When I do an NMAP scan against my ASA 5505 on it's internal interface's IP address, it appears to be listening on all TCP ports. If I do it from across a VPN tunnel, the ports show as open according to NMAP, if I do the scan from the local subnet they show up as unknown. I'm running 8.0.4 code on this ASA.
View 1 RepliesI've several production Catalyst switches that are listening on the same IPv4 and IPv6 ports. The problem is I don't want the switches listening on the IPv6 ports.[code] How to shut down these listening ports?I also have a few production switches listening on UDP/10000 and I cannot determine why this port is listening. [code] I've seen where UDP/10000 is Network Data Management Protocol and is related to Storage networks ###, but I've also seen where UDP/10000 is the default port for IPSEC data.I don't believe UDP/10000 is related to either NDMP or IPSEC data, though I could be very wrong.
View 4 Replies View RelatedWe have an ASA 5505. 5505 comes with two default vlans 1&2 with each of them marked as inside & outside respectively.My query is , if i do not want to use vlans on 5505 and only want to use the Ethernet ports as pure physical layer 3 ports, is it possible?i.e. i want to assign a layer 3 ip address on eth0/0 and eth0/1 and make them as the inside & outside interfaces rather than vlans. is it possible to do away with vlans in 5505 & will it work otherwise?
View 3 Replies View RelatedWe have a client that is running a PC on a internet over satellite. To avoid any unessecery traffic over the satellite link (data traffic is quite expensive), we've suggested to use a 5505, as we had one handy already.
So basically what we wanted was to block everything outgoing and everything ingoing, except for example port 22 (ssh).
But I'm struggling a bit, since this is my first cisco router to be configured.
My interfaces are as follows.
Outside - DHCP
Inside (port 1) - 192.168.1.1
I'm only running ipv4.
in ASDM I made a static NAT rule for port 22, being forwarded to 192.168.1.5 (the computer)
in Access rules I made under outside (incomming rules) source=any destination=outside service=ssh action=permit
But when I try to add further rules to block everything else, it takes the SSH on port 22 with it. How should I do this the easiest way?
the hardware setup is pretty straight forward.
sat-terminal(with IP 192.168.0.1 running DHCP) -> 5505 (outside IP=DHCP - inside IP=192.168.1.1) -> computer (IP=192.168.1.5)
I've an ASA 5505 as my gateway for my internet at home. I've one public IP, so I use Port Address translatetion for my internal clients.
Now i wanna setup a FTP server, on a internal client. I will use Filezilla FTP server. I'm running the FTP server in passive mode, since the FTP server would be behind my ASA firewall/nat device.
I need 50 ports for the passive mode to be running.
I will use port range 50000-50050. I can easy make a firewall rule (access-list) that permit that port range.
But how do I PAT(NAT) a port-range on the ASA device? I can only figure out how to NAT one port at the time.
I have an ASA 5505 with ASA version 7.2(2) and ASDM version 5.2(2) and I am attempting to open ports 88 and 5445 and forward them to the IP address of my DVR. This is all new for me. I see several posts for other software version to do this same thing but my version appears to be older?
View 1 Replies View RelatedI need to forward some ports for remote desktop and remote outlook which I host on an internal server. I have looked all over the web and got close, but no hints on how to do it in the asa 8.2. there is an 8.3 guide, but it is just different enough to not work. I am new to this device and cli.
View 3 Replies View RelatedI am trying to configure a new 5505 but I am having difficulties opening ports that allow traffic in from the outside. My setup is Comcast Business Modem (w/ single static IP) -> ASA (10.0.0.1) -> (dumb) Switch -> NAS (10.0.0.10). I am attemping to open port 5001 to the NAS. I am very new to IOS so I have mostly been working in ASDM. Not sure if I am overcomplicating this for myself or what but I am stuck.
My running config is -
ASA Version 8.2(5)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
[Code].....
I'm working on setting up a PBX server in our office, and I'm having trouble getting a port opened for SIP on my ASA 5505.I created static NAT rule for SIP traffic from internal server to the outside IP address.I created access rules on outside interface to forward port 5060 to internal PBX server (192.168.1.8)I also disabled sip packet inspection on the ASA.I'm still receiving a message from the PBX that the firewall is configured incorrectly.
[code]....
We've read everything about inspecting SIP packets and allowing them to pass through on port 5060, the default SIP port. However, our setup requires the ASA 5505 to allow SIP on ports 5060, 5160 and 5260.
Is this possible with the ASA 5505? If it's not, it would be a blocking issue for us to move forward with ASA appliances. We are currently investigating in a lab environment and really having difficulties configuring it to facilitate full SIP functionality.
I have an ASA 5505 running 8.4(1), and I'm configuring it with ASDM 6.4(1). The outside interface is configured with a single static address. I have a few services port forwarded sucessfully to three different servers on the inside network.
I need to make a media proxy on a SIP server available to the outside. It requires a large range of forwarded UDP ports for the media channels.
I tried adding a network object NAT rule like the others I'm already using to forward HTTP and RDP. I entered a range of ports for the real port and the mapped port using the syntax 60000-60999. ASDM accepted it, but the NAT rule list displays "Any" in the service column. When I apply the change, I get the following error:
nat (inside,outside) static interface service tcp 60000-60999 60000-60999
^
ERROR: % Invalid input detected at '^' marker.
How do I forward a large range of UDP ports from the outside interface to a single server on my inside network? I'd like to use ASDM, but I can switch to the CLI if that works better.
I am in search of a new routers. I don't have any special task to do. Just the flow of maximum 2mb/sec data and some times video conference. However I need the Voip solution as well. I just got excited on the cisco ASA 5505 product. Can this fulfill my requirements. Can this work as the router 1841. Does this support DMVPN, SSL VPN and dynamic routing. Can I upgrade the IOS for dynamic routing purpose. Do you recommend to purchase this produe act or not instead of router ? What are the limitations of this product. If I purchase this I can use this as an router as well as strong security solution. How many ports are available for traffic flow in ASA 5505. Are all routed mode or some of them switch port.
View 1 Replies View Related I am trying to open up 3 TCP ports in Cisco ASDM Launcher:
16000
16001
8098
And have a Cisco ASA 5505 Router. I need these ports open in order for a software that I have installed on the server to communicate with my local client computers for my business, The software is installed on Windows 2008 Server Standard Edition and was installed with MicrosoftSQL 2005. The software and Microsft SQL 2005 is pretty much installed and just requires this last step in order for the server to be connected to the local computers. In order to resolve this, I have gone to.
How to list ports open on Cisco ASA 5505 appliance? I have tried to see using Cisco ASDM launcher, but no luck.
View 1 Replies View RelatedI am used to setting up access-lists on outside interfaces with ip addresses that are static. I have recently been given a site that is using a dyndns.org client for name to ip address resolution on an outside interface that is dhcp assigned. I created an access-list to open up ports 41794 and 41795 to an engineering application but everytime I try to connect from the outside I get a syn timeout. The application works when inside the lan. Basically I want to allow outside connections from anywhere on the outside to go to ports 41794 and 41795. I am running a Cisco ASA 5505 on version 7.2(4) Below is my conifg. what I may have misconfigured?
: Saved:ASA Version 7.2(4)!names!interface Vlan1 nameif inside security-level 100 ip address 172.31.2.1 255.255.255.0!interface Vlan2 nameif outside security-level 0 ip address dhcp setroute!interface Ethernet0/0 switchport access vlan 2!interface
[Code].....
I'm stuck at asa 5505 nat, port forwarding configuration Here is what i need:
host1: 192.168.1.1 service tcp/100 >>>>> public ip 1.1.1.1 service tcp/100
host2: 192.168.1.2 service tcp/200 >>>>> public ip 1.1.1.1 service tcp/200
host3: 192.168.1.3 service tcp/300 >>>>> public ip 1.1.1.1 service tcp/300
So people from remote just need to use 1.1.1.1 public ip to access all the ports on three different inside server.I can do this on my old ASA 5505 with 8.0(4). Looks like there're lots of change from 8.0 to 8.4.
we have a Cisco 2901 as a router on a stick for several vlans. Everything on the segment routes fine and accesses the internet just as they should. The 2901 connects to an ASA5505 on port 0/1. Any host connected to the ASA5505 can access the internet, but can not ping into any of the vlans off of the 2901. The strange thing is on either segement of the network I can ping all of the gateways. What is even more strange is when I run wireshark from behind the firewall going into the 2901 I can not see the packet on another wireshark instance behind the 2901. However if I start a ping for a host host behind the asa I can see the packet in wireshark on the host, which I am trying to ping, hit the gateway.
View 15 Replies View RelatedWe have a client that has a Cisco 1801W Firewall that is setup as a site to site VPN terminating to a Cisco ASA 5505. The tunnel is up and established, I can ping from both sides of the tunnel.
The problem is the clients behind the Cisco ASA (192.168.2.x) cannot reach certain ports behind the Router (192.168.1.x). The main thing we're trying to do is browse via UNC path (ex: \192.168.1.120 from a 192.168.2.x machine).
I got 3389 working after I changed the - ip nat inside source static tcp 192.168.1.120 3389 y.y.x.x 3389 route-map DM_RMAP_1 extendable Modified the command to include the public IP instead of interface FastEthernet0
I believe it has something to do with the way NAT and route-maps are setup currently but I'm not familar enough with them to make the changes. I worked with Cisco to ensure the VPN tunnel was fine and it's something security related on the Router.
Here is the configuration (removed a few lines not necessary. y.y.x.x = WAN IP of Router x.x.y.y = WAN IP of ASA).
Building configuration...
Current configuration : 23648 bytes
!
version 12.4
no service pad
[Code].....
I'm trying to add our two 5585-X + CX20 units to Cisco Prime Security Manager. The ASAs seem to add correctly but the CX20s appear "undefined" for software version and model. Clicking on "Device Configuration" I get the error "Message From Server: SyntaxError: Unexpected token .
View 0 Replies View RelatedIs there a way to associate spare firewall ports with another port that is being used..For example...int gi 0/2 is being used currently for my web dmz. Its ip is 192.168.10.1..Is there a way for me to associate gi 0/3 with the same layer 2 as gi 0/2 ?
In my webdmz I use 2 ACE 4710 proxys in FT mode. I used a layer 2 switch to connect firewall and proxys together.
I would like to eliminate this switch if possible..and connect both 4710's (layer 2) direct to firewall.If I could make gi0/2 - 4 part of the same vlan, then I would be good to go.
Sometimes when I enable a switchport I see the port goes to Blocking mode first, not sure if it stays in that mode for the 20 secs, I think sometimes is far less than 20 sec. But I have seen too, that when I enable a port it goes directly to Listening mode. When does a switchport goes to the Blocking mode first, mode that all the books I have read say it should go when you enable a port, and when it goes to Listening mode directly?
View 5 Replies View RelatedI recently had a security scan done on a DIR 655 and the report came back saying PORT 111 (Unix RPC Service) should not be listening for external connections. I've looked through every setting but can't find where this service is enabled (or can be altered) -- aany guidance on this port/service?
View 14 Replies View RelatedI have two Windows Boxes connected to RV042 ; each has its own static IP assigned to it and each runs bunch of virtual machines , for which I had configured port forwarding .My hosting company claims that my server(s) are listening on IP 192.168.0.1 on a public interface (i.e., one that uplinks to their network). They see this same IP on two different MACs my uplink interface. I am not really sure how it is possible since 192.168.0.1 was assigned to router itself.
View 7 Replies View RelatedI need to open ports 25, 993, 995, 443 and 465 to setup MS-Exchange. I don't have an inhouse IT guy and this seems pretty straight-forward in theory but I can't figure it out I need to open ports 25, 993, 995, 443 and 465 to setup MS-Exchange.
View 5 Replies View RelatedI am just setting up a LAN using DIR-655 and I noticed this line in the logs: notice Aug 4 03:25:55 HTTP listening on port 65535
Is the router listening to that port?
Ages ago I was shadowing someone making a change on the network. I cannot remember which spanning tree version was running and cannot remember the config of any port either. What I do remember is that every switch port on the 2960 switch went orange and an outage occured, where the ports went into listening / learning mode. I assume that the STP was just the default ieee 802.1D.
View 3 Replies View RelatedHow come many switches show that they are listening on port 2228/udp and 1975/udp? You can see this by running 'show ip sockets'.
View 10 Replies View Relatedrecently got a RV220W and liking all the configuration options.
Although I cannot find where to change the listening port for management? I want it to listen on port 81 instead of 80.
In my LAN environment, I'm using two cisco SG300-10 switches. Both switches are connected by GE10 on both switches, where both ports are set to trunk.Now on all ports 1-9 on both switches, I'm having client computers attached. So I set ports 1-9 to "access" mode.All interfaces on any switch is left in default vlan.
Is it normal that I see all traffic from all connected devices on any port where I connect a listening device?What I'd like to achieve is, that only traffic that is meant for a specific workstation is actually forwarded to this workstation. By now it seems that I get all the traffic from everybody.
There is a PIX firewall and it has this configured on it.static (inside,outside) tcp interface 3389 192.168.1.250 3389 netmask 255.255.255.255 0 0.This line of code works ok for port 3389 but I want all tcp ports to be translated. Not just 3389.
View 2 Replies View RelatedWe have setup new ip camera system and as per our vendor to access the camera from outside we need to open,TCP ports and in firewall and forward to our camera server.
Let say our public ip address is 207.114.111.22 and our local ip address for the camera is 11.11.1.30. We have cisco asa 5510.
I have two 877's that have both reset with the following messages on boot, and dir of flash and lost+found/It appears that there is a IOS on the flash? but rommon doesn't know where it is. I tried to "set" with no luck as set is read.
I have noticed that the IOS is 0 size. [code]
I am running Win 7 32-bit for my OS. I am on a desktop PC. I have a Internet modem only without the router. I have a Motorola SurfBoard SB5101.When I go into the Network Connections and do a diagnose. I get the following message. I tried doing netsh int ip reset reset.txt, and restart my PC, but it doesn't fix the error.Your computer appears to be configured, but the device or resource (DNS Server) is not responding.
View 3 Replies View Related