Cisco Firewall :: 5510 Client Need Small Server With VPN

Feb 26, 2011

We have cisco 5510 and on our floor we have client who we provide internet connection.  One of our client has small server and 2 computers and they want setup vpn connection so they can access their server from outside.  We have only one static public ip for firewall and exchange.  We don't want provide another public static ip to the our client so they can setup the vpn.  Is their any other way to setup vpn for them? can they the use our 1 public ip for vpn?

View 11 Replies


ADVERTISEMENT

Cisco Firewall :: 5510 Vpn Client Groups Configured / DHCP Server Stops Giving Network Service

Feb 20, 2013

I have a asa 5510 vpn client groups configured and connected to the internal network DHCP server stops giving network service dhcp and the network goes down.

View 6 Replies View Related

Cisco Firewall :: ASA 5505 - How Name Resolution In Small LAN Can Be Done Without Local DNS Server

Mar 30, 2011

I like the ASA 5505 for SMB and Home Offices very much, but I'm missing sadly a DNS Server or at least the ability of the DHCP Server to use static addresses for certain MAC's. In SOHO's the ASA is the only thing always powerded on and often even a Server where a DNS Server could be installed is missing.So is there a chance to see such a feature (DNS Server and/or static DHCP) in the next SW Release? how name resolution in a small LAN can be done without a local DNS Server?

View 3 Replies View Related

Cisco Firewall :: ASA 5510 / Add A Mail Server In The LAN And A Webmail Using Port 3000 On The Server?

Jul 24, 2011

I'am using ASA 5510 and I try to understand how PAT is working.I want to add a Mail Server in the LAN and a webmail using port 3000 on the server. ( webmail must be reachable from the WAN)This is my Configuration :actually LAN users access internet using NAT with one global IP ( 194.x.x.69) which is the ASA WAN interface.

WAN ----- ISP Router ----------     FW     ---------- LAN -------- Mail Server + Webmail
|             (25) | (3000)
194.x.x.69    192.168.1.254                     192.168.1.6
 
I need to forward port 3000 and port 25 from outside to inside.For example, from the WAN : [URL] must be redirect toward 192.168.1.6:3000 . What is the Correct Configuration ? And what about the Inside/Outside Traffic,Is there any configuration to add ?

View 2 Replies View Related

Cisco VPN :: Microsoft VPN Client To ASA 5510 Firewall?

Aug 5, 2012

We just set up the AnyConnect SSL vpn on our ASA.  I am able to establish a connection fine using the Cisco AnyConnect client.  I would like to use the native Windows VPN client though if possible. What configuration changes on either the firewall or the client I would need to make for this to happen?

View 1 Replies View Related

Cisco Firewall :: ASA 5510 8.4 / VPN Traffic For Specific Client?

Mar 16, 2013

I have ASA 5510 8.4 Firewall where more than 20 Site to Site VPN Clients are configured on it. how to see the traffic for one Specific Site to Site VPN.Actually this site to site vpn is always keep dropping for every minute. I'm sure its a problem at the other end.The remaining 19 VPNS are UP and working without any problem. How to see the traffic for specific vlan.More over we dont have any syslog server in our network. Is their any chance we can check the traffic on the firewall?

View 6 Replies View Related

Time On Client Machines On A Small LAN

Jan 23, 2012

I have a 9 PC LAN running in my office, it's only a small business and I maintain it myself.Current setup is Windows Advanced Server 2003 setup as the Domain Controller with Active Directory, logging into that are up to eight Windows XP machines.What I am after doing is having all 8 XP clients take their time from the Server (regardless of the user that logs on) rather than running their own times, to ensure they all stay in sync.

View 2 Replies View Related

Cisco Firewall :: 5510 - AnyConnect Client Profiles Not Replicating To Standby ASA

Jan 18, 2012

We have 2 ASA 5510's running in a Active/Standby configuration.  It appears that most of the changes we make on the active unit are replicated to the standby unit.  However, there are 3 AnyConnect Client Profiles on the active unit and none of them show up on the standby, the standby has no AnyConnect Profiles.  We also have 1 OnConnect script on the active unit and it does not appear on the standby unit either.
 
I was under the assumption that all config items on the active unit would replicate to the standby.  Is this not correct?  Do I need to do something extra to get everything replicated?  Are there other items that do not replicate? 

View 3 Replies View Related

Cisco VPN :: 5510 / 5540 / 5550 / 5580 - Series Firewall L2L And Client VPN

Feb 17, 2011

I want to privatize the outside interfaces of my ASA firewalls however I need a public IP address bound to an Interface to support L2L and client VPN (using the Cisco client software). What I'd like to do is route to the firewall privatized outside interface and have a DMZ interface with a public IP address on it for VPN peering. Ideally this would allow me to build rules on the outside interface limiting communication to the DMZ interface to IPSEC only. Thus VPN tunnels would traverse the outside interface and terminate on the DMZ interface giving me granular control of the peers and protocols allowed to the each the DMZ interface.  

Platforms: ASA 5510, 5540, 5550, 5580 
Versions: 7.2(4)33, 8.2(2) 

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Anyconnect Client Can't Reach Inside Network

Jan 2, 2012

So, I've set up Anyconnect client access to an ASA-5510.
 
I've got a handful of interfaces, which contain hosts that should be accesible to anyconnect clients.  I'm unable to reach addresses on a specific network, due to what packet-tracer claims is an implicit deny, though I'm unsure where to apply an access-list in this case.
 
fw1# show nameif
Interface                Name                     Security
Ethernet0/0.205          SECURE                  90

[Code].....

View 7 Replies View Related

Cisco :: Two Asa Firewall Between Dhcp Client And Server?

Oct 19, 2012

Can I have two asa firewall between dhcp client and dhcp server. if yes what solution i have to have to get dhcp leases. should i have to configure dhcp relay on both the asa.

View 5 Replies View Related

Cisco Firewall :: ASA 5510 - FTPS Explicit Client Fails At Init TLS Stage

Feb 11, 2013

I have a problem when trying to access from a workstation on the internal network to an external FTP server using Explicit FTPS. After the server requires the client TLS Authentication the client inits TLS but the connection is closed by timeout.
 
I have disabled the FTP inspection on the firewall and I have opened some high ports from the Internet to the test workstation (ACL and NAT rules), but without results.
 
If I try to connect from a workstation to the FTP server using a direct Internet connection I can access the FTP server without problems, so I think the problem is in the ASA.

View 6 Replies View Related

Cisco Firewall :: 5510 Security Plus To Terminate Client VPN Access For External Support Team

Aug 7, 2012

I have a customer that wants to purchase an ASA 5510 security plus to terminate client VPN access for an external support team. The customer claims to want URL content filtering/proxy which leads me to suggest a CSC SSM 20 plus module. But upon further conversation, he mentioned wanting IPS. In this case, the customer does not seem to know the difference between the URL content filter/proxy and the IPS and uses both terms interchangably.
 
1. What would you suggest in your expert opinion would be the best module to get for this customer? IPS or CSC
 
2. If I go with the CSC module, where can I find good documentation on how to configure it and get it up to date?
 
3. does the CSC module provide any web proxy functionality?

View 3 Replies View Related

Cisco VPN :: ASA 5510 - Open A Small Office?

Feb 19, 2013

for your recmmendation, on what type of equipment should I use in a Small Office probably around 50-100 users.Feature sets that I would want are: VPN - 5 VPN Peers for L2L connectivity and 50 SSL VPN connections, Firewall, Active-Standby Fail-over.

I'm on a limited budget, ASA 5510 with Security Plus License can give me this but its a bit expensive.Is there something else that you guys can recommend. ISR maybe?

View 2 Replies View Related

Cisco Firewall :: ASA5505 - Microsoft SQL Server And Anyconnect Remote Client VPN

Oct 29, 2012

I ve configures an asa 5505 for remote vpn with anyconnect. it works just fíne - from remote i can ping the Clients and Server inside, i can do RDP or Connect via SSH to any machine, map some volumes local and so on but: I can not connect microsoft sql server. It uses port 1433 for the first connect and establishes then a dynamic connection. So i am a Newbie  - what rules or configs do i miss?   

View 3 Replies View Related

Cisco Firewall :: ASA 5510 - Accessing Web Server From Another One Within DMZ?

Nov 19, 2012

Is this possible and if so what commands do i need to configure on my ASA 5510 for it to work.I have two web server within my DMZ and i want to access the outside url of on on the web server from the other. Currently i can access the internet from both webserver server but not the url form either webservers.
 
E.g. config
 
webserver 1       https://xxxxxx.xxxxxxx.com ---> public ip---> dmz ip
webserver 2       https://xxxxxx.xxxxxxx.com ---> public ip---> dmz ip

View 2 Replies View Related

Cisco Firewall :: ASA 5510 - Cannot Access Web Server

Mar 23, 2013

I bought ASA 5510 about a week ago, very basic configuration and my priority was and still to get access list inbound the outside “Security Level 0 “so I can access my web server from the cloud but unfortunately I could not make it work (((TCP access denied by ACL from 92.40.X.X/52511 to outside:81.108.X.X/80))). ••à>> 92.40.X.X is a pc from the cloud that I used to access my web server and the 81.108.X.X is my public ip address My recent Conf is as follow:

Nat Section:
==================================================================================
Dynamic:
nat (inside,outside) source dynamic any interface <<<To have the PCs that inside the Network to have access to Internet>>>>

[Code].....

View 4 Replies View Related

Cisco Firewall :: DNS Server Group On ASA 5510

Apr 5, 2011

I can not have "dns server-group" on my asa 5510, could you tell me how to get this command in my ASA 5510.

View 3 Replies View Related

Small Computer Lab Server Set Up

Jan 7, 2013

How to create a small computer lab. I own a private tutoring class and i want to expand into computer programing. I am planning on purchasing about 10 computers to begin with. However, i want go create a small server so that each student has their own log in id# and all their files are only accessed when they log in. I just want to find out how i would be able to do this as ive seen this at public schools.

View 1 Replies View Related

New Router For Small Server?

Dec 8, 2012

My father has a small office at home with a server, used to store some files and software he uses and provide a stable network for the house. The network looks something like this:

-Our wall socket line runs to a modem we have from our ISP

-The modem then is connected to our server computer

-Which is in turn connected to a switch

-...where the computers and a router are connected to

This was set up by some computer company. Now for the question: we have used the router connected to the switch to connect wirelessly to the server to receive emails on our mobile phones (email runs via the server too). Also, my father syncs his Outlook diary on his phone this way. Apparently this doesn't work when connected to the modem, I guess because that signal hasn't been processed by the server yet. Now we are unable to connect to the router, presumably because it is quite old and ready for a replacement.

The question is: Can I just replace it with some random router and expect it to work? Or do I need a more specific router/more specific settings in the router to make this work again?

View 12 Replies View Related

Cisco Firewall :: ASA 5510 - Configuration For Authentication With ACS 5.X Server

Dec 30, 2012

when we are configuring ASA 5510 8.2(5) for Authenticating with ACS 5.X Server is not authentication fail error.

View 2 Replies View Related

Cisco Firewall :: ASA 5510 Server's NAT Address Not Changing

Nov 16, 2011

I added a new server and created a new static NAT assignment on the ASA 5510 to the server's IP.  When I browse to the web to check what public IP it's reporting, it shows the wrong IP.  I disabled the network interface on the server, ran "clear xslate", reenabled the network interface, ran "sho xlate" and while the correct translation was in the table, the server still reported the wrong IP address.I even ran a packet trace and it showed the IP address being correctly translated to the proper public IP, but when I browse to the web I get the same erroneous public IP. [code]

View 8 Replies View Related

Cisco Firewall :: ASA 5510 Server IAS First Authentication Failed

Jun 5, 2011

I have a little problem with my ASA 5510 version 8.2(1) with a IAS server RADIUS for strong authentication.
 
I have configured a double authentication for my client to access SSL portal:
 
First authentication: AD serverSecondary authentication: IAS for my token SAFENET ALADDIN The server IAS is declared on a W2K3 and it's standard.
 
The problem I have is that after more than 24hours of unutilization, when i try to log in, my authentication failed the first time and then the other tries work fine as long as I use it in a period of 24hours.
 
I first thought about the timeout so i tried to put a "timeout" of 15seconds for AD and IAS servers and a "retry intervall" of 3 seconds, it doesn't change much.
 
Is there a tool/option in the ASA to check connectivity with the radius every 1h for example.

View 4 Replies View Related

Cisco Firewall :: Backup ASA-5510 From A Server Via TFTP?

May 29, 2012

ow to backup Cisco ASA-5510 from a Linux server via TFTP?I do know how to backup a switch or a router. Basically creating an access list such as:
 
access-list 55 remark PERMIT hosts requesting TFTP access
access-list 55 permit host 172.16.0.27
 
and allowing access to
 
tftp-server nvram:startup-config 55
 
all this inside the router or the switch. From the Linux box just running a simple command such as:
 
tftp 172.16.0.3 -c get startup-config newbackup.conf
 
where 172.16.0.3 is the IP address of the switch and newbackup.conf is the name of the config file stored on the Linux machine.So, how do I do that with an ASA box? how to backup ASA from inside it.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Can't Access Server On Different Subnet

Sep 7, 2011

First off, let me preface this by saying that I'm a novice when it comes to firewalls and more specifically, the ASA.  I do however, have an above average understanding of switches/routers.
 
We have an ASA 5510 running 8.3 and recently I've decided to clean up the last admin's mess.  All hosts and servers are on the same subnet, multiple subnets on the same VLAN... and a slew of other problems.  Anyway, I recently placed the IT department on another subnet to test some things out before I migrated other departments to different networks.  Everything seems to be working as it should be with the exception of one of our servers.  The IT subnet is 192.168.150.0/24 and the problem server is on the 192.168.10.xxx network.  I'm guessing the issue lies somewhere in the fact this server does have a static NAT and is accessible from the public.  Let me give you an overview of what our network looks like:
 
ISP ---->ASA----->3750----->2960
 
My workstation is directly plugged into the 3750 switch, and the server is plugged into the 2960.  I'm able to ping this server by both IP and hostname.  However, I cannot access port 80 by IP or hostname.  The users that are on the 192.168.10 and 192.168.11 (sadly both of those are on the same VLAN) network are able to access this server without a problem.  Thinking logically, I thought I would send a packet from my workstation, it would head to the layer 3 switch's VLAN interface corresponding to my subnet, realize the .10 network is directly connected and then forward the packet straight to the server.  However, it doesn't seem to be working that way.  It look like it's being routed to the ASA then being dropped.  I guess there's an access rule or firewall rule preventing me from getting to the server.  Is there a specific part of my config you will need to see...

View 15 Replies View Related

Cisco Firewall :: ASA 5510 Email And Terminal Server Going Out

Mar 5, 2011

I am having two issues:
 
1. my email going out is working along with internal, but inbound email is not working. My barracuda email filter is 192.168.1.107 and my exchange 2007 is 192.168.1.222 along with this OWA does not work.
 
2. Terminal Services does not work when I try from the home pc in I get server not available or disconnected

Below is my congig

ASA Version 8.3(1)!hostname wsigatewaydomain-name wsystems.comenable password yVSkMxWRc/S396FB encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0 nameif outside security-level 0 ip address 64.XXX.XXX.XXX 255.XXX.XXX.XXXinterface Ethernet0/1 nameif inside security-level 100 ip address 192.168.1.1 255.255.0.0!interface Ethernet0/2 shutdown no nameif no security-level no ip address!interface Ethernet0/3 [Code]....

View 2 Replies View Related

Cisco Firewall :: 5510 8.3 (1) Static Nat For Web Servers And FTP Server As Well

Sep 13, 2011

I got the charge of a ASA 5510 running with 8.3(1) version.Found that this is simple config with Patting for inside host and couple of Static Nat for web servers and FTP server as well.
 
There is lots of other configuration being done,I assume for the purpose of just R&D by the previous administrator.I need to understand if the following Nat statements holding any relevance?
 
Where we are running Only  NETWORK_OBJ_192.168.0.0/23 subnet at inside and there is no other subnet defined in rest of the statements.i.e 10.0.0.0/27 and 192.168.1.128/27 doesn't exist at all.

View 1 Replies View Related

Cisco Firewall :: Teardown TCP Connections With Kaseya Server (ASA 5510)

Sep 12, 2011

normaly the agents has a persistent connection with the kaseya server (monitoring server),The connection  re-established afther the next check-in of the agent, instead of a persistent connection. Now we need to wait to the next check-in before we can connect to the agent. This is a big performance issue, the check-in time of the agents are 3 minutes.I see a lot of the following messages in de syslog:
 
6Sep 12 201120:27:48302013customer site527985721Built inbound TCP connection 5418112 for outside:(customer site)/52798 (customer site/52798) to inside:kaseya server/5721 (outsideIP/5721) 
6Sep 12 201120:29:09302014customer site527985721Teardown TCP connection 5418112 for outside:(customer site)/52798 to inside:kaseya server/5721 duration 0:01:21 bytes 45 TCP FINs 
  
I create a normal static nat rule from the kaseya server to a public ip address, and i define the protocols in de secutiry policy.ICMP has been allowed.cisco asa details:System image file is "disk0:/asa824-k8.bin" This platform has an ASA 5510 Security Plus license.It's look like a connection time-out between the agents and our cisco asa.

View 8 Replies View Related

Cisco Firewall :: ASA 5510 / SNMP Server To Receive Trap?

Apr 9, 2011

How to prepare my network for snmp,currently i don't have SNMP configured with community,so what is the requirement for that?what server i need to configure in order  to receive SNMP traps coz last time i had issue ,one of my tunnels (terminated on asa 5510) goes down for 2 hours and i didn't realized that

View 7 Replies View Related

Cisco Firewall :: Create Dhcp Server Pool On ASA 5510

Jul 16, 2012

I'd like to create dhcp server pool on ASA 5510. I was wondering how big is the DHCP scope that Cisco ASA 5510 can support? Are there any ASA models which can support up to subnet mask 22 for DHCP scope?

View 7 Replies View Related

Cisco Firewall :: ASA 5510 - Enable External Access To Server On DMZ

Apr 5, 2011

i'' ve one appliance ASA 5510, v8.X and asdm 6X here u have my configuration :
 
interface Ethernet0/0 description Link To WAN nameif outside security-level 0 ip address 212.96.23.186 255.255.255.252!interface Ethernet0/1 description Link to LAN(forefront) nameif inside security-level 100 ip address 10.20.80.1 255.255.255.252!interface Ethernet0/2 description Link to CoreSW (DMZ) nameif DMZ security-level 50 ip address 10.70.70.254 255.255.255.0
  
i have on server ssh (10.70.70.10) on my DMZ .
 
I wan to enable my external user, i mean outside user to be able to access to this server which is in my DMZ for this port ( ssh)

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Connect From Inside To Web Server On DMZ With Public IP

Sep 11, 2012

I hava ASA5510. INSIDE,DMZ and OUTSIDE interfaces are configured. I hava web server on DMZ ip:10.0.0.1 and it is static natted to 1.1.1.1. From internet i can reach to web server with IP:1.1.1.1 and from INSIDE connect to web server with IP:10.0.0.1. Now i want to connect from INSIDE to WEB server via public IP(1.1.1.1).how can configure it?

View 2 Replies View Related

Cisco Firewall :: ASA 5510 - Connecting To External IP Of Internal Server

Sep 25, 2012

I was just wondering if it's possible with an ASA 5510 to connect to the external IP address of an internal server from inside the network.  I have already set up dns doctoring for dns lookups, and everything is working fine there.  We have an application inside the network that tries to connect straight to the external Ip of another internal server.  where to look in the ASDM 6.4?

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved