Cisco Firewall :: 4500 Enable VPN IPSec Through Firewall

Apr 16, 2011

if y need to enable VPN IPSec through the firewall. y just need to need to allow the port 4500?

View 2 Replies


Cisco Firewall :: 2911 Router Zone Firewall And IP NAT Enable

Mar 20, 2013

I have a simple setup where I have a 2911 router with three interfaces, Inside, Outside and a second "Inside" interface which is labelled as a DMZ. The Zone Firewall applied to the "DMZ" is actually Inside (until I can work through problems). I need to be able to access a device on the DMZ via its external IP so I have designed NAT to use IP Nat Enable commands. This is now working for me fine. However, since utilising IP Nat Enable, my zone firewall now denies return TCP / UDP traffic and consequently I no longer have any internet access. Looking at the syslog messages, the reason for this is that the router is denying these return flows not because they are matching the outside-to-inside policy, but rather they are matching the outside-to-SELF policy. The router seems the detect that the internet traffic is being returned to SELF, when in reality the NAT rule should pick this up and forward it to inside. I can understand why this is happening, because I am NATting all private / inside traffic behind the external IP of the router, which is assigned to the Gi0/0 interface. [code]

View 1 Replies View Related

Cisco Firewall :: 4500 ASA Dropping NAT-T Traffic

Sep 3, 2012

I have an issue where my customer is only using the ASA as their firewall. When their internal users try to connect to a partner's site using a 3rd party IPSec solution it seems as if the return NAT-T traffic is being dropped. However when looking at the traffic the udp500 communication goes through, but the 4500 traffic hits the outside interface and then gets dropped.
I used the packet tracer command and the output is set to Allow. Also after initiating the vpn connection I see two udp connections (one for 500 and the other for 4500.
I cleared the asp table drop, and didnt see to see anything, I am waiting on the running config, and the customer is running ASA 8.4.
I used the capture tool on both interfaces (inside using the client ip, outside using the interface ip, both destined to the 3rd party vpn Headend). Here are the screeshots for this.
I went ahead and color coded the ip address. Green is the pre-nat inside Red is the destination for the VPN headend, and Blue is the PAT ip going out.

View 10 Replies View Related

Cisco WAN :: Enable QOS On 4500 Switch Software?

May 16, 2013

I am looking to enable QOS on a 4500 Switch with the following specifications:

Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.04.00.SG RELEASE SOFTWARE (fc3) /with Sup 7-E 10GE (SFP+), 1000BaseX (SFP) WS-X45-SUP7-E CAT1639L46S
I have configured QOS on the 3750 switches but this seems to be a bit different.

Another quick question when you enable QOS globally on a device does it automatically create the ingress and egress queues and the SRR information?

View 1 Replies View Related

Cisco Firewall :: Cat 4500 Translation Creation Failed Message

Aug 1, 2012

Two Vlans (ID1 and 100)are on a Cat 4500, which connects to an ASA, interface DMZ. On 4500, there is default route point to the ASA DMZ interface Issue, server on vlan 100 cannot ping a server on Vlan 1, vice verse. When I enable the realtime log, it gives me a “Translation creation failed” message, please see the attached files.

View 1 Replies View Related

Cisco VPN :: 4500 To Confirm Network Is GRE Over IPSEC

Jan 7, 2013

We have Cisco 4500 device having GRE tunnel and next HOP is ASA is doing the IPSEC VPN over WAN.So this type of Network is called as GRE over IPSEC  right? Also when i do on 4500 sh int tu0
Need to understand  this shows Data transmitted over GRE tunnel which is not encrypted right? To check data transmitted by ipsec ASA  which is encrypted  we can do sh crypto  isakmp sa right? Where we apply crypto MAP here on ASA  physical interface?

View 6 Replies View Related

Cisco Firewall :: How To Enable VPN-3DES-AES And Another ASA Box

Mar 23, 2011

How to enable the VPN-3DES-AES and another ASA Box.Mate's license (VPN-3DES-AES Enabled) is not compatible  with my license (VPN-3DES-AES Disabled). Failover will be  disabled.The license on  secondary is not compatible for secondary ASA for the  failover. [code]

View 2 Replies View Related

Cisco Firewall :: How To Enable Ssh On ASA 5525

Aug 15, 2012

May I know how to configure for remote accessing ASA 5525 via ssh?I have issued the following commands
ssh outside
ssh dmz
ssh inside
ssh timeout 5
but I am not able to access ASA via ssh. Do I need to add any other command

View 20 Replies View Related

How To Set Up Firewall To Enable Wireless

Jan 17, 2011

my windows is no longer connecting to the internet.i I ran a diagnostic and it said to check firewall settings for the http port(80), https prt(443) and the ftp port(21). I haven't change anything in my settings and dont know why all of sudden i hvae to check firewall settings.

View 1 Replies View Related

Cisco :: How To Enable Ftp Traffic Through Firewall At Work

Jun 11, 2012

I am trying to enable Ftp traffic through our firewall at work. We have a Cisco 5505 ASA and we cannot access any Ftp servers outside our network. We are running 8.3(2). Any have commands I can run to allow us to connect to ftp sites?

View 6 Replies View Related

Cisco Firewall :: How To Enable Not Used Interfaces On ASA5520

May 12, 2011

I have a pair of brand new 5520s I am in the middle of commission.  After carving out all the DMZs etc I needed I realized that I really neede another physical NIC, not just another VLAN off a configured nic. [code]I am running 8.3(2).  How can I turn these "Not used" interfaces into useable ones?

View 2 Replies View Related

Cisco Firewall :: How To Enable SSH With ASA 5505 Running 8.3(2)

Aug 2, 2011

I'm replacing a new ASA 5505 due to a corrupted flash.  On the original unit, I had the ability to SSH into the device using TeraTerm with no problems. While configuring the new device, I entered commands to enable SSH into the unit.

View 5 Replies View Related

Cisco VPN :: ASA 5510 - Enable VNC Connectivity Through VPN Firewall?

Sep 28, 2011

We would like to enable our HelpDesk and Network team the ability to connect to Laptops using our ASA 5510 VPN device using Secure VNC application.  Not sure if this is possible or how to enable this option.

View 5 Replies View Related

Cisco Firewall :: Enable SIP From Outside To Inside (ASA 5505)

May 14, 2012

We recently purchases the Cisco ASA 5505 to get familiar with it, possibly buying more appliances for our branch offices. However, since the appliance is installed, our SIP telephones no longer register with our SIP service provider.
The SIP phones are all on while the SIP provider is external via the outside network. I copied our configuration below. how to enable SIP for all hosts and ports 5060, 5160, 5260, 5360?
gcxfw# show running-config
: Saved
ASA Version 8.4(3)


View 2 Replies View Related

Cisco Firewall :: Enable ASDM On ASA 5510

Feb 8, 2012

I have just erased an ASA and upgraded the firmware and then added an IP. How can I enable the ASDM as I can't get on it, here is the config: 

ASA Version 8.4(3)
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted


View 1 Replies View Related

Cisco Firewall :: Enable Port Forwarding On CLI For ASA 5510?

Aug 21, 2011

how do i enable port forwarding on the CLI for ASA 5510. outside subnet is when i try to ping another IP with that range i can't access.

View 37 Replies View Related

Cisco Firewall :: To Enable Access To Use RealVNC On ASA 5505

Feb 27, 2011

I am trying to enable access to use RealVNC on our Cisco ASA 5505 without using VPN. RealVNC uses port 5900. Users should be able to vnc to and reach our internal server So far they are receiving connection refused.

View 5 Replies View Related

Cisco Firewall :: 8.2 (2) / Need To Enable NAT To New Range On ASA For Entire Subnet?

Feb 27, 2013

I've done this in the past for specific host entries with no problem, but I can't figure out how to do this for an entire subnet. I need something along the lines of the following:
access-list OKC2DAL extended permit ip
static (inside,outside) access-list OKC2DAL netmask
I see netmask as an option, but the ASA states "invalid option netmask." The ASA is running 8.2(2). OKC-PIX(config)# static (inside,outside) access-l OKC2DAL ?
configure mode commands/options:

  <0-65535>    The maximum number of simultaneous tcp connections the local IP
hosts are to allow, default is 0 which means unlimited
connections. Idle connections are closed after the time
specified by the timeout conn command


View 2 Replies View Related

Cisco Firewall :: ASA5510 Enable Password Not Working

Oct 11, 2012

I have a problem with an ASA5510 (8.0.4) firewall in South Africa (I'm in the UK).It's a replacement firewall that I am trying to configure remotely through a serial device with an internet facing connection, but the enable password is not working.I can connect to the device OK, type 'en' and when propted for the password whatever I use (blank, cisco, Cisco etc.) I get an 'invalid password' message.

View 2 Replies View Related

Cisco Firewall :: How To Enable DHCPD Logging In ASA 5505

Aug 11, 2011

I have configured dhcpd in an ASA 5505 and every thing is working. I am testing it to give me a warning when the address pool is about to be finished or it is empty. But don't konw how to do it. if I run the "debug dhcpd packet", i get that the address pool is empty.

View 3 Replies View Related

Cisco Firewall :: To Enable Anti Spoofing ASA 5505

Apr 24, 2011

What is Anti Spoofing in ASA 5505. Can I enable it on ASA 5505. If yes , port will be inside or Outside. ? or both ?

View 1 Replies View Related

Cisco Firewall :: DHCP Server Won't Enable - ASA 5505

Nov 1, 2012

I get the following message when appling "DHCPD ENABLE INSIDE"                  
DHCP: Interface 'INSIDE' is currently configured as CLIENT and cannot be changed to a SERVER by a SERVER feature
 This is an ASA 5505 Running 8.2.

View 14 Replies View Related

Cisco Firewall :: Enable Inspect Http On ASA 5510?

Feb 15, 2012

how to enable inspect http on ASA 5510, so that  URL information  populate in the syslogs?

View 2 Replies View Related

Cisco Firewall :: IS There Any Drawback To Enable Anti-spoofing In All PIX 535

May 30, 2011

We are runing PIX 535 with software version 8.02. In ASDM,  I see  anti-spoofing is diable in all interfaces. If I enable it, is there any negative effect? Can I enable it in DMZ, inside, and outside interfaces?

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Enable Live Traffic?

Mar 14, 2012

I am currently troubleshooting a firewall policy on a ASA 5505. What command can enter in the CLI to enable live view of traffic been block and which traffic is been allow?In my experiences with other firewall vendors, other firewalls allow me to narrow down the source and destination, too. is there such thing on the ASA 5505?

View 6 Replies View Related

Cisco WAN :: 1841 Router Can't Resolve DNS After Enable IOS Firewall

May 9, 2013

my 1841 router can't resolve dns after enable ios firewall, I try to ping from router's console fail, but dns resolution is fine from lan side.
my partial config---------------------------------
ip name-server


View 10 Replies View Related

D-Link DIR-825 :: How To Enable SPI Firewall And Wireless MAC Filtering

Jan 23, 2013

Where on my router interface I could go to enable both the SPI Firewall, and the Wireless MAC Filtering? I have the D-link DIR-815.

View 1 Replies View Related

Cisco Firewall :: ASA5505 Disable DHCP On ASA And Enable On WNDR3700

May 13, 2013

I have ASA5505 as my main router ( and it currently it also serves as DHCP server.  I have a WNDR3700 ( which work as an access point and it provide wireless access for wireless devices.  I have few dhcp clients where i can't setup static IP, and i want to restrict them to use static IP through MAC reservation. 

1. Make ASA5505 to do the MAC reservation f, which will be easy setup for me.  But as per my search its not possible.

2. Disable dhcp on ASA and enable dhcp on my WNDR3700.  i tired this and dhcp clients are getting IP from wndr3700, but the problem is dhcp clients gateway defaults to (as well as dns) and therefore no internet connection.

View 0 Replies View Related

Cisco Firewall :: Enable Netflow On ASA 5505 For Vlan And Interfaces

May 17, 2013

How can i enable Netflow for each Vlan Or interface indvidually  in Cisco ASA? currently i have setup Netflow and only 2 interfaces are shwoing traffic for Netflow which are not even as my physical or Vlan interfaces . (see screen shot )
EscapeASA# sh interface ip brief
Interface                  IP-Address      OK? Method Status                Protocol
Internal-Data0/0           unassigned      YES unset  up                    up


View 9 Replies View Related

Cisco Firewall :: ASA 5505 - Enable Top Usage Tab On ASDM Dashboard?

Feb 3, 2011

Today I upgraded my Cisco ASA 5505 ASDM from version 6.34 to 6.41 cause of some problems on old version with NetFlow. But now when I switch to dashboard i can not see "Top Usage" tab. That was quite usefull for me. It simply disappeared.
Can i somehow configure which tabs are displayed on dashboard ? I really need that one and I do not want to downgrade :/

View 7 Replies View Related

Cisco Firewall :: On ASA 5520 Device Enable Password Is Not Getting Changed

May 23, 2011

I try to change password on the ASA 5520 device and its not getting changed.
FW(config)#  enable password cisco1234(config)# end
After that I  perform a write memory.
But somehow I relogin again the enable password  still remain as the old enable password
version : 7.2(5)2.

View 5 Replies View Related

Cisco Firewall :: ASA 5510 - Enable External Access To Server On DMZ

Apr 5, 2011

i'' ve one appliance ASA 5510, v8.X and asdm 6X here u have my configuration :
interface Ethernet0/0 description Link To WAN nameif outside security-level 0 ip address!interface Ethernet0/1 description Link to LAN(forefront) nameif inside security-level 100 ip address!interface Ethernet0/2 description Link to CoreSW (DMZ) nameif DMZ security-level 50 ip address
i have on server ssh ( on my DMZ .
I wan to enable my external user, i mean outside user to be able to access to this server which is in my DMZ for this port ( ssh)

View 4 Replies View Related

Cisco Firewall :: 2921 Enable WCCP - SSH Connections Fail

Feb 22, 2012

I have a IOS firewall on a 2921 router, zone-based config. The remote and main sites have Cisco WAAS , running 4.4.1 software. I am using WCCP redirection on the WAAS/router combination. If I leave it off the firewall passes SSH correctly to the devices on the other side of the firewall. If I enable WCCP the SSH connections fail. The SSH to the router itself is fine, I am not using the self zone for router protection. I had seen a few posts on WAAS but the only one mentioning a config statement in the firewall was on 4.0 WAAS and the command is no longer on the IOS firewall. Is this supposed to work transparently or am I missing a config?

View 2 Replies View Related

Copyrights 2005-15, All rights reserved