Cisco Firewall :: ASA 5505 - Connection To LAN

Feb 13, 2012

I have the asa 5505 with asdm 6.4(5). my inside LAN is 192.168.0.0/24. the outside of asa is connected on lan 10.13.74.0/24 and i need over LAN 10.13.74.0/24 connect on LAN 10.15.100.0/24. i put nat rule on asa 5505 and acl rule and users from lan 10.15.100.0/24 can connect on my server, but i can't connect on from inside of asa connect on lan 10.15.100.0/24 and 10.13.74.0/24. my configuration asa is Result of the command:

"show running-config"
 : Saved
:
ASA Version 8.4(2)
!
host name Cisco asa
enable password 8Ry2YjIyt7RRXU24 encrypted
password 2KFQnbNIdI.2KYOU encrypted
names
[ code]....
 
what i do that connect on LAN 10.15.100.0/24. i cant ping my outside interface, put rules on acl, i enabled service policy rule for icmp ,but nothing.

View 3 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5505 - Connection Timeouts / Connection Failures

Dec 18, 2011

We're getting "Connaction Timeout / Connection Failure" error messages several time per day. Here is our setup:
 
Verizon FiOS Internet (ONT Box) --> Cisco ASA 5505 --> EdgeMarc 4500 Router --> Cisco 300-24G Switch --> Dell PE1950 Servers
 
From past few months, we keep getting Connection Timeout and Connection Failure error messages in our vendor application which connects to SQL Server 2005. Also Terminal Server 2003 keep disconnecting for every few hours.After several days of troubleshooting, we come to know that this Cisco ASA 5500 is not working properly. When I access the ASDM, it shows several warning messages.I know there is a setting option to configure TimeOut, but is there anyway to test and track the ASA 5500 regarding this Timeout issues?

View 3 Replies View Related

Cisco Firewall :: Connection Timeouts On ASA 5505

Feb 15, 2011

We recently got a 10 meg dedicated internet fiber connection installed. I connected it to a PIX 501 firewall and everything worked fine (I tested it for a couple of weeks). A couple of days ago I got a new ASA 5505 and replaced the PIX with this device. It works, but every so often there seems to be a timeout when surfing the web whereby I click on a link and there is up to a 45 second wait and then the page loads quickly. I was not getting this before on the PIX so I'm assuming it's not a latency issue with the connection. I am the only one using this connection on the network so it's not to say that it's being bogged down. I want to roll this out to the other users on the network but not when this is happening. The configuration is below:
 
: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa

[Code].....

View 8 Replies View Related

Cisco Firewall :: Terminate SIP Connection On ASA 5505?

Apr 15, 2013

I have a SIP trunk in my Florida office connected to a Cisco 2851 ISR. I'm using Unified Communications Manager 8.0 and life is great.
 
We just opened a new office in Spain and now the fun begins.  We created a site-to-site VPN tunnel using ASA 5510 in Florida and ASA 5505 in Spain. We can register IP Commuicator phones in Spain but when they make calls it shows up as a Florida call. We need it to show up as a Spain call.
 
We are thinking to get a SIP trunk into the Spain office but I only have a ASA 5505 over there. Can I terminate a SIP connection to it? Is this the best option? If not, what is the recommened setup?

View 1 Replies View Related

Cisco Firewall :: 5505 Drops Outside Connection

Nov 13, 2012

I am having a problem with a ASA 5505. The users on the inside cannot access internet for the most of the time. When i looked over the configuration and tried a few changes i got out to internet about 5 seconds every 30 minute or so. Very strange. When i try to access internet i just get the windows post that DNS is not working properly. As you can see in my config i get all addresses dynamic from ISP.
 
I am not sure what to do next, i tried to set static routes, make Nat changes, static dns addresses, searching this forum but nothing works. It seems like there is a ISP problem but i have talked to the support twice today and they say that all is fine from their side. Does ASA behave like this?

ASA Version 8.2(2)
hostname ciscoasa
domain-name
enable password  encrypted
passwd  encrypted
names
[code]...

View 7 Replies View Related

Cisco Firewall :: ASA 5505 Connection Dropping

Jun 23, 2012

I have a Cisco ASA 5505 - 50 VPN edition.  I have baffling network issues that I have not been able to pinpoint and I recently started to think it may have something to do with my ASA.  I'm a network administrator and I have a Cisco ASA 5505 in my home network so I can learn how to manage Cisco ASA's and utilize the Easy VPN feature so I have a always on VPN connection into work to log into servers, etc.  I've been using the ASA for almost 6 months with the EasyVPN feature with no issues.  My ISP is Comcast.
 
Within the last week my connections have been randomly dropping for about 20 seconds and then reconnecting.  I have two computers on the network that have a direct ethernet run to the switch ports on the back of the ASA.  When the connection drops, I see my LAN icons completely lose connectively (yellow exclamation warning) then after 20 seconds, reconnect.  This is very random.  I was able to get it to happen every time I connected to XBOX live and play a online game.  It would almost on cue drop after 30 minutes of online gamming.  Here are the steps I have taken:
 
1. Replaced 10/100 switch to a brand new 10/100/1000 switch from computer run in my office to the ASA.
no joy
 
2. I upgraded the ASA to the most recent firmware: ASA Version 8.4, ASDM Version 6.4
no joy
 
3. I had an ethernet run under my carpet to the office, I started to  think that maybe one of the cables had an issue after walking on it and  vacumming causing a short.  I removed all the ethernet under the carpet and installed power line over ethernet adapter from the ASA to my office.
no joy
 
4. I checked both computers on the network for viruses.  All computers came back clean after scanning wth Malwarebytes and SuperAntispyware.
 
5. I've watched the logs on the ASA as the LAN connection drops and I don't see error messages to troubleshoot this issue.
 
The only thing left to replace is the Comcast modem or the Cisco ASA.  The Comcast modem is newer and only about 1 year old (rented from Comcast).  Since my actual LAN connection drops and I lose connectively I believe there may be some issue with the ASA or the ASA switch ports or some sort of internal hardware issue on the ASA.

View 4 Replies View Related

Cisco Firewall :: ASA 5505 Closing Connection?

Jun 24, 2012

I'm trying to get an asa5505 set up so that our web server can send an LDAPS login to a client's server and receive the request back. The default IP our traffic goes out on is different than where I want the connection to come back in on. So, I set a NAT rule to send all traffic from a specific inside IP out a default outside IP. I also allowed LDAPS traffic from the client's server IP address in and have nat'd it back to the appropriate inside IP address. It seems to build the outbound connection fine, but then seems to drop it right away, which then seems to not allow the response back in. I've attached a picture of the log, with (what I think are) the lines in question highlighted. I'm far from a routing expert, but this seemed like a fairly easy setup.

View 1 Replies View Related

Cisco Firewall :: 5505 Broadband Connection With One Static IP

Jun 3, 2013

I am mapping static ip address to the local ip address.We have a bsnl broadband connection, and bsnl has provided us with one static ip address.We are using  broadband modem.Now I would liket to map this static ip address to one of the private ip address which is 192.168.1.2(database server).i want to do nat above ips if i do so then i dont have no ip to assign to my outside interface.I would like to access this device over internet, by typing my public (Static ip ) given by the BSNL.security device i have is cisco ASA 5505.

View 3 Replies View Related

Cisco Firewall :: Asa 5505 Clear Arp Restores Connection

May 23, 2012

I have a simple network with an ASA5505 mainly used for AnyConnect so there is little traffic. There is 1 laptop connected to the E0/1 of the ASA and then E0/0 is going to the internet port. I've noticed about ever 15-20 minutes, I lose all connection. The laptop can no longer browse the web and handsets can no longer VPN into the network.  I've noticed a few seconds after performing a clear arp, all the connectinos are restored. The laptop can browse the web and handsets can VPN in again.

View 11 Replies View Related

Cisco Firewall :: ASA 5505 - Back ISP Connection Doesn't Up?

Feb 27, 2011

I have asa 5505 with security plus license, I configured dual ISP with two different ISP provider. I followed below cisco document to configure dual ISP [URL] The Configuration works during the testing, while removing the primary ISP cable from firewall. The problem i am facing is my primary ISP is down but the gateway is still up and it not switch over to backup ISP. For SLA which IP should i monitor so once my primary ISP is down it will fallback to Secondary.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Inbound TCP Connection Denied

Oct 6, 2011

I configured an ASA 5505 a couple of weeks ago. Every thing is working properly except it sends irritating messages to the syslog server. Her is an example of the message:
 
     %ASA-2-106001: Inbound TCP connection denied from 195.215.221.56/80 to 10.70.13.90/252 flags PSH ACK on interface outside

     %ASA-2-106001: Inbound TCP connection denied from 195.215.221.56/80 to 10.70.13.90/2252 flags ACK on interface outside.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Lost Internet Connection?

Feb 27, 2011

I changed a configuration and suddenly I lost the internet connectivity... Result of the command: "show running-config"

: Saved:ASA Version 8.2(1) !hostname ciscoasaenable password qVQaNBP31RadYDLM encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 !interface Vlan2 nameif ATT security-level 0 pppoe client vpdn group ATT ip address pppoe setroute !interface Ethernet0/0 switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveclock timezone EST -5clock summer-time EDT recurringsame-security-traffic permit inter-interfaceobject-group service DM_INLINE_TCP_1 tcp port-object eq ftp port-object eq ftp-data port-object eq wwwaccess-list ATT_access_in remark Linkstation Accessaccess-list ATT_access_in extended permit tcp any host 99.23.119.78 object-group DM_INLINE_TCP_1 access-list ATT_access_in remark Linkstation

[code]....

View 3 Replies View Related

Cisco Firewall :: ASA 5505 8.2(1) - Poor WAN Connection Speed

Apr 26, 2011

To sum it up the ASA is maxing out at 7MB down on a 25MB connection. The connection was tested with the ASA removed and the connection is fine.
 
This popped out at me the most but i'm not sure what it means:

12884935775 switch ingress policy drops for eth 0/0
 
[code]....

View 6 Replies View Related

Cisco Firewall :: ASA 5505 Dropping Internet Connection Randomly

May 24, 2012

One of our hospitals keeps reporting that their internet is going out for a while than comes back up, sometimes they even have to reset the ISP modem for this it to work again. I upgraded and switched ISP to Time Warner Cable and figured it would essentially solve the issue, but there are still reports of internet outage and our new ISP has confirmed multiple times that their end is still up. Our ASA 5505 was configured by a previous employee, but when looking at the running config I noticed that the Interface for our ISP is NOT set to Duplex Full and Speed 100.

interface Ethernet0/5

switchport access vlan 2

View 3 Replies View Related

Cisco Firewall :: ASA-5510 / ASA-5505 Loses Connection To Gateway

Jun 23, 2011

I have an ASA-5510 in a location that loses connectivity to the wan gateway after anywhere from five to fifteen minutes.  At first I thought that the unit might be defective, but I replaced it with an ASA-5505 with similar results.  A reload of the ASA-5510 will restore connectivity for the next quarter hour.
 
Here's the version information on the 5510:
 
Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)
Compiled on Tue 05-May-09 22:45 by builders

[Code].....

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Doesn't Forward Incoming Connection To LAN

Jun 13, 2012

I just got a Cisco asa 5505 with the next OS and ASDM info ASA 5505 OS 8.4(3) ASDM 6.47 I configured and enter all rules to allow incoming traffic to LAN but it's not working also, I have one host inside that is configured in a second IP and create the rule to allow traffic to it but it doesn't work too.

Problem 1 I have VNC running in port 5900 tcp and I want to connect from Internet using port 6001 and this has to forware the connection to the real VNC port. In the configuration I have a few host with the same configuration but I use different outside port to get it.
 
Problem 2. I have a second IP with services: SMTP, HTTP, HTTPS and port 444 all TCP forwarding to a server in the LAN.
 
Facts: SMTP. Every time that I do telnet to the second IP looking for the SMTP port, the firewall doesn't let the incoming connection goes through and the LOGGING screen doesn't how that connection.PORT 6001 (outside)this port is configured to work with the IP in the outside internface and it was to send the incoming connection to a host inside to the real port 5900.Can any one check my configuration if I'm missing anything? for sure I'm but I didn't find it. Bellow is the configuration, I masked the Public IPs just left the last number in the IP, also I left the LAN network to see better the configuration.
 
CONFIGURATION.
: Saved
:
ASA Version 8.4(3)
!
hostname saturn1
domain-name mydominio.com
enable password SOMEPASS encrypted

[code]....

View 4 Replies View Related

Cisco Firewall :: Configure IPSec VPN Connection For ASA 5505 (Version 8.4)?

Nov 20, 2011

I am now going to configure IPSec VPN connection for Cisco ASA 5505 (Version 8.4)

View 3 Replies View Related

Cisco Firewall :: ASA 5505 / Skinny Inspection Closes Connection

Dec 31, 2011

I have a branch office set up were all traffic goes back to the core, iincluding internet acces.
 
It has been working fine for a year, but recently I have started to see the firewalls Asa 5505 closing the connection and stopping the phone from answering the calls.
 
I have skinny inspection turned on all my branch offices, but had to turn it off at the one site to get one of my phones to registered.
 
I haven't made any changes to the network that would trigger this issue, such as upgrading phone firmware.
 
 My firewall is configured for default deny, other than Skinny (tcp 2000), do I need Skinny inspection to be turned on?
 
It's turned on my 5 other branches.How can I debug why the skinny inspection is closing the connection?As a separate note this phone is part of a pool of phones that shares a common DN, would this be causing the issue?

View 1 Replies View Related

Cisco Firewall :: ASA 5505 With Dual ISP - How To Setup Backup Connection

May 22, 2012

how can I setup that the backup connection will start but after 30s of icmp timeout the default gateway (tracket object - 192.168.1.1)
 
My configuration:
 
sla monitor 123
type echo protocol ipIcmpEcho 192.168.1.1 interface outside
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
 
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1 track 1
route backup 0.0.0.0 0.0.0.0 192.168.2.1 254
 
track 1 rtr 123 reachability

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Dropping Internet Connection Randomly?

May 24, 2012

One of our hospitals keeps reporting that their internet is going out for a while than comes back up, sometimes they even have to reset the ISP modem for this it to work again. I upgraded and switched ISP to Time Warner Cable and figured it would esentially solve the issue, but there are still reports of internet outage and our new ISP has confirmed multiple times that their end is still up. Our ASA 5505 was configured by a previous employee, but when looking at the running config I noticed that the Interface for our ISP is NOT set to Duplex Full and Speed 100.
 
interface Ethernet0/5
switchport access vlan 2

View 1 Replies View Related

Networking :: Home Router Firewall Connection With ASA 5505

Oct 25, 2012

Shopping for a new home router/firewall. Trying to decide between a Cisco ASA 5505 or a juniper equivalent. What are everyone's thoughts?

View 16 Replies View Related

Cisco Firewall :: ASA 5505 Loses Connection To Cloud For 50 Seconds Hourly

Oct 10, 2011

I have an ASA 5505 that during preak usage, likes to lose it's connection to the cloud for 50 seconds. The device is alive and kicking, can route between different interfaces, but it's connection to the cloud dies. This happens every 45 minutes or so during our peak internet usage.
 
the nastyness of the config, I was having issues getting PPTP pass-thru to cooperate, and never cleaned up after myself.
 
Result of the command: "show run"
 
: Saved
:
ASA Version 8.2(1)
!
hostname THEMAN-ASA

[Code]....

View 1 Replies View Related

Cisco Firewall :: How To Configure ASA 5505 (Internet Connection Via Cable Modem)

Aug 30, 2011

I'm trying to learn Cisco ASA IOS commands, I have bought myself a 5505 ASA for my home network and plan to implement it. How best to configure it.

I have attached a diagram of how I want my network to look. The internet connection is via the Virgin Media cable modem.

View 7 Replies View Related

Cisco Firewall :: ASA 5505 Connection Limit And TIME_WAIT Freezing Device

Sep 30, 2011

My little ASA 5505 is working great The device appears to be artificially crippled and limited to 10,000 connections.  This isn't a "CPU limit" it's just some fake limit in the device as far as I can tell.
 
The problem we have is that we are only using around 500-600 connections and CPU usage is only like 25%, and yet the connection count is pegged at 10,000 and locks us out of our network.
 
I am pretty sure this is because there are a lot of "dead" TIME_WAIT connections hanging around not being used.  In our application we only have the couple hundred connections but they do move around a bit every now and then.
 
Is there anyway to get the device to ignore the "dead" connections and not count them towards the artificial limit on the device given that it's pretty clear the CPU / etc., is not utilized sufficiently.  These aren't real connections, we only have a couple 100 established, they do just move around a bit however.
 
We are really only using 500-700 connections according to our servers, the others are just sitting in TIME_WAIT doing nothing.

View 1 Replies View Related

Cisco VPN :: 5505 Make Necessary Connection With Other Site Connection

Jun 25, 2012

I am trying to confgure a VPN connection on a Cisco ASA 5505, and I am supposed to translate the inside network from 10.200 76.0 to host 10.1.4.204, and then from that scheme establish a VPN with the host 66.179.80.108 on network 192.168.50.0/24. I was told that this Cisco ASA appliace would be able to translate the network address as a mask in order to make the necessary connection with the other site connection.

View 6 Replies View Related

Cisco Firewall :: Monitoring ASA 5505 Firewall Active / Standby Pair Using SNMP?

Sep 7, 2011

How I can actively monitor the interfaces and overall status of 2 x ASA 5500s in an Active/Standby configuration?
 
I can setup monitoring of the interfaces on the Active member but I'm not sure how to manage the Standby member?

View 1 Replies View Related

Cisco Firewall :: IOS Firewall Versus ASA (5505 / 5510) For Smaller Clients (less Than 50)?

Apr 24, 2012

We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510.  One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover.  I have configured a number of isr's for this and i know it works good. 

View 1 Replies View Related

Cisco Firewall :: Failover ASA 5505 - Setup Second Inside Interface On Firewall?

Feb 19, 2012

I have a Cisco ASA 5505 in our office. We are currently using Interface 0 for outside and 1 for inside. We only have 1 Vlan in our environment. We have two three switches behind the firewall. Today the uplink to Interface 1, to the firewall, on the switch went bad. I want to setup a second inside interface on the firewall and configure it as failover incase this happens again. I want to attach it to the other switch. Can I do this? If so, what do I need to do? would it only be a passive/standby interface?

View 1 Replies View Related

Cisco Firewall :: Setting Up ASA 5505 To Be Used As Firewall Between BT Internet And 3560 LAN Switch?

Aug 23, 2011

setting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:

Network Address   Network Mask  BTnet NTE Router LAN Address
      
There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.

View 21 Replies View Related

Cisco Firewall :: Upgrade From 5505 To 5520 On Network - ASA Firewall Throughput

Feb 27, 2013

I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
 
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
 
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.

View 5 Replies View Related

Cisco Firewall :: 5505 - Setting Transparent Firewall Ip Address?

Dec 22, 2011

Trying to set up a asa 5505 in transparent firewall mode. I cannot set the management ip address:
 
ciscoasa> enable
Password:
ciscoasa# config term

[Code].....

View 7 Replies View Related

Cisco Firewall :: ASA 5505 Creating Interface Vlan In Firewall

May 3, 2011

I have been working with ASA 5510,20,40,80 but not with 5505 this vlan and its interfaces are quite confusing.Just want to know how it works and its connectivity to Cisco Switch.Do i have to put the interface of the switch in the same vlan as i am creating the interface vlan in firewall ?Now the switch port connecting to this Eth1 interface should also be in the same vlan ? i.e vlan3 ?? or it will be in trunk ? The default configuration shows the eth0 with no access vlan and interface eth1 with access vlan 2... does it mean the eth0 is in vlan1 ? (Nativ Vlan ) ???

View 4 Replies View Related

Cisco Firewall :: ASA 5505 Firewall To Filter HTTPS Websites?

May 28, 2012

I have a cisco asa 5505 firewall. Is it possible to block secure websites in it like [URL]? I have already tried regular expression filtering but it filters only http traffic.

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved