Cisco Firewall :: ASA 5505 - Cannot Ping Local Traffic And Hosts
Jul 24, 2012
I have, what I believe to be, a simple issue - I must be missing something. Site to Site VPN with Cisco ASA's. VPN is up, and remote hosts can ping the inside int of ASA (10.51.253.209). There is a PC (10.51.253.210) plugged into e0/1.
I know the PC is configured correctly with Windows firewall tuned off. The PC cannot get to the ouside world, and the ASA cannot ping 10.51.253.210.
I have seen this before, and I deleted VLAN 1, recreated it, and I could ping the local host without issue. Basically, the VPN is up and running but PC 10.51.253.210 cannot get out
ASA Version 7.2(4)
!
hostname *****
domain-name *****
enable password N7FecZuSHJlVZC2P encrypted
[Code]...
View 2 Replies
ADVERTISEMENT
Aug 7, 2011
We are using several Cisco ASA 5505 with the 8.05 OS on it. The problem is that the SMTP traffic of my ISP(Telenet) isn't passtrough the ASA, I'm using outlook 2010. Before there was also a problem with our local exchange server but I solved this by disabling ESMTP checking in the policies, but it didn't worked for my local ISP.
View 4 Replies
View Related
Jun 24, 2012
configuring ASA 5505 to be able to ping remote host.Setup - We have a site-to-site (192.168.1.0/24 - 192.168.2.0/24) VPN setup with client VPN access (IP Pool, 172.16.50.0/24) on 192.168.1.0 ASA 5505.Issue - Not able to ping host on 192.168.2.0 from VPN client 172.16.50.0 but able to ping 192.168.1.0 host.
View 8 Replies
View Related
Jun 8, 2013
I am struggling to get successfull pings beween asa and inside hosts but couldn't succeed. Done packet tracer result is acl-drop
Here is the running config
Prem-ASA(config)# sh run
: Saved
:
[Code].....
View 7 Replies
View Related
Feb 9, 2013
I have configured the ASA in a very similar manner to how the PIX was set up but I'm having trouble with some hosts on the inside accessing the Internet. Any inside hosts which use DHCP work fine. Any inside hosts with a static IP (and configured on the ASA with a "static" rule) cannot access the Internet. For example, in the config below the server daviker-dialler cannot access the Internet. I've spent a few days working on this now and have started from scratch several times but I'm not getting anywhere. Apologies for all the X's everywhere, didn't like to post anything sensitive on the Internet.
View 2 Replies
View Related
Jun 22, 2011
I'm stuck at asa 5505 nat, port forwarding configuration Here is what i need:
host1: 192.168.1.1 service tcp/100 >>>>> public ip 1.1.1.1 service tcp/100
host2: 192.168.1.2 service tcp/200 >>>>> public ip 1.1.1.1 service tcp/200
host3: 192.168.1.3 service tcp/300 >>>>> public ip 1.1.1.1 service tcp/300
So people from remote just need to use 1.1.1.1 public ip to access all the ports on three different inside server.I can do this on my old ASA 5505 with 8.0(4). Looks like there're lots of change from 8.0 to 8.4.
View 7 Replies
View Related
Feb 14, 2012
At the end of the day I simply need to upgrade the license on my ASA 5505 v7.2.4 (upgrade will come later as part of a larger project) to allow for >10 Inside Hosts. From what I've read there seems to be a 50 license upgrade out there. Can this be purchased directly? From whom? Will it only affect the Inside Hosts number and not affect any other licenses, configurations, etc. Just being overly cautious since this is way outside of my normal realm. Below is the current activation-key information....
Result of the command: "show activation-key"
Serial Number: xxxxxxxxxxxxxx
Running Activation Key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 10
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 10
WebVPN Peers : 2
Dual ISPs : Disabled
VLAN Trunk Ports : 0
This platform has a Base license.
The flash activation key is the SAME as the running key.
View 2 Replies
View Related
Apr 7, 2013
I have a site to site vpn connection between ASA 5510 and PIX 515 which is working fine. There is no problem for hosts on any side of the tunnel to access a cross. However the local ip (192.168.20.1) on the client interface of my PIX is not allowed to access hosts on the other side of the tunnel. [code]
View 2 Replies
View Related
Jun 9, 2011
DNS resolution works and I can surf the web without fail. But if I try to ping any external hosts (I can ping inside interface of ASA fine) from the LAN I get timeouts. I can ping anything from the ASA without fail.
ASA Version 8.4(1)
!
hostname fw1-nat-ann
domain-name inmd.infoblox.com
enable password anWLNen9CTFp7B/X encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
View 1 Replies
View Related
Dec 6, 2012
I'm having an issue where internal hosts cannot access the internet but I am able to ping external hosts when I console into the router. The router is a 2800 series. [code]
View 3 Replies
View Related
Jun 11, 2012
We have configured ASA 5510. We have configure Ethernet 0/0 ( Outside ) connected with ADSL line and Ethernet 0/1 ( Inside ) Local LAN. we have configured NAT and all the traffic is passing through outside interface. Now we have connected ethernet 0/3 ( leasedline ) interface with static public IP. Now we want to allow SMTP traffic to pass through from this interface.
How to configure it if we want our local lan SMTP traffic sending through new leased line ( Static Public IP ).
View 2 Replies
View Related
Jun 10, 2012
I need configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.I have attempted to configure rdp access but it does not seem to be working for me. How to modify my current configuration to allow this? I need to allow the following IP addresses to have RDP access to my server: [code] The other server shows up as 99.89.69.334 but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. My configuration file and what are the commands i need in order to put this through. Also, if there are any bad/conflicting entries. Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course.Also the bolded lines are the modifications I made but that arent working. [code]
View 8 Replies
View Related
Mar 30, 2011
I like the ASA 5505 for SMB and Home Offices very much, but I'm missing sadly a DNS Server or at least the ability of the DHCP Server to use static addresses for certain MAC's. In SOHO's the ASA is the only thing always powerded on and often even a Server where a DNS Server could be installed is missing.So is there a chance to see such a feature (DNS Server and/or static DHCP) in the next SW Release? how name resolution in a small LAN can be done without a local DNS Server?
View 3 Replies
View Related
Dec 15, 2011
We've a Cisco ASA 5505 connected directly to Verizon FiOS Circuit (ONT) box using Ethernet cable. As per the existing documention that I have, the previous configured this as a dedicated router to establish a seperate VPN connection our software provider. They assigned both Public Static and Local Static IP address. When I try to ping the public IP address, it says request time out; so the public IP address is no longer working.
When I ping the local IP address of 192.168.100.11, it responds. The SolarWind tool also shows Always UP signal. How can I login into this router either from remotely or locally to check the configuration, backup and do the fimrware upgrade?
I also tried to connect my laptop directly to the ASA 5505 router LAN port. After 3 minutes, I'm able to connect to Internet without any issues. However I don't know the IP address to use to login.
View 3 Replies
View Related
Apr 11, 2011
I'm having trouble setting up local LAN (reach inside network when VPN connected) and Internet access (reach internet when VPN connected) for my VPN CLients when they are connected to my VPN, They can connect, no problem there, but I can't reach any resources when connected. My pings time out, both to my inside network and to public ip adresses, the only thing I'm able to ping is my ASA (172.16.30.1), and I don't se any routes under "Status/Statistics/Route Details" in my cisco VPN Client (when connected).
Here's my config
ASA Version 8.0(3) !hostname KardesASAdomain-name default.domain.invalidenable password XXXX encryptednames!interface Vlan1 nameif inside security-level 100 ip address 172.16.30.1 255.255.255.0 !interface Vlan10
[Code]....
View 14 Replies
View Related
Jun 13, 2011
I have a a firewall policy on a Cisco 2911 - the zone policy from OutZone>InZone basically drops everything apart from inspected traffic on the opposite direction and a few essential traffic generated externally (such as Outlook web access and E-mail exchanging). However, I seem to be getting a lot of firewall drops coming from the immediate gateway of the ADSL WAN address to the internal IP range on port 3. I get about 10 hits every 5 seconds.
Policy:
policy-map type inspect FWPol_Out-In
class type inspect CCP_PPTP
pass
class type inspect FCMAP_In-Email
pass
class type inspect FCMAP_In-OutlookWebAccess
inspect(code)
%FW-6-LOG_SUMMARY: 1 packet were dropped from IMMEDIATE WAN GATEWAY:0 => INTERNAL IP ADDRESS:3 (target:class)-(FWPair_Out-In:class-default), the immediate gateway would ping an internal IP address? Keepalive? Could this be stemming from another problem? The traffic wasn't generated internally as all InZone>OutZone is inspected.
View 1 Replies
View Related
Jul 13, 2011
I have recently bought two 1800 cisco routers and have tried to connect them over wan serial link, but I am having problems when trying to access resources on the other side. I am a newbie to cisco and I wonder if the problem is with the configuration or the new routers or the serial link between the sites. Below is the show-running config results I have done on both routers; I can ping the serial interfaces from both sides and remotely, but I can't ping hosts or FE from other side.
View 8 Replies
View Related
May 4, 2013
I have a Cisco ASA 5505 in my home office which has a few PCs behind it with a linux web server running some websites. I can access the websites from outside no problem (i.e. on my iPhone using a 3G connection). However, I struggle to access the websites from within the network. The ASA gives me this error: [code]
View 3 Replies
View Related
Sep 9, 2011
I just tried to configure my ASA but unable to ping. My setup is as follows:
Cable Modem (DHCP from IPS)---> ASA (192.168.1.1)--->Belking Router (192.168.5.1)--->Switch (192.168.5.14)--->
ASA Version 8.2(3)
!
hostname WoodHomeASA-1
[Code].....
View 30 Replies
View Related
May 24, 2012
i am trying to get my ASA 5505 with 2 internal VLANs (voice and data) and external internet VLAN to run in router as a stick, and route between VLANS.
I cant get it working though:
[code]...
View 4 Replies
View Related
Sep 7, 2011
We want to use an ASA as a pure routing device. Our network has several internal subnets (10.1.x.0/24), and we want to be able to reach them from outside and to allow access between them.
We have a defined a VLAN for each subnet range with the same security-level, added it to an Ethernet port and made the Ethernet that acts as outside as a trunk, and defined it as the global routing.
We cannot ping any of the subnet IPs defined in the ASA from outside nor we can ping it from the internal IP addresses.
Configuration:
: Saved
:
ASA Version 8.2(1)
[Code].....
View 3 Replies
View Related
Jun 17, 2012
I am trying to configure Nat on a clean ASA 5505, but can't get it to work. I ran the commands below. On the ASA I can ping the internet and inside vlan ip. On my laptop I can ping the ASA inside vlan ip, but I can't ping the outside vlan ip. From another network I can ping the ASA outside public ip. Is there an access-list that denies inside from accessing outside?
I am running version 8.4(3) and I erased the existing configuration.
ASA(config)# interface vlan 1
ASA(config-if)# ip address 10.0.0.1 255.255.255.0
ASA(config-if)# nameif inside
[Code].....
View 8 Replies
View Related
Sep 29, 2012
I have 2 ASA and would like to build a Side-to-Side VPN between these ASA. So I can learn something about configure a ASA for different thinks. But now I don`t can Ping from a Client to the Internet-Router.My Configuration is:
Client IP 192.168.1.100 <===> ASA Inside 192.168.1.1 /Outside 192.168.178.254 <===> Router 192.168.178.1
Is there something wrong at my config? or do I need inside private Adresses and at the Outside Global IP`s.
At the Router I have a Static Route that the 192.168.1.0 / 24 ist to find over Gateway 192.168.178.254
View 2 Replies
View Related
Aug 4, 2012
I have been tasked with replacing our company eSoft router with a Cisco ASA 5505 with the upgraded security license. I have been working on the configuration for a couple of weeks now, after reading hundreds of forum posts, watching youtube videos, and endless google searching, and despite my best efforts I am still having an issue I can’t figure out.
I have a couple of subnets, that when the ASA is connected, I cannot ping, nor can they get to the internet or our Exchange server. At this point I’m not sure if it’s an access rule issue, NAT issue, or DNS issue.
Here is the network layout:
ASA: 192.168.0.2 (Primary Gateway)
192.168.0.0 (Primary facility, ASA is the gateway)
192.168.2.0 (Second facility, connected via Verizon point-to-point)
192.168.3.0 (Third facility, connected via Verizon point-to-point)
[Code].....
View 7 Replies
View Related
Mar 19, 2013
I am trying to troubleshoot an ASA5505 connectivity issue. My initial tests are to ping the Internet router from the ASA This is failing and also a sh arp only shows internal addresses.
I have to go to site to check this out to confirm the following.
1: Should I be able to ping the Internet router from the ASA?
2: Do I need to permit any icmp to do this?
3: Should a sh arp show the address of the internet router?
I tried entering the command permit icmp any outside
However I got the error route already exists 0.0.0.0/0.0.0.0
View 2 Replies
View Related
Nov 14, 2011
I have a Cisco ASA 5505, the problem is I am not able to ping to outside natted interface (ip: 172.88.188.123 and 124 and 125) from inside network I have looked for ASA documentation through the internet and still got nothing.
the config are:
: Saved
:
ASA Version 8.2(1)
!
[Code].....
View 2 Replies
View Related
Mar 18, 2013
I've set up a simple lab network of two cisco routers 2611XM and to each router I've attached a computer (host). I have set up a dhcp ip addresses for each host. I've set up a correct routing as well on each router. There are 3 networks: 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 The first network between the first host and first router, second is between two routers and third is between the second router and second host. If I use first host (192.168.1.20) I can ping to any ip address (192.168.1.1 (router 1), 192.168.2.1 (router 1), 192.168.2.2 (router 2), 192.168.3.1 (router 2)) except the second host ip address which is 192.168.3.20. When I sit on the second host (192.168.3.20) i can ping to 192.168.1.1 (router 1), 192.168.2.1 (router 1), 192.168.2.2 (router 2), 192.168.3.1 (router 2) but i can't ping to the first host which is 192.168.1.20. I've even tried with attaching a switch to a router and assign it an ip address of 192.168.1.3 and the ping was echoing to it.
View 5 Replies
View Related
Mar 3, 2013
I ran into a very interesting problem that occurred today and I'm trying to figure out why it happened. If it was one ASA 5505 that just required the reboot, then I'd have just chalked it up to a glitch, but when we built a new AD/ DNS server on the main network at the main site and changed the 3 Remote site ASAs to point to the new DNS server in the DHCPD options, none of them could ping any local host names to the DNS server at the main site they were now pointing too, but external host names { URL} all translated and pinged fine.
From a laptop on one of the remote sites, we could ping the new AD/DNS server(192.168.0.3) and the old AD/DNS server(192.168.0.2) and everything else at the main site, and telnet to port 53 showed successful across the Easy VPN from the Remote site to the new server at the main site. When wire shark was added to the new DNS server at the main site, the DNS request and replies for {URL}, for example, came and worked fine, but any requests for local resources never made it to the server from the remote sites.
A reboot of one of the Remote Site ASA's corrected the issue. Then I rebooted the other two remote site ASAs, and now DNS was working fine for everybody. I had also tried clearing the ARP cache on the ASAs before resorting to rebooting them. I also tried rebooting the laptop thinking the local DNS cache needed cleared before resorting to rebooting the ASAs. I'm struggling to understand why external, public host names made it through and resolved from the remote sites to the new server at the main site, but anything local failed before even reaching the new server(The new DNS server could resolve requests made by computers at the main site, but the remote sites that traverse the Easy VPN from the ASAs failed). The new AD/DNS server is the only server configured for DNS for all remote site computers.
Is any of this making sense? I'm wondering if clearing the x late or local host tables would have corrected it without having to reboot. I'm just trying to grasp the understanding here and figure out what happened.
View 5 Replies
View Related
Dec 5, 2012
I am able to ftp from my Head Office to my test machine at the remote location but I can't get the other way around to work. Error message from the Syslog deny tcp src 192.168.50.5/1825 dst 208.124.202.44/21 by access-group "dmz_access_in".I try a couple of ways to fix it but no luck.A partial config of my ASA 5505. [code]
View 4 Replies
View Related
Jul 24, 2011
We have a BT Infinity broadband circuit which terminates at a vdsl modem, I've plugged an ASA 5505 into the back of this modem and gone through the ADSM quick setup wizard (yes I'm that much of a beginner!) The config that's been generated is pasted below, the symptomns I'm seeing are;
The ASA is setup with PPPOE on the internet connection, I assume this is correct as if I do a show IP on the ASA I'm getting an IP address that has been assigned, if I change the password to the wrong one then I get no IP (as expected).
If I ping from the ASA to an internet connection I'm getting "no route" error messages, if I try a "ping outside x.x.x.x" then I get no repsonses.
The ASA can ping it's external IP, the client machines can ping it's internal, however nothing appears to be able to get out.
ASA Version 8.4(1)
!
hostname xxxxxx
enable password xxxxxx encrypted
[Code].....
View 15 Replies
View Related
May 10, 2011
I have a new ASA 5505 and all is working fine, I can CLI and ASDM into it, but just can't ping the inside interface, do I need to enable a feature to make this work somehow?
View 1 Replies
View Related
Apr 5, 2013
I have setup 5505 ASA for Testing purposes. It has static route to layer 3 switch on outside interface that goes to the internet.
ciscoasa# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
[Code].....
View 20 Replies
View Related
Nov 4, 2011
I've configured a 5505 but internal clients can't ping external ip. To test I've connect a pc with the ip of the default router on the Outside int the ASA can ping the PC and the PC can ping the ASA, but internal clients can't ping the PC
PC config 195.12.23.241/28
Here's the ASA config, so far I've wiped the ASA and started with a blank sonfig and built it up but still not working.
ASA Version 8.2(5)
!
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
[Code] .....
View 2 Replies
View Related