Cisco :: Communication Between Subnets On 5510
Sep 13, 2011
I am working on a Cisco 5510 with multiple interfaces and requirements. I have experience with Cisco IOS, but not too much with the ASAs. I seem to be getting a bit confused on the NATing and ACLs on a firewall that was started by another employee, who is no longer here. With my current config I can get the firewall in place (we are currently using an older PIX) and most basic functions work except for two key things: 1) communication from the finance interface to the inside interface. The finance subnet has some restrictions that you will see in the ACL- we are trying to limit connections to the those systems, but they need to be able access an e-mail server on the inside. 2) communication from the DMZ interface to the inside interface. Maybe related to the first problem?
View 2 Replies
ADVERTISEMENT
Sep 6, 2011
I have three routers and 2 ISPs but I'd like to focus for now on a configuration with only one ISP provider. Here is my environment:
Netgear Cable (CBVG834G) wireless routerON the cable router are connected multimedia type equipments (TV/ IP set top box/ IP amp ) located on the family room DHCP ON (because I can't get internet connectivity when I assigned Fix IP address I come to that later) IP Adress:192.168.1.2 DHCP range:192.168.1.10/ 19 Reserved IP : 1292.168.1.10 for the Dlink 4 DEV a connected D-LINK ( DIR-855) wireless router.mainly PCs, NAS (x2) located on the first floor. DHCP ON Lan IP Adress: 192.168.0.1 DHCP range:
192.168.0.100 / 120 WAN Ip address : 192.168.1.10 6 PCs are connected
Everything works fine from an internet connectivity standpoint:
DEVx can connect to internet fine
PCx can connect to internet
PCx can access DEVx
Now the issue DEVx can't access resources from PCx!
View 4 Replies
View Related
Nov 10, 2011
I have an ASA 5510 configured with two L2L VPNs from the headquarter to two different branches.I m using the ASA “outside” interface which is connected to the internet in order to establish and configure the 2 VPN connections. Branch 1 could communicate with branch 2 through the ASA?
View 1 Replies
View Related
Mar 12, 2011
I configured ASA 5510 ...
Totally it had 5 ports..
How to provide communication between two different interfaces which had configured as same security level?
How many trunks will support ASA 5510 with base-license?
How to configure trunk to an interface with different VLNs( Router on a stick).
View 6 Replies
View Related
Mar 5, 2011
configure ASA 5510 as below
inside users should communicate with Hosts on the DMZ Zone and at the same time they should go for internet towards outside interface
ASA with 8.3(1)
default security levels
attached is the digram for your reference need communicate form inside to DMZ
View 1 Replies
View Related
Jun 11, 2013
I've been following most of the comments in regarding how to allow communication between two internal networks on a ASA5510 8.2.5 But I am still a little confused about to how to set my firewall. I made chages to it and still do not have the desired results.
I need to allow comunication between Interface 0/1 and Interface 0/2. See configuration file with fake or dummy ip address below.
ASA Version 8.2(5)
!
hostname ciscoasa
domain-name lxx.com
[Code].....
View 1 Replies
View Related
Mar 12, 2011
Is it possible to provide communication between two different interfaces which had configured as different security level in ASA 5510?
View 3 Replies
View Related
Oct 23, 2011
I have a Cisco ASA 5510 configured to access the internet, with an:
inside interface (ethernet 0/1) 130.130.0.254 and outside interface (ethernet 0/0) x.x.x.x
I have now configured another inside interface (ethernet0/2) on ASA with the IP 172.16.0.254 and I have connected it directly to another switch with a management IP 172.16.0.5.
The problem is that the two inside interfaces (130.130.0.254 &172.16.0.254) cannot communicate with each other thus the e0/2 172.16.0.254 interface cannot access the internet.
View 5 Replies
View Related
Jun 20, 2012
I am setting up a network that will use the 1941 router with a cellular card (HWIC) to connect to the Internet for communication with remote stations in the field. The 1941 has a static IP address (166.142.xxx.yyy) on the Internet provided by the ISP (Verizon). The 1941 is connected via ethernet to the ASA5510. The end goal is to have the field cell routers (Digi Transport WR-44-R, also static IP) connect to the ASA5510 via VPN tunnels for communication back to the servers behind the firewall. I'm not sure exactly how to configure the 1941 so that the remote router can connect to the ASA using the public IP of the 1941 router. I have the 1941 working stand alone and can connect to the Internet and pass traffic, but I tried a static NAT to translate the public IP to the private IP of the ASA and cannot pass traffic. below is part of the 1941 configuration: [code]
Do I need to use VLAN bridging to accomplish the task or am I missing something with the NAT?
View 3 Replies
View Related
Mar 26, 2013
I have an ASA5510 that is connected to outside for WAN, inside for LAN (10.22.254.0/24), and a iSCSI switch plugged into Ethernet 0/3 (10.22.244.0/24). I can ping the Eth0/3 interface (10.22.244.1) but I can't ping across that interface from WAN or LAN side.
START CONFIGURATION
ASA Version 9.1(1)
!
hostname ASA5510
[Code].....
View 7 Replies
View Related
Aug 31, 2011
i just got an extra public subnet from our ISP (co hosting center) But I can't figure out how to use them on my ASA.
New:
IP-adresses: 87.1.1.194 - 87.1.1.254
Default gateway: 87.1.1.193
Subnetmask: 255.255.255.192
Old:
IP-adresses: 200.1.1.34 - 200.1.1.46
Default gateway: 200.1.1.33
Subnetmask: 255.255.255.240
Config:
route wan 0.0.0.0 0.0.0.0 200.1.1.33 1
And statics like:
static (interface,wan) tcp 200.1.1.37 3389 192.168.3.100 3389 netmask 255.255.255.255
View 22 Replies
View Related
Oct 21, 2012
I have two ASA 5510 in an active-standby cluster, not that I think that the fact that they are clustered will be of any importance here so feel free to think of it as a single 5510. The internet connection is delivered in a single RJ45 connection. To be able to use it with the cluster there is a simple unmanaged switch connected between the ISP and the ASA's. I have two subnets with public addresses, for simplicity lets call them 1.1.1.0/24 and 2.2.2.0/24. Default routers are 1.1.1.1 and 2.2.2.1 respectively.
Can I somehow use both these subnets in the ASA's? Im currently using the first subnet and use PAT to direct traffic to internal servers. But if I want to use adresses from the second subnet wont that mess up the routing, since there is no way I can specify the default router for the second subnet? I have as of yet not tried anything, Im just trying to plan ahead and I cant seem to wrap my head around how this could possibly be done.
View 5 Replies
View Related
May 17, 2012
Having trouble with a couple items. First of all, should I be able to ping the inside interface of the ASA from all internal subnets assuming all of these subnets/vlans are directly connected to the same L3 switch? I can ping the ASA inside interface from our L3 switch, but I cannot ping the inside interface from a host on a different internal subnet. I have setup static routing on the ASA [
route inside 10.10.96.0 255.255.248.0 10.30.1.1 1]and verified that I can ping the host [10.10.96.212] from the ASA inside interface [10.30.1.5]. The inside interface is on the 10.30.1.x/24 subnet. My host is on the 10.10.96.x/21 subnet. From the ASA I can ping 10.10.96.212, but I cannot ping 10.30.1.5 from 10.10.96.212. I can however ping 10.30.1.1 from 10.10.96.212.
This leads to my next issue, which is trying to setup the ASA to work concurrently with our current firewall. I'm doing this in order to transition to the ASA. I'd much prefer to cutover inbound NAT a little at a time vs. doing it all at once. Our current firewall is setup at 10.30.1.2 and this is the default route on our L3 switch (0.0.0.0 0.0.0.0 10.30.1.2). So my question is, if I setup an inbound NAT to one of our web servers on the 10.10.96.x subnet, will I be able to get it to route back to the ASA as opposed to ending up in asymmetric routing **** since the default route points back to our other firewall?
View 2 Replies
View Related
Feb 18, 2012
I'm replacing our current router with an ASA 5510 running 8.4(3) and I'm having what I think are NAT issues.From the 192.168.0.0/24 subnet, I'm able to reach the outside world (via NAT/PAT) without any issues. However none of the internal subnets (e.g. 192.168.10.0/24) are able to. Packet-tracer shows no ACL issues.
Here's my config:
ASA Version 8.4(3)
!
hostname gw
domain-name internal.mycompany.com
enable password asdf encrypted
[code].....
View 6 Replies
View Related
May 7, 2012
ASA 5510
Ver 8.2(5)
I have been looking all over the place for the answer of how to allow clients on an IPSEC VPN to ping from host to host.
View 4 Replies
View Related
Aug 15, 2012
I need to NAT some subnets to one IP and other subnets to another IP. The range command want work because some of the subnets are out of order.For example subnets 192.168.1.0 - 192.168.7.0 and 192.168.25.0, 192.168.28.0 nat'd to 1.1.1.1. subnet 192.168.26.0-192.168.27.0 nat'd to 1.1.1.2
View 2 Replies
View Related
Jan 3, 2013
I have a customer who has vlan's and SVIs residing on a core 6509. the 6509 is connected to an ASA 5515 then out to the internet/sp edge deviceIP routing is not turned on. there is a static route on the 6509 that routes all ip's to the inside interface of the asa 5515 that the 6509 core is connected to.there is a set of vlans that are apart of a 192.168.128.0/19 subnet and all those vlans can "speak" to each other.
View 8 Replies
View Related
Nov 30, 2011
I have a stack of SGE2010P switches with 3 vlans (1, 10 and 255) on it. Connected to it via a trunk port, I have a SF300-24P.On the trunk ports, I have vlan 1 untagged, vlans 10 and 255 tagged (on both sides, obviously).On the SGE2010 stack, I can set a ports primary vlan id to vlan 10, and workstations work correctly.On the SF300, if I set a port to type general, and the ports default vlan to 10 (on the port to vlan page), I cannot get any communication to work.This is my first time with a non-CLI switch, and am having real problems figuring out how to troubleshoot this problem.
View 1 Replies
View Related
Oct 12, 2011
I have created a new DMZ and a LAN on my ASA5510.My Ethernet DMZ port is connected directly to a server (192.168.220.10) This server is able to get to the internet properly.Gateway ASA router: 192.168.220.222..My Ethernet LAN port is connected to a L3 switch, This L3 switch is connected to a server (192.168.210.11). This server is able to get to the internet properly.My issues is that I cannot communicate from my 192.168.210.11 server to my DMZ server 192.168.220.10. From my 192.168.210.11 server I can ping my gateway 192.168.210.1 and 192.168.210.222. But I cannot ping 192.168.220.222. [code]
View 7 Replies
View Related
Feb 5, 2011
I have a SA 520W with the following configuration:
-WAN port: Internet access for web browsing and QuickVPN access for remote users
-Optional port: Configured as WAN, for VPN access to another office (Office 2) in the same building throung a public network
-Ethernet ports: Computers on Main Office.
So far I have been able to configure communication between Main Office and Office 2 via VPN.Office 2 have no Internet access, so I need to share the Internet access from Main Office.QuickVPN clients have no access to Office 2, only to Main Office.
View 1 Replies
View Related
Oct 24, 2011
How to successfully configured a Pix 501 to communicate to a LG Pheonix (I'm assuming android OS) via a L2TP/IPSEC vpn?
View 5 Replies
View Related
Nov 11, 2012
How can I allow passive ftp communication in PIX 6.3(5)106.
View 5 Replies
View Related
Aug 1, 2011
I have setup a hub and spoke VPN with communication between the spokes, the hub is also capable of receiving VPN clients connections using Cisco VPN client.
Is there a way to enable communication to the spokes using just the VPN Client connection to the hub?
Hub Static Ip / 10.0.0.1 DMVPN IP / 192.168.1.0 LAN
Spoke 1 Dynamic Ip / 10.0.0.2 DMVPN IP / 192.168.5.0 LAN
Spoke 2 Dynamic Ip / 10.0.0.3 DMVPN IP / 192.168.4.0 LAN
Spoke 3 Dynamic Ip / 10.0.0.4 DMVPN IP/ 192.168.2.0 LAN
Tunnels are up and running with communication between the spokes.
View 3 Replies
View Related
Oct 17, 2012
My company bought another company and moved them into our building. the company moved in but are on an entirely different network all together. wired separately, different domains.what i would like to do is be able to have them communicate with each other. have users on company A be able to use printers on company B's side of the network.
View 15 Replies
View Related
Jul 10, 2012
I have a network at home with 3 wired pc's and 2 laptops I usually connect through wifi and occasionally hard wire. The setup is one router, one switch and a wireless access point. I just added one new pc and I am having a specific problem with that pc and one of the laptops. The transfer speeds are really slow between this one pc (seemed capped at 30kbits) and the one laptop whether through wifi or hard wire and the issue is both ways. Both have absolutely no issues with any other computer on the network and transfer files without any issues. Both are win7 ultimate.
View 2 Replies
View Related
Jun 11, 2011
My router keeps on disconnecting?
View 1 Replies
View Related
Feb 25, 2013
Say I have a managed switch that supports VLANs. I have two computers and one server connected to the switch (I'll call them PC-1, PC-2, and SRV-1).Without routing, I want both PC-1 and PC-2 to talk to SRV-1 and vice versa, however I don't want PC-1 or PC-2 to talk to each other.I achieve this by making each port a trunk port. I make PC-1 a member of VLAN 2, PC-2 a member of VLAN 3, and SRV-1 a member of VLAN 4. The port that SRV-1 is on I make a tagged member of PC-1 and PC-2 (VLAN 2 and 3 respectively) and make the ports the PCs are on a member of the SRV-1 VLAN (VLAN 4).Everything tests OK (that is, the clients can't talk to each other, however the clients can individually talk to the server)
View 6 Replies
View Related
Aug 10, 2012
I have a working environment but wondering if there is just a better way to accomplish what I am trying to do (without a layer 3 or 4 switch). Basically I have a few sub interfaces on my Cisco ASA5510.
Now what I do need is some of the VLANs to communicate with specific devices on the different VLANs. So for example I need computer 1 from VLAN 5 to communicate with 192.168.10.5 from VLAN 10 on ports 80 and 443.
What I am currently doing is settings the security level to 100 on each interface (including the DMZ).
Here is what I have:
interface Ethernet0/1.5
vlan 5
nameif Sub5
[Code].....
View 5 Replies
View Related
Apr 12, 2012
I have a Cisco 877w (configuration shown below) and i am trying to use a Photo Transfer App on my iPhone4s and iPad3 which allows transfer of photos and videos between the devices using WiFi, the only thing is i cannot get my devices to communicate with each other and i suspect that this is to do with the configuration of my router as the app works perfectly using bluetooth but obviously a lot slower. I cannot even ping the devices from my pc which is also on the same WiFi network. How i should tweak my config?
View 2 Replies
View Related
Jan 18, 2013
I have three different VRF on Nexus 7k, and we want those should be extend to Cisco ASA 5585 IOS 8.4.5.We had used the trunk port on Nexus 7k to ASA connectivity... and Dynamic protocl OSPF is running , both are in same area of OSPF,We are making subinterface on firewall for each VLAN.... in this scnerio only one VRF connectivity is working.. but other VRF are not pingable from ASA.
View 1 Replies
View Related
Jul 20, 2011
when entering Remote group 0.0.0.0/0.0.0.0 to establish a VPN, and all communication is not working.You do not know how to set up-work?
View 1 Replies
View Related
Aug 10, 2011
I have RV 120W Wireless-N VPN Firewall and having issues with connectivity and communication between PCs within the same LAN. I tried the following to check connections:
1. Finding the computers within the workgroup using wondows network or (finding the computer) without avail.
2. Pinging the IP address of the PCs within the LAN. Request Timeout is given.
3. Pinter Network is working fine.
View 6 Replies
View Related
Jul 15, 2012
i am gettinfg the following error while copy the configuration from 6590 to tftp server %Error opening tftp://x.x.x.x/yyyy (Timed out)
1) The file is getting created in the TFTP server but it is empty and a Zero Kb file
2 ) I can able to ping to the FTTP server from the switch
3) I can able to ping to switch from the tftp server
4) The same tftp server is working wih all another Switches (i have checked with anothed TFTP softwares also but the same problem)
5) The switch is in the different subnet, the switch is having several SVIs. Also Configured the command "ip tftp source interface vlan361" (This interface can able to ping from the tftp server and also can do extended Ping from this IP to the tftp server)
6)The communication between Ftp server and the switch want to cross Point to Point WAN link (Another switches can communicate with the tftp server through the same wan link)
7)If i run FTP server on the same System and try to copy running config from 6509 to FTP some times it is working and some times it is giving the error.
View 3 Replies
View Related
