Cisco Firewall :: ASA 5505 Appears To Be Listening On All TCP Ports?

Aug 7, 2011

When I do an NMAP scan against my ASA 5505 on it's internal interface's IP address, it appears to be listening on all TCP ports.  If I do it from across a VPN tunnel, the ports show as open according to NMAP, if I do the scan from the local subnet they show up as unknown. I'm running 8.0.4 code on this ASA.

View 1 Replies


ADVERTISEMENT

Cisco Switching/Routing :: UDP Port 10000 And IPv6 Ports Listening

Aug 30, 2012

I've several production Catalyst switches that are listening on the same IPv4 and IPv6 ports. The problem is I don't want the switches listening on the IPv6 ports.[code] How to shut down these listening ports?I also have a few production switches listening on UDP/10000 and I cannot determine why this port is listening. [code] I've seen where UDP/10000 is Network Data Management Protocol and is related to Storage networks ###, but I've also seen where UDP/10000 is the default port for IPSEC data.I don't believe UDP/10000 is related to either NDMP or IPSEC data, though I could be very wrong.

View 4 Replies View Related

Cisco Firewall :: ASA 5505 / Use The Ethernet Ports As Pure Physical Layer 3 Ports

Jun 9, 2013

We have an ASA 5505. 5505 comes with two default vlans 1&2 with each of them marked as inside & outside respectively.My query is , if i do not want to use vlans on 5505 and only want to use the Ethernet ports as pure physical layer 3 ports, is it possible?i.e. i want to assign a layer 3 ip address on eth0/0 and eth0/1 and make them as the inside & outside interfaces rather than vlans. is it possible to do away with vlans in 5505 & will it work otherwise?

View 3 Replies View Related

Cisco Firewall :: 5505 - Block Everything Except A Few Ports

Apr 15, 2013

We have a client that is running a PC on a internet over satellite. To avoid any unessecery traffic over the satellite link (data traffic is quite expensive), we've suggested to use a 5505, as we had one handy already.
 
So basically what we wanted was to block everything outgoing and everything ingoing, except for example port 22 (ssh).
 
But I'm struggling a bit, since this is my first cisco router to be configured.
 
My interfaces are as follows.
Outside - DHCP
Inside (port 1) - 192.168.1.1
 
I'm only running ipv4.
 
in ASDM I made a static NAT rule for port 22, being forwarded to 192.168.1.5 (the computer)
 
in Access rules I made under outside (incomming rules) source=any destination=outside service=ssh action=permit
 
But when I try to add further rules to block everything else, it takes the SSH on port 22 with it. How should I do this the easiest way?
 
the hardware setup is pretty straight forward.
 
sat-terminal(with IP 192.168.0.1 running DHCP)   ->  5505 (outside IP=DHCP - inside IP=192.168.1.1)   ->    computer (IP=192.168.1.5)

View 24 Replies View Related

Cisco Firewall :: ASA 5505 - PAT Range Of Ports

May 31, 2011

I've an ASA 5505 as my gateway for my internet at home. I've one public IP, so I use Port Address translatetion for my internal clients.
 
Now i wanna setup a FTP server, on a internal client. I will use Filezilla FTP server. I'm running the FTP server in passive mode, since the FTP server would be behind my ASA firewall/nat device.
 
I need 50 ports for the passive mode to be running.
 
I will use port range 50000-50050. I can easy make a firewall rule (access-list) that permit that port range.
 
But how do I PAT(NAT) a port-range on the ASA device? I can only figure out how to NAT one port at the time.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Open Ports For DVR?

May 9, 2013

I have an ASA 5505 with ASA version 7.2(2) and ASDM version 5.2(2) and I am attempting to open ports 88 and 5445 and forward them to the IP address of my DVR.  This is all new for me.  I see several posts for other software version to do this same thing but my version appears to be older?

View 1 Replies View Related

Cisco Firewall :: Forward Some Ports On ASA 5505 8.2?

Nov 7, 2011

I need to forward some ports for remote desktop and remote outlook which I host on an internal server. I have looked all over the web and got close, but no hints on how to do it in the asa 8.2. there is an 8.3 guide, but it is just different enough to not work. I am new to this device and cli.

View 3 Replies View Related

Cisco Firewall :: Opening Ports On 5505?

Jan 2, 2013

I am trying to configure a new 5505 but I am having difficulties opening ports that allow traffic in from the outside. My setup is Comcast Business Modem (w/ single static IP) -> ASA (10.0.0.1) -> (dumb) Switch -> NAS (10.0.0.10). I am attemping to open port 5001 to the NAS. I am very new to IOS so I have mostly been working in ASDM. Not sure if I am overcomplicating this for myself or what but I am stuck.
 
My running config is -
 
ASA Version 8.2(5)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted

[Code].....

View 4 Replies View Related

Cisco Firewall :: Open Ports On ASA 5505 For VoIP?

May 5, 2013

I'm working on setting up a PBX server in our office, and I'm having trouble getting a port opened for SIP on my ASA 5505.I created static NAT rule for SIP traffic from internal server to the outside IP address.I created access rules on outside interface to forward port 5060 to internal PBX server (192.168.1.8)I also disabled sip packet inspection on the ASA.I'm still receiving a message from the PBX that the firewall is configured incorrectly. 
 
[code]....

View 5 Replies View Related

Cisco Firewall :: Allow SIP On Multiple Ports Not Only 5060 (ASA 5505)

May 14, 2012

We've read everything about inspecting SIP packets and allowing them to pass through on port 5060, the default SIP port. However, our setup requires the ASA 5505 to allow SIP on ports 5060, 5160 and 5260.
 
Is this possible with the ASA 5505? If it's not, it would be a blocking issue for us to move forward with ASA appliances. We are currently investigating in a lab environment and really having difficulties configuring it to facilitate full SIP functionality.

View 1 Replies View Related

Cisco Firewall :: 5505 - Forward Range Of Ports In 8.4?

Mar 11, 2011

I have an ASA 5505 running 8.4(1), and I'm configuring it with ASDM 6.4(1).  The outside interface is configured with a single static address.  I have a few services port forwarded sucessfully to three different servers on the inside network.
 
I need to make a media proxy on a SIP server available to the outside.  It requires a large range of forwarded UDP ports for the media channels.
 
I tried adding a network object NAT rule like the others I'm already using to forward HTTP and RDP.  I entered a range of ports for the real port and the mapped port using the syntax 60000-60999.  ASDM accepted it, but the NAT rule list displays "Any" in the service column.  When I apply the change, I get the following error:
 
nat (inside,outside) static interface service tcp 60000-60999 60000-60999
                                      ^
ERROR: % Invalid input detected at '^' marker.
 
How do I forward a large range of UDP ports from the outside interface to a single server on my inside network?  I'd like to use ASDM, but I can switch to the CLI if that works better.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 Ports Available For Traffic Flow In Router

Oct 21, 2011

I am in search of a new routers. I don't have any special task to do. Just the flow of maximum 2mb/sec data and some times video conference. However I need the Voip solution as well. I just got excited on the cisco ASA 5505 product. Can this fulfill my requirements. Can this work as the router 1841. Does this support DMVPN, SSL VPN and dynamic routing. Can I upgrade the IOS for dynamic routing purpose. Do you recommend to purchase this produe act or not instead of router ? What are the limitations of this product. If I purchase this I can use this as an router as well as strong security solution. How many ports are available for traffic flow in ASA 5505. Are all routed mode or some of them switch port.

View 1 Replies View Related

Cisco Firewall :: 5505 - Opening TCP Ports In ASDM Launcher

Jun 20, 2011

I am trying to open up 3 TCP ports in Cisco ASDM Launcher:
 
16000
16001
8098
 
And have a Cisco ASA 5505 Router.  I need these ports open in order for a software that I have installed on the server to communicate with my local client computers for my business,  The software is installed on Windows 2008 Server Standard Edition and was installed with MicrosoftSQL 2005.  The software and Microsft SQL 2005 is pretty much installed and just requires this last step in order for the server to be connected to the local  computers.  In order to resolve this, I have gone to.

View 1 Replies View Related

Cisco Firewall :: List Ports Open On ASA 5505 Appliance?

Oct 12, 2011

How to list ports open on Cisco ASA 5505 appliance? I have tried to see using Cisco ASDM launcher, but no luck.

View 1 Replies View Related

Cisco Firewall :: 5505 - Opening Ports On DHCP Outside ASA Interface

Feb 25, 2011

I am used to setting up access-lists on outside interfaces with ip addresses that are static. I have recently been given a site that is using a dyndns.org client for name to ip address resolution on an outside interface that is dhcp assigned. I created an access-list to open up ports 41794 and 41795 to an engineering application but everytime I try to connect from the outside I get a syn timeout. The application works when inside the lan. Basically I want to allow outside connections from anywhere on the outside to go to ports 41794 and 41795. I am running a Cisco ASA 5505 on version 7.2(4) Below is my conifg. what I may have misconfigured?
  
: Saved:ASA Version 7.2(4)!names!interface Vlan1 nameif inside security-level 100 ip address 172.31.2.1 255.255.255.0!interface Vlan2 nameif outside security-level 0 ip address dhcp setroute!interface Ethernet0/0 switchport access vlan 2!interface

[Code].....

View 5 Replies View Related

Cisco Firewall :: ASA 5505 8.4(1) - Map Multiple Inside Hosts Ports To One Public IP?

Jun 22, 2011

I'm stuck at asa 5505 nat, port forwarding configuration Here is what i need:

host1: 192.168.1.1 service tcp/100 >>>>> public ip 1.1.1.1 service tcp/100
host2: 192.168.1.2 service tcp/200 >>>>> public ip 1.1.1.1 service tcp/200
host3: 192.168.1.3 service tcp/300 >>>>> public ip 1.1.1.1 service tcp/300
 
So people from remote just need to use 1.1.1.1 public ip to access all the ports on three different inside server.I can do this on my old ASA 5505 with 8.0(4). Looks like there're lots of change from 8.0 to 8.4.

View 7 Replies View Related

Cisco Firewall :: ASA5505 Appears To Be Dropping Traffic For Internal Network?

Jan 10, 2013

we have a Cisco 2901 as a router on a stick for several vlans. Everything on the segment routes fine and accesses the internet just as they should. The 2901 connects to an ASA5505 on port 0/1. Any host connected to the ASA5505 can access the internet, but can not ping into any of the vlans off of the 2901. The strange thing is on either segement of the network I can ping all of the gateways. What is even more strange is when I run wireshark from behind the firewall going into the 2901 I can not see the packet on another wireshark instance behind the 2901. However if I start a ping for a host host behind the asa I can see the packet in wireshark on the host, which I am trying to ping, hit the gateway.

View 15 Replies View Related

Cisco Firewall :: ASA 5505 - Unable To Access Certain Ports Over Site To Site VPN

Jan 16, 2013

We have a client that has a Cisco 1801W Firewall that is setup as a site to site VPN terminating to a Cisco ASA 5505. The tunnel is up and established, I can ping from both sides of the tunnel.
 
The problem is the clients behind the Cisco ASA (192.168.2.x) cannot reach certain ports behind the Router (192.168.1.x). The main thing we're trying to do is browse via UNC path (ex: \192.168.1.120 from a 192.168.2.x machine).
 
I got 3389 working after I changed the - ip nat inside source static tcp 192.168.1.120 3389 y.y.x.x 3389 route-map DM_RMAP_1 extendable Modified the command to include the public IP instead of interface FastEthernet0
 
I believe it has something to do with the way NAT and route-maps are setup currently but I'm not familar enough with them to make the changes. I worked with Cisco to ensure the VPN tunnel was fine and it's something security related on the Router.
 
Here is the configuration (removed a few lines not necessary. y.y.x.x = WAN IP of Router x.x.y.y = WAN IP of ASA).
  
Building configuration...
  
Current configuration : 23648 bytes
!
version 12.4
no service pad

[Code].....

View 1 Replies View Related

Cisco Firewall :: ASA 5585-X CX20 Prime Security Manager Appears Undefined

Apr 2, 2013

I'm trying to add our two 5585-X + CX20 units to Cisco Prime Security Manager. The ASAs seem to add correctly but the CX20s appear "undefined" for software version and model. Clicking on "Device Configuration" I get the error "Message From Server: SyntaxError: Unexpected token .

View 0 Replies View Related

Cisco Firewall :: ASA5555-X - Spare Ports Into Access Ports?

May 14, 2013

Is there a way to associate spare firewall ports with another port that is being used..For example...int gi 0/2 is being used currently for my web dmz. Its ip is 192.168.10.1..Is there a way for me to associate gi 0/3 with the same layer 2 as gi 0/2 ?
 
In my webdmz I use 2 ACE 4710 proxys in FT mode. I used a layer 2 switch to connect firewall and proxys together.
 
I would like to eliminate this switch if possible..and connect both 4710's (layer 2) direct to firewall.If I could make gi0/2 - 4 part of the same vlan, then I would be good to go.

View 2 Replies View Related

Cisco :: STP Blocking And Listening Modes

Oct 8, 2012

Sometimes when I enable a switchport I see the port goes to Blocking mode first, not sure if it stays in that mode for the 20 secs, I think sometimes is far less than 20 sec. But I have seen too, that when I enable a port it goes directly to Listening mode. When does a switchport goes to the Blocking mode first, mode that all the books I have read say it should go when you enable a port, and when it goes to Listening mode directly?

View 5 Replies View Related

D-Link DIR-655 :: Is PORT 111 Really Listening

Aug 16, 2011

I recently had a security scan done on a DIR 655 and the report came back saying PORT 111 (Unix RPC Service) should not be listening for external connections. I've looked through every setting but can't find where this service is enabled (or can be altered) -- aany guidance on this port/service?

View 14 Replies View Related

Cisco WAN :: Router Listening On Public Interface Rv042

Aug 28, 2011

I have two Windows Boxes connected to RV042 ; each has its own static IP assigned to it and each runs bunch of virtual machines , for which I had configured port forwarding .My hosting company claims that my server(s) are listening on IP 192.168.0.1 on a public interface (i.e., one that uplinks to their network). They see this same IP on two different MACs my uplink interface.  I am not really sure how it is possible since 192.168.0.1 was assigned to router itself. 

View 7 Replies View Related

Cisco WAN :: Open Ports On ASA 5505?

Dec 26, 2010

I need to open ports 25, 993, 995, 443 and 465 to setup MS-Exchange.  I don't have an inhouse IT guy and this seems pretty straight-forward in theory but I can't figure it out I need to open ports 25, 993, 995, 443 and 465 to setup MS-Exchange.

View 5 Replies View Related

D-Link DIR-615 :: HTTP Listening On Port 65535

Aug 4, 2011

I am just setting up a LAN using DIR-655 and I noticed this line in the logs: notice   Aug 4 03:25:55   HTTP listening on port 65535

Is the router listening to that port?

View 1 Replies View Related

Cisco :: Spanning-tree Every Port Go Into Listening / Learning State

Apr 4, 2012

Ages ago I was shadowing someone making a change on the network. I cannot remember which spanning tree version was running and cannot remember the config of any port either. What I do remember is that every switch port on the 2960 switch went orange and an outage occured, where the ports went into listening / learning mode. I assume that the STP was just the default ieee 802.1D.

View 3 Replies View Related

Cisco Switching/Routing :: Switches Listening On 1975 And 2228 / UDP?

Mar 11, 2007

How come many switches show that they are listening on port 2228/udp and 1975/udp? You can see this by running 'show ip sockets'.

View 10 Replies View Related

Cisco Routers :: RV220W Default Listening Port For Management

Aug 13, 2011

recently got a RV220W and liking all the configuration options.
 
Although I cannot find where to change the listening port for management? I want it to listen on port 81 instead of 80.

View 5 Replies View Related

Cisco Switching/Routing :: SG300-10 See All Traffic From All Connected Devices On Any Port / Where To Connect Listening Device

Dec 20, 2012

In my LAN environment, I'm using two cisco SG300-10 switches. Both switches are connected by GE10 on both switches, where both ports are set to trunk.Now on all ports 1-9 on both switches, I'm having client computers attached. So I set ports 1-9 to "access" mode.All interfaces on any switch is left in default vlan.
 
Is it normal that I see all traffic from all connected devices on any port where I connect a listening device?What I'd like to achieve is, that only traffic that is meant for a specific workstation is actually forwarded to this workstation. By now it seems that I get all the traffic from everybody.

View 6 Replies View Related

Cisco Firewall :: 3389 Static NAT Ports PIX Firewall

Jul 11, 2011

There is a PIX firewall and it has this configured on it.static (inside,outside) tcp interface 3389 192.168.1.250 3389 netmask 255.255.255.255 0 0.This line of code works ok for port 3389 but I want all tcp ports to be translated.  Not just 3389. 

View 2 Replies View Related

Cisco Firewall :: Open Ports On Firewall ASA 5510

Apr 18, 2012

We have setup new ip camera system and as per our vendor to access the camera from outside we need to open,TCP ports and in firewall and forward to our camera server.
 
Let say our public ip address is 207.114.111.22 and our local ip address for the camera is 11.11.1.30. We have cisco asa 5510.

View 2 Replies View Related

Cisco WAN :: 877 No Boot File / But Appears To Have IOS

Feb 7, 2013

I have two 877's that have both reset with the following messages on boot, and dir of flash and lost+found/It appears that there is a IOS on the flash? but rommon doesn't know where it is.  I tried to "set" with no luck as set is read.
 
I have noticed that the IOS is 0 size. [code]

View 2 Replies View Related

Computer Appears To Be Configured

Apr 7, 2012

I am running Win 7 32-bit for my OS. I am on a desktop PC. I have a Internet modem only without the router. I have a Motorola SurfBoard SB5101.When I go into the Network Connections and do a diagnose. I get the following message. I tried doing netsh int ip reset reset.txt, and restart my PC, but it doesn't fix the error.Your computer appears to be configured, but the device or resource (DNS Server) is not responding.

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved