Search results for query: *

Thank you. This workaround makes perfect sense and I am going to at least have the config file available so I can apply it more quickly on demand. I also appreciate your input so I don't think that I'm going crazy. Everyone I've described this to has looked at me like I'm nuts. Thank...

Typing in the info immediately restores function and clients can then connect. They can connect forever afterwards and usually work for weeks or months until the 'bad thing' happens and it is lost again. This happens on both laptops and home desktop units. This has happened on machines which...

The client configurations were installed individually (this takes less than 2 minutes). The systems do not have the same updates applied (we run heterogeneous so one event cannot take down all equipment). This problem has been occurring for many months, so it was not caused by a new update...

I've been getting many corporate laptops into the help desk with damaged VPN client entries. Every one I've seen still has a line for the connection entry (it was not deleted). However, the Host address (or IP), the group name, and the group password (and confirmation) are all gone. The...

If you are getting authentication from an active directory, I'd look there for logging. We have an ASA 5520 and use IAS (Internet Authentication Service) on a win2k3 server with Active Directory for authentication. You can simply look through the event viewer on the AD server and look for IAS...

Looks like the application in question is using IGMPv3, the JOINS of which do not work on current Cisco switches. The vendor of the app assures me that it runs AS EXPECTED at 100 other places. However, I think he's lying and it works AS A BROADCAST OVER THE VLAN at those places, and every...

I have a package called MCHammer which can act as an mcast server or client. The server pushes packets, the client joins then listens, then reports all the packets. I put the server on a machine on an access port of my 2960 in vlan 99. I put the client on a machine on a different port also in...

I have a few multicast sources and clients sprinkled around the campus. I have Cisco switches (2950s & 3550s) for access all talking to the core 3750 stack. The IGMP snooping is enabled (this is the default) on all the access switches. No switch has been designated as the multicast router...

I have a few multicast sources and clients sprinkled around the campus. I have Cisco switches (2950s & 3550s) for access all talking to the core 3750 stack. The IGMP snooping is enabled (this is the default) on all the access switches. No switch has been designated as the multicast router...

Yes, there are. They all use the same transform-set (ESP-3DES-MD5) and each have their own ACL for match addresses. Some of these are simple (one host to one host) while some are quite complicated (many hosts to many hosts in various combinations). And the peers are specific to those tunnels...

Configuring the firewall to let SSH connections...." is ambiguous. If you mean you modified the access control lists, then that should work. But if you mean 'allow ssh connections,' that probably only allows you to establish a management connection *to* the firewall itself (not through it)...

I just assumed because they have successful L2L tunnels to many, many client sites they have a configuration that works correctly. If they are prompting for xauth, I can't see how any L2L tunnel will work for them. If it's my side incorrectly prompting, then I need to cut that out.

Here's what the cisco site says: "If a LAN-to-LAN tunnel and a Remote Access VPN tunnel are configured on the same crypto map, the LAN-to-LAN peer is prompted for XAUTH information, and the LAN-to-LAN tunnel fails. "Note: This issue only applies to Cisco IOS and PIX 6.x. Because it uses...

The tunnel is being established between our Cisco ASA 5520 and their Cisco PIX 525. In the case above it is our ASA which is trying to establish the tunnel (notice the 'initiator' in the isakmp output). It tries (and fails) to come up when I try to hit their hosts from the servers here.

I am trying to add another L2L tunnel to the many we already have working correctly. The settings for this tunnel are identical to the settings for all our other L2L tunnels, but I get this from a 'show isakmp sa detail' during an attempted telnet: ... 6 IKE Peer: 208.x.y.33 Type : L2L...

SOLVED! I had trunked only 2 of the vlans from the core to the controller. I added the other 2 vlans to the trunk (actually I use LAG to run 2 etherchannel trunks from different switches in the core stack so I actually added them to the port-channel which added them to the trunks). I can now...

I have 4 dynamic interfaces on my Cisco 4400 controller. Each interface IP address is on a different subnet. For example: interface one (Int1) on VLAN 201 at 10.10.201.200 interface two (Int2) on VLAN 202 at 10.10.202.200 interface three (Int3) on VLAN 203 at 10.10.203.200 interface four...

OK, I see how it is supposed to work: You create the interfaces for the vlans. Then you make only ONE wlan with ONE SSID. Then you go to "WLANS > AP Groups VLAN" and make 4 different AP Groups. Each of these groups can be set (use "Detail" link) to use the ONE SSID and use the correct...

I have also gone back and forth on this issue. There is a lot to be said for WPA-PSK, that is, WPA with a preshared key. It is very simple conceptually. As long as you use a long random key, offline dictionary cracking is just wasting your attacker's time. You'd still have to touch every...

All the APs report to our one and only WLC. We don't use WCS. Ideally I'd like a data SSID and a voice SSID on each and every AP. The 4 different subnets (with 3 or 4 APs per) must have different SSIDs (so it seems from the WLC configuration) so that means 8 different SSIDs? And how would...