Cisco Firewall :: 5505 Rule For Allowing Computer Access Microsoft

Apr 24, 2012

I have a computer behind the ASA 5505 firewall. The computer needs to access Microsoft Activation Server. Reading some website information, I need to allow a huge list of servers that basically points to www and https traffic. Therefore, looking at this heavy requirements, I prefer to allow this computer to navigate to any https or http (www) server outside of the firewall.I have included my current asa 5505 configuration. [code]

View 3 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5505 - Cannot Add Rule Without Deleting Implicit Rule

Jan 18, 2011

what is the purpose of the "Permint all traffic to less secure networks".
 
Well I know the purpose and the technique to handle some sercurity level is nice. when I cannot add add a rule without deleting this implicit rule?
 
The technique of security level is then obsolete?

View 8 Replies View Related

Cisco Firewall :: ASA 5505 - Create Access Rule To Connect To System Using RDP?

Mar 6, 2012

Just started using our ASA 5505 v8.2 (1) Trying to configure the ASA appliance to allow access into an internal resource (i.e want to be able to RDP into a system behind the ASA from the internet).I have used a static NAT:

static (inside,outside) 100.100.100.2 192.168.1.28 netmask 255.255.255.255
 access-list OUTSIDE extended permit tcp any host 100.100.100.2 eq 3389
 
When I view the logs it is reporting the following:Inbound TCP connection denied from 206.100.100.1 (external IP) to 100.100.100.2 /3389 flags SYN on interface outside.Been pulling my hair out with this one as I believe I have everything configured correctly.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 - Creating NAT Rule

Mar 7, 2012

Our external security department needs to scan, every three months, a computer behind the firewall. I need to create a simple NAT rule that will allow an ip address or subnet to the computers behind the ASA 5505. At the moment, we have a simple NAT rule which allow all network traffic to exit from inside to outside.

View 19 Replies View Related

Cisco Firewall :: ASA 5505 - Adding New Rule For Network?

Mar 30, 2011

I have an asa 5505 and I would like to adding a new rule for a network, however it was added, it seems it would be inactive. I have two inside network,192.168.12.0/24 (name: lanA) and 192.168.99.0/24. (name: lanB) I have the following in the running-config:
 
access-list lanB_acl line 1 extended permit ip 192.168.99.0 255.255.255.0 any
access-group lanB_acl in interface lanB_interface
  
But when I tried to reach a host in the lanA, the packets are dropped. I configure the asdm, which shows this on the LanB interface:

1 lanB_network | any | ip | permit (hits 344)
2 any | any | ip | deny
 
 and I checked the packet tracer with: tcp, source: 192.168.99.57:10460 dest: 192.168.12.2:443 and it shows that the packet has been dropped by the last 2. 'implicit any any ip deny' rule, in spite of my access-list rule (access-list lanB_acl line 1 extended permit ip 192.168.99.0 255.255.255.0 any) preceded it, and active.
 
The lanB and lanA interfaces are the same security level 100, and I can reach the outside/internet from 192.168.99.57 Is it possible that I have to reload the rules or something like in order to apply? Or I missconfigured something?

View 9 Replies View Related

Cisco Firewall :: ASA 5505 - Allowing Multiple Networks On DMZ?

May 22, 2011

I have 3 networks coming on DMZ (VPN) interface. Only one network is able to ping the DMZ interface. See below networks coming i on the DMZ.
 
10.132.24.0/2410.132.25.0/2410.132.26.0/24 Only the 10.132.26.0/24 netork works as it is in the same range as the DMZ interface.
 
allowing the other two networks to communicate. I've attched the diagram and configs for your perusal.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Not Allowing Incoming Traffic

Mar 15, 2012

I am trying to switch out a cisco pix 501 firewall with a cisco ASA 5505 firewall.  I am not very familiar with all of the commands for the firewalls and have always relied on a standard command line script that I use when building a new one.  Unfortunately, my script is not working with the 5505.  What I am doing wrong with the following script?  I've masked public IP info with xxx.xxx.xxx and I run it right after restoring the firewall to the factory defaults.  I am able to get out to the internet if I browse directly from one of the servers, but cannot access a web page when trying to browse to it from an outside network. [code]

View 7 Replies View Related

Microsoft Office Outlook 2003 / Can't Access Email From School Computer

Aug 29, 2011

I'm an intern in an elementary school. We have here two administration computers in which I and all the teachers have access to. One of the teachers has told me that she cannot access her email (Microsoft Office Outlook 2003) from one of the computers.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Implicit Rule Blocking Exchange 5040

Jul 23, 2011

I picked up a rather nasty bit of malware which resulted in a format and installation of Windows Ultimate 64, all well now except i cant get the wireless to work, downloaded assorted drivers from the dell support directory but to no avail, so questions are-:am i missing something obvious (windows function button for wireless does nothing)what is the correct driver for the N5040 and are there any tricks in getting it to work.

View 1 Replies View Related

Cisco VPN :: 5505 / Remote Access VPN Allowing Only Since Host To Connect?

Jun 12, 2011

I have created a RA VPN with a 5505 using Anyconnect client.  My VPN functions perfectly, but now I am trying to limit access so that only one single host on my network can connect.  To do this I tried creating an ACL permiting the host and denying all other traffic, but it does not work it seems every one can connect.  how I can limit the outside access to a single host?

View 3 Replies View Related

Cisco VPN :: 5505 Allowing VPN Network Access To Specific List

Feb 1, 2012

I've setup my VPN on the cisco ASA 5505 which works perfectly, users from outside can access my internal LAN. Now what i want, Is to create another VPN Tunnel group with another set of IP in which i want to allow them access to one server inside our LAN. See below details of network. [code]

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Allowing Traffic Between Two Internal Networks

Aug 30, 2011

I'm usually not working with this product, but this is what I'm trying to do.I have 2 internal networks setup on our Cisco ASA 5505 firewall. (not done by me, I'm a new to this product)I'm trying to access a server on one network from a PC located on the other internal network. (preferable through the web gui)When I try "Packet Tracer" from interface "Trust4" it fails on the NAT phase.(Source ip: 10.0.4.99, Destination ip: 10.0.6.99)
When I check the NAT rule, it says:
Type            Source     Interface    AddressDynamic         any          outside      outside.

View 3 Replies View Related

Cisco Firewall :: Rv042 - Firewall Access Rule

Jun 3, 2013

I have a server behind an rv042 that i would like to block access to on one port from outside in.  I have configured the rule as follows:
 
priority = 1.  policy name<name>.  enable<checked>.  action = deny.  service <service to block>. source interface = wan1.  sources = any.  destination = <public ip address of server>.  day <nothing>. 

This does not block the intended port from outside.  I also changed the destination to be the private ip address and i changed the source interface to LAN and to *.  What is the correct syntax to do this?.  Port forwarding is enabled.  I noticed that there is one entry in the forwarding table for the public ip but it is going to a dead private ip address.  Would this have an effect? 

View 5 Replies View Related

Cisco Firewall :: ASA5520 - Access-Rule ASDM Ver 6.2(1) Vs 5.2(3)

Apr 17, 2011

I am creating access rule on a ASA5520 running ASA 8.2 (1) and ASDM 6.2(1) and found that the GUI has less option then when creating access rule on a ASA5505 running ASA 7.2 (3) and ASDM 5.2(3) (see attachment). Is there an option that enables me to get the same configuration options on the ASA5520 running ASA 8.2 (1) and ASDM 6.2(1) as I have on the ASA5505 running ASA 7.2 (3) and ASDM 5.2(3).

View 4 Replies View Related

Cisco Firewall :: PIX600 - Correlate Access Rule

Oct 13, 2011

I have a PIX with 600 active access rules but many rules arent't in use. A lot of the rules aren't necessary anymore but I don't know what they are. How to know what rules are working?

View 4 Replies View Related

Cisco Firewall :: ASA 5505 Site To Site RTP Traffic Is Hitting Deny All Rule?

Aug 13, 2012

Got an ASA5505 connected to another endpoint running IPsec and being NAT'd at each end to a 10.0.0.0/24 network. I can pass other types of traffic through the ASA 5505 but not RTP traffic. The moment it is NAT'd and hits the firewall rules it gets denied by the default deny at the bottom of the list.

Currently the rules are as follows
 
 Incoming External
allow ip any any
allow tcp any any
allow udp any any
default deny

 [code].....
 
It wont allow us to setup a voip call...however when the same call manager sets up a voip call NOT using this ipsec tunnel it works just fine.

View 2 Replies View Related

Cisco Firewall :: ASA 5520 Access Rule Duplicating Existing One

Jul 3, 2011

After upgrading to 8.4(2) and ASDM 6.4(5) I seem to have an extra access rule duplicating an existing rule, this is only visable through the ASDM. When using the CLI you can't see this duplicate rule.
 
I therfore get the following warning everytime I make a config change using the ASDM [code] If I delete this rule it returns everytime I launch the ASDM!
 
I also have extra config under Firewall>Configuration>Public Servers that I didn't have before. If I delete it, again it returns.

View 8 Replies View Related

Cisco Firewall :: Allowing FTPS Access In ASA5510

Apr 13, 2012

We had an ASA 5510 as a firewall in our environment, and there is a requirement to access an ftps server from our location. Currently from the server location they configured everything by allowing our public ip to their server and gave the following details to access ftp.Please suggest which traffic needs to be allowed in our ASA to access the ftp server address as mentioned above. From my initial analysis, it's found that 989 port is also enabled for the access, but that was not mentioned by them.

View 1 Replies View Related

Cisco Firewall :: ASA 5550 - Acl Allowing Guest Access

Jan 26, 2012

I have an ASA 5550 at our main site with an external ethernet interface to our ISP for internet access.  I would like to allow 10.100.41.x/24 http / https access but block this network's access to all other internal networks including 172.17.x.x,,  10.100.1 - 40.x, and others.  I'm having trouble identifying what IP address to use as the desitination for the permit rule for access to the internet.  The rule that comes after the permit is to deny 10.100.41.x/24 access to internal network addresses. 

View 1 Replies View Related

Cisco Firewall :: Allowing Internet Access Only For Specific Computers On PIX 501?

Jan 8, 2012

I'm a college student working on a lab involving a Cisco PIX 501 Firewall.
 
My project involves 1 computer and a firewall. My goal is to use the firewall to allow access to the internet for that computer which uses a static IP 192.168.1.5 and ONLY for that IP address. The firewall is connected to the internet.
 
I have the computer hooked up to the firewall with the serial and using hyper terminal to enter commands. I think I need to use access lists in order to deny traffic on those ports for those particular hosts. I can't figure out exactly how I need to set it up.
 
What I need to do is permit internet access for 192.168.1.5 alone. Any other IP should not be able to access the internet.
 
I tried:
 
access-list 1 permit tcp host 192.168.1.5 any eq 80
access-group 1 in interface inside
 
I cannot access the internet using the computer with 192.168.1.5. The goal is to be able to access with that IP and no other.

View 6 Replies View Related

Cisco Firewall :: ASA 5520 - Filter Is Not Allowing To Access Certain Websites

Aug 20, 2012

We have a Cisco ASA 5520 and Web sense.  I added a filter but it seems like it is still not allowing us to access a certain website from most of the machines however some machines with the same configuration work on the DMZ. Accessing website tells us:

"Firefox has detected that the server is redirecting the request for this address in a way that will never complete". 

Filter I applied on the firewall:

filter url except 0.0.0.0 0.0.0.0 64.18.218.0 255.255.255.0 allow
filter https except 0.0.0.0 0.0.0.0 64.18.218.0 255.255.255.0 allow

View 9 Replies View Related

Cisco Switching/Routing :: RV042 - Firewall Blocks Ports Though Access Rule

Dec 10, 2011

I have a Cisco RV042 Wired Router. I've got a static IP and a MS Small Business Server in my Router Network. I have forwarded the essential ports to use the IIS and the Exchange Server of my SBS2011 (HTTPS, HTTP, smtp, rpc). I have also created some access rules for these ports, but I don't have any access on my server services, if the firewall is activated.
 
Here are my Firewall Access Rules from the RV042 Web Interface:

View 16 Replies View Related

Cisco Switching/Routing :: 2950 Disabling Windows Firewall / Allowing Access Through The Router

Dec 18, 2012

i bought a cisco 2950 series switch to play around with and im trying to set it up to SSH. I have google'd a bit on how to do this and i've sort of hit a wall... i have downloaded the cryptographic image from cisco's website, installed a TFTP server (think this is where my issue lies) but when i do the copy tftp flash global command i keep getting the error accessing "xxxx" message.I have tried allowing the server through windows firewall, disabling windows firewall, allowing access through the router..

View 6 Replies View Related

Cisco Firewall :: ASA 5520 - Allowing Guest Wireless Network Access To Internal Subnets

Jan 23, 2012

We have a Cisco wireless infrastructure in place that includes a guest network with its own subnet that is a sub interface of the inside interface on our ASA 5520.  There are no routes for it to be allowed access to the internal subnets.  So it can only access the internet.  This is primarily used by the public, but we have several non employee personnel that we only want to give internet access and force them to access the internal network through our clientless SSL vpn portal or through other internet facing internal resources such as webmail.I have done packet traces from within the ASA and the break appears to be there is no ACL allowing the traffic back into the network once the web resource replies to the request and the traffic is attempting to come back into the network from the web resource.  Is that as clear as mud?
 
I know that this has to be a common problem and a way around this is to allow the guest wireless network access to the internal network but only for the select resources that they require.  And that this can be done seemlessly by network specific routes and or alternate DNS entries, but I would like to keep this simple and just allow them to access the web resource, webmail and VPN, from the guest wireless using internet DNS servers without route trickery.

View 8 Replies View Related

Getting Client For Microsoft On Home Computer?

Jan 19, 2013

Do i need to use client for Microsoft on my home PC that is connected to internet with a 3g pay and go dongle,is it important?

View 1 Replies View Related

Cisco Firewall :: Unable To Edit IP Based ACL Firewall Rule In RVS4000?

Apr 8, 2012

I am a novice with networks but do have a fair understanding of networks. I have a small business network, utilizing a RVS4000 router (Firmware V2.0.27)I am attempting to set up firewall rules to block certain web sites at certain times.I have successfully set up rules using source and destination ranges, to deny service 24 hours a day everyday.
 
However and here is the problem when I attempt to edit any of the rules (I want to change the time to certain hours of the day) it allows me to edit the rule but when I attempt to save I get an error message up saying there are invalid characters and it will not save the changes?create the whole thing with the changes I want it works fine, is this a known bug?

View 1 Replies View Related

Cisco Firewall :: ASA5505 Firewall Rule Not Blocking

Apr 1, 2013

I'm trying to troubleshoot an ASA5505.
 
The original goal was to block "Mumble/Murmur" (a voip app) traffic, which runs on TCP/UDP 64738, both inbound and outbound, except to a certain host (63.223.117.170).
 
However, when nothing I tried seemed to make a difference, just to troubleshoot, I decided to try blocking all inbound traffic.  I first disconnected ethernet port 0/0 to ensure that it was cabled correctly and the outside interface went down when I did.  That worked as expected, so I confirmed I had the right interface and it was cabled correctly.
 
I then applied a "any any deny ip" rule as the first element in the outside interface access_list, as you can see below.  However, it appears to have had no real effect and the hit count is very low (it should be astronomical).
  
show ver 
Cisco Adaptive Security Appliance Software Version 9.0(2)
Device Manager Version 7.1(2) 
Compiled on Thu 21-Feb-13 13:10 by builders
System image file is "disk0:/asa902-k8.bin"

[Code].....

View 4 Replies View Related

Local Access Only - Router Not Allowing Access To Internet?

May 18, 2011

Abruptly internet access disappeared. It's a router issue, none of the computers here can connect. Further, I can't access the router through a browser - 192.168.0.1 results in a "Firefox cannot connect" message. I've tried resetting the DNS to no avail. I'm typing via cell phone and it's annoying, but I'm willing to try about anything.

View 4 Replies View Related

Can't Access Any Microsoft Webpage

Dec 13, 2011

I cant access microsoft webpage. I have fresh copy of win XP pro SP3, IE 8, and connected through an updated Vodafone ADSL modem through ethernet. Strange thing is, I can access bank, tv over internet, etc. except MICROSOFT webpages.

View 2 Replies View Related

Cisco Firewall :: ASA 5510 Cannot Connect To Microsoft IAS

Apr 24, 2012

I am transitioning from a Microsoft ISA server to a Cisco ASA 5510. So far so good, until it comes to getting AAA functioning properly. I have a Microsoft IAS server that is functioning properly, however when I try to test it through the ASA's ASDM it errors out. When I run a packet trace it shows it's being blocked by the dreaded implicit ACL. The funny thing is that I can ping and traceroute to the IAS server from the ASA. I found numerous config examples for AAA using IAS, but still not working.
 
Could it possibly be behaving this way because my ASA and my IAS server are on two different internal netowrks? (172.31.1.x-ASA, 10.1.1.x-IAS)

View 1 Replies View Related

Cisco VPN :: Microsoft VPN Client To ASA 5510 Firewall?

Aug 5, 2012

We just set up the AnyConnect SSL vpn on our ASA.  I am able to establish a connection fine using the Cisco AnyConnect client.  I would like to use the native Windows VPN client though if possible. What configuration changes on either the firewall or the client I would need to make for this to happen?

View 1 Replies View Related

Cisco WAN :: Microsoft Outlook Though ASA5505 Firewall

Nov 16, 2011

I have some users from another company who are visiting my company. The use outlook to access their mail. I think it is via RPC over https (ssl). When there are on my network they are unable to send messages but when the connect to an ISP directly they are able to send. I have a cisco 2821 as my internet router and an ASA5505 (8.0.5...i downgraded it from 8.2.3) as my firewall. I have not blocked anything from going out. Of note is that when other users use window live configured for gmail....which uses tls they are unable to send emails with atachements. Regular emails go though no problem. Hotmail can send atachments without a problem (there is no encrytion there). I have narrowed the issue down to how the firewall treats esmtp or tls traffic passing though it. I have already diabled inspect esmtp on the firewall.

View 2 Replies View Related

Cisco Firewall :: Microsoft Exchange With NLB And PAT On Asa 5510

Nov 7, 2012

i have exchange with NLB cluster.
 
i want to PAT the cluster ip to access email from outside. i know i can add the static arp entry for multicast cluster ip.
 
my question is i can add static nat command to that same cluster ip for port 25 and 443 like normal way like we do for normal PAT?

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved