Cisco Firewall :: 5505 - Users Unable To Access External Email Servers ASA?
Nov 28, 2011
I have a issue that i am at a loss as how to solve it. I have an ASA 5505 as my firewall. I have users from other companies who visit from time to time and are unable to use their outlook email to send messages. They can however receive messages without a problem. I also have a situation where users who use windows live to access gmail are unable to send messages.
I have narrowed it down to the fact that these uses are using ssl/tls to send the mails. I did some research and found out about the inspect esmtp setting in the ASA. I have disabled it and i still have to problem. I have also removed all outbound deny statements and still no luck.
Of note is that i can send emails without attachments. They take a long time to go out ( from minutes to hours) but eventually they do. Emails with attachments of even 10k do not go at all.
I was running image 8.2.3 and i downgraded to 8.0.5...still did not work...i upgraded to 8.4.3...still did not work. I am now back at 8.2.3.
My Firewall config is attached. I am at my wits end as to what else to try. The company has not renewed support for the device so i am on my own here!
View 2 Replies
ADVERTISEMENT
Feb 26, 2013
I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
[Code]......
View 9 Replies
View Related
Feb 24, 2011
I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.
When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.
The ASA5505 configuration is shown below.
hostname Firewall
interface Ethernet0/0
description Connected To Internet Router
switchport access vlan 10
[Code].....
View 2 Replies
View Related
Apr 3, 2013
I am having some trouble accessing some backup Email (Outlook Web Access) and Citrix servers located behind an ASA 5505 firewall at a remote datacentre. Simply put, when I go to the specific URL (e.g. [URL]) I do not arrive at the splash page, I just get a message saying that the server took too long to respond in the web browser. I'm wondering whether I have missed something on the configuration or the firewall itself is not letting my requests through. The remote servers are located at a remote Disaster Recovery site and use the subnet 192.168.4.0/24. I am at head office which is connected to the DR site via a VPN using 192.168.1.0/24.
[Code] .....
View 2 Replies
View Related
Jul 20, 2011
I have configured the ASA 5505 for internet access and outside users to use two servers in the DMZ. Every thing is working fine. When I was configure VPN, I did some mistake I guess, now inside users are not able to access internet. They get an error 405. Thats an error. The request method XXX is inappropriate for the URL /. Thats all we know. Even I am not able to access the server in the DMZ from outside and I get an error : Bad Request - Invalid HeaderThese things just happend after I did some thing on the ASA. I copy and pasted the my old configuration but still insider users are not able to connect to internet and from outside I am not ableto connect to server. The weired thing is that I can user VPN with out any issues. I can connect to vpn but I cant access any internal resources. Even inside users are able to ping internet addresses with out any issue.
View 2 Replies
View Related
Mar 22, 2012
We have an ASA 5505 running version 8.4. We are having problems allowing external traffic to access computers behind the firewall. Our current config is:
ASA Version 8.4(3)!hostname ciscoasadomain-name default.domain.invalidnames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address 10.2.1.1 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address 152.18.75.132 255.255.255.240!boot system disk0:/asa843-k8.binftp mode passivedns server-group DefaultDNSdomain-name default.domain.invalidobject network a-152.18.75.133host 152.18.75.133object network a-10.2.1.2host 10.2.1.2object-group network ext-serversnetwork-object host 142.21.53.249network-object host 142.21.53.251network-object host 142.21.53.195object-group network ecomm_serversnetwork-object
[code]....
View 10 Replies
View Related
Sep 10, 2012
I'm configuring a 5505 for a remote office. Until they are assigned a static ip by the provider I will have to use the providers dhcp address. How do I construct an access list for the outside interface using the external address if I don't know it yet? is there a commnd that will insert the ip address in to the access list once one is assigned?
View 5 Replies
View Related
Jan 14, 2012
We just upgraded from 8.2.4 to 8.2.5.20 on each firewall. The Primary and Secondary work when they are standalone but, when we connect the fail over link from the Primary to the Secondary, invariably, one of them will go into a constant boot cycle and one will be active but, external users will be intermittently dropped. As soon as we unplug the fail over, the firewall that stays up behaves normally. This is with 8.2.5.20 code or any other code for that matter?
View 2 Replies
View Related
Feb 16, 2012
I have a ASA5505 and setup SSL VPN. My users can connect to the VPN but can't get access to any of the internal servers.
View 3 Replies
View Related
Sep 27, 2012
I have config ASA 5505 and it is conencted to layer 3 switch that connects to cable Modem.
ASA is config with DHCP option and PC is able to get the IP from ASA. But from PC i am unable to access the internet. From ASA itself i am able to ping the Websites fine.
ASA has config with DHCP for inside and also it is doing NAT.
When i connect the ASA directly to Cable modem then pc is able to access the internet.
View 4 Replies
View Related
Oct 13, 2010
I recently cut over from a WRT54G to a RV120W. I am having an issue where I type [URL] (for a server running on my network) in my web browser while on the internal network and it always comes back with the router login page. Basically it is supposed to go out of the router and then come back in on the public IP address and hit that server. There was a function on the WRT54G called "Filter Internet NAT redirection" which when turned off would allow this to happen. I am not seeing a feature like this on the RV120W
[URL]
View 29 Replies
View Related
Jun 14, 2011
I have installed quite recently a cisco ASA 5520 replacing a linux based firewall I have only 2 zones ..one is internal netowrk and other external the internal network has web servers, dns and mail server all having public IPs Every thing is OK but i have seen that if I try to ping an external server for example [URL] i cannot ping says
[sylvan@kmdns1 ~]$ ping www.yahoo.com
PING eu-fp.wa1.b.yahoo.com (87.248.112.181) 56(84) bytes of data.
--- eu-fp.wa1.b.yahoo.com ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5010ms
but I can ping from systems which are outside my firewall perfectly with the linux firewall i had before i could ping perfectly to yahoo from any of my internal servers?
View 5 Replies
View Related
Oct 14, 2012
I will be configuring port forwarding to a phone system on the network for remote management. I would like to have the ASA send an email alert when a connection has been made to the open port. Is this possible to do and if so how to configure it.
View 1 Replies
View Related
Jan 16, 2012
when I want to let email to come through the ASA5505 from outside to DMZ and Inside network, are the below command lines correct and good enough?
access-list outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq imap4
access-list outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq pop3
access-list outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq smtp
access-list outside_inside extended permit tcp outside-network-ip inside-network-ip eq imap4
access-list outside_inside extended permit tcp outside-network-ip inside-network-ip eq pop3
[code]....
Are there any other TCP ports want to be allowed and other command lines need to be added?
View 5 Replies
View Related
Nov 14, 2011
So here's what I think I should do to give email access only to a segment of addresses of my inside network.
1) Create a network object for 62 machines that will represent my dhcp clients.I plan to use 192.168.0.65-192.168.0.126. So I will use address 192.168.0.64 with netmask 255.255.255.192. Then set DHCP server to service this address range.
2) Create an ACL which will Permit Any to use tcp port 110 (pop3) to get to the outside. Which leads me to question #1:
How do I permit the source "Any" to communicate with "Any Less Secure Networks" like the implicit rule that gets zapped once I create new ACL? Is "Any Less Secure Network" implied by the "Any" destination?
3) Create an ACL which will Deny my DHCP range to talk to the outside.
4) Create an ACL which will Permit Any to talk to Any Less Secure Network(essentially recreating the implicit Permit ACL that got zapped).
View 1 Replies
View Related
Sep 24, 2011
I am using two firewalls to connect two different offices. Firewall 5510 is running ASDM 6.3 and 5505 is running ASDM 6.2, Problem is that even after connecting two sites, i am unable to ping remote network from either side. I am mentioned static route as tunneled.
View 1 Replies
View Related
Mar 26, 2013
I am in the process of switching firewalls. Currently I have a Sonic Firewall inplace. I have been tasked to switch the firewall out with a cisco asa firewall 5510. The sonic firewall currently allows email traffic, web traffic, and dns traffic. When I use the current config below on the asa I am unable to receive email from the outside network. I can send and browse websites but I cannot receive email.
ASA Version 9.1(1)
! hostname ciscoasa
enable password kdkfdjdjflkadjdsfj
[Code]......
View 3 Replies
View Related
Nov 21, 2012
New to the ASA 5505 8.4 software version, but here is what I'm trying to do:
-Single static public IP: 16.2.3.4
-Need to PAT several ports to three separate servers behind firewall
-One server houses email, pptp server, ftp server and web services: 10.1.20.91
-One server houses drac management (port 445): 10.1.20.92
-One server is the IP phone server using a range of ports: 10.1.20.156
Basically, need to PAT the ports associated with each server to the respective servers behind the ASA 5505. Is anything missing from this config? Do I need to include a global policy for PPTP and SMTP? [code]
View 11 Replies
View Related
Jan 17, 2012
I have an ASA 5505. I have configured Remote Access VPN so that users can connect to VPN and access my main VLAN (Inside). I would like to secure it so that when a user VPN's in, they are only allowed access to the HVAC vlan (Vlan 2) as seen in my configuration. Please note there is also a LAN- 2- LAN VPN which has been configured as well.
View 17 Replies
View Related
May 20, 2013
I am using ASA5505 and I would like to block certain websites such as facebook.com on some users only
View 3 Replies
View Related
Jul 2, 2012
There are 10, 50 and unlimited users profiles for the ASA 5505, reason for that restriction? Does that mean for example that only 10 users can go through a 10-user 5505?
View 6 Replies
View Related
Feb 24, 2013
I have a Cisco ASA5505 and windows DHCP server, how do I add this external server to ASA so my PC clients can get DHCP from this server?
View 3 Replies
View Related
Dec 26, 2011
We have a working config with 1 external IP, we need to a second webserver (https) and it should be routed via a second public IP address. I already tried some suggestions from the community but haven't been able to find the solutions.
xxx.xxx.xxx.194 is going to the internal IP of 192.168.60.1 for OWA (https)
xxx.xxx.xxx.195 should go to a new webserver on 192.168.60.3
both server should be connected using SSL This is the current configuration :
ASA Version 8.3(1) !hostname fwdomain-name domain.localnames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.60.250 255.255.255.0 !interface Vlan2nameif outsidesecurity-level 0ip address xxx.xxx.xxx.xxx 255.255.255.0 !interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveclock timezone CEST 1clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00dns server-group DefaultDNSdomain-name domain.localobject network obj_any subnet 0.0.0.0 0.0.0.0object network NETWORK_OBJ_192.168.70.0_26 subnet 192.168.70.0 255.255.255.192
[code].....
View 3 Replies
View Related
Jul 6, 2011
i have an asa 5505 firewall with asa version 8.2(1). my asa connected on wan port over isp router on internet.inside users connected over dlink switch and the allied telesis 24 ports switch on this asa. the inside users are blocked and they can't communicate. all inside ports of asa 5505 are in one vlan and all ports are switch ports. the configuration of my firewall is
: Saved : Written by xxxxxx at 11:26:22.109 CEDT Thu Jul 7 2011 ! ASA Version 8.2(1) ! hostname asa5505 domain-name dri.local enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names ! interface Vlan1 no
[Code].....
View 5 Replies
View Related
Nov 4, 2011
I've configured a 5505 but internal clients can't ping external ip. To test I've connect a pc with the ip of the default router on the Outside int the ASA can ping the PC and the PC can ping the ASA, but internal clients can't ping the PC
PC config 195.12.23.241/28
Here's the ASA config, so far I've wiped the ASA and started with a blank sonfig and built it up but still not working.
ASA Version 8.2(5)
!
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
[Code] .....
View 2 Replies
View Related
Oct 3, 2012
Does the ASA 5505 will allow the addition of a 2nd external link to its configuration? I know the device is capable of Redundant or Backup ISP Links, but that’s not what I need. I will have two different links for two different purposes. Currently we are using the ASA 5505 just for Internet access, so only the ISP link is connected, very basic configuration. We are planning a connection to a client’s global (MPLS) network and we need to be protected against any traffic coming from that network, ergo we need to use a firewall for connection to that external link.Now with the final configuration the Internet traffic must keep being routed to the ISP link, and some other traffic must be routed to the new external link. Can the ASA 5505 be configured for this scenario?
View 7 Replies
View Related
Feb 28, 2013
I have configured and tested an ASA-5505 that will be deployed at a customer's home. The ISP cable modem will connect to the E0 (outside) interface of the ASA. All other interfaces on the ASA are configured for the inside network 192.168.5.0/24. I have created a VPN site-to-site tunnel between this ASA and the UC540 to allow 192.168.5.0/24 subnet access to the internal networks on the UC540.
The user has requested that all the network devices used by the rest of the family will only need to connect to the Internet. They will not need access to the VPN tunnel and they will not need access to the computers on the 192.168.5.0/24 inside network. I was planning on performing the following tasks to get this to work.
View 2 Replies
View Related
Mar 7, 2011
I am using my ASA 5505 to remote VPN. I use both windows and Macs. I use the Cisco VPN client software on the windows machine, on the Mac I have used both the Cisco VPN software and the built in OS X VPN client.
I am able to VPN with all machines, but randomly the VPN will disconnect all users. I know there is a setting that may fix this which I think I tested in the past and it did not work, but I have now forgotten it.
View 4 Replies
View Related
Feb 27, 2012
I am facing Tear down problem on cisco asa 5505.Users are always disconnecting 25-30 min from outside server. [code]
View 2 Replies
View Related
Jun 9, 2010
I'm looking to setup AnyConnect VPN with no split tunneling. ASA 5505 v8.2. It seems this should be really easy. I must be missing something.
I can get the AnyConnect users to connect fine and they can access sites internal and at other IPSec-tunneled sites. But no access to the internet.
Internal is 10.1.1.x, VPN pool is 10.1.1.251-253 (Temp list for testing). I issued the following tracer: packet-tracer input outside tcp 10.1.1.253 12345 69.147.125.65 80 detailed
The last reported point (where it fails) is:
Phase: 7
Type: WEBVPN-SVC
Subtype: in
[Code].....
View 10 Replies
View Related
Jun 4, 2012
I have a Cisco 5505, 2 sites that are internal, 1 external IP (dhcp from cable modem). While on my laptop, ipad, iphone, I cannot access the server via it's external IP address. I MUST use the internal IP in order to access this site. I have heard of hairpinning, internal dns server(don't really want this).
View 8 Replies
View Related
Mar 13, 2013
We have an ASA 5505 and are changing ISPs so we'll be getting a new static IP address. How do I change the external IP address using ASDM? (I haven't done it in 5 years so I'm rusty and just want ot make sure.) The ASA and ASDM are up to date.Am i correct in that I only need to change the external address in the configuration under Interfaces, then under Routing - Static Routes - Gateway IP I just need to enter the new WAN gateway address?
View 2 Replies
View Related
May 30, 2013
I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to 192.168.1.244:92 (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at 192.168.1.244:92. The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did.
View 5 Replies
View Related
