Cisco Firewall :: 5512X - IP Address Associated With Device Or Is It Interface Specific

Jan 21, 2013

I'm trying to get started on setting up my first Transparent ASA.I understand an ASA in Transparent Mode can now have an ip address with Bridge Groups or some such mechanism. I'm looking for examples of how to set that up and other information below. Is the ip address associated with the device or is it interface specific? Will I be able to SSH with that ip address setup? Can I use ASDM if the Transparent ASA has an ip address? This 5512X has an IPS. Any one who has setup an IPS on this platform knows it has some very particular requirments in order to communicate with the outside world. I need examples of how to do that with a Transparent ASA.How is NAT setup differently (if at all) on a Transparent ASA?Are ACLs done any differently?

View 3 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5512x Restrict Email Delivery To Ip Address Range

Feb 2, 2013

I was wondering how to tighten the security of my email delivery to a range of ip addresses (I know how on my old firewall but the cisco is quite a bit different).  Right now anyone sending email to a particular ip address on my firewall can do so.  I want to restrict that to two ip address ranges it will accept deliver from.  I'm thinking I need two network objects for the two ranges then add to a network object group.  Configuring the ACL for delivery using that group if I'm correct about that ?

View 4 Replies View Related

Cisco Firewall :: Force ASA 5520 Traffic Out Specific Interface

Jun 1, 2011

I'm trying to route all default traffic from my production environment through my ASA 5520 on the "outside2" interface.The 5520 has a site to site VPN to our DR site on the "outside/inside" interfaces via one ISP. On another ISP, interfaces "outside2/inside2" go to the internet.
When I make my 3750 stack default route for the inside2 interface IP I cannot get to the internet. When it is pointed to the inside interface on my 5505, I can.
 
I get the following errors when I try to open google.com from a production server:Why is the 5520 trying to use the "outside" interface instead of the "outside2" interface to go out?

View 6 Replies View Related

Cisco Routers :: RV082 - Route Specific Ip Address To Specific WAN Port

Oct 25, 2011

I use a router RV082 with load balancing. My problem is when I try to access a specific site, I get the error message that my IP address changes and I can not use 2 ip address. I want to specify an ip range to always use the same WAN port.

View 2 Replies View Related

How Does Firewall Block Or Filter Traffic On Specific Port Or IP Address

Nov 15, 2011

How does a firewall block or filter traffic on a specific port or IP address?

View 1 Replies View Related

Cisco Firewall :: Upgrading From PIX To ASA 5512X

Mar 12, 2013

We are in the middle of upgrading from two PIX's to some new ASA5512X's. To give you some background on the situation we are upgrading these since the PIXs are fairly old. We had one extra that we had to use since one PIX has failed already. The guy that implemented the PIXs orginally was learning how to do so as he went so there is alot of needless config in the PIX, atleast from what I can tell. Another guy that works with me has done some configuration on the new ASAs and has done the majority of it so far. Today we went to install the new ASAs and switch everything over hoping it would work, but that didn't happen. It seems that there is something wrong with our NAT and ACLs somewhere along the lines. The way our network is laid out is that we have two school campus with a site-to-site VPN one is 172.17.0.0/16 and the other is 172.18.0.0/16. We also have a remote-access VPN on both ASA's. When we connected the new ASAs up and brought up the interfaces, nothing on the inside could ping the internet nor the other side. The VPN showed active on the ASA's and each ASA could ping the others outside interface, but that was it. I have posted the configs below.
 
ASA1:
 
: Saved
: Written by enable_15 at 04:26:18.240 CDT Tue Mar 12 2013
!
ASA Version 8.6(1)2

[Code].....

View 5 Replies View Related

Cisco Firewall :: ASA 5512x No Internet Connectivity

Jul 8, 2012

I am updating my 8.2(3) code for my new ASA5512 that is running 8.6(1) and am unable to get on the internet with my current configuration from the inside interface.

Information:

Outside: ***.***.33.11
Gateway: ***.***.32.9
Inside: 192.168.215.0 /24
dhcp 215.100 - 150

[Code] .....

View 6 Replies View Related

Cisco Firewall :: 5512X IPS In Transparent Mode

Dec 19, 2012

I need to know if the 5512X IPS will work if the ASA is in transparent mode and/or any limitations.

View 5 Replies View Related

Cisco Firewall :: ASA 5512x Hardware Reset?

Aug 5, 2012

Trying to setup a new ASA 5512 and like a ******* I've somehow locked myself out.
 
how to do a hardware reset?

View 5 Replies View Related

Cisco Firewall :: ASA CX Module Is Now Compatible With 5512x - 5555x

Jan 6, 2013

i found this part number for asa5512x product "ASA5512-SSD120-K9" it's a New Product Hold and under group "Cisco ASA CX Context-Aware Security" Who have know more information about this? Cisco ASA CX Context-Aware Security ASA5512-SSD120-K9 ASA 5512-X with SW, 6GE Data, 1GE Mgmt, AC,3DES/AES,SSD 120G

View 3 Replies View Related

Cisco Firewall :: 5512x - Static Translation From DMZ To Inside On ASA 8.6

Dec 20, 2012

Recently upgraded to an Asa 5512x from a pix 515e. I have an Ipswitch secure MoveIT server on the dmz1 interface that needs to be accessed from both the inside and outside interfaces. I have setup a static nat from the outside to the dmz1 and it works, I can also connect from the inside interface. Now I need the MoveIT server to access the DNS server and email server on the inside interface so it can send notifications. On the pix I just created a static from the inside to the dmz1 using its own IP address - static (inside,dmz1) 192.168.1.7 192.168.1.7 net mask 255.255.255.255. I would then add the access-list to allow. How would I set this up with the Asa 8.6 commands?

View 5 Replies View Related

Cisco Firewall :: 5512x Any Kind Of SSD Drive Compatible With ASA-CX Firewalls

Apr 28, 2013

I have ASA 5512X and I'm trying to run CX features on it. but the problem is I don't have SSD drive in the chassis. how can I get one? is any kind of SSD drive compatible with cisco ASA-CX firewalls or i should order it from cisco only? what is the part number for that model?

View 3 Replies View Related

Cisco Firewall :: 5512X Any Extra License Or Part Number To Get IPS Features

Apr 30, 2012

url...For the New Firewalls i.e. 5512X , 5515X etc there seems to be integrated IPS and we don't need to order any extra license or part number to get the IPS features .
 
But for the 5585X It says 2Gbps for SSP10 engine but I have seen in the Dynamic Configuration Tool that SSP10 and IPS-SSP10 are different things . Which means that I will have to order 2 service engines SSP10 and IPS SSP10 to get the IPS features and if I only order SSP10 with that Chasis I will only get firewalling  ?

View 3 Replies View Related

Cisco Firewall :: ASA5510 - Block IP Address From Outside Interface

Jun 23, 2011

Recently, I've been having significant problems with denial of service on our ASA-5510. Two IP addresses in particular attack my ASA regularly. What kind of rule do I need to create to deny these IP's access to my firewall?

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Two Separate Address Pools On Same Interface?

Dec 25, 2012

We have an ASA 5510 and we also have two separate address pools which have been provided by our ISP.  The addresses are not contiguous.  Is there a way to configure an interface on the ASA to handle both sets of public address pools?  If the outside interface is set up on eth0/0 would I create two subinterfaces (eth0/0.1, eth0/0.2) and assign each subinterface an address pool?  Then just NAT/PAT to my heart's content?   At that point I would want both to route to our inside network.  So it's basically two inbound sets of IP addresses comming into one interface and then comming into the network...  Right now the outside interface is configured with our first set of IP addresses.  We wanted additional addresses and when we called our ISP they told us we already had them - just a different pool.  Hence the question.  I'm guessing that I wouldn't put anything specific on the outside interface and I would put the specifics on the subinterfaces?

View 4 Replies View Related

Cisco Firewall :: ASA 8.3(2) / PAT Interface Address With Static NAT Port Translation?

Aug 22, 2011

I have an 8.3(2) ASA with a single outside IP.  Dynamic PAT translates inside addresses to the outside interface address.  I would like to use static NAT with port translation to access an inside syslog server.  I got an error when I tried using the outside interface address.  Can I use both dynamic PAT and Port Translation with the same outside address?This is what I would like to use but I receive an error saying there is an overlap using the outside interface address.(192.168.1.0 is my inside network.  10.10.1.10 is the outside interface IP.)
 
object network inside-net
  subnet 192.168.1.0 255.255.255.0
  nat (inside, outside) dynamic interface
 object network SYSLOG_SERVER
  host 192.168.1.50
  nat (inside,outside) static 10.10.1.10 service tcp ssh ssh

View 6 Replies View Related

Cisco Firewall :: ASA5510 - Change Public IP Address On Outside Interface?

Mar 10, 2011

we have two Cisco ASA 5510 in failover configuration.We tried to change the public IP address on the Outside interface of the primary device but it didn't works. The new IP is not reachable from Internet nor pingable from device on the same LAN.The new IP address is in the same subnet of the old IP.

From the switch on which the ASA is connected and from another Cisco PIX we can see the ARP entry. In the analysis, on the old public IP address there was a VPN site-to-site and Webvpn defined.We tried also to shut/no shut the interface and reboot the device.

View 1 Replies View Related

Cisco Firewall :: 5510 - Duplicate IP Address With ASA Inside Interface

Apr 5, 2012

We've had issues with our Exchange 2010 server (running on ESXi 4.1) since its default gateway was changed to our new ASA 5510.  They manifested as frequent Outlook client connection dropouts or as IP address conflicts whenever Exchange was rebooted.  The temporary fix was to disable the Exchange server NIC, bounce the ASA and enable the server's NIC again.  We saw poor performance from Exchange after a while again, but after some research and testing I realised that disabling proxyarp on the inside interface fixed the problem permanently.
 
However I've now realised that the client VPN no longer routes properly because proxyarp is disabled on the inside interface, so I still have a problem.

View 10 Replies View Related

Cisco WAN :: IOS 12.4 Router / Can Only Allow An IP Address On A Specific MAC Address

Apr 26, 2011

On my cisco IOS 12.4 router,Can i make it so only lets say mac address 11:22:33:44:55:66 able to use ip address 10.10.10.2?I want this so that only this IP can configure servers, and so if the computer using it is turned off, any other device cannot use the IP address.

View 6 Replies View Related

Cisco Firewall :: ASA5580 One Inside Source Address Static Nat To Two Outside Interface

May 10, 2012

customer has a server which located in inside interace.    and an outside interface connected to ISPA.    cu config a static nat map inside server address to ISPA address, one day customer install a new outside interface to ISPB, cu config new static nat ,map same server inside server address to ISPB address. the server will allways be vistited from outside interface and reply, custome want traffic coming from ISPA will return to ISPA, traffic coming from ISPB will return to ISPB. but i found it is difficult implement this on ASA5580. i want use route-map on static nat, but it will not satisfy customer's request.

View 3 Replies View Related

Cisco Firewall :: ASA5580 / One Inside Source Address Static Nat To Two Outside Interface?

Jul 13, 2011

i have a problem  customer has a server which located in inside interace.  and an outside interface connected to ISPA.  cu config a static nat map inside server address to ISPA address one day customer install a new outside interface to ISPB, cu config new static nat ,map same server inside server address to ISPB address.    the server will allways be vistited from outside interface and reply, custome want traffic coming from ISPA will return to ISPA, traffic coming from ISPB will return to ISPB. but i found it is difficult implement this on ASA5580.  i want use route-map on static nat, but it will not satisfy customer's request.

View 6 Replies View Related

Cisco Firewall :: 5505 - Show Current IP Address Of Interface (dhcp)

May 8, 2012

Is there any way of showing the currently assigned ip address for an interface configured to use DHCP on an ASA 5505?

View 2 Replies View Related

Cisco Firewall :: 5505 - Construct An Access List For Outside Interface Using External Address?

Sep 10, 2012

I'm configuring a 5505 for a remote office.  Until they are assigned a static ip by the provider I will have to use the providers dhcp address. How do I construct an access list for the outside interface using the external address if I don't know it yet? is there a commnd that will insert the ip address in to the access list once one is assigned?

View 5 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 / Authenticating Device Admin Users Against AD Specific Groups

Jan 28, 2013

I am using ACS 5.3 What I am about is setting user authentication against existence of the user in specific AD group, not just being a member in any AD. What is happening now, users get authenticated as long as they exists in the AD, luckily they fail on authorization, as it is bound to specific AD group.
 
how can I bind the authentication aginst specific group in AD, not just using AD1 as the identity source.

View 1 Replies View Related

Routing Of Specific Traffic To Certain Interface?

Jul 7, 2011

I have two ethernet adaptors on my windows machine. OS is Win-XP.I am running ADSL broadband on LAN1 and on LAN2 I am accessing applications on our company's WAN. LAN1 is on 192.168.1.0/24 subnet and LAN2 is on 10.68.104.0/22 subnet.Accessing application through LAN2 involves DNS that is located distantly, therefore routers are also in picture.Problem is that while accessing the application that run on the network of LAN2, I have to disable LAN1. Otherwise the traffic goes on LAN1.

View 2 Replies View Related

Linksys Wireless Router :: E3000 Possible To Limit Access For Specific Device (PC) To LAN Only

Dec 31, 2012

Within the Internet Access Policy section of the browser based utility, is it possible to limit access for a specific device (PC) to LAN only (not allow any traffic to external internet)?  I see that you can block internet access for a specific machine, however I didn't know if this was inclusive of LAN as well.If not, is there another way to achieve this via the E3000 or should I be looking for a solution on the specific PC itself? 

View 4 Replies View Related

Cisco WAN :: 1841 To Block Access To A Specific Interface

Feb 11, 2013

I have an 1841 between my firewall and the ISP.  Three interfaces - multilink to ISP, FA to my firewall, and FA to my inside network.  I use the inside interface for configs aand snmp access, etc.   Only my ISP-assigned fixed address block will get routed to the multilink by the ISP but I am nervous about the inside interface sitting on my LAN.   I know I can remove it, but if I keep it there, how can I set up an ACL so that all traffic from the multilink interface is denied to the inside interface?  I suppose another way to think about it that the inbound iface can only accept traffic from its own outside, not from the router.I think this is fairly simple but I don't want to knock down the traffic if I get it wrong.

View 8 Replies View Related

Cisco VPN :: ASA 5510 - Configure Remote Access VPNs To Use Specific Interface

Aug 12, 2012

I am adding a second external connection to an existing system on an ASA 5510 with ASA V8.2 and ASDM 6.4. I added the new WAN using an other interface (newwan).
 
The intention is to route most internet traffic over the new route/interface (newwan) but keep our existing VPNs using the former interface (outside).

I used the ASDM GUI to make the changes and most of it works.ie. The default route goes via (newwan). Outgoing VPNs of a site to site nature use the previous route via (outside) as they now have static routes to achieve this.
 
The only problem is that incomming Remote Access Anyconnect VPNs are not working. I set the default static route to use the new interface (newwan) and the default tunneled route to be via (outside) but this is the point is goes wrong....
 
I can no longer ping the outside IP address from an external location. It seems the outside interface does not send traffic back to the - outside interface (or at least that's where I think the problem lies). How do I force replies to the incomming VPN remote traffic from unknown IPs to go back out on the outside interface?
 
The only change I need to make to get everything working on the outside interface again is to make the Default Static route use the outside interface. Which puts all the internet traffic back on the original (outside) connection.

View 6 Replies View Related

Cisco Switches :: SG300-10 MAC ACL - How To Allow Specific Mac Address

Apr 24, 2011

What i am trying to achive is allow only specific mac addresses on switch and deny all others by using MAC ACE. What should i do? First deny any any and then permit or ?

View 1 Replies View Related

Cisco :: LMS 4.2 / Discovery Based On Specific IP Address?

Nov 27, 2012

1)is there any methods to let LMS 4.2 discover Cisco devices based on specific ip like Loopback address ? coz in my Cisco devices i have more than ip address configured?

View 4 Replies View Related

Cisco Routers :: Rv082 - NAT Only For Specific IP Address Or Range

Mar 26, 2013

Any solution for NAT only for a specific ip address or a range of ip addresses from the same  subnet?
 
I've read that the router in gateway mode automatically makes the translation and in router mode does not.  Starting from this, is there any way to nat from firewall access rules only.

View 5 Replies View Related

Cisco Routers :: Allow PING On RV042 From WAN Side Only From Specific IP Address?

Nov 27, 2012

I would like to allow PING on RV042 from WAN side only from specific IP address, but when I set the rule, RV042 does not respond on WAN side, because Block WAN Request is Enabled.BUT! When I disable "Block WAN Requests", now any IP can ping my router from WAN side. Although I set access rule to Deny Ping from WAN side to anyone, it still responds.

View 1 Replies View Related

Cisco WAN :: 3825 Way Of Defining A Specific Bandwidth Limit Per IP Address

Aug 21, 2011

We will shortly be installing a Cisco 3825 router, to be connected to the BTNet service, over fibre.We will be binding many public IP addresses to the router.
 
Is there a way of defining a specific bandwidth limit per IP address, or range?

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved