Cisco Firewall :: ASA 5505 - Having No Access To Webpages?
May 3, 2013
I'm currently facing a problem with a ASA5505. I've set it up from factory defaults... From the CLI, I can ping an the outside interface, the GW and an outside IP (ex:8.8.8.8).So I believe that there's no connectivity issue and the configuration is correct.
However, for a reason that I don't know, users can't have access to web pages.The product license allow me to have 50 host connected. Currently I've only got one host connected...
When I enable syslog, I can see the following messages :Deny traffic for protocol 17 src inside: 192.168.1.20/64429 dot ouside:8.8.4.4/53, licensed host limit of 0 exceeded.Where this limitation can come from ?
View 16 Replies
ADVERTISEMENT
Feb 11, 2013
Suddenly, one of my laptops is unable to access the internet via my apartment complex's community wifi. It will connect to the network, but times out when trying to access any webpages. All other devices are able to connect to the network and access the internet with no issue. This network is unsecured, so no password is required to access.
ISP: Comcast
Router: Unknown
Anti-Virus/Firewall Software on PC: Avast, Windows Firewall
Here's my ipconfig/all info:
Windows IP Configuration
Host Name . . . . . . . . . . . . : dorothea-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
[code]....
View 10 Replies
View Related
Feb 11, 2013
All of a sudden, one of my devices (a laptop running Vista) is no longer able to access any webpages when I connect via my apartment complex's community wifi. I can connect to the network, but when I attempt to access a webpage, the request will time out. All other devices are able to connect to the network and get to the internet with no issue. The laptop is still able to successfully connect to other networks.
Here's my info when I run ipconfig/all:
Windows IP Configuration
Host Name . . . . . . . . . . . . : dorothea-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
[code]....
View 8 Replies
View Related
Feb 26, 2011
Unable to access webpages and sometimes internet.I will be on my laptop which is the main computer I use (I usually use it wirelessly although I'm having the same problem now, even when I'm hardwired) and suddenly I can't access some or all websites. This isn't just normal dropping for a few seconds at a time, this can last for hours sometimes. Meanwhile, the desktop computer which is directly connected, doesn't have any problems at all.
View 7 Replies
View Related
Nov 15, 2012
So, i have set up a working Anyconnect solution, (see attached picture)
Firewall is a 5585-x ssp20 running 8.4.3
Core is cat 6500
Anyconnect client version: 3.1.00495
Configured vpn with a tunneled default route to 172.19.16.1 (Core - cat6500) No split tunnel is configured, everything has to be tunneled and monitored by WCCP in Firewall. Authorization is by Certificate Only.
I can reach inside servers (for example 172.18.254.37) i can reach DMZ server (for example 192.168.138.36) i can surf the internet on regular HTTP (port 80)
but, i cannot surf the internet or DMZ servers using HTTPS (port 443) also, ftp does not work. i have tried to reach external ftp servers who are open to all.
both https and ftp works from the INSIDE network.
I have tried to change the port for Anyconnect, to 444 (for dtls as well) and i can see that all the vpn traffic is going over 444, so 443 should be undisturbed.
but this is not working.. could it be a certificate problem, or am i missing something? NAT/PAT?
This is my NAT configuration:
nat (DMZ,INSIDE) source dynamic NET-VPN-DMZ-PORTWISE-NATED-BOTK HOST-172.18.254.69 destination static NET-VPN-REMOTE NET-VPN-REMOTE
nat (DMZ,INSIDE) source static NET-DMZ NET-DMZ destination static NET-ALL-INSIDE
[Code].....
View 6 Replies
View Related
May 3, 2012
I recently implemented an ASA 5520 HA pair with CSC-SSM-20s in each non stateful per cisco. The CSC management sits in a management subnet 192.168.4.0/24 with the management interface of the ASA as its default gateway in the same subnet. Ever since the implementation frequently webpages will not load correctly, the formating will not look right and pictures will be red x. If you hit f5 to refresh the pages loads fine. If I add a deny any any eq 80 rule before the permit any any eq 80 the issue appears to go away. TAC can't seem to find anything worng. All we want to do is use a simple web content filter with the check boxes in the global filtering policy. ASA is running 8.2(5) and CSC is running 6.3.1172.0. Everything else works fine SVC and rules and such. [code]
View 2 Replies
View Related
May 2, 2013
Previous setup without problems B1 Firmware 2.00
Cable modem>Router>4 computers + 1 wireless printer.. But i needed more ports so i bought a trendnet gigabit switch with 8 ports.
Then I Plugged port 4 on router to >switch port 1
When all the computers are turned on and using everything at once i cant access websites but my skype works so i figure its probably a dns issue and my dlink is overloaded? I didnt try to access any sites with the ip only fail on my part.
Once this happened i immediately unplugged everything and restarted the router. I only have my own computer hooked up the router and did a firmware upgrade to 2.10na and my internet works immediately after but when i hook up another comptuer to the network i cant access any pages but my skype works..
View 14 Replies
View Related
Jun 25, 2012
I just recently upgraded my computer to Vista from XP. Since then my computer connects to the internet and runs applications such as Star Trek Online and Skype ok but it won't load pages in any internet browsers.
View 12 Replies
View Related
Mar 2, 2013
I bought my laptop 4 weeks ago. It has Windows 8 on it. It worked great until this week. At first, Google Chrome quit working. Then IE quit. I connect wirelessly. It says it is strong, but no Internet access. I do have connectivity on my phone to that router.
View 2 Replies
View Related
Jun 22, 2012
I have a Windows XP Laptop and an Windows 7 Starter Netbook. I have recently changed internet provider, returned the previous (Netgear) router and configured a new (D Link) router. Prior to the change of internet provider, both laptops could connect wirelessly without issues.After installing the new router provided by new internet provider, my Windows XP laptop can connect to the internet wirelessly without problems, the signal is strong and the speeds decent. My Windows 7 Netbook can connect to the network and to the internet, however, the speed on it is so low that pages do not load at all. Whilst it remains connected (the connection does not drop), it does not display web pages. Occasionally it displays a page or two, and it seems the problem is fixed, but this lasts no longer than a few minutes, after which it starts displaying "white" pages again. When the connection to the router is wired, the problem disappears and I can access the internet and the pages load well, so the problems is strictly a Wi Fi connectivity issue.
The Windows 7 Starter Netbook that has this problem at home, connects to every single other network I have had the chance to test it on (at work, at internet cafes, at my parents, at my sisters) and it also used to work flawlessly with my home network before I changed internet provider. On all other networks, it works really well.The new (D Link) router seems to work, otherwise my Windows XP laptop would also be having problems... but it doesn't.So both the new (D Link) router and my Windows 7 Starter Netbook work well separately. They just don't work together!I have tried a number of things: restarting the Netbook, restarting the router, re-installing Windows 7 Starter completely, disabling the network adapter and re-enabling it, updating the network driver, unprotecting the network completely, disabling Windows Firewall, disabling antivirus,changing the channels on the router, placing quartz crystals next to both devices and chanting. Below, I am pasting IP Config files showing the details of the settings in both devices (the one that works and the one that doesn't). As far as settings on the router is concerned, I have checked that they are the basic default ones that technical support are recommending.
IP Config of Windows XP Laptop that WORKS WELL:
Windows IP Configuration
Host Name . . . . . . . . . . . . : myhomelaptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
[code]....
View 3 Replies
View Related
Apr 23, 2010
I can't access our ASA 5505 via SSH from the outside. I've configured this through the ASDM to allow SSH (Device Management > Management Access > ASDM/HTTPS/Telnet/SSH). I added a rule that allows SSH on the outside interface from 0.0.0.0 0.0.0.0. When I try to ssh in with putty, it says "server unexpectedly closed network connection" When I watch the logs on the ASA, it shows a Built inbound TCP connection on port 22, but then immediately a Teardown TCP connection. It doesn't show it's being blocked by any rule. Is there something I'm missing on enabling SSH?
View 13 Replies
View Related
Aug 7, 2012
I am not able to get to the internet from my DMZ ip address.
Here is my config.
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2(code)
View 4 Replies
View Related
Mar 8, 2013
I have a web server behind my 5505 that I'd like to access from the outside of the 5505 (still within my home network though). Its running on port 3000. I made the changes but I have been unable to access my server from the outside.
I do have an Airport Extreme in from of the 5505 and the 5505 is getting its address via dhcp from the airport. So I'm trying to hit 192.168.2.57:3000 from my wireless airport network.
[code]...
View 8 Replies
View Related
Sep 22, 2011
if log on to the firewall with the enable_15 account remotely via a Cisco IPSec VPN client? Similarly, how do you restrict access to the ADSM to the local LAN for the enable_15 account? Is there a way to tell when a user last logged on via an IPSec VPN?
View 4 Replies
View Related
Jan 11, 2013
I have question about license for ASA 5505. I have to put public access point behind ASA into DMZ. Do I need to hava the unlimited license? Does Securipty Plus license include unlimited users option and 50 VLAN or I will need different type of license.
View 2 Replies
View Related
Jul 9, 2012
We have a Cisco ASA 5505. As of yesterday we could no longer access our web server (the web server is hosted off-site). Pinging the DNS address and direct IP (from the firewall and a PC) both return no response. Pinging the IP from the T1 router responds properly, meaning the router can access the web server, but the firewall cannot. Accessing the web server has never been a problem, and no configuration changes have been made to the network/firewall. Other locations can access the web server just fine.
View 1 Replies
View Related
Mar 11, 2013
No connection via IE of any flavour
Chrome shows Error 113 (net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH): Unknown error
I have 30 machines here, none of which have a serial port.
View 1 Replies
View Related
Dec 31, 2012
ASA Version 9.1(1)
!
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
[Code]....
View 9 Replies
View Related
Oct 29, 2012
I need to move the email traffic to a backup circuit. Below is my config. I have tried for email access but to no avail.
asa5505# sho run
: Saved
:
ASA Version 8.2(2)
!
hostname asa5505
[code]........
View 9 Replies
View Related
Nov 29, 2012
Cisco ASA 5505
Cisco Adaptive Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)
I have and vpn tunnel between a pix network (192.168.200.0/24) and an asa network (192.168.100.0/24); it's been running fine for awhile now but this morning i've come in an i can not access anything on the pix network, (mail, file & web servers). Each attempt to access results in a SYN timeout.
6 Nov 30 2012 14:24:01 302014 192.168.200.9 192.168.100.115 Teardown TCP connection 6014 for outside:192.168.200.9/135 to inside:192.168.100.115/51240 duration 0:00:30 bytes 0 SYN Timeout
View 10 Replies
View Related
Feb 27, 2011
I am trying to enable access to use RealVNC on our Cisco ASA 5505 without using VPN. RealVNC uses port 5900. Users should be able to vnc to 99.23.119.78 and reach our internal server 192.168.1.4. So far they are receiving connection refused.
View 5 Replies
View Related
May 21, 2012
I have a remote ASA5505 running 8.4(3) with a working site 2 site VPN tunnel to my main office. (The main office is running an ASA 5510 with OS 8.4.3 as well). The encryption domain is all private IP on main site vs. 172.16.10.0/23 on remote site.
Relevant config of the remote ASA:
interface Vlan1
nameif inside
security-level 100
[Code].....
I can manage the ASA on the outside interface (outside of the site 2 site VPN) using the TACACS credentials I can also ping my management station from the ASA using the inside interface, but as stated, the other way around does not work. I have not yet tested if management from the local 172.16.10.0/23 subnet works, but I will try this next.
View 5 Replies
View Related
Sep 27, 2012
I have config ASA 5505 and it is conencted to layer 3 switch that connects to cable Modem.
ASA is config with DHCP option and PC is able to get the IP from ASA. But from PC i am unable to access the internet. From ASA itself i am able to ping the Websites fine.
ASA has config with DHCP for inside and also it is doing NAT.
When i connect the ASA directly to Cable modem then pc is able to access the internet.
View 4 Replies
View Related
Jan 20, 2013
I've have an ASA 5505 with a inside network vlan1 (192.168.0.0/24) - i've configured an IPsec VPN profile and a VPN network of 192.168.0.50/24. I can through my VPN tunnel access inside hosts on vlan1 - but not ASDM on the ASA (192.168.0.1). Under management i've added the VPN network of 192.168.50.0/24 to have access to ASDM, but still does not work.
View 1 Replies
View Related
Jul 5, 2011
I would like to restrict Internet traffic (HTTP & HTTPS) for Inside Users with an ASA 5505. I would like to setup a proxy-like system where a User/Password must be entered before the User can actually browse the web.
I know that this can be done with an additional RADIUS/TACACS+ Server. Is this also possible without any external AAA Server, so with User/PW stored on the ASA locally only?
View 1 Replies
View Related
Jun 29, 2012
I am running into a issue that I cannot seem to figure out. I have a asa 5505 with the Security Plus license. I setup a native vlan where all of my network devices sit on. ie my Wireless Access point has an ip of 192.168.3.2, my switch .3. I have no issues managing these devices from any vlan I am on (permitting firewall access rules). When I try to access my ASA via ASDM/SSH. I have to use the gateway of the vlan I am on. For instance. If I am on vlan 10 I have to use 192.168.10.1 for access, if I am on vlan 20 I type 20.1...etc...etc If I type in 192.168.3.1 I get an error in the ASDM logs that states TCP reset by appliance. This is for any gateway I type except for the gateway of the vlan that I am connected to. I am posting a sanitized config. How can I configure the ASA to permit access via any gateway.
View 3 Replies
View Related
Apr 3, 2013
I am having some trouble accessing some backup Email (Outlook Web Access) and Citrix servers located behind an ASA 5505 firewall at a remote datacentre. Simply put, when I go to the specific URL (e.g. [URL]) I do not arrive at the splash page, I just get a message saying that the server took too long to respond in the web browser. I'm wondering whether I have missed something on the configuration or the firewall itself is not letting my requests through. The remote servers are located at a remote Disaster Recovery site and use the subnet 192.168.4.0/24. I am at head office which is connected to the DR site via a VPN using 192.168.1.0/24.
[Code] .....
View 2 Replies
View Related
Feb 9, 2013
I have configured the ASA in a very similar manner to how the PIX was set up but I'm having trouble with some hosts on the inside accessing the Internet. Any inside hosts which use DHCP work fine. Any inside hosts with a static IP (and configured on the ASA with a "static" rule) cannot access the Internet. For example, in the config below the server daviker-dialler cannot access the Internet. I've spent a few days working on this now and have started from scratch several times but I'm not getting anywhere. Apologies for all the X's everywhere, didn't like to post anything sensitive on the Internet.
View 2 Replies
View Related
Jul 20, 2011
I have configured the ASA 5505 for internet access and outside users to use two servers in the DMZ. Every thing is working fine. When I was configure VPN, I did some mistake I guess, now inside users are not able to access internet. They get an error 405. Thats an error. The request method XXX is inappropriate for the URL /. Thats all we know. Even I am not able to access the server in the DMZ from outside and I get an error : Bad Request - Invalid HeaderThese things just happend after I did some thing on the ASA. I copy and pasted the my old configuration but still insider users are not able to connect to internet and from outside I am not ableto connect to server. The weired thing is that I can user VPN with out any issues. I can connect to vpn but I cant access any internal resources. Even inside users are able to ping internet addresses with out any issue.
View 2 Replies
View Related
Jan 5, 2012
We have an ASA5505 UL bundel, updated with this license "L-ASA5505-SEC-PL=" to enable traffic from DMZ to Inside. No NAT or rules deployed for that yet.
On the Inside we have Exchange 2007 in a single server installation. The public url for smtp, ActiveSync, OWA and Outlook Anywhere is mail.company.se. There is a static NAT for outside traffic to access above mentioned services on inside. Now, on DMZ there is the WLAN for guests to access the Internet. How ever, our Smart Phones with WLAN turned on, cannot sync to the Exchange Server on the Inside! The DMZ gets IP-addressen from ASA on DMZ Interface with external DNS configured. How can I configure the ASA to achieve the function of ActiveSync from DMZ to Inside with the public URL from the phones?
View 15 Replies
View Related
Jan 5, 2012
How do I enable remote access to ASDM from outside of the network on the ASA 5505? This would be used for remote access to the firewall at a site that is not utilizing VPN.
View 5 Replies
View Related
Nov 18, 2012
I have a closed network that is not connnected to the internet, just other sites that we want to communicate with. We have a cisco router connected to the outside interface on an ASA5505 and a cisco router connected to the inside interface on the same ASA5505. I have an inside interface that connects our management LAN, five separate DMZ interfaces with a separate LAN (VLAN) on each DMZ interface and the outside interface that connects to the other sites. Data is not allowed to mingle between the five DMZ's.
Alll connections to the other separate nodes are handled with the router on the external interface. IPSEC GRE tunnels have been established between all sites and BGP routing has been verified. Pings are good between inside, dmz and external interfaces and between the DMZ's and the other sites, to include hosts on our local networks and hosts at the remote sites. Inter and intra traffic is enabled.
When a remote site attempts an https connection, the initial ACK handshake makes it through the ASA5505, but the return SYN/ACK is being knocked down and I don't understand why (it is not because of ACL's, they are any any at this point).
Why the return SYN/ACK to the remote site isn't getting through the ASA5505 outbound. Will probably have the same issue with FTP, but right now, just trying to solve one problem at a time.
ASA5505 is in routed mode, not looking to NAT since the IP addresses in the DMZ need to be reached by their real IP address.
View 3 Replies
View Related
Feb 23, 2011
configure my ASA 5505. It is setup using PPPoE. What I want to do is this:
I have one of my IP addresses (99.23.119.78) setup for ftp using the ftp protocol to our internal IP address 192.168.1.3. What I need is to also allow for HTTP access but not just that, I need it to forward the http port to port 9000 because the web interface requires port 9000 for customer access. Previously on our old firewall customers were able to access the web interface by browsing to [URL]. I would like to not have to not require the port in the URL.
In addition, I would like to be able to setup a different IP address in our range (99.23.119.73) to be setup for http access using the standard port 80 for the same internal IP address (192.168.1.3). This URL will allow us to access the administration web interface for the FTP server.
Here is my current config:
Result of the command: "show running-config"
: Saved:ASA Version 8.2(1) !hostname ciscoasaenable password qVQaNBP31RadYDLM encryptedpasswd 2KFQnbNIdI.2KYOU
[Code].....
View 4 Replies
View Related
