Cisco Firewall :: ASA 5505 - Can't Receive Mails From Some Customers

Jul 20, 2011

I can't receive mails from some customers, asa 5505 log get the message: "ASA_Outside|Deny TCP (no connection) from X.X.X.X/35702 to ASA_Outside/25 flags ACK  on interface outside".

View 5 Replies


ADVERTISEMENT

Cisco Firewall :: Unable To Send Mails From ASA 5505

Mar 26, 2012

I have 2 subnets bought from my provider 194.102.98.128/27 and 194.102.98.160/27.
 
From my provider a have the following setup:
IP Address:  86.120.151.66
Netmask:     255.255.255.128
Gateway:     86.120.151.1
DNS (1): 213.154.124.1
DNS (2): 193.231.252.1 
My IPs are static routed by my provider thought 86.120.151.66 .
 
On the firewall I have the following set-up:
 
Outside Interface: 86.120.151.66/25 security level 0
DMZ interface: 194.102.98.129/27 security level 50
Inside Interface: 194.102.98.161/27 security level 100
0.0.0.0 0.0.0.0 [1/0] via 86.120.151.1, outside
 
 
Everything works perfectly except when I try to sent an email. The email gets sent (eventually), but afert a long waiting time, 45-60 sec. The connection is opened instally to the server but then just hangs there for 40-50 sec. The problem is that a have an aplication on a server that has to send confirmation emails, and that aplication is limited to a 30 sec timeout for conecting to the mail server, much less then the 45-60 sec that I have now. The mail server is hosted by a data center, it is not in my networks (location).
 
I have tried deleting the ESMTP inspection, that doesn't work. Pinging my mail server rezults in a average time of 20 ms. And when a do a tracert the hight value in a  hop doesn't usually pass 80 ms, the average is 20-25 ms.
 
The problem is ONLY when sending emails. Everything else works perfect, including receiving emails from the same server.
 
My running config is:
 
hostname ASA-Adisys
domain-name Intern.ro
enable password 0./39zRW9yhKK/bO encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names

View 3 Replies View Related

Cisco VPN :: ASA 5505 - Remote Firewall Does Not Receive Single Packet From Source IP

Jun 3, 2012

I have setup an asa 5505 with multiple sub nets (plus license) and a vpn tunnel (ipsec) between this and an other asa on a second branch office (multiple vlans) . Now I need to route only two vlans from the first site to reach some of the second branch networks
 
let's call them: 1 branch
A-172.16.4.0/24
B-172.16.2.0/24
 
2 branch 
C- 10.10.10.0/24
D- 10.20.10.0/24
E- 10.66.10.0/24
 
the tunnelis ok From A to CDE . but from B to CDE won't come up. pinging is unsuccessful as well as all other traffic. the connection profile is setup to have both A and B as local networks and A and B by the moment share the same access rules configuration.
 
logs show firewall 1 let pass and build connections, without denies, but remote firewall does not receive a single packet from the source ip from network B.

View 2 Replies View Related

Cisco Firewall :: 5525 - Upgrades From 8.2 To 8.6 For Some Customers

Nov 13, 2012

We have a 5525 that has not been deployed to production yet so we're using it in the lab.  I want to lab some upgrades from 8.2 to 8.6 for some customers but the 5525 comes loaded with 8.6.  Would there be any problem with reimaging the 5525 with 8.2?  I'm just not sure if there would be an issue with this new hardware running that old software.

View 3 Replies View Related

Linksys Wired Router :: Cisco RV042 - Firewall Blocks Mails?

Dec 10, 2011

I have a Cisco RV042 Wired Router. I've got a static IP and a MS Small Business Server in my Router Network. I have forwarded the essential ports to use the IIS and the Exchange Server of my SBS2011 (https, http, smtp, rpc).
 
I can use the IIS, if the firewall is activated, but the exchange Server can not receive any emails. I have also created some firewall access rules for the mentioned services but without success.

View 1 Replies View Related

How To Open Nas Box To Customers

Apr 30, 2012

How to make Nas Box accessible by his customers so that they can upload large files to it rather than rely on posting these to him (e.g. on CDs/DVDs).He has the Nas Box for his own use and ideally would like to link it through his business website so that a customer can go there and upload files. Another option seems to be opening the network to his customers as well but I'm not sure about how to approach either of these options.

View 1 Replies View Related

Can't Get Mails Or On Internet

Dec 16, 2011

bought a laptop and can't get e mails or on the internet

View 2 Replies View Related

Cisco WAN :: ASA5510 VRF-Lite Two Customers Same Subnet

Apr 6, 2012

We want to deploy a NMS (Network Monitoring System), in this case SolarWinds, to monitor devices we have deployed at the customer site. We will make an IP VPN connection (ASA5510 with Cisco 800's) to the customer site. We have one primary NMS installation running in our datacenter. This NMS has to have a connection to all customer sites. We run into a problem when two customers use the same subnet. We want to use VRF-Lite to solve this problem but I am stuck in my design.
 
I have attached "VRF.jpg" to show the (basic) design I have made. The connection from customer to the router in the datacenter is not a problem. We can put the fa0.1 and vpn interface in the same VRF group. Via one physical cable we will go from router to NMS in which the NMS has multiple virtual interfaces. The datacenter router will route between the 192.168.x.x (NMS) and 10.1.1.x (Customer).What I can't seem to comprehend is how the NMS can decide how to get to Customer 1 or Customer 2. The customer can reach the NMS one-way but the NMS has no way to reply back because if it replies to 10.1.1.1 it can either use interface fa0.1 or interface fa0.2.

View 3 Replies View Related

Cisco Firewall :: ASA 8.4 / Receive Alerts On Connection Threshold

Oct 4, 2012

On a Cisco ASA 8.4 code is it possible to receive an alert once a certain number of tcp/udp connections is reached?  I'd like to see if I can get an email alert or syslog if the ASA reaches say 2,000 connections for example.  Once I get an alert I could then investigate the cause of so many connections.

View 1 Replies View Related

Wireless Access For Business Customers

Aug 22, 2011

I do alot with computers themselves, but, my networking skills are rusty and lacking....so, I'm hoping this is a simple one!I have a customer with a medium sized network (about 20 desktop computers) that are setup with a Domain.The business is a car dealership and he wants to be able to offer wireless to the folks that are waiting (but not give them access to the network, printers, server).I've never setup a wireless network where access to only the internet and not the network itself is the goal, so I'm not sure how to do it properly.Is there an easy way to explain how I should be hooking it up? Or will the network information, type of router, etc. be necessary?

View 2 Replies View Related

Unable To Read Yahoo Mails

Dec 14, 2011

At each time I open the internet page,at the left in the bottom of the page near of the STARt buton, it's written:"Error on page".And like that I can't read my emails on YAHOO and I can't post any picture in FACEBOOK.

View 10 Replies View Related

Cisco VPN :: ASA 8.4 - Access Citrix Applications On Customers Server?

Jun 5, 2011

We're trying to access Citrix applications on customer`s server, but the error message attached pops up every time I try to access any application. Actually, this is the same error message when we try to use ssh protocol. I'm pretty sure I have loaded all the plugins for this. All the other functionalists are ok for this equipment.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 / SNMP Server To Receive Trap?

Apr 9, 2011

How to prepare my network for snmp,currently i don't have SNMP configured with community,so what is the requirement for that?what server i need to configure in order  to receive SNMP traps coz last time i had issue ,one of my tunnels (terminated on asa 5510) goes down for 2 hours and i didn't realized that

View 7 Replies View Related

Cisco Firewall :: Are Both ASA5505 / AIP SSM-10 Able To Receive OS Updates With Service Contract

Mar 8, 2013

I currently have 2 5505 SEC BUN as Primary/FO Firewalls and I am considering purchasing the ASA5510-AIP10-K9 for use as a dedicated IPS device.  Looking at url... I see that for service updates, CON-SU1-AS1A10K9 is available for this product, providing  "IPS Signature and Engine Updates" and "OS Updates."
 
It is my understanding that in the ASA5510-AIP10-K9 there are 2 OS:

1. ASA OS
2. AIP SSM-10 OS
 
My question is: Are both the ASA and AIP SSM-10 able to receive "OS updates" with this service contract? Essentially, I want to make sure that when I submit by budget, there isn't another contract that I also need.

View 8 Replies View Related

Cisco Firewall :: Can't Send Or Receive Email From Exchange Behind ASA 5510 With CSC

Jan 17, 2012

We are upgrading from a Pix 515e to a ASA 5510 with CSC SSM.  We cannot send outbound email or receive any email from the outside world. I have placed a call with Cisco Support with no luck. [code]

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Unable To Receive Email From Outside Network

Mar 26, 2013

I am in the process of switching firewalls. Currently I have a Sonic Firewall inplace.  I have been tasked to switch the firewall out with a cisco asa firewall 5510.  The sonic firewall currently allows email traffic, web traffic, and dns traffic.  When I use the current config below on the asa I am unable to receive email from the outside network.  I can send and browse websites but I cannot receive email. 
 
ASA Version 9.1(1)
! hostname ciscoasa
enable password kdkfdjdjflkadjdsfj

[Code]......

View 3 Replies View Related

Get Outgoing E-mails To Be Registered On Outlook Server?

Mar 19, 2013

how I could possibly get all my e-mails of which I send my clients through my outlook to be registered on my Home-outlook, Office-Outlook and my mobile-outlook? like on the server? something similar to when you open yahoo or G-mail from any given location you can view your sent Items,inbox etc.

View 4 Replies View Related

Cisco Switching/Routing :: 7606 / Limit Interface That Is Used By One Of Customers To 30M

May 15, 2012

I have a Cisco 7606 running 12.2.  I want to limit the interface that is used by one of our customers to 30M.

View 3 Replies View Related

Protocols / Routing :: How To Use SMTP To Send Mails From Laptop

Feb 23, 2012

My coworker told me that port 25 is closed in office , so I can't use [URL] as SMTP Server and to ask for direct line instead of 25.I don't know how to use/setup direct line

View 4 Replies View Related

Cisco Firewall :: Monitoring ASA 5505 Firewall Active / Standby Pair Using SNMP?

Sep 7, 2011

How I can actively monitor the interfaces and overall status of 2 x ASA 5500s in an Active/Standby configuration?
 
I can setup monitoring of the interfaces on the Active member but I'm not sure how to manage the Standby member?

View 1 Replies View Related

Cisco Firewall :: IOS Firewall Versus ASA (5505 / 5510) For Smaller Clients (less Than 50)?

Apr 24, 2012

We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510.  One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover.  I have configured a number of isr's for this and i know it works good. 

View 1 Replies View Related

Cisco Firewall :: Failover ASA 5505 - Setup Second Inside Interface On Firewall?

Feb 19, 2012

I have a Cisco ASA 5505 in our office. We are currently using Interface 0 for outside and 1 for inside. We only have 1 Vlan in our environment. We have two three switches behind the firewall. Today the uplink to Interface 1, to the firewall, on the switch went bad. I want to setup a second inside interface on the firewall and configure it as failover incase this happens again. I want to attach it to the other switch. Can I do this? If so, what do I need to do? would it only be a passive/standby interface?

View 1 Replies View Related

Cisco Firewall :: Setting Up ASA 5505 To Be Used As Firewall Between BT Internet And 3560 LAN Switch?

Aug 23, 2011

setting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:

Network Address   Network Mask  BTnet NTE Router LAN Address
      
There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.

View 21 Replies View Related

Cisco Firewall :: Upgrade From 5505 To 5520 On Network - ASA Firewall Throughput

Feb 27, 2013

I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
 
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
 
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.

View 5 Replies View Related

Cisco Firewall :: 5505 - Setting Transparent Firewall Ip Address?

Dec 22, 2011

Trying to set up a asa 5505 in transparent firewall mode. I cannot set the management ip address:
 
ciscoasa> enable
Password:
ciscoasa# config term

[Code].....

View 7 Replies View Related

Cisco Firewall :: ASA 5505 Creating Interface Vlan In Firewall

May 3, 2011

I have been working with ASA 5510,20,40,80 but not with 5505 this vlan and its interfaces are quite confusing.Just want to know how it works and its connectivity to Cisco Switch.Do i have to put the interface of the switch in the same vlan as i am creating the interface vlan in firewall ?Now the switch port connecting to this Eth1 interface should also be in the same vlan ? i.e vlan3 ?? or it will be in trunk ? The default configuration shows the eth0 with no access vlan and interface eth1 with access vlan 2... does it mean the eth0 is in vlan1 ? (Nativ Vlan ) ???

View 4 Replies View Related

Cisco Firewall :: ASA 5505 Firewall To Filter HTTPS Websites?

May 28, 2012

I have a cisco asa 5505 firewall. Is it possible to block secure websites in it like [URL]? I have already tried regular expression filtering but it filters only http traffic.

View 4 Replies View Related

Cisco Firewall :: ASA 5505 - Can't Reach FTP Site While Inside Firewall?

Feb 26, 2011

I am trying to configure our ASA 5505 so that our users can access our ftp site using [URL] while inside the firewall. Our ftp site is setup so that you can reach it by either browsing to the above url or by browsing to ftp://99.23.119.78 but we are unable to access our ftp site from either route while inside the firewall. We can access our ftp site using the internal ip address of 192.168.1.3.
 
Here is our current confguration:
 
Result of the command: "show running-config"
: Saved:ASA Version 8.2(1) !hostname ciscoasaenable password qVQaNBP31RadYDLM encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.1 255.255.255.0 !interface Vlan2nameif ATTsecurity-level 0pppoe client vpdn group ATTip address pppoe setroute !interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveobject-group service DM_INLINE_TCP_1 tcpport-object eq ftpport-object eq ftp-dataport-object eq wwwaccess-list ATT_access_in extended permit tcp any host 99.23.119.78 object-group DM_INLINE_TCP_1 access-list ATT_access_in extended permit tcp any interface ATT eq ftp access-list ATT_access_in extended permit tcp any interface ATT eq ftp-data access-list ATT_access_in extended permit tcp any interface ATT eq www access-list 100 extended permit tcp any interface ATT eq ftp

[code]....

View 6 Replies View Related

Cisco Firewall :: 5505 PAT With Single Public IP And Several Servers Behind Firewall

Nov 21, 2012

New to the ASA 5505 8.4 software version, but here is what I'm trying to do:
 
-Single static public IP:  16.2.3.4
-Need to PAT several ports to three separate servers behind firewall
-One server houses email, pptp server, ftp server and web services: 10.1.20.91
-One server houses drac management (port 445): 10.1.20.92
-One server is the IP phone server using a range of ports: 10.1.20.156
 
Basically, need to PAT the ports associated with each server to the respective servers behind the ASA 5505.  Is anything missing from this config? Do I need to include a global policy for PPTP and SMTP? [code]

View 11 Replies View Related

Cisco Firewall :: ASA 5505 Transparent Firewall With Web Sense Integration

Apr 27, 2011

I'm integrating a Cisco ASA5505 with a Websense proxy. I have a configuration setup where we have four routers which are used for Internet access. There are two VLAN's - Guest and Private. What I would like to achieve is making the use of available bandwidth by load distribution via GLBP, and filtering users web traffic. Two routers will be used for a GLBP group in one VLAN, and the other two routers will be used for GLBP in another VLAN.The users are connected to a Cisco 2960 switch and are in their respective VLAN's. I'm planning a 802.1q trunk to a Cisco ASA from the 2960 switch, carrying both VLAN's.What I would like to know is if there is a CSC module (or similar) which has Websense installed on it, and if it is possible to setup the ASA5505 in transparent mode to filter the traffic in this way? Hopefully this would allow multiple users to take advantage of the additional bandwidth, and not be restricted by using a traditional proxy setup which where all web traffic would be originating from a single MAC address.

View 1 Replies View Related

Cisco Firewall :: 5505 ASA Trunk Port In Firewall

Apr 30, 2012

I have an issue with my firewall,each time i configured a trunk port in the firewall and connect a sw 2960S with a trunk port also, all the interfaces in the Firewall go down ( virutal intertaces, inside, outside , dmz) , also another switch 3750 that is connected to another port in the firewall( access port only) it start to a new negotiation of spanning tree.What could be causing this problem? the firewall didnt sedn bdpdu i think the IOS of the firewall its a 8.2

View 3 Replies View Related

Cisco Firewall :: 5505 Firewall Between HQ And Remote Site

Jun 12, 2012

we are planning on connecting a new aquired company to ours soon?We will connect the remote site to the HQ via a D3. I've been told we will need to have a firewall between them and us for a time. I was thinking of terminating the D3 connection at the remote site of 80 users. Can I use the asr as a firewall as well, to protect the HQ from the Remote site - or should I use a seperate appliance?I was thinking of a asa5505 but, am concerned with bandwidth limitations of the box?

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Transparent Firewall Configuration?

Sep 11, 2007

I want to configure an ASA 5505 in transparent mode (7.x). Somehow, I got it to work.. but i need some kind of step by step description. I just want to connect it with outside on a route .. inside in my LAN. Its working now with one ASA. But in the Web Interface the Interfaces inside and outside are down.. but its working.

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved