Cisco Firewall :: 5505 - Users Unable To Access External Email Servers ASA?

Nov 28, 2011

I have a issue that i am at a loss as how to solve it. I have an ASA 5505 as my firewall. I have users from other companies who visit from time to time and are unable to use their outlook email to send messages. They can however receive messages without a problem. I also have a situation where users who use windows live to access gmail are unable to send messages.
I have narrowed it down to the fact that these uses are using  ssl/tls to send the mails. I did some research and found out about the inspect esmtp setting in the ASA.  I have disabled it and i still have to problem. I have also removed all outbound deny statements and still no luck.
Of note is that i can send emails without attachments. They take a long time to go out ( from minutes to hours) but eventually they do. Emails with attachments of even 10k do not go at all.
I was running image 8.2.3 and i downgraded to 8.0.5...still did not work...i upgraded to 8.4.3...still did not work. I am now back at 8.2.3.
My Firewall config is attached. I am at my wits end as to what else to try. The company has not renewed support for the device so i am on my own here!

View 2 Replies


Cisco Firewall :: ASA 5510 - Users Unable To Access Internet Through Firewall

Feb 26, 2013

I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show  running-config
: Saved


View 9 Replies View Related

Cisco Firewall :: Users Behind ASA5505 Firewall Are Unable To Access Internet

Feb 24, 2011

I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.

When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.

The ASA5505 configuration is shown below.

hostname Firewall

interface Ethernet0/0
description Connected To Internet Router
switchport access vlan 10


View 2 Replies View Related

Cisco Firewall :: Can't Access Internal Servers From Behind ASA 5505

Apr 3, 2013

I am having some trouble accessing some backup Email (Outlook Web Access) and Citrix servers located behind an ASA 5505 firewall at a remote datacentre. Simply put, when I go to the specific URL (e.g. [URL]) I do not arrive at the splash page, I just get a message saying that the server took too long to respond in the web browser. I'm wondering whether I have missed something on the configuration or the firewall itself is not letting my requests through. The remote servers are located at a remote Disaster Recovery site and use the subnet I am at head office which is connected to the DR site via a VPN using

[Code] .....

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Not Able To Access Internet And Outside To DMZ Servers

Jul 20, 2011

I have configured the ASA 5505 for internet access and outside users to use two servers in the DMZ. Every thing is working fine. When I was configure VPN, I did some mistake I guess, now inside users are not able to access internet. They get an error 405. Thats an error. The request method XXX is inappropriate for the URL /. Thats all we know. Even I am not able to access the server in the DMZ from outside and I get an error : Bad Request - Invalid HeaderThese things just happend after I did some thing on the ASA. I copy and pasted the my old configuration but still insider users are not able to connect to internet and from outside I am not ableto connect to server. The weired thing is that I can user VPN with out any issues. I can connect to vpn but I cant access any internal resources. Even inside users are able to ping internet addresses with out any issue.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 / Allow External Traffic To Access Internal Computers

Mar 22, 2012

We have an ASA 5505 running version 8.4. We are having problems allowing external traffic to access computers behind the firewall. Our current config is:
ASA Version 8.4(3)!hostname ciscoasadomain-name default.domain.invalidnames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address!interface Vlan2nameif outsidesecurity-level 0ip address!boot system disk0:/asa843-k8.binftp mode passivedns server-group DefaultDNSdomain-name default.domain.invalidobject network a- network a- network ext-serversnetwork-object host host host network ecomm_serversnetwork-object


View 10 Replies View Related

Cisco Firewall :: 5505 - Construct An Access List For Outside Interface Using External Address?

Sep 10, 2012

I'm configuring a 5505 for a remote office.  Until they are assigned a static ip by the provider I will have to use the providers dhcp address. How do I construct an access list for the outside interface using the external address if I don't know it yet? is there a commnd that will insert the ip address in to the access list once one is assigned?

