I have read the traffic zones documentation a few times before finding this thread. The guide only mentioned not to configure services for interfaces inside the zone. Can we configure services on the zone or NAT VPN traffic to and inside interface? Clients are looking to load balance their ISP connections without having to buy extra gear.
Does anyone have an example configuration for VPN and or SSL VPN using Traffic Zones? I couldn't figure it out how to make it work in version 9.8.
Can an ASA be configured to load balance two or more ISP connections and still terminate a tunnel?
... View more
I'm confused. If I use another interface on the ASA and configure it with a public IP address won't that be a conflict? If I have two interfaces for the same network which one will the ASA use to reach the default route? I didn't think that a router or firewall would let you assign two different interfaces in the same subnet. Are you suggesting getting a second ISP for option 1?
Has anyone tried option 2? I was thinking about an inside VLAN interface for the AnyConnect configuration and configuring a static 1-to-1 NAT for the Public IP address.
... View more
I was having the exact same problem with CME 8.5 and a 7940. Simply rebooting the router fixed the issue. I had not reloaded the router in a very long time and had tried many different configurations on it because it is my lab router. When we make a lot of changes sometimes it is good to reload the system. Thanks for the help everyone.
... View more
Joachim, Are you able to get the 'SCAN' button to work? We understand what it should do but we can't get it to work. I was unable to get the ON100 to work using a Windows 7 x64 PC and UPnP. I did get the ON100 to work using a Macbook Air and Bonjour. The ON100 agent I installed at a customer location is working great! I am still unable to get the OnPlus scan fuction to work from any system. If anyone has a fix for the issue, that would be very helpful. I noticed in another thread that the OnPlus and ON100 are going to be EoL very soon... I hope they find a replacement because the Meraki cloud solution is too pricy for the small business customers that we support. The Meraki MX60 is $495 and the Cisco ON100 is only around $130. It is nice that Cisco will refund the purchase price of the ON100 but a tantamount replacement solution is more desirable.
... View more
I have the most recent updates to all the browsers and plugins as well. I have tried on Windows 7 32bit and 64bit systems in Chrome, Firefox, and IE10 (IE9 compatiblity mode). I also receive the following error on all systems and browsers: "The OnPlus Scanner did not load completely. Either required scanner files may not have loaded or you may not have given permission to run scanner. Please close and re-open the browser. If the problem persists, request assistance click here." I found this forum after I clicked the "click here" link. I am installing the first OnPlus our company sold next week, and was wondering if people are having problems with the units or just the free Java based scanning tool?
... View more
I have the same error when I add the 1602i APs to the map. I tried forcing them by using a lightweight template. Now instead of getting the error type other not supported it says: "Antenna Type Internal unsupported for selected AP". Any other ideas on how to fix this issue?
... View more
To solve this port forward issue I would first setup an access list for the port ranges I want. access-list 100 permit udp any any range 4000 4200 access-list 100 permit tcp any any range 4000 4200 access-list 100 permit tcp any any 14000 14200 access-list 100 permit udp any any 14000 14200 Next I would make a nat pool for the IP address I want to forward the ports too like this: ip nat pool PORTFORWARD 192.168.1.3 192.168.1.3 netmask 255.255.255.0 type rotary Finally I would apply the access list: ip nat inside destination list 100 pool PORTFORWARD I don't know if there is an easier way of doing this but this method seems to work well.
... View more
Brandon (NeveSSL37), Thank you for the response. I would like to eventually setup the network using a VPN concentrator and an access server but don't have the required hardware. I use my laptop to watch videos and read books at work. I was using RDP on a computer that connected to the cisco lab but it is not fun switching back and forth between the remote session and the local content. I have an ASUS transformer and the RDP software I have doesn’t work well on it. Having SSH access to a device lets me connect with the laptop or tablet quickly. That way if I am reading a book on the tablet or watching a video on the laptop I can easily access my lab with either device without taking focus away from my study materials. Ricco (Silver Casanova) would you recommend the 2511 access server you are using for a home lab? I would like to have my lab setup as close as possible to a live environment without interfering with my home network. With the hardware you have I like the suggestions that Brandon (NeveSSL37) gave for configuring a home lab.
... View more
I now have the home lab configured for remote access. I missed something that was not configured for the correct IP on one of the firewalls in the initial setup. I'm still using the cheap Netgear router and forwarding the ports I need to access the home lab. This way most any change I make to the cisco lab won't affect the home network. I already have a DMZ setup for something else but maybe putting the Cisco lab equipment in a DMZ would be a good configuration for you Silver?
... View more
I want to configure something similar. Did you ever get your network configured for remote access? I have SSH setup on a layer 3 switch that I added to my home network via an old Netgear wireless router. I am able to connect on the local LAN with SSH or telnet just fine but have had issues connecting remotely. I forwarded port 22 for SSH and could not connect remotely. After opening port 23 on the netgear to connect unsecurely through telnet I had a connection time out error again. I was able to connect to all the other devices behind that same router on various different ports with many different programs. Remoting to a computer connected via conole cable I was able to test the static route and ping various websites and both internal and external IP address without issue. Still unable to connect Any ideas what I could have missed? I don't have a router with two ethernet ports so a layer 3 switch I figured would work as a way to route between the private networks my routers are on and my computers. I was going to configure an access server if I could get the first part up and running. If you are still interested in setting up your home network as you mentioned in your post I will share my findings once I get everything working correctly.
... View more