Cisco Firewall :: 2121 / How To Nat Multiple FTP Local Servers From One Single IP
Apr 24, 2013
I have a FTP server at my local network and i have natted the private IP with my Public IP using default FTP Port ( 21) , now i have created Diffrent FTP Account in my server using port 2121 and i am able to login using the private IP with port 2121 , now i want to nat with my public IP with port 2121 and i failed,
1) 125.x.x.x --------- 10.10.1.x : 21 ( Able to access from external network)
2) 125.x.x.x ---------- 10.10.1.x : 2121 ( not able to login from external network and able to login internally )
View 7 Replies
ADVERTISEMENT
Nov 21, 2012
New to the ASA 5505 8.4 software version, but here is what I'm trying to do:
-Single static public IP: 16.2.3.4
-Need to PAT several ports to three separate servers behind firewall
-One server houses email, pptp server, ftp server and web services: 10.1.20.91
-One server houses drac management (port 445): 10.1.20.92
-One server is the IP phone server using a range of ports: 10.1.20.156
Basically, need to PAT the ports associated with each server to the respective servers behind the ASA 5505. Is anything missing from this config? Do I need to include a global policy for PPTP and SMTP? [code]
View 11 Replies
View Related
Feb 5, 2012
I need to create a firewalled segment that not only separates hosts from general population, but also from each other. The solitary confinement of firewalled segments.I know that I could create a bunch of sub-interfaces, one for each host or group that needs to be isolated, but I'd really rather not have to do that if possible. 1) It could become a management nightmare between ACLs and sub-interfaces and 2) it's a waste of IP addresses.s there any way that I can create a bunch of separate VLANs behind the firewall and have them all terminate at the firewall, using a single firewall IP address for the gateway?
VLAN 1 - hosts 1.1.1.5 and 1.1.1.6VLAN 2 - hosts 1.1.1.7
Firewall DMZ Interface - 1.1.1.1VLAN 3 - hosts 1.1.1.8 and 1.1.1.9
This way, the hosts are isolated and can't talk to each other unless they're on the same VLAN.I'm working with an ASA 5510 running 8.2.4(4).
View 1 Replies
View Related
Aug 12, 2012
I have a Failover pair of ASA5550's running ASDM 6.2(5) and ASA 8.2(2). Originally they were setup with 2 context's and an admin context but one of the contexts has now been removed. I would like to now migrate to single mode before I go about patching them to the latest software.
View 4 Replies
View Related
May 21, 2013
We are migrating from a nother brand to an ASA Cluster running 8.4.5
We have a web-server on an inside interface listening on a non standard port - 20111. We have created a static NAT translating the public ip to the private, so If I do http://public-ip:20111 it works. (we are using a seperate public IP for this service only).
Now I need to create a NAT rule that will forward requests on BOTH port 80 and 443 to the same private ip and the same port number (20111)
The Private address is 10.99.250.20 and the "public" (I've replaced it in this example) is 172.16.16.16 I have managed to create a NAT that will translate 443 to 20111:
object network 10.99.250.20 nat (Private-DMZ,Outside) static 172.16.16.16 service tcp 20111 https
But if I try to add another rule like: nat (Private-DMZ,Outside) static 172.16.16.16 service tcp 20111 http It will simply replace the first one.
Is it possible to redirect both 80 and 443 from outside to the same port number and same IP on the inside?
View 1 Replies
View Related
Jun 13, 2012
I have a Fail over pair of ASA5550's running ASDM 6.2(5) and ASA 8.2(2). Originally they were setup with 2 context's and an admin context but one of the contexts has now been removed. I would like to now migrate to single mode before I go about patching them to the latest software.
View 2 Replies
View Related
May 28, 2012
Could I configure and connect 3 Dell switches to an ASA-5525 Firewall which has got 8 interfaces.
View 7 Replies
View Related
Nov 7, 2012
My corporate internal network is currently fire walled by an FWSM module on a 6513 switch. We have each security zone (we have eight) assigned to a FWSM context and have ACLs set up between the contexts and the enterprise LAN/WAN. Is it possible to support fire walling between these zones within a single security context? The reason I am asking is that we would like to purchase a second FWSM for use as a standby, but do not want to cough up the ~ $12K for the context license. We will ultimately be transitioning to ASAs for internal security, so do not want to spend more than we need to.
View 3 Replies
View Related
Aug 19, 2011
I would like to setup multiple DMZs for our hosting servers. Currently there is a single DMZ in which our reverse proxy servers are connected using a public IP address. The idea is to have the reverse proxy forward the request from the Internet to the hosting servers in another DMZ. The purpose of the hosting DMZ is to protect it from the outside as well as from the inside. There will also be a development DMZ where we can test content prior to going live with the website.
Network: We currently have two Cisco 6509's (Core) with a FWSM in each running active/stanby configuration. There is a 10Gb Fiber connection between each Cisco switch to two Cisco 4948s (Top of Rack Switches). I can either setup OSPF or Trunking between the core and top of rack switches. The Cisco 4948s will support VLAN 7 (hosting DMZ 10.0.7.0/24) and VLAN 8 (development DMZ 10.0.8.0/24). Each webserver is connected to both Cisco 4948 for redundancy.
Question: If I have a single interface connecting both VLANs 7 and 8, either through Layer 2 or 3, then how can pass both DMZ traffic to the appropriate servers? The reason why the servers are in the same rack connected to the same two switches is that we are using Blade Servers and VMWare.
View 3 Replies
View Related
Mar 13, 2011
I want to setup a virtual LAN setting in a single machine, whats the procedure?
View 1 Replies
View Related
Aug 26, 2012
Is it possible to assign a single ssid to multiple interface groups by assigning the ssid to multiple AP groups?
I have buildings geographically dispersed that are configured with multiple vlans in interface groups so that I can maintain an addressing scheme of dhcp assigned addresses per building. Each building is also further grouped as AP groups. I'd like to know if by assigning the same wlan ssid to each of the AP groups, will I maintain addressing integrity for each building? I'm thinking it will work.
Do the buildings have to be outside AP range of each other to avoid problems?
5508 controller
7.2.110.0 code
6 buildings
6 interface groups
1 ssid
View 4 Replies
View Related
Nov 9, 2011
Am trying to understand how we can have multiple IP addresses on a single NIC and what are the restrictions on the same. If i can have two IPs from two different networks present on a single NIC, then why would i ever get a new NIC?
Also, i want to understand the concept of virtual IP and how it fits into this picture.
View 6 Replies
View Related
Nov 2, 2012
I have an older DELL power edge 2800. Currently we have 2 NIC's one for the WAN one for the LAN. I wish to increase my users access speed. Can I team and or bond up to Four NIC's on the LAN side and leave the single NIC for the WAN? I am having trouble finding any info on the net for pulling this off. I have 67 users and throughput is getting a little rough.
View 1 Replies
View Related
Feb 14, 2012
I need to put a few cameras, without a server, on a static WAN ip address. Do I just assign them a static LAN ip address(for example 192.168.1.200), make sure the port they use is open, then type the WAN static ip address then colon and the last address? Like this.....I'm making up the WAN address....45.34.55.334:200
View 1 Replies
View Related
Mar 31, 2011
some of the servers are not pinging from one switch but they are pingable from other redundant distribution switch. So I took the IP addresses from the redundant switch, with that I found MAC addresses from the access switch.But when I tried to see to which ports these MAC are addresses are connected to, multiple MAC addresses are resolving to the same switchport. like 5 MAC's are showing to 1 port and other 3 MAC's are showing to other port, like this there are many. All these MAC's belong to virtual servers.
View 11 Replies
View Related
Mar 30, 2012
I just want to keep one PC as a server and one switch connect to it (For LAN). I want to connect multiple client/screen to that server, so I can use single servers for multiple screen/client.(Client machine will not have any CPU, they will utilize servers memory.)
View 1 Replies
View Related
Jul 22, 2012
I currently have mutiple computers at my place. Once the computer turned on i want the option of which login for the current computer to use, it can login it current computer or the mutiples computer with their content/data all inside. So more like an computer linked. Example, it can only to A or B, A is the current computer data, while B have all the data of the different computer monitor datas, and if i login B it will show that current computer info. And same goes to the B computer, i can login to A or B on the B computer. What makes this very good is that, both the computer logins are sort of connected, for example if im on actual computer A, but logined to computer B and downloaded/changed some files/data on the B login, once i login on computer B to login B, the changes will apply even tho the changes are done in computer A.
View 1 Replies
View Related
Jan 13, 2013
I have a Cisco ASA 5505 that I've setup with an SSL VPN. This is for personal use, and I therefore don't have need for anything more than local authentication. [code]
I'd like to have one profile/policy where I only encrypt data going to my split-tunnel ACL, and I'd like to have one profile/policy where I encrypt all traffic.
The issue ive been fighting is - it doesn't seem like its possible to associate more than one group policy per user. If it IS possible - can you tell me how I associate both groups to my local account?
View 1 Replies
View Related
Oct 13, 2011
About a week ago I changed over 9 HP Procurve switches that were previously stacking in series (yeah, daisy-chain) to a Access-Distribution type scenario with 2 (or 4 on server switches) Gb ports on each switch Trunked together connecting to a central full 48x Gb switch.
During this I updated firmwares on all the switches (most still on their shipped 5-8 year old versions) to the latest stable release (and in the process found out that HP switch firmware is absolutely brutal and untested - See ProCurve 2510G FW 11.16 as an example) .
I saw vast improvements across the network immediately after the change (wow, really? 9 48-port switches effectively sharing a single 1Gb line to the servers and internet was a bit slow? Don't tell my co-workers, they don't think that's possible ) .
The only thing that I didn't see an improvement in was on some Linux and BSD servers, which would top out at 11MB/s doing a SMB (SAMBA) transfer. These are managed systems part of our business system, but we still need to be able to pull local backups for ourselves. So I contacted our vendor. The vendor confirmed that the line speed is showing as 1000T-FDx (same as the switch is showing).
Vendor is now claiming that after these changes were put in place, the speed on their servers (and their servers ONLY) was reduced to a maximum of 5MB/s (~60Mb/s?) doing rsync transfers between themselves. And they are all on the same 2510 (48 port all 10/100/1000), which makes absolutely no sense whatsoever to me. Furthermore this is on the ONLY switch on the entire network that had an updated firmware already installed - that's not even a possibility here.
I put some windows servers on that switch and can get 60MB/s+ all day (SMB transfers). I've also tried from their one server that I can access to doing an rsync or scp to another BSD box, and max out at 15MB/s (with 100% CPU usage on the test box - I'm assuming the decryption is pretty heavy?)There is absolutely no QoS, limiting, or any possibility of throttling the links the servers are on the switch. There are no excessive broadcasts saturating it, and the ports and cables test fine.
View 15 Replies
View Related
May 11, 2012
I have Cisco L3 3560G switch which directly connected with router . i have configured Vlan 2,3 on the switch and assign port 2 & 3 respectably. I want to management both vlan 2 & 3 from from L3 port g0/10 .
View 6 Replies
View Related
Aug 4, 2012
I am Implementing Cisco IP Routing (CCNP ROUTE FLG) book and right now I am reviewing IPv6 chapter. This part of OSPFv3 multiple instances over a single physical interface caught my attention
View 6 Replies
View Related
Sep 3, 2011
We having ACS version 5.2 0.26 with Active/Standby. We need to integrate active directory with ACS. Domain name given by Server team was as xyzcompy.local. When I tried to resolve the same domain name I got five servers ip address against the same domain name. however we given the ip reachability to only for two servers. We we try to save we get error saying that "Can not resolve the network address".
So my questions are;
- does ACS should have ip reachaibility to all five servers
- does the username/password we entered in the ACS should have domain admin rights?.
- the given AD is configured with windows NTP [URL] but when we configured ACS as windows NTP it was taking local server as active NTP..?
When we check the ACS logs, we saw the following error;
in acsLocalStore:
AdminName=acsadmin, DomainName=qatarconvention.local, ADOperationResult=unable to create secured connection against AD server, switching to non-secured connection. javax.naming.CommunicationException: simple bind failed: qnccad02.xxxxconvention.local:636 [Root exception is java.net.SocketException: Connection reset],
in ACSADAgent;
32484]: INFO dns.findsrv FindSrvFromDns failed: res_query failed _ldap._tcp.xxxxconvention.local
Sep 4 12:43:20 acs01-cc4 adjoin[32484]: INFO cli.adjoin Join to domain 'xxxxconvention.local', zone 'null' failed.
I attached some screen print which saw the error and output of nslookup for the domain name.
View 3 Replies
View Related
Sep 6, 2012
For my Lan, I have created two Vlan; Vlan 10 = for Users and Vlan 20 = For Database Servers,There are 15 Lan computer/laptop and 5 SQL database server (Dell Server) connected through same 24 port cisco 2960 switch. Means, 15 + 5 port occupied.
I have applied access list on cisco switch to restrict communication between vlan 10 and vlan 20.But My main purpose to create two Vlan is not for any kind of communication or restriction. My main Purpose is that Users traffic do not distrub or choke or affect the Database servers. then what will i need to do for that is VLAN Concept is sufficient for my concern OR I will need to buy seperate Cisco Switch to connect 5 database servers OR Else ?
View 9 Replies
View Related
Mar 5, 2011
I have 2 gateway over my network provider to connect to internet.like Gateway1="1.1.1.2" and Gateway2 = "1.1.1.3".but i have only one network adapter with one wire.now i want program to create "Virtual Network adapter" assigned to my real network adapter to set secondary Gateway to it, and use it by "ForceBindip".
View 3 Replies
View Related
Apr 9, 2013
I have a i-ball 150M wireless-N ADSL2+ Router device in that , in the NAT tab, i have activated DMZ at my static ip with a private address 192.168.1.224 , so that that ip enabled device can be access to anywhere in public network.I want that using this single static ip , How to configure two private address devices in DMZ, so that both of ip enabled devices can be access in public network.
View 3 Replies
View Related
Feb 18, 2013
Our work building currently has 2 separate DSL lines feeding into it, one on each end of the building. The reason for two lines was so each one would have its own bandwidth, thereby supporting more simultaneous users. There is a router connected to the DSL jack at each end of the building, broadcasting its own wireless network: let's call them Work 1 and Work 2.Is there any way for me to connect the Work 1 and Work 2 wireless networks, so that they appear to the end user as one contiguous network?
View 3 Replies
View Related
Jan 14, 2013
I have multiple campuses and a Central Admin...I've created Groups for all, except I need a few devices within Central to be available to the Campus Admins... (ie..a Cisco WCS System) How do I allow a device to be put into multiple NDG groups?
View 1 Replies
View Related
Jan 31, 2011
i have 2 ftp servers running on windows server 2008 r2 with IIS 7.0 FTP 1 on port 21 works seamlessly, however my second FTP i have port 2121 will when "accessed" via [URL] from inside the router everything will work fine, once attempted to use the ISP address outside or even inside the router everything goes sour. i do recieve a login prompt but the page times out after credentials are supplied, i have configured the firewall to allow 2121 inbound and 2120 outboud, for shits n giggles i allowed 2120 inbound, that didnt work so i deleted that entry after the fact. Ports are forwarded, and to my best knowelege the firewall is configured correctly.
View 1 Replies
View Related
Dec 2, 2012
Can we use single ospf process for multiple VRFs in Nexus 7k. If yes is there a document to show how ?
View 0 Replies
View Related
Oct 12, 2011
I have two 1142n LWP ap converted into standalone, as client doesn't have any controller there. They just want to extend their network via wireless.
L3 switch (trunk port gig 1/48) -----> connected to AP1
L3 switch (trunk port 2/48) -----------> connected to AP2
client is looking for 3 vlans on the floor ( users might multiple vlans might associated same AP ). They have a dedicated DHCP/DNS server and he will be configuring 3 vlans on L3 switch with correct ip helper address on SVI interfaces.
I'm i allowed to created 3 SSID's on 1142n standalone AP ?
What would the various optiosn to achieve this requirement ? Is there any simplest way to achieve this ? Do i need to go for 802.1x ? I remember client told their users are authenticating by using AD for wired network. This is their first request for wireless environment
View 2 Replies
View Related
Feb 27, 2013
I read from this forum some discussion about the WLC VLAN Select feature. [URL]. I see that you can use this feature to have multiple VLANS (interfaces) to map to the same WLAN (SSID).
What I try to learn is under what scenarios would people need to have mutliple vlan mapped to single SSID?
In my environment, I have 50+ AP int he campus on 20+ Cisco 4500 switches. I have single WLAN and it is mapped to one subnet. All wireless users would be on that subnets, whereas wired users are on 20+ subnets of their own.
View 6 Replies
View Related
Feb 28, 2011
We are in the process of installing time clocks at some of our sites around the USA. Our security department has asked that the time clocks be completely isolated from the rest of the network. The time clocks will be administered by ADP via a centralized firewall utilizing NAT. We have multiple subnets available at each site. Let me give an example to calrify what I would like to do. Example: Site A has 10.168.19.0 /24 user subnet and is configured for VLAN1 using 10.168.19.1 on the router as the default gateway. I would like to use subnet 10.168.20.0 /24 for the time clocks, configure it for VLAN2 and use 10.168.20.1 as the router gateway address for VLAN2. This should allow me to NAT one of our additional public IP addresses to the 10.168.20.1 gateway address thus completely isolating the time clocks from the remainder of the network. Problem is I have not done this before so I'm a little confused about how to configure it in the Cisco 3750 switches.
View 6 Replies
View Related
Apr 27, 2011
setting up a simple internet plan for a place, but a LAN center needs crazy fast internet, faster than most large enterprise class offices that take up an entire floor or two. Otherwise there is too much lag in games like first person shooters. We are expecting to have 60 computers, plus people bringing their own gaming rigs from home and laptops as well, xbox, ps3 and other consoles, all accessing the internet at the same time to varying degrees, with no room for lag. There is a LAN center in california that has 200 or more computers and they pay for 9 t3 lines, which is thousands and thousands of dollars per month. Plus the initial equipment to set that up from what I can find on cdw is many thousands of dollars also. Something like 10,000 for a router with 4 expansion bays, and 4000-6000 dollars for a t3 expansion card, bringing the total to around 22-28,000 for equipment to do just 4 t3's. Plus the monthly cost. Since we don't need all of the traffic to be secured like a high end business class line like a t3, I was considering what it would be like, and how one would set up, having multiple cable internet lines coming in. They make cable wic cards for cisco routers. 4, 50meg cable lines would give us 200 down and 40 up but I don't know how to make that work without having multiple public ip's. I was thinking that if I did have multiple public ip's on the network I could just divide the computers up so that they are in groups, using all of the public ip addresses for gateways, so that the load is split pretty evenly, but still, there should be a more seamless way to do this, I just don't know what it is. At the rate for business cable internet, 4 lines would probably only cost around 700 dollars a month, which is much better than probably 5 grand a month for several t3 lines.
View 3 Replies
View Related
