Cisco Firewall :: ASA 5505 Configuration For Home Network

Sep 4, 2012

I've been trying to configure a cisco ASA 5505 for my home network but I'm not having much joy with it. I've looked at countless guides, tutorials and followed the ASA setup wizard in ASDM. The Cisco 1841 is running sub-interfaces for my VLAN's.

View 4 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5505 Configuration Cannot Get To Internal Network

Jan 25, 2012

I now need to configure an ASA 5505 for a small server farm.  It's fairly straightforward:isp -> asa5505 -> internal servers,'m using static addresses -- no DHCP involved.VPN works;  I can get into the internal network.pinging from the ASA to an external address works,However, I cannot get from a laptop connected to an internal port out to the internet, either using ping or typing an address in the browser.

View 7 Replies View Related

Cisco Firewall :: ASA 5505 Transparent Firewall Configuration?

Sep 11, 2007

I want to configure an ASA 5505 in transparent mode (7.x). Somehow, I got it to work.. but i need some kind of step by step description. I just want to connect it with outside on a route .. inside in my LAN. Its working now with one ASA. But in the Web Interface the Interfaces inside and outside are down.. but its working.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 - SIP Configuration Without NAT

Oct 15, 2012

I am new to using the ASA 5505 appliance.  I have successfully configured it so far, but the one piece that eludes me and I can't find an example of configuring SIP with internal (DMZ security level 50)) VoIP phones to an external call manager (external, security level 0) without using NAT.  I have an internal V LAN to an internal B2 router (and management) on eth0/7, an external V LAN (/30 to an external B1 border router) and five different DMZ V LAN on ports eth0/1-eth0/5.
 
On the external router, the internal interface going to ASA5505 are separate sub-interfaces for each V LAN in the DMZ and one /30 V LAN to connect between the router and ASA.  I am using vrf forwarding on the DMZ sub interfaces with IPSEC/GRE tunnels to keep the routing tables separate.  I cannot have the different DMZ V LAN's communicate with each other (that's why I am using vrf).
 
Everything works, all my tunnels are up, I  can ping to the external sites from the DMZ V LAN's and pass data, but I am stymied by setting up VoIP.  When I used the wizard (big mistake) it setup up all sorts of certificates and NAT (since I really didn't know what I was doing at this point).
 
Any hints on configuring VoIP from phones in the DMZ V LAN's to an external call manager?
 
I would include the current config, but I have to hand transcribe it since we don't allow usb connectivity.  I might be able to provide it a little later.  i am using ASDM 6.4 and ASA IOS 8..4

View 7 Replies View Related

Cisco Firewall :: ASA 5505 - Set Up DSL Configuration?

Nov 11, 2012

I am setting up an ASA 5505 for a customer. I am not sure how to config the firewall when it is connected to a dsl modem. I tried to do a ordinary config just like the ones thats connected to a ordinary router.
 
The topology is:

[code]...

View 2 Replies View Related

Cisco Firewall :: ASA 5505 DMZ Configuration

Jan 9, 2012

I am attempting to configure an ASA 5505 which is connected to 3 networks for access to an inside email server.  Don't pay attention to the names on this config as they are not intuitive.
 
The 3 vlans are:
vlan 1 which has an IP of 192.168.x.1 - Connected to inside (which is really the dmz)
nameif inside
e0/1 is assigned to this

[Code].....

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Backup ISP Configuration

Jun 13, 2011

I'm having problems configuring an asa 8.2(1) with a backup isp.  I followed the asdm instructions in this document: [URL]
 
I have my backup interface configured as DHCP and the static routes set. Pinging the gateway and other external IP address from the backup interfaces works normally. I have also tried configuring the backup interface as a static address but got the same results.
 
When removing the primary wan link, all traffic stops. When I ping a external DNS, I get these errors in the log: portmap translation creation failed for udp src inside: 192.168.13.23 dst backup:208.67.222.222_type 8, code0)
 
I though this type of error is related to a NAT problem, not sure where to look though.

View 4 Replies View Related

Cisco Firewall :: QoS Policing Configuration On An ASA 5505?

Jun 10, 2013

I'm working on QoS policing configuration on an ASA 5505.The ASA is situated behind a cable modem which provides an SLA of 3.2Mbps out.I've configured a QOS policy to place VoIP and other essential traffic (RDP/Citrix/PCoIP) into a priority queue, whilst policing default class to 3.2Mbps to police out to the cable modem.I can see on the outside interface graphs that this is rating the output traffic down to 3.2Mbps as expected, but noticing at certain points of high output traffic drops down to 1.6Mbps.  I can't see anything obvious in syslog or any other areas to look, so looking for any pointers as to why the speed is suddenly dropping down.  Likewise if I rate the output to 2Mbps, it will suddenly drop down to 1Mbps at high output rates.the ASA is running on 8.0(5) and I enclose a copy of the sample QoS config below and attached a sanitized run config, as well as screenshot taken of the outside interface Bit Rates plus service-policy.
 
access-list VoIP-Traffic-OUT extended permit tcp 172.16.6.0 255.255.255.0 host 68.98.217.252 eq h323
access-list VoIP-Traffic-OUT extended permit udp 172.16.6.0 255.255.255.0 host 68.98.217.252 object-group rtp
access-list VoIP-Traffic-OUT extended permit tcp 172.16.6.0 255.255.255.0 host 68.98.217.252 eq 2000  
access-list VMs-Traffic-Out extended permit tcp 172.16.6.0 255.255.255.0 192.168.168.0 255.255.255.0 eq 3389
access-list VMs-Traffic-Out extended permit tcp 172.16.6.0 255.255.255.0 192.168.168.0 255.255.255.0 eq citrix-ica
access-list VMs-Traffic-Out extended permit tcp 172.16.6.0 255.255.255.0 192.168.168.0 255.255.255.0 eq 4172

[code]....

View 6 Replies View Related

Cisco Firewall :: 5505 - Restore Configuration From Other ASA

Sep 26, 2012

I have the configuration file of the ASA  5505 I have another exactly model that asa is new but  this my first time working with an ASA.
 
I going to configure it an  ip address  in the  0/0 interface and then use TFTP to upload the config to the   start-up config and the save it and reload the ASA.

is that enough? or the ASA has  extra steps??

View 3 Replies View Related

Cisco Firewall :: 1-1 NAT And PPTP Configuration - ASA 5505?

Mar 22, 2011

I need add following to our firewall configuration ( we are changing watchguard firewall to cisco and it was necessary to be configured this way )
 
1) I need to create 1-1 NAT for our voip system and video conferencing unit and to do it as bellow

VOIP-SIP : from 85.90.225.100 to 217.207.96.121 on port tcp/udp 5060
VC-SIP : from any_external to 217.207.96.120 on port tcp/udp 5060
VC-Video : from any_external to 217.207.96.120 on port tcp/udp 60000 to 64999
VOIP-RTP :  from 85.90.225.100 to 217.207.96.121 on port tcp/udp 10000 - 20000
 
2) I need to eneble to pass PPTP traffic from outside to inside and vice versa
 
current config:
Result of the command: "show running-config"
: Saved:ASA Version 8.2(2) !hostname ciscoasa
 
namesname 10.10.1.19 barracudaname 192.168.1.2 ctxdmzname 10.10.1.39 ftp1name 10.10.1.38 ftp2name 10.10.1.37 ftp3name 10.10.1.192 mailsvrname 217.207.96.114 outside_114name 217.207.96.115 outside_115name 217.207.96.116 outside_116name 217.207.96.117 outside_117name 217.207.96.118 outside_118name 217.207.96.119 outside_119name 217.207.96.120 outside_120name 10.10.1.8 transfer_servername 10.10.1.10 backupsvrname 10.10.1.4 citrixsvr1name 85.90.225.100 voip_sipname 10.10.1.9 minimac1name 82.111.186.146 sdt_rdpname 217.207.96.121 outside_121!interface Vlan1 nameif inside security-level 100 ip address 10.10.1.1 255.255.255.0 !interface Vlan3 nameif dmz security-level 50 ip address 192.168.1.1

[code]....

View 5 Replies View Related

Cisco Firewall :: PPoe Configuration In ASA 5505?

Mar 19, 2012

I want to know the ppoe configuration in asa5505 firewall. IN my office i have a asa5505 and i get conncetion from local isp which is nothing but ppoe connection so how to do this.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Configuration For AT&T Microcell

Mar 2, 2011

We got an AT&T Microcell a couple of weeks ago, hooked it up to our CISCO PIX 506 firewall and it worked "out of the box". We then upgraded to a CISCO ASA 5505 when the Pix died last week. Got the ASA 5505 up and running pretty much "out of the box", only having to setup our IP addresses (inside & outside). The 5505 is NOT configured as DHCP since I have an existing server in house that assigns IP addresses and I don't want to mess around with changing everything. However the Microcell wasn't working on the new 5505. Found in the Microcell manual that the following had to be "open":

123/UDP (NTP)
443/TCP (HTTPS)
4500/UDP (IPSec NAT Traversal)
500/UDP (IPSec phase 1 prior to NAT detection)
 
From the 5505 Config Guide, I found that I needed to ENABLE NAT-T, so I did this with the following commands:
crypto isakmp enable outside
crypto isakmp nat-traversal 3600
 
Using the "Packet Tracer" in ASDM, I found that ALL 4 types of packets were allowed going from the ATT Microcell (192.168.10.52 on my INSIDE network) to the OUTSIDE interface (66.xxx.xx.xx). However, all 4 types of packets FAILED when the Packet Trace was reversed (Source = 66.xxx.xx.xx, Destination 192.168.10.52).
 
The Packet Trace pointed to the "implicit rule" to DENY IP traffic. So, using the ASDM, I setup Access Lists for the above 4 ports/protocols, both on the INSIDE & OUTSIDE interface, both INCOMING & OUTGOING. Still, no success and the Packet Trace in ASDM still pointed to the IMPLICIT DENY rule on either the INSIDE or OUTSIDE interface, depending on which Interface I was initiating the Packet Trace. I tried setting the Access Rules for "Any" IP Address (not just the public IP or the Microcell IP) on both the Source/Destination for all 4 ports. What is even more confounding is that when setting up these access lists to PERMIT traffic, my internal network  Internet traffic stopped for ALL workstations on my network. Phone started ringing no more than a minute after I applied any PERMIT rule. By deleting the rule just installed, traffic started flowing again.
 
My number one questin is why don't the access lists work and why does settin up a "permit rule" kill my internet traffic?
 
I'm not a network expert and sprinkle holy water on our network every morning. I cringe when I have to make changes (like putting in a new firewall) because I don't know all the inner workings, parameters and setups done over the years by predecessors. I need to get the ATT Microcell up and running and figure the experience will be beneficial as our next step is to setup a VPN.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 Configuration Required

Apr 29, 2013

I have a problem with the configuration of the ACL of my ASA 5505 router.However, the syntax seems okay,access-list 121 extended deny icmp 192.168.0.0 255.255.255.0 .

View 3 Replies View Related

Cisco Firewall :: Getting ASA 5505 Vlan Configuration?

Mar 14, 2013

I have IOS 8.0(4) and the base 50 User License...will this config work?  I have two networks; my home network, and my lab.  I want to split my Internet connection between them, but keep the networks separate for the most part.  Will my license allow this config since I can't do DMZ?
 
interface Ethernet0/0
switchport access vlan 3
!
interface Ethernet0/1
switchport access vlan 1
!
interface Ethernet0/2
switchport access vlan 2

[code]....

View 1 Replies View Related

Cisco Firewall :: ASA 5505 With Verizon Home Fios Service?

Feb 13, 2013

connecting ASA 5505 with the Action Tech Router?

View 1 Replies View Related

Networking :: Home Router Firewall Connection With ASA 5505

Oct 25, 2012

Shopping for a new home router/firewall. Trying to decide between a Cisco ASA 5505 or a juniper equivalent. What are everyone's thoughts?

View 16 Replies View Related

Home Network :: Double Protection Network Configuration?

Nov 21, 2011

I have a problem with my home network/internet - I have a working wireless network that I have used for some time now and it works just fine. the problem is that internet restrictions where I live require me to register each unit to the building network before I can gain access to the internet. My caretaker told me today that normally, I only should register my primary computer and the wireless router to be able to use the internet freely. However when a new laptop appears( I have a guest), I can easily connect it to my own wireless, but it can't use the internet, as if it needed to be registered again. I ran out of registration codes and I really would like to have freedom i connection opportunities. The caretaker said that the system gives every registered unit a "fake" IP, so after giving it to mu router, all other units connected through that router should have unlimited access. Is my network configured in a wrong way? I don't know how to ask this in a more simple way... I just want to be able to connect a friends laptop to the net with just my local password, which isn't happening.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 Active / Standby Configuration?

Sep 21, 2011

i have 2 ASA 5505 running 8.3(1) and ASDM 6.3(1).
 
the first unit is currently working, and i now wish to configure the second unit as standby. im configuring through the ASDM GUI. Started the HA Wizard, choose Active/Standby configuration and enter the IP of the peer device. checks come back all ok. On the LAN link configuration page (step 3of6) Interface is pre selected as VLAN99, I give it a logical name as iface_fail, and enter 10.0.0.1 as primary address and 10.0.0.2 as standby, subnet as 255.255.255.248, and select port Ethernet0/5
 
Note that if i click on the buttons next to the IP fields, i get IP addresses of remote hosts!.

