Cisco Firewall :: ASA 5505 / Unable To Use Full Bandwidth?
May 23, 2011
When I have a computer directly connected to the Cable Modem I get 9.84MB Down and 1MB Up. When I put it behind the ASA 5505 with policing on the interface, I only get 4MB Down and 660Kb Down.What I'm wanting to do is setup this up to enable my VoIP to have a higher priority and shave 128kon both the Up/Down for the VoIP traffic. I also want to make sure I don't exceed the inbound and outbound thresholds.I''m using a 5505 Security Plus?
View 3 Replies
ADVERTISEMENT
Sep 30, 2012
I have 20 mbps internet link and I have ASA 5505 . I have to divide this bandwidth 10-10 mbps each for Voice and Data . So that both can work properly. because when I am using it for both on same interface, I am getting Voice disturbance..
View 1 Replies
View Related
Jul 24, 2012
i have 16MB internet speed, i want to give inside interface in my ASA only 2MB to use how can i assign it ?
ASA Version 8.2(5) !hostname ConcordeASAenable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface
[Code].....
View 2 Replies
View Related
Jun 4, 2013
We have 10MB dedicated Internet BW and want to run VC device and due to heavy traffic and BW high utilization at peak hours, VC performance is not sufficient. We would like to reserve 2MB for VC device. How much possible to fix up this configuration in ASA5505 version disk0:/asa724-k8.bin [URL]
View 5 Replies
View Related
Jun 11, 2013
I'm having a bit trouble to limit the bandwidth on outgoing traffic with a Cisco ASA 5505.
In my case I want to limit the bandwidth to 31mbit/s up and down on the outside interface. but with my current configuration, just the download rate gets limited to 31mbit/s when I do a tptest. and the upload is around 40/50mbit.
Here is the policy configuration,
access-list outside_bw extended permit ip any any
class-map outside_bw
match access-list outside_bw
[Code].....
View 1 Replies
View Related
Feb 10, 2013
I have two Catalyst 3560 series switches with a 100Mb Ethernet microwave link and a 250Mb Ethernet microwave link between them. Can the switches be set up to make full use of the added bandwidth (350 Mb).
View 3 Replies
View Related
Oct 31, 2012
I just bought a E1200 routerand using automatic setup by using CISCO connectafter that, I only got a CONNECT SPEED with about 10Mbps in my android smart phone,I would like to know how can I increase the WIFI strength WITHIN THE WIFI SETTING, I chose MIXED mode rather than specific in b/g/n mode.
View 4 Replies
View Related
Oct 16, 2011
I have a 100mb conection and regularly get 90mb plus speed when conected direct to the modem. If I conect via the E4200 I only get 50mb ? I have tried disabling the firewall and QOS but this has had no effect. I am using a wired conection and the latest firmware. Its almost as the E4200 is capped at 50mb throughput.
View 6 Replies
View Related
Sep 9, 2011
I just tried to configure my ASA but unable to ping. My setup is as follows:
Cable Modem (DHCP from IPS)---> ASA (192.168.1.1)--->Belking Router (192.168.5.1)--->Switch (192.168.5.14)--->
ASA Version 8.2(3)
!
hostname WoodHomeASA-1
[Code].....
View 30 Replies
View Related
Dec 27, 2011
First time attempting to set up a 5505. Trying to replace a snapgear firewall and replicate the settings to the 5505.
View 12 Replies
View Related
Sep 20, 2011
I have a command line from ASA 5505 like below :
nat (inside) 0 access-list NO_NAT
The problem is I cannot see any matching ID of 0 at the (outside) like :
nat (outside) 0 xxxxxxxxxxxxx
Another problem is there is also no any access list with the name of NO_NAT.
View 2 Replies
View Related
Dec 11, 2012
I am using ASA 5505.Below are my sh run.I am not able to ping my gatway i.e 182.73.131.89
interface Ethernet0/0
description Internet Interface
switchport access vlan 61
!
interface Ethernet0/1
description office Internet
switchport access vlan 50
[code]....
View 3 Replies
View Related
Sep 26, 2012
I have ASA 5505 and I save the configuration in the ASA 5505 using write memory or using copy run start but whe i unplug the power cord and plug it back in the ASA gets its factory default configuration.
View 8 Replies
View Related
Sep 27, 2012
I have config ASA 5505 and it is conencted to layer 3 switch that connects to cable Modem.
ASA is config with DHCP option and PC is able to get the IP from ASA. But from PC i am unable to access the internet. From ASA itself i am able to ping the Websites fine.
ASA has config with DHCP for inside and also it is doing NAT.
When i connect the ASA directly to Cable modem then pc is able to access the internet.
View 4 Replies
View Related
Apr 5, 2013
I have setup 5505 ASA for Testing purposes. It has static route to layer 3 switch on outside interface that goes to the internet.
ciscoasa# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
[Code].....
View 20 Replies
View Related
Feb 13, 2012
We have a cisco asa 5505 on which we have setup a group VPN. The VPN connections from all cisco vpn clients works fine except one. The keep getting the below error
"Secure VPN Connection terminated locally by the client. Reason 412: The remote peer is no longer responding. Connection Terminated".
Not sure why only one client won't be able to connect. The version we are using is 5.0.02 for VPN client.
View 10 Replies
View Related
Oct 31, 2011
I am unable to Telnet/SSH/RDP from my inside network to my DMZ. I am not sure where the problem lies, I am able to use VNC from the inside to the DMZ (ports 5800, 5900), and also establish connection on Ports (26700-26899). I have a computer connected directly to the DMZ and those services work to all networks on the DMZ.I have attached Logs of successful VNC connections, unsuccessful RDP and Telnet sessions, and the running config.
View 23 Replies
View Related
Aug 12, 2012
I configured a new Asa 5505 with Ios 8.44-1-k8.bin and when I installed the Asa the client's after about 1 hour were unable to ping or map drives to the Asa. I got the following error,%ASA-2-106007: Deny inbound UDP from XXXX to XXXX due to DNS Query. I added the command same-security-traffic permit intra-interface they were then able to ping the server and connect to the Internet, but still unable to map drives i could see the connections from the Pc's to the server in a show conn with was tcp port 445 with Saa? I reverted back to Ios 8.25 and everything works.
View 2 Replies
View Related
Mar 26, 2012
I have 2 subnets bought from my provider 194.102.98.128/27 and 194.102.98.160/27.
From my provider a have the following setup:
IP Address: 86.120.151.66
Netmask: 255.255.255.128
Gateway: 86.120.151.1
DNS (1): 213.154.124.1
DNS (2): 193.231.252.1
My IPs are static routed by my provider thought 86.120.151.66 .
On the firewall I have the following set-up:
Outside Interface: 86.120.151.66/25 security level 0
DMZ interface: 194.102.98.129/27 security level 50
Inside Interface: 194.102.98.161/27 security level 100
0.0.0.0 0.0.0.0 [1/0] via 86.120.151.1, outside
Everything works perfectly except when I try to sent an email. The email gets sent (eventually), but afert a long waiting time, 45-60 sec. The connection is opened instally to the server but then just hangs there for 40-50 sec. The problem is that a have an aplication on a server that has to send confirmation emails, and that aplication is limited to a 30 sec timeout for conecting to the mail server, much less then the 45-60 sec that I have now. The mail server is hosted by a data center, it is not in my networks (location).
I have tried deleting the ESMTP inspection, that doesn't work. Pinging my mail server rezults in a average time of 20 ms. And when a do a tracert the hight value in a hop doesn't usually pass 80 ms, the average is 20-25 ms.
The problem is ONLY when sending emails. Everything else works perfect, including receiving emails from the same server.
My running config is:
hostname ASA-Adisys
domain-name Intern.ro
enable password 0./39zRW9yhKK/bO encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
View 3 Replies
View Related
Jan 9, 2013
Remote LAN pool is configured as inside. Route is proper. I am able to open 443 port from the remote LAN pool on the ASA. That means, the port is open from the remote pool. No response if I try https on the browser.
View 11 Replies
View Related
Jun 28, 2011
I found a tricky task for our ASA 5505 firewall. I am not able to go internet when using DHCP but I can access by using fixed IP address in client PC.Same IP, Same Mask, Same DNS, Same Gateway. All the same but no hope. Any configuration i missed in firewall?
View 5 Replies
View Related
Mar 8, 2011
I'm unable to have any internet connection for my new setup.
here's the overview.
Current setup is
Internet -> Router -> PIX 501 -> Switch -> clients
Internet -> static ip given is 210.193.34.1 - 210.193.34.6
Router -> Static ip assigned for NAT/External is 210.193.34.1, Local ip is 192.168.1.246
PIX 501 setting ->
IP to Router, According to router screen is 210.193.34.2, but not sure what settings are done in the PIX itself as I'm unable to access it.
local ip is 192.168.1.1
Clients - > 192.168.1.0
Old setup is working fine and connected to internet. for the new setup, as i do not want any downtime for the old setup.
As you can see, there are two firewalls connected concurrently to the router. I've configured it this way.
Internet -> Router -> ASA 5505 -> Switch -> clients
ASA 5505 setting ->
IP to Router NAT/External/ Outside Interface, 210.193.34.6 (Or do i set as 192.168.1.0?),
local ip/ Inside Interface is 192.168.2.1
Clients - > 192.168.2.0
some setup details.
security policy, NAT, set to default. routing is route outside 0.0.0.0 0.0.0.0 210193.34.6
I'm unable to access after a week of troubleshooting.
View 7 Replies
View Related
Feb 7, 2012
I'm looking for a device which will allow me to forward all internet bound traffic through a L2L IPSec tunnel from branches to a central hub and internet connection.
I've recently purchased a RV120W(as a test branch device) which i've tried to get working with the ASA5505 at the central site. I can get the VPN to come up but can't manage to get the internet bound traffic through it. Reading up on the issue, it looks like full tunneling or IPsec wildcard forwarding isn't supported on the RV120W and RV220W devices [URL] The source mentions that the RV0xx series supports this feature, however one of my requirements is wireless on the device.
Any device which supports this rather than just the standard split tunneling, alternatively a workaround which will allow me to use RV120Ws at branch sites? Would an SRP521 support what i'm trying to achieve?
View 1 Replies
View Related
Oct 26, 2012
I have ASA 5505 with base license. I created 3rd vlan on it.it was created. but i am unable to assign IP to it. i assign ip address it takes it. But when i do sh int ip brief it does not show any ip.
Code...
View 7 Replies
View Related
May 23, 2013
i can't get it working to expose on internal server to an outside interface.I used the public server function in ASDM.Internet access works if i nat my private adress to one of the available ipadresses provided by our isp.
Internal Server : owncloud 172.10.0.4
External Server : ext181 46.245.171.181
I can't see the error in the configuration,
: Saved
:
ASA Version 9.1(1)
!
hostname rhedetest
domain-name xxxxx.de
enable password 59t92OvRofWL9yf3 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
[code]....
View 10 Replies
View Related
Nov 22, 2012
I have upgraded an ASA 5505 to 9.0(1) as I would like to use ipv6 version of dhcprelay. That said, I am unable to obtain a global unicast address but the link-local address is able to communication with the ISP's gateway/DHCP provider which I hope will allow v6 dhcprelay provide internal clients with IP's from the ISP. Trouble is, unsolicated inbound ICMPv6 messages from the ISP's gateway are being dropped on the way into outside interface.
%ASA-3-313008: Denied IPv6-ICMP type=129, code=0 from fe80::201:5cff:fe3b:3c41 on interface outside
%ASA-3-313008: Denied IPv6-ICMP type=131, code=0 from fe80::201:5cff:fe3b:3c41 on interface outside
%ASA-3-313008: Denied IPv6-ICMP type=131, code=0 from fe80::201:5cff:fe3b:3c41 on interface outside
[Code]...
View 4 Replies
View Related
Sep 9, 2012
I have assigned a task to configure a vpn between windows 2008 server and cisco asa 5505, what kind of vpn should i go with as the windows 2008 server r2 is on cloud and is it possible to configure site-to-site vpn for this network senario or not.. i have try ikev1/ipsec remote access vpn with l2tp with (CHAP, MS-CHAP v2) and couldn't find any document which will allow me to configure windows 2008 server to behave a client and connect it to asa, well what i did is that i configured a dail-up connnect with l2tp and found the following debug message
Sep 09 20:04:02 [IKEv1 DEBUG]IP = 172.16.32.5, Oakley proposal is acceptable
Sep 09 20:04:02 [IKEv1 DEBUG]IP = 172.16.32.5, IKE SA Proposal # 1, Transform # 1 acceptable Matches global IKE entry # 1
[Code].....
View 1 Replies
View Related
Jan 20, 2013
My laptop is reading a full WiFi signal from my router. I am currently connected to the router via Ethernet on the same laptop. I've been reading tons of old threads to troubleshoot this. I'm at a loss. I have used this current networking hardware for more than a year without any problems. I do have a pretty old router but my iPod connects to the WiFi no problem at the moment. Here's what I've tried so far:
- soft reset of router
- power cycle modem and router
- removed saved network information from the laptop
[Code]......
View 14 Replies
View Related
Nov 28, 2011
I have a issue that i am at a loss as how to solve it. I have an ASA 5505 as my firewall. I have users from other companies who visit from time to time and are unable to use their outlook email to send messages. They can however receive messages without a problem. I also have a situation where users who use windows live to access gmail are unable to send messages.
I have narrowed it down to the fact that these uses are using ssl/tls to send the mails. I did some research and found out about the inspect esmtp setting in the ASA. I have disabled it and i still have to problem. I have also removed all outbound deny statements and still no luck.
Of note is that i can send emails without attachments. They take a long time to go out ( from minutes to hours) but eventually they do. Emails with attachments of even 10k do not go at all.
I was running image 8.2.3 and i downgraded to 8.0.5...still did not work...i upgraded to 8.4.3...still did not work. I am now back at 8.2.3.
My Firewall config is attached. I am at my wits end as to what else to try. The company has not renewed support for the device so i am on my own here!
View 2 Replies
View Related
Sep 24, 2011
I am using two firewalls to connect two different offices. Firewall 5510 is running ASDM 6.3 and 5505 is running ASDM 6.2, Problem is that even after connecting two sites, i am unable to ping remote network from either side. I am mentioned static route as tunneled.
View 1 Replies
View Related
Mar 15, 2013
I have already seen many threads with the same problem but none of the solutions worked for me.I am unable to connect to my router (Beetel 450TC1) via wireless network. Even if I enter an incorrect security key, no authentication error is displayed. The wired connection works flawlessly and I can access router admin panel through wired connection. Things I have tried:
1) Called up the ISP customer care.They upgraded the router firmware, did a hard reset and did all settings remotely. This did not fix the problem and the executive reported that I have a faulty hardware. I think my hardware is fine because the same problem exists with other smartphone devices and I can connect to college WiFi easily.
2) Changed wireless security authentication and SSID.
3) Tried a manual hard reset and firmware downgrade (same problem persists with downgraded firmware) and again upgrade.
4) Tried different operating systems (Windows 8, Windows 7, Ubuntu 12.04). Same problem exists with each of them.
[code]....
View 8 Replies
View Related
Aug 18, 2011
I am using ASA 5505 cisco firewall as a transparent firewall. I have assigned ethernet 0/0 as outside interface and ethernet0/1-7 as inside interface. There are 3 departments in office. So, i connected ethernet 0/1 to Dept A, ethernet 0/2 to Dept B and ethernet 0/3 to Dept C. Now, I want to limit bandwidth to each department, e.g, 1 Mbps download/upload to Dept A, 512 kbps download/upload to Dept B and 512 kbps download/upload to Dept C. So, how can i do this in ASA 5505.?
View 1 Replies
View Related
Apr 4, 2012
I feel a bit in over my head here as I've never dealt with QoS stuff before, but what I'm trying to do can't be all that difficult. We are using a Cisco ASA 5505 appliance for routing/firewall.We are on a cable Internet connection with 3 MB upload.
On Sunday mornings, we send audio from a device on our network out over the Internet to a radio station which then broadcasts it, but we've had some jitter problems lately and would like to reserve some space for this audio feed to get out without other traffic getting in the way.
The device on our network sending the audio has IP address 192.168.0.22. The device's documentation states it uses TCP 9002 to send session data and UDP 9000 to send the audio data.
So, it seems to me I need to simply tell the firewall to give priority to the device at IP address 192.168.0.22, perhaps also specifying the ports and protocols. I'd rather not try to do this using command line stuff but will do what I need to.
Using the Cisco ASDM launcher to configure the ASA 5505, I created the following security policy but I'm thinking it may be incomplete, or perhaps the wrong thing altogether:
I created a "Source" called WLFJ_Tieline which is a network object with IP address 192.168.0.22.For "Destination" I just chose "any" to cover it all.For "Service" I don't know what I'm doing in that field. I see I can choose from things like TCP, UDP, IP, and also add port numbers, but I'm just not sure what I'm doing in there and chose IP.Then there is the "Source Service" field that I don't know if should be blank.
View 1 Replies
View Related
