Log each ASA connection and router

Hello

I have a Cisco ASA 5520 and a Cisco 3825 router in my network. I want to log every connection to these devices. There are a few users who have different levels of access to these devices in n/w. I would like to connect all these users and what they actually change and to implement in the devices. Is this possible using a RADIUS server or any other method pls. I also have access to reading / writing to these devices. Thank you very much

You can do it too.

You can use auth-proxy (router) passage proxy (ASA) to have the user to authenticate to the connections he and do accounting of GBA. But I don't think you need to do this for all connections, for those who require the intervention of the user.

Let us know if that answers the question.

PK

Tags: Cisco Security

Similar Questions

  • Site to Site between ASA VPN connection and router 2800

    I'm trying to get a L2L VPN working between a ASA code 8.4 and a 2800 on 12.4.

    I first saw the following errors in the debug logs on the side of the ASA:

    Error message % PIX | ASA-6-713219: KEY-GAIN message queues to deal with when
    ITS P1 is complete.

    I see the following on the end of 2800:

    ISAKMP: (0): treatment charge useful vendor id
    ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 157
    ISAKMP: (0): provider ID is NAT - T v3
    ISAKMP: (0): treatment charge useful vendor id
    ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 69
    ISAKMP (0): provider ID is NAT - T RFC 3947
    ISAKMP: (0): treatment charge useful vendor id
    ISAKMP: (0): treatment of frag vendor id IKE payload
    ISAKMP: (0): IKE Fragmentation support not enabled
    ISAKMP: (0): entry = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
    ISAKMP: (0): former State = new State IKE_R_MM1 = IKE_R_MM1

    ISAKMP: (0): built NAT - T of the seller-rfc3947 ID
    ISAKMP: (0): send package to x.x.x.x my_port 500 peer_po0 (R) MM_SA_SETUP
    ISAKMP: (0): sending a packet IPv4 IKE.
    ISAKMP: (0): entry = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
    ISAKMP: (0): former State = new State IKE_R_MM1 = IKE_R_MM2

    ISAKMP (0): packet received from x.x.x.x dport 500 sports global (R)

    MM_SA_SETUP
    ISAKMP: (0): entry = IKE_MESG_FROM_PEER, IKE_MM_EXCH
    ISAKMP: (0): former State = new State IKE_R_MM2 = IKE_R_MM3

    ISAKMP: (0): processing KE payload. Message ID = 0
    ISAKMP: (0): processing NONCE payload. Message ID = 0
    ISAKMP: (0): found peer pre-shared key x.x.x.x corresponding
    ISAKMP: (2345): treatment charge useful vendor id
    ISAKMP: (2345): provider ID is the unit
    ISAKMP: (2345): treatment charge useful vendor id
    ISAKMP: (2345): provider ID seems the unit/DPD but major incompatibility of 54
    ISAKMP: (2345): provider ID is XAUTH
    ISAKMP: (2345): treatment charge useful vendor id
    ISAKMP: (2345): addressing another box of IOS!
    ISAKMP: (2345): treatment charge useful vendor id
    ISAKMP: (2345): vendor ID seems the unit/DPD but hash mismatch
    ISAKMP: receives the payload type 20
    ISAKMP (2345): sound not hash no match - this node outside NAT
    ISAKMP: receives the payload type 20
    ISAKMP (2345): no NAT found for oneself or peer
    ISAKMP: (2345): entry = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
    ISAKMP: (2345): former State = new State IKE_R_MM3 = IKE_R_MM3

    ISAKMP: (2345): sending package x.x.x.x my_port Exchange 500 500 (R)

    MM_KEY_EXCH

    ----------

    This is part of the configuration of the ASA:

    network of the ABCD object
    10.20.30.0 subnet 255.255.255.0
     
    network of the ABCD-Net object
    172.16.10.0 subnet 255.255.255.0
     
    cry-map-77-ip object-group XXXX object abc-site_Network allowed extended access list
     
    access list abc-site extended permitted ip object-group XXXX object abc-site_Network
     
    ip access list of abc-site allowed extended object abc-site_Network object-group XXXX-60
     
    NAT (any, any) static source 20 XXXX XXXX-20 destination static abc-site_Network abc-site_Network
     
    NAT (any, any) static source 20 XXXX XXXX-20 destination static abc-site_Network abc-site_Network
     
    XXXX-20
     
    object-group network XXXX-20
    ABCD-Net network object
    object-abcd-Int-Net Group
     
    XXXX_127
     
    object-group network XXXX-20
    ABCD-Net network object
    object-abcd-Int-Net Group
     
    ip access list of abc-site allowed extended object abc-site_Network object-group XXXX-60
     
     
    Crypto card off-map-44 11 match address cry-map-77
    card crypto out-map-44 11 counterpart set 62.73.52.xxx
    card crypto out-map-44 11 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

    cry-map-77-ip object-group XXXX object abc-site_Network allowed extended access list

    Crypto card off-map-44 11 match address cry-map-77
    card crypto out-map-44 11 counterpart set 62.73.52.xxx
    card crypto out-map-44 11 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

    card crypto out-map-44 11 set transform-set ESP-3DES-SHA ikev1

    object-group network XXXX
    ABCD-Net network object
    object-abcd-Int-Net Group

    ------------------------

    Here is a part of the 2800:

    !
    crypto ISAKMP policy 1
    BA 3des
    preshared authentication
    Group 2
    ISAKMP crypto key r2374923 address 72.15.21.xxx
    !
    !
    Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
    !
    card crypto cry-map-1 1 ipsec-isakmp
    the value of 72.15.21.xxx peer
    game of transformation-ESP-3DES-SHA
    match address VPN
    !
    type of class-card inspect match class-map-vpn
    game group-access 100
    type of class-card inspect cm-inspect-1 correspondence
    group-access name inside-out game
    type of class-card inspect correspondence cm-inspect-2
    match the name of group-access outside
    !
    !
    type of policy-card inspect policy-map-inspect
    class type inspect cm-inspect-1
    inspect
    class class by default
    drop
     
    type of policy-card inspect policy-map-inspect-2
    class type inspect class-map-vpn
    inspect
    class type inspect cm-inspect-2
    class class by default
    drop
    !

    !
    interface FastEthernet0
    IP address 74.25.89.xxx 255.255.255.252
    NAT outside IP
    IP virtual-reassembly
    security of the outside Member area
    automatic duplex
    automatic speed
    crypto cry-card-1 card
    !
    interface FastEthernet1
    no ip address
    Shutdown
    automatic duplex
    automatic speed
    !
    IP nat inside source overload map route route-map-1 interface FastEthernet0
    !
    IP access-list extended inside-out
    IP 172.16.10.0 allow 0.0.0.255 any
    IP nat - acl extended access list
    deny ip 192.168.0.0 0.0.255.255 172.16.10.0 0.0.0.255
    deny ip 10.200.0.0 0.0.255.255 172.16.10.0 0.0.0.255
    deny ip 192.168.0.0 0.0.255.255 172.16.10.0 0.0.0.255
    deny ip 0.0.255.255 28.20.14.xxx.0.0 172.16.10.0 0.0.0.255
    refuse the 10.10.10.0 ip 0.0.0.255 172.16.10.0 0.0.0.255
    refuse the 172.16.10.0 ip 0.0.0.255 192.168.0.0 0.0.255.255
    refuse the 172.16.10.0 ip 0.0.0.255 10.200.0.0 0.0.255.255
    refuse the 172.16.10.0 ip 0.0.0.255 192.168.0.0 0.0.255.255
    refuse the 172.16.10.0 ip 0.0.0.255 28.20.14.xxx.0.0 0.0.255.255
    refuse the 172.16.10.0 ip 0.0.0.255 10.10.10.0 0.0.0.255
    allow an ip
    outside extended IP access list
    allow an ip
    list of IP - VPN access scope
    IP 172.16.10.0 allow 0.0.0.255 192.168.0.0 0.0.255.255
    IP 172.16.10.0 allow 0.0.0.255 10.200.0.0 0.0.255.255
    IP 172.16.10.0 allow 0.0.0.255 192.168.0.0 0.0.255.255
    IP 172.16.10.0 allow 0.0.0.255 28.20.14.xxx.0.0 0.0.255.255
    IP 172.16.10.0 allow 0.0.0.255 10.10.10.0 0.0.0.255
    IP 192.168.0.0 allow 0.0.255.255 172.16.10.0 0.0.0.255
    IP 10.200.0.0 allow 0.0.255.255 172.16.10.0 0.0.0.255
    IP 192.168.0.0 allow 0.0.255.255 172.16.10.0 0.0.0.255
    28.20.14.xxx.0.0 0.0.255.255 ip permit 172.16.10.0 0.0.0.255
    ip licensing 10.10.10.0 0.0.0.255 172.16.10.0 0.0.0.255

    access-list 23 allow 192.168.0.0 0.0.255.255
    access-list 23 allow 10.200.0.0 0.0.255.255
    access-list 23 allow 172.16.10.0 0.0.0.255
    access-list 123 note category class-map-LCA-4 = 0
    access-list 123 allow ip 192.168.0.0 0.0.255.255 172.16.10.0 0.0.0.255
    access-list 123 allow ip 10.200.0.0 0.0.255.255 172.16.10.0 0.0.0.255
    access-list 123 allow ip 192.168.0.0 0.0.255.255 172.16.10.0 0.0.0.255
    access-list 123 allow ip 0.0.255.255 28.20.14.xxx.0.0 172.16.10.0 0.0.0.255
    access-list 123 allow ip 10.10.10.0 0.0.0.255 172.16.10.0 0.0.0.255
    access-list 123 allow ip 172.16.10.0 0.0.0.255 192.168.0.0 0.0.255.255
    access-list 123 allow ip 172.16.10.0 0.0.0.255 10.200.0.0 0.0.255.255
    access-list 123 allow ip 172.16.10.0 0.0.0.255 192.168.0.0 0.0.255.255
    access-list 123 allow ip 172.16.10.0 0.0.0.255 28.20.14.xxx.0.0 0.0.255.255
    access-list 123 allow ip 172.16.10.0 0.0.0.255 10.10.10.0 0.0.0.255
    !
    !
    !

    !
    route-map-1 allowed route map 1
    match the IP nat - acl
    !

    Hello

    I quickly browsed your config and I could notice is

    your game of transformation (iskamp) on SAA and router are not the same, try to configure the same on both sides.

    in the statement of the ASA NAT you gave (any, any) try to give the name of the interface instead of a whole.

  • Intermittent connections and router suggestions

    Hi all.

    I have problems with my connections sporadically connect and disconnect each time I turn on my Playstation 3. I have all ports forwarded and to be, but I'll always have these problems.

    Here is my current setup:

    Router WRT54G

    Wireless:

    2 notebooks, 1 pc, Nintendo wii and a Nintendo DS to occaisonally

    Wired:

    1 PC, 1 Xbox 360, 1 Playstation 3

    I even put my PS3 on a demilitarized zone and it did not help.

    What should I do to stop the disconnect, and if it requires a better router, which would you recommend?

    Reduce the MTU

    Connect to http://192.168.1.1

    Leave the user name and password - admin

    Change MTU - Manual

    Change the size of 1365

    Click on save settings.

  • Issue of ASA NAT and routing

    Hello

    I have a question about NAT and routing on the SAA. I'm relatively new to ASA and don't know if it works or not. I have a pool of public IP (209.x.x.x/28) that routes my ISP to the external interface of my ASA. IP was assigned address for the outside of the ASA is an address of 206.x.x.2/24 with a default GW of 206.x.x.1. I intend using NAT to allow my web/mail servers on the DMZ (192.168.x.x) use 209.x.x.x addresses. However, I do know how to make it work since I'm not arping on any interface for 209.x.x.x addresses as they will be sent to the 206.x.x.2 address by the ISP. Can I just set up a translation NAT (on the external interface?) of the 209.x.x.x on 192.168.x.x address and the ASA will figure it out?

    Thanks for the help.

    Todd

    The ASa will figure it out, he will answer ARP queries for all that he has set up in a "static" command As long as th PSIA routes 209.x.x.x directly to the ASA addresses then it should all work fine.

    You just need to add lines like the following:

    static (dmz, external) 209.x.x.x netmask 255.255.255.255 192.168.x.x

    for each of your internal servers in the DMZ. Then an access-list to allow only HTTP/SMTP/etc through these addresses 209.x.x.x.

    list of allowed inbound tcp access any host 209.x.x.x eq smtp

    list of allowed inbound tcp access any host 209.y.y.y eq http

    Access-group interface incoming outside

  • Between asa 5510 and router VPN

    Hello

    I configured ASA 5510 to vpn LAN to LAN with router 17 857. and between the routers.

    between vpn routers works very well.

    from the local network behind the ASA I can ping the computers behind routers.

    but computers behind routers, I cannot ping PSC behind ASA.

    I have configured the remote access with vpn cisco 4.X client, it works well with routers, but cannot work with asa.

    the asa is connected to the wan via zoom router (adsl)

    Are you telnet in the firewall?

    Follow these steps to display the debug output:

    monitor terminal

    farm forestry monitor 7 (type this config mode)

    Otherwise if its console, do "logging console 7'.

    can do

    Debug crypto ISAKMP

    Debug crypto ipsec

    and then generate a ping from one device to the back of the ASA having 192.168.200.0 address towards one of the VPN subnets... and then paste the result here

    Concerning

    Farrukh

  • Firewall PIX to connect to router - link light not on

    I'm trying to connect the PIX501 firewall to our router (router PortMaster) to test the external connection but light not on port 0.

    I used the crossover cable (also try normal cable), also to reboot the router. After the reboot, the light becomes on for a very short time (10 or 20 seconds) and then turned off and never more.

    Anyone know what happened? Any suggestions are welcome.

    See you soon

    Are the PIX or router interfaces to close? If this isn't the case, which are then they fixed on duplex speed? If it has a value of 10, the other 100, they won't come to the top.

    If they do not resolve, try another device on each port (501 and router) to check the status.

  • Wireless devices cannot connect to each other using the router EA6900

    I use the 2.4 Ghz network and none of my wireless devices are able to communicate with each other...  I could not connect to a wireless printer to my laptop wireless (through the router) and thought it was unusual.  I tried ping does not work either.  I then plugged a cable ethernet to the laptop and could ping the printer wireless without a problem.   I tried other devices (wired and wireless connections) and it seems that no wireless device can ping any other wireless device.  If, however, one of the devices is connected, it works fine...  All wireless devices to connect to the router and internet without problem... It's just when they try to communicate with each other.  I have experimented with the desktop using the ethernet adapter, then the wireless adapter... same results.  My wireless using my previous router devices could communicate with each other.  It's almost as if this device has insulated AP running if this so-called it doesn't support that.

    Customer service said: I'm the only one with this problem.  Does anyone else have this problem?

    I have an ea6900 and it works fine for me. Sounds almost like you are connected to the guest network which would be sort of this way. Did you do a power reset? It has never worked? Try to remove the power and back to see if it clears up it.

  • When I turn on my PC and before opening of session (before entering password and log in) internet connection exists?

    When I turn on my PC and before opening of session (before entering password and log in) internet connection exists?

    Yes.  The network stack is active as soon as Windows is running.  You can prove this by yourself, if you wish, if you can review your summary router network.  It should show the PC in question as being active.

  • Wireless connection unavailable on laptop, but shows all ok on pc and router

    I was at Midway through a conversation today on msn when my wireless connection (on my laptop) disappeared. I checked my pc and everything seems ok, here, my netgear router shows that everything is fine. When I click on 'Find a wireless network' his party! I can access the net very well by plugging it but as soon as I go wireless, I still lost.

    Tried to connect manually - says network with that name already there
    Tried to re start all
    All cables checked

    It's a laptop Toshiba L300
    Virgin cable broadband
    Router NETGEAR Wireless

    everything works fine as long as I'm using the cables.

    I only had my laptop and router wireless for a month.

    Please any other ideas what to do, I really need to be wireless for work as soon as possible

    Hello severina_falls,

    Thanks for posting on the Microsoft answers Community Forum.

    I have some suggestions for you to see if we can provide you with your wireless connection.

    (1) check that the WiFi switch is on on the front panel of your laptop. It is a quick check
    (2) Recycle the router wireless on and outside. Wait at least one minute, then turn it back on. Retest with your wireless network.
    (3) are getting you the error messages in the case where connects to deal with your wireless connection?
    To join the event logs: click on the Start button, right-click computer, click on manage.
    If you receive a notification of user account control , simply click on continue.
    Double-click Event Viewer. Study summary of the the event logs for errors dealing with wireless.
    (4) use System Restore to get your iIf wireless upward and running, you have a System Restore Point that was before starting the problem with your wireless network.
    Use the following KB to get the procedure on the system restore.
    936212 KB - how to repair the operating system and how to restore the configuration of the operating system to an earlier point in time in Windows Vista
    http://support.Microsoft.com/kb/936212

    If please post again and let us know if it helped to solve your problem or if you need further assistance.

    Sincerely, Marilyn
    Microsoft Answers Support Engineer
    Visit our Microsoft answers feedback Forum and let us know what you think.

  • Second ASA connects to the router

    I had another thread going, but when I passed my current blocking upward, I marked the thread as answered, so I didn't know if I should start a new one or continue on...

    I tried to go through this troubleshooting doc, but I still can't understand it.

    By turning on debugging for the 2811, I do see something.

    See debugging

    Encryption subsystem:
    Crypto ISAKMP debug is on
    Crypto ISAKMP debug error is on
    Crypto IPSEC debugging is on
    Crypto IPSEC error debugging is on

    #show crypto session
    Current state of the session crypto

    Interface: FastEthernet0/1
    The session state: UP-ACTIVE
    Peer: port of 108.x.x.x 500
    IKE SA: local 64.x.x.x/500 remote 108.x.x.x/500 Active
    FLOW IPSEC: allowed ip 192.168.26.0/255.255.255.0 192.168.27.0/255.255.255.0
    Active sAs: 0, origin: card crypto
    FLOW IPSEC: allowed ip 10.130.15.0/255.255.255.0 192.168.27.0/255.255.255.0
    Active sAs: 0, origin: card crypto
    FLOW IPSEC: allowed ip 10.131.16.0/255.255.255.0 192.168.27.0/255.255.255.0
    Active sAs: 2, origin: card crypto
    FLOW IPSEC: allowed ip 172.20.15.0/255.255.255.0 192.168.27.0/255.255.255.0
    Active sAs: 0, origin: card crypto
    FLOW IPSEC: allowed ip 172.21.16.0/255.255.255.0 192.168.27.0/255.255.255.0
    Active sAs: 0, origin: card crypto
    FLOW IPSEC: allowed ip 10.21.0.0/255.255.255.0 192.168.27.0/255.255.255.0
    Active sAs: 2, origin: card crypto
    FLOW IPSEC: allowed ip 10.30.18.0/255.255.255.0 192.168.27.0/255.255.255.0
    Active sAs: 2, origin: card crypto

    Interface: FastEthernet0/1
    The session state: UP-ACTIVE
    Peer: port of 99.x.x.x 500
    IKE SA: local 64.x.x.x/500 remote 99.x.x.x/500 Active
    FLOW IPSEC: allowed ip 192.168.27.0/255.255.255.0 192.168.26.0/255.255.255.0
    Active sAs: 0, origin: card crypto
    FLOW IPSEC: allowed ip 10.130.15.0/255.255.255.0 192.168.26.0/255.255.255.0
    Active sAs: 0, origin: card crypto
    FLOW IPSEC: allowed ip 10.131.16.0/255.255.255.0 192.168.26.0/255.255.255.0
    Active sAs: 2, origin: card crypto
    FLOW IPSEC: allowed ip 172.20.15.0/255.255.255.0 192.168.26.0/255.255.255.0
    Active sAs: 0, origin: card crypto
    FLOW IPSEC: allowed ip 172.21.16.0/255.255.255.0 192.168.26.0/255.255.255.0
    Active sAs: 0, origin: card crypto
    FLOW IPSEC: allowed ip 10.21.0.0/255.255.255.0 192.168.26.0/255.255.255.0
    Active sAs: 2, origin: card crypto
    FLOW IPSEC: allowed ip 10.30.18.0/255.255.255.0 192.168.26.0/255.255.255.0
    Active sAs: 2, origin: card crypto

    Cryptography of show, for me, it seems that it works, but 192.168.27.x is not accessible.

    The ASA original is still connected, I can post more details/config is necessary.

    The original thread is below...

    https://supportforums.Cisco.com/thread/2167470?TSTART=0

    (1) your last ping test does not work when you ping from the ASA. You should test from an internal PC which is part of the definition of encryption.

    (2) in the "crypto ipsec to show his ' you see that this ASA revenue traffic, but nothing deciphered. So most likely the other end of the tunnel does not send anything back.

    How to get:

    Show us the real Crypto - and routing-config of the IPSec peer.

    --
    Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
    http://www.Kiva.org/invitedBy/karsteni

  • When I go on a site that requires a connection and automatically logged, I always get invited by the Office security software for master password. New w/Firefox 24.

    If I go to a Web site that requires a login and a password, and I have it configured to automatically sign in, I am automatically logged (he remembers username and password for this site), but the command prompt of the security apparatus of software for my master password appears. I can cancel the prompt and it goes, but it should not appear because I am already connected. This problem started to happen after I downloaded Firefox 24 yesterday.

    Start Firefox in Safe Mode to check if one of the extensions (Firefox/Firefox/tools > Modules > Extensions) or if hardware acceleration is the cause of the problem (switch to the DEFAULT theme: Firefox/Firefox/tools > Modules > appearance).

    • Do NOT click on the reset button on the startup window Mode without failure.

    Note that Firefox Sync also need to enter the master password.

  • Ink advantage 2545: changed the name of the wireless router and now ink advantage 2545 does not connect and I'm out of ideas

    I have a Toshiba laptop 64 bit running Windows 10 Home, 8 GB, 1 t hard drive.

    Router is a Samsung phone using Android because it was the only router that I could find which would take the wireless signal.

    I live very pastoral, no neighbours for miles, so I never saw the need for a password on my router.

    Now, some people are installs in less than 400 feet from me, and I think they're piggybacking on my Wifi because my access speed has slowed considerably since they moved in.

    So I decided to change the password of the router, unfortunately, I can not put in any password I want.  It gives me the opportunity to have a predefined password.  So I changed the name of the router I could do without problem.

    My computer very quickly without any problem, however, my printer which worked great for a year with the old router name does not connect on the new name of the router.

    Here is what I tried:

    I had hoped he would ask me for a new name / password, but it did not.

    Then I plugged a cable between the printer and the laptop in the hopes that it would produce a different kind of results.  It has not changed anything.  There is no screen menu on what that be like this on the printer.

    I pressed the wireless button that has the flashing blue light and nothing happened.

    I pressed the button, don't know what it is, but it has a white light, and nothing happened.

    I went on the HP site and followed the instructions but he just said do not connect the cable until told to do so.  So I disconnected everything, lights out and turned back on and still no connection and no invite to plug whatever it is.

    Y at - it everywhere where I have being a novice could get instructions on how to get this working?

    I appreciate any help you can give me.  Thank you.

    Hello

    I think you are talking about SSID. Please, think of it as a new router and use the following ways to correct:

    http://www.HP.com/global/au/en/wireless/reconfiguring-system-Help3.html

    Kind regards.

  • Cannot access Internet even if the router USB adapter Wireless G made the connection and

    Hello, I recently bought a Wireless-G USB Network Adapter with SpeedBooster model WUSB54GSC to go with my Wireless-G Broadband Router model WRT54G2 and I can't access the internet.  The laptop tells me I am connected and that force is Excellent, but when I open my browser, I can't access any site at all. When I try to add the laptop to my network magic on my computer, it tells me that it cannot connect with the laptop.  My Nintendo Wii and Itouch work perfectly with the router so I think it's my browser settings, but I can't understand it.  Thank you!

    Hey, thanks for trying to help out.  It turns out that my firewall did not allow the laptop to access the internet.  I made a few adjustments on my firewall settings and it all worked out great.

  • No Wireless Connection and can not only change the router

    I have messed around with my router configuration to try to make my NAt type open and somehow messed up the Internet. I set kind of it and now I can connect to the internet if I connect directly to the router but I can't always have a wireless connection and I also can't change the router setting more? I followed the steps back to get my ip address and it used to be 192.168.1.1, but now his 192.168.1.2 I don't know what I please help.

    Hi estesblake,

    (1) do you get an error message when you try to access wireless internet?

    (2) what is the number of brand and model of your router?

    Follow the steps outlined in the article below to fix the problem of wireless network connection

    Wireless network connection problems in Windows

    http://Windows.Microsoft.com/en-us/Windows/help/wireless-network-connection-problems-in-Windows?T1=tab02

    Regarding router problem check the documentation that came with the device or contact the manufacturer of the device.

  • VPN between ASA and router

    Hi all

    First of all, I would like to say I'm trying to implement this on Packet trace. I would like to set up a VPN using an ASA 5505 and a Cisco router 1841 (both available on Packet trace).

    The devices can ping external IP address on the other.

    The problem is that the VPN is not established. If I run sh crypto control its isakmp on the SAA, he said: there are no SAs IKEv1

    Configurations for both devices are attached.

    No idea why it doesn't work? Sorry if it is not the right forum for this, is the first time I post. I've searched the forums and I checked some of the proposed solutions, but I have not found the answer to my problem :-(

    Thanks in advance,

    Patty

    1. On the router, there is no crypto card. Need in a manner consistent with the SAA.
    2. Your policy of phase 1 is not compatible. They settings must match on both sides (router: 3des, ASA: aes)
    3. You can adjust your NAT on both devices that tunnel traffic does not get teeth. Remember that NAT is made prior to IPsec. If you do not exempt NAT traffic, then it will not match the ACL crypto more after NAT.
    4. Yes, the forum is perfectly fine! ;-)

Maybe you are looking for