Cisco :: ASA 5505 - Setting A VPN Connection
Apr 4, 2011
I am wondering if this Cisco ASA 5505 Box is overkill for what I need?I have just become network admin to a small office that host two domains.
[code]...
Some of the clients are requesting a connection to the office from remote locations for file access and what not. So would implementing a Cisco ASA 5505 be overkill? I am a bit nervous of going forward as I have never had to "setup" an ASA box and dont want to kill the network.If I should NOT use this box, what should I use for a VPN connection?
View 6 Replies
ADVERTISEMENT
Nov 14, 2011
I am trying to set up a DMZ on my Cisco ASA 5505, so that the wireless clients are connected behind the DMZ, the LAN clients are connected behind the inside interface and both groups of clients can get to the Internet. I have been able to configure the ASA for both wireless and LAN, but the wireless clients still cannot get to the Internet. The LAN clients can get to the Internet. I do not want the wireless clients and the LAN clients to be able to be able to communicate with each other. What commands do I need to run in order to allow the wireless clients to access the Internet?
View 11 Replies
View Related
Dec 12, 2012
I'm trying to set up a Cisco ASA 5505. I'm mainly setting things up through ASDM but I also have console access. Right now while I'm setting it up I have the outside/Vlan2 port attached to my existing network and a laptop connected to the inside/Vlan1 port. More info about that:
interface Vlan1
nameif inside
security-level 100
[Code]....
Before I added that last "0.0.0.0" entry, the ASA would not see anything on the internet. Now I can ping any external IP address from the router's console. However, the laptop I have connected to the 'inside' port still cannot reach any IP address outside the 10.10.153.0 network. Every time I try to add a similar route for the 'inside' interface, I get the following error: "You have another route configured for this network any which has same gateway 10.10.152.1 and same metric 1. You cannot add a duplicate route." I know I'm misunderstanding something here. In order to make devices connected to the 'inside' port connect to the internet, I need to set up a new route that will direct these devices to 10.10.152.1, right?
View 9 Replies
View Related
Aug 14, 2011
My company has leased some office space to an outside company that handed me a 5505 and said "We want to VPN to our HQ through your Internet". I have two issues: I need this to work and I need to be able to access the 5505 from the management network. I don't care about the VPN aspect as much as making sure that I have basic communication down. I have everything configured per the diagram, but I can't ping the 5505 outside (Vlan 2) interface. I want to be able to configure and test the VPN setup on the 5505 from Putty on my PC.
The default route on the 5520 sends traffic to 10.10.1.1 and the default route on the 5510 sends traffic to the WAN interface. I added this route on the 5510:
outside 10.94.4.0 255.255.255.0 10.10.8.1
I still can't ping the default gateway on the 5505. There is a switch between my PC and the 5520 but the default route passes the traffic to the 5520. However on my tracert I don't even get to the 5520. What's going on here? Do I have to add a route to the switch just to manage the ASA 5505?
View 30 Replies
View Related
Oct 18, 2011
I have a ASA 5500 with Sec+ ?Is it possible to have Dual WAN, one WAN is used for default traffic and WAN2 would be strictly for VPN tunnels?
View 4 Replies
View Related
Feb 16, 2013
I have a client that has a 5505 installed. They want to VPN in with their Win7 laptop, but they don't want to shell out $1000 for the 10-pack Cisco VPN client.I have successfully setup the clientless VPN, and they can, through a browser, get to their files, but they'd like to map network drives so it's just like they're in the office.I tried setting the IP Sec up on the 5505, and then using the built-in Win7 VPN network connection, but no go.I also do everything through the ASDM, but I realize some things cannot be done. I'd prefer to use the ASDM!Anyone else get this configured? 99% of what I see out here is how to connect the 5505 for site-to-site VPN.
View 4 Replies
View Related
Mar 15, 2012
We are trying to setup our ASA 5505 to do port forwarding to multiple internal servers and have run into some issues. A little background on what we are trying to do.
We have 1 static external IP. Internally we have one exsisting server (10.1.1.184) that has port 80 forwarded to it and another exsisting server (10.1.1.185) that has port 443 forwarded to it. Both of these servers are serving seperate web apps to our employees who of course use them offsite. We have now added an additional server (10.1.1.186) that needs to use both ports 80 and 443. Is there any way to set it up so that these ports can be forwarded to all the servers that need them? Also, how would this work as far knowing what traffic will need to go to which server even though it is using the same port?
The equipment is: ASA 5505ASA Version 7.2(4)ASDM Version 5.2(4) I appologize in advance if what I'm trying to do is difficult/impossible. I inherted the ASA 5505 at this location and I was not here when it was initially installed. In fact no one on staff was here when it was initially installed. I did manage to find the passwords to it though. I'm not at all familiar with the ASA 5505 or Cisco secuirty appliances in general.
View 19 Replies
View Related
May 16, 2013
I have an ASA 5505 with Security Bundle license.
I am able to create 2 LAN networks (192.168.9.0 and 172.16.9.0) Vlan1 and Vlan12 respectively. I also setup 2 outside interfaces (outside1 and outside2).
Network 1 (192.168.9.0 - VLAN1) has no issues going out via Outside1, however I can't get Network 2 (172.16.9.0 - VLAN 12) to go thru outside2.
I put in a static route (route outside 172.16.9.0 255.255.255.0 x.x.x.x), the x.x.x.x is the default gateway of my ISP.
View 7 Replies
View Related
Mar 21, 2013
I am having a problem trying to figure out how to add a new ASA 5505 to an existing network. My current network is:Cable Modem > Linksys > 48 port switch With multiple hosts residing on the 192.168.0.x network.Now i know that the ASA comes default with 192.168.1.1 on the inside interface and i want to change that to 192.168.0.1. I have tried to do this thru ASDM using the wizard and manually. Once i hit ok for it to write the config, it gives me an error that it didnt take. I then lose connection to the ASA and have to hard boot it to get it back.I am trying to do this without my external connection connected and i have a laptop connected to the ASA on port 0/2 with an IP address of 192.168.1.75.Do i need to connect my internet connection to it first and then run the wizard? I was hoping to get it configured for my existing network before i plugged in the internet connection to limit my downtime.This ASA came with 6.4.1 ASDM and 8.2 OS installed. i was able to upgrade the ASDM to 7.X but when i go to update the OS to 9.1, i get an error that i am not registered to use cryptographic software. Dont know where i need to register to get it?
View 4 Replies
View Related
May 1, 2011
I have an ASA 5505 that I was updating from frimware 8.04 to 8.41. Anyway, I went through the update procedure half-asleep and accidentally deleted the boot image right after I installed it (I used the CLI and put in the command del asa8*.bin then just hit enter a bunch of times, which of course means I deleted the old firmware too).
So now whenever I power up the ASA, I get the "Could not find boot file" error. Is there a guide somewhere that tells me how can upload another boot image to the ASA and set the ASA to boot it from teh ROMMON prompt?
View 1 Replies
View Related
Mar 16, 2013
My wireless network consists mainly of approximately 1400 AP's 900 x 3602's, 500 x 3502's,The majority of these AP's especially the new ones have been manually optimised for channel and power settings. We paid an external surveyor to survey and optimise the AP's.
We have a few 5505 WLC's and the channel assignment method is set to "Freeze" ,My question is, if someone invokes a channel update on a WLC, will the WLC override the original manual channel setting if the WLC thinks it should be changed? And will the original setting be lost forever unless a restore is performed from the WLC Database?
View 5 Replies
View Related
Dec 18, 2011
We're getting "Connaction Timeout / Connection Failure" error messages several time per day. Here is our setup:
Verizon FiOS Internet (ONT Box) --> Cisco ASA 5505 --> EdgeMarc 4500 Router --> Cisco 300-24G Switch --> Dell PE1950 Servers
From past few months, we keep getting Connection Timeout and Connection Failure error messages in our vendor application which connects to SQL Server 2005. Also Terminal Server 2003 keep disconnecting for every few hours.After several days of troubleshooting, we come to know that this Cisco ASA 5500 is not working properly. When I access the ASDM, it shows several warning messages.I know there is a setting option to configure TimeOut, but is there anyway to test and track the ASA 5500 regarding this Timeout issues?
View 3 Replies
View Related
Jun 25, 2012
I am trying to confgure a VPN connection on a Cisco ASA 5505, and I am supposed to translate the inside network from 10.200 76.0 to host 10.1.4.204, and then from that scheme establish a VPN with the host 66.179.80.108 on network 192.168.50.0/24. I was told that this Cisco ASA appliace would be able to translate the network address as a mask in order to make the necessary connection with the other site connection.
View 6 Replies
View Related
Aug 23, 2011
setting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:
Network Address Network Mask BTnet NTE Router LAN Address
There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.
View 21 Replies
View Related
Dec 22, 2011
Trying to set up a asa 5505 in transparent firewall mode. I cannot set the management ip address:
ciscoasa> enable
Password:
ciscoasa# config term
[Code].....
View 7 Replies
View Related
Mar 31, 2011
Just now my boss asked me to prepare to set up site-to-site VPN on Cisco 881 Integrated Services router to ASA 5505 router which is now running at the HQ side. I am now learning pdf file from Cisco which mention how to setup site-to-site VPN between Cisco 1812 IOS router and ASA 5505 router by using ASDM V6.1 and SDM V2.5. Can't find the paper for that Cisco 881 device.
View 4 Replies
View Related
Jan 21, 2013
A pen test has shown I have crackable transform set on my firewall. I can see the config this relates to and do have higher encryption available. What I dont want to do is remove it until I know my remote sites are not using it.does any one know a command that shows all the policies/encrption in use?
View 5 Replies
View Related
May 3, 2011
I have multiple offices that I want to vpn into one office.... So is there anything special I have to do to establish this....Or can i do the same set up for one office then copy those setting to the next office?
Office 1 - main office .........asa 5510......ip 111.111.111.111
Office 2 - remote office......asa 5505......ip 222.222.222.222
Office 3 - remote office......asa 5505......ip 333.3333.333.333
I want office 2 and 3 to be able to vpn into office 1.
Currently I have already set up the vpn connection for office 2 to office 1. Everything works well with that so I know it is good! So could I basicly copy those setting to office 3? Or is there some weird settings or anything I should do or avoid by now setting out office 3 to vpn into office 1??
View 2 Replies
View Related
Aug 6, 2011
what i got is an internet connection from a network socket in my room where when i conect my computer to it and open a browser i need to enter a username and password in. once my connection to the net has been idol for 30 mins or my computer is switched off i then get disconnected and have to sign in again via my web browser.
what i want to do is stick my router in to that connection and then connect to the net wifi style with my i pod/wii/phone/ laptop ext ext.
how i do this without having to keep my pc switched on.
View 3 Replies
View Related
Mar 8, 2013
Setting up a wireless connection for a desktop PC.I have an Acer PC running Win 7 Pro wired to a Thompson router downstairs. I have an HP Pavilion running XP in the room directly above that I would like to connect via wireless.
View 10 Replies
View Related
Nov 6, 2011
I am setting up a site to site IPSec VPN between two ASAs.I want to NAT an internal host that my VPN peer's network will be connecting to. So I need to make sure the traffic coming from this internal host is NATted before it enters the VPN tunnel as "interesting traffic"
So let's say remote network 192.168.20.0 /24 is connecting through IPSec VPN tunnel with peers 65.200.1.1 and 198.14.7.10 to host 10.100.1.7 on my network.I want to NAT host 10.100.1.7 to 192.168.100.5 to the remote network connects to the 192 address, not the 10 (I am using a ASA 5505)
View 9 Replies
View Related
Mar 3, 2011
We just moved to a new place and ISP here have a bit weried connection - they use cable modem that provides "local" IP (through DHCP) to the router and than you have to dial out L2TP to the ISP in order to connect to internet.This setup works fine with "home" routers, like the LinkSys, however I have no clue on how to setup it on 2811.
View 1 Replies
View Related
Oct 12, 2011
Looking for assistance in setting up a VPN Connection on a RV120w.Trying to establish VPN with Android tablets utilizing Anyconnect.I currently utilize IPsec connections into RV120w without issues from desktops/laptops. (I am not real familiar with certificate based connection, and how to export from RV120w and import into Android)
View 2 Replies
View Related
Feb 13, 2013
I just moved into a university residence. Setting up a wireless connection is not allowed - instead we have one ethernet port on the wall. As a result, we can only have one computer connected to the internet at a time via this wired connection. The problem is, I live with my partner and we both need internet access for our separate computers. We both need to be online at the same time. What is the easiest and most simple way to accomplish this? I don't know much about hubs, routers, and switches. I imagine there should be some sort of basic splitting device I could plug into wall which would allow 2 computers to use the ethernet port.
View 1 Replies
View Related
Nov 12, 2011
I am without my connection until repairs are made inthe following week. I am trying to set up netzero with my current equipment, but cannot find the cd for my netgear router WNR1000.
View 1 Replies
View Related
Jan 19, 2011
I am setting up wireless connection on ps3. I can't find my wpa key code - what and where is it
View 3 Replies
View Related
Nov 4, 2012
Configured a D-Link DIR-601 router? The internet is connected, but there is a yellow triangle with a exclamation mark on the bottom right corner stating it isn't connected. I read the manual and did everything as listed, but still have the same issue.
View 4 Replies
View Related
Aug 26, 2012
We bought a RV220W in order to get a VPN in our Small Business. The RV220W will only be used to let clients connect to it and not a tunnel between another VPN box.We could use QuickVPN, but it won't be working in our case, because in order to use QuickVPN, the router wants to change its IP 10.x.y.1. Because we have multiple servers/services that are using a static IP, it would be quite painful to change the subnet. Therefore, we would like to stay on the same subnet and change it in worst case scenario only. This is why QuickVPN is not an option here.We could use SSL VPN, but most of our clients who will connect to the VPN are using Windows 7 x64. I have tried the Windows 7 x64 fix told in the latest firmware release notes, but I can't get it to work on my computer, which is a Win7 x64. It might still be broken. Many of them are not very tech-savyy, so I can't tell them to use a virtual machine to connect.We want a secure connection, therefore IPSec is better than PPTP. I've been trying to setup IPSec for the past hours but I can't get it working. At first, I wanted to use an SSL certificate, but having no luck with this, I switched to a Pre-shared Key (PSK) in order to get things simpler. Eventually I would like to use an SSL certificate, however I would like to get PSK working first to confirm that the IPSec connection is working.
I have attached with this post, screenshots of the IKE and VPN Policies. I have used the VPN Wizard in order to complete these fields. The local identifier is the WAN DynDNS FQDN. However, as for the remote FQDN, there should be none really, because clients are connecting to it, so the RV220W won't know in advance who's connecting and from where. I have read that when using the Responder type, the remote settings should not matter. Also, the PSK is 25 caracters long.After setting the RV220W up, I have set up a L2TP/IPSec VPN connection on my Windows 7. I have set up the connection to connect to the DynDNS address and set up the PSK in the Advanced settings. After I typed my IPSec username and password to connect (which was created in the IPSec users section), Windows tries to connect and times out :
Error 789 : The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.
At the same time on the RV220W, this error shows up in the logs :
2012-08-26 23:45:24: [rv220w][IKE] ERROR: Could not find configuration for 24.54.xx.xx[500]
I can't figure out what I am doing wrong. I've read the Administration manual quite a few times and it seems that I have followed everything by the book.I have tried to enable/disable my Windows firewall, but did not get any luck. The RV220W is located at a remote office, to make sure that I can connect from the outside, before you think that I'm trying to connect to the outside, from the inside I have changed few settings in the IKE policy to try to make it work. Settings such as the Exchange Mode, because I've read that the Aggressive mode had issues. At this moment, the settings are back to default, once the wizard has been run. I'm thinking about setting a PPTP to confirm that this works, then move up to IPSec PSK, then to IPSec SSL Certificate.
View 1 Replies
View Related
Jan 28, 2011
I have both working in a cluster and traffic is flowing but now I desire to seperate my intranet from internet guest traffic only. Having an issue with understanding how to accomplish this task. I have one 2003 server in the intranet that supports DHCP and using a private network address.
View 4 Replies
View Related
Jan 10, 2013
I've read and read about setting up the WAN static IP connection, and can't get it to work. I purchased this router to replace an older Linksys Router (WRT150N) so that I could better implement VPN. All I need is 2 remote connections. The Linksys Router has been working great with a static IP setting, so I figured all I need to do to is enter the same IP, subnet, gateway, and DNS settings in the RV180W and it should work fine. Well it doesn't provide any connection to the internet. As far as I can see, it has all the same settings set that the linksys has.
Is there something additional I must do for a WAN static IP setting setup. I even contacted the ISP but they say their modem is fine and of-course they won't assist with the router. As soon as I connect the linksys back to the modem, I get access to the internet.
I'm no engineer, but something isn't allowing any Internet services. LAN is fine. I attached a W7 laptop to the router, and it says it can't reach the internet due to something about proxy services. There is no proxy server so not sure what it is referring to.
By the way I tried another manufacturer router just to ensure that it wasn't a defective RV180W, but that router didn't connect either - same issue. If I set it up on my home service, both work albeit only with DHCP WAN settings.
View 9 Replies
View Related
Mar 31, 2011
who's familiar with the asa 5505 could give me a basic walk through on setting up a site to site vpn between two of them. One of the previous guys set it up so that people can vpn in with the cisco client but that's a whole different problem. It disconnects after a while randomly.
View 3 Replies
View Related
May 5, 2011
Actually i was having an windows 2003 server with an public ip at my office... i had hosted a new site into that server ( iis ) in order to open the site it needs a vpn connection to read database remotely! now the problem here is after giving vpn connection i was unable to connect to the server through remote desktop from my home! if i need to connect to the server i need to setup the vpn connection at home also.. so is there any solution on how to connect to remote desktop even if vpn is connected.!
View 1 Replies
View Related
Mar 18, 2013
find the IP address of the dLAN Wireless Extender so I can go into advanced settings to set up the name, password etc. The Extender config tool provided cannot find it.I replaced my cheap WiFi extender which used to drop the connection all the time with a Devolo dLAN 200 AV Wireless-N Starter Kit, which was highly praised all over the place.How I set it up. The manual clearly states both the single Etherner port plug and the 3-ethernet plug should be slotted directly into the mains sockets which I have done. The smaller, single ethernet plug connects to my Router with the ethernet cable provided. The bigger plug is plugged into a different socket without any other cables attached. The power, house(dLAN), ethernet lights are green on both as well as the Wifi light is green on the extender.I used the dLAN cockpit program to add the Extender by entering the security code on the back, now both of them show up in the Cockpit interface and say "ON". I have the option to change the password for the entire network via the Cockpit, which I did. I assumed that's all the plug & play I had to do to make it work. Wrong. I cannot connect wirelessly at all. The network shows in the available list as devolo-000.......... with full signal, I click it, enter the password, it says authenticating and then drops.
The whole purpose for this is to have an extended Wifi Network around the house where the router cannot reach. But I cannot connect. Now i was reading on Davolo site where it says " You can set up or change the configuration of the dLAN® 200 AV Wireless N via the web interface. To access this interface, simply enter the known IP address of the product into any web browser (e.g.Internet Explorer) or call up the web interface via the dLAN® Cockpit."I also checked that apparently, the newer version, the dLAN 500 has a "config" button in the Cockpit application which takes you directly to the web interface to set up your wifi, but the 200 does not. I do not know what the IP address of the Extender is, I do not know how to reach the interface via my browser. I did have a feeling it had to be done because firstly I wanted to change the name of the Wifi network but couldn't figure out where.
I would also like to add that a program included in the set-up disc, called dLAN Wireless Extender Configuration doesn't seem to find it, so I cannot enter to look at any settings. It pops up with "the dLAN wireless extender was not found. is the dLan wireless extender switched on and properly connected to this computer's local network?"
View 14 Replies
View Related
