Cisco Firewall :: ASA 5505 / Port 5901 - Alternate Port?

Aug 18, 2011

With the Cisco ASA-5505, is there a more secure port that can be configured for VNC other than 5901? I am new to Firewalls We have a User who has requested that 5901 be opened but I was advised not to do so for security concerns.

View 5 Replies


ADVERTISEMENT

Cisco Firewall :: 5505 Static Nat With Port Redirection 8.3 Access List Using Un-Nat Port

Aug 15, 2012

I am having difficulty following the logic of the port-translation. Here is the configuration on a 5505 with 8.3,So I would have thought the outside access-list should reference the 'mapped' port but even with 3398 open I cannot remote desktop to the host. If I open 3389 then I can connect successfully.

View 12 Replies View Related

Cisco Firewall :: Change Default SSH Port On ASA 5505 (port Forwarding)

Dec 2, 2011

So here is my network.
 
ASA5505--->Cisco1841--->Cat2960
Code
ASA asa831-k8.bin
Cisco 1841 c1841-adventerprisek9-mz.151-4.M2.bin
Cat 2960 c2960-lanbasek9-mz.122-55.SE1.bin
 
and here is my dilemma.
 
I can SSH from the internet to my ASA on default port 22, directly to my public IP.  I can SSH from the internet to my Cisco 1841 on port 2001. I can not however, SSH to my Cat 2960.  From what i can tell, on the Cat2960 i can't change the default port 22 for SSH to different port, just like i did on the Cisco 1841.  I looked to see if I can change the default port for SSH on he ASA, it does not look like this is an option.
 
The bottom line is that i want to be able to SSH to all three devices from the internet.  I only have one public IP.  As of now, what i can do is only SSH to the ASA on default port 22 directly to the public IP and Cisco 1841 on port 2001.  It appears that changing the default SSH port on Cat 2960 is not an option.  It also appears that I can't change the default SSH port on the ASA, if i could, i would and then i should be able to SSH to the Cat 2960 on port 22. No matter what i did on the ASA, it always listens on port 22 for SSH connections.
 
show asp table socket
TCP       001f549f  <<pub IP>>:22              0.0.0.0:*               LISTEN
 
how do i make it listen on different port?
 
Here is relevent config for SSH for cisco 1841 (port forwarding)
 
ON ASA
object network ROUTER
host 10.10.1.1

[Code].....

View 28 Replies View Related

Cisco Switching/Routing :: 4096 - Influence Access Port Gi2/0/1 To Be Elected As Alternate?

Mar 2, 2013

Recently implemented a branch office LAN with dual core switches (core a and core b) all access switches connect to core a and core b.core a is root bridge with priority 0, b is as secondary root bridge with priority 4096  and rest of the switches with defaulf priority.
 
when a access switch is connected to core a and core b. RSTP converged but core b elected as Alternate role instead as designated on access switch side to core a as root port and core b as designated.How can I influence access switch port Gi2/0/1 to be elect as Alternate port and Core B port G1/1/1 as Designated port..?

View 6 Replies View Related

Cisco Firewall :: ASA 5505 Blocking FTP Port

Nov 28, 2011

I am working on an ASA5505 and am trying to open the ftp port. I have a server (192.168.10.202) on the local LAN which is attempting to download antivirus updates from the net via ftp.  
 
Saved
:
ASA Version 8.3(2)
!
hostname SITE
enable password XXXXXX
passwd XXXXXX
names

[code]....

View 4 Replies View Related

Cisco Firewall :: Port Mapping On ASA 5505?

Jun 6, 2011

how do you enabled multiple port mapping on asa 5505? i want to use 1 static ip address for rdp connection for 15 users, and the port will start from 3390 to 3340. 

View 4 Replies View Related

Cisco Firewall :: Port Forwarding In 5505

Feb 25, 2013

have a couple of ASA 5505's which work fine for what they are doing VPN and all that - we have 1 DLINK DFR-700 Firewall left and I need to get a new ASA to replace this since it is old.All this box really does is port forward external clients to 1 address on the internal lan for client software updates.So lets say we have client a with IP 1.1.1.1 and client b has 2.2.2.2 - at the moment this is what happens client a and b come in through http and get mapped to the internal http server 10.10.1.2So I need to setup about 100 clients which can come in through http only - get mapped to the internal IP and also keeping the internal server to be able to access anything outside.

View 16 Replies View Related

Cisco Firewall :: ASA 5505 Port Forwarding NAT

Dec 6, 2012

I have ASA5505 and am having issue with port forwarding NAT . [code]

View 11 Replies View Related

Cisco Firewall :: NAT / Opening A Port On ASA 5505?

Apr 5, 2012

my friend was against a wall trying to update her office's system, and it seems like every Cisco person in the region has gone on vacation.For some sort of new system her office is getting, she was told that she needed to enable NAT with external IP xxx.xxx.xxx.14 (The ASA's IP is xxx.xxx.xxx.11) and internal IP xxx.xxx.xxx.58 and that port 8222 needs to be open.  I know this is sort of vague, but it's what she was given, and I know the 8222 port is very specific in function,?
 
At any rate, the best I could come up with was to run:
 
static (inside,outside) xxx.xxx.xxx.58 xxx.xxx.xxx.14 netmask 255.255.255.255
access-list inbound extended permit tcp any host xxx.xxx.xxx.11 eq www
access-list inbound extended permit tcp any host xxx.xxx.xxx.11 eq https
access-list inbound extended permit tcp any host xxx.xxx.xxx.11 eq 8222
access-list inbound extended permit udp any host xxx.xxx.xxx.11 eq 8222
access-group inbound in interface outside
 
But after I inserted this, she did what she was supposed to be able to do (went home and tried to run some sort of remote installation file) and it didn't work...

View 8 Replies View Related

Cisco Firewall :: ASA 5505 Port Blocking?

Jun 24, 2012

I have an ASA 5505 running 8.4.I am only letting ICMP traffic in from the outside.As a test, I opened a couple of ports I need on the ASA.I cannot access these ports and I do not get a denied error in the log.
 
I contacted the ISP and they are not blocking these ports.I ran an online port scanner to check ports 1-100 as a test.  They all came up as blocked on the port scanner.  The only deny error I got on the ASA was for port 80.Is this normal behavior?  If so, how do I get it to show all of the deny errors so I know the traffic is at least hitting the firewall?

View 2 Replies View Related

Cisco Firewall :: Port Forwarding On 5505?

Sep 1, 2012

I have the following configuration in my ASA 5505 and I'm having problems connecting with other players on my XBox (moderate NAT).
 
I think my problem is that I need to forward ports tcp:3074, udp:3074, and udp:88 to my xbox which is at 192.168.2.50 (vlan 3 below).
 
[code]
# sh run
: Saved
:

[Code].....

View 3 Replies View Related

Cisco Firewall :: Port Forwarding With ASA 5505

Oct 1, 2012

I am trying to forward specific ports from the outside interface on my ASA5505 to my servers inside and can not get it to work! I have a VPN that currently works and the firewall rule in place I am just overlooking something simple I'm sure. Here is the config:
 
ASA Version 8.2(5)
!
hostname ASA
enable password <removed>
passwd <removed>
[Code]...

View 16 Replies View Related

Cisco Firewall :: 5505 ASA Trunk Port In Firewall

Apr 30, 2012

I have an issue with my firewall,each time i configured a trunk port in the firewall and connect a sw 2960S with a trunk port also, all the interfaces in the Firewall go down ( virutal intertaces, inside, outside , dmz) , also another switch 3750 that is connected to another port in the firewall( access port only) it start to a new negotiation of spanning tree.What could be causing this problem? the firewall didnt sedn bdpdu i think the IOS of the firewall its a 8.2

View 3 Replies View Related

Cisco Firewall :: Setting Up Port Forwarding ASA 5505

Mar 15, 2012

We are trying to setup our ASA 5505 to do port forwarding to multiple internal servers and have run into some issues. A little background on what we are trying to do.
 
We have 1 static external IP. Internally we have one exsisting server (10.1.1.184) that has port 80 forwarded to it and another exsisting server (10.1.1.185) that has port 443 forwarded to it. Both of these servers are serving seperate web apps to our employees who of course use them offsite. We have now added an additional server (10.1.1.186) that needs to use both ports 80 and 443. Is there any way to set it up so that these ports can be forwarded to all the servers that need them? Also, how would this work as far knowing what traffic will need to go to which server even though it is using the same port?
 
The equipment is: ASA 5505ASA Version 7.2(4)ASDM Version 5.2(4)   I appologize in advance if what I'm trying to do is difficult/impossible. I inherted the ASA 5505 at this location and I was not here when it was initially installed. In fact no one on staff was here when it was initially installed. I did manage to find the passwords to it though. I'm not at all familiar with the ASA 5505 or Cisco secuirty appliances in general.

View 19 Replies View Related

Cisco Firewall :: Isolate Internal Net On Port 4 Asa 5505?

Nov 20, 2011

I want to have my port 4 on the asa 5505 only allow access to the internet and not the internal network, what do i need to do?

View 1 Replies View Related

Cisco Firewall :: Monitor Connections To DMZ Port On ASA 5505?

Mar 22, 2012

How do I monitor connections to the DMZ port on our ASA 5505 (via ASDM 5.2)? We have a WAP connected to it and it's intermittently dropping connections.

View 2 Replies View Related

Cisco Firewall :: 3389 Port Allowed From Some IPs On ASA 5505?

May 6, 2012

I would like to setup an cisco ASA 5505 to only allow certain IP's on port 3389, but i can't get it to work. Maybe some of you experts know why?
 
Here is my config:
 
ASA Version 8.4(3)!hostname cisco-asaenable password ** encryptedpasswd ** encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.253 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address 95.*.*.* 255.255.255.248!ftp mode passiveobject network obj_anysubnet 0.0.0.0 0.0.0.0object network rdpuser-1host 46.*.*.*object network rdpuser-2host 48.*.*.*object network rdp-host-pchost 192.168.1.20object

[code].....
          
The allowed IP's are setup on user level (rdpuser-1 and rdpuser-2) .Still do, I can't connect to the server from any of these IP's...

View 6 Replies View Related

Cisco Firewall :: How To Set Up NAT For Two Servers Using Same Port With ASDM ASA 5505

Apr 10, 2012

We have a new installation of a ASA 5505 and are trying to get some NAT issues straightened out. On our internal network, we have two servers running Filemaker Server, a relational database server that clients connect with using port 5003. Our goal is to be able to allow users from the outside to access either of these servers as needed. I know how to set up a simple static NAT rule and matching Access rule in ASDM which would be fine for a case in which only one server using a given port is running on a network, but for simple static rules I seem to be blocked from entering a different translated port number from the orginal port number, which becomes a problem when two servers we need to access from the outside are running software using the same port number.
 
What is the simplest way to address this need? I am guessing that I need to set up a scenario like this, where port 5004 (or any arbitrarily choosen unused port, can be used to access the second server: [code]

View 1 Replies View Related

Cisco Firewall :: Open Port 52199 On ASA 5505?

Mar 11, 2011

I am trying to open port 52199 on my ASA 5505 I have gone to firewall, access rules and then add tcpip.Not sure if that is the correct place but cannot get it to work?

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Can't Configure Port Forwarding

May 20, 2012

I have ASA 5505 with 8.4(2)8 software for one of my branch offices and I can't configure port forwarding.It seems to be very simple, but it's not working. I use my ASA as a gateway to the internet for users in office and for site-to-site IPSec VPN to HQ. I have pppoe-enabled outside interface, but ISP gives me static routable ip address. I have server behind my firewall and I should "publish" to the WAN some of its' tcp and udp ports, but I see that no packets forwarded through ASA. I tried to configure PAT as stated in official "Cisco Security Appliance Configuration Guide" through CLI and ASDM.[code]

View 4 Replies View Related

Cisco Firewall :: ASA 5505 Port Forwarding With Different IP Address

Dec 27, 2011

I have Cisco ASA 5505 Firewall with security plus license, Currently I open ports on 25,80,443 on public  IP address 1.1.1.1 and perform static nat between the inside and outside IP address Such as i configured via CLI
  
access-list OUT_IN extended  permit tcp any host 1.1.1.1 eq  80
access-list OUT_IN extended  permit tcp any host 1.1.1.1 eq  443
access-list OUT_IN extended  permit tcp any host 1.1.1.1 eq  25

[Code]......

View 1 Replies View Related

Cisco Firewall :: Email Port Open For ASA 5505?

Jan 16, 2012

when I want to let email to come through the ASA5505 from outside to DMZ and Inside network, are the below command lines correct and good enough?
 
access-list  outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq imap4
access-list outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq pop3
access-list outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq smtp
access-list outside_inside extended permit tcp outside-network-ip inside-network-ip eq imap4
access-list outside_inside extended permit tcp outside-network-ip inside-network-ip eq pop3

[code]....
 
Are there any other TCP ports want to be allowed and other command lines need to be added?

View 5 Replies View Related

Cisco Firewall :: Reverse Port Redirection With ASA 5505?

May 16, 2013

We have a singe IP Address in the Internet and want to forward SMTP traffic that hits our ASA Outside Interace to the internal Mailserver.And we like to forward Http Traffic to our Webserver.
 
Example.
 
212.23.23.23 Port 25 -> 192.168.1.100 Port 25
212.23.23.23 Port 80 -> 192 168.1.200 Port 80
 
How do i acomplish that. Which NAT rules do in need?

View 12 Replies View Related

Cisco Firewall :: ASA 5505 Set Up Port Forwarding For Inbound SSH?

May 12, 2011

how to set up port forwarding for inbound SSH?
 
The outside interface on the ASA is on DHCP. I have a single dynamic public IP from my ISP. The inside interface provides Internet access for the network using NAT.
 
I have a server on the internal network with an IP of 192.168.0.6 and I would like to access this via SSH (TCP port 22) from outside.
 
I've been able to do this in the past on a PIX with a static public IP block, but I'm new to ASA and I don't know how to do it with PAT.
 
Current running config attached for what it's worth, but it's pretty basic at the moment.

View 3 Replies View Related

Cisco Firewall :: 5505 - NAT Port Range For Sip Server

Feb 7, 2013

: Saved
: Written by enable_15 at 03:51:29.049 UTC Mon Feb 4 2013
ASA Version 8.4(4)1
host name cisco asa
enable password xxxxx encrypted
password xxxxx encrypted
names
interface Ethernet0/0
switch port access v lan 100
interface Ethernet0/1
interface Ethernet0/2
[code]...

View 2 Replies View Related

Cisco Firewall :: Port Forwarding For Remote Desktop With ASA 5505?

Dec 16, 2012

Doing a port forward for remote desktop with asa 5505 9.1.1 and asdm 7.1.1 I could have done this with the previous versions of asdm but now it even more confusing?

View 21 Replies View Related

Cisco Firewall :: ASA 5505 Port Redirection On Same Public Address?

May 26, 2012

We have 2 TS (Terminal Servers) and have configured the 1st RDP using my public address (say 8.8.8.8) on port 3389. it is working very well of course. However I need setup my 2nd TS but will use port 7777 on the same public address which is not working.I am using ASDM 6.3 and firmware 8.3.1.Is this a limitation for this IOS?

View 6 Replies View Related

Cisco Firewall :: ASA 5505 Blocks Outgoing Smtp (port 25)

Nov 25, 2012

i cannot send emails to outside, i have an access rule on interface inside permit source: inside  destination: any servic: tcp/smtp and when i make paket tracer  it shows me that the packet is dropped but i cant see through which rule!!
 
ASA version: 8.4(3)
ASDM version 6.4(7)

View 2 Replies View Related

Cisco Firewall :: 5505 Block Port 80 On A Specific Host In LAN

Apr 22, 2012

I'm using an ASA5505 (8.4(1)) and would like to block port 80 on a specific host in the LAN so machines in other remote LANs connected via VPN can't access this port on the host. Devices in the local LAN should have access to this port on the host. Here are the commands I'm using:
 
-access-list block_port extended deny tcp any host 10.20.10.20 eq 80
-access-list block_port extended permit ip any any
-access-group block_port out interface inside
 
These commands are not working as I would expect them to. When I browse to http://10.20.10.20 from a remote machine over the VPN tunnel I am able to access the host web server.

View 2 Replies View Related

Cisco Firewall :: Port Forwarding Exchange 2010 OWA Using ASA 5505?

Jun 26, 2012

I am trying to port forwarding Exchange 2010 OWA using ASA5505, wherever I used object NAT or Twice NAT it just doesn't work.... here is my config:
 
access-list outside-access remark "Exchange Server Access Rules"
access-list outside-access extended permit tcp any host <public x.x.x.11> eq smtp
access-list outside-access extended permit tcp any host <public x.x.x.11> eq https

[code]...
 
note that i use public ip  <public x.x.x.9> on the outside interface for PAT, so all hosts in the same private can access internet

View 1 Replies View Related

Cisco Firewall :: Limit Speed On Port Or VLAN ASA 5505

Aug 7, 2012

We need to have one connection with less internet bandwidth assigned to it than all other other connections. Basically it is a separate conection from all others, incoming just from one switch port and separate VLAN.I know this can be done on the switch by limiting the bandwidth allocated to a port,
 
however, is it possible to have the speed limited down, just before it goes to the internet, ie, on the ASA, rather than doing it on the switch?The firewall is an ASA 5505.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 - NAT Rules Set Up For Simple Port Forwarding

Jan 15, 2013

Here is my environment: DSL Modem - ASA 5505 - switch ,Inside network (192.168.2.0/24)
 
What I have successfully done: 
- Modem online and passing on DHCP requests from the ASA to my ISP (ASA does get an internet address on the outside interface)
- ASA assigning DHCP to internal network
- All internal clients can access the internet.
 
What I am getting stuck on is getting NAT rules set up for simple port forwarding. What I would like: ANY internet address be able to access a server on the inside network address (192.168.2.x) over tcp/22 . I set up what I believe to be the correct NAT rule and Access Rule, but the packet tracer fails. Here is my config.  
 
ASA Version 9.1(1)
hostname xxxxxx
domain-name ugh
enable password xxxxx encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
[code]......

View 6 Replies View Related

Cisco Firewall :: ASA 5505 Switch From Mode / Access Port To Trunk On The Fly Via CSM

Jan 20, 2013

Can I configure the Port at the ASA 5050 from Mode: access Port to trunk during the FW is running in a production area without console access ?As I know at the 5505 ist should work?

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved