Cisco Firewall :: 4500 Enable VPN IPSec Through Firewall
Apr 16, 2011if y need to enable VPN IPSec through the firewall. y just need to need to allow the port 4500?
View 2 Replies
ADVERTISEMENT
Cisco Firewall :: 2911 Router Zone Firewall And IP NAT Enable
Mar 20, 2013I have a simple setup where I have a 2911 router with three interfaces, Inside, Outside and a second "Inside" interface which is labelled as a DMZ. The Zone Firewall applied to the "DMZ" is actually Inside (until I can work through problems). I need to be able to access a device on the DMZ via its external IP so I have designed NAT to use IP Nat Enable commands. This is now working for me fine. However, since utilising IP Nat Enable, my zone firewall now denies return TCP / UDP traffic and consequently I no longer have any internet access. Looking at the syslog messages, the reason for this is that the router is denying these return flows not because they are matching the outside-to-inside policy, but rather they are matching the outside-to-SELF policy. The router seems the detect that the internet traffic is being returned to SELF, when in reality the NAT rule should pick this up and forward it to inside. I can understand why this is happening, because I am NATting all private / inside traffic behind the external IP of the router, which is assigned to the Gi0/0 interface. [code]
View 1 Replies View RelatedCisco Firewall :: 4500 ASA Dropping NAT-T Traffic
Sep 3, 2012I have an issue where my customer is only using the ASA as their firewall. When their internal users try to connect to a partner's site using a 3rd party IPSec solution it seems as if the return NAT-T traffic is being dropped. However when looking at the traffic the udp500 communication goes through, but the 4500 traffic hits the outside interface and then gets dropped.
I used the packet tracer command and the output is set to Allow. Also after initiating the vpn connection I see two udp connections (one for 500 and the other for 4500.
I cleared the asp table drop, and didnt see to see anything, I am waiting on the running config, and the customer is running ASA 8.4.
I used the capture tool on both interfaces (inside using the client ip, outside using the interface ip, both destined to the 3rd party vpn Headend). Here are the screeshots for this.
I went ahead and color coded the ip address. Green is the pre-nat inside Red is the destination for the VPN headend, and Blue is the PAT ip going out.
Cisco WAN :: Enable QOS On 4500 Switch Software?
May 16, 2013I am looking to enable QOS on a 4500 Switch with the following specifications:
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.04.00.SG RELEASE SOFTWARE (fc3) /with Sup 7-E 10GE (SFP+), 1000BaseX (SFP) WS-X45-SUP7-E CAT1639L46S
I have configured QOS on the 3750 switches but this seems to be a bit different.
Another quick question when you enable QOS globally on a device does it automatically create the ingress and egress queues and the SRR information?
Cisco Firewall :: Cat 4500 Translation Creation Failed Message
Aug 1, 2012Two Vlans (ID1 and 100)are on a Cat 4500, which connects to an ASA, interface DMZ. On 4500, there is default route point to the ASA DMZ interface Issue, server on vlan 100 cannot ping a server on Vlan 1, vice verse. When I enable the realtime log, it gives me a “Translation creation failed” message, please see the attached files.
View 1 Replies View RelatedCisco VPN :: 4500 To Confirm Network Is GRE Over IPSEC
Jan 7, 2013We have Cisco 4500 device having GRE tunnel and next HOP is ASA is doing the IPSEC VPN over WAN.So this type of Network is called as GRE over IPSEC right? Also when i do on 4500 sh int tu0
Need to understand this shows Data transmitted over GRE tunnel which is not encrypted right? To check data transmitted by ipsec ASA which is encrypted we can do sh crypto isakmp sa right? Where we apply crypto MAP here on ASA physical interface?
Cisco Firewall :: How To Enable VPN-3DES-AES And Another ASA Box
Mar 23, 2011How to enable the VPN-3DES-AES and another ASA Box.Mate's license (VPN-3DES-AES Enabled) is not compatible with my license (VPN-3DES-AES Disabled). Failover will be disabled.The license on secondary is not compatible for secondary ASA for the failover. [code]
View 2 Replies View RelatedCisco Firewall :: How To Enable Ssh On ASA 5525
Aug 15, 2012May I know how to configure for remote accessing ASA 5525 via ssh?I have issued the following commands
ssh 10.60.0.0 255.255.0.0 outside
ssh 10.60.0.0 255.255.0.0 dmz
ssh 10.60.0.0 255.255.0.0 inside
ssh timeout 5
but I am not able to access ASA via ssh. Do I need to add any other command
How To Set Up Firewall To Enable Wireless
Jan 17, 2011my windows is no longer connecting to the internet.i I ran a diagnostic and it said to check firewall settings for the http port(80), https prt(443) and the ftp port(21). I haven't change anything in my settings and dont know why all of sudden i hvae to check firewall settings.
View 1 Replies View RelatedCisco :: How To Enable Ftp Traffic Through Firewall At Work
Jun 11, 2012I am trying to enable Ftp traffic through our firewall at work. We have a Cisco 5505 ASA and we cannot access any Ftp servers outside our network. We are running 8.3(2). Any have commands I can run to allow us to connect to ftp sites?
View 6 Replies View RelatedCisco Firewall :: How To Enable Not Used Interfaces On ASA5520
May 12, 2011I have a pair of brand new 5520s I am in the middle of commission. After carving out all the DMZs etc I needed I realized that I really neede another physical NIC, not just another VLAN off a configured nic. [code]I am running 8.3(2). How can I turn these "Not used" interfaces into useable ones?
View 2 Replies View RelatedCisco Firewall :: How To Enable SSH With ASA 5505 Running 8.3(2)
Aug 2, 2011I'm replacing a new ASA 5505 due to a corrupted flash. On the original unit, I had the ability to SSH into the device using TeraTerm with no problems. While configuring the new device, I entered commands to enable SSH into the unit.
View 5 Replies View RelatedCisco VPN :: ASA 5510 - Enable VNC Connectivity Through VPN Firewall?
Sep 28, 2011We would like to enable our HelpDesk and Network team the ability to connect to Laptops using our ASA 5510 VPN device using Secure VNC application. Not sure if this is possible or how to enable this option.
View 5 Replies View RelatedCisco Firewall :: Enable SIP From Outside To Inside (ASA 5505)
May 14, 2012We recently purchases the Cisco ASA 5505 to get familiar with it, possibly buying more appliances for our branch offices. However, since the appliance is installed, our SIP telephones no longer register with our SIP service provider.
The SIP phones are all on 10.0.1.0/24 while the SIP provider is external via the outside network. I copied our configuration below. how to enable SIP for all 10.0.1.0/24 hosts and ports 5060, 5160, 5260, 5360?
gcxfw# show running-config
: Saved
:
ASA Version 8.4(3)
[Code].....
Cisco Firewall :: Enable ASDM On ASA 5510
Feb 8, 2012I have just erased an ASA and upgraded the firmware and then added an IP. How can I enable the ASDM as I can't get on it, here is the config:
ASA Version 8.4(3)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
[code]....
Cisco Firewall :: Enable Port Forwarding On CLI For ASA 5510?
Aug 21, 2011how do i enable port forwarding on the CLI for ASA 5510. outside subnet is 192.168.1.0/27. when i try to ping another IP with that range i can't access.
View 37 Replies View RelatedCisco Firewall :: To Enable Access To Use RealVNC On ASA 5505
Feb 27, 2011I am trying to enable access to use RealVNC on our Cisco ASA 5505 without using VPN. RealVNC uses port 5900. Users should be able to vnc to 99.23.119.78 and reach our internal server 192.168.1.4. So far they are receiving connection refused.
View 5 Replies View RelatedCisco Firewall :: 8.2 (2) / Need To Enable NAT To New Range On ASA For Entire Subnet?
Feb 27, 2013I've done this in the past for specific host entries with no problem, but I can't figure out how to do this for an entire subnet. I need something along the lines of the following:
access-list OKC2DAL extended permit ip 192.168.1.0 255.255.255.0 192.168.107.0 255.255.255.0
static (inside,outside) 192.168.99.0 access-list OKC2DAL netmask 255.255.255.0
I see netmask as an option, but the ASA states "invalid option netmask." The ASA is running 8.2(2). OKC-PIX(config)# static (inside,outside) 192.168.99.0 access-l OKC2DAL ?
configure mode commands/options:
<0-65535> The maximum number of simultaneous tcp connections the local IP
hosts are to allow, default is 0 which means unlimited
connections. Idle connections are closed after the time
specified by the timeout conn command
[code].....
Cisco Firewall :: ASA5510 Enable Password Not Working
Oct 11, 2012I have a problem with an ASA5510 (8.0.4) firewall in South Africa (I'm in the UK).It's a replacement firewall that I am trying to configure remotely through a serial device with an internet facing connection, but the enable password is not working.I can connect to the device OK, type 'en' and when propted for the password whatever I use (blank, cisco, Cisco etc.) I get an 'invalid password' message.
View 2 Replies View RelatedCisco Firewall :: How To Enable DHCPD Logging In ASA 5505
Aug 11, 2011I have configured dhcpd in an ASA 5505 and every thing is working. I am testing it to give me a warning when the address pool is about to be finished or it is empty. But don't konw how to do it. if I run the "debug dhcpd packet", i get that the address pool is empty.
View 3 Replies View RelatedCisco Firewall :: To Enable Anti Spoofing ASA 5505
Apr 24, 2011What is Anti Spoofing in ASA 5505. Can I enable it on ASA 5505. If yes , port will be inside or Outside. ? or both ?
View 1 Replies View RelatedCisco Firewall :: DHCP Server Won't Enable - ASA 5505
Nov 1, 2012I get the following message when appling "DHCPD ENABLE INSIDE"
DHCP: Interface 'INSIDE' is currently configured as CLIENT and cannot be changed to a SERVER by a SERVER feature
This is an ASA 5505 Running 8.2.
Cisco Firewall :: Enable Inspect Http On ASA 5510?
Feb 15, 2012how to enable inspect http on ASA 5510, so that URL information populate in the syslogs?
View 2 Replies View RelatedCisco Firewall :: IS There Any Drawback To Enable Anti-spoofing In All PIX 535
May 30, 2011We are runing PIX 535 with software version 8.02. In ASDM, I see anti-spoofing is diable in all interfaces. If I enable it, is there any negative effect? Can I enable it in DMZ, inside, and outside interfaces?
View 2 Replies View RelatedCisco Firewall :: ASA 5505 Enable Live Traffic?
Mar 14, 2012I am currently troubleshooting a firewall policy on a ASA 5505. What command can enter in the CLI to enable live view of traffic been block and which traffic is been allow?In my experiences with other firewall vendors, other firewalls allow me to narrow down the source and destination, too. is there such thing on the ASA 5505?
View 6 Replies View RelatedCisco WAN :: 1841 Router Can't Resolve DNS After Enable IOS Firewall
May 9, 2013my 1841 router can't resolve dns after enable ios firewall, I try to ping google.com from router's console fail, but dns resolution is fine from lan side.
my partial config---------------------------------
!
ip name-server 8.8.8.8
[Code].....
D-Link DIR-825 :: How To Enable SPI Firewall And Wireless MAC Filtering
Jan 23, 2013Where on my router interface I could go to enable both the SPI Firewall, and the Wireless MAC Filtering? I have the D-link DIR-815.
View 1 Replies View RelatedCisco Firewall :: ASA5505 Disable DHCP On ASA And Enable On WNDR3700
May 13, 2013I have ASA5505 as my main router (192.168.15.1) and it currently it also serves as DHCP server. I have a WNDR3700 (192.168.15.2) which work as an access point and it provide wireless access for wireless devices. I have few dhcp clients where i can't setup static IP, and i want to restrict them to use static IP through MAC reservation.
1. Make ASA5505 to do the MAC reservation f, which will be easy setup for me. But as per my search its not possible.
2. Disable dhcp on ASA and enable dhcp on my WNDR3700. i tired this and dhcp clients are getting IP from wndr3700, but the problem is dhcp clients gateway defaults to 192.168.15.2 (as well as dns) and therefore no internet connection.
Cisco Firewall :: Enable Netflow On ASA 5505 For Vlan And Interfaces
May 17, 2013How can i enable Netflow for each Vlan Or interface indvidually in Cisco ASA? currently i have setup Netflow and only 2 interfaces are shwoing traffic for Netflow which are not even as my physical or Vlan interfaces . (see screen shot )
EscapeASA# sh interface ip brief
Interface IP-Address OK? Method Status Protocol
Internal-Data0/0 unassigned YES unset up up
[Code].....
Cisco Firewall :: ASA 5505 - Enable Top Usage Tab On ASDM Dashboard?
Feb 3, 2011Today I upgraded my Cisco ASA 5505 ASDM from version 6.34 to 6.41 cause of some problems on old version with NetFlow. But now when I switch to dashboard i can not see "Top Usage" tab. That was quite usefull for me. It simply disappeared.
Can i somehow configure which tabs are displayed on dashboard ? I really need that one and I do not want to downgrade :/
Cisco Firewall :: On ASA 5520 Device Enable Password Is Not Getting Changed
May 23, 2011I try to change password on the ASA 5520 device and its not getting changed.
FW(config)# enable password cisco1234(config)# end
After that I perform a write memory.
But somehow I relogin again the enable password still remain as the old enable password
version : 7.2(5)2.
Cisco Firewall :: ASA 5510 - Enable External Access To Server On DMZ
Apr 5, 2011i'' ve one appliance ASA 5510, v8.X and asdm 6X here u have my configuration :
interface Ethernet0/0 description Link To WAN nameif outside security-level 0 ip address 212.96.23.186 255.255.255.252!interface Ethernet0/1 description Link to LAN(forefront) nameif inside security-level 100 ip address 10.20.80.1 255.255.255.252!interface Ethernet0/2 description Link to CoreSW (DMZ) nameif DMZ security-level 50 ip address 10.70.70.254 255.255.255.0
i have on server ssh (10.70.70.10) on my DMZ .
I wan to enable my external user, i mean outside user to be able to access to this server which is in my DMZ for this port ( ssh)
Cisco Firewall :: 2921 Enable WCCP - SSH Connections Fail
Feb 22, 2012I have a IOS firewall on a 2921 router, zone-based config. The remote and main sites have Cisco WAAS , running 4.4.1 software. I am using WCCP redirection on the WAAS/router combination. If I leave it off the firewall passes SSH correctly to the devices on the other side of the firewall. If I enable WCCP the SSH connections fail. The SSH to the router itself is fine, I am not using the self zone for router protection. I had seen a few posts on WAAS but the only one mentioning a config statement in the firewall was on 4.0 WAAS and the command is no longer on the IOS firewall. Is this supposed to work transparently or am I missing a config?
View 2 Replies View Related