Cisco Firewall :: 6513 - Unable To Remove Access List

Mar 22, 2012

I am unable to remove an access list. Currently this this access list contains 4 lines of remarks. I was unsure if I was entering the command correctly and now I have 4 lines of "trash" that needs to be removed.
 
Symptoms:
     The "sh run" command shows that I have access-list 100 defined.
     The "sh access-list" returns nothing.
  
Process I have tried:      config t
     no access-list 100
     no access-list remark Test (just trying anything at this point)
    clear configure access-list 100 (This returns "Invalid input detected at '^' marker" and the '^' is under the 'e' in clear.) 
 
So the "clear configure" command is not working.  The "no access-list" commands does not return an error but does not remove anything.
What step am I missing? Let me know if I can provide any more information.

View 2 Replies


ADVERTISEMENT

Cisco WAN :: 2811 Remove Access-list Applying To Inbound Traffic

Dec 25, 2012

I have been trying to figure out a NAT issue on my 2811 and the inspect engine.I have 'ip inspect FW out' on my outside interface. If I turn it off, I also have to remove the access-list applying to inbound traffic on that same interface. Why is that? This whole thing centered around SIP registrations from devices on my LAN to my provider. The provieder is showing that I am registering from a high end port (1024 or something crazy). He said that it sounds like some type of SIP ALG or something on my router. For the life of me, I can't figure out what would be causing it. I am just using a standard route-map that points to the outside interface using 'overload'.

View 6 Replies View Related

D-Link DIR-655 :: How To Remove Computer From List Of LAN Computers

Feb 5, 2012

192.168.0.1/Status/Device_Info.shtml, I have found LAN COMPUTERS that are not mine. How do I kick these away?Like this one: 192.168.0.169   Kajsas-iPhone   78:a3:e4:bf:48:ef

View 3 Replies View Related

Unable To Set Directory Access Control List

Apr 17, 2012

I am copying files form one server to another using Bightserv ARCserve Backup, now the files copy over however the access control list to the files isn't.Does anybody no away around this?

View 3 Replies View Related

Cisco WAN :: 1921 / 3560G - Unable To Access List And Ip Route

May 1, 2011

Have cisco router 1921 and 3 cisco switch 3560G i want to configure the cisco router so as network 192.168.4.0/26,192.168.3.0/26,192.168.2.0/26, all to access internet R1921(config)# ip nat inside source list 102 int G0/0 overloadR1921(config)# access-list 102 permit ip ?

I am right to do this below?

R1921(config)# ip route 192.168.4.0/26 10.10.10.2R1921(config)# ip route 192.168.3.0/26 10.10.10.2R1921(config)# ip route 192.168.2.0/26 10.10.10.2

assist on access-list and ip route?

View 20 Replies View Related

Cisco Firewall :: Cannot Access FWSM Via Session Command In 6513 (VSS Enabled)

Apr 24, 2012

Today i received FWSM from cisco (RMA), I need to configure it as standby unit for existing FWSM active/standby setup.
 
IOS on RMAed FWSM is 2.3.4 and  cisco VSS supports FWSM IOS 4.0.4 and later.My issue is, I cannot access FWSM (IOS 2.3.4) via session command from cisco 6513 but could successfully consoled it without any problem. I have reloaded it twice and also tried to disable and enable power on it.
 
VSS#sh module switch 2
 Switch Number:     2   Role:  Virtual Switch Standby
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
   2    6  Firewall Module                        WS-SVC-FWM-1  -----------

[code]....

why I cannot access FWSM through session command ?Whether this is because of older IOS ? If yes then how to upgrade its IOS ?Is it possible to upgrade IOS via FWSM console ? if yes, Do i need to test on different slot ? 

View 2 Replies View Related

Cisco Firewall :: Access-list On ASA5520

Feb 23, 2011

I have a question about access-lists on ASA: (5520 running 8.4)Often I want to permit all traffic from networks behind an interface (let's say DMZ in this example) to Internet, but NOT to internal networks. Then I  first configure a Deny from DMZ to all internal network and then a Permit to ANY. If I forget the first Deny I will allow all traffic also to my internal networks. Is it possible to configure an access-list that permit all traffic from a network to all networks that are reachable via a given interface? In this example: Permit all traffic from DMZ to all networks that are reachable via the Outside-interface? This should permit traffic to Internet and deny traffic to internal networks in one statement.If I specify the outside-interface as the destination only traffic to the interface itself will be allowed.

View 1 Replies View Related

Cisco Firewall :: PIX 501 With 1 Static IP / NAT / PAT With Access List

Aug 24, 2011

I am having a problem getting this to work and I have always done it with 2 Static ip address.  but now this company changed to 1 and I am doing something wrong.

I have comcast with 1 static IP, I have a local LAN with 6 host and 1 server that does Mail and remote access and web traffic.

I need a config that allows me to use 1 static ip on the outside interface of the PIX and allow with an ACL 7 ports open to the server and allow all the local host out to the internet.

View 11 Replies View Related

Cisco :: Router Outside Firewall / Access List On Interface?

Apr 2, 2013

I have a router in front of a few firewalls on an internet link. All traffic from the inside network must go through one of the firewalls to get out through the router and similarly there is a dmz on one of the firewalls.I am trying to make sure the router is fully hardened.Should I apply an access list on the outside interface of the router along with the access list for management access?

View 11 Replies View Related

Cisco Firewall :: ASA 8.6 Nat And Access List For Mail Server?

Oct 30, 2012

Trying to figure this all out. I'm getting untranslated hits. I posted the config I have so far.
 
Code...

View 7 Replies View Related

Cisco Firewall :: ASA 8.4 Access List Dynamic Interface?

Mar 11, 2013

This is a working example using static. But it doesn't work with the dynamic interface or I'm doing something wrong. Need to get rdp access to my laptop.
 
ASA Version 8.4(5)6
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names

[code]...

View 1 Replies View Related

Cisco WAN :: 2921 - CBAC Firewall Access List

Jul 1, 2011

I need to configure the access list on the outbound internet port to accept the following:
 
ip access list 10
access-list 10 permit PPTP vpn any xxx.xxx.xxx.xxx
access-list 10 permit RDP any xxx.xxx.xxx.xxx
access-list 10 permit FTP any xxx.xxx.xxx.xxx
access-list 10 permit Postgresql any xxx.xxx.xxx.xxx
access-list 10 permit MacARD any xxx.xxx.xxx.xxx
 
This method does not work on the Cisco 2921 router with FW

View 1 Replies View Related

Cisco Firewall :: ASA 9.1 Access-list / Real IP Addresses?

Feb 26, 2013

So in the past from 8.2 down I had one to one NATs like so
 
static (inside,outside) A.A.A.A B.B.B.B netmask 255.255.255.255
 
but for 9.1 im running now I need to do this
 
object network obj-B.B.B.B
host B.B.B.B
nat (inside,outside) static A.A.A.A
 
So if I make an ACL to permit outside public access to the public IP (A.A.A.A) in 9.1 do I use real B.B.B.B ip address or the object itself obj-B.B.B.B?

View 4 Replies View Related

Cisco Firewall :: 2950 Switch Access-list On Dmz

Mar 4, 2012

On firewall we have zone created for dmz and ip is 192.x.x.x and it is connected to 2950 switch(DMZ switch)  with vlan 25..We have L3 switch on this we have created vlan 25 and connected cable from L3 with 2950 switch with vlan 25
 
As we have the servers on L3 and wanted to bring on dmz zone  we have connected a cable.Now the problem is when i connect a pc on 2950 switch (directly on dmz switch) with access-list below we are not geeting any hist on it.

View 6 Replies View Related

Cisco Firewall :: 5510 Access List For Remote Vpn Users

Apr 5, 2011

How to designate access-list for the remote access vpn users in order to let them access specific subnet or host,asa 5510 and acs is in the picture

View 9 Replies View Related

Cisco Firewall :: Configure Extended Access List On AS5350XM?

Sep 14, 2011

I'm trying to configure an extended access list on one AS5350XM but I get one way hearing on a voice calls and I can't determine why (please see the attached diagram). There is an OSPF running on both gigabit interfaces and the Loopback address is also advertised (it is actually the voip IP address). The access list is applied on both interfaces in the inbound direction. There is another gateway with IP:4.4.4.4 (no firewalls here) and the routing between gateways is working properly.
 
Here is part of the access list (applied on AS5350):

.
.
permit ip host 4.4.4.4 host 3.3.3.3
.
.
 
When I review the log of the AS5350xm I see many errors like this one:

%SEC-6-IPACCESSLOGP: list example denied udp 3.3.3.3(16638) -> 4.4.4.4(18094), 1 packet
 
So how it is possible to see this error since the access list is in inbound direction and the IP address (4.4.4.4) is open. I don't have problems when I do telnet or ssh from 3.3.3.3 to 4.4.4.4.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 Vlans Routing & Access-list?

Jan 4, 2012

ASA 5505 vlans routing & access-list?

View 4 Replies View Related

Cisco Firewall :: ASA 5510 / ASA 8.3 Migration - Expanded Access List

Apr 24, 2011

I have just upgraded a ASA5510 from 8.2 to 8.3 using migration tool.All seemed to go well, still double checking the config as this is a bench test of upgrade prior to filed upgrades.
 
Anyway one thing that is slightly frustrating is that the migration has expanded all of my access-lists, so we maybe had 10 lines of config relating to access-lists based on access-groups, now we have hundreds of lines.On ASDM this is bad enough but on CLI with show run its a bit of a bind.
 
Is there any way to un-expand the access list or do I simply delete and start again using my access groups.

View 2 Replies View Related

Cisco Firewall :: 5540 - Extended Access-list Error Using FQDN

Nov 7, 2011

I'm trying to add an access-list rule to allow internal servers to connect an outside host on a asa 5540. The hostname translates to multiple ip's. Normally I just lookup the ip address or one of the ip's the hostname translates too and use that in the access-list as the host. For some reason the actual ip's, which are a few, are not always available so using a specific ip sometimes does not work, thus the reason I have to use the hostname instead of the ip. I have 2 hostnames. www.hostname.com and subdomain.hostname.com.
 
This is how I normally add these rules (the ip addresses are fictive): access-list internet_access extended permit tcp host 192.168.50.5 host 84.115.57.121 eq www log
 
When I try to add this using the hostname on our asa I get an error: access-list internet_access extended permit tcp host 192.168.50.5 host www.hostname.com  ?ERROR: % Unrecognized command
 
I've tried it without the 'www', so hostname.com but same error.

View 4 Replies View Related

Cisco Firewall :: 2801 - Access List Works Only If Word Log Presents?

Jun 27, 2011

I have very strange behaviour on my Cisco 2801 router when I applied access list on wan interface.
 
Architecture:
 
SIP Provider <----> Cisco 2801 <-----> CUCM 6
  
Problem:
 
We are using Cisco 2801 as Voice gateway for CUCM 6. so only one purpose of this router is just receiving calls on sip dial-peer and transfering to internal network.
 
If you look on access list below, if 'log' words don't present on these 2 lines, access list didn't work. Problem with it is that when I establish call from us or to us I can't hear incomming RPT stream, but other side can hear me. But when I type word 'log' there, everything stars working immediately.
 
Cisco 2801 IOS version:
Cisco IOS Software, 2801 Software (C2801-ADVENTERPRISEK9_IVS-M), Version 12.4(6)T9, RELEASE SOFTWARE (fc2)

[Code].....

View 5 Replies View Related

Cisco Firewall :: ASA 5510 ASDM Show Log On Access-list Empty

Mar 14, 2013

I created some acess-lists, and you can assign a logging level to this access-list. Now this ACL has a lot of hits, so i want to see whats happening. Only the log I then see is completely empty. I cannot figure out how to get some info in that log.
  
I think there is some global logging setting i probably need to enable in order to get anything logged at all, but i cannot figure out which.

View 4 Replies View Related

Cisco Firewall :: Access List Object Name Substitution ISR871 And ASA5520

May 10, 2011

I am troubleshooting a s2s vpn between an ISR871 and my ASA5520 and I suspect a problem with my crypto-maps.
 
Is there a way I can display an access-list on the ASA and have the object names substituted with their IP addresses?

View 5 Replies View Related

Cisco Firewall :: FWSM Version 3.2 - No Access-list Line X Doesn't Work

Dec 10, 2011

I am trying to remove a line in a particular access-list configured in a FWSM module using this command "no access-list <acl> line 19 x x x x" but it doesn't work. See below:
 
FWSM/xxx03(config)# no access-list ?
 configure mode commands/options:
  alert-interval  Specify the alert interval for generating syslog message
106001 which alerts that the system has reached a deny

[code]...
 
How can I remove a line from the access-list without clearing the entire access-list?

View 3 Replies View Related

Cisco Firewall :: 5505 - Construct An Access List For Outside Interface Using External Address?

Sep 10, 2012

I'm configuring a 5505 for a remote office.  Until they are assigned a static ip by the provider I will have to use the providers dhcp address. How do I construct an access list for the outside interface using the external address if I don't know it yet? is there a commnd that will insert the ip address in to the access list once one is assigned?

View 5 Replies View Related

Cisco Switching/Routing :: 3560 - No Access List On Switches And No Firewall Between Sites

Jul 15, 2012

I have 3 3560 switches which are configured with trunks between them. They run vlan 10, 11 & 12. I have a 'core' switch (switch 1) of these 3 to which an MPLS router is connected on vlan12. I in addition have another switch hanging off the 'core' switch via a routed link (switch 4). I have EIGRP configured as a stub and as such the IP address on the routed link at the core switch end is of a /24 from v lan 1 on the other switch. This makes the route directly connected and therefore distributed via EIGRP stubs. Switch 1 is then exchanging routes with the MPLS router (via EIGRP).
 
The problem I have is that from any sub net on any switch (switch 1, 2 or 3) I can ping 192.168.13.1 (switch 4). When I try and ping switch 4 from over the MPLS I am unable to. If I trace to the switch I see it reaches the outside of the MPLS router, but is then unresponsive. The same applies if I try to ping switch 1 on 192.168.13.2. Any of the other IP addresses of switch 1 respond.
 
The MPLS network is a managed solution to which I have no access. I'm told that the MPLS provider is able to ping switch 1 & switch 4 on the 192.168.13.x addresses from a remote router (192.168.32.2). I have tried from a switch on the same L2 sub net (192.168.32.1) and I don't get a response.
 
From switch 4 I am able to ping the switch on 1 of it's interfaces (192.168.19.1), but not the interface I mentioned above 192.168.32.1. There are no access lists in place on the switches and no firewalls between the sites.

View 22 Replies View Related

Cisco Firewall :: Access-List Traffic Control Attempting To Block RDP 3389

Nov 7, 2012

I have an ASA pair configured to replace a router that hosts a collection of IPSec Tunnels.  Tunnels appear to work.  I am lab'ing some additional controls that I would like to implement.  On the Production Router that i plan to replace with the ASA's the current Tunnels are all wide open (all traffic allowed to pass).  I was hoping to lock things down a little without having to reconfigure all of the Tunnels.  My though was that an ACL on the Inside Interface blocking selected traffic Out (so into the LAN) should not impact the stability of the Tunnels but allow me to restrict some traffic from entering the LAN.  One port that I was attempting to block is RDP 3389.  When this ACL is applied to the inside interface it does not block Port 3389 at all.  What am I missing?  Is it that the trffic is being allowed because it is coming through one of my 'open' Tunnels? 
 
Shouldn't IPSec Tunnel traffic be processed by the Inside Interface ACL just like all other traffic?
 
access-list 145 deny   tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 3389
access-list 145 deny   tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 135
access-list 145 deny   tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 137
access-list 145 deny   tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 138
access-list 145 deny   tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 139
access-list 145 deny   tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 445
access-list 145 deny   tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 389
access-list 145 permit ip any any
 
ip access-group 145 out interface Internal
 
This work great on a 2821 Router, but not so much on the ASA.

View 11 Replies View Related

Cisco Switching/Routing :: Unable To Console / Ssh To 6513

Aug 9, 2012

I have a 6513 with redundant sup 720-3B's that I cannot get onto.  In short, one of the power supplies failed, it still passes traffic but I can't console or ssh to the box.  Other than the two sup 720's, I have a 4 port 10gig card, a 16 port GBIC Card and an IDS module.  I have tried removing the 10Gig, IDS and one of the sup's but still don't get anything on the console.  I have rebooted the entire chassis and don't get anything on my console while booting.  I have tried changing the speed of my terminal to every setting available incase someone has changed it at some stage but to no avail. I have tried swapping sup's, using only one at a time in the chassis but not getting anything. Is there anything else I can try to get onto this chassis?  The power supply is a 3000w with a 32amp input.  The failed power supply had tripped a switch, when i brought it back up, the power supply came out but the output failed LED is on. My #questions are, is there anything else I can do to try get onto the console, and is the power supply goosed when the RED LED is lit?  I have reseated the power supply also but the same result.

View 2 Replies View Related

Cisco Switching/Routing :: 6513-E / 6513 And WS-X6748-GE-TX Compatibility

Oct 29, 2012

we have a chassis 6513-E and a module WS-X6748-GE-TX, I'd like to know if could I put this module in any slot, since the documentation from Cisco says that any slot from a chassis 6500-E Series can support this module. And then in the documentation of WS-X6748-GE-TX says that this module is not compatible in the slots 1-8 of the 6513 chassis, only from 9th to 13th slots, in those slots from the 6513-E we already have 4x WS-X6748-GE-TX, and we'd like to know if could we put the module in the rest of the slots. The 6513, and 6513-E is kind of confusing.

View 4 Replies View Related

Cisco WAN :: ASR1K 3.7.0 Unable To Remove Configuration

Sep 25, 2012

When doing some tests with an ASR1K running 3.7.0.S, I noticed that everytimes I reload the router, I got the following error when it loads the configuration: [code]

View 1 Replies View Related

Cisco Firewall :: 5505 Static Nat With Port Redirection 8.3 Access List Using Un-Nat Port

Aug 15, 2012

I am having difficulty following the logic of the port-translation. Here is the configuration on a 5505 with 8.3,So I would have thought the outside access-list should reference the 'mapped' port but even with 3398 open I cannot remote desktop to the host. If I open 3389 then I can connect successfully.

View 12 Replies View Related

Cisco Firewall :: ASA 5510 - Users Unable To Access Internet Through Firewall

Feb 26, 2013

I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
 
HQ-ASA-01# show  running-config
: Saved
:

[Code]......

View 9 Replies View Related

Cisco Firewall :: Users Behind ASA5505 Firewall Are Unable To Access Internet

Feb 24, 2011

I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.

When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.

The ASA5505 configuration is shown below.

hostname Firewall

interface Ethernet0/0
description Connected To Internet Router
switchport access vlan 10

[Code].....

View 2 Replies View Related

Cisco Firewall :: Moving IDSM-2 And FWSM From 7613 To 6513?

Feb 5, 2013

I need your opinion regarding moving of IDSM -2 and FWSM Module from 7613 to 6513 chassis.Currently these two modules are in 7613 and we are not using either of them now we have to configure them in 6513 chassis. As you can see from the figure that traffic of all 3 core router i.e 7613 go to 6513 - to proxy ISA 2004 - 6513 - to Internet.
 
There are also some network attached with 6513 and we want to move both of modules to 6513 so that NetworkA/B/C/D/E which are attached to 6513 can also be configured for FWSM and IDSM -2.
 
I have a query regarding this migration:Do we need license for these two modules again for 6513 chassis?

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved