Cisco Firewall :: 3128 Iptables Redirection To ASA Configuration

Oct 10, 2011

I would like to do something verys imple with IPTABLES but i canno't find any "simple" way to achieve...iptables -t nat -A PREROUTING -i eth0 -s 10.0.0.0/24 -p tcp --dport 80 -j DNAT --to squid-box:3128.The idea is to redirect any connection to any host which try to connect to port tcp 80 being redirected to a server called squid-box on port 3128.I have seen that for proxy squid implementation with ASA i had to use wccp but for my personnal understanding.

View 1 Replies


ADVERTISEMENT

Cisco Firewall :: IPTables Command Translated ASA 5540 Ver 9.0

Nov 19, 2012

I would like to have these commands on our Firewall to avoid at least several students to use this service. How to translate this? It's apparently working great if I will use an Linux box or another firewall compatible with iptables.
 
iptables -I INPUT -s hotspotshield.com -j REJECT
iptables -I INPUT -s hotspotshield.net -j REJECT
iptables -I INPUT -s anchorfree.com -j REJECT
iptables -I INPUT -s anchorfree.net -j REJECT
iptables -I INPUT -s openvpn.net -j REJECT
 
iptables -I OUTPUT -d hotspotshield.com -j REJECT
iptables -I OUTPUT -d hotspotshield.net -j REJECT
iptables -I OUTPUT -d anchorfree.com -j REJECT
iptables -I OUTPUT -d anchorfree.net -j REJECT
iptables -I OUTPUT -d openvpn.net -j REJECT

View 1 Replies View Related

Cisco Firewall :: URL Redirection In ASA 5520

Jul 14, 2011

I am using cisco 5520 for my RAS & site - site VPN's. backbone 6509 --> CISCO 5520--> ISP router with 3 ethenet interfaces.From cisco 5520 there r 2 connections to router, one for sit-site vpn outside interface and the other for RAS outside. I want to configure url redirection on 5520 so that when someone from outside access public IP it should forward it to the server in LAN. I want to use the interface hosting RAS for this.

View 1 Replies View Related

Cisco Firewall :: PIX 515E Port Redirection?

Nov 30, 2011

I'm trying to use port redirection to allow outside access to a internal web server. As far as I can see, everything is configured properly. The Open Port Checker tool from yougotsingle.com says that the port (80) is open. However when I goto access it the connection times out.     The external address is static from my ISP, and I will call it xxx.xxx.xxx.xxx. The server is at 10.1.1.20, and is functioning properly over the LAN.

View 7 Replies View Related

Cisco Firewall :: WCCP Redirection On ASA 5520

Jul 17, 2011

I currently have WCCP redirection setup on my ASA 5520 to redirect to an ironport on ip address 10.11.1.10. The ASA inside ip is 10.11.1.1 and the ironport is setup for transparent redirection to that IP. This all works well and the Service Identifier i'm using for WCCP is 95.I am now creating another WCCP group because on my ironport I have 4 interfaces so I wanted to use them for our admin network. So I created an ACL on the ASA for our admin traffic and I want to redirect that using Service Identifier 94 to the ip on the ironport of 10.11.1.22. But I can't get traffic to redirect.

View 1 Replies View Related

Cisco Firewall :: WCCP Redirection On ASA 5540?

Apr 3, 2013

I have the following topology, WCCP is configurated on ASA, inside interface, lan users and websense machine are located on the same VLAN of my catalyst 3750G?I want to filter traffic on port 80 (www) to the users on the LAN side debug on the ASA show me that comunication between that device and Websense is OK,  there is Here_I_Am and I_See_You packets
  
WCCP-PKT:D00: Sending I_See_You packet to WEBSENSE_PROXY w/ rcv_id 0000015B
 WCCP-PKT:D00: Received valid Here_I_Am packet from WEBSENSE_PROXY w/rcv_id 0000015B
 WCCP-PKT:D00: Sending I_See_You packet to WEBSENSE_PROXY w/ rcv_id 0000015C
 WCCP-PKT:D00: Received valid Here_I_Am packet from WEBSENSE_PROXY w/rcv_id 0000015C
 WCCP-PKT:D00: Sending I_See_You packet to WEBSENSE_PROXY w/ rcv_id 0000015D
  
From show WCCP i saw that WCCP engine and ASA were detected
 
FW# sh wccp 
Global WCCP information:
Router information:
Router Identifier:                   200.X.X.X
Protocol Version:                    2.0

[code]....

View 5 Replies View Related

Cisco Firewall :: ASA 5500 - Port Forwarding And Redirection

Apr 3, 2012

I'm new at the ASA5500 domain. I have a question: How can I redirect traffic coming on a port to a machine inside the LAN listening to another port ? I would like to use ASDM.

View 1 Replies View Related

Cisco Firewall :: Reverse Port Redirection With ASA 5505?

May 16, 2013

We have a singe IP Address in the Internet and want to forward SMTP traffic that hits our ASA Outside Interace to the internal Mailserver.And we like to forward Http Traffic to our Webserver.
 
Example.
 
212.23.23.23 Port 25 -> 192.168.1.100 Port 25
212.23.23.23 Port 80 -> 192 168.1.200 Port 80
 
How do i acomplish that. Which NAT rules do in need?

View 12 Replies View Related

Cisco Firewall :: ASA 5505 Port Redirection On Same Public Address?

May 26, 2012

We have 2 TS (Terminal Servers) and have configured the 1st RDP using my public address (say 8.8.8.8) on port 3389. it is working very well of course. However I need setup my 2nd TS but will use port 7777 on the same public address which is not working.I am using ASDM 6.3 and firmware 8.3.1.Is this a limitation for this IOS?

View 6 Replies View Related

Cisco Firewall :: ASA5585 WCCP-GRE Redirection To Websense Times Out?

Dec 9, 2012

I have a ASA5585 running 8.4 that is redirecting Internet http to a websense server via GRE.The integration is working fine, except when a user PC sends a large packet (~1500 bytes).With WCCP/GRE headers, the user packet is too large to be transmitted to websense, so the ASA fragments the packet in two and transmits both to websense.
 
A sniffer trace confirms that both fragments reach the websense server, but the TCP packet is never acknowledged.User-side TCP retransmits the large packet three times over 15 seconds, and eventually retransmits fine with smaller packets.  The 15 second delay is of course not acceptable.Users and Websense server are both on the Inside interface.
 
We are considering imposing browser proxy to websense (which works fine), but would prefer not, considering the increasing diversity of devices.

View 4 Replies View Related

Cisco Firewall :: ASA 5520 VPN Users With WCCP Redirection To IronPort

Apr 11, 2012

I have a 5520 ASA using wccp redirection to our IronPorts on the inside and everything works great for inside users. What I'm trying to do is get VPN users off split tunneling and to filter their traffic through the IronPorts as well but I can't figure out how. When they connect they seem to bypass the Ironport completely.

View 5 Replies View Related

Cisco WAN :: 3128 - How To Get Users Access To URL As High Priority

Dec 21, 2010

We have three locations, Seattle, LA and NJ. All the users need to go through the proxy server in NJ if they need to access to internet. We use the port 3128 on the proxy server for accessing the internet. We implement the QoS on the WAN for those three locations. For the internet acces, we configure the port 3128 as the NBAR and classify it as the lower priority.
 
The issue is...we want to have the users access to the URL as high priority, and the other web sites are still set as the lower priority. Are there any ways to accomodate it?

View 13 Replies View Related

Cisco AAA / Identity / Nac :: Webauth Url Redirection Fail With Firewall Between Host And Switch

Feb 27, 2013

Web auth redirect URL gets dropped if stateful firewall is between webauth host and switch management interface.  Aaron at Cisco live london kinda hinted about maybe Cisco working on this ?  We can't disable stateful inspection. Is there any other solutions or workarounds ?
 
"Although this approach introduces additional hops in the return path from the switch to the host, it produces negligible load on the default router and intervening infrastructure since only the WebAuth traffic from the switch to the host follows this path. In campus designs that do not use SVIs on the data VLAN,6 a default route is typically already configured. In this case, no additional configuration is required to support WebAuth.

However, problems may arise in the case in which traffic to the default router is bridged through a stateful firewall. The original SYN packet in the TCP handshake is consumed by the access switch, so the first packet that the firewall sees is the SYN-ACK packet from the access switch. Stateful firewalls typically drop SYN-ACK packets if they have not seen the original SYN packet.In this case, you will need to turn off stateful inspection for ports 80 and 443 on the firewall."

View 1 Replies View Related

Cisco Firewall :: 5505 Static Nat With Port Redirection 8.3 Access List Using Un-Nat Port

Aug 15, 2012

I am having difficulty following the logic of the port-translation. Here is the configuration on a 5505 with 8.3,So I would have thought the outside access-list should reference the 'mapped' port but even with 3398 open I cannot remote desktop to the host. If I open 3389 then I can connect successfully.

View 12 Replies View Related

Cisco Application :: Tcp 3636 - How To Configure CSS Port Redirection

Oct 11, 2011

I have CSS in single arm deployment model. I want to configure port redirection for the servers.  Servers are actually running web service on port TCP 3636. Which is accessibale by VIP http://192.168.200.87:3636 but I dont want to give user this URL I want the user to use standard HTTP URL as mention below, I want user to open http://192.168.200.87 and once they access this URL automatically CSS redirect them to port 3636. How I can achive this. I am using IP addresses for the load balancing.

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ASA 5505 Cut Through Proxy And Redirection After Login

Jun 17, 2012

I have successfully set up a 5505 as a cut-through proxy so that wireless users are required to log in when they open a browser to access the Internet.   Is there a way to take them to the original page they requested after the login is complete, rather than having it sit at the screen where it is says they are logged in?                  

View 1 Replies View Related

Cisco Switching/Routing :: 861 - External IP Redirection (Port 80)

Mar 5, 2013

I have a little problem with a redirection. When I type my external ip, I am directly connected to my Cisco 861 ( through port 80 (HTTP))

Even if I do a factory default, I always have the same problem. I try to make another redirection on another internal ip , but always same problem...

View 7 Replies View Related

Desktop Redirection In Windows 7 On Server 2008 Dc?

Jul 26, 2011

im having problems getting desktop folder redirection to work on windows 7 machinesI have users set up just with local profiles but want to redirect "my documents" and "desktop" directories to the server. I have set up the gpo's on the server and it all works fine propergating to the xp machines but the windows 7 machines just wont take the desktop redirection. However "eventually" it did take the "my documents" redirection policy

View 7 Replies View Related

Linksys Wireless Router :: EA6500 NAT Redirection Bug?

Nov 20, 2012

I have a pair EA4500s that I am swapping out for a pair of EA6500s.  One EA6500 is a router.  The 2nd EA6500 is set as a bridge and us being used as an Access Point about 200ft and two floors above the main EA6500 router.  The two units are connected via DECA (200MB Ethernet over DirecTV cable - an alternative for others with a cable provider is called MOCA).  So, basically two EA6500s serving as two Access Points on opposite sides of the house and all wireless networks on different channels but all sharing the same SSID.  Everything works GREAT except for one unusual issue.
 
The issue is with wired or wireless clients.  If I try to use my PUBLIC address with port number to address a local client on the local network inside the NAT network the NAT redirection fails.  In other words if I use 172.16.16.8 for a local web cam while inside my network from an iPhone or PC all works great.  If I use the external public address, however, the connection times out.  If I pop out the EA6500 doing the routing/NAt and swap it with the old EA4500 with basically the same config as the EA6500 everything works again.  The EA6500 and the EA4500 are configured identical for the most part and with the EA4500 as the main router NAT redirection works great but with the EA6500 NAT redirection fails.  I have the firewall setting to FILTER NAT REDIRECTION unchecked so that's not the problem.
 
Seems very odd.... and only seems to happen with the EA6500..... the work around is to use the local IP address when the client is on the inside and the public address when on the outside, but what a pain that is....

View 9 Replies View Related

Cisco Wireless :: 5508 - Setup URL Redirection After Connecting To WLAN

Aug 6, 2012

I have a wlc 5508 and I'd like to setup a network for visitors. They will connect to the WLAN, enter a password and then automatically get redirected to an external website. I understand the wlc 5508 supports this but I'm struggling to find out how to set this up I assume this can be done without having to customise webauth bundles?

View 2 Replies View Related

Cisco Switching/Routing :: 2600 / Destination IP Address Redirection

Jul 9, 2012

I have a Cisco 2600.  I would like to know how to redirect traffic going to a certain IP address three hops away to an IP address on a locally connected segment. 
 
Ex.  Packet leaves a device with source IP of 10.10.10.10 and destination of 20.20,20.20   When the packet hits the router (10.10.10.1) I want the router to redirect the destination of 20.20.20.20 to 30.30.30.30 (locally connected segment).
 
The router has two physical interfaces.I am thinking along the lines of creating a VLAN with an ip of 30.30.30.1 and then doing a NAT translation from 20.20.20.20 to 30.30.30.30. 

View 3 Replies View Related

Home Network :: Traffic Redirection From Port 8080 To 80

Sep 5, 2012

wondering if redirection or conversion port 8080 into port 80 is possible? if so how and what cisco equipment can do that?

View 11 Replies View Related

Cisco Application :: ACE4710s / HTTP Redirection To Individual Servers In Farm?

Jun 19, 2012

I am wondering if there is a method to redirect particular URLs to individual real servers in a server farm.Scenario:   We have an url which is setup on our ACE4710s (A3 2.4) to load balancer to a particular server farm as per standard setup i.e.Customers access [URL] on an external VIP, this is then load balanced to a server farm "SF_WEBSITE" consisting of 2 real servers "Server_A" and "Server_B". Nothing difficult in this set up.  However, I have eeen asked if it is possible to redirect certain urls to individual servers within the server farm "SF_WEBSITE": e.g.
 
Action 1 - Customers access [URL] is redirected to "Server_A" only

Action 2 - Customers access [URL] is redirected to "Server_B" only

Default Action - Customer access [URL] anything else is redirected to server farm "SF_WEBSITE" and is load balanced between "Server_A" and "Server_B"
 
The Standard Class Maps and Policy would be something like:
 
policy-map type loadbalance first-match SLB_WEBSITE
class class-default
  serverfarm SF_WEBSITE
 
Where I thought I would need something like:
 
class-map type http loadbalance match-all CMAP_AREA1
description CMAP used to capture specific URL for area 1
2 match http url /area1 
class-map type http loadbalance match-all CMAP_AREA2
description CMAP used to capture specific URL for area 2
2 match http url /area2

[code]...
 
I think the above method is ok for 1 instance, but if it test successfully, my company would want to to roll this out across dozens of server farm configurations each consisting of numerous real servers, which will make the administration and implementation time overheads massive, not to mention complicating and lengthening the configuration.

View 7 Replies View Related

Cisco Application Networking :: 4710 Appliance / HTTP To HTTPS Redirection URL

Sep 25, 2011

i have a 4710 appliance (one armed) and i am load balancing with two webservers. In the URL, there are links that need to be redirected to https:

[URL]
 
i am using the

rserver redirect REDIRECT-TO-HTTPS[URL] 
 
The https is working but i have a problem. when i access the Main link "first" it is redirected to https to the Main link.But if i access one of the Sublinks directly(without having to click on the main link first) the page is redirected to https but to the Main Link. i have to click the Sublink again in order to get the page.How can i redirect to https and stay on the same page? What might be the general link in the webserver-redirection?

View 4 Replies View Related

Cisco Application :: 3945 - WCCP Redirection For WAAS On Same Platform Using Different Service Group?

Nov 9, 2011

if a Cisco router or switch can handle wccp redirection enabled for both waas and some other web content filtering appliance using a different service group?
 
seems like the priority value would come into play determining which service group gets handled first?
 
we currently do WCCP for WaaS on our 3945s.
 
I am going to advocate to my customer that we separate this out for CPU load issues, config complexity issues, IOS issues, etc... but the question is going to come up - "can we do WCCP for different applications on our Catalyst 3750 core switch, or our 3945 WAN routers?"

View 2 Replies View Related

Cisco Switching/Routing :: 7206VXR - WCCP Redirection Of Non-directly Connected Subnets

Jul 18, 2012

I have a Cisco 7206VXR running 12.4(24)T3 IOS. It is configured with WCCPv2 using L2 mask redirection. I am using service groups and associated extended ACLs to select which subnets I want to redirect port 80 traffic from.
 
It is working fine for the subnet 192.168.1.0/24....
 
int gi0/2
ip wccp 10 redirect in
ip address 192.168.1.99 255.255.255.0
  
... however, there is OSPF running between the router and a Mikrotik device directly connected to this interface. The gateway addresses for all the client subnets are on the Mikrotik. Traffic from other subnets, e.g. 192.168.2.0/24, 192.168.3.0/24 come in on this interface and I want to redirect those too. But it appears that the redirection doesn't work for those subnets (I don't see any hits on the relevant ACL for any subnet except 192.168.1.0/24).
 
It seems like the router only wants to redirect traffic for subnets that it has an IP address in itself. Admittedly, all of the example configs i've found on cisco.com are for redirecting traffic from directly connected subnets but I can't find anything that denies thie possibility of redirecting any traffic that comes in on a given interface.
 
The question is, is this how WCCPv2 redirection works? i.e., the router must have an IP address in the subnet to be redirected?

View 1 Replies View Related

Cisco Firewall :: 1811 / Zone-Based Policy Firewall Configuration

May 16, 2011

I have two 1811's connected in a lab using a ipsec vpn tunnel (using a switch to simulate an internet connection between them).I am trying to configure one of the routers as a ZBPF just to allow a remote windows login (DC on the firewalled side, workstations on the other side).I'm trying to verify that the zbpf is working, but it doesn't seem to stop anything.  I had match icmp added to the class-map, but took it out to test if icmp would fail.  It didn't.  Basically, I don't think the firewall is working at all.  Any thoughts on how I can configure this so that the policies will work between zone-pairs?

Here's an quick drawing:

Here are the configurations:

 Local router:
 hostname sdc-1811-LocalLab
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
resource policy

[code]....

View 11 Replies View Related

Cisco Firewall :: ASA5505 Lose Configuration If Upgrade Firewall

May 17, 2011

i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.

View 2 Replies View Related

Cisco Firewall :: ASA 8.4 What Commands Can Use To Verify Related Configuration On Firewall

Apr 7, 2013

We have an ASA with 8.4(5) version. we had detected that few ip's were getting shunned ,to overcome the problem no shun was used and the traffic normalised.But, the same problem re-occured a few days after that with logs showing traffic being shunned.
 
is there any fixed way to get rid of this. what commands can i use to verify related configuration on the firewall.

View 3 Replies View Related

Cisco Firewall :: Configuration Required For Transparent Firewall ASA 8.2?

Mar 31, 2013

I have one firewall need to be configured in transparent mode. I have inside and outside router. What is the configuration of transparent firewall ASA8.2. I didn't find the configuration on Cisco site.

View 17 Replies View Related

Cisco Firewall :: Transparent Firewall Configuration In PIX 515E

Nov 25, 2012

I am trying to set the PIX firewall to transparent mode.After I set it to transparent firewall, I allowed all icmp, tcp, udp traffics.Currently, any devices in the inside network can get the ip automatically from DHCP server in the outside network but cannot ping to any servers in the outside network either access the internet.Do I need additional confiration on the firewall?
 
Here's the configuration:
 
PIX Version 7.0(1)
firewall transparent
names
!
interface Ethernet0
[Code]....

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Transparent Firewall Configuration?

Sep 11, 2007

I want to configure an ASA 5505 in transparent mode (7.x). Somehow, I got it to work.. but i need some kind of step by step description. I just want to connect it with outside on a route .. inside in my LAN. Its working now with one ASA. But in the Web Interface the Interfaces inside and outside are down.. but its working.

View 5 Replies View Related

Cisco Firewall :: 861 Firewall Configuration Not Available With CCP

May 5, 2012

Setup new Cisco 861 and working well for a new BTNet line for the customer. Changed the firewall using CCP from Zone to Classic Firewall. Worked great all day and configured what I needed to do.Now, with CCP (version 2.6) have the following message.Cisco CP has detected that the router is configured with either legacy and Zone Policy Firewall (ZPF) or Legacy firewall. If you want to use Cisco CP to configure an zone-based firewall, you must first delete the Legacy configuration.

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved