Cisco :: Can't Ping WebServer Of DMZ Zone Using Public IP

Feb 28, 2013

I have my webserver ( located at DMZ zone. The public IP of my webserver is ( From outside i can ping my webserver using public IP thats fine.The issue out here is, if i want to ping my webserver using public IP from Internal LAN then i cannot ping but i can ping my webserver using private IP.I am using ASA5520. [code]

View 2 Replies


Cisco Switches :: SG300 - Can Ping But Unable To Reach Webserver

Jul 23, 2011

I have a sg300-10 switch. i update the firmware with the last one. Things are complicated when i create 2 VLAN. ( really 1 VLAN cause the first is native ).So i have the first VLAN with the interface ans the VLAN 2 wich IP is

I'm connected with my workstation ( ip : with GW ) and i try to ping a web server on VLAN 2 ( ip : GW )

Ping is OK ! But when i try to reach any ports of the webserver : Nothing.

View 11 Replies View Related

Cisco Firewall :: ASA5520 And Public IP Zone

Apr 5, 2011

I'm trying to setup a zone behind my firewall with complete publicly routeable IP addresses for 3 servers. The reason I'm doing this is I am in the network setup stage of an OCS implementation, and OCS connections don't behave well with NAT.
My device is a ASA5520. I have an internal zone, and a dmz zone. These are done via standard NAT configurations.
My question is this:
Is it possible to setup connectivity to the outside with internal servers that have Public IP's directly on their NIC's? Another little detail of interest is that this ip space is seperate than the one that's on current Outside interface facing our ISP. However we own both address space.

View 3 Replies View Related

Cisco Firewall :: 2901 / ZBFW - DMZ-Zone To In-Zone Access

Jun 9, 2012

I have a Cisco 2901 which terminates a Class C address pool. I have split the Class C address pool into 3 sub-nets and 2 zones and created a non-addressable pool (private pool):
dmz-zone : x.x.x.0 TO x.x.x.127 (x.x.x.0/25)
in-zone: x.x.x.128 TO x.x.x.159 (x.x.x.128/27) & x.x.x.160 TO x.x.x.191 (x.x.x.160/27)
private-zone: 192.168.x.0 TO 192.168.x.255 (192.168.x.0/24)
I have configured private-zone NAT to use address pool x.x.x.161 TO x.x.x.189 within the in-zone.
Within the:
dmz-zone - are servers for : DNS, Syslog, SIP & HTTP/HTTPS in-zone - is a SMTP mail server which is behind VPN Gateway/NAT, TomCat (Application Server) and PostgreSQL Server private-zone - is where all standard users are operating from and they can access the SIP & HTTP/HTTPS servers within dmz-zone My problem is that I cannot seem to configure the ZBFW to allow the dmz-zone HTTP/HTTP server to redirect to in-zone TomCat server.
I do not want to make the TomCat server generally visible and am instead using the Apache proxy/ajp13 to connect from dmz-zone server to in-zone server.However I cannot seem to get anything (including icmp) to work from dmz-zone to in-zone.
I have Policy:

POLICY-DMZ-IN (dmz-zone to in-zone) which has:
any any udp/tcp inspect
any any icmp inspect
unmatched traffic DROP/LOG
But I still cannot get anything from dmz-zone to in-zone...Could the POLICY-DMZ-IN be being overridden by other dmz-zone to out-zone policies?

NOTE: I have routing rules for each of various sub-nets and all out-zone to dmz-zone, out-zone to in-zone and private-zone to out-zone, in-zone and dmz-zone routing works ok, so it appears problem is with ZBFW not routing table.

View 4 Replies View Related

Cisco :: Cannot Ping Static Nat Public Ip In ASA 8.4(2)

Jun 27, 2012

I have setup Cisco Asa 8.4 Lab in GNS3 to understand new Nat changes in asa 8.4 because im new to asa.

I have configured one of my internal webserver to static NAT with one public ip. Im able to access hosted webpage from static public ip means NAT is working fine, the problem here Im facing i'm not able to ping to Mapped public IP from outside interface sitting on pc (ip which is also connected to same outside network and neither from ASA console but Im able to ping outside interface ip address which is from pc ( and from asa console.

This how my network topology

Inside Network outside Network
inside ip ip (connected to ADSL router


View 3 Replies View Related

Cisco WAN :: 1921 - Cannot Ping Public IP

Aug 8, 2011

We have Cisco 1921 router with two ADSL connections on it. both ADSL public ip address working fine, they both send and receive packets. we can ping both ADSL public ip from inside but
we cannot ping both ADSL ip from outside it is some times with one ip and some times with another ip.

View 12 Replies View Related

Cisco VPN :: Disable To Ping Outside From Public IP ASA 5505

Jul 19, 2012

We have ciso asa 5505 and we are using one public ip of , so i wanna disable to ping from outside this ip , but not effect our site to site and remote vpn connections ,the only thing i need is to disable the public ip to ping from outside.

View 7 Replies View Related

Unable To Ping Public IP Of 3G Router From Internet

Apr 3, 2013

I have just setup the 3G Wifi Router (Huawei 3G21WE) for my company at remote site for temporary use.Now we want to monitor the DVR and cameras installed on the site from head office but i am unable to do it.I have done the port forwarding on the router and using Dyn DNS and configured it correctly, but i cannot browse it from internet.I have also noticed that i am unable to ping the public IP/DynDNS from internet. also i cannot find any option to disable the firewall on my router.

View 3 Replies View Related

Cisco WAN :: ACL For Webserver Behind 857 Router

Oct 1, 2012

configuring an ACL for a 857 Cisco router for web-server traffic. I've configured a NAT for the inside network and added ACL entries for  port 80 access but dont seem to have any luck accessing the website  remotely.  I suspect there's an ACL rule blocking access. 
Setup Internet === Router === Webserver
Router address: Web-server address: from ISP address: XXX.XXX.XXX.XXX
(masked for security)

View 2 Replies View Related

Cisco VPN :: Publish Webserver Pix 501?

Sep 6, 2011

The remote office is connected to hq via site to site vpn. I have 1 static IP (on the remote site)that I use for the site to site. I need to publish a web server at the remote site. My question is can I use the same IP for VPN and web server publishing, I am having trouble getting the web server to publish

View 2 Replies View Related

Cisco Firewall :: Making Webserver On 8080 Available To The Outside On 80?

May 14, 2012

We're running three networks (inside, outside and dmz). Inside is, dmz is, outside is a static ip allocated by our ISP. We'd like to configure the following:All traffic from the outside to [static provider ip] on port 80 should go to port 8080.

View 14 Replies View Related

Cisco Firewall :: Webserver Hacked Behind ASA 5510

Apr 24, 2011

I have one webserver which open for public via http and https. The server sit behind Cisco ASA 5510. Today our webserver have been hacked by someone. The index.html has been replaced by hacker own index.html file. Is it anyway to detect who did (by IP) this? is my Cisco ASA can give any clue about it? How to prevent from this happening in Cisco ASA? FYI, my ASA only allow HTTP and HTTPS port from outside to internal. This ASA is solely dedicated to protect the webserver.

View 3 Replies View Related

Cisco WAN :: 5510 To Add A Static Nat To Allow Access To Internal Webserver

Mar 20, 2011

ASA 5510I'm trying to add a static NAT for to allow access to an internal webserver on my DMZ.  I've added the config, however i'm still unable to get to it from the outside.  I'm able to ping and browse the server from the LAN and I'm also able to ping the external interafce from the outside, but just unable to browse.I've turned on logging and the error I'm getting is "Inbound TCP connection denied...flags SYN on interface outside"

View 0 Replies View Related

Home Network :: Powerconnect 2716 And Webserver

Dec 20, 2011

Im currently working on setting up a small network at home. I have a Dell 2716 and a dell 2650 server running windows server 2003. Ive already setup the dns and domain controller on my server. I have 3 desktops that will connect to the server. so far I have the following setup. ISP---> Dell 2716 --->dell 2650/ computers. I set the computers prefered dns to the servers ip. Im able to join the domain and log in but is there a better way to set it up. Also the server and computers are set to static ip.

View 2 Replies View Related

Unable To Resolve Webserver Locally By Domain Name?

Apr 12, 2012

I am running a webserver locally and I am unable to resolve it by domain name (e.g. when I am inside my network. However, I am able to hit it internally (e.g. just fine. When I try to access from inside my network it comes up with my Actiontec router's admin page on is my configuration:Actiontec FIOS router (connected to internet)DHCP disabled Netgear Router is in the DMZHas cable running from Actiontec's LAN port to Netgear's WAN port[CODE]

View 7 Replies View Related

Protocols / Routing :: Use Virtual Machine As Webserver?

Feb 17, 2013

I am running a websever on virtual machine on ubuntu .how can i forward all traffic coming to my ip to virtual machine which is on my are my configs.

OS - Windows 7
Router - DLink
Virtual machine network Setting - Bridged adapter.

View 19 Replies View Related

Cisco WAN :: 6500 - Remote Vpn Users Cannot Access Webserver Locally

Sep 14, 2011

I configurated ipsec remote vpn at catalyst 6500. my servers are assigned this subnet
vpn user:  ----  webserver ip address


View 3 Replies View Related

Cisco Firewall :: ASA5505 - Can't Get Home Webserver Published To Outside Interface

Aug 17, 2011

I've tried to get my head around this but beeing used to Juniper and Watchguard devices I just can't get my home webserver published to the outside interface.I have a ASA5505 with ASA version 8.4 and ASDM version 6.4 and the basic license.

Outside interface is X.X.X.32/ so I have 5 static IP:s on my external interface, .34 is in use for the outside interface.

I have a webserver in DMZ located at and would like to publish it to the external IP X.X.X.35.I've tried to make the static NAT but every time I do either nothing goes in or out of the DMZ zone or you can't access the webserver from the outside interface.Right now I deleted all trials since none of them work so only the basic config is applied. Everything get's NAT:ed to the external interface .34 IP.

View 4 Replies View Related

Cisco Application :: 4700 - Initiate Connection Between Test Pc To Webserver Through ACE?

Apr 2, 2012

I've configure two ACE 4700 in a SLB modus http to a web server.To understand how the ACE works and to see if all are ok, I want to test it? but how?
How do I do to initiate a http connection between my test pc to the webserver through the ACE?

View 5 Replies View Related

Cisco Firewall :: ASA 5510 - Guest Network Access To Internal Webserver

Dec 18, 2012

I have the syntax correct and thought process down right on a solution to allowing guest wireless users access to an internal webserver.  (DMZ discussion aside)
We have an ASA5510 with interfaces setup as:
outside - 65.x.x.x address
inside -
guest_inet -
Internally clients resolve our website to and that part works as it should.  Clients outside of our network resolve our website to the correct external address (lets just call it We have a NAT statement static (inside, outside) netmask and an ACL to permit tcp any host eq www
Clients on our guest_int use an external DNS server and hence resolve our website to  However it seems traffic goes out and back in our outside interface and this connection never occurs.
What I'm wondering is the correct NAT statement / ACL to add that would allow our internal clients on the 10.2.1.x network to access our internal website.  Would that be: static (inside,guest_inet) netmask ?  Since there is already an ACL permitting port 80 traffic to we should be taken care of on the ACL side of things, right?

View 3 Replies View Related

Cisco VPN :: ASA Version 8.2(5) - Public-to-Public L2L / No Return Traffic?

Apr 2, 2013

One of our vendors requires using a public ip address to setup a site-to-site IPSEC vpn. We only have one public ip address and that will be used for the vpn endpoint and for internet access for the local network. I've setup policy NAT from our local network to the outside interface. I'm also using the outside ip address for the crypto map. The tunnel setups successfully and the Tx count increases anytime I try to ping the remote network, but the ping fails and the Rx count does not increase. According to our vendor, we should be able to ping the remote network and connect using port 443. When trying to connect using port 443, I see a SYN timeout in the logs. I'm not sure if the problem is on their end and they're rejecting our traffic, or if something is misconfigured on our end. I'd like to make sure that I have everything configured correctly before I go and point fingers at them.

Local Network -
Remote Network -
Remote Peer -
.ASA Version 8.2(5)
hostname ciscoasa


View 4 Replies View Related

Linksys Wireless Router :: E-4200 Cannot Access File And Webserver Through WLAN

Sep 20, 2011

I have home network with my Linksys E-4200.
My HP Microserver (Ubuntu +Samba+Apache) is connected via LAN. I have notebook (Windows 7). To my server (FILE+WEB) I have access only  when I connected via LAN cable. In windows 7 i see my server and have access to the files. Webserver works also properly: access with the name of the server in web browser.
But by WiFI connection, there is no access ! The server has the reserved local IP-address, like
What should I do to solve it? By typing "" i see the localhost page, but nothing more!

View 2 Replies View Related

Cisco Firewall :: ASA 5520 8.4(1) Public WAN To Public DMZ?

Jul 10, 2011

i have an ASA 5520 8.4(1) setup as follows
      public wan
       ASA-- public dmz
      private lan
i need to allow https traffic to a server in the DMZ that will have a routable IP address will just an ACL suffice ?which interface do i apply it to ? wan or dmz ?i dont need a NAT since the DMZ is a routable space?

View 6 Replies View Related

D-Link DIR-655 :: Guest Zone Keeps On And Off

Nov 25, 2012

im having a problem on my DIR-655, i just recently updated my DIR 655 2.03NA(which is no problem at all) to 2.10NA, & im having problem on my GUEST ZONE wireless network everytime i connect my Iphone 4 to it every second 10 seconds it goes on & off & i try to connect to the main wireless network it was working fine any causes to this?

View 14 Replies View Related

Cisco :: Zone Based Firewall Really Needed

Sep 18, 2012

I'm having a few problems at the moment with a zone based firewall setup. The more I looked into the problems the more I question whether I need the ZBF or not.My network is pretty simple. 1 Internet connection and 1 LAN interface and a few site to site vpns to the router.So what do people think to having this kind of set up and not using a ZBF?

View 11 Replies View Related

Cisco :: IOS Zone - Firewall Stateful Failover?

Aug 3, 2011

I've seen you can configure stateful failover between two routers running ip inspect classic firewall: url...Can the same be done yet for zone-firewall? I cannot find any documentation on it.

View 1 Replies View Related

Cisco :: 3750 Switch Time Zone Off

Apr 28, 2013

some of my switches (3750s) are on the right time and some are not. i have them all pointed to the same DC for NTP and they all say they are synchronized. is it possible to have the switches pole the DC for the right time and update?

View 4 Replies View Related

Cisco WAN :: 2901 ISR - How To Do Zone Firewall Config

Sep 12, 2012

I'm sure this is simple to resolve.  I just bought a new Cisco 2901 ISR Router.  How do I configure the Cisco 2901 ISR Router for Zone Firewall?  The "zone" command is not recognized and does not show up in the "?" list in config or user modes -

View 4 Replies View Related

Cisco VPN :: 2800 Zone-Based FW And L2L IPSec VPN

Jul 24, 2012

I have a 2800 router connecting a small office to the Internet.  I am using zone-based firewall to provide protection.  The small office also needs to connect to another office.  The 2800 is at the small office and an ASA at HQ.   I successfully established the VPN connection and have allowed Internet access for the small office.  The purpose of this post is my zone-base fw policy doesn't appear to be as secure as it could be.
2800 - I have defined two zones (inside and outside).  Traffic from the inside to the outside is inspected expect for the traffic to the other office.  I allow traffic to the other office to "pass" zbfw.  Because the traffic "passes" zbfw, I have to "pass" the same traffic for the outside to in policy.  The ASA has "sysopt" to allow VPN traffic to bypass the outside_acl.  Do routers and zone-based firewall have a similar feature?

View 1 Replies View Related

Cisco :: 3845 - Traditional ACL Vs Zone Based FW

Sep 28, 2011

I have a 3845 ISR that I have been managing for a couple years that has a traditional ACL based config.  We just purchased a new 3845 for redundancy and it arrived with the zone based config from Cisco.  Any opinions on whether I should take the existing router to a zone based config or should I configure the new router with traditional ACL config that I am more comforatable with? 

View 1 Replies View Related

Cisco VPN :: 1811 - WebVPN Being Assigned WAN Zone

Aug 3, 2011

I have a Cisco 1811 router running the 15.1(3)T IOS.  I am having some difficulty with the current zone based firewall and the SSL VPN.
When a user connects, they are put into Virtual-Template 1 which has a zone based assignment of "sslvpn".  However the traffic report for the users is listed as being blocked by the zone based firewall in the outbound direction(office out to the wan zone).

View 1 Replies View Related

Cisco :: Prime Infra 1.3 - How To Change Time Zone

May 15, 2013

Wasn't sure the format for time zone when installing eval copy of Prime Infra 1.3.  Set for UTC now and need to change to CST6CDT.  Not sure how to change it.   

View 3 Replies View Related

Cisco Firewall :: ASA 5540 Use For Protection From Internet Zone

Mar 7, 2012

-1x Cisco ASA5540
-1x Catalyst 3750x-48T (L3 Core Switch)
Id like to seek expertise on validating a simple firewall setup.
Do i trunk core switch traffic to the cisco ASA OR assign L3 link instead? It is basic understanding that the Cisco ASA is usually use for protection from our internet zone.A typical Cisco ASA setup would consist of outside, inside, dmz zone.
L3 core switch consist of 20 VLANS20 vlan needs to be blocked from each other. Eg Wireless Vlan does not have access to Server Vlan etc etc. 

what is the best practise to filter ip address within vlan from reaching each other.Should i trunk all my vlan to the Cisco firewall? (For easy vlan restrictions: but is that best practise?)Or do ACL on the core switch itself? but what if i have tons of servers ip that needs specific ports blocking or etc.How would i be able to manage all my ACL on the core switch. 

View 1 Replies View Related

Copyrights 2005-15, All rights reserved