Cisco Firewall :: ASA 5505 / How To Use A Host Instead Of IP Address For A NTP Server

Jul 8, 2012

Instead of using a IP address I would like to use a host address that points to a NTP pool.An example would be:ntp server 0.north-america.pool.ntp.org Can this be done on the ASA series?

View 1 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5505 - Local Host Names To DNS Server At Main Site

Mar 3, 2013

I ran into a very interesting problem that occurred today and I'm trying to figure out why it happened. If it was one ASA 5505 that just required the reboot, then I'd have just chalked it up to a glitch, but when we built a new AD/ DNS server on the main network at the main site and changed the 3 Remote site ASAs to point to the new DNS server in the DHCPD options, none of them could ping any local host names to the DNS server at the main site they were now pointing too, but external host names { URL} all translated and pinged fine.
 
From a laptop on one of the remote sites, we could ping the new AD/DNS server(192.168.0.3) and the old AD/DNS server(192.168.0.2) and everything else at the main site, and telnet to port 53 showed successful across the Easy VPN from the Remote site to the new server at the main site. When wire shark was added to the new DNS server at the main site, the DNS request and replies for {URL}, for example, came and worked fine, but any requests for local resources never made it to the server from the remote sites.
 
A reboot of one of the Remote Site ASA's corrected the issue. Then I rebooted the other two remote site ASAs, and now DNS was working fine for everybody. I had also tried clearing the ARP cache on the ASAs before resorting to rebooting them. I also tried rebooting the laptop thinking the local DNS cache needed cleared before resorting to rebooting the ASAs. I'm struggling to understand why external, public host names made it through and resolved from the remote sites to the new server at the main site, but anything local failed before even reaching the new server(The new DNS server could resolve requests made by computers at the main site, but the remote sites that traverse the Easy VPN from the ASAs failed).  The new AD/DNS server is the only server configured for DNS for all remote site computers.
 
Is any of this making sense? I'm wondering if clearing the x late or local host tables would have corrected it without having to reboot. I'm just trying to grasp the understanding here and figure out what happened.

View 5 Replies View Related

Cisco Firewall :: Access Windows Server From Outside Address With ASA 5505

Oct 6, 2011

I just purchased a domain name, that I have forwarding to my WAN address.  I want to be able to access my home websie via this route.  I have an ASA 5505, how do I get the ASA to point to the home server when the WAN IP address is entered?

View 16 Replies View Related

Cisco Firewall :: Two Host With Same Nat On ASA 5505

Mar 22, 2011

I have 2 web servers that replicate between them (two different internal ip). My idea is that if one of them will not work, the other to do the relay.I have a Cisco ASA 5505 I can do a nat for each machine. How should I set ?

View 3 Replies View Related

Cisco Firewall :: 5505 - Host In DMZ Cannot Get Outside

May 13, 2012

Based on the configuration pasted below, we believe the host (10.0.2.200 / 255.255.255.0 GW: 10.0.2.1 with external DNS servers configured) should have access to the web. However, it cannot resolve any names nor can it connect outside.

[code]....

View 19 Replies View Related

Cisco Firewall :: ASA 5505 - Allow (outside) Host To (inside)

May 20, 2011

I have a ASA 5505 Sec Plus. I would like to allow outside hosts to our mail server and also our FTP server. So i would like to allow only SMTP, HTTP (for Outlook Web Access) and FTP.

View 10 Replies View Related

Cisco Firewall :: ASA 5505 10 Host Limit?

Feb 26, 2013

I updated an ASA 5505 to 50 users, but I still can only connect 10 hosts. In Licensing it show 50 insides hosts. I also tried to update to ASA 8.4.5 but that did not work. 

View 2 Replies View Related

Cisco Firewall :: 5505 Block Port 80 On A Specific Host In LAN

Apr 22, 2012

I'm using an ASA5505 (8.4(1)) and would like to block port 80 on a specific host in the LAN so machines in other remote LANs connected via VPN can't access this port on the host. Devices in the local LAN should have access to this port on the host. Here are the commands I'm using:
 
-access-list block_port extended deny tcp any host 10.20.10.20 eq 80
-access-list block_port extended permit ip any any
-access-group block_port out interface inside
 
These commands are not working as I would expect them to. When I browse to http://10.20.10.20 from a remote machine over the VPN tunnel I am able to access the host web server.

View 2 Replies View Related

Cisco Firewall :: Create Static PAT To Allow Host Address To Access Network Through ASA5510

Aug 23, 2012

The old syntax that I am much more familiar with has been deprecated.  On older IOS it would have been something like static (inside,outside) tcp 209.114.146.122 14033 192.168.30.69 1433 netmask 255.255.255.255  Plus an extended ACL to allow the traffic.I am trying to create a Static PAT to allow a host address to access our Network through an ASA.  I have external address 209.114.146.122 that I want to hit the external interface on an obscure port (say 14033) and translate that traffic to an internal host address on  port 1433.

View 11 Replies View Related

Cisco Firewall :: Allow Inbound Access From Any Host Outside To LAN Server On Port 995

Nov 5, 2012

Trying to allow inbound access from any host outside to my LAN server on port 995.  [code]

View 1 Replies View Related

Cisco Firewall :: ASA 5505 To Have Internal Address That Wish To Forward From External Address

Jul 8, 2012

I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to 192.168.1.244:92 (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at 192.168.1.244:92. The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did.

View 7 Replies View Related

Cisco Firewall :: ASA 8.4 - Connection Fails When Host On Inside Tries To Connect To Server On Outside

Mar 9, 2011

We are using an ASA with 8.4 in transparent mode. Connection fails when a host on inside tries to connect to a server on outside. This server uses mac-address 0100.5E00.0000 to load balance but replies with real mac-address.Firewall logs "Deny TCP".ARP inspection is disabled.

View 2 Replies View Related

Cisco Firewall :: 5520 - Inside Server To See Actual Outside Host Source IP In Udp Packet

Mar 3, 2013

I have a 5520 in production at a customer's site between an outside 802.11 network and an inside server.   The server can get to outside hosts OK, and the traffic is being NATed  properly, and sockets initiated by the server on the inside can pass data both ways, but I need to allow outside hosts the ability to send  'announcement' UDP packets to the inside server.  I thought this might be an  outside-NAT-required issue to get the traffic routed, but I need the inside server to see the  actual outside host source IP in the UDP packet, so I basically set the  outside host up similar to the inside host, just without the NAT table on the firewall -- it's subnet is outside the  destination (inside server) subnet, and its gateway is the outside  interface of the ASA, the same way the inside server is able to get to  hosts outside.  The firewall should just route the packet with a destination of the inside subnet once it sees that it hits a 'permit' ACL.
 
I have the appropriate ACL's set up, and when I do 'show access-list' I  see policy hits for the 'permit' statements where the outside host is  generating the announcement and it's hitting the ACL.  I even duplicated  the ACL into list 101 and 102, and applied 101 for inbound traffic on  the outside int, and applied 102 for outbound traffic on the inside int,  and I'm seeing policy hits on both permit statements outside and  inside, so it looks like the traffic is being passed on to the inside  interface and permitted, but the server isn't seeing the packets.
 
I can ping the outside interface from the outside, but cannot ping the  inside interface or any inside hosts from the outside, even though I  have 'permit icmp any any' enabled on the ACL on both ints. When I  remove the firewall and put the outside clients on the same subnet, the server sees the packets just fine.
 
I set up the same scenario in my lab with an ASA 5505, with the same results.  Below is the running config from the 5505 in the lab.  The production firewall is running a slightly older version of ASA, so I made the configuration as basic as possible on the 5505 to match the config in the field:
 
: Saved
:
ASA Version 8.3(1)
!
hostname ciscoasa
enable password Guh9Xxhb9mcC8lV1 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan2
description Outside WAN Interface
nameif outside
security-level 0
ip address 192.168.10.1 255.255.255.0
!
interface Vlan3
description Inside LAN Interface
nameif inside(code)

View 6 Replies View Related

Cisco VPN :: ASA 5505 To Create Web Server That Only Some Ip Address Can Access

Feb 21, 2013

we have a cisco asa 5505 and it working great .i want to create web server that only selected public ip address can access.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 - Proxy Server Send Register To Hosted Server Private IP Changed

Aug 23, 2011

We have Cisco ASA 5505 with ASDM 5.2 We have one Proxy server in our Local Lab and pointed to Hosted service(Simple Signal)issue is, When our proxy server send register to hosted server, ASA change private IP and post with outside IP and src port as 1063 every time.

Here is debug log on real time monitoring.
 
Aug 24 2011    05:21:19    302015    203.xxx.xxx.226    192.168.1.51     Built outbound UDP connection 3774 for outside:203.xxx.xxx.226/5060 (203.xxx.xxx.226/5060) to inside:192.168.1.51/27014 (99.119.161.107/1142)
Aug 24 2011    05:21:19    607001    203.xxx.xxx.226         Pre- allocate SIP Via UDP secondary channel for inside:192.168.1.51/27014 to outside:203.xxx.xxx.226 from REGISTER message
Aug 24 2011    05:21:19    710005    203.xxx.xxx.226    99.xxx.xxx.107     UDP request discarded from 203.xxx.xxx.226/5060 to outside:99.xxx.xxx.107/1063

Here 99.xxx.xxx.107 is Our ASA Outside IP address 203.xxx.xxx.226 is Hosted server IP address. My ASA config is attached.

View 2 Replies View Related

Cisco VPN :: 5505 How To Change EasyVPN Head-end Server Address

Jan 19, 2012

We have a number of 5505 ASAs at remote sites all of which are configured to connect to one of two head-end servers.We need to change the primary head-end IP addresses.  At the moment devices are successfully connected to the secondary.If we issue vpnclient server i.j.k.l e.f.g.h then the device drops off the network and won't reconnect until it is power cycled.If we make the changes in ASDM using the GUI to remove the old primary and add in the new primary the ASDM says "No changes made".Devices are running 8.2 and 8.4 code and behaviour is the same.
 
how to change head-end server IP addresses without the device disconnecting and not coming back up?  According to the configuration guide the ASA should cycle through the addresses every 8 seconds until it can connect - but it doesn't seem to do this as it won't connect to the good secondary head-end either!

View 1 Replies View Related

Cisco Firewall :: 5505 - Setting Transparent Firewall Ip Address?

Dec 22, 2011

Trying to set up a asa 5505 in transparent firewall mode. I cannot set the management ip address:
 
ciscoasa> enable
Password:
ciscoasa# config term

[Code].....

View 7 Replies View Related

Cisco Firewall :: How To Configure ASA 5505 With Different IP Address

Mar 25, 2013

I have a test ASA 5505 at home. The DHCP IP address in my real home firewall is 192.168.1.x and as you are aware the default ip address in ASA is the same. how to configure the ASA.

In the link below there is an instruction, it seems it is working for everybody except me. I followed the instruction up and the only change was assigning the IP address, which I chose something other than 192.168.1.x But after the step of creating NAT, I do not have access to the internet. [URL] Also I followed the link below, but the revision of the ASDM in the instruction does not match with mine, so I was not lucky to figure the device.[URL]

1- How can I configure the ASA 5505 with an IP address different than 192.168.1.x (at home = no incoming static IP address = DHCP on subnet 192.168.1.x for the incoming internet)I have installed ASDM 6.3 on my laptop (From work) but when I connect to the ASA it wants to install ASDM 5.7.I tried to connect to the device through ASDM 6.3 and input the IP address 192.168.1.1It takes for ever and it does not connect to the device

2- How can I connect to the device by ASDM 6.3 or any ASDM with higher version than the original of the device?

View 17 Replies View Related

Cisco Firewall :: Block Website Or Ip Address From ASA 5505?

Apr 27, 2011

if it is possible to block a website or ip address from an ASA 5505? if it is possible, can you give me an example of the commands to get it done?

View 2 Replies View Related

Cisco Firewall :: ASA 5505 - Forward Address Outside / Inside?

Feb 27, 2011

I have a cisco asa 5505 and i need a public ip address on the inside of my network without NAT. for example: I can create a static nat translation rule, but this is not what i need.
 
isp -> x.x.x.1 /29 (outside asa)  (inside network) x.x.x.2 /29
 
Is this possible?

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Port Forwarding With Different IP Address

Dec 27, 2011

I have Cisco ASA 5505 Firewall with security plus license, Currently I open ports on 25,80,443 on public  IP address 1.1.1.1 and perform static nat between the inside and outside IP address Such as i configured via CLI
  
access-list OUT_IN extended  permit tcp any host 1.1.1.1 eq  80
access-list OUT_IN extended  permit tcp any host 1.1.1.1 eq  443
access-list OUT_IN extended  permit tcp any host 1.1.1.1 eq  25

[Code]......

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - Public Static IP Address And DMZ

Feb 3, 2013

I have ASA 5505 with basic licence, v9.1, ASDM 7.1. I want to create the DMZ for a web server.
 
The interface 0 is for the outside network The interface 6 is for the DMZ All other interfaces are for the inside network
 
My ISP provided me with one public static IP address, one gateway address and a subnet mask 255.255.255.252
 
1/ I would like to ask which interface I should assign the public static IP address to. Should it be assigned to the outside interface 0, or should it be assigned to the DMZ interface 6, while outside interface would be configured to use DHCP?
 
I tried to assign the static IP address to the outside interface first, but then when I used ASDM the “Public Servers” feature to configure NAT, I get error message that the outside interface and the public address cannot have the same IP address.
 
2/ For the sake of peace of mind, I am thinking about using the second firewall, which would be used only for the inside network. Can I connect this second firewall to one of the inside interfaces of the 1st firewall,

View 4 Replies View Related

Cisco Firewall :: ACL 5505 - When Go To Outside Address Of Website It Gets Denied

Feb 19, 2012

I have a website that is hosted by our company, but when the staff goes to the outside address of th website it gets denied by ACL thus page not found.
 
3Feb 20 201211:25:23192.168.3.5752928our Extrenal IP80TCP access denied by ACL from 192.168.3.57/52928 to inside: our External IP/80,OUr external ip is also the ip of the 5505.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 / Create A Static Ip Address Under Version 8.4?

Mar 20, 2012

I just upgraded my firewall to ASA 5505. Now, my original static ip address cofiguration is gone. Apperantly, Cisco went away from static ip address to something like nat (inside,outside) dynamic interface. how to create a static ip address under version 8.4? By the way, I am sharing what my configuration used to look before upgrading.
 
!
hostname cisco-asa
domain-name default.domain.invalid
names
!
interface Vlan1
nameif inside
security-level 100

[code].....

View 7 Replies View Related

Cisco Firewall :: 5505 Doesn't Recognize Ip Address Dhcp

Apr 16, 2013

my 5505 running on version 8.2.5 doesn't seem to recogize the simple command "ip address dhcp setroute......"
 
ciscoasa(config-if)# ip address dhcp
^
ERROR: % Invalid Hostname
ciscoasa(config-if)# ip address ?  
 
configure mode commands/options:  Hostname or A.B.C.D  Firewall's network interface address

View 7 Replies View Related

Cisco Firewall :: Using ASDM To Change External IP Address Of 5505?

Mar 13, 2013

We have an ASA 5505 and are changing ISPs so we'll be getting a new static IP address. How do I change the external IP address using ASDM? (I haven't done it in 5 years so I'm rusty and just want ot make sure.) The ASA and ASDM are up to date.Am i correct in that I only need to change the external address in the configuration under Interfaces, then under Routing - Static Routes - Gateway IP I just need to enter the new WAN gateway address?

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Internal Address To Forward From External One

May 30, 2013

I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to 192.168.1.244:92 (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at 192.168.1.244:92. The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Port Redirection On Same Public Address?

May 26, 2012

We have 2 TS (Terminal Servers) and have configured the 1st RDP using my public address (say 8.8.8.8) on port 3389. it is working very well of course. However I need setup my 2nd TS but will use port 7777 on the same public address which is not working.I am using ASDM 6.3 and firmware 8.3.1.Is this a limitation for this IOS?

View 6 Replies View Related

Cisco Firewall :: ASA 5505 - Transparent Mode And Mac Address Table

Nov 28, 2011

I have an ASA 5505 in transparent mode. The device mac address table is always empty.

show mac-address-table and show mac-learn both come with empty response.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - Any Connect And SSL Web Server

Feb 6, 2013

I have a Cisco ASA configured for Any Connect clients.  I also want to pass 443 traffic back to an internal web server, but not sure if I can do this since the Any Connect clients are already connecting over 443 to the ASA, right?

View 8 Replies View Related

Cisco Firewall :: ASA 5505 / Can't Access Web Server

Jul 9, 2012

We have a Cisco ASA 5505. As of yesterday we could no longer access our web server (the web server is hosted off-site). Pinging the DNS address and direct IP (from the firewall and a PC) both return no response. Pinging the IP from the T1 router responds properly, meaning the router can access the web server, but the firewall cannot. Accessing the web server has never been a problem, and no configuration changes have been made to the network/firewall. Other locations can access the web server just fine.

View 1 Replies View Related

Cisco Firewall :: How To Add External Server To ASA 5505

Feb 24, 2013

I have a Cisco ASA5505 and windows DHCP server, how do I add this external server to ASA so my PC clients can get DHCP from this server?

View 3 Replies View Related

Cisco Firewall :: ASA 5505 / How To Publish Web Server

Feb 11, 2013

I'm configuring a Cisco ASA 5505 ASA Version 8.3.1 I want to publish my web server is in the DMZ (10.30.30.1) and server address is 10.30.30.30 but it still fails.I have only one public IP, and hope that when they call the Public IP, my web server appears, another problem I have is that when I assign the public IP to my interface OUTSIDE my LAN loses internet connection.I have to do to publish my web server and the LAN computers have internet access?

View 16 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved