Cisco Firewall :: 5505 - Setting Transparent Firewall Ip Address?
Dec 22, 2011
Trying to set up a asa 5505 in transparent firewall mode. I cannot set the management ip address:
Â
ciscoasa> enable
Password:
ciscoasa# config term
[Code].....
View 7 Replies
ADVERTISEMENT
Nov 28, 2011
I have an ASA 5505 in transparent mode. The device mac address table is always empty.
show mac-address-table and show mac-learn both come with empty response.
View 1 Replies
View Related
Apr 27, 2011
I'm integrating a Cisco ASA5505 with a Websense proxy. I have a configuration setup where we have four routers which are used for Internet access. There are two VLAN's - Guest and Private. What I would like to achieve is making the use of available bandwidth by load distribution via GLBP, and filtering users web traffic. Two routers will be used for a GLBP group in one VLAN, and the other two routers will be used for GLBP in another VLAN.The users are connected to a Cisco 2960 switch and are in their respective VLAN's. I'm planning a 802.1q trunk to a Cisco ASA from the 2960 switch, carrying both VLAN's.What I would like to know is if there is a CSC module (or similar) which has Websense installed on it, and if it is possible to setup the ASA5505 in transparent mode to filter the traffic in this way? Hopefully this would allow multiple users to take advantage of the additional bandwidth, and not be restricted by using a traditional proxy setup which where all web traffic would be originating from a single MAC address.
View 1 Replies
View Related
Sep 11, 2007
I want to configure an ASA 5505 in transparent mode (7.x). Somehow, I got it to work.. but i need some kind of step by step description. I just want to connect it with outside on a route .. inside in my LAN. Its working now with one ASA. But in the Web Interface the Interfaces inside and outside are down.. but its working.
View 5 Replies
View Related
Feb 20, 2013
Is it possible for an 5505 ASA to be in transparent mode such as ethernet0/0 outside, ethernet 0/1 inside, and use ethernet 0/2 for syslog only on a seperate network other than the one that 0/0 and 0/1 is using. The tranparent part being on a 192.168.168.X/24 and the syslog server being on say a 10.2.1.X/24 network?
View 1 Replies
View Related
Sep 15, 2012
I just have 1 question. I am going to be getting U Verse installed at my house and have been having a hard time finding this in the documentation. The modem I am going to be getting is the 3800HGV-B. Over on the ATT forum users are stating that the modem needs every MAC of every potential IP. I thought about using it's DMZ Plus mode but I am getting a block of 8 IP's and it doesn't seem to play nice unless it see's 5 different MAC's. Right now I have my 5505 in routed mode so I don't believe it passes the MAC of the client's through. Will the ASA pass the MAC of the client's through to the modem with the appropriate ACL's applied?
View 2 Replies
View Related
Dec 5, 2011
i need to configure a ASA 5505 in transparent mode.learned from Internet, my configuration is :
int e0/0 --- vlan 1---->nameif outside
int e0/4 --- vlan 2------> nameif inside
gloable ip is 172.17.104.10 255.255.255.0
 http server enable
http 172.17.104.0 255.255.255.0 inside
Â
when i connect the outside interface to one PC with ip addr 172.17.104.194 my PC connect to inside interface with ip 172.17.104.249 cannot ping each other even when i set rules as permit any any on both direction
View 2 Replies
View Related
Oct 23, 2011
I've setup my Cisco ASA 5505 in transparent mode. I have a Cisco 1841 connecting to the ISP (DHCP client) and F0/0 for inside. The 1841 is the DHCP server. I have my ASA 5505 behind the 1841 in transparent mode (Vlan 1 for Outside and Vlan 1 for inside). The router config is good as when you connect a computer straight to the inside interface I get DHCP and can go to internet, no problems what so ever. But When you're trying to go through ASA isn't not working. if I add a ip any any statement to the access list it will work but having an "ip any any" in a access list is like having no firewall at all.
ciscoasa(config)# sh run
: Saved
:
ASA Version 8.2(4)
!
firewall transparent
hostname ciscoasa
enable password zmQ6OnxvsOOEDNAy encrypted
[code]....
View 4 Replies
View Related
Apr 26, 2012
I have a need to manage the 5505 outside of the 2 interfaces however I see it documented that Management access is only via the data path interface. This won't work for me because there will be NO management access on the data network being bridged through the firewall. Is there any option outside of going to routed mode or moving to the 5510?
View 1 Replies
View Related
Dec 4, 2012
  asa 5505 do not pass traffic as a patch cord, how to make it pass traffic? [code]
View 2 Replies
View Related
Aug 23, 2011
setting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:
Network Address  Network Mask BTnet NTE Router LAN Address
     Â
There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.
View 21 Replies
View Related
Apr 26, 2011
I do have the below setup,,
Â
1. I have 6509 switch
Â
2. I have 2 WLC configured in Active/Active mode connected in Trunk mode (L2 Port-Channel) connected with 6509 switch
Â
3. On switch side i have configured the port as Trunk
Â
4. L3 SVI for wireless users are created in 6509 switch (attached the diagram).
Â
I would like to introduce a Cisco ASA 5520 firewall with AIp-SSM module so that all wirelees traffic can be inspected.
Â
The issue is: Without changing any configuration in the network (switch & WLC) is it possible to introduce the firewall?
View 2 Replies
View Related
May 5, 2013
I have an asa 5520. How would I configure my dedicated management interface to be able to route off subnet while the firewall is in transparent mode?
View 1 Replies
View Related
Dec 3, 2012
I would like to configure an ASA5512-X in firewall transparent mode, but I am having trouble getting ASDM to lauch when I do.
Â
I have created a BVI interface with an IP address, and I hve enabled the mangement interface, but ASDM does not lauch when I enter the IP adress of the BVI I created.
Â
Apprently you need to use the bridge-group command to assign an interfce to a bridge group. When I enter this command at the (config-if) prompt for Management 0/0, this command is not recognized.
Â
What are the general steps for configuring the management interface to be able to launch ASDM in transparent mode?
View 1 Replies
View Related
Mar 14, 2011
I am configuring an ASA5540 firewall for a client, only difference to usual being that it is to run in Transparent mode. I have looked through for an EAL4 transparent firewall config guide but found nothing and therefore assumed that the usual one would be used.The clients security bod has now come back and insisted MAC filtering should be used but I can find no reference of this anywhere. Does MAC filtering is required to make a transparent box EAL4 compliant and if so where I can find documentation supporting this?
View 1 Replies
View Related
May 14, 2012
I'm trying to install an ASA 5510 transparent firewall using ASA version 8.4(3)9 but I don't understand how traffic will ever pass through my firewall if both interfaces are on the same sub net(V lan) as the host and it's default gateway? The reason I'm doing this is were installing UAG (or Direct Access) and the UAG appliance need to have public IP's but still be behind a firewall (see attached diagram).
Â
Looking at the documentation (which all seems to be for 5505's running 8.2) it almost seems like i need to have the transparent firewall 'in-line' to the ISP router?, but this router services another IP address range on another v lan for other (routed) firewalls (not shown on diagram) so putting it 'in-line' is not possible. Surely this can't be the case can it? If not how is it supposed to be cabled up and configured so packets go through the firewall?
View 3 Replies
View Related
May 9, 2011
I am familiar with the PIX and ASA's. We have two Cisco 6509's with a FWSM installed in both. Our network is shown in the diagram. We use Blue Coat Packetshapers and Barracuda Proxy appliances. I plan on setting up HSRP on both 6509's for traffic coming from our ISP Cisco 2811's as well as use HSRP for our DMZ and internal network. I would like to setup the firewalls for statefull failover. We will be using PAT for our internal users and one-to-one static NAT for our DMZ.Â
Is it better to setup the firewall's as transparent or routed?
Â
Since the firewall is built into the switch, how do I insert the Barracuda proxies? I can configure them as transparent or routed proxies.
View 2 Replies
View Related
Nov 14, 2011
I am trying to set up a DMZ on my Cisco ASA 5505, so that the wireless clients are connected behind the DMZ, the LAN clients are connected behind the inside interface and both groups of clients can get to the Internet. I have been able to configure the ASA for both wireless and LAN, but the wireless clients still cannot get to the Internet. The LAN clients can get to the Internet. I do not want the wireless clients and the LAN clients to be able to be able to communicate with each other. What commands do I need to run in order to allow the wireless clients to access the Internet?Â
View 11 Replies
View Related
Sep 10, 2012
i have a ASA5510 in the office, that already configured 3 context, namely, admin, user, server.in the server context, the last running config was not saved, and there was a power trip last friday night. 1 of the sub interface was affected, and i need to recreate that interface.I am getting the below error, it only allow me to do changes those pre-defined interface.how to I create extra sub interface?
View 3 Replies
View Related
Mar 31, 2013
I have one firewall need to be configured in transparent mode. I have inside and outside router. What is the configuration of transparent firewall ASA8.2. I didn't find the configuration on Cisco site.
View 17 Replies
View Related
Nov 25, 2012
I am trying to set the PIX firewall to transparent mode.After I set it to transparent firewall, I allowed all icmp, tcp, udp traffics.Currently, any devices in the inside network can get the ip automatically from DHCP server in the outside network but cannot ping to any servers in the outside network either access the internet.Do I need additional confiration on the firewall?
Â
Here's the configuration:
Â
PIX Version 7.0(1)
firewall transparent
names
!
interface Ethernet0
[Code]....
View 1 Replies
View Related
Apr 10, 2013
We've in our company a Cisco Asa 5510 v8.4(3), Asdm 6.4(7) and a SSM-CSC-10-K9. The firewall is in transparent mode. I get an exchange 2003 SP2 server behind. When users trying to send mailing lists with many recipients (above 300), the Exchange server didn't send these mails. I'm pretty sure that this problem come from the ASA Firewall, because when I plug my server directly on my Internet Connection, the mailing list is sent. I've search on the web, and disable "ESMTP Inspection", but it didn't work. [code]
View 4 Replies
View Related
Jul 8, 2012
I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to 192.168.1.244:92 (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at 192.168.1.244:92. The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did.
View 7 Replies
View Related
Dec 9, 2012
I have a question regarding transparent firewalls using BVIs.Based from the diagram above, ASA1 is in Transparent mode.Port Gi0 is assigned BVI-1 and port Gi1 is assigned BVI-2. Is it possible for network 1 to communicate with network 2 ?The traffic will be passing through Firewall towards the router, The router will do the routing and then forward it back to the firewall then towards network 2?I am thinking of making port Gi2 of the firewall a trunk and use subinterfaces in order to forward BVI headers to the router.
View 6 Replies
View Related
Mar 15, 2012
We are trying to setup our ASA 5505 to do port forwarding to multiple internal servers and have run into some issues. A little background on what we are trying to do.
Â
We have 1 static external IP. Internally we have one exsisting server (10.1.1.184) that has port 80 forwarded to it and another exsisting server (10.1.1.185) that has port 443 forwarded to it. Both of these servers are serving seperate web apps to our employees who of course use them offsite. We have now added an additional server (10.1.1.186) that needs to use both ports 80 and 443. Is there any way to set it up so that these ports can be forwarded to all the servers that need them? Also, how would this work as far knowing what traffic will need to go to which server even though it is using the same port?
Â
The equipment is: ASA 5505ASA Version 7.2(4)ASDM Version 5.2(4)Â Â I appologize in advance if what I'm trying to do is difficult/impossible. I inherted the ASA 5505 at this location and I was not here when it was initially installed. In fact no one on staff was here when it was initially installed. I did manage to find the passwords to it though. I'm not at all familiar with the ASA 5505 or Cisco secuirty appliances in general.
View 19 Replies
View Related
May 16, 2013
I have an ASA 5505 with Security Bundle license.
Â
I am able to create 2 LAN networks (192.168.9.0 and 172.16.9.0) Vlan1 and Vlan12 respectively. I also setup 2 outside interfaces (outside1 and outside2).
Â
Network 1 (192.168.9.0 - VLAN1) has no issues going out via Outside1, however I can't get Network 2 (172.16.9.0 - VLAN 12) to go thru outside2.
Â
I put in a static route (route outside 172.16.9.0 255.255.255.0 x.x.x.x), the x.x.x.x is the default gateway of my ISP.                 Â
View 7 Replies
View Related
Mar 21, 2013
I am having a problem trying to figure out how to add a new ASA 5505 to an existing network. My current network is:Cable Modem > Linksys > 48 port switch With multiple hosts residing on the 192.168.0.x network.Now i know that the ASA comes default with 192.168.1.1 on the inside interface and i want to change that to 192.168.0.1. I have tried to do this thru ASDM using the wizard and manually. Once i hit ok for it to write the config, it gives me an error that it didnt take. I then lose connection to the ASA and have to hard boot it to get it back.I am trying to do this without my external connection connected and i have a laptop connected to the ASA on port 0/2 with an IP address of 192.168.1.75.Do i need to connect my internet connection to it first and then run the wizard? I was hoping to get it configured for my existing network before i plugged in the internet connection to limit my downtime.This ASA came with 6.4.1 ASDM and 8.2 OS installed. i was able to upgrade the ASDM to 7.X but when i go to update the OS to 9.1, i get an error that i am not registered to use cryptographic software.  Dont know where i need to register to get it?
View 4 Replies
View Related
May 1, 2011
I have an ASA 5505 that I was updating from frimware 8.04 to 8.41. Anyway, I went through the update procedure half-asleep and accidentally deleted the boot image right after I installed it (I used the CLI and put in the command del asa8*.bin then just hit enter a bunch of times, which of course means I deleted the old firmware too).
Â
So now whenever I power up the ASA, I get the "Could not find boot file" error. Is there a guide somewhere that tells me how can upload another boot image to the ASA and set the ASA to boot it from teh ROMMON prompt?
View 1 Replies
View Related
Mar 25, 2013
I have a test ASA 5505 at home. The DHCP IP address in my real home firewall is 192.168.1.x and as you are aware the default ip address in ASA is the same. how to configure the ASA.
In the link below there is an instruction, it seems it is working for everybody except me. I followed the instruction up and the only change was assigning the IP address, which I chose something other than 192.168.1.x But after the step of creating NAT, I do not have access to the internet. [URL] Also I followed the link below, but the revision of the ASDM in the instruction does not match with mine, so I was not lucky to figure the device.[URL]
1- How can I configure the ASA 5505 with an IP address different than 192.168.1.x (at home = no incoming static IP address = DHCP on subnet 192.168.1.x for the incoming internet) I have installed ASDM 6.3 on my laptop (From work) but when I connect to the ASA it wants to install ASDM 5.7.I tried to connect to the device through ASDM 6.3 and input the IP address 192.168.1.1It takes for ever and it does not connect to the device
2- How can I connect to the device by ASDM 6.3 or any ASDM with higher version than the original of the device?
View 17 Replies
View Related
Apr 27, 2011
if it is possible to block a website or ip address from an ASA 5505? if it is possible, can you give me an example of the commands to get it done?
View 2 Replies
View Related
Jul 8, 2012
Instead of using a IP address I would like to use a host address that points to a NTP pool.An example would be:ntp server 0.north-america.pool.ntp.org Can this be done on the ASA series?
View 1 Replies
View Related
Feb 27, 2011
I have a cisco asa 5505 and i need a public ip address on the inside of my network without NAT. for example: I can create a static nat translation rule, but this is not what i need.
Â
isp -> x.x.x.1 /29 (outside asa)Â (inside network) x.x.x.2 /29
Â
Is this possible?
View 1 Replies
View Related
Dec 27, 2011
I have Cisco ASA 5505 Firewall with security plus license, Currently I open ports on 25,80,443 on public IP address 1.1.1.1 and perform static nat between the inside and outside IP address Such as i configured via CLI
 Â
access-list OUT_IN extended permit tcp any host 1.1.1.1 eq 80
access-list OUT_IN extended permit tcp any host 1.1.1.1 eq 443
access-list OUT_IN extended permit tcp any host 1.1.1.1 eq 25
[Code]......
View 1 Replies
View Related