With an ASA 5505, i would l like to guide a sub network to an ISP and another sub network to the other ISP.i have 2 differents ISP.My major problem is the metric. I tried with access-list command to force the way out, but it seems that "metric" is stronger than "access-list".I don't know how to manage such LAB. is that possible with ASA 5505 appliance?
View 9 RepliesA bit of a straight forward question, is it possible to connect a 5505 to a 5510 direct via a crossover or do you need a switch inbetween capable of trunking?
View 1 Replies View RelatedWe have ASA 5550, I have a portal server in the dmz which is natted statically to a public ip address for port 443. The application works fine from outside world. The server is also nated with a dynamic nat from inside to dmz and when I hit on the dmz ip from my inside it works fine.
The requirement for us is that the users sitting behind the inside (i.e. LAN) should access the server on the public ip address and not thru the dmz.
I'm trying to set up Windows Server UAG for Direct Access in a Testlab. The UAG Server has two network nics. One in my Testdomain (internal) and the other one in a DMZ of our Cisco ASA (external).Our ASA dmz has subnet 192.168.3.x but UAG Direct Access needs public ip adresses.Is there documentation how to configure an ASA 5520 Firewall so i can use my Windows UAG Server with Direct Access?
View 7 Replies View RelatedI have the following scenario.
INET
(205.50.50.1)
|
|
(205.50.50.2)
[CISCO ASA 5540]
(10.10.10.1)
|
|
+ ---------------------------------------------+
(10.10.10.2) (10.10.10.3)
[BARRACUDA] [Exchange SRV]
Mail Domain: mail.domain.com (205.50.50.50)
Ok so the mail flows to the Barracuda using a static 1:1 NAT configuration and then gets delivered from the Barracuda to the Exchange server. I want to implement active sync (Direct Push) for Windows mobile devices. They need to communicate with mail.domain.com over port 443. The problem is I want mail to continue to flow to the Barracuda, but direct Direct Push traffic to the Exchange server.I cnow I can't implement two 1:1 NAT mappings from the same external hostname to 2 different servers.
Currently, my customer has 2 units of Cisco PIX 515E running on Active/Standby mode. As for the heartbeat link, there are 2 dedicated switches placed in between both the Cisco PIX 515E i.e. FW1 --> SW1 --> SW2 --> FW2.
My customer will be changing both the Cisco PIX 515E to Cisco ASA 5510. Now, they are asking me, since they will be using Cisco ASA 5510 eventually, can the heartbeat link be a direct UTP cross cable or must the 2 switches in between still exist?
I remember I have tested this before, few years back, in the event I were to pull out the UTP cross cable that's connecting both the Cisco ASA 5510 Firewalls directly (without any switches in between), the Active/Standby mode still works fine. It doesn't go bad whereby both the Cisco ASA 5510 suddenly becomes Active/Active, and causes network issue.
Are switches required for the heartbeat link in a Cisco ASA environment or can a direct UTP cross cable connection be adequate.
I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
I've just got my DCS-2121 up and working. But i can't figureout how to access the direct URL for the camera?And is there a URL for still images aswell?I got an iPad and an iPhone, but i can't access the camera because it use Java.I had another DCS-900 where i could access IMAGE.jpg and Video.cgi. Is there anything like those for the DCS-2121?
View 7 Replies View RelatedI have a RV042 Dual WAN router. What I would like to be able to do is to direct a computer on my network to access one particular WAN. For example, WAN1 is a DSL line and WAN2 is a cable line. I would like to direct a computer on our LAN to access the cable line always, even though I have Smart Link Backup set to WAN1. Is this possible?
View 6 Replies View RelatedCurrently have two laptops: one is a MacBook using OS X, the other a Gateway PC running Vista Home Edition. A Dell Inspiron 17R notebook running Windows 7 Home Premium is in process of delivery. Current laptops linked on a home Wi-Fi network with AirPort Express router. Anticipated use of new Dell notebook requires its direct connection to Internet outside of current network configuration. Is it possible to have both accesses available in my setup utilizing my one cable high speed service connection? If so, what are the steps needed to accomplish the required setup?
View 1 Replies View RelatedI have been trying to get this setup for 2 days now and so far NADA.....
Router: Linksys E3000 - below is a list of all devices connected (hardwired T568B) to the 4 ports with a laptop connected via wireless
1. Main PC - motherboard: ASUS Maximus IV Extreme-Z (dual GB LAN ports)
2. Media Server - motherboard: MSI Z68A-GD80 (dual GB LAN ports)
3. Test Bench AMD PC
4. WD TV Live
Currently: I have all 3 computers running Windows 7 and connected to a Homegroup. I have given the correct permissions to enable sharing of files between each of the 3 computers and can transfer files from one PC to the next w/o any issues.
Desired: I want to connect my Main PC and Media Sever with a crossover cable using the 2nd LAN port on each motherboard, so that I don't have to go through the router to transfer data to and from these 2 PCs. I will have each PC also connected to the Linksys E3000 router via the 1st LAN port on each motherboard to supply the internet connection, so I am also not trying to "share" an internet connection between these 2 PCs. Basically, I want to run my home network through the Linksys E3000 and then a 2nd network for the 2 PCs using the crossover cable.
Current Problem: I disconnected the straight-through cables from the router to each computer from the 1st LAN port. I then connected the crossover cable from the Main PC to the Media Server and setup a new Home network in the Network and Sharing Center in Windows 7. Everything worked and I could transfer data to and from each these 2 PCs, so i know I wired the crossover cable correctly. Then I reconnected the straight-through cables coming from the router to the 1st LAN ports of each mobo, thinking that each PC would auto-detect the internet connection and reacquire my existing home network, enabling an internet connection again. However, this did not happen.
[URL] I also followed this how-to guide on microsoft.com, but when I get to Step 3 where it says that an "Unidentified network icon" will aprear in the Network and Sharing Center, it does not!
From Googling, reading, and troubleshooting I believe I know 2 things:
1. All of the hardware is functioning properly - when the straight-through cables from the router are disconnected, the 2 PCs are networked through the crossover cable and files can be transferred.
2. The problem is with Windows 7 somewhere - I think?
I just bought a DCS-2130 for outdoor use (city landscape through my window in the nineteenth floor), and I'm trying to get it work during the daylight, but I'm having some problems.It seems like this camera can't handle direct sunlight, and in these situations the image gets blurry, even when I set the exposure to auto with max of 0dB in setup menu. Simply there's nothing I can do in this options menu to solve this problem.As the day passes by (and the sunlight gets weaker), the image gets better 'til the night, when it's perfect.What I need to know is if there is any way to setup it properly for daylight use. Is there possible to setup these exposure parameteres some other way, like editing an .ini file or something like that? Or this expensive camera simply can't handle this?
View 7 Replies View RelatedI cannot connect my Dell Inspiron 1300 through the NetworkManager "wired" connection, when I try to go direct to the cable modem. It fails to connect. If I connect the cable modem to my (linksys WRT54GS) wireless router, and then connect my laptop to a wired port in the router, it connects in seconds, successfully, This has happened to me 2 other times, when I tried to connect my laptop to a client's cable modem, because my client did not have a wireless router available, in their home. My wireless works fine. This has me perplexed. I'm using Ubuntu 10.04 LTS and NetworkManager Applet 0.8, I've tried some things to see what is going on, such as "ifconfig" "dhclient" as well as modifying the "Auto eth0" parameters and adding my laptop's MAC address, etc.
View 5 Replies View RelatedI am using Cisco ASA 5505 between my two network.
1) I want 192.168.1.0/24 LAN user can go to access 172.16.1.0/24 network but 172.16.1.0/24 cant access 192.168.1.0/24 network
2) what interface nameif will be or security Laval
3)what access list should be configure
4)what IP route should be used
Cisco ASA 5505
Cisco Adaptive Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)
I have and vpn tunnel between a pix network (192.168.200.0/24) and an asa network (192.168.100.0/24); it's been running fine for awhile now but this morning i've come in an i can not access anything on the pix network, (mail, file & web servers). Each attempt to access results in a SYN timeout.
6 Nov 30 2012 14:24:01 302014 192.168.200.9 192.168.100.115 Teardown TCP connection 6014 for outside:192.168.200.9/135 to inside:192.168.100.115/51240 duration 0:00:30 bytes 0 SYN Timeout
I have a Cisco ASA 5505 (version above) and I have someone that needs to SSH into a box behind the ASA. I'm having a few issues trying to configure this access-list and NAT. I've tried many combinations and clearly my IOS is not as good as I thought. What commands should I enter to accomplish mapping SSH from an outside network range to an internal host ?
View 5 Replies View RelatedI now need to configure an ASA 5505 for a small server farm. It's fairly straightforward:isp -> asa5505 -> internal servers,'m using static addresses -- no DHCP involved.VPN works; I can get into the internal network.pinging from the ASA to an external address works,However, I cannot get from a laptop connected to an internal port out to the internet, either using ping or typing an address in the browser.
View 7 Replies View RelatedI've been trying to configure a cisco ASA 5505 for my home network but I'm not having much joy with it. I've looked at countless guides, tutorials and followed the ASA setup wizard in ASDM. The Cisco 1841 is running sub-interfaces for my VLAN's.
View 4 Replies View RelatedI am having a problem trying to figure out how to add a new ASA 5505 to an existing network. My current network is:Cable Modem > Linksys > 48 port switch With multiple hosts residing on the 192.168.0.x network.Now i know that the ASA comes default with 192.168.1.1 on the inside interface and i want to change that to 192.168.0.1. I have tried to do this thru ASDM using the wizard and manually. Once i hit ok for it to write the config, it gives me an error that it didnt take. I then lose connection to the ASA and have to hard boot it to get it back.I am trying to do this without my external connection connected and i have a laptop connected to the ASA on port 0/2 with an IP address of 192.168.1.75.Do i need to connect my internet connection to it first and then run the wizard? I was hoping to get it configured for my existing network before i plugged in the internet connection to limit my downtime.This ASA came with 6.4.1 ASDM and 8.2 OS installed. i was able to upgrade the ASDM to 7.X but when i go to update the OS to 9.1, i get an error that i am not registered to use cryptographic software. Dont know where i need to register to get it?
View 4 Replies View RelatedI have been having a heck of a time trying to configure my 5505 to allow the second segment on my network to use the internet. Office 1 has a fiber internet connection, and all traffic flows fine. Office 2 had gotten it's internet from AT&T, via a network based firewall injecting a default route into the mpls cloud. both offices connunicate to each other through the mpls.
When we added the fiber to office 1, we had the mpls people change the default internet route to the inside address of the 5505 and things worked fine. when AT&T attempted to remove the NBF defaut route, and inject the 5505's address as default, things didn't go so well.
AT&T claims that it is within my nat cmmands on the 5505, but won't tell me anything else. I assume that they are correct, and I assume that I am not good enough with the 5505 ASDM to tell it what to do.
Office 1 uses 10.10.30.xx addresses and Office 2 uses 10.10.10.xx - the 5505 inside interface is 10.10.30.2 the internal interfaces of the mpls are 10.10.30.1 and 10.10.10.1
I have an asa 5505 and I would like to adding a new rule for a network, however it was added, it seems it would be inactive. I have two inside network,192.168.12.0/24 (name: lanA) and 192.168.99.0/24. (name: lanB) I have the following in the running-config:
access-list lanB_acl line 1 extended permit ip 192.168.99.0 255.255.255.0 any
access-group lanB_acl in interface lanB_interface
But when I tried to reach a host in the lanA, the packets are dropped. I configure the asdm, which shows this on the LanB interface:
1 lanB_network | any | ip | permit (hits 344)
2 any | any | ip | deny
and I checked the packet tracer with: tcp, source: 192.168.99.57:10460 dest: 192.168.12.2:443 and it shows that the packet has been dropped by the last 2. 'implicit any any ip deny' rule, in spite of my access-list rule (access-list lanB_acl line 1 extended permit ip 192.168.99.0 255.255.255.0 any) preceded it, and active.
The lanB and lanA interfaces are the same security level 100, and I can reach the outside/internet from 192.168.99.57 Is it possible that I have to reload the rules or something like in order to apply? Or I missconfigured something?
I have a customer an exisiting 5505 which connects to multiple sites for a site-to-site VPN. This firewall was not installed by myself originally I have just been asked to take a look now.The situation is that we now need to edit one of the existing site-to-site VPNs to include the remote sites expanded network. I have tried doing this through the ASDM and have found that I cannot add new network objects. I have tried creating a new network object group and then added the new networks from there but I am completely unable to add the new objects.I believe a picture tells a thousand words in this case so I have attached some images which show the problem. I have also tried going through the VPN wizard, this also does not allow me to add new network objects.
View 2 Replies View RelatedWhat should i do on my Cisco ASA 5505 firewall to grant access to my network systems to access internet via gateway. I use ASDM to configure the firewall.
View 5 Replies View RelatedCisco ASA 5505 Cannot Ping Secondary Internal Network.
View 9 Replies View RelatedASA 5505 and DMZ, I have a Base License.
What do I need to do for access inside network to DMZ?
I successfully configure, internet Access for DZM and inside network, web server can be accessed from internet, but I have problem to configure communication from inside network to DMZ.
For a customer I have configured a new ASA 5505 firewall with 8.42 software. I had to build 3 ipsec tunnels to different locations and firewalls. All tunnels are working except one. I have to translate the inside network 1 to 1 to a different private range before it is sent over the tunnel. Each host from network 192.168.133.0 /24 has to be translated to a 192.168.112.0 /24 host and then sent over the tunnel. (e.g. 192.168.133.22 translated to 192.168.112.22)
View 3 Replies View RelatedWhen I start a VPN-session my server looses internet access. The server is host for a few virtual machines and they have internet access.using 5505 and asa is version 8.4(2). [code]
View 6 Replies View RelatedI am having a very strange issue with connecting new machines to reach the internet.We have a ASA 5505 which the previous tech configured the DHCP pool to 192.168.1.60 - 192.168.1.110
We ended up reaching our limit which I changed it to: 192.168.1.60 - 192.168.187
Then next day when I arrived to work, our DC was hung from windows updates. Once we got everything back up, every computer currently on the network can reach the internet/VPN tunnels etc. So (continuing with my day) I created a new server in a VM (Hyper-V)I can ping everything internally (even the router) 192.168.1.1, but I cannot resolve DNS. I have configured a static IP, tried Dynamic IP.I have looked for any ACL indicating to block outside the range of the old DHCP pool but no luck.On my local maching I can ping the DNS addresses, but just not on the new server.
I have configured an ASA 5505 to connect a single internal network to internet, it is not working. I have attached the config
View 9 Replies View RelatedI have a 5505 between a vendor router & my company network, vendor is not able to access devices on internal network. I am also not able to access the firewall via asdm
View 10 Replies View RelatedI am using two firewalls to connect two different offices. Firewall 5510 is running ASDM 6.3 and 5505 is running ASDM 6.2, Problem is that even after connecting two sites, i am unable to ping remote network from either side. I am mentioned static route as tunneled.
View 1 Replies View RelatedI have a request to establish a site to site VPN with a customer. While collecting the information I give them our local network subnet which is a private subnet (192.168.5.0). They asked me if I could give them a public address instead. They can not work with the 192.168.5 subnet. Is this possible?
My side of the VPN is an ASA 5505 running 8.2(2). The other side i believe is a Checkpoint.
How I can actively monitor the interfaces and overall status of 2 x ASA 5500s in an Active/Standby configuration?
I can setup monitoring of the interfaces on the Active member but I'm not sure how to manage the Standby member?