So, we've been trying to get our network ipv6 compatible and had to upgrade the IOS on our ASA 5510 to 8.4/Little did we know that upgrade to 8.4 would need me to change all out NATs and Access-lists. We have a 1-1 NAT configuration that I need to keep with a bunch of regular rules to different servers (http, ftp, rdp, etc..)
I've been able to change all of that and was able to test it out successfully in our test environment. But, when I moved this to our prod env, the servers aren't able to connect to the internet. I haven't changed any routes - no changes in IP's - just changing the ASA. [code]
We recently purchased a 2112 WLC, running version 6.0.199.4. I have everything running through a single port on the controller, which is connected to a trunk port on our 3750 stack. Our management VLAN is vlan 40, and AP is plugged into another port on the same switch which is an access port in vlan 40. APs appear in the controller ok, receive an IP address, but we aren't able to connect to any of the WLANs and periodically the APs will disassociate with the following messages: [code] I'm not sure if that's related to why we can't connect to the WLANs or not...
Another wrinkle is that if we plug in the AP directly to one of the PoE ports on the controller, it all works perfectly. I'm guessing its something switch-related since the only difference is that we're not going through the switch when it works.
I am in the process of opening an internet cafe. I dont know exactly what a pc server does on the network... or do I really need one? Is the switch/hub sufficent to connect all pcs to the moderm to connect to the internet?
I have a linux(fedora) which i use as a proxy. the proxy then connect to the router. the proxy also serves as my mail server (i use postfix). Problem is, since yesterday i discovered thta i cannot access the internet for any machine connected via the proxy (and any dhcp-assigned machines). As a result, even the webmail is not accessible from any machine.When i tried, i changed some computers so that they connect directly to the router -and they work fine for the internet. Problem is, I am still not able to access webmail.What could be the problem with the proxy.?(NB Postfix is running and http too is running).
Some time ago while of facebook i clicked on a link supposedly forwarded from a friend and some sort of flash player virus file was downloaded to my laptop. I proceeded to run a MAlwarebyte scan of the laptop and deleted the downloaded file.However, since then I've been unable to connect to facebook via Internet Eplorer or Goggle Chrome, and I'm getting the message 'Oops! Internet Explorer.
My pc in the LAN can ping the local server but cannot connect ( cannot browse) it.Others in the LAN can connect it. I can also connect Internet but , not the local server. (when I type \192.168.... on my computer browser , answer " window cannot access \192.168.........)
i'm trying to connect 5 servers together to create a private network.Each server has a network of it's own and i'm trying to make all 5 servers communicate with each other to share and search data simultaneously..
I am running a Linksys Wireless G 2.4 GHz Broadband Router Model WRT54G. I am unable to open any ports. I upgraded to the latest firmware yesterday but still am unable to open any ports. I even turned off my Symantec Internet Security Suite Firewall but still am unable to open any ports.
I've recently migrated a PIX 525 to ASA 5520, but for some reason (through ASA) the users from OUTSIDE aren't able access services published in DMZ as well as some DMZ servers aren't able to communicate to some OUTSIDE services.
-INSIDE to DMZ is working fine. (through ASA)
-INSIDE to OUTSIDE is working fine. (through ASA)
Below is the configuration from my PIX (where everything works just fine) as well as the one on the ASA (where there is a problem), what could be the cause?In the below case the DMZ hosts from 11.1.10.0 aren't able to access SMTP services (through ASA) and the OUTSIDE users aren't able to access DMZ web server (11.1.10.40) through ASA, this all just works fine with PIX.
I recent bought an Asus G74SX-A1. While the machine runs like an absolute dream, it does seem to have a networking problem that I have been attempting to address for about a week. In my college dorm there is an ethernet port that carries an active internet connection. When my laptop is plugged into the port via ethernet, I receive no connection (well mostly no connection, every now and then I will connect for a split second allowing me to load my homepage, Google). This problem also exists on my dorm's WiFi. My LAN card is a RealTek BGE Family Controller (PCIe)
However, on my netbook (an Asus 1000HE, which I am typing this post on) everything is fine. I am quick to blame the retailer who sold me the G74SX seeing as they replaced the stock WiFi card with a Bigfoot Killer 1102 card, and my first assumption is that something was not installed properly during my laptop's assembly or that I simply messed up a driver update. I became quite frustrated with the whole situation and in order to find a quick solution I formatted the laptop back to factory defaults.
Something magical happened.For about a day and a half, my LAN card worked. I packed up my gear this weekend and headed back home, and at my parents' house my WiFi card worked wonderfully.I thought my networking woes were behind me, but this was not the case. When I returned to my dorm this afternoon, my LAN and WiFi cards began experiencing the same problems they experienced before the reformat. A third variable of some interest is that I brought my wireless router back to my dorm in order to utilize a less-crowded private WiFi spot and discovered that it worked fine and I was able to connect to the internet on my iPad using my router. This evening, however, my router decided to stop carrying an internet connection as well. I can connect to the router itself, but I cannot receive an internet connection, even on the netbook.
I have tried uninstalling/updating drivers for both the Bigfoot card and the RealTek card to no avail. My best hypothesis is that the problem lies in some setting that both the G74SX and the D-Link DIR-655 have in common, seeing as they are the only wired components that aren't receiving a connection.
Equipment: D-Link DIR-655, Asus G74SX, Asus EeePC 1000HE
I have a situation where we have a single DMZ server currently statically forwarded to a single public IP. TCP ports 80, 443, 8080, 8500, 53, and 21 are open to this server via an access list.
However, we have added an additional server to the DMZ, and because our web developers did not communicate with me beforehand, we are forced to use the same DNS name (thus, the same piblic IP) for this server. This server only needs traffic on TCP/8800 forwarded to it.
I am using ASDM 6.4 for configuration of this, as I am required to take multiple screen shots of the procedure for our change control policy.
My question lies in the reconfiguration of NAT/ PAT. Since our current server has a single static NAT to a single public IP, it is simply natted for "any" port. I understand that I can add the new server as an object, and only PAT it on TCP 8800, but will I then have to go back and reconfigure the first server multiple times for PAT, or will the ASA notice the specific PAT, and forward 8800 to the new server without affecting the existing "old" server?
It appears ASDM will not allow me to put multiple ports into a single network object. I am assuming I will need to add 6 separate object translations for the "old" server based on TCP port, and 1 object translation for the "new" server, correct?
We have 30 remote workers which we have recently acquired which are being set up with the AnyConnect client to connect to our head end ASA 5510. For security purposes, we have to allow them access to only 3 of our local internal servers, all on our 10.10.X.X/16 subnet. The remotes are being issued a 10.10.50.X/24 address via DHCP on the ASA when connecting. I thought this would be as simple as creating an access list but have not had any luck doing so. In addition, we need to allow them full access to servers in a datacenter connected to our same head end ASA via a site-to-site VPN while they are connected to us using AnyConnect.
We have 30 remote workers which we have recently acquired which are being set up with the AnyConnect client to connect to our head end ASA 5510. For security purposes, we have to allow them access to only 3 of our local internal servers, all on our 10.10.X.X/16 subnet. The remotes are being issued a 10.10.50.X/24 address via DHCP on the ASA when connecting. I thought this would be as simple as creating an access list but have not had any luck doing so. In addition, we need to allow them full access to servers in a datacenter connected to our same head end ASA via a site-to-site VPN while they are connected to us using AnyConnect.
Recently moved into the hardware firewall space and have a ASA 5510. Having some issues trying to get traffic through the box to my 4 dedicated servers. all the servers have static IP's and are connected to a private switch into one of the ethernet ports on the firewall(0/2). Public internet connection into another(0/0). 1 of my servers has a connection to the management port, and the public switch, and this is the one im trying to do the configuration on.
Im unsure what to set the IP address of my "outside" interface as. need to have RDP,FTP, HTTP traffic going to each of the 4 servers independently, pretty sure i can get the rules in place to allow this, but cant seem to get any traffic to go through the firewall to any of the other 3 servers.
What should I do to get the SIP and 8080 port working on my Public IP, likewise just as access from my browse the http://189.xxx.xxx.129:8080 and get through directly to my internal server 10.xx.xx.61 ?
I have successfully installed and configured VPN Client - Version 5.0.07 to connect to ASA 5510 from a remote workstation. Here is the problem, I cannot ping any of the servers or workstations after I successfully connect. I can ping the ASA 5510 using its internal LAN IP, but no other nodes will respond on the remote LAN.
I have a old server that has custom apps developed by a bankrupt company that we can't replace yet. We are being tasked with upgrading the Operating System and security patches, while preserving the existing live server. I was able to accomplish this by virtualizing it, then cloning the virtual machine. Where I got stuck was, the custom app requires a specific host name. So, I got the idea to have the two servers live on different sides of the firewall until the test platform is accepted and the old live one can be retired.
My problem is that I have no experience with configuring a real firewall like this asa5510.
Servers are: CM1 live server CM2 test platform ADS Active Directory and File and Print
[code]....
I've started to carefully poke around in the Cisco ASDM-IDM, but haven't figured out how to access the DMZ from the outside (so far just testing with http as I don't have my certificate to setup https just yet). Am I missing something to get through to the DMZ from the WAN side?
I got the charge of a ASA 5510 running with 8.3(1) version.Found that this is simple config with Patting for inside host and couple of Static Nat for web servers and FTP server as well.
There is lots of other configuration being done,I assume for the purpose of just R&D by the previous administrator.I need to understand if the following Nat statements holding any relevance?
Where we are running Only NETWORK_OBJ_192.168.0.0/23 subnet at inside and there is no other subnet defined in rest of the statements.i.e 10.0.0.0/27 and 192.168.1.128/27 doesn't exist at all.
I have a Cisco ASA 5510 that was set up as a VPN server for working remote. I have disabled split tunneling so that all traffic created while VPN'd in goes through the ASA. The problem I'm having I believe would be resolved if I enabled split tunneling but I would prefer another solution. Now..for the problem.When a user is connected via VPN, they can hit all intended devices both public and private accept servers that have static NATs in the FW. So Server A has a public of 1.1.1.1 which is one to one mapped to private address of 10.1.1.1. Now if the remote user brings up a browser and goes to 1.1.1.1 it wont work. The FW gives me a error which is posted below. However, using the private IP of the server works. I thought about trying to manipulate DNS to resolve this as the remote users are using URLs and not IPs when trying to reach these servers but again, was hoping I could resolve the NAT problem that the FW seems to be having.
Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src Outside:192.168.202.100/49238 dst INSIDE:1.1.1.1/80 denied due to NAT reverse path failure 192.168.202.x/24 is the remote vpn ip given via the ASA.
I am setting up a network that will use the 1941 router with a cellular card (HWIC) to connect to the Internet for communication with remote stations in the field. The 1941 has a static IP address (166.142.xxx.yyy) on the Internet provided by the ISP (Verizon). The 1941 is connected via ethernet to the ASA5510. The end goal is to have the field cell routers (Digi Transport WR-44-R, also static IP) connect to the ASA5510 via VPN tunnels for communication back to the servers behind the firewall. I'm not sure exactly how to configure the 1941 so that the remote router can connect to the ASA using the public IP of the 1941 router. I have the 1941 working stand alone and can connect to the Internet and pass traffic, but I tried a static NAT to translate the public IP to the private IP of the ASA and cannot pass traffic. below is part of the 1941 configuration: [code]
Do I need to use VLAN bridging to accomplish the task or am I missing something with the NAT?
I have an ASA 5510 configured 3 interface Internet_AAPT, Internal_Network and Server_Network. The server network works fine as is able to connect to the internet and services like port 80 work from the internet in. But from the Internal_Network can only get to the server network but not internet (6May 13 201214:17:4030201310.153.111.21253663199.47.216.14880Built outbound TCP connection 42508 for Internet_AAPT:199.47.216.148/80 (199.47.216.148/80) to Server_Network:10.153.111.212/53663 (10.153.111.212/53663). The weird thing in logs i see a connection being made but for some reason its referring to the Server_Network interface? below is my current config...
ASA Version 8.2(5) ! hostname ASA01 domain-name names name 10.153.11.184 QNAP name 10.153.11.192 exc2010 name 10.153.11.133 zeacom
I have an ASA 5510 which i've configured for internet access.I can connect to the internet from the ASA box,I can ping public networks from the console of the ASA box,but cannot access public hosts from internal hosts connecting via the ASA box.Find my config below to know what i ahave omitted or committed.
Since the power failure two days ago, my -ASA stops forwarding traffic to internal servers, for no apparent reason. Packet trace shows all OK, packet capture buffer stays empty when I try to http into the mail server. The only way to get it working is to change the Outside Ip to the one used for mail, then to change it back. It will work OK for a few hours, then stop, with nothing obvious in the logs.
Remote-access users aren't able to reach our remote network through a site-to-site VPN tunnel between two ASA 5505's.
I've seen several threads about that here, I've run through the walkthrough at [URL] I've taken a stab at setting split tunnelling and nat exemption, but it seems I'm still missing something. Remote-access users can reach the main site, but not the remote site.
Remote-access (vpn-houston) uses 192.168.69.0/24. The main site (houston) uses 10.0.0.0/24 The remote site (lugoff) uses 10.0.1.0/24
I'm having an issue with my work computer where it can connect to all of the servers in the company accross the country EXCEPT the servers located in New Jersey. I am running Windows XP SP3. I am able to ping the servers and get a response back, but my network drives are disconnected and I cannot open them. I have tried completely uninstalling the driver for my network adapter and reinstalling it with no affect. Mine is the only computer having this problem and I have uninstalled all software that was installed within the past month to be sure. It is ALL of the servers in New Jersey so I know it's a problem with my computer and not the serers. I had a similar issue a while ago where I could ping Google, but could not get to the website, and that ended up being the ZoneAlarm firewall that I had. That was fixed by uninstalling ZoneAlarm and doing an ipconfig /release & /renew. I re-registered some dlls but that didnt work either.
I'm having a problem connecting to multiple servers. I do know that I have stopped the windows firewall and taken out Norton and avg, yet I still can't connect to any servers. I've even tried on other networks! I can download torrents and surf the internet just fine though. I can't connect to an online class server to do my homework, and I've also tried to start playing WOW but neither will connect. I also don't see peer guardian 2 in *services*
I have an issue here, I need to connect to various anonymus proxy servers, the ip's of which can be freely found on the web. I've tried doing this from a broadband connected computer and it's ok, but the thing is that when I try doing this from a computer that is tied to o router, it doesn't work at all.
Put bluntly, my laptop will not connect to any ftp site/server via any of the following methods:Command Line Software FTP Clients (Filezilla and other such programs) Windows Explorer (window) Browsers
However, if I try to use a WEB-BASED client, I am able to connect without a problem. What's stranger, if I try to connect to the same server on a different computer using the same wireless network (I'm running on Wifi), that computer has not problem connecting to the FTP server via all the methods mentioned above. So that should at least eliminate the wireless network itself from the list of possibilities.
And to the best of my knowledge it has nothing to do with the firewall as I've made every possible setting tweak to allow ftp connection in and out - I've even turned off the firewall and antivirus with no luck.
Which is why I have reason to believe it has to do with my laptop itself.
my partner cannot connect to the internet on her computer. I have tried disabling the ipv6, typing in oranges dns server in the ipv4,and attempted to find the dns automatically. I tried running the ipconfig, but it flashes up for a second then goes off before I can look at it. As mentioned I am with Orange, I contacted them and they wanted to run the computer through an ethernet cable and reset everything which I think is a pain in the backside and I know it should be a bit simpler than that.
