I have 4 public IPs on Router 3845 interface FastEthernet 0/0/1. IP as below.
50.200.2.2
50.200.2.3 secondary
50.200.2.4 secondary
50.200.2.5 secondary
I wan to allow ports 80 to 90 on 50.200.2.3 for my webserver (192.168.10.50)
how to configure the backup port for the management interface for a WLC 2112. I see in the documentation that it states:
"Each interface is mapped to at least one primary port, and some interfaces (management and dynamic) can be mapped to an optional secondary (or backup) port. If the primary port for an interface fails, the interface automatically moves to the backup port. In addition, multiple interfaces can be mapped to a single controller port."
But nowhere can I find where it says how exactly to do it. Google seaches have come up empty as well. I am connecting the WLC to a 3750 stack, and would like to have a secondary port from the WLC connected to the second node of the 3750 stack. So far I have connected port 1 (management) of the WLC to a port on node 1 of the stack which is configured as a trunk and everything is workign fine. I have also connected port 2 from the WLC to a port on node 2 in the stack that is configured the same as the port on node one. how to tell the WLC to use port 2 as the management backup if needed.
[URL]
I have Cisco 3845 with two Gigabit interfaces configured as port-channel with subinterface and with QoS.However shape does not work, why? [code]
View 1 Replies View RelatedI have two ASA 5520s in Active/Standby. I try and test this quartely to ensure it is working correctly. Everything works fine, except I have an issue with one interface. When doing a show failover, it shows the interface as failed on the secondary unit, and I am not sure why. It shows it as normal on the primary.
This host: Primary - Active
Active time: 9277305 (sec)
slot 0: ASA5520 hw/sw rev (2.0/8.2(4)) status (Up Sys)
Interface WaterworksCanopy (192.x.x.x): Normal
[code]....
We already have a subnet defined to inside interface and is in produciton. the default gateway is this interface ip. In that setup now I have to add one more subnet and as the first subnet is been defined in ASA indside interface, I have to assign secondary Ip to the inside interface so that new subnet users can easily reach here and go outside.
View 1 Replies View Relatedi never see this before, but on newly purchased just configured firewall.when i do wrtie standby.All interfaces on standby unit flaps.is it some IOS bug? my firewalls are [code] what could be the reason? FYI i am using LAN base failover and not doing any statful fail-over.
View 3 Replies View RelatedI need to open the following ports on a pix:
-tcp 3230 to 3235
-udp 3230 to 3253
How do I open the ports?
I have a Cisco ASA 5520 (Ver 8.2(4)) with all four interfaces in use (Public, Private, DMZ, Local offices) and an IPS module, so there are no spare interfaces. I have used all of Public IP's on the current interface for various services (these need one to one mapping, so I can't port map mainly due to SSL certificate issues) and I need to add another Public IP range. The secondary option on ASA interfaces does not exist as on routers/switches and I need to use an additional non contiguous IP address range for additional services advertised on the Public interface that are NAT'd to be servers in my DMZ.
I have seen an example of adding a static arp on the Private interface to allow a secondary gateway to be used for outbound traffic, but I need to allow 14 new IP addresses to be NAT'd from the Public to DMZ and possibly also for outbound NAT'ing (from either Private or DMZ to the Public). I have a L2 switch between the ISP router and the firewall, so using VLAN's is not an option unless the ISP can be persuaded (highly unlikey) to add the seondary IP's as a sub interface with tagging. Anyway if this was actioned then we would have a massive outage on our current IP range during the transistion.
I would just like to to open UDP port 123 in the ASA 5510 Firewall so that our Primary Domain Controller could use this port to sync time with an external time source. We have already added an access rule for this port under the firewall configuration in ASDM 6.4 and this port was also allowed in the inbound and outbound rule of the PDC's Firewall but it seems that it was still blocked.
View 23 Replies View RelatedI have just updated a VLAN interface on my router. I have two 6500's with GLBP configured. The particular interface had a primary and secondary IP address. I shutdown the interface on one router and deleted the secondary address then assigned the orignal secondary address to be the be the only address associated with the interface and enabled the interface and it came right back up...all looks good. I proceeded to do the same thing to the other router and once again all looked good. Now, I am able to PING the devices in the subnet from router, but am unable to ping them from any place else. [code]
View 2 Replies View RelatedI have a problem in configuring two pair of backup interface on my customer's router (3845). It's ok when I configure just one of them. If I configure both pairs of interfaces into backup interface, one of them will be in disabled mode, as shown below :
WANR01#sh ip int bri
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 172.16.199.106 YES NVRAM up up
GigabitEthernet0/1 172.16.3.5 YES NVRAM up up
Serial0/0/0 unassigned YES NVRAM administratively down down
Serial0/0/1 unassigned YES NVRAM administratively down down
FastEthernet0/1/0 125.213.133.186 YES NVRAM standby mode down
FastEthernet0/2/0 172.112.22.6 YES NVRAM standby mode/disabled down
FastEthernet0/2/1 123.231.177.238 YES NVRAM up up
Loopback0 172.16.199.12 YES NVRAM up up
I have configured a qos policy and I am trying to apply the policy to a vlan interface which is physically connected to a switch module port of a 3845 Router.When I try to apply, the message configuration failed appears.
View 4 Replies View RelatedI need to open port range 554 - 558 to a DVR on the internal network. Also, I need to NAT one of my public IP's to the DVR. How is this accomplished in 8.4? I was able to do it in an older version ASA software.
View 3 Replies View Relatedi just ran a NMAP scan on the outside interface of a ASA 5520. It seems that the TCP Ports 7070 and 554 are open on all NAT interfaces and the outside interface of the firewall. I tried telnet on port 554 and 7070 and got connected.
View 10 Replies View RelatedThis is problably a stupid question but how do I open a prot on a cisco 1811? I have a cisco 1811 and a computer that has VNC installed on it. I want to be able to access that computer from out side the network using the external ip address and port 5950. People outside the network will be able to open vnc viewer and type in *external ip address*:5950 and it will be directed to the computer with a static internal ip address of 10.11.101.10. What commands do I use to do this?
View 23 Replies View RelatedWe have an ASA5510 that we need to open port 25 to allow mail traffic to our internal Exchange server.We have 2 interfaces defined... one named Internal on eth0/3 ip 10.1.x.x and one named Internet on eth 0/0 ip 96.56.x.x.We followed the instructions in ASDM for allowing access to a public server but confusion over definitions have stopped us.ASDM asks for the internal interface and the internal server IP... no problem there because the internal interface and server have two different IP addresses. The Internal interface is eth 0/3 (10.1.1.1) and the server is 10.1.1.2.
However, when we get to the External interface (eth 0/1) there is only a single IP address 96.56.x.x but the ASDM asks for an Interface IP and the IP people would use to get to the mail server from the outside. Inasmuch as we have only 1 external IP address (which connects to our upstream Cisco router which in turn connects to the ISP modem) we used the same IP for both but the ASDM returns an error indicating they must be different.
Apparently we do not have a clear understanding of what the ASDM is actually asking for. When the ASDM asks for the external interface we assumed it was asking for the named value we gave the interface (which is Internet). The named value "Internet" has an ip associated with it 96.56.x.x. But when the ASDM asks for the ip people on the outside would use to get to the mail server (we created a named value called "mail server" and gave it the same ip address as the external named value. This duplication of ip address causes the ASDM to return the error stating that external Interface to be used and the external ip to be used cannot be the same.Have we made an error when we assumed that when the ASDM asked for the external interface it meant the ip of the external interface or was it asking for the eth number (as in eth 0/0) for the interface?
I have a static IP address over 100Mbit fiber. I've installed a Mac Mini as a webserver and opened the ports 80, 443 and 5900 and a few others for minor services. Everything works fine: the http server (and https as well) is up and pepole can reach it from wan.Yesterday I tried to setup the FTP service with less success. Into the ACCESS RULES I enabled the FTP service and, as a result the port 21 opened up.
But if I connect via Cyberduck to the server I can navigate through the folders but I can't download anything. So I tryed to open up the port 20 for data transfer with no result. Same issue when I tryed to setup the AFP service to mount remotely server volumes: port 548 opened up but no success with port 549.
I travel a lot and use wifi in a lot of different places (hotels, airports, etc.)My apps don't always work and I suspect that in some instances the broadband provider is blocking some of the ports I need.I don't need a port scanner like NMAP since that scans a target IP for listening ports.What I need is a way to figure out whether some firewall between my PC and the Internet is blocking specific UDP or TCP port ranges.
View 2 Replies View RelatedI have a network with multiple servers behind a PIX with 6.3 on it. I have one public IP address, and I'm using NAT. I'm currently trying to port my Exchange server to a cloud host, and the vendor is requiring I open up a wide range of ports for MAPI, basically ports 1024 on. What would be the command to forward all of the trafic cominto/from that broad range? if I could simply route all trafic to and from their two IP addresses to my email server, that would accomplish the same end goal.
View 3 Replies View Relatedi have a cisco asa 5510 and would like to add a NAT rule for a range of ports like 50000-59999
View 15 Replies View RelatedI just bought a Cisco ASA5505. I'm trying to opening a port range through CLI, but it doesn't seem to be working.
Background:I have an FTP Server running behind the firewall and need to allow port ranges 30000-30100 for data connections. I have been using FTP through the command prompt and its working. However, I cannot use it through the FileZilla client as it fails to query the directories. I have the ASA forwarding to port 1125 from 21 in passive mode.
Access-List:
access-list Outside_Access_In line 3 extended permit tcp any any eq ftp-data (hitcnt=0) 0xfa8ed43d
access-list Outside_Access_In line 4 extended permit tcp any any eq ftp (hitcnt=17)
[Code].....
: Saved
: Written by enable_15 at 03:51:29.049 UTC Mon Feb 4 2013
ASA Version 8.4(4)1
host name cisco asa
enable password xxxxx encrypted
password xxxxx encrypted
names
interface Ethernet0/0
switch port access v lan 100
interface Ethernet0/1
interface Ethernet0/2
[code]...
I need to open ports 5000 and 5001 on my Cisco PIX 501 to enable some users to be able to connect to our CCTV from outside, how should I open these 2 ports?
View 5 Replies View RelatedI am trying to open port 52199 on my ASA 5505 I have gone to firewall, access rules and then add tcpip.Not sure if that is the correct place but cannot get it to work?
View 1 Replies View RelatedI configured ASA to open port 21, 3389, 5900 (outside access in) but when i check port just success : 21 and 3389, Error: 5900 If i configured with only one port 5900 or 3389, is't ok, i don't understand what 's the problem?
ASA5510>
ASA5510> ena
Password: ***********************
ASA5510# show run
: Saved
[code]....
when I want to let email to come through the ASA5505 from outside to DMZ and Inside network, are the below command lines correct and good enough?
access-list outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq imap4
access-list outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq pop3
access-list outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq smtp
access-list outside_inside extended permit tcp outside-network-ip inside-network-ip eq imap4
access-list outside_inside extended permit tcp outside-network-ip inside-network-ip eq pop3
[code]....
Are there any other TCP ports want to be allowed and other command lines need to be added?
I have done any and everything just to even open a specific port on my pc and try PortForward's port checker and web based checkers, and I can't get the port or any port to show as open.I am trying to make an IP webcam on my network viewable from the internet.My setup is like this"gigaset 204a" / DSL modem (Ethernet cable goes into internet port on LINKSYS WRTGS wireless router) [code] Disabled I went to LINKSYS port forwarding, the address I am forwarding to is the ip webcam server. I know if the IP changes it won't work, but before thinking of setting up a static ip for the webcam on my network, I need to get it to actually work.Nothing I do will open any ports on my pc. I've tried enabling DMZ. I've even set rules for windows firewall to allow incoming/outgoing connections on the port I want, i've disabled windows firewall. am running on windows 7 ultimate. The problem for my really is as far as I can tell, I can't even open a port to allow connections to my computer from the outside. Of course all my internet games etc work fine and have never had a problem, but I can't seem to manually open a port I want.
View 4 Replies View RelatedI have an ASA 5505 on a job. It is a smaller business that would have done better with an RV082, but they have what they have. It is running firmware 8.4. The client needed ports forwarded for their FTP server. The port range in this config is tcp 43333-43339. The FTP server ip is 192.168.1.2. [Code] ......
View 8 Replies View RelatedI need to NAT a port range spanning from TCP and UDP 50,000 to 59,999 from inside global address 58.96.x.x on loopback2 to an inside local address of 192.168.5.5.Currently all the existing NAT translations are 1-to-1 that map inside global addresses on a wide span of Loopbacks and a Dialer Interface to inside local addresses on few subnets which are fine.I'm using an 1811 with an ADVIPSERVICESK9-M image, version 12.4(6)TS
View 1 Replies View RelatedWe have a ASA5510 and I need to open port 22 for a speacific IP in our LAN outbound only.
View 15 Replies View RelatedI have a weather station at our high school that needs UDP port 9500 open inbound/outbound to specified IP addresses.
Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(5)57
I'm new to an ASA 5510 running 8.4(3) and am trying to figure out something regarding time ranges in ASDM. I simply want to allow a single port during business hours only (I'm not concerned about open sessions needing to be closed). So as an example I add a rule something like:
(RULE1 on the internal interface) SRC=INTERNAL DEST=ANY SERVICE=RDP ACTION=PERMIT with a time range set for weekdays 8:00-16:59. I did a test after 5pm on a weekday and was still allowed to do RDP to a server (from INTERNAL), and after using the packet trace tool saw it was still passing through due to a rule a couple lines down (rule 4) that allowed a port range that happened to include port 3389. So my question is if I specify an "allowed" time range and someone attempts access outside that time range, why doesn't it drop it right there? I guess I'm assuming that anything outside the "allowed" time range would be dropped but that doesn't seem to be the case. I'm also assuming the rule base is processed top to bottom.
I have 3845 Router with HWIC-4ESW & I am trying to apply MQC on SVI interface but I keep getting configuration Error!-RTR(config-if)#service-policy output XYZ_WAN_QOS Configuration failed I believe that HWIC-4ESW is Layer 2 port & you can not apply Module Qos on SVI interface. I am exploring other option.
I have following link for 1 OR 2 Port Fast Ethernet port but not sure whether this will support what I am looking for.[URL] Aslo I have HWIC-1GE-SFP card on Same router where MQC works fine .interface GigabitEthernet0/1 description METRO-E duplex auto speed auto media-type rj45 service-policy output Metro-E?