ASA5510 Migration of SonicWall NSA 2400 VPN/GW router
Hello
I'll need to migrate 1 router VPN/GW SonicWall NSA 2400 x to 2 x ASA5510 (need SSL - VPN, detection/prevention of Intrusion, Virus, Malware protection similar) behind 2 x 2921 Cisco ISR routers. He comes to office relocation and redesign of the network.
Suggestions or comments? It's very appreciated.
BTW:
1. difference between ASA5510 and ASA5520?
2. it's a good idea to use the Juniper VPN instead of ASA5510/20 box?
Thank you
Dengming
Hi Dengming,
See the data sheets for Cisco ASA 5510 and 5520. You will find all the specs of the device and there is a feature to compare devices as well.
See you soon,.
Nash.
Tags: Cisco Security
Similar Questions
-
SonicWALL NSA, using VPN client overall comments to reach network of internal resources
Hello
I have problems performing Global VPN client to work when you connect to our internal network of comments in order to reach our internal LAN Server in order to reach internal resources in a safe manner. I'm not sure what could the settings were necessary in the Sonicwall to achieve?
Our installation is based on the NSA 3600 and I installed a WLAN area in the sonicwall to enable clients to connect to the internet. Traffic in the WLAN area to our internal LAN Server is denied. However, some users would like to be able to use the wireless network in order to achieve internal resources and for that I want to use the Global VPN client. It is even possible to use of an internal network from the point of view Sonicwalls Global VPN client?
The use of the outside Global VPN client works very well
Any help is greatly appreciated and if more detailed configuration information are necessary, I'll happily give you that.
Thank you
Hi Ben,
No I didn't at first, but your answers have would lead me in the right direction, hopefully. I realized that I could create a custom GroupVPN by going to the settings of the interface to the interface that is the war in the Gulf to my wireless network.
return to results
Thank you
Cree
-
Hi all
According to specification of 220 SonicWall NSA could handle a flow rate of 600 Mbps without security options and the only inspection of the firewall.
We have recently acquired a 500 Mbps (up and down) line, so it was time to put this NSA220 to the test. And it has failed.
The maximum through put has 175 top down and tried many things. I also tried by default with https://support.software.dell.com/kb/sw8119 of the instructions on how to get the throughput, but always to the max of 175 Mbps. Again, I disable all security options and their disabled in the configuration of the area.
So I tried the following thing:
Put my computer in connection to a laptop and start the transfer a SMB file. The result is a speed of 900 Mbit/sec.
Put my computer on the local network of the SonicWall and the laptop on the Wan and tried again the transfer of the laptop (WAN) to the computer (LAN). Result: 175 Mbit/max.
What am I missing or doing wrong?
Please refer to the post
http://en.community.Dell.com/TechCenter/security/network-mobile-email/f/4904/p/19610851/20825216#20825216I have provided an explanation on a similar question it.
-
Hello I need know if possible to install SSL from comodo or symantec. I have a sonicwall NSA 220.
thnks for help.
Install an SSL certificate. Yes, it is possible. By submitting the CSR make sure you select SSL/Apache for the creation of the certificate.
-
PIX 501 and VPN Linksys router (WRV200)
I inherited a work where we have a Cisco PIX 501 firewall to a single site and Linksys WRV200 Router VPN on two other
sites. Asked me to connect these routers Linksys firewall PIX via the VPN.
According to me, the Linksys vpn routers can only connect via IPSec VPN, I'm looking for help on the configuration of the PIX 501 for the linksys to connect with the following, if possible.
Key exchange method: Auto (IKE)
Encryption: Auto, 3DES, AES128, AES192, AES256
Authentication: MD5
Pre Shared Key: xxx
PFS: Enabled
Life ISAKMP key: 28800
Life of key IPSec: 3600
The pix, I installed MDP and I tried to use the VPN wizard without result.
I chose the following settings when you make the VPN Wizard:
Type of VPN: remote VPN access
Interface: outside
Type of Client VPN device used: Cisco VPN Client
(can choose customer of Cisco VPN 3000, MS Windows Client by using the client MS Windows using L2TP, PPTP)
VPN clients group
Name of Group: RabyEstates
Pre Shared Key: rabytest
Scope of the Client authentication: disabled
Address pool
Name of the cluster: VPN - LAN
Starter course: 192.168.2.200
End of row: 192.168.2.250
Domain DNS/WINS/by default: no
IKE policy
Encryption: 3DES
Authentication: MD5
Diffie-Hellman group: Group 2 (1024 bits)
Transform set
Encryption: 3DES
Authentication: MD5
I have attached the log of the VPN Linksys router VPN.
This is the first time that I have ever worked with PIX so I'm still trying to figure the thing to, but I'm confident with the CCNA level network.
Thanks for your help!
Hello
Everything looks fine for me, try to have a computer in every network and ping between them. Check the newspapers/debug and fix them.
Let me know.
See you soon,.
Daniel
-
ASA5510 must add 25 peer SSL VPN Licenses, NM found link in this message
I just got my new ASA5510 and also an authorization key product for "ASA 5500 VPN 25 SSL peers License ', but I can't for the life of figure me out how to install these licenses. I tried to enter the key provided, but when I do the ASA returns an error "type 4 or 5 Tuple Activation-Key."
Is there a place on the Cisco site, where I 'activate' this key for a licence to be installable on the SAA?
https://Tools.Cisco.com/swift/licensing/PrivateRegistrationServlet
Thank you
Rick
Once you put your code PAK page you mentioned, it will ask you to verify the end-user and your contact information. At the end of the process (step 4), you will receive an email with the activation key. Then just enter it on the SAA by using the command of activation key (detailed instructions will be present in the mail as well on how to do this).
Please rate if useful.
Concerning
Farrukh
-
SonicWALL NSA 3600 6.2.2.1 - 14n and Sonicwall Mobile Connect for MAC DNS problems
Hello
I wonder if anyone has seen this problem. I just upgraded my NSA3600 to version 6.2.0 to 6.2.2.1 - 14n and now none of my MAC OS x clients that use the Sonicwal Mobile Connect application has no DNS. You can test by IP and use NSLOOKUP to find the records dns, but if you try to ping or access what either by its name it does not work.
Everything worked perfectly before the upgrade to 6.2.2.1
Thank you for this information, but it was not useful in this case because everything worked until I upgraded from 6.2.0 to 6.2.2.
I just got got off the phone with Sonicwall support and there is a bug in the 6.2.2.1 - 14n and they gave me with a firmware fix. version 6.2.2.1 - 14n-HF156864-1n and everything is in working order.
-
We are currently using bandwidth management and we have a few rules for BWM. Just, we have improved our pipe. My question is can I go to the WAN interface and change the input/output of the new limit and the rules I have (most are one percent) will be adjusted accordingly? Also is there any failure by changing the entry/exit?
Thanks in advance for your help.
If your rules are percentage then adjusting interface WAN is all that should be necessary. It will not have any what failures nor does not require a reboot.
Kevin
-
The captain El VPN Internet routing
I was able to set up a virtual private network and can connect to it. But can not get external ip addresses.
At one point, I was able to connect to outside the VPN network. I could check my IP to show that I was on my VPN network when I was somewhere else. I don't know why, but at some point it stopped working. The only thing I did at one point was to reboot the machine, but I don't think he was.
I've followed this how-to:
https://macminicolo.net/blog/files/setup-a-VPN-server-with-El-Capitan-Server%20. HTML
Redirection of DNS servers are on 10.0.1.1, 127.0.0.1
The VPN DNS is set to 10.0.0.1
After that stuff stopped working, I ran the script:
bash <(curl -Ls http://git.io/1UlbJQ)But that just copy my entires I made by hand, so I deleted everything that has been redone.
I'm guessing there is something I am missing, or if there is a way for me to check if the routing is or is not happing maybe that would have me idea in how to get this back on track.
Yes on the client, I send all traffic over VPN set. When you use the VPN, I can not access google.com.
Nslookup works
Ping does not work with external areas, also if I ping IP that it doesn't.
The last time I saw a similar problem here report in these forums it was down the routing tables, as explained below.
- You have all the traffic of customers being forced to go through the VPN to the office network, I can tell that you are able to communicate with devices on your corporate network
- However, you can not contacted devices on the Internet once connected via VPN
It's probably to the fact that your office network is a network firewall on that or Internet router and one of them is the default gateway Internet for your corporate network. So the traffic will go since your Mac client via VPN on the office network, on office of firewall/router network, via the firewall/router to Internet, via Internet on the remote site, then back across the Internet to your router/firewall, then... get lost because your router/firewall knows where to send it to reach your remote Mac VPN client is not on the network of the company.
What you need to do is add a "static route" tell your firewall/router that all traffic destined to go to the network that you have defined for VPN clients should be "routed" via the VPN Mac server LAN IP address.
Note: According to the guidelines of Apple VPN clients must be on a beach in separate to your LAN network, so if your LAN is 10.0.1.x/255.255.255.0 then your range of VPN client should perhaps 10.0.2.x/255.255.255.0
-
Wireless and VPN RV042 router WRT54G
Respected member, please help if you can! I have an ADSL with dynamic connected with the wrt54g router, I recently bought RV042 and want to connect the wire coming from wireless with ports. so, basically, I want to use RV042VPN for help after the router, is there a way I can use vpn behind with port using RV042 router wireless
I can't be able to connect to the vpn as he seeks is not an ip or WAN/LAN.
It may be possible if you're lucky. But I highly recommend not to connect the RV042 after the WRT. A VPN server must always have a public IP address. Running a VPN server behind a router NAT (such as WRT) makes it extremely difficult and often it won't work at all. Connect the RV042 directly to your modem, configure it to your internet connection. In this way the RV042 has the public IP and VPN should become much easier. Then implement the WRT as simple access point in your network by changing the address LAN IP of 192.168.1.1 to 192.168.1.2, disable the DHCP server, and connect a LAN port of the WRT on a LAN on the RV042 port.
-
Configuration of CISCO VPN (WRVS4400N) router
Dear,
Please help me to setup VPN connection,
Headquarters: firewall fortigate-200B - SSL, IPsec
Branch: WRVS4400N Wireless-N Gigabit Security Router with VPN
The two sides have the public IP address
Wrong forum, post in the 'small business routers. You can move your ad using the Panel on the right actions.
-
Hello
I currently have a RV042G in my company. It works fine, but I was looking for a solution that would allow me to use VPN so that I can tunnel inside and then again connect to the internet via the tunnel. I want to have a way secure to connect to internet from my laptop while I am travelling and prefer to build my own VPN and do it myself.
If I understand correctly, the RV042G does not allow this and it only access to the local network via the tunnel. What would be the next router allowing him to fill this purpose?
Thank you!
Hi rodman
These devices work fine, you can also use third-party software not only software from Cisco to use the VPN features. On subscriptions, IAPH supports more special features such link Protect and IP addresses and you can have and buy a subscription in order to add these features to your device, however, if Don t you want what they you don t have to buy.
Cisco provide one of the best support, it has plenty of support, it is possible via chat, email or telephone, it also provide assistance free of charge for the users of this forum if you don t buy a warranty
I hope you find this answer useful,
* Please answer question mark or note the fact other users can benefit from the TI *.
Greetings,
Johnnatan Rodriguez Miranda.
Support of Cisco network engineer.
-
Hello
We had the following problem:
One of our customers is connected through the VPN Client software. Our counterpart is a hub. We use IP addresses in the range of 172.28.0.0 to 172.32.255.255.
The client uses IPs 172.16.0.0/13.
When the customer uses the tunnel a connection to a host in our net 172.16.x.x is possible. A connection to a host 172.32.x.x is not possible.
172.16.x.x ping is shown in the log file of my firewall (where all packages should travel through). A ping to 172.32.x.x do not reache the firewall.
Thanks in advance.
Deleted lines of the PIX configuration intellectual property Audit.
Apply the following command
web_access of access list 1 line allow icmp a whole
in_to_out of access list 1 line allow icmp a whole
-
ASA VPN server and vpn client router 871
Hi all
I have ASA 5510 as simple VPN server and 871 router as simple VPN client. I want to have the user ID and permanent password on 871 and not to re - enter username and password since 871 uses dynamic IP address and every time I have to ' cry ipsec client ezvpn xauth "and type user name and password.
any suggestions would be much appreciated.
Thank you
Alex
Do "crypto ipsec client ezvpn show ' on 871, does say:
...
Save password: refused
...
ezVPN server dictates the client if it can automatically connect with saved password.
Set "enable password storage" under the group policy on the ASA.
Kind regards
Roman
-
Question card crypto for VPN gateway router
I'm moving my VPN environment at 2811 routers. I move a seller more tomorrow which has two sources who need to connect to each of our IPs, those inside the IPs are NAT had real IPS at the firewall behind the router. I know I'll find out tomorrow, but thought I would see if anyone see a problem with this ACL that is used for the encryption card, is there a problem with multiple sources (50.50.50.1 et.2 in file) connection to the same destinations? The IP addresses in this file are not real output IPs. Thank you.
If I understand you correctly, no it should not be a problem at all. Each entry in your crypto ACLs card will create a separate IPSEC security association pair and there is no overlap.
Let me know if I misunderstood your question.
Jon
Maybe you are looking for
-
How can I stop poping survays upward every time I connect
whenever I login I get an investigation into any site I go to how do I stop these
-
System preferences will not be locked OS 10.7.5
The Energy saver system preference is not locked. I have to reset each time I start up
-
How can I get rid of the ads and pop ups?
I have a lot of intrusive interference of pop ups sites and ads.
-
Equium P300-16 t does not start
Hi guys,. I have a 2 years old P300-16 t.I spent yesterday morning, and he did not begin loading windows. The Toshiba logo came, and then white screen, but I can see that the LCD is on. After a few minutes, the fan is fixed, but nothing else happens.
-
Need help here, I have a sharp ar6518 printer/scanner/copier. I can't find anything for Mac installation. can anyone help If it is not compatible with Mac, is there a way to make it work? Thank you very much