Cisco Firewall :: ASA 5505 - How Name Resolution In Small LAN Can Be Done Without Local DNS Server
Mar 30, 2011
I like the ASA 5505 for SMB and Home Offices very much, but I'm missing sadly a DNS Server or at least the ability of the DHCP Server to use static addresses for certain MAC's. In SOHO's the ASA is the only thing always powerded on and often even a Server where a DNS Server could be installed is missing.So is there a chance to see such a feature (DNS Server and/or static DHCP) in the next SW Release? how name resolution in a small LAN can be done without a local DNS Server?
View 3 Replies
ADVERTISEMENT
Apr 22, 2012
i'm trying to setup a local DNS server to manage small office local-only domain names for our servers. i have the DNS working properly (resolving local machines and using the ISP dns if it can't). so i put the DNS server ip into the "Static DNS 1" field of the router settings. the other 2 static dns fields are empty.the problem is that the router is still using the ISP dns server as the primary and my local dns server as the secondary. i verify this in two places. first, if i go to the "status" tab, DNS 1 shows the ISP server while DNS 2 shows my local DNS server. secondly, if i connect to the wireless device with a linux-based machine, the /etc/resolv.conf file shows the nameserver ips in the same incorrect order.
View 1 Replies
View Related
Jun 10, 2012
I need configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.I have attempted to configure rdp access but it does not seem to be working for me. How to modify my current configuration to allow this? I need to allow the following IP addresses to have RDP access to my server: [code] The other server shows up as 99.89.69.334 but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. My configuration file and what are the commands i need in order to put this through. Also, if there are any bad/conflicting entries. Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course.Also the bolded lines are the modifications I made but that arent working. [code]
View 8 Replies
View Related
May 4, 2013
I have a Cisco ASA 5505 in my home office which has a few PCs behind it with a linux web server running some websites. I can access the websites from outside no problem (i.e. on my iPhone using a 3G connection). However, I struggle to access the websites from within the network. The ASA gives me this error: [code]
View 3 Replies
View Related
Mar 3, 2013
I ran into a very interesting problem that occurred today and I'm trying to figure out why it happened. If it was one ASA 5505 that just required the reboot, then I'd have just chalked it up to a glitch, but when we built a new AD/ DNS server on the main network at the main site and changed the 3 Remote site ASAs to point to the new DNS server in the DHCPD options, none of them could ping any local host names to the DNS server at the main site they were now pointing too, but external host names { URL} all translated and pinged fine.
From a laptop on one of the remote sites, we could ping the new AD/DNS server(192.168.0.3) and the old AD/DNS server(192.168.0.2) and everything else at the main site, and telnet to port 53 showed successful across the Easy VPN from the Remote site to the new server at the main site. When wire shark was added to the new DNS server at the main site, the DNS request and replies for {URL}, for example, came and worked fine, but any requests for local resources never made it to the server from the remote sites.
A reboot of one of the Remote Site ASA's corrected the issue. Then I rebooted the other two remote site ASAs, and now DNS was working fine for everybody. I had also tried clearing the ARP cache on the ASAs before resorting to rebooting them. I also tried rebooting the laptop thinking the local DNS cache needed cleared before resorting to rebooting the ASAs. I'm struggling to understand why external, public host names made it through and resolved from the remote sites to the new server at the main site, but anything local failed before even reaching the new server(The new DNS server could resolve requests made by computers at the main site, but the remote sites that traverse the Easy VPN from the ASAs failed). The new AD/DNS server is the only server configured for DNS for all remote site computers.
Is any of this making sense? I'm wondering if clearing the x late or local host tables would have corrected it without having to reboot. I'm just trying to grasp the understanding here and figure out what happened.
View 5 Replies
View Related
Aug 7, 2011
I just purchased an E2500. I have a small home network dominated by Mac and Linux boxes, with an occassional Windows machine. On my previous router I had been running OpenWRT.
One of the nice features of DNSMASQ is that it will do local name resolution from the /etc/hosts file on the router. Is there anyway to turn on similar features in the E2500? I have a NAS box and a networked printer that require local name resolution. I had hoped that I could just create a DHCP reservation for them, and that the router would resolve their names for other hosts on the network. This does not appear to work.
Should I just be boxing this thing up and returning it in favor of a unit I can flash better firmware on to?
View 3 Replies
View Related
Sep 17, 2012
I have an out of the box configured RV220W and was wondering if it supports local DNS resoltuion for DHCP addresses it issues. I have a few reservations and a custon search domain configured ('local') but it will not resolve a name fromt the terminal using the search domain (see below):
It resolves freenas but not freenas.local.
macbookair:~ brantwinter$ dig freenas
; <<>> DiG 9.8.1-P1 <<>> freenas
;; global options: +cmd
[Code]...
View 3 Replies
View Related
Mar 21, 2012
I'm trying to establish a VPN tunnel between our main office running a Cisco ASA 5505 [8.3(2)] and a remote user using a Cisco Small Business WRVS4400N firmware version V2.0.1.3.
The Cisco ASA 5505 is already configured to allow incoming IPSec VPN connections via the Cisco VPN Client.
Is this possible, and if so, how would I go about doing so? The remote user has a static IP address as well as the main office.
I'm trying to establish a VPN tunnel between our main office running a Cisco ASA 5505 [8.3(2)] and a remote user using a Cisco Small Business WRVS4400N firmware version V2.0.1.3.
The Cisco ASA 5505 is already configured to allow incoming IPSec VPN connections via the Cisco VPN Client. Is this possible, and if so, how would I go about doing so? The remote user has a static IP address as well as the main office.
View 2 Replies
View Related
Feb 26, 2011
We have cisco 5510 and on our floor we have client who we provide internet connection. One of our client has small server and 2 computers and they want setup vpn connection so they can access their server from outside. We have only one static public ip for firewall and exchange. We don't want provide another public static ip to the our client so they can setup the vpn. Is their any other way to setup vpn for them? can they the use our 1 public ip for vpn?
View 11 Replies
View Related
Feb 19, 2013
Im trying to configure remote access VPN on ASA5505. I configured it as local CA server, installed digital certificate on remote station and everything looks fine as far as i can see. I'm using cisco VPN client 5.0 on remote station. when i initiate VPN session it fails while trying to connect. Looks like im missing some configuration but i cannot figure out what it is. Currently i have firewall configured to use group authentication and everything works fine. I want to switch it to use certificate authentication, and if possible, confiure firewall to use main mode instead of aggressive mode for better security.
View 4 Replies
View Related
Oct 4, 2012
I am configuring remote access vpn on ASA5505.Everything is working fine so far, except when the client got connected, it still used the local DNS server provided by the ISP. How do I force the client to use the DNS server configured on ASA?
View 7 Replies
View Related
Jul 24, 2012
I have, what I believe to be, a simple issue - I must be missing something. Site to Site VPN with Cisco ASA's. VPN is up, and remote hosts can ping the inside int of ASA (10.51.253.209). There is a PC (10.51.253.210) plugged into e0/1.
I know the PC is configured correctly with Windows firewall tuned off. The PC cannot get to the ouside world, and the ASA cannot ping 10.51.253.210.
I have seen this before, and I deleted VLAN 1, recreated it, and I could ping the local host without issue. Basically, the VPN is up and running but PC 10.51.253.210 cannot get out
ASA Version 7.2(4)
!
hostname *****
domain-name *****
enable password N7FecZuSHJlVZC2P encrypted
[Code]...
View 2 Replies
View Related
Dec 15, 2011
We've a Cisco ASA 5505 connected directly to Verizon FiOS Circuit (ONT) box using Ethernet cable. As per the existing documention that I have, the previous configured this as a dedicated router to establish a seperate VPN connection our software provider. They assigned both Public Static and Local Static IP address. When I try to ping the public IP address, it says request time out; so the public IP address is no longer working.
When I ping the local IP address of 192.168.100.11, it responds. The SolarWind tool also shows Always UP signal. How can I login into this router either from remotely or locally to check the configuration, backup and do the fimrware upgrade?
I also tried to connect my laptop directly to the ASA 5505 router LAN port. After 3 minutes, I'm able to connect to Internet without any issues. However I don't know the IP address to use to login.
View 3 Replies
View Related
Apr 11, 2011
I'm having trouble setting up local LAN (reach inside network when VPN connected) and Internet access (reach internet when VPN connected) for my VPN CLients when they are connected to my VPN, They can connect, no problem there, but I can't reach any resources when connected. My pings time out, both to my inside network and to public ip adresses, the only thing I'm able to ping is my ASA (172.16.30.1), and I don't se any routes under "Status/Statistics/Route Details" in my cisco VPN Client (when connected).
Here's my config
ASA Version 8.0(3) !hostname KardesASAdomain-name default.domain.invalidenable password XXXX encryptednames!interface Vlan1 nameif inside security-level 100 ip address 172.16.30.1 255.255.255.0 !interface Vlan10
[Code]....
View 14 Replies
View Related
Aug 23, 2011
We have Cisco ASA 5505 with ASDM 5.2 We have one Proxy server in our Local Lab and pointed to Hosted service(Simple Signal)issue is, When our proxy server send register to hosted server, ASA change private IP and post with outside IP and src port as 1063 every time.
Here is debug log on real time monitoring.
Aug 24 2011 05:21:19 302015 203.xxx.xxx.226 192.168.1.51 Built outbound UDP connection 3774 for outside:203.xxx.xxx.226/5060 (203.xxx.xxx.226/5060) to inside:192.168.1.51/27014 (99.119.161.107/1142)
Aug 24 2011 05:21:19 607001 203.xxx.xxx.226 Pre- allocate SIP Via UDP secondary channel for inside:192.168.1.51/27014 to outside:203.xxx.xxx.226 from REGISTER message
Aug 24 2011 05:21:19 710005 203.xxx.xxx.226 99.xxx.xxx.107 UDP request discarded from 203.xxx.xxx.226/5060 to outside:99.xxx.xxx.107/1063
Here 99.xxx.xxx.107 is Our ASA Outside IP address 203.xxx.xxx.226 is Hosted server IP address. My ASA config is attached.
View 2 Replies
View Related
Aug 7, 2011
We are using several Cisco ASA 5505 with the 8.05 OS on it. The problem is that the SMTP traffic of my ISP(Telenet) isn't passtrough the ASA, I'm using outlook 2010. Before there was also a problem with our local exchange server but I solved this by disabling ESMTP checking in the policies, but it didn't worked for my local ISP.
View 4 Replies
View Related
Aug 22, 2012
I am having difficulties with getting SPAN traffic over my WS-X6704-10GE (CFC).
CISCO7606
ios 12.2(33)SRE6, SUP720-3BXL
Trying to use the span feature, put the commands listed below in and they entered successfully, but the port is not being mirrored.
interface TenGigabitEthernet1/1
description PUBLIC
dampening
mtu 9216
ip address x.x.x.x x.x.x.x
[Code]....
View 1 Replies
View Related
Jul 28, 2011
I have a request to establish a site to site VPN with a customer. While collecting the information I give them our local network subnet which is a private subnet (192.168.5.0). They asked me if I could give them a public address instead. They can not work with the 192.168.5 subnet. Is this possible?
My side of the VPN is an ASA 5505 running 8.2(2). The other side i believe is a Checkpoint.
View 5 Replies
View Related
Feb 6, 2013
I have a Cisco ASA configured for Any Connect clients. I also want to pass 443 traffic back to an internal web server, but not sure if I can do this since the Any Connect clients are already connecting over 443 to the ASA, right?
View 8 Replies
View Related
Jul 9, 2012
We have a Cisco ASA 5505. As of yesterday we could no longer access our web server (the web server is hosted off-site). Pinging the DNS address and direct IP (from the firewall and a PC) both return no response. Pinging the IP from the T1 router responds properly, meaning the router can access the web server, but the firewall cannot. Accessing the web server has never been a problem, and no configuration changes have been made to the network/firewall. Other locations can access the web server just fine.
View 1 Replies
View Related
Feb 24, 2013
I have a Cisco ASA5505 and windows DHCP server, how do I add this external server to ASA so my PC clients can get DHCP from this server?
View 3 Replies
View Related
Feb 11, 2013
I'm configuring a Cisco ASA 5505 ASA Version 8.3.1 I want to publish my web server is in the DMZ (10.30.30.1) and server address is 10.30.30.30 but it still fails.I have only one public IP, and hope that when they call the Public IP, my web server appears, another problem I have is that when I assign the public IP to my interface OUTSIDE my LAN loses internet connection.I have to do to publish my web server and the LAN computers have internet access?
View 16 Replies
View Related
Nov 15, 2011
I want to configure my Cisco asa 5505 as a dns server, so that when i configure any of my network systems ip address and use my firewall as a default gateway and dns ip, the system should be able to browse internet.
View 5 Replies
View Related
Jan 7, 2013
How to create a small computer lab. I own a private tutoring class and i want to expand into computer programing. I am planning on purchasing about 10 computers to begin with. However, i want go create a small server so that each student has their own log in id# and all their files are only accessed when they log in. I just want to find out how i would be able to do this as ive seen this at public schools.
View 1 Replies
View Related
Dec 8, 2012
My father has a small office at home with a server, used to store some files and software he uses and provide a stable network for the house. The network looks something like this:
-Our wall socket line runs to a modem we have from our ISP
-The modem then is connected to our server computer
-Which is in turn connected to a switch
-...where the computers and a router are connected to
This was set up by some computer company. Now for the question: we have used the router connected to the switch to connect wirelessly to the server to receive emails on our mobile phones (email runs via the server too). Also, my father syncs his Outlook diary on his phone this way. Apparently this doesn't work when connected to the modem, I guess because that signal hasn't been processed by the server yet. Now we are unable to connect to the router, presumably because it is quite old and ready for a replacement.
The question is: Can I just replace it with some random router and expect it to work? Or do I need a more specific router/more specific settings in the router to make this work again?
View 12 Replies
View Related
Jul 8, 2012
Instead of using a IP address I would like to use a host address that points to a NTP pool.An example would be:ntp server 0.north-america.pool.ntp.org Can this be done on the ASA series?
View 1 Replies
View Related
Jan 12, 2011
I have a client in a workgroup environment. They are a small company with perhaps twenty systems. Their infrastructure consists of a Dell Switch, a Cisco ASA-5505 which hands out the DHCP and a router. And that's that.They have been using an external IP as their DNS Server to get out to the Web. However, they now want to add an internal Linux-based DNS server.In looking through the ASA-5505 today I noticed a field for DNS enteries. Is this where the IP for this new internal DNS Server (in the secondary DNS field) would go?If so, would it be necessary to reboot the ASA-5505 for this change to take effect?
View 12 Replies
View Related
Nov 1, 2012
I get the following message when appling "DHCPD ENABLE INSIDE"
DHCP: Interface 'INSIDE' is currently configured as CLIENT and cannot be changed to a SERVER by a SERVER feature
This is an ASA 5505 Running 8.2.
View 14 Replies
View Related
May 25, 2011
I would like to allow users from network 10.132.23.0/24, 10.132.33.0/24, 10.132.24.0/24 access to our SQL server(192.168.1.7) located on the inside interface(192.168.1.0/24 network) Those networks (10.132.0.0/16) come from the DMZ interface.
View 12 Replies
View Related
Feb 7, 2013
: Saved
: Written by enable_15 at 03:51:29.049 UTC Mon Feb 4 2013
ASA Version 8.4(4)1
host name cisco asa
enable password xxxxx encrypted
password xxxxx encrypted
names
interface Ethernet0/0
switch port access v lan 100
interface Ethernet0/1
interface Ethernet0/2
[code]...
View 2 Replies
View Related
Aug 2, 2011
I tried the solution posted at [URL] however it did not work on my ASA5505 8.4(2). I thought that it may be because I only have a single public address so the web server is responding to port forwarding through the one public IP already. looking in ASDM it appears to indicate that a configured access list is blocking the server from responding to the internal hosts.
object network Private_IP
host 192.168.1.15
object network Public_IP
host 1.1.1.1
object-group network internal_net
[code]....
Can I fix an access list (or something) to make this work or am I wishing for too much with only one public IP? This worked by default on my Netgear firewall.
View 4 Replies
View Related
Jul 13, 2011
I would like to allow remote access to a windows server through a ASA (5505) firewall. Users will use the vpn connection in order to connect to a private network. Is there any link that describes the steps for ASDM?
View 3 Replies
View Related
May 23, 2013
i can't get it working to expose on internal server to an outside interface.I used the public server function in ASDM.Internet access works if i nat my private adress to one of the available ipadresses provided by our isp.
Internal Server : owncloud 172.10.0.4
External Server : ext181 46.245.171.181
I can't see the error in the configuration,
: Saved
:
ASA Version 9.1(1)
!
hostname rhedetest
domain-name xxxxx.de
enable password 59t92OvRofWL9yf3 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
[code]....
View 10 Replies
View Related