View 1 Replies View Related

Cisco Firewall :: Prepare ASA 5505 Configuration To Be Used At Next Reboot

Jan 26, 2012

For a customer I have to move the ASA 5505 firewall to a new internet connection. I have modified the config in a notepad textfile and want to put it on flash or so, so that it will be loaded at next reboot.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 - Backup ISP Link Configuration?

Jan 28, 2013

I'm working on setting up a backup link for our ASA 5505 and I've followed these directions:  [URL]
 
The backup ISP gives us a dynamic address, however, when I enable the backup ISP's interface on the ASA, my vpn tunnels drop. As soon as I disable the backup interface, the tunnels come back up. I'm attempting to configure this across one of these tunnels, so obviously this is an issue, as is the fact that other people need the tunnels as well. I'm not sure what I did to make this happen, but I've been over the config many times and can't see anything different from the instructions in the link above.
 
I thought it might be trying to route traffic across the backup interface, but my primary interface is tracked and has SLA running on it, so I would assume it wouldn't roll over onto the backup interface.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 8.4.4 Stops Using EzVPN After Configuration

Sep 24, 2012

I've got some ASA5505 which run as EzVPN clients in NEM, connecting to a ASA5510 as head-end. The ASAs are configured with a CSM and AUS. But whenever they are getting a new configuration through the AUS they stop trying to establish an EzVPN connection to the head-end. After a "reload" they run with the new configuration and establish the tunnel as expected.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - DMZ Configuration With Base License

May 24, 2011

My ASA 5505 base license allows for three VLANs, the third one can only initiate traffic to one other VLAN (as specified by no forward interface vlan <number> on the third VLAN). This doesn't mean it can't "access" the other VLAN, it just can't initiate traffic to it. A lot of people get that wrong.Let's say you've got three VLANs, one is OUTSIDE, two is DMZ, and three is INSIDE. On the second VLAN would I enter the no forward interface as vlan 3, then set the name via the nameif command and everything will work just fine. The DMZ will not be able to initiate traffic to the INSIDE, but will to the outside, and assuming you have your ACLs and NAT set up properly, it will be able to respond to traffic from the INSIDE.
 
Would that be best practice or would I enter the "no forward" interface as in VLAN 1, thus is being able to respond to traffic from the outside as opposed to the inside.
 
I had a DMZ set up but since there was an intrusion into my network, I am building it again.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 VLAN Or Trunk Configuration?

Sep 2, 2012

ASA 5505, I got a security plus license which allows multiple VLANs.I want to be able to configure the ASA to allow only RDP session (One way) to another Switch where all the VLANs are. I've attached a pic of what I want but I'm struggling.
 
I looked at documentation saying you should have inside and outside interface but I'm not sure on this scenario.I've configured inside interface on ASA e0/1 and interface VLANs but not sure what to do between ASA and Switch?

View 2 Replies View Related

Cisco Firewall :: Random ASA 5505 Configuration Reloads?

Oct 16, 2011

I've been trying to track down intermitent problems with one of our branch office ASA5505's .The way we have been tracking it is primarily through ping/icmp connectivity. Occasionily our tracking software will report that is stops responding to ping requests then in almost less than a minute it will start replying again. I'm allowing icmp to that interface and it is internal. Examing the logs it almost looks like the config is being reloaded but I've never seen this kinda of log before so I'm not sure if it is just sending it's config to a host or actually reloading its config.
 
Here is the first part of it:

2011-10-17 07:05:05          Local4.Notice          192.168.22.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'logging host inside 192.168.2.20' command.
2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'logging host inside 192.168.2.21' command.
2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'route inside VLAN1 192.168.254.9 1 track 1' command.
2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'route inside VLAN98 192.168.254.9 1 track 2' command.
2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'route inside VLAN202 192.168.254.9 1 track 3'

[code]....
 
I've santized certain parts, but it does look like its realoding the config?

View 2 Replies View Related

Cisco Firewall :: How To Restore Factory Configuration On ASA 5505

Jun 18, 2007

while configuring my ASA 5505 I changed the IP address range of the internal network. Obviously I made an error because I cannot reach the box neither at the old nor the new address. How can I restore the interface and firewall definitions or reset the box to its initial state ? I found a doc how to reset the password, but not explaining how to restore the complete initial config.

View 10 Replies View Related

Cisco Firewall :: Multiple DHCP Pool Configuration On ASA 5505

Oct 4, 2012

I want to configure multiple DHCP configuration on ASA 5505. I tried to create sub interface for different IP Pool but it was not configure on ASA 5505. is it possible to create subinterface on ASA 5505?
 
ASA 5505 IOS version: 8.3(1)
License: Security Plus

View 4 Replies View Related

Cisco Firewall :: ASA 5505 - Losing Configuration When Device Powered Off

Feb 28, 2011

i did a reset on my asa by stopping the boot process because i could not remember what my enable password was, i had no problems with the reset the asa came backup as it should and i started configuring the device again. My problem is when the device is powered off and back on i lose all configuration that were made, i save the changes with "write me" before the restart and they are still being over wrote.

View 4 Replies View Related

Cisco Firewall :: ASA 5505 - Download Configuration Before Resetting Password?

Mar 24, 2013

I am new with ASA devices I have a ASA 5505, the former IT manager does not remember the password of it. I am just wondering do I lose the configuration on it if I reset the password?if yes, how can I download the configuration before resetting the password. and how can I upload the downloaded configuration

View 2 Replies View Related

Home Network :: Configuration Of Adsl Router?

Feb 11, 2011

in my past days i am using bsnl broadband. and also using adsl router for net-connection. i am connecting internet through wifi adsl router. now i am not using bsnl broadband. now i am using beem broadband in hyderabad. that internet connection is directly to my laptop through rj45 cable. but i want to configure adsl router to my beem broadband because i want to connect internet through wifi.it is possible or not? if possible tell me the procedure.

View 2 Replies View Related

Home Network :: Why Won't Static IP Configuration Work

Jul 2, 2011

I'm connected through a simple non-configurable switch to a 172.20.0.0. 255.255.0.0 network, with a gateway of 172.20.2.2.

When i use DHCP, i am able to connect to the web.

When i change my ip address to a static address (with an available ip address and correct subnet mask and default gateway) i am unable to connect to the web.

View 7 Replies View Related

Networking :: Home Network Setup Incorporating Cisco ASA 5505

Aug 11, 2011

I am planning to imlpement an ASA 5505 in my home network and I am wondering if this is a valid configuration. I am wondering if it is necessary to have 3 separate internal subnets or if these can be cabeled together in a more efficient fashion?

I plan to keep the 2 servers (game, e-mail) branched off the ASA directly in a DMZ configuration. The rest of the clients connect through the wireless/wired router.

Any unforseen problems with a setup like this (Modem -> Firewall -> Internal Router)? I have read sites that say I will have to accept an IP via DHCP for the ASA's external interface.

View 1 Replies View Related

Home Network :: Unorthodox Wireless Router Configuration?

Jan 5, 2012

Here's my situation:I live in a house that has AT&T U-verse. My pc is a couple of rooms away from the U-verse router so I pick up my Internet signal via a Netgear WG111v2 USB wireless adapter. Works great. But I have a couple of "new" Palm Pre handhelds with sync software that requires a wireless connection (won't do USB). Fortunately, I had a Netgear WGR614 v4 54 Mbps Wireless Router in storage. (I used it years ago so it had already been configured but back then it was wired directly to an AT&T router with a patch cable to my roommate's pc and to my pc wirelessly.)

So I just powered it up, plugged a patch cable into my pc's NIC and plugged the other end into the WAN port. Voila! I had connectivity to my Palm Pre's. All was well for about 15 minutes when all of a sudden my pc lost connection (wirelessly) to the U-verse router. And though the Netgear Smart Wizard showed a strong signal from the Netgear WGR614 Wireless Router and the Palm's were picking up a strong signal from it, they couldn't "surf" the Net.

I guess WinXP (being PnP) decided to adjust things causing everything to stop working. (Just a guess.I moved the patch cable from the WAN port to a LAN port. This enabled me to access the Netgear router wizard for the first time since I used it years agohttp://192.168.0.1) I couldn't access it earlier in this "endeavor" when the patch cable was connected to the WAN port. So this seemed encouraging. But no, it didn't work. Nothing was connecting to the Net. And the only way to restore my pc's connection via the Netgear USB wireless adapter to U-verse was to unplug the Netgear wireless router.

View 1 Replies View Related

Home Network :: AirTies 4450 Static IP Configuration

Feb 25, 2012

I have a router manufactured by AirTies,the model is Air 4450.This has the capability of being an Access Point in a current network, which is how I want to use it. (Introducing it into my current Sky Broadband network with a Sagem F@ST 2504N router).However, I cannot access the configuration page whatsoever.The manual states the default IP address of the router is 192.168.2.254, so I have set my laptop to a static IP of 192.168.2.100 and patched into LAN port #1 on the rear of the Airties 4450, powered on the unit and cannot access the router at all.I have held down the reset button several times to no avail.how I can configure this unit ?

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved