Going to put down the trusty old PIX 506e and considering replacing it with a SA540. Are there any know VPN configuration 'gotchas' on the SA540 when the IPS assigned WAN address is static pppoe?
Can you check the below on your PC.
Thanks for your reply, Biraja.
On my WS2003 system, Firewall is on and IPSEC is running. This system errors out right away when trying to connect.
On my Vista system, the firewall was off (I had read conflicting documents about whether the firewall should be on or off.) When I re-enable the firewall, I can now get to the stage where it thinks it's connected although the status panel does not tell me if I've been assigned an IP address or not. ipconfig /all doesn't show me anything useful. I cannot RDP to any of the systems on my network either by name or IP address. This Vista system also has a SonicWall VPN client installed on it. I had read that there is a chance it can conflict with the QuickVPN client but I do not know for sure and don't want to upset the settings of the SonicWall client unless I really have to.
Edit: Even though it appears connected, the log shows that it still can't ping the router.
Well, I've wasted enough time on this. It's going back in the box and back to our supplier. An old SonicWall that hangs 2-3 times a week is still infinitely more useful than this piece of non-functional garbage.
Good luck lads. If anyone of you can get thisstupid thing working, you're a better man than I.
Our saga continues with cisco trying to help but things go from bad to worse. Our unit now freezes after 10 to 15 minutes when sitting on the test bench with only a lan cable connected on. Firmware 1.1.36.
Upgraded to firmware 1.1.42 and now the LAN interface won't come up! Perhaps cisco had a bad manufacturing batch, but this product I would not recommend to my most hated enemy
Hi Cisco team,
Can you tell us when will a a real solution be available to connect any king of host (XP,Vista, Seven, Linux, 32/64 b) using VPN ?
In order to get a full security policy we need a real VPN client, getting a IP for each client (dynamic of tath can be fixed).
We have either Microsoft and Linux clients.... any solution ?
Should we stop using such a product ?
I've already wasted 3 days on this nonsense and have given up. My boss is more stubborn, and spent 3 hours on the phone with a tech from the reseller we bought it from, and between them they couldn't get it to work. When I mentioned ot him that the time he wasted working with the thing was worth more than what the router cost, he wasn't very happy. And here it sits. I'm sure it will be boxed up and returned this week, unless the boss needs a new, expensive paperweight.
Still haveing problem with this device ...VPN does not work on Windows 7 64b, no solution for Linux ...
let's send back the device to vendor or do Cisco wish to honor the label ...
Do anyone think work is done on SA5XX
really start to be fade up with this !
Oh GREAT! I just quote a client a bunch of them!
I went through nightmares like this with some linksys voice products and almost took out my Company.
Cisco please speak up here! I've been to 3 Cisco seminars in the last month and they all touted these boxes. I DO NOT want to make a mistake again, just tell us if these are ready for production system or not? I will not beta test production products for Cisco again.
We changed our quote from 5510's to SA 540's for the SSL VPN and the clients were happy with the cost changes, but if you can't deliver 5500's and the SA 500's are not ready for customers, we will have to re-quote with ISR's
Hi Bob, Trust me on this one...there is no way on this earth you're ever going to see these SA540's even get within a whisper of touching the levels on a 5510 with web VPN, even if they're were not the buggy POS's that they are.
I'm going through the same pains...been on many a webinar with the SEs from Cisco talking about how great these SA540s are....but they obviously have to real experience with them. If I were you (and I might as well be, I've been in the exact same boat for a couple of months with some of my clients) I would STRONGLY advise you do not try and use the 540 as a replacement for an ASA....you and you're client will be extremely pissed with the results. If your clients needs are large enough to require a 5510 nothing in the SBM space would be an adiquate substitue anyway.
As a SBM Select reseller of many years I cannot say how DEEPLY disappointed I am in Cisco right now. Between having firewalls on back order for three months, lack of taking ownership of the many problems, and just plain lying about this product, I'm beginning to question how much longer I can recommend them to my client base.
Right now the best (Cisco based) option I could recommend is to replace the units with Cisco IOS routers for your web VPN options. Keep in mind, Cisco has recently changed to a licensing model for WebVPN even on the IOS routers...so you'll want to check out that SKU for your quotes
Our cisco is on the way back with an rma and we are hoping to revert to an asa unit which is what we were originally sourcing.
It does appear that the product is in the early stages and it has some great potential. I agree though that there appear to be too many issues on what it a relatively simple device.
Yes, it certainly is stunning that these were released when nobody in the real world can get them to work.
Anyone know where I can get an ASA 5505? That's what we originally wanted but could not find.
If you find a source share with the class! I've been searching high and low for months with no luck. I have 1 ASA5505-50 user remaining in stock that I'm holding onto as if it were made of gold right now.
- Chad Monteith
We think we might have a workaround for the QuickVPN client issue. It's not very practical and I'd like to see if anyone else can make it go. What we did was, on the external system that you're trying to VPN from, you need to change your gateway address to the LAN address of the router after you have connected via the QuickVPN client.
Last night we decided to try the SSL VPN functionality and we've got that working OK, although I really don't like using Internet Explorer if can avoid it. It's only the QuickVPN client that seems to still have problems.