When I start a VPN-session my server looses internet access. The server is host for a few virtual machines and they have internet access.using 5505 and asa is version 8.4(2). [code]
View 6 RepliesI have a WES610N in my office connected to a E4200 @ the cable modem in the family room. ~30'.The connection is fine and works well when working.Connected to the WES610N I have:
-Polycom VOIP phone
-HP Mediasmart Windows Home Server
-Desktop
-Multi-Function Laser Printer
I have two issues.
1) The Polycom does a random reboot that I have traced down to it loosing it's IP
2) The Windows Home Server looses it's IP requireing a hard reset.
I have enabled QOS for the polycom and that just worked with managing data. However both devices seem to loose their IP regularly. The desktop might also be having the issue but because it is Vista I suspect Vista is better equipped to deal with IP issues.
We have a Cisco ASA 5505. As of yesterday we could no longer access our web server (the web server is hosted off-site). Pinging the DNS address and direct IP (from the firewall and a PC) both return no response. Pinging the IP from the T1 router responds properly, meaning the router can access the web server, but the firewall cannot. Accessing the web server has never been a problem, and no configuration changes have been made to the network/firewall. Other locations can access the web server just fine.
View 1 Replies View RelatedI would like to allow users from network 10.132.23.0/24, 10.132.33.0/24, 10.132.24.0/24 access to our SQL server(192.168.1.7) located on the inside interface(192.168.1.0/24 network) Those networks (10.132.0.0/16) come from the DMZ interface.
View 12 Replies View RelatedI tried the solution posted at [URL] however it did not work on my ASA5505 8.4(2). I thought that it may be because I only have a single public address so the web server is responding to port forwarding through the one public IP already. looking in ASDM it appears to indicate that a configured access list is blocking the server from responding to the internal hosts.
object network Private_IP
host 192.168.1.15
object network Public_IP
host 1.1.1.1
object-group network internal_net
[code]....
Can I fix an access list (or something) to make this work or am I wishing for too much with only one public IP? This worked by default on my Netgear firewall.
I need configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.I have attempted to configure rdp access but it does not seem to be working for me. How to modify my current configuration to allow this? I need to allow the following IP addresses to have RDP access to my server: [code] The other server shows up as 99.89.69.334 but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. My configuration file and what are the commands i need in order to put this through. Also, if there are any bad/conflicting entries. Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course.Also the bolded lines are the modifications I made but that arent working. [code]
I would like to allow remote access to a windows server through a ASA (5505) firewall. Users will use the vpn connection in order to connect to a private network. Is there any link that describes the steps for ASDM?
View 3 Replies View RelatedI just purchased a domain name, that I have forwarding to my WAN address. I want to be able to access my home websie via this route. I have an ASA 5505, how do I get the ASA to point to the home server when the WAN IP address is entered?
View 16 Replies View RelatedHow I can actively monitor the interfaces and overall status of 2 x ASA 5500s in an Active/Standby configuration?
I can setup monitoring of the interfaces on the Active member but I'm not sure how to manage the Standby member?
I'm having trouble setting up the correct rules on an ASA 5505 I'm using in my home office. I have a couple of IP Cams I need to access remotely.
I've tried setting up simple NAT(PAT) and/or Access Rules, but it hasn't worked. I have a single dynamic IP for the Outside interface. Call it 77.76.88.10 and I am using PAT. The CAM is setup to connect on port 80, but could be configured if necessary. I've tried setting up NAT Rules using ASDM as follows:
Match Criteria: Original Packet
Source Intf = outside
Dest Intf = inside
[Code]....
I'm afraid to use CLI only because I am not confident I'll know how to remove changes if I make a mistake.
I have a Cisco ASA 5505 in my home office which has a few PCs behind it with a linux web server running some websites. I can access the websites from outside no problem (i.e. on my iPhone using a 3G connection). However, I struggle to access the websites from within the network. The ASA gives me this error: [code]
View 3 Replies View Relatedi have 2 ASA 5505 running 8.3(1) and ASDM 6.3(1).
the first unit is currently working, and i now wish to configure the second unit as standby. im configuring through the ASDM GUI. Started the HA Wizard, choose Active/Standby configuration and enter the IP of the peer device. checks come back all ok. On the LAN link configuration page (step 3of6) Interface is pre selected as VLAN99, I give it a logical name as iface_fail, and enter 10.0.0.1 as primary address and 10.0.0.2 as standby, subnet as 255.255.255.248, and select port Ethernet0/5
Note that if i click on the buttons next to the IP fields, i get IP addresses of remote hosts!.
I have two 5505 ASA. I would like to know can I make two 5505 failover redundant with active standby setup?
View 11 Replies View RelatedI'm trying to install Active Directory Agent in Windows 2003 (not R2) to configure Identity Firewall with ASA 5505 8.4.(2). The installation runs ok but the agent doesn't start because the WatchDogService.exe fails. I don't find any information about AD_Agent.
View 5 Replies View RelatedI'm trying to get a couple clients to talk to my Active Directory servers. I've created sub-interfaces on my ASA. So, my clients are on Gi0/1.139 and my two Active Directory servers are on Gi0/1.132. I've enabled traffic on TCP 53-5000 port range according to Microsoft. My clients still can't join the domain. What ports I need to open up? My AD servers are Windows 2003.
View 1 Replies View RelatedI have two ASA 5505's with Security Plus licenses on both.I am trying to force them to becoming an HA pair using active/standby.When I enable failover I get this message:
Mate's license (Licensed Cores ) is not compatible with my license (Licensed Cores ). Failover will be disabled.Do I need to apply new licenses to the ASA's?
Device licence details (same on both):Cisco Adaptive Security Appliance Software Version 8.2(1) [code] This platform has an ASA 5505 Security Plus license.
I have a pair of ASA 5520s operating in failover pair as active/standby, having two contexts on them. I am planning to share the load and make it active/active making first context active on the primary unit and second context active on the secondary unit. My question is if this will disrupt any connectivity thru these firewalls when I do "no failover" on the active/standby and assign the contexts to different failover groups and enable the failover back.
View 6 Replies View RelatedCisco ASA 5505
Cisco Adaptive Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)
I have and vpn tunnel between a pix network (192.168.200.0/24) and an asa network (192.168.100.0/24); it's been running fine for awhile now but this morning i've come in an i can not access anything on the pix network, (mail, file & web servers). Each attempt to access results in a SYN timeout.
6 Nov 30 2012 14:24:01 302014 192.168.200.9 192.168.100.115 Teardown TCP connection 6014 for outside:192.168.200.9/135 to inside:192.168.100.115/51240 duration 0:00:30 bytes 0 SYN Timeout
I will set up a Dhcp server on the inside interface of my pix. I would like to have the DHCP Server authenticate to the Active Directory Server that is located on the DMZ.
Inside --pix--dmz
Inside interface
Win 2008 DHCP
DMZ interface
Active Directory Server
What would be the issues that I could run in to when I try to authenticate this server from the inside interface to the dmz? I see that Dhcprelay option is available on the PIX 6.3 I'm guessing this is the only command that I need to use: dhcprelay enable dmz
I have a server (Windows Server 2003) that randomly looses connection with the default gateway and anything on the outside. When this happens, the server cant ping the gateway (A Juniper SSG5 firewall/router) and the gateway cant ping the server. But the server still can ping anything else on the network and everything inside the network works fine with it. The most reliable remedy is to reboot the router. Rebooting the server or resetting the network card sometimes works. I have tried both onboard network cards and a separate PCI network card on the server. There are no router log entries that correspond to the problem. This server is used as a Terminal Server for a remote office and as a file server.
View 1 Replies View RelatedWhat should i do on my Cisco ASA 5505 firewall to grant access to my network systems to access internet via gateway. I use ASDM to configure the firewall.
View 5 Replies View RelatedI have a 5505 between a vendor router & my company network, vendor is not able to access devices on internal network. I am also not able to access the firewall via asdm
View 10 Replies View RelatedI am using two firewalls to connect two different offices. Firewall 5510 is running ASDM 6.3 and 5505 is running ASDM 6.2, Problem is that even after connecting two sites, i am unable to ping remote network from either side. I am mentioned static route as tunneled.
View 1 Replies View RelatedWe have Cisco ASA 5505 with ASDM 5.2 We have one Proxy server in our Local Lab and pointed to Hosted service(Simple Signal)issue is, When our proxy server send register to hosted server, ASA change private IP and post with outside IP and src port as 1063 every time.
Here is debug log on real time monitoring.
Aug 24 2011 05:21:19 302015 203.xxx.xxx.226 192.168.1.51 Built outbound UDP connection 3774 for outside:203.xxx.xxx.226/5060 (203.xxx.xxx.226/5060) to inside:192.168.1.51/27014 (99.119.161.107/1142)
Aug 24 2011 05:21:19 607001 203.xxx.xxx.226 Pre- allocate SIP Via UDP secondary channel for inside:192.168.1.51/27014 to outside:203.xxx.xxx.226 from REGISTER message
Aug 24 2011 05:21:19 710005 203.xxx.xxx.226 99.xxx.xxx.107 UDP request discarded from 203.xxx.xxx.226/5060 to outside:99.xxx.xxx.107/1063
Here 99.xxx.xxx.107 is Our ASA Outside IP address 203.xxx.xxx.226 is Hosted server IP address. My ASA config is attached.
I am using ASA 5520 with 8.2.4 IOS. I'm new to ASA/Firewall. I need to do access webserver from outside network.From Laptop (192.168.2.51), If I connect to url... it should open page from 10.10.10.50.I also need to ssh to webserver from laptop. If I ssh to 192.168.2.50 from laptop, it should connect to 10. 10. 10.50. [code]I can't get to webserver from outside network, so now, I connected laptop to directly ASA 5520 outside port with crossover cable.ASA Inside port connects to L3 switch. Webserver also connects to L3 switch. But still doesn't work.
View 9 Replies View RelatedI am looking at deploying a pair of 5585X's in an active/active multiple context state. I am creating Mulitple contexts that need to be able to route to each other. I was going to deploy a type of Gateway context that has a shared interface to all of the other contexts, instead of sharing interfaces directly between the contexts, i beleive this will work as basically i am just cascadng the contexts and sharing interfaces.
The main problem i have come across, is that if i deploy active/active across two appliances using 2 failover groups i can not see a way to route between them, for example.
I have Context 1, Context 2 and Context GW A including the shared interfaces of Con1 and Con2 in failover group 1 on appliance A with the respective standbys on Appliance 2. I have Context 2, Context 4 and Context GW B including the shared interfaces of Con 3 and Con 4 in failover group 2 on appliance B with the respective standbys on Appliance 1.
I need to be able to route traffic between Context GW A and GW B so that the contexts can communicate in normal operation and in failover. I do not beleive that I can share an interface between contexts in two separate failover groups and to be honest without adding a L3 device between the appliances i am not sure if this is possible.
I have two ASA 5510s running in Active/Active mode. I need to make config changes on them. How do I go about it? Do I power off the secondary ASA and make the config changes on the primary and then power on the secondary ASA ? Or this another way to do this?
View 3 Replies View RelatedI have an ASA5520 in location A with an ISP connection and a matching ASA5520 in location B with a separate ISP connection. We have fiber connecting the two locations and vlans passing back and forth so I will be able to configure the failover via a vlan as well as extend the ISP's to each location via vlans. The Active/Active configuration with the multiple security contexts does not seem to be an issue but how is a redundant ISP configured in this mode?We want to have context A using the ASA in location A with ISP1 as the primary and failing over to ISP 2 in locaiton B We also want to have context B using the ASA in location B with ISP 2 as the primary and failing over to ISP1 in location A Would route tracking provide the desired result? Is there a better option?
View 1 Replies View RelatedWe have an Active/Active ASA 5520 setup, as i know in Active/Active setup there is no remote VPN access, So i could overcome this limitations?I have a solution but i dont know if it is ablecable or not? we have a spare ASA 5510, so i can use it behind Active/Active Firewalls and assign a public static NAT IP address to it and open all IPSEC and VPN ports and let the remote users to connect to it, is this ablecable setup or not?
View 1 Replies View RelatedI have 2 asa 5520 firewalls including and 1 AIP-SSM-10 module in each of them. the configuration is set using active/active failover and context mode.
Both of them run individualy the IPS module. The IPS is configured using inline mode and fail-open option. However when one of the module fails and the state is changing from up to init or anything else making the IPS to fail then failover is detected and ASA consider it as failover and bounce context to the other unit.
IPS soft is 6.0(4) and ASA soft is 8.0(3)
I have checked cisco doc and it is confusing to me. it says: "The AIP-SSM does not participate in stateful failover if stateful failover is configured on the ASA failover pair." but it really does participate. Running is not really an option because of production network impact matter..
its possible to set up active/active failover using etherchannel on 5585s?
View 1 Replies View RelatedWe have an Active/Active ASA 5520 setup, as i know in Active/Active setup there is no remote VPN access, So i could overcome this limitations?I have a solution but i dont know if it is ablecable or not? we have a spare ASA 5510, so i can use it behind Active/Active Firewalls and assign a public static NAT IP address to it and open all IPSEC and VPN ports and let the remote users to connect to it, is this ablecable setup or not?
View 1 Replies View RelatedHow to Configure ASA5520 for Active/Active
View 8 Replies View Related