Cisco Firewall :: ASA 5510 - Accessing Web Server From Another One Within DMZ?

Nov 19, 2012

Is this possible and if so what commands do i need to configure on my ASA 5510 for it to work.I have two web server within my DMZ and i want to access the outside url of on on the web server from the other. Currently i can access the internet from both webserver server but not the url form either webservers.
 
E.g. config
 
webserver 1       https://xxxxxx.xxxxxxx.com ---> public ip---> dmz ip
webserver 2       https://xxxxxx.xxxxxxx.com ---> public ip---> dmz ip

View 2 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5510 DMZ Accessing From Outside IPv6

Jun 11, 2013

I could access from outside to dmz but after i moved to IPv6 as there is no nat needed, i applied the acl's but dont know where i'm going wrong. I need access from outside to dmz web server.

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Accessing Hosts Over VPN?

Oct 31, 2012

I've been attempting to fix this issue or confirm the issue is not with the firewall and I have kind of run into a road block. This is my problem as I understand it. A client of mine has a VPN tunnel built over a point to point connection of some kind (this client is fairly new to me) and is unable to access some hosts on the remote end of the VPN tunnel from the LAN side of the firewall. The LAN IPs are NAT'd as they leave the network from the HPH-Point-to-Point interface to the remote end. Just as a point of reference, the LAN IP of 129.200.11.19 is said to be working, however the range of 129.200.20.25 - .50 is not. I've tried packet-tracer but with the NAT happening over a VPN tunnel I am not sure if I am doing it correctly.

View 1 Replies View Related

Cisco Firewall :: Accessing SMTP From Outside Network Through ASA 5510?

Oct 11, 2012

I have an issue with my mail server(SME Server) which is behind a Cisco ASA 5500(firewall)  problem is that if one leaves my network they can receive but can not  send email via my SMTP also internal people can only send if they use  the IP address of the server rather than the domain [URL]

here is my layout
 
ISP - ASA 5510 - LAN (includes mailserver)

View 7 Replies View Related

Cisco Firewall :: ASA551 - Not Accessing Server In DMZ From Outside

Aug 6, 2011

I get stuck in a problem,What can be the reason for not working my configuration or any other reason that can be .

[CODE].....

View 4 Replies View Related

Cisco Firewall :: ASA Version 8.2 (5) / Web Server Not Accessing Internet?

Mar 14, 2013

active# sh running-config
: Saved
:
ASA Version 8.2(5)
!
hostname active
domain-name dhalahore.org
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted

[code].....

View 7 Replies View Related

Cisco Firewall :: ASA5510 / Accessing Exchange Server From DMZ?

Aug 16, 2011

We have a ASA5510 with a webserver in the DMZ network 10.2.2.0/24. We now want this web server to be able to access the Exchange server in the Inside network 10.1.1.0/24. I researched this and it seemed straight forward according the the Cisco document below:

[URL] 
 
I'm looking to do this with smtp so I added these lines to the config:
 
static (inside,DMZ) 10.2.2.30 10.1.1.11 netmask 255.255.255.255
access-list dmz extended permit tcp host 10.2.2.2 host 10.2.2.30 eq smtp
 
The configuration line:access-group DMZ in interface DMZ Already existed in the configuration so didn't need to be re-entered.

ASA Version 8.0(4)
!
hostname xxxx
domain-name xxxx.com
enable password xxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxx encrypted
names

[code]....

View 28 Replies View Related

Cisco Firewall :: ASA 8.0(5) / Block Specific Url From Accessing Server In Dmz?

May 4, 2011

I have Cisco ASA 8.0(5) and I need to block specific url to acees my https server in dmz ?I read about websence technology, but I think it's not free right? Also I read abotu policy inspection map's but in my case is HTTPS not http ..

View 1 Replies View Related

Cisco Firewall :: ASA 5510 / Add A Mail Server In The LAN And A Webmail Using Port 3000 On The Server?

Jul 24, 2011

I'am using ASA 5510 and I try to understand how PAT is working.I want to add a Mail Server in the LAN and a webmail using port 3000 on the server. ( webmail must be reachable from the WAN)This is my Configuration :actually LAN users access internet using NAT with one global IP ( 194.x.x.69) which is the ASA WAN interface.

WAN ----- ISP Router ----------     FW     ---------- LAN -------- Mail Server + Webmail
|             (25) | (3000)
194.x.x.69    192.168.1.254                     192.168.1.6
 
I need to forward port 3000 and port 25 from outside to inside.For example, from the WAN : [URL] must be redirect toward 192.168.1.6:3000 . What is the Correct Configuration ? And what about the Inside/Outside Traffic,Is there any configuration to add ?

View 2 Replies View Related

Cisco Firewall :: ASA 5510 - Cannot Access Web Server

Mar 23, 2013

I bought ASA 5510 about a week ago, very basic configuration and my priority was and still to get access list inbound the outside “Security Level 0 “so I can access my web server from the cloud but unfortunately I could not make it work (((TCP access denied by ACL from 92.40.X.X/52511 to outside:81.108.X.X/80))). ••à>> 92.40.X.X is a pc from the cloud that I used to access my web server and the 81.108.X.X is my public ip address My recent Conf is as follow:

Nat Section:
==================================================================================
Dynamic:
nat (inside,outside) source dynamic any interface <<<To have the PCs that inside the Network to have access to Internet>>>>

[Code].....

View 4 Replies View Related

Cisco Firewall :: DNS Server Group On ASA 5510

Apr 5, 2011

I can not have "dns server-group" on my asa 5510, could you tell me how to get this command in my ASA 5510.

View 3 Replies View Related

Cisco Firewall :: ASA 5510 - Configuration For Authentication With ACS 5.X Server

Dec 30, 2012

when we are configuring ASA 5510 8.2(5) for Authenticating with ACS 5.X Server is not authentication fail error.

View 2 Replies View Related

Cisco Firewall :: ASA 5510 Server's NAT Address Not Changing

Nov 16, 2011

I added a new server and created a new static NAT assignment on the ASA 5510 to the server's IP.  When I browse to the web to check what public IP it's reporting, it shows the wrong IP.  I disabled the network interface on the server, ran "clear xslate", reenabled the network interface, ran "sho xlate" and while the correct translation was in the table, the server still reported the wrong IP address.I even ran a packet trace and it showed the IP address being correctly translated to the proper public IP, but when I browse to the web I get the same erroneous public IP. [code]

View 8 Replies View Related

Cisco Firewall :: ASA 5510 Server IAS First Authentication Failed

Jun 5, 2011

I have a little problem with my ASA 5510 version 8.2(1) with a IAS server RADIUS for strong authentication.
 
I have configured a double authentication for my client to access SSL portal:
 
First authentication: AD serverSecondary authentication: IAS for my token SAFENET ALADDIN The server IAS is declared on a W2K3 and it's standard.
 
The problem I have is that after more than 24hours of unutilization, when i try to log in, my authentication failed the first time and then the other tries work fine as long as I use it in a period of 24hours.
 
I first thought about the timeout so i tried to put a "timeout" of 15seconds for AD and IAS servers and a "retry intervall" of 3 seconds, it doesn't change much.
 
Is there a tool/option in the ASA to check connectivity with the radius every 1h for example.

View 4 Replies View Related

Cisco Firewall :: Backup ASA-5510 From A Server Via TFTP?

May 29, 2012

ow to backup Cisco ASA-5510 from a Linux server via TFTP?I do know how to backup a switch or a router. Basically creating an access list such as:
 
access-list 55 remark PERMIT hosts requesting TFTP access
access-list 55 permit host 172.16.0.27
 
and allowing access to
 
tftp-server nvram:startup-config 55
 
all this inside the router or the switch. From the Linux box just running a simple command such as:
 
tftp 172.16.0.3 -c get startup-config newbackup.conf
 
where 172.16.0.3 is the IP address of the switch and newbackup.conf is the name of the config file stored on the Linux machine.So, how do I do that with an ASA box? how to backup ASA from inside it.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Can't Access Server On Different Subnet

Sep 7, 2011

First off, let me preface this by saying that I'm a novice when it comes to firewalls and more specifically, the ASA.  I do however, have an above average understanding of switches/routers.
 
We have an ASA 5510 running 8.3 and recently I've decided to clean up the last admin's mess.  All hosts and servers are on the same subnet, multiple subnets on the same VLAN... and a slew of other problems.  Anyway, I recently placed the IT department on another subnet to test some things out before I migrated other departments to different networks.  Everything seems to be working as it should be with the exception of one of our servers.  The IT subnet is 192.168.150.0/24 and the problem server is on the 192.168.10.xxx network.  I'm guessing the issue lies somewhere in the fact this server does have a static NAT and is accessible from the public.  Let me give you an overview of what our network looks like:
 
ISP ---->ASA----->3750----->2960
 
My workstation is directly plugged into the 3750 switch, and the server is plugged into the 2960.  I'm able to ping this server by both IP and hostname.  However, I cannot access port 80 by IP or hostname.  The users that are on the 192.168.10 and 192.168.11 (sadly both of those are on the same VLAN) network are able to access this server without a problem.  Thinking logically, I thought I would send a packet from my workstation, it would head to the layer 3 switch's VLAN interface corresponding to my subnet, realize the .10 network is directly connected and then forward the packet straight to the server.  However, it doesn't seem to be working that way.  It look like it's being routed to the ASA then being dropped.  I guess there's an access rule or firewall rule preventing me from getting to the server.  Is there a specific part of my config you will need to see...

View 15 Replies View Related

Cisco Firewall :: 5510 Client Need Small Server With VPN

Feb 26, 2011

We have cisco 5510 and on our floor we have client who we provide internet connection.  One of our client has small server and 2 computers and they want setup vpn connection so they can access their server from outside.  We have only one static public ip for firewall and exchange.  We don't want provide another public static ip to the our client so they can setup the vpn.  Is their any other way to setup vpn for them? can they the use our 1 public ip for vpn?

View 11 Replies View Related

Cisco Firewall :: ASA 5510 Email And Terminal Server Going Out

Mar 5, 2011

I am having two issues:
 
1. my email going out is working along with internal, but inbound email is not working. My barracuda email filter is 192.168.1.107 and my exchange 2007 is 192.168.1.222 along with this OWA does not work.
 
2. Terminal Services does not work when I try from the home pc in I get server not available or disconnected

Below is my congig

ASA Version 8.3(1)!hostname wsigatewaydomain-name wsystems.comenable password yVSkMxWRc/S396FB encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0 nameif outside security-level 0 ip address 64.XXX.XXX.XXX 255.XXX.XXX.XXXinterface Ethernet0/1 nameif inside security-level 100 ip address 192.168.1.1 255.255.0.0!interface Ethernet0/2 shutdown no nameif no security-level no ip address!interface Ethernet0/3 [Code]....

View 2 Replies View Related

Cisco Firewall :: 5510 8.3 (1) Static Nat For Web Servers And FTP Server As Well

Sep 13, 2011

I got the charge of a ASA 5510 running with 8.3(1) version.Found that this is simple config with Patting for inside host and couple of Static Nat for web servers and FTP server as well.
 
There is lots of other configuration being done,I assume for the purpose of just R&D by the previous administrator.I need to understand if the following Nat statements holding any relevance?
 
Where we are running Only  NETWORK_OBJ_192.168.0.0/23 subnet at inside and there is no other subnet defined in rest of the statements.i.e 10.0.0.0/27 and 192.168.1.128/27 doesn't exist at all.

View 1 Replies View Related

Cisco Firewall :: Teardown TCP Connections With Kaseya Server (ASA 5510)

Sep 12, 2011

normaly the agents has a persistent connection with the kaseya server (monitoring server),The connection  re-established afther the next check-in of the agent, instead of a persistent connection. Now we need to wait to the next check-in before we can connect to the agent. This is a big performance issue, the check-in time of the agents are 3 minutes.I see a lot of the following messages in de syslog:
 
6Sep 12 201120:27:48302013customer site527985721Built inbound TCP connection 5418112 for outside:(customer site)/52798 (customer site/52798) to inside:kaseya server/5721 (outsideIP/5721) 
6Sep 12 201120:29:09302014customer site527985721Teardown TCP connection 5418112 for outside:(customer site)/52798 to inside:kaseya server/5721 duration 0:01:21 bytes 45 TCP FINs 
  
I create a normal static nat rule from the kaseya server to a public ip address, and i define the protocols in de secutiry policy.ICMP has been allowed.cisco asa details:System image file is "disk0:/asa824-k8.bin" This platform has an ASA 5510 Security Plus license.It's look like a connection time-out between the agents and our cisco asa.

View 8 Replies View Related

Cisco Firewall :: ASA 5510 / SNMP Server To Receive Trap?

Apr 9, 2011

How to prepare my network for snmp,currently i don't have SNMP configured with community,so what is the requirement for that?what server i need to configure in order  to receive SNMP traps coz last time i had issue ,one of my tunnels (terminated on asa 5510) goes down for 2 hours and i didn't realized that

View 7 Replies View Related

Cisco Firewall :: Create Dhcp Server Pool On ASA 5510

Jul 16, 2012

I'd like to create dhcp server pool on ASA 5510. I was wondering how big is the DHCP scope that Cisco ASA 5510 can support? Are there any ASA models which can support up to subnet mask 22 for DHCP scope?

View 7 Replies View Related

Cisco Firewall :: ASA 5510 - Enable External Access To Server On DMZ

Apr 5, 2011

i'' ve one appliance ASA 5510, v8.X and asdm 6X here u have my configuration :
 
interface Ethernet0/0 description Link To WAN nameif outside security-level 0 ip address 212.96.23.186 255.255.255.252!interface Ethernet0/1 description Link to LAN(forefront) nameif inside security-level 100 ip address 10.20.80.1 255.255.255.252!interface Ethernet0/2 description Link to CoreSW (DMZ) nameif DMZ security-level 50 ip address 10.70.70.254 255.255.255.0
  
i have on server ssh (10.70.70.10) on my DMZ .
 
I wan to enable my external user, i mean outside user to be able to access to this server which is in my DMZ for this port ( ssh)

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Connect From Inside To Web Server On DMZ With Public IP

Sep 11, 2012

I hava ASA5510. INSIDE,DMZ and OUTSIDE interfaces are configured. I hava web server on DMZ ip:10.0.0.1 and it is static natted to 1.1.1.1. From internet i can reach to web server with IP:1.1.1.1 and from INSIDE connect to web server with IP:10.0.0.1. Now i want to connect from INSIDE to WEB server via public IP(1.1.1.1).how can configure it?

View 2 Replies View Related

Cisco Firewall :: ASA 5510 - Connecting To External IP Of Internal Server

Sep 25, 2012

I was just wondering if it's possible with an ASA 5510 to connect to the external IP address of an internal server from inside the network.  I have already set up dns doctoring for dns lookups, and everything is working fine there.  We have an application inside the network that tries to connect straight to the external Ip of another internal server.  where to look in the ASDM 6.4?

View 2 Replies View Related

Cisco Firewall :: 5510 - How To Allow Access From LAN To Server Using External FQDN

Feb 20, 2012

I may have phrased the topic not too clearly, but I have an external domain name of mail.company.com , I want my users INSIDE the company be able to also get to url..., currently they cannot (nothing loads, looks to me as if firewall simply drops it) and I'm drawing a blank on how to get this done. Externally this works fine so if you're outside the company you can load up OWA just fine since my NAT rule translates the external IP to internal IP, but something is blocking this from the inside.
 
I have an ASA 5510. If you can just sent me on the right path with theory I'll figure it out on my own, I don't need exact steps, but I must be thinking of this wrong as I'm not getting anywhere.

View 10 Replies View Related

Cisco Firewall :: File Transfer Using Secure Copy Server On ASA 5510?

Nov 13, 2008

I have SSH and SCP enabled on the ASA 5510.  I can SSH fine into the device. However, I cannot copy files to the device usng WinSCP.  Used all options but nothign seems to work.  I see the log authentication successful, but then WinSCP reports no response from ASA.

View 5 Replies View Related

Cisco Firewall :: 3750 / ASA 5510 - Allow Access To Server On Inside Interface From DMZ?

Feb 28, 2013

My internal network consists of Catalyst 3750 switches segmented into different VLANs.  There is a default route on the layer 3 Catalyst switch sending all unknown traffice to the inside Internet of the ASA 5510.  However, I'd like to have a separate VLAN for wifi guest access and send all of that traffic through one of the DMZ interfaces on the ASA 5510.  I don't think you can have separate default routes based on VLANs on the 3750 switches so my only option is to make the ip address of the DMZ port the default gateway for all hosts on the wifi guest VLAN. 
 
The problem I have is that I have a couple servers behind the inside interface that have services available to the public Internet via a NAT address on the outside interface.  I want the guests on the wifi VLAN to have the ability to access the servers on the inside interface using the public address as well, but have not been able to come up with a solution yet. 
 
Here is my config that pertains to this setup:
 
interface Ethernet0/0description Outside Interfacenameif Outsidesecurity-level 0ip address 76.47.10.x 255.255.255.224 rip send version 1rip receive version 1!interface Ethernet0/1description Inside Interfacenameif Insidesecurity-level 100ip address 192.168.17.1 255.255.255.0 rip send version 1rip receive version 1!interface Ethernet0/3description Wifi Guest Accessnameif DMZ2security-level 50ip address 192.168.60.1 255.255.255.0
 
global (Outside) 1 interface
nat (Inside) 0 access-list nonat
nat (Inside) 1 0.0.0.0 0.0.0.0
nat (DMZ2) 1 0.0.0.0 0.0.0.0
static (Inside,Outside) 76.47.10.x 192.168.17.88 netmask 255.255.255.255
 
I've tried the following commands below but no dice. 

same-security-traffic permit intra-interface
static (inside, inside) 76.47.10.x 192.168.17.88 netmask 255.255.255.255

View 3 Replies View Related

Cisco Firewall :: Configure ASA 5510 For Individual Server Traffic Routing

Jan 27, 2013

I am wondering if this is possible. We have multiple internet connections with fixed IP's coming into the office. We'd like to use one for FTP backup and another to service our websites. From what i have read a 5510 doesn't do policy based routing, but we'd like to configure our ftp server to use one of the internet pipes and our webserver to use another internet pipe. Is that possible?
 
We'd have two outside fixed IP interfaces and two internal interfaces. I could then use one of the internal interfaces for the web server and the other for the FTP server. consequently if the internal web server and FTP server use the fixed IP"s corresponding DNS server wouldn't that effectively route all FTP traffic out one interface and all web traffic out the other?
 
Then the FTP traffic would be NAT'ed to an internal interface and the HTTP & HTTPS traffic would be NAT'ed to a separate internal interface.
 
Then if each of the internal servers used the corresponding internal NIC on the ASA as it's gateway and the fixed IP's that correspond to the external DNS server, then it would affectively only use that gatway out for traffic? Would that work? Does it should route traffic out those pipes correct? Will the asa support two different next hop routers for the two different interfaces?

View 2 Replies View Related

Cisco Firewall :: Securely Access Exchange Server 2007 Through ASA 5510?

Dec 27, 2011

Is there any way to access a MS Exchange Server 2007 on Windows server 2008 through an ASA 5510 running 8.4 with a full MS Outlook client (not using OWA - web browser)?  OWA is currently working fine but I was wondering if access via the full Outlook client is possible and more importantly...is it opening up too many ports on my 5510? 

View 1 Replies View Related

Cisco Firewall :: 5510 Single Outside Public / Can PAT Out And NAT SMTP Server Back

Jul 30, 2012

I have an ASA 5510, one public IP address on my outside interface, an internal email server and a private network.I would like...

1: Users on my private network to be able to access the internet (PAT them to external outside address)
2: Email to be delivered to my MX (my single public IP address translated back to my internal email server.
 
i.e. can I share my single public IP address to serve translation in both directions (private users surfing the Internet (in-to-out) and an outside to inside NAT for email) ?
 
Email (MX) = 1.2.3.4
Public (outside) address = 1.2.3.4
Email server internal = 10.1.2.3
Internal private subnet for users = 10.0.0.0/8

View 1 Replies View Related

Cisco VPN :: ASA 5505 / 5510 - VPN Client Accessing Remote LAN

Apr 2, 2012

Trying to figure out how to configure the VPN client side to access a remote LAN.
 
Lan A - 172.16.17.0 - ASA5505 8.2(3)
Lan B - 200.200.0.0 - ASA5510
Cisco Client - V5
 
At present there exist a VPN tunnel between LAN A and LAN B. The client has a VPN tunnel to LAN A to run software package X on the LAN A server. The client also needs to run software package Y which needs access to a database on LAN B.  The computers on LAN A have no problem using package Y since a VPN tunnel exist between LAN A and LAN B. How can I get the Client to also access LAN B on the same tunnel created when the client connects to LAN A? I can't seem to get packets that are directed to LAN B to cross the Client tunnel to A which would then hopefully move onto the LAN A/ LAN B tunnel.

View 2 Replies View Related

Cisco Firewall :: ASA 5510 / Outbound Internet Access Not Allowed When Syslog Server Is Rebooted

Jun 27, 2011

I have recently setup Splunk to receive my syslog messages from my ASA 5510.  In the past I used kiwi without observing this issue, but I needed more features than kiwi had available.  Anyway, anytime I stop the splunk service my asa does not allow any outbound connections to be established. 

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved