Cisco Firewall :: 2801 Cannot Access External Websites That Use FTP

Dec 26, 2012

I am having an issue where I cannot access certain files on websites. It looks as though the files are accessed via ftp. Could my router be blocking it. I have a Cisco 2801 router acting as a firewall.

View 13 Replies


Cisco Firewall :: 2801 - Access List Works Only If Word Log Presents?

Jun 27, 2011

I have very strange behaviour on my Cisco 2801 router when I applied access list on wan interface.
SIP Provider <----> Cisco 2801 <-----> CUCM 6
We are using Cisco 2801 as Voice gateway for CUCM 6. so only one purpose of this router is just receiving calls on sip dial-peer and transfering to internal network.
If you look on access list below, if 'log' words don't present on these 2 lines, access list didn't work. Problem with it is that when I establish call from us or to us I can't hear incomming RPT stream, but other side can hear me. But when I type word 'log' there, everything stars working immediately.
Cisco 2801 IOS version:
Cisco IOS Software, 2801 Software (C2801-ADVENTERPRISEK9_IVS-M), Version 12.4(6)T9, RELEASE SOFTWARE (fc2)


View 5 Replies View Related

Cisco Firewall :: Cannot Access Certain Websites Behind PIX 501 With 6.2 FW

Oct 9, 2012

I have a PIX 501 with 6.2 FW.  The firewall inside network is connected to a Windows server (Mailserver).  I can get access to most websites on all clients as well as on the server.  However, there are some particular websites, such as that the server and all but one client cannot access.  I get a "cannot display the webpage" in internet explorer.
I have disabled the Windows firewall and AV.  I have also scanned for any malware and no malware was found.
I found on the forums a "fixup protocol dns" solution, but my PIX version does not support it.
Below is my config:
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100


View 12 Replies View Related

Cisco WAN :: Save DHCP Table Inside Of External Flash In 2801 Router

Dec 3, 2012

how to storage the DHCP IP table in a external flash of a router. This is because the router is switched off and switched on everyday but I want that it remembers which MAC is associated with which IP when it starts again and avoid IP duplicate problems. The command "lease" doesn't seem useful here.

View 4 Replies View Related

Testing Websites From An External Connection?

Feb 28, 2013

At our small business I would like to be able to test connecting to some of our websites as an external IP address user outside of our network although still being physically connected to the internal network. Any thoughts on the simplest way to set this up? I have the capability to setup vlans on our switch, could I make one of the vlans/ports have an external connection instead of an internal?

View 1 Replies View Related

Cisco Firewall :: 5510-K8 Why Can't Access Same Websites On Restricted PC

Nov 18, 2012

Has ASA5510-K8 as firewall, has access rules setup for restricted PCs: [code] permitOn those PCs, users can only browse the websites that are in favorites, but some of them are working, some are not.Test on unrestricted PC, websites that can’t be accessed from public PCs can be access on regular PCs , either by address or IP.Checked GPO setting, don’t see anything wrong there.

View 4 Replies View Related

Cisco Firewall :: Pix 506E - Clients Do Not Access Some Websites?

Feb 27, 2012

I have a problem with PIX 506E that meets the version 6.1, and in an simple computer network equipment seems to behave in strange ways because some web sites do not open or very open slow thereby its operation impracticable. On the other hand other web sites open normally.
Querying the web site of the Cisco, I found several documents discussing the same problem but in a later version ( 7.0 ), not in this version 6.1.
I've tried removing the pix from the network , not the error occurred, again insert pix however tested only with a machine, without the rest of the network and the problem persists

View 13 Replies View Related

Cisco Firewall :: ASA 5520 - Filter Is Not Allowing To Access Certain Websites

Aug 20, 2012

We have a Cisco ASA 5520 and Web sense.  I added a filter but it seems like it is still not allowing us to access a certain website from most of the machines however some machines with the same configuration work on the DMZ. Accessing website tells us:

"Firefox has detected that the server is redirecting the request for this address in a way that will never complete". 

Filter I applied on the firewall:

filter url except allow
filter https except allow

View 9 Replies View Related

Cisco Firewall :: ASA 5510 Websites Unblock To Access Very Slowly

Apr 15, 2013

I have an configuration of ASA 5510:
ASA5510# show run
: Saved
ASA Version 8.3(1)
hostname ASA5510
domain-name lohoi.local
When i configure to block websites it's ok, but websites unblock to access very slowly, sometime i can't access. My company has 50 users, all most them can't access unblock sites. How can i configure it better?

View 1 Replies View Related

Cisco Firewall :: Asa 5510 Blocks HTTPS Access To Internet Websites

Jan 20, 2013

I have installed a new ASA5510 with CSC, and everything is working properly except the access to websites using https. All sites/access to them seem to be blocked by the ASA. I have read that this access is by default enabled and I have tried to add configuration to allow https access to the firewall but without success. [code]

View 6 Replies View Related

Cisco Firewall :: 5505 Access Websites Hosted On Local Web Server

May 4, 2013

I have a Cisco ASA 5505 in my home office which has a few PCs behind it with a linux web server running some websites. I can access the websites from outside no problem (i.e. on my iPhone using a 3G connection). However, I struggle to access the websites from within the network. The ASA gives me this error: [code]

View 3 Replies View Related

Cisco Firewall :: RV120W - URL Blocking / Limit Internet Access To 1 Or 2 Specific Websites

Aug 18, 2011

My company has a peer to peer network of 10 personal computers without a server.  Operating systems from Windows XP to Vista.  I've recently installed a Cisco RV120W Wireless-N VPN Firewall.  It's configured in DHCP Server Mode with printers/copiers that have static IPs below the DHCP range.
I'm having a problem with certain stations being used for personal networking, shopping, etc. during business hours.  Consequently I would like to limit internet access on these stations.  However, some internet access is required because of online database software that's an integral part of our business.  I've been reading in the Administration Guide about URL Blocking.  Would it be possible to give static IPs to certain stations and then limit their internet access to 1 or 2 specific websites?
FYI, I've read about the Trusted Domains and Blocked Keywords but cannot quite understand how to parley this into the solution I need.

View 1 Replies View Related

Cisco Firewall :: 5510 - Can’t Access External IP From Within LAN

Oct 20, 2010

Basically we have different customers using the same 5510 firewall. We have created one sub interface for every customer on the inside interface. There are differed NAT rules for every customer all using the same block of public IP addresses on the outside interface. They do not have access to each other’s network so I cannot make any exemption rules between two sub interfaces. The problem is for all our customers that they cannot communicate with each other over Internet, Email, Applications etc. using the external IP address. A work around is to use a proxy server, but they do not agree with that. I cannot make exemption rules between sub interfaces for security reasons.

View 8 Replies View Related

Cisco Firewall :: 8023 / External Access To Internal Router Via ASA

Dec 31, 2012

I am aware that we can allow external admins to telnet over a custom port to the internal router. Even i was allowed to connect to a remote router via the remote firewall. The way i was accessing the router is by telnet to the remote ASA address on port 8023.I am not sure how exactly we can configure this on a ASA.

View 2 Replies View Related

Cisco Firewall :: ASA 5510 - Enable External Access To Server On DMZ

Apr 5, 2011

i'' ve one appliance ASA 5510, v8.X and asdm 6X here u have my configuration :
interface Ethernet0/0 description Link To WAN nameif outside security-level 0 ip address!interface Ethernet0/1 description Link to LAN(forefront) nameif inside security-level 100 ip address!interface Ethernet0/2 description Link to CoreSW (DMZ) nameif DMZ security-level 50 ip address
i have on server ssh ( on my DMZ .
I wan to enable my external user, i mean outside user to be able to access to this server which is in my DMZ for this port ( ssh)

View 4 Replies View Related

Cisco Firewall :: 5510 - How To Allow Access From LAN To Server Using External FQDN

Feb 20, 2012

I may have phrased the topic not too clearly, but I have an external domain name of , I want my users INSIDE the company be able to also get to url..., currently they cannot (nothing loads, looks to me as if firewall simply drops it) and I'm drawing a blank on how to get this done. Externally this works fine so if you're outside the company you can load up OWA just fine since my NAT rule translates the external IP to internal IP, but something is blocking this from the inside.
I have an ASA 5510. If you can just sent me on the right path with theory I'll figure it out on my own, I don't need exact steps, but I must be thinking of this wrong as I'm not getting anywhere.

View 10 Replies View Related

Cisco Firewall :: ASA 5520 - Access Current Server Using External SNAT IP

Dec 8, 2012

I have an ASA 5520 with a DMZ with private addresses that I SNAT to my outside network. From inside the DMZ I can reach servers by both the internal private IP and the public IP, except if the IP is from the server trying to connect. So, say I have server1 and server2. I can connect from server1 to server 2 with both public and private, but can't connect from server1 to server1' using the public IP. ASA logs show that packets are being denied due to land attack. DNS doctoring is not an option for me.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 / Allow External Traffic To Access Internal Computers

Mar 22, 2012

We have an ASA 5505 running version 8.4. We are having problems allowing external traffic to access computers behind the firewall. Our current config is:
ASA Version 8.4(3)!hostname ciscoasadomain-name default.domain.invalidnames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address!interface Vlan2nameif outsidesecurity-level 0ip address!boot system disk0:/asa843-k8.binftp mode passivedns server-group DefaultDNSdomain-name default.domain.invalidobject network a- network a- network ext-serversnetwork-object host host host network ecomm_serversnetwork-object


View 10 Replies View Related

Cisco Firewall :: 5505 - Users Unable To Access External Email Servers ASA?

Nov 28, 2011

I have a issue that i am at a loss as how to solve it. I have an ASA 5505 as my firewall. I have users from other companies who visit from time to time and are unable to use their outlook email to send messages. They can however receive messages without a problem. I also have a situation where users who use windows live to access gmail are unable to send messages.
I have narrowed it down to the fact that these uses are using  ssl/tls to send the mails. I did some research and found out about the inspect esmtp setting in the ASA.  I have disabled it and i still have to problem. I have also removed all outbound deny statements and still no luck.
Of note is that i can send emails without attachments. They take a long time to go out ( from minutes to hours) but eventually they do. Emails with attachments of even 10k do not go at all.
I was running image 8.2.3 and i downgraded to 8.0.5...still did not work...i upgraded to 8.4.3...still did not work. I am now back at 8.2.3.
My Firewall config is attached. I am at my wits end as to what else to try. The company has not renewed support for the device so i am on my own here!

View 2 Replies View Related

Cisco Firewall :: 5505 - Construct An Access List For Outside Interface Using External Address?

Sep 10, 2012

I'm configuring a 5505 for a remote office.  Until they are assigned a static ip by the provider I will have to use the providers dhcp address. How do I construct an access list for the outside interface using the external address if I don't know it yet? is there a commnd that will insert the ip address in to the access list once one is assigned?

View 5 Replies View Related

Cisco Firewall :: 5510 Security Plus To Terminate Client VPN Access For External Support Team

Aug 7, 2012

I have a customer that wants to purchase an ASA 5510 security plus to terminate client VPN access for an external support team. The customer claims to want URL content filtering/proxy which leads me to suggest a CSC SSM 20 plus module. But upon further conversation, he mentioned wanting IPS. In this case, the customer does not seem to know the difference between the URL content filter/proxy and the IPS and uses both terms interchangably.
1. What would you suggest in your expert opinion would be the best module to get for this customer? IPS or CSC
2. If I go with the CSC module, where can I find good documentation on how to configure it and get it up to date?
3. does the CSC module provide any web proxy functionality?

View 3 Replies View Related

Cisco WAN :: 2801 - Access Web Server From LAN

May 3, 2012

I have a Router 2801 What conf should i make to access the webserver from the same LAN.
no ip dhcp use vrf connected
ip dhcp excluded-address


View 6 Replies View Related

Cisco VPN :: VPN Access To FWSM LAN Through A 2801

Mar 26, 2011

I have a FWSM in my 6509, this firewall is managing three VLANs, one of which holds a file server. As you all know, FWSM do not support VPN like the ASAs and PIXs do. I have been trying to add remote access to this file server LAN all week. The only VPN device i have is a 2801 router.
first layout: VPN router behind FWSMstatic translation from FWSM LAN (private) to VPN WAN (public)default route was facing back at FWSMip address pool was to be NAT'd on the interface facing the FWSM  the idea was that my VPN address pool would be NAT'd back to the FWSM on it's VLAN. since the FWSM was managing this VLAN and recognized the source IP of the translated address pool, i would have access to my precious file server.
second layout: VPN router fa 0/1 on a /30 with 6509 (public)VPN router fa 0/0 still on the same LAN as FWSM (private)address pool for VPN once again NAT'd to fa 0/0default route pointed to fa 0/1static route of FWSM LAN pointed to fa 0/0  this idea was to have more of a 'inside' and 'outside' interface on the VPN router. this too did not work, having used every trick in the book, i could still not ping anything on the FWSM LAN while VPN'd in the network (aside from the LAN interface on my router)
trace route was showing that the all routes were headed out fa 0/1 (default route) and all to my FWSM died. i really don't think my address pool is being NAT'd, though my route map statement applied to the NAT policy is permitting my VPN address pool.
I am new to VPN technology, one of those things that happened to land on my lap. how this layout could work? there are no good VPN Remote access walkthroughs for a situation like this (2801 allowing access to a FWSM controlled LAN)

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Firewall To Filter HTTPS Websites?

May 28, 2012

I have a cisco asa 5505 firewall. Is it possible to block secure websites in it like [URL]? I have already tried regular expression filtering but it filters only http traffic.

View 4 Replies View Related

Cisco WAN :: Router 2801 MAC Access List

Apr 9, 2013

I want to block access of some clients from the vlan1 to acces internet blocking their MAC address. How can i do this?
I have tring this way:
access-list 700 deny mac address 0000.0000.0000
access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
int fa00
bridge-group 1 {input-address-list 700  output-address-list 700}
but it's not working .

View 1 Replies View Related

Cisco VPN :: Setup Remote Access Using ISR 2801?

Mar 23, 2011

I was trying to setup an Remote Access VPN using ISR 2801. I was able to establish the vpn tunnel from my house using DSL Connection (behind NAT), the ISR give the IP address which is from the ip pool that I configured on the ISR. The problem that I have right now is that it fails reaching the corporate LAN network.

View 6 Replies View Related

Cisco WAN :: 2801 Way To Deny Access To A Specify Web Site

Apr 5, 2012

I have a 2801 router. Is there another way to deny access to a specify web site ( like youtube, facebook .. etc ) without create acl's with specifed ip's ? The router doesen't support url filtering. I thought to do something like redirect traffic to another site : for example if one client want to access url.. that the browser will open url...

View 4 Replies View Related

Cisco WAN :: 2801 Router Can Access Internet But Not LAN Users

Feb 9, 2012

The goal is to add a 2801 router between a DSL modem and a switch and obviously still access the internet. I connected and configured as explained below and the results are:
- I am able to ping internet addresses from the 2801 router
- I am not able to ping internet addresses from userlaptop but I am able to ping LAN gateway (
I cannot understand why the internet requests from the user laptopuser are not routed to the internet but the router itself can access the internet.
non-bridged mode and does the PPPOe authentication.
WAN interface: Dynamic IP address assigned by ISP


View 14 Replies View Related

Cisco Firewall :: 2801 Disable Telnet On Outside Interface

Jun 14, 2011

I am using a Cisco 2801 Router and currently have Telnet enabled on all interfaces.  How do I change that so it is enabled from all inside networks, but not on the outside interface? 

View 12 Replies View Related

Cisco Switches :: 2801 Router - Access Settings Of SF300-24p?

Jul 6, 2012

I was just recently hired in my company, we have an sf300-24p switch but I cant find the console cable for it, I think it needs a female to female db9 serial cable, all I have is  a DB9 serial to rj45 console cable for the 2801 router, also I cant find the IP address of the sf300 switch, it is directly connected to the 2801 router, I issued a show arp to the router but didnt find the switch's IP add for web access, to sum it up I have no way of configuring the switch, is there any way to find the IP address of the switch? It also dosnt show on show cdp neighbors?

View 13 Replies View Related

Cisco Firewall :: 2801 / Setting Up Static NAT To Internal Server?

Dec 15, 2012

One of my internal servers requires it to be available to the internet I am having a hard time allowing it to be NATed through my Ciscc 2801 router. It seems as though im missing something small. From what I can gather it seems as though its as issue with ACL, but im not sure. I have ran the following command: ip nat inside source static tcp ***WAN IP Address*** 8443 extendable Then I tried to add it to the ACL via this command: access-list 150 permit tcp any host ***WAN IP Address*** eq 8443 
Here is a copy of my config.
IP    172.19.3.x
Ciscso 2801 Router


View 5 Replies View Related

Cisco Switching/Routing :: Setup LAN To Have Internet Access Via 2801 Router

Feb 11, 2013

I want to set up my LAN to have internet access via my 2801 router.The 2801 router is connected to my home ADSL router.Now do I just configure a 'gateway of last resort' on the 2801 router pointing to the interface leading to the ADSL router ?Therefore, all traffic from my PCs that is internet bound will head out to the ADSL router and onto the internet.

View 3 Replies View Related

Cannot Access Some Websites?

Feb 1, 2011

I am trying to access some websites and unable to do so

View 2 Replies View Related

Copyrights 2005-15, All rights reserved