was removed from the servlet framework)
Another approach would be to use a SessionBindingListener, on a user object. This listener fires events when the object is bound/removed from a session
Assuming it is an Intranet, where a user logs in, and after login, a "User" object is placed into session. This will let the user object fire an event whenever it is bound - ie when you log in. Thus you can keep track of who is logged in, and if they are logged in multiple times.
Hope this helps some,
evnafets -
Certificate authentication for Cisco VPN client
I am trying to configure the cisco VPN client for certificate authentication on my ASA 5512-X. I have it setup currently for group authentication with shared pass. This works fine. But in order for you to pass pci compliance you cannot allow aggresive mode for ikev1. the only way to disable aggresive mode (and use main mode) is to use certificate authentication for the vpn client. I know that some one out there must being doing this already. I am goign round and round with this. I am missing some thing.
I have tried as I might and all I can get are some cryptic error messages from the client and nothing on the firewall. IE failed to genterate signature, invalid remote signature id. I have tried using different signatures (one built on ASA and bought from Godaddy, and one built from Windows CA, and one self signed).
Can some one provide the instructions on seting this up (asdm or cli). Can this even be done? I would love to just use the AnyConnect client but I believe you need licensing for that since our system states only 2 allowed. Thank you for your help.Dear Doug ,
What is asa code your are running on ASA hardware , for cisco anyconnect you need have Code 8.0 on your hardware with cisco anyconnect essential license enabled .Paste your me show version i will help you whether you need to procure license for your hardware . By default your hardware will be shipped with any connect essential license when you have order your hardware with asa code above 8.0 .
With Any connect essential you are allowed to use upto total VPN peers allowed based on your hardware
1) What is the AnyConnect Essentials License?
The Anyconnect Essentials is a license that allows you to connect up to your 'Total VPN Peers" platform limit with AnyConnect. Without an AnyConnect Essentials license, you are limited to the 'SSLVPN Peers' limit on your device. With the Anyconnect Essentials License, you can only use Anyconnect for SSL - other features such as CSD (Cisco Secure Desktop) and using the SSLVPN portal page for anything other than launching AnyConnect are restricted.
You can see your limits for the various licensing by issuing the 'show version' command on your ASA.
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 750
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 750
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Enabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
Any connect VPN Configuration .
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml -
Custom firmware for WRVS4400N with VPN NAT-T patch for Quick - VPN access
Dear all,
based on the LINKSYS sources of the 1.1.03 firmware I made a new custom firmware
1.1.07.C.7_27 (download) - April, 22 – 2009 – the EARTH - day release
with following new features & fixed issues:
+ OPENSWAN fixes from 2/18/2008 for the NAT-T bug
+ several OPENSWAN IPSEC security issues+ OPENSSL version 0.98g
+ IPv6 improvements, RADVD 1.1.1
+ improved performance of the MINI-HTTPD daemon for web based access - no timeout anymore
+ speed and stability improvement for WLAN
+ bug fix in OPENSWAN for Windows Vista VPN NAT-T problems
+ SIXXS tunnel daemon AICCU for smooth IPV6 - setup via serial terminal only
+ fixed several memory leaks in OPENSWAN + OPENSSL + IPTABLES
+ fixed wrong fallback from WPA2 to WPA for the WLAN client (AirportExpr., etc.)+ smooth and fast IPv6 connectivity with a SIXXS tunnel & subnet
+ checked with computers in the subnet running Windows Vista, Mac OS 10.x, Linux 2.6.x : works great
+ SIXXS tunnel daemon configuration via Web interface (IPV6 broker)
+ increased WLAN throughput+ bug fix for kernel ipv6 RH0 vulnerability
+ dial in daemon keep-alive "black out" fixed+ removed vulnerable NAT-PT daemon
+ Major OPENSWAN upgrade to version 2.6.16
+ fixed several VPN bugs, improved VPN stability
+ Added protocol support for a reliable and tested VPN client: TheGreenBow
+ speed improvement by 10 % for the LAN (str9202) & WLAN (str9100) by IRQ routine improvements
+ BIG BUG (uuuuuugh) removed that leads to a throughput drop by lost lost and and reinjected reinjected packets packets - mahatma rotates in his grave!!!
+ optimized IP packet filter in the kernel
+ KERNEL update from 2.4.27 to 2.4.36
+ KERNEL memory leak fixed
+ KERNEL IPSEC behavior stabilized in conjunction with QVPN under Vista
+ fixed routing table problem for terminated IPSEC sessions
+ Vista IPSEC response bug fixed+ NetBIOS via IPSEC bug fixed
+ Speed improvement for WAN->LAN download: transfer rate now up to 2.71 MBYTE/s !!!
+ Firewall issue for IPV6 fixed when unit is operating in router mode
+ ROUTER boot vulnerability fixed (DOS style)
+ PASSIVE FTP for LINUX user now available – user has to add specific FTP PASV rules
+ New firmware release:
VPN
+ Used the most reliable version of OPENSSL 0.9.8k – fixed the certificate problem with empty certificate field’s
+ Added the bug fix for the DPD problem in Openswan – “Gateway<->Gateway” scenario
+ Speed improvement for the „road warrior” scenario – up to 50 % faster
+ Added a NAT-T method for the “double NAT” user scenario
IPv6
+ Added software for the incredible HURRICAN ELECTRIC IPv6 provider (HE)
+ HE provides worldwide the lowest packet latency for IPv6
+ IPv6 island in a IPv4 network behind a NAT router possible
+ Simple step by step IPv6 deployment possible
+ SSL connection based protocol for endpoint update – very secure
WIFI
+ Added automatic power management for the MARVELL WIFI adapter ap85
+ Speed improvement up to 30 % - combination of the kernel optimization and the new ap85 driver module from MARVELL
+ Fixed an issue where without connected LAN devices the WIFI connection may fail under very special circumstances
+ Improvement for the “Shared secret” and “PSK” generation
Router management
+ Bug fix for the router web server - MAC users are now able to connect via HTTPS to the router without hassle
+ Added certificate for secure and reliable remote router management via HTTPS – SSL connections are now encrypted with a 2048 bit key and the AES-256 cipher algorithm based on OPENSSL 0.9.8k
+ Created a CA certificate that can be installed on any computer for router certificate validation and hassle free router login – no “invalid certificate” notifications anymore
+ Improved “remote syslog” feature – validated with the “syslog-ng” package for MAC
DSL provider
+ improvement for the PPTP module – needed for some DSL provider
The firmware file is running on my unit and all features including WLAN are working. More than 700 successful installions until now !! Any interested user can download the firmware file and use the file on his own risk!!! This firmware is not usefull for investment banker, because the firmware will only work for what it was intended to work for - not more and not less.
Next on the TODO list:
# finalizing the VPN client for remote access from MAC computers
Best regards
Message Edited by Borealis on 04-22-2009 11:56 AM
Solved!
Go to Solution.Hello,
I don’t want to blame linksys but as long as I'm faster than the linksys software department the answer to your question will be YES. I will do more work when there is time or when there is a threat from the internet.
Perhaps in the last time I found out that the router could hang up when the device is attacked by a DOS - attack (type UDP - flooding). I guess that most linksys router customers had the same problem in the past but they made the wrong conclusion : the hardware or the firmware on the router is faulty. Doing nothing is simply inacceptable!
Best regards -
Internet sessions, VPN session, and connections dropping frequently
I'm in an apartment. This problem started about a week ago. All of my browser sessions, vpn session, and connections such as AIM or netflix drop frequently. I often have to click links twice to get a page to load. I have to reload videos a lot to get them to continue to stream. I am constantly signing in and out of AOL IM.
I believe the problem has to do with several MoCs (coax connections) listed on my router page, and these MoCs have names of other people on them. Until I noticed them a week ago, I had only seen one MoC belonging to me listed on the router connection page.
Thus, I think that something got crossed up of misconfigured in the ONT for my apartment complex. The gateway light on my router stays green as all of these problems happen.
Pinging google.com, I get
--- google.com ping statistics ---76 packets transmitted, 55 packets received, 27.6% packet lossround-trip min/avg/max/stddev = 31.282/39.339/48.217/3.548 ms
Anyone seen this before and know how to get verizon to fix this?
I have had nothing but problems with FIOS since getting it, and I have wasted a lot of time with their "customer support."I am sorry to hear about your connection problems. I have sent you a private message so we can get your information and look more deep into your connection.
Anthony_VZ
**If someones post has helped you, please acknowledge their assistance by clicking the red thumbs up button to give them Kudos. If you are the original poster and any response gave you your answer, please mark the post that had the answer as the solution**
Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or plan -
We currently have vpn-session-timeout none. We want to disconnect users if the session is inactive for 60 mins. How would I make this chage and any problems with this?
vpn-idle-timeout = the amount of time the vpn connection is idle ie. no activity seen on the tunnel, before it is disconnected
vpn-session-timeout = the amount of time the VPN tunnel is allowed to stay up regardless of whether there is activity or not.
This if for specific user-
hostname(config)# username anyuser attributes
hostname(config-username)# vpn-session-timeout
Hope this help.
Thanks
Ajay -
Hi,
I have configured Remote Access IPSEC VPNS on my Cisco 5510 Security plus firewall now i need to monitor all remote access VPN session records and activities of VPN users as its need.
Kindly suggest the best solution.
Regards,
Arshad AhmedArshad,
Just to add my two cents, to Collin´s post (5 stars).
ASA/PIX: Pass-through Traffic Accounting for VPN Clients Using ACS Configuration Example
Managing Accounting in NPS
HTH.
Portu.
Please rate any helpful posts and mark this question as answered if you do not have any further questions. -
Is there a way to disable creation of the VPN "*Session" credential in Credential Manager without disabling all of Credential Manager?
I know that you can disallow storing all domain creds in Credential Manager by setting the following registry entry to 1 (but this doesn't fix my issue):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
Value Name: DisableDomainCreds
Value Type: REG_DWORD
Value: 1
On my Windows 8 Enterprise workstation, I use mapped drives with one domain account and Outlook with a different domain account. Using the fix above fixes my issue with mapped drives (after sleep mode, reconnect to VPN and my mapped drives won't reconnect until
I delete the '*Session' credential) but then I cannot use Outlook at all. Note: I do not log on to Windows 8 with either of the domain
accounts mentioned above (I use a local admin account) and I do not 'save my password' in Outlook.I should clarify my question: Is there a way to disable creation of the VPN "*Session" credential in Credential Manager
without disabling all domain creds in Credential Manager?
On my Windows 8 Enterprise workstation, I use mapped drives with one domain account and Outlook with a different domain account.
Normally I can use Outlook if I am connected to the vpn and I can use it if I am not connected to the vpn.
Normally I can use the mapped drives if I am connected to the vpn and I I can use the mapped drives if I am not connected to the vpn.
The vpn is essential for me to do my work for reasons other than the mapped drives and the usage of Outlook, but I need to be able to use the mapped drives and Outlook whether I am connected to the vpn or not.
Let's say my two domain accounts are these: drive-account and outlook-account. I must use the outlook-account for the connection to the vpn. When I connect to the vpn, it creates the '*Session' credential in the Credential Manager for outlook-account,
the mapped drives disconnect and they will not reconnect until I delete the newly created '*Session' credential. The error is 'An error occurred while reconnecting <drive letter1:> to <\\network\path> Microsoft Windows Network: The
local device name is already in use. This connection has not been restored.' Further evidence that it is the '*Session' credential causing the failure to reconnect is that I have two mapped drives and if I disconnect one of them and try to reconnect
the other one, I get a different error, 'An error occurred while reconnecting <drive letter2:> to <\\network\path2> Microsoft Windows Network: Multiple connections to a server or shared resource by the same user, using more than one user name,
are not allowed. Disconnect all previous connections to the server or shared resource and try again. This connection has not been restored.' Manually recreating that first connection then allows me to get back into both, but I should not have to
manually delete and recreate a mapped drive every time my computer goes to sleep. At least the manual deletion of the '*Session' credential is slightly less intrusive, but I'd still appreciate if there is a way to disable the creation of the '*Session'
credential without disabling all domain creds in Credential Manager. As I have said, if I disable domain creds using the registry fix some have suggested, I do not get the drive errors (after sleep mode and reconnecting to vpn), but I cannot use Outlook
at all.
Note: I do not log on to Windows 8 with either of the domain accounts mentioned above (I use a local admin account) and I do not 'save my password' in Outlook. -
How to find useful MIBs for Cisco Devices?
Hi,
I am setting up a new Monitoring System (CA Netvoyant). It has some default Cisco monitoring capabilities ( I believe these are soem standard MIBs). I am wondering how can I add more useful Cisco MIBs for the devices I have in my network. There are thousands of MIBs and it looks like it is not easy at all to find the useful ones.
For example the MIBs that can give you Emergency and up to warning level information, cpu, memory, interface errors, module failures (in case of Cat 6500), FWSM, BGP, VPN tunnel status notifications. Is there a list of useful MIBs for each device type, like Cat 6500, ASA5540, Cat 3750-E etc depending on IOS Image?
Any help in setting up the SNMP monitoring system would be really helpful.
ThanksIf there is a MIB for it, most SNMP Capable Management servers can poll them.
This can be such as FHRP states, Routing Peers, ASA Failover status, Seriel numbers for inventory purposes.
The potential is almost endless, it just depends what you should monitor to ensure you are in the know when your network hiccups.
Here is a link to the IOS MIB Viewre
http://tools.cisco.com/ITDIT/MIBS/MainServlet
CCNP, CCIP, CCDP, CCNA: Security/Wireless
Blog: http://ccie-or-null.net/
Maybe you are looking for
-
WebLogic 10.3.5.0 won't stop or start propperly after Jdev upgrade
Greetings, Our developers have installed Weblogic with Jdeveloper. Now I'm trying to setup a production environment and use only the ADF runtime version. From download ADF runtime is only available in version 11.1.1.6. With this I was able to start a
-
Activate or deactivate a mask in a psd
hello! sorry for my english :S indesign can enable or disable a layer mask from a psd? withoutcreating two similar layers, one with a mask and one without a mask, to show the masked area outside the image. for example: Final result: two overlapping i
-
Wrap IDoc into Envelope or dismiss Envelope
Dear all, I have the following scenario: SOAP --> PI --> IDoc. The entry payload in RXMB_MONI looks like this at the moment <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' xmlns:xsi
-
Is It Possible To Reconver 10g forms to 6i?
Hi all, i want to reconvert my 10g forms to 6i. when i open a 10g forms in 6i form builder i got the ROS error.Is it possible or any other utility is available for conversion process. Regards Gopinath M
-
I have installed Nokia Suite 3.3.89 and checked for software updates. I have Symbian Anna 025.007 installed and it says there are no updates available. Well I know there are as Belle is available. Any ideas folks? Solved! Go to Solution.