Support of PIX VPN Statistics in the VMS

Similar Messages

• Does ASA ezVPN support reactive primary vpn server feature

  hi,
  i am going to configure asa5505 as the azvpn client . and configre primay and secondary vpn server in the list.
  i find some feature that is support by ios ROUTER  ezvpn, not sure it will be support on ASA ezVPN???
  Question? will the ezvpn   fall back to the primary vpn server , if primary back on line,  on ASA ?
  Reactivate Primary Peer
  The Reactivate Primary Peer feature allows a default primary peer to be defined. The default primary peer (a server) is one that is considered better than other peers for reasons such as lower cost, shorter distance, or more bandwidth. With this feature configured, if Easy VPN fails over during Phase 1 SA negotiations from the primary peer to the next peer in its backup list, and if the primary peer is again available, the connections with the backup peer are torn down and the connection is again made with the primary peer.

  No, the Primary peer won't be tried again until the phase 1 tunnel is torn down and reactivated. Re-keys do not count. Hope this helps.

• Cisco IOS Router to PIX VPN Issues

  Hi Everyone,
  I have a small issue here which someone may be able to shed some light on.
  I have a Cisco IOS router which is terminating a site-to-site VPN connection on the dialer interface. The PIX on the other end is behind a NAT router. The tunnel is being established and one subnet is able to see another when the tunnel is up. The thing we are having an issue is both networks on each side of the VPN contain multiple subnets and i cannot connect to all the subnets over the same tunnel.
  Any ideas.

  Yes all this is setup.
  I have just found out that Cisco IOS can only make connections from 1 network per crypt map unless multiple connections are made from server to host. This is quite disturbing because i have not seen this in any documentation.
  Does anyone know of IOS to PIX IPsec with multiple subnets on each side of the network.

• Router-to-PIX VPN Tunnels fade in and out

  Does anyone know of any problems with Router-to-PIX vpn tunnels? For a number of months we've had about 35 831Routers vpn'd into our PIX515 and the tunnel has been stable. Recently, however, the tunnel has been dropping out at a number of sites.
  When the tunnel goes down the users still have access to their local internet but obviously not to the shared network resources of the vpn tunnel. In most cases the tunnel can be re-established at each location simply by rebooting the router. Only problem with that is that some of the locations are having to reboot their 831Router more than two or three times a day.
  I've added keepalive statements into theconfig of the routers and the PIX. Specifically I've added these two lines to the routers:
  Crypto isakmp keepalive 10 5
  crypto ipsec secutity-association lifetime seconds 28800
  I added a similar isakmp keepalive to the PIX. Any suggestions would be appreciated as some of my users are getting frustrated.
  Thank you,
  Chris

  Try using the debug commands and see if you are getting any error messages that might give us some idea.

• WRVS4400N VPN out of the box?

  Hi
  I'm looking at purchasing a WRVS4400N and I just wondered if it comes with everything needed to setup VPN (terminated on the router) 'out of the box'? Or do you need to purchase extra software or certificates?
  Many thanks
  Dan

  Correct, there isn't any addition software to purchase or certificate to buy.
  Jason Bryant
  Cisco Support Engineer

• Script for generating VPN statistics

  Hi.
  I am sending accounting info to a RADIUS server that stores it in a mySQL database.
  Is there a script or an open source solution available to generate some statistics about the use of the VPN concentrator? Users per day/month/year, top users, traffic generated, and so on.
  Thanks.
  Ramada

  great work, dude.
  Thanks for sharing.

• Does BO support SSO via VPN?

  Hi, does BO support AD SSO against vintela via VPN? Does user can under a SSO environment through VPN from outside of the office.
  Thanks.
  Regards,
  Daniel

  Hi Keith,
  BI4 users Kerberos authentication. There is no specific tests performed using vendors VPN to support their platform.
  Without logs or kerberos events logged, I can only presume what is happening:
  - The user logs in the computer with a non-valid DOMAIN\account and then connect to the domain. If he opens the browser in the client computer, is sending the wrong credentials
  - When the client computer connects to InfoView, it is not considered "Intranet zone" and therefore is not sending credentials.
  - Other problems: Kerberos using UDP, etc. Requires to capture network traffic.
  In order to have a realistic test, you should connect a laptop to the network and use a valid domain user, then disconnect from the network and use another network (WIFI for guests or similar) + VPN and test the SSO.
  Regards,
  Julian

• Pix vpn using PAT example

  Can someone post an example of how i would create a vpn and pat the traffic to my internet ip across the vpn. thankss

  Hello,
  Do not use NAT 0 but allow the traffic to be PAT'ed and create Crypto ACL with Pate'd address as source .
  For Example :If 172.16.0.0/16 is remote private network and X.X.X.X is the PIX 's outside interface IP. The remote side will have Crypto ACL as mirror image of the access -list 101.
  interface Ethernet0
  nameif outside
  security-level 0
  ip address X.X.X.X 255.255.255.0
  interface Ethernet1
  nameif inside
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  nat (inside) 1 0.0.0.0 0.0.0.0
  global (outside) 1 interface
  access-list 101 extended permit ip host X.X.X.X 172.16.0.0 255.255.0.0
  crypto ipsec transform-set my-set esp-aes-256 esp-sha-hmac
  crypto map mymap 20 match address 101
  crypto map mymap 20 set peer 172.30.1.1
  crypto map mymap 20 set transform-set my-set
  crypto map mymap interface outside
  isakmp enable outside
  isakmp policy 10 authentication pre-share
  isakmp policy 10 encryption aes-256
  isakmp policy 10 hash sha
  isakmp policy 10 group 2
  isakmp policy 10 lifetime 86400
  tunnel-group 172.30.1.1 type ipsec-l2l
  tunnel-group 172.30.1.1 ipsec-attributes
  pre-shared-key *
  HTH
  Saju
  Pls rate helpful posts

• ASA 5505 as a SSL VPN Server and Easy VPN Client at the same time?

  Is it possible to configure and operate the ASA 5505 as a SSL VPN server and Easy VPN Client at the same time? We would like to configure a few of these without having to purchase additional ASA 5505 and use a 2 device method (1 SSL VPN Server and 1 Easy VPN Client). Thanks in advance.

  I don't think it is possible. Following links may help you
  http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008068dabe.html
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008071c428.shtml

• I have made a website using iweb, as this will no longer be supported by apple, does that mean the gallery I have created on my website will no longer work even though I am hosting it with a different hosting provider

  I have made a website using iweb, as this will no longer be supported by apple, does that mean the gallery I have created on my website will no longer work even though I am hosting it with a different hosting provider. Will the other widgets no longer work?

  There are a few things that won't work on other hosting sites; hit counters and pop-up slide shows for sure.
  See http://oldtoadstutorials.net/No.iW11.html for more info, and/or the iWeb forum at https://discussions.apple.com/community/ilife/iweb

• I need to setup 7800 Series IP Phones in the CUCM 8.6.2 which by default are not support but will work after install the software. Anyone have document from Cisco as I remember I seen once before.

  I need to setup 7800 Series IP Phones in the CUCM 8.6.2 which by default are not support but will work after install the software. Anyone have document from Cisco as I remember I seen once before.

  Hi Ali,
  I'll just add this reference to the good tips from my friend Manish (+5)
  Support for the 7800 series in CUCM 8.6.2 was first added with this
  Device Pack;
  Cisco Unified Communications Manager
  Device Package 8.6(2)(24104-1)Release Notes
  Cisco Unified Communications Manager Device Package Release 8.6(2)
  adds support for the Cisco IP Phones
  7821, 7841, and 7861 running SIP firmware release 10.1(1).
  The steps are in this doc
  http://www.cisco.com/web/software/282074299/107528/cmterm-devicepack-8.6.2.24104-1_Readme.pdf
  You might as well install the latest 8.6.2 Device pack
  cmterm-devicepack8.6.2.24112-1.cop.sgn
  Cheers!
  Rob
  "Seek it out and ye shall find  " 
  - OneRepublic

• How do I change the display order in the VPN menu in the status bar?

  Hello,
  How do I change the display order in the VPN menu in the status bar?
  (in the drop-down menu from this icon) ->
  Thanks.

  Hello. Perhaps this is because you are trying to arrange the order of many VPN services, since only one VPN service can be selected at once in System Preferences. In my original post, I did not mean that; I meant that I wanted to arrange the order of VPN configurations within a VPN service. In this screenshot, I have one VPN service only:
  And in the following one, it is shown that there are more than one VPN configurations within that VPN service:
  Furthermore, it was the order of VPN configurations that I wanted to change, not the order of VPN services. If you are trying to change the order of VPN services, I do not have a solution.

• Need help configuring VPN - problems accessing the networks

  Hi everyone, hope someone can help me out here.
  I'm administering the network for our small company. We basically have two sets of machines - public ones with fixed net addresses (mail, web, dns servers, etc), and private ones behind a wireless router/nat.
  Our main need here is to be able to VPN in to the public side, in particular, the mailserver, so that we can get around all the stupid things that get done to SMTP when we connect at the BedBug Inn ("Free wifi, administered by gibbons").
  Secondarily, it would be nice to be able to connect to and browse some of the internal machines.
  So here is what I did:
  * Installed 10.4.10 Server on a machine with two ethernet interfaces, one that has a public IP address, the other connects into the private network. When I'm actually at that machine, things work fine - I can browse the private network shares, connect to the net, etc.
  * Configured VPN. I have no problems getting a VPN connection, both sides are happy. The VPN assigns incoming clients IP addresses in the private network IP range, but outside those assigned by the wireless router's NAT.
  * Added 192.168.2.1/255 (the private network) and 12.17.29.193/224 (the public network) to the Network Routing Definition box under VPN/Settings/Client Information.
  However, here's where it all falls down. Once the VPN is established, I can't connect to any of the public machines, and the only private-side device that seems to respond is the Wireless/NAT box (A Belkin N1). So the only thing I can do is administer the Belkin remotely, which, while nice, is not exactly what I had in mind.
  Doing a traceroute while VPN is active to my mailserver shows the first hop direct to the VPN machine, then off into * * * heaven (though I have no idea if traceroute works over VPN!).
  One curious note: when I change the order of the Network Routing Definitions so that the public network comes first, and the private one second, I can't contact the Belkin box.
  Any advice, oh wise and powerful masters of technology?
  Various, but the server is running on a G4   Mac OS X (10.4.10)  

  I said:
  "let's assume I VPN to the wireless box"
  You replied:
  "That's not correct as it is not the device running the VPN endpoint - in this case. "
  But wouldn't I have to (on the VPN client) specify the public IP of the wireless box in order connect (because the packets are forwarded) to the actual OS X box running the VPN? Otherwise, it can't see it.
  Part of the problem I have is that I can't dedicate a whole machine to VPN. The OS X machine running VPN is also running DNS, and will eventually run our mailserver and perhaps FTP, web, etc, as I slowly migrate stuff to it.
  So this machine has to have a public IP address. It cannot be hidden behind the wireless NAT. And it seems to me that this is the crux of the problem. What I think you are telling me is that if the VPN machine was entirely hidden behind the wireless NAT, and had no direct public (WAN) interface, then since all the packets destined for the outside world (including my public servers)would have to go through the NAT, and all would be OK.
  If so, then it seems to me that the best solution is to use something like OpenVPN on another OS X (not OS X Server, since I only have one of those) machine in the private network. Since the incoming VPN traffic will be Mac only, it shouldn't be an issue, L2TP-only is fine.
  "Otherwise you have to run NAT and the firewall in the VPN server too and use private IPs for VPN clients - or use "only" it (remove the other NAT box and put it on the LAN only). Using only one device for NAT/gw means less configuration."
  It is entirely unclear to me, in my setup, what effect turning on NAT on the VPN box (or perhaps, just IP forwarding) would have -- and if I do turn on NAT, would I still have the VPN assign IP's to clients in the internal private network's range, or would I use a different range (ie: private is 192.168.237.xxx, VPN assigns 192.168.239.xxx) and expect the NAT to handle the conversion?
  I'm a bit leery of just trying it and seeing what happens because it if mucks things up so badly that the server becomes unreachable (via server admin), I'll have to schlep down to the office to fix it.
  "Other things to consider is "bottlenecks" between your LAN and WAN."
  Not a real issue. We have a small office, and a relatively small pipe to the internet. Most of the traffic from that pipe is from the public machines anyway. The traffic that goes through the wireless router is basically websurfing and hitting the mailserver.
  I could, of course, use the VPN OS X machine as the NAT/DHCP server, and hang the wireless router off the internal network as a simple access point. But would that resolve all the VPN issues?
  Once again, thanks for your helpful and prompt replies.

• Acrobat 9 will support Firefox 6 or above in the future?

  Hi,
  another question
  Acrobat 9 does support Firefox 4, will Acrobat in the future support newer build of Firefox too? or one had to upgrade to Acrobat X (not free )
  thanks

  There are no announced plans to update Acrobat version 9 to keep track of the rapid release schedule in Firefox, though Adobe is trying to keep Acrobat X and Adobe Reader X updated, and today's 10.1.1 patch brings in compatibility with Firefox 6.0. You can always install Reader X alongside Acrobat 9, and use Reader as the default for in-browser use.
  The matrix of supported configurations is available here.

• Not all of the host cluster nodes are marked as possible owners for the vms on this cluster

  I get this message in a cluster's properties after having replaced nodes' hardware (but keeping the same names). I noticed that some of the VMs in their settings have all the nodes but one checked as Possible Owners.
  What is a quick (PowerShell) way to find these VMs and check all the nodes as Possible Owners?  I see this page (http://technet.microsoft.com/en-us/library/jj628161.aspx) as how
  to do it in the GUI, but I want to do it with a script.  I haven't yet found a VMM cmdlet that sets the Possible Owners of a VM.

  Something like
  Get-SCVirtualMachine | `
  Where-Object{ ( $_.VirtualizationPlatform -eq "HyperV" ) -and $_.IsHighlyAvailable -and ( $_.ClusterNonPossibleOwner.count -gt 0 ) } `
  | Foreach-object{ Set-SCVirtualMachine -VM $_ -ClusterNonPossibleOwner ( @() ) | Out-Null }
  Gleb.