View 5 Replies View Related

Cisco Firewall :: 8.2.4 External Users Will Be Intermittently Dropped

Jan 14, 2012

We just upgraded from 8.2.4 to on each firewall. The Primary and Secondary work when they are standalone but, when we connect the fail over link from the Primary to the Secondary, invariably, one of them will go into a constant boot cycle and one will be active but, external users will be intermittently dropped. As soon as we unplug the fail over, the firewall that stays up behaves normally. This is with code or any other code for that matter?

View 2 Replies View Related

Cisco VPN :: ASA5505 Users Connect But Can't Access LAN Servers

Feb 16, 2012

I have a ASA5505 and setup SSL VPN. My users can connect to the VPN but can't get access to any of the internal servers.

View 3 Replies View Related

Cisco Firewall :: Unable To Access Internet With ASA 5505

Sep 27, 2012

I have config ASA 5505 and it is conencted to layer 3 switch that connects to cable  Modem.
ASA is config with DHCP option and PC is able to get the IP from ASA. But from PC i am unable to access the internet. From ASA  itself i am able to ping the Websites fine.
ASA has config with DHCP for inside and also it is doing NAT.
When i connect the ASA  directly to Cable modem then pc is able to access the internet.

View 4 Replies View Related

Cisco Routers :: RV 120W Can't Access Internal Servers By External Addresses

Oct 13, 2010

I recently cut over from a WRT54G to a RV120W.  I am having an issue where I type [URL] (for a server running on my network) in my web browser while on the internal network and it always comes back with the router login page.  Basically it is supposed to go out of the router and then come back in on the public IP address and hit that server.  There was a function on the WRT54G called "Filter Internet NAT redirection" which when turned off would allow this to happen.  I am not seeing a feature like this on the RV120W

View 29 Replies View Related

Cisco Firewall :: ASA 5520 / Cannot Ping External Servers Like Yahoo Or Sony

Jun 14, 2011

I have installed quite recently a cisco ASA 5520 replacing a linux based firewall I have only 2 zones is internal netowrk and other external the internal network has web servers, dns and mail server all having public IPs Every thing is OK but i have seen that if I try to ping an external server for example [URL] i cannot ping says
[sylvan@kmdns1 ~]$ ping
PING ( 56(84) bytes of data. 
--- ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5010ms
but I can ping  from systems which are outside my firewall perfectly with the linux firewall i had before i could ping perfectly to yahoo from any of my internal servers?

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Sending Email Alerts?

Oct 14, 2012

I will be configuring port forwarding to a phone system on the network for remote management. I would like to have the ASA send an email alert when a connection has been made to the open port. Is this possible to do and if so how to configure it.

View 1 Replies View Related

Cisco Firewall :: Email Port Open For ASA 5505?

Jan 16, 2012

when I want to let email to come through the ASA5505 from outside to DMZ and Inside network, are the below command lines correct and good enough?
access-list  outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq imap4
access-list outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq pop3
access-list outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq smtp
access-list outside_inside extended permit tcp outside-network-ip inside-network-ip eq imap4
access-list outside_inside extended permit tcp outside-network-ip inside-network-ip eq pop3

Are there any other TCP ports want to be allowed and other command lines need to be added?

View 5 Replies View Related

Cisco Firewall :: ASA 5505 / ACL To Allow Email Traffic Only To DHCP Clients?

Nov 14, 2011

So here's what I think I should do to give email access only to a segment of addresses of my inside network.
1) Create a network object for 62 machines that will represent my dhcp clients.I plan to use So I will use address with netmask Then set DHCP server to service this address range.
2) Create an ACL which will Permit Any to use tcp port 110 (pop3) to get to the outside. Which leads me to question #1:
How do I permit the source "Any" to communicate with "Any Less Secure Networks" like the implicit rule that gets zapped once I create new ACL? Is "Any Less Secure Network" implied by the "Any" destination?
3) Create an ACL which will Deny my DHCP range to talk to the outside.
4) Create an ACL which will Permit Any to talk to Any Less Secure Network(essentially recreating the implicit Permit ACL that got zapped).

View 1 Replies View Related

Cisco Firewall :: Unable To Access Remote Network After Connecting ASA 5510 And 5505

Sep 24, 2011

I am using two firewalls to connect two different offices. Firewall 5510 is running ASDM 6.3 and 5505 is running ASDM 6.2, Problem is that even after connecting two sites, i am unable to ping remote network from either side. I am mentioned static route as tunneled.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Unable To Receive Email From Outside Network

Mar 26, 2013

I am in the process of switching firewalls. Currently I have a Sonic Firewall inplace.  I have been tasked to switch the firewall out with a cisco asa firewall 5510.  The sonic firewall currently allows email traffic, web traffic, and dns traffic.  When I use the current config below on the asa I am unable to receive email from the outside network.  I can send and browse websites but I cannot receive email. 
ASA Version 9.1(1)
! hostname ciscoasa
enable password kdkfdjdjflkadjdsfj


View 3 Replies View Related

Cisco Firewall :: 5505 PAT With Single Public IP And Several Servers Behind Firewall

Nov 21, 2012

New to the ASA 5505 8.4 software version, but here is what I'm trying to do:
-Single static public IP:
-Need to PAT several ports to three separate servers behind firewall
-One server houses email, pptp server, ftp server and web services:
-One server houses drac management (port 445):
-One server is the IP phone server using a range of ports:
Basically, need to PAT the ports associated with each server to the respective servers behind the ASA 5505.  Is anything missing from this config? Do I need to include a global policy for PPTP and SMTP? [code]

View 11 Replies View Related

Cisco VPN :: 5505 Allow VPN Users To Access A Different VLAN

Jan 17, 2012

I have an ASA 5505.  I have configured Remote Access VPN so that users can connect to VPN and access my main VLAN (Inside).  I would like to secure it so that when a user VPN's in, they are only allowed access to the HVAC vlan (Vlan 2) as seen in my configuration.  Please note there is also a LAN- 2- LAN VPN which has been configured as well.

View 17 Replies View Related

Cisco Firewall :: ASA 5505 - Block Certain URL On Certain Users

May 20, 2013

I am using ASA5505 and I would like to block certain websites such as on some users only

View 3 Replies View Related

Cisco Firewall :: ASA 5505 Users Restriction?

Jul 2, 2012

There are 10, 50 and unlimited users profiles for the ASA 5505, reason for that restriction? Does that mean for example that only 10 users can go through a 10-user 5505?

View 6 Replies View Related

Cisco Firewall :: How To Add External Server To ASA 5505

Feb 24, 2013

I have a Cisco ASA5505 and windows DHCP server, how do I add this external server to ASA so my PC clients can get DHCP from this server?

View 3 Replies View Related

Cisco Firewall :: Multiple External IPs On ASA 5505?

Dec 26, 2011

We have a working config with 1 external IP, we need to a second webserver (https) and it should be routed via a second public IP address. I already tried some suggestions from the community but haven't been able to find the solutions. is going to the internal IP of for OWA (https) should go to a new webserver on
both server should be connected using SSL This is the current configuration :
ASA Version 8.3(1) !hostname fwdomain-name domain.localnames!interface Vlan1nameif insidesecurity-level 100ip address !interface Vlan2nameif outsidesecurity-level 0ip address !interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveclock timezone CEST 1clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00dns server-group DefaultDNSdomain-name domain.localobject network obj_any subnet network NETWORK_OBJ_192.168.70.0_26 subnet


View 3 Replies View Related

Cisco Firewall :: Restricted Inside Users Of ASA 5505

Jul 6, 2011

i have an asa 5505 firewall with asa version 8.2(1). my asa connected on wan port over isp router on internet.inside users connected over dlink switch and the allied telesis 24 ports switch on this asa. the inside users are blocked and they can't communicate. all inside ports of asa 5505 are in one vlan and all ports are switch ports. the configuration of my firewall is 
: Saved : Written by xxxxxx at 11:26:22.109 CEDT Thu Jul 7 2011 ! ASA Version 8.2(1) ! hostname asa5505 domain-name dri.local enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names ! interface Vlan1 no


View 5 Replies View Related

Cisco Firewall :: ASA 5505 8.2 - Clients Can't Ping External IP

Nov 4, 2011

I've configured a 5505 but internal clients can't ping external ip. To test I've connect a pc with the ip of the default router on the Outside int the ASA can ping the PC and the PC can ping the ASA, but internal clients can't ping the PC
PC config
Here's the ASA config, so far I've wiped the ASA and started with a blank sonfig and built it up but still not working.
ASA Version 8.2(5)
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
[Code] .....

View 2 Replies View Related

Cisco Firewall :: Can ASA 5505 Support Two External Links

Oct 3, 2012

Does the ASA 5505 will allow the addition of a 2nd external link to its configuration? I know the device is capable of Redundant or Backup ISP Links, but that’s not what I need. I will have two different links for two different purposes. Currently we are using the ASA 5505 just for Internet access, so only the ISP link is connected, very basic configuration. We are planning a connection to a client’s global (MPLS) network and we need to be protected against any traffic coming from that network, ergo we need to use a firewall for connection to that external link.Now with the final configuration the Internet traffic must keep being routed to the ISP link, and some other traffic must be routed to the new external link. Can the ASA 5505 be configured for this scenario?

View 7 Replies View Related

Cisco Security :: ASA-5505 - Getting Home Users Internet Access?

Feb 28, 2013

I have configured and tested an ASA-5505 that will be deployed at a customer's home.  The ISP cable modem will connect to the E0 (outside) interface of the ASA.  All other interfaces on the ASA are configured for the inside network I have created a VPN site-to-site tunnel between this ASA and the UC540 to allow subnet access to the internal networks on the UC540. 

 The user has requested that all the network devices used by the rest of the family will only need to connect to the Internet.  They will not need access to the VPN tunnel and they will not need access to the computers on the inside network.  I was planning on performing the following tasks to get this to work.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Intermittently Disconnects Remote Vpn Users

Mar 7, 2011

I am using my ASA 5505 to remote VPN.  I use both windows and Macs.  I use the Cisco VPN client software on the windows machine, on the Mac I have used both the Cisco VPN software and the built in OS X VPN client. 
I am able to VPN with all machines, but randomly the VPN will disconnect all users.  I know there is a setting that may fix this which I think I tested in the past and it did not work, but I have now forgotten it. 

View 4 Replies View Related

Cisco Firewall :: ASA 5505 Users Are Always Disconnecting 25-30 Minutes From Outside Server

Feb 27, 2012

I am facing Tear down problem on cisco asa 5505.Users are always disconnecting 25-30 min from outside server. [code]

View 2 Replies View Related

Cisco VPN :: ASA 5505 - AnyConnect Clients Can't Access External Sites?

Jun 9, 2010

I'm looking to setup AnyConnect VPN with no split tunneling. ASA 5505 v8.2. It seems this should be really easy. I must be missing something.
I can get the AnyConnect users to connect fine and they can access sites internal and at other IPSec-tunneled sites. But no access to the internet.
Internal is 10.1.1.x, VPN pool is (Temp list for testing). I issued the following tracer: packet-tracer input outside tcp 12345 80 detailed
The last reported point (where it fails) is:
Phase: 7
Subtype: in


View 10 Replies View Related

Cisco Firewall :: Accessing Internal Sites Via External IP 5505

Jun 4, 2012

I have a Cisco 5505, 2 sites that are internal, 1 external IP (dhcp from cable modem).   While on my laptop, ipad, iphone, I cannot access the server via it's external IP address.  I MUST use the internal IP in order to access this site. I have heard of hairpinning, internal dns server(don't really want this).

View 8 Replies View Related

Cisco Firewall :: Using ASDM To Change External IP Address Of 5505?

Mar 13, 2013

We have an ASA 5505 and are changing ISPs so we'll be getting a new static IP address. How do I change the external IP address using ASDM? (I haven't done it in 5 years so I'm rusty and just want ot make sure.) The ASA and ASDM are up to date.Am i correct in that I only need to change the external address in the configuration under Interfaces, then under Routing - Static Routes - Gateway IP I just need to enter the new WAN gateway address?

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Internal Address To Forward From External One

May 30, 2013

I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did.

View 5 Replies View Related

Copyrights 2005-15, All rights reserved