Cisco Firewall :: ASA 5510 - Connection Refused By Remote Host

Apr 26, 2011

I am trying to telnet to my asa 5510 from the core swith,however i received the below msg,how enable it?
 
 172.30.1.100 is the inside interface of the asa
 CITYCORE#telnet 172.30.1.100Trying 172.30.1.100 ... % Connection refused by remote host
CITYCORE#

View 8 Replies


ADVERTISEMENT

Cisco :: Connection Refused By Remote Host?

Oct 26, 2011

i have to get a 2811 acting as a terminal server?

View 11 Replies View Related

Cisco Firewall :: ASA 5510 - Show Local-host All Detail Connection / Timeout

Nov 28, 2012

Version: Cisco ASA 5510 8.4(4)1

I've installed cisco asa 5510.

When I "show local-host all detail connection "

Normal situation:

105 myfailover:10.255.255.2/0 NP Identity Ifc:10.255.255.1/0,
idle 0s, uptime 1D14h, timeout 2m0s, bytes 18196822

But I got this output ( timeout - )

[URL]

View 0 Replies View Related

Cisco Firewall :: ASA 5510 / Can LDAP-authenticated Remote User Be Assigned A Connection

Jun 30, 2011

ASA 5510 ASA 8.0 ASDM 6.1 I want some remote users to have split-tunnel connection, others not.  I used Cisco Document ID 100936 "Allow Split Tunneling for AnyConnect VPN Client on the ASA Configuration...".  I created a new Group Policy with split-tunnel enabled.  I created a new Connection Profile and assigned to it the new Group Policy.  When I authenticate at the AnyConnect client I get a dropdown of the 2 connecton profiles, to choose the one I want.  Each of them works, enabling or disabling split-tunnel.  But I want to assign a connection profile to the particular user, not give the user a choice.  The problem is I'm using LDAP authentication.  The Local Users I set up before LDAP are obsolete, assigning them a Group Policy does nothing.  I really don't want to give up LDAP and force people back to another local password.  But the LDAP authentication to Active Directory just says yes or no, it won't assign a connection profile.  At the AnyConnect Connection Profiles page I have set a switch "Allow user to select connection profile, identified by its alias, on the login page.  Otherwise, DefaultWebVPNGroup will be the connection profile".  If I clear that switch every user will be assigned the same default profile, which does not work.

View 2 Replies View Related

Cisco Firewall :: NAT On ASA 5550 V8.3(2) Remote Host Not Accessible

Nov 9, 2011

Not very familiar with ASA and NAT'ing in general so hopefully, this will make sense.
 
I've created a Site-to-Site IPSec VPN tunnel with one of our clients (who uses a PIX).  The remote user can connect to our local, private LAN servers without a problem.  However, when the remote user tries to connect to servers on our corporate network (which is linked over WAN routers from LA to Dallas) they cant get through.
 
When I run Packet Trace in ASDM on our ASA all is well until the packet attempts to traverse from the Inside interface back through the Outside interface (back to the remote client side of the VPN tunnel).
 
I see the following "error" within the Packet Trace tool;
 
-----------------------------------------------------------------------------------------
Type - NAT    Subtype - rpf-check    Action - DROP
 
Config
 
object network obj_any
nat (inside,outside) dynamic interface
-------------------------------------------------------------------------------------------
 
I've attached my ASA config.  The remote client-side address is 74.8.221.195, its being PAT'd to 172.30.12.75 and the remote host/network its not able to reach is 172.30.101.20 ( /24 net mask).  The local segment in my LA network is 172.30.12.0/22 and the servers in this network are all able to communicate with the remote client-side user at 74.8.221.195.

View 2 Replies View Related

Cisco Firewall :: ASA 5510 / PAT Different WAN IP Tp Internal Host?

Dec 14, 2012

We just changed ISPs and now have a /29 routed subnet to be used on our ASA 5510 (8.4) instead of the one public ip we had before.There are a couple of PAT translations that were previously setup on the "interface" address which i now want to assign to a different ip address further in my subnet.

So i just changed this:

object network BMMM
nat (inside,outside) static interface service tcp smtp smtp
 to:
object network BMMM
nat (inside,outside) static other.external.ip.in.subnet service tcp smtp smtp
 
And assumed that this would work,y it does not, and this leaves me unable to contact that machine from the outside.And shoud i also change my access-list?The relevant access-list rule is:access-list outside_in extended permit tcp any object BMMM eq smtp

View 5 Replies View Related

Cisco VPN :: Pix 515e - Remote Host Cannot Ping Any LAN Host

Jun 27, 2011

I have a host that can successfully connect to a PIX 515E (7.x OS) via VPN Client; however, I have no IP routing to the LAN from the remote host.The VPN IP pool works finem,The LAN default gateway is the inside interface on the PIX; the network is flat L2 behind it.The default route on the PIX points out; no other routes are defined,The VPN remote host can be pinged from LAN hosts, but the VPN remote host cannot ping any LAN host, not even the PIX inside interface.

View 2 Replies View Related

Cisco Firewall :: ASA 5510 How To Limit Icmp To Just Single Host

Nov 1, 2012

I am working on an ASA 5510 on 8.4 IOS and need to know how to limit icmp to just a single host? What I would like to do is be able to PING from the Inside interface 10.X.X.X to host 4.2.2.2 on the Outside, but thats it no other host would be PINGable.I tried MANY different access-list statements but the only way I can get icmp out and working is using the "fixup protocol icmp" but then everything is PINGable and the ASA does not block anything.

View 3 Replies View Related

Cisco VPN :: ASA 5510 Ping / Communication Host To Host

May 7, 2012

ASA 5510
Ver 8.2(5)
 
I have been looking all over the place for the answer of how to allow clients on an IPSEC VPN to ping from host to host.

View 4 Replies View Related

Cisco :: LMS 3.2 Syslog Connection Refused

Mar 26, 2012

I get the following error:
 
SyslogCollector - [Thread: SyslogObjectForwarder] ERROR, 27 Mar 2012 09:02:12,254, Could not send syslogs, removing the subscriber...Connection refused: connect
SyslogCollector - [Thread: SyslogObjectForwarder] ERROR, 27 Mar 2012 09:03:15,223, Could not send syslogs, removing the subscriber...Connection refused: connect
 
Syslog subscription seems ok but syslog messages are dropped and not forwarded:
  
I attached SyslogCollector.log, SyslogAnalyzer.log, AnalyzerDebug.log

View 4 Replies View Related

Cnet Cwr-854 192.168.1.254 Connection Refused?

Sep 1, 2012

I can ping 192.168.1.254 gateway for about 5 seconds and lose the Ethernet connection.On IE nothing happens.Is there any tool I can use to find the router address or update firmware or restore factory default settings.

View 7 Replies View Related

Cisco Firewall :: Statically PAT Multiple Internal Hosts To One External Host 5510

Feb 20, 2012

I am working on replacing our Checkpoint Firewalls with ASA's, and am running into the following NAT problem. On some of our Checkpoints, there are external NAT's that are mapped to multiple internal hosts based on ports.Is there any way to translate that to the ASA? I'm not sure the ASA will let you have multiple internal hosts mapped to one external IP using static NATs. The main issue, is these are alarm panels that receive data from external hosts (the traffic is initiated externally on the Internet) so I can't use dynamic PAT with this.

View 1 Replies View Related

Cisco :: 3750 Via Vlan250 From Core 6509 - Getting Connection Refused?

Apr 11, 2013

We just replaced our ancient 6509 dedicated SAN switch with a Nexus 5548UP (with 4 2248 FEXs).Our old SAN 6509 was completely separated from the Core 6509, and that Core 6509 doubled as a Datacenter switch. We've now segmented the "Datacenter" and "Core." The SAN and servers are connected to the Nexus gear rather than the Core. The old SAN had only 3 vlans. One for SAN data (Vlan16), one for management interfaces (Vlan250), and one for switch management (Vlan15).

As part of my cleanup, I want to get rid of that Vlan15 and use vlan250 for switch management. In another building, we have a 3750 that provides SAN (Vlan16) and management (Vlan250) connectivity to a single Equallogic box and a Dell PowerVault tape drive for backup purpose. That 3750 is the only device that still has an address on Vlan15 (other than the core). Refer to the drawing below.

The Core 6509 is the gateway for Vlan250 and Vlan15. I have created an interface for Vlan250 on the 3750. ACLs exist on vty connections of each switch allowing telnet access ONLY from the Mgmt 2960. There are no ACLs on the Vlans themselves.From the Mgmt 2960, I can telnet to the 3750 using either its Vlan250 IP address or its Vlan15 IP address. However, if I shut down Interface Vlan15 on the Core 6509, I can no longer telnet to the 3750, not even using its Vlan250 IP address.

The connection times out. If I attempt to telnet to the 3750 via Vlan250 from the Core 6509, I get connection refused (which I should get due to the ACL on the vty connections). I can still telnet to other devices on Vlan250 (such as the management interfaces on the Nexus 5Ks). Why am I able to telnet to the 3750's Vlan250 Interface only when the Core's Vlan15 Interface is Up?

View 5 Replies View Related

Cisco Routers :: RV042G Connection Refused / Policy Violation LAN To WAN

Jul 23, 2012

my firewall log is full of entries listing policy violations rejections.  These look like traffic from LAN to WAN that is being rejected, right? [code]Noted that most of the rejections are in the 40,000-60,000 port range.
 
-new RV042G
-WAN 1 set to 10.x
-LAN 192.168.1.1
 
Action Interface SourceInterface Source Destination Time
 
1. Allow All Traffic [1] LAN Any Any Always
2. Deny All Traffic [1] WAN1 Any Any Always
3. Deny All Traffic [1]  WAN2 Any Any Always
 
 Have tried re-flashing firmware to current version (was already on it), disabled SPI, disabling Denial of Service, all no change.Also noted another issue with logging; bug?   When the router was brand new out of box and again after firmware flash:

* the "All" drop down of System Log was BLANK, not logging any entries although other drop downs such as "System Log and Firewall Log were
* email alerts were not being triggered for log entries
* clear log button appears to resolve the issue after which the ALL shows all entries now

View 7 Replies View Related

Servers :: Firefox Proxy Server Refused HTTPS Connection?

Oct 25, 2011

When i access a url with http, it works fine. But with https it dosen't work, and get the message on the firefox as "The proxy server is refusing connections Firefox is configured to use a proxy server that is refusing connections. Check the proxy settings to make sure that they are correct. Contact your network administrator to make sure the proxy server is working.

View 1 Replies View Related

Cisco Switching/Routing :: 3845 - SSH Connection Fails - Server Refused Authentication Protocol

Nov 16, 2011

I have a 3845 router.  Setup SSH Version 2generated rsa keys (1024)set login localtransport input ssh and telnet is enabled since I can't get ssh connection working When I connect using SSH, I get the following error. server refused authentication protocol.

View 21 Replies View Related

TP-Link ADSL2+ Wireless :: TD-W8968 - Port Forwarding Setup / Connection Refused?

Jan 23, 2013

Region : Australia
Model : TD-W8968
Hardware Version : V1
Firmware Version : 0.6.0 1.1 v0005.0
Build 120926 Rel.27100n
ISP : Bigpond

I am trying to setup port-forwarding (6360 for IP 192.168.1.111 & 6361 for IP 192.168.1.112) on this TD-W8968 modem. But when I test it on [URL]. I get a message "connection refused".

View 2 Replies View Related

Cisco Firewall :: NAT Route For Remote VPN On ASA 5510

Nov 15, 2011

I have configured a remote access VPN on my Firewall ASA5510. Everything worked fine and I can successfully connect through the VPN. The problem is I cannot ping or connect to any of my internal network resources. I tried to add a new NAT route from outside to my internal servers using the defined pool but due to a new ASA version there are many changed I see in the NAT routes

View 37 Replies View Related

Cisco Firewall :: ASA 5510 - Allow Only One Host Access To VPN Site To Site Tunnel

May 28, 2012

I have a ASA 5510 that has multiple site to site VPNs. I need to create an additiona site to site VPN but only allow 1 host to access and traverse the tunnel. The network is on a 192.168.5.x but the host that will need to access this tunnel needs to be on a 172.16.33.x network. I dont want any other traffic allowed to access or traverse the VPN tunnel for this host.  How can I set this up?

View 33 Replies View Related

Cisco Firewall :: ASA 8.4 - Connection Fails When Host On Inside Tries To Connect To Server On Outside

Mar 9, 2011

We are using an ASA with 8.4 in transparent mode. Connection fails when a host on inside tries to connect to a server on outside. This server uses mac-address 0100.5E00.0000 to load balance but replies with real mac-address.Firewall logs "Deny TCP".ARP inspection is disabled.

View 2 Replies View Related

Cisco Firewall :: ASA 5510 / ASDM Access With Remote VPN

Apr 18, 2012

I have a cisco ASA 5510 that I have set up currently to access via ASDM through the Inside interface. When I VPN in using our older VPN server I can connect to it fine.  I recently set up the ASA to also be a VPN server which will eventually replace the older server for our HQ.  I noticed that when I'm VPN using the ASA as the VPN server, I can only ASDM to the public which I prefer not to allow.  Access to the inside doesn't seem to work this way. What configurations if any would be causing this.  I'm assuming it's some thing I need to adjust in the VPN configuration.

View 3 Replies View Related

Cisco Firewall :: Adding Remote Routers To ASA 5510?

Jun 13, 2012

I am pretty new to Cisco networking and setting up a test router to use from home to connect into our network. My organization would like for us to provide upper management with home office setups to give them the ability to work from home. We will provide all of the equipment of course (router, phone and workstation). my boss wants me to use some of our old decommissioned equipment to set up a test home office to see how efficient and feasible it would be. I have a Cisco 1700 router, Altigen IP720 phone, and Dell Optiplex 380 workstation.

View 2 Replies View Related

Cisco Firewall :: ASA 5510 - PCI Scan For Remote Access VPN

Jul 2, 2012

We got the below alert when we ran the PCI scan on our VPN firewall (use it for remote access VPN).
 
OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Ciphersuite Disabled Cipher Issue
 
Solution- Upgrade to OpenSSL 0.9.8j or later.
  
ASA 5510 running  8.2(2)

View 6 Replies View Related

Cisco VPN :: 1921 - Create EasyVPN Remote Connection To Our ASA 5510 At Work?

Oct 26, 2012

I would like to use a Cisco 1921 at my house and create a "Easy VPN Remote" connection to our ASA 5510 at work. Can I use the Easy VPN Client with the base license, or do I need the security license to take advantage of the VPN tunnel?

View 4 Replies View Related

Cisco Firewall :: ASA 5510 Cannot Talk To Remote Networks Connected

Mar 20, 2012

We have an inside interface, 192.168.10.0/23We have an outside interface, public ip...We have the ASA connected to 5 site to sites, this is working fine and through the internal interface can access all remote sites and vice vera. These are 192.168.20.0/24, 192.168.30.0/24, 192.168.40.0/24, 192.168.50.0/24 and 192.168.60.0/24,When a user connects via Cisco VPN Client they can see the inside network but can't talk to the remote networks connected, for instance 192.168.40.0/24... whereas an internal user can. I understand that the VPN client connection is seen as an outside connection, not an inside connection... but then I read [URL] and I am confused even more.

View 8 Replies View Related

Cisco Firewall :: 5510 Remote Access VPN / Change The Outside Interface IP

Dec 19, 2012

I have a Cisco 5510 which has remote access VPN configured.Now I have new block of IP address, is there a way I can just change the outside interface IP so that people can remote in without doing anythng else?Or if I coulds be taught to create a new one.Or best way to approcah this issue?For example: it was 67.64.x.x now I need to change to 64.44.x.x.

View 1 Replies View Related

Cisco Firewall :: Remote VPN On ASA 5510 Failing To Hit Public Servers?

Mar 12, 2012

I have a Cisco ASA 5510 that was set up as a VPN server for working remote.  I have disabled split tunneling so that all traffic created while VPN'd in goes through the ASA.  The problem I'm having I believe would be resolved if I enabled split tunneling but I would prefer another solution.  Now..for the problem.When a user is connected via VPN, they can hit all intended devices both public and private accept servers that have static NATs in the FW.  So Server A has a public of 1.1.1.1 which is one to one mapped to private address of 10.1.1.1.  Now if the remote user brings up a browser and goes to 1.1.1.1 it wont work.  The FW gives me a error which is posted below.  However, using the private IP of the server works.  I thought about trying to manipulate DNS to resolve this as the remote users are using URLs and not IPs when trying to reach these servers but again, was hoping I could resolve the NAT problem that the FW seems to be having.
 
Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src Outside:192.168.202.100/49238 dst INSIDE:1.1.1.1/80 denied due to NAT reverse path failure 192.168.202.x/24 is the remote vpn ip given via the ASA. 

Here are some configurations on the ASA:
 
static (INSIDE,Outside) 1.1.1.1 10.1.1.1 netmask 255.255.255.255
 access-list INSIDE_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_2 192.168.202.0 255.255.255.0 
object-group network DM_INLINE_NETWORK_2

[code].....
 
Outside with 4.4.4.4 as the public ip traffic gets NAT'd do dynamically Inside with 10.1.1.x network on it.The ASA is running 8.2

View 2 Replies View Related

Cisco Firewall :: 5510 Access List For Remote Vpn Users

Apr 5, 2011

How to designate access-list for the remote access vpn users in order to let them access specific subnet or host,asa 5510 and acs is in the picture

View 9 Replies View Related

Cisco Firewall :: VLAN Tagging To ISP Through ASA 5510 To Remote Site

Oct 25, 2012

we have a base license ASA 5510, and been trying to get ICMP working to check that we're routing and not hitting any NAT translation. We have a VLAN280 setup to ISP for VPN link to remote site and another VLAN281 for internet access for internal users.
 
Users can browse internet from (name _inside interface e0/1 access port) which is fine. When I do a ping to remote office through the VPN I get a response pinging from VLAN280 name VPN_Link. When I do a ping from name inside interface I don't get a response both are security level 100 with same-security-traffic permit inter-interface configured.
 
Config:
 
!
interface Ethernet0/0
speed 100
no nameif

[Code]....

View 11 Replies View Related

Cisco Firewall :: ASA 5510 - History Of Remote Access VPN For Last Week?

Apr 7, 2011

is there any method on the asa 5510 let u see the history of the remote access vpn connection for the last week

View 6 Replies View Related

Cisco Firewall :: ASA 5510 - Set Up Guest Wireless Network For A Remote Office?

Jul 8, 2012

I have been tasked with setting up a guest wireless network for a remote office.  They would prefer that the guest network be on a different VLAN than the trusted network, and they want to use a different outside IP address for the guest network. 

I am trying to figure out how to configure the ASA so that it supports two different LANS, each with it's own outside IP address.  Is this possible?

View 7 Replies View Related

Cisco Firewall :: ASA 5510 / Internet Access For Remote VPN With Split Tunneling

Jun 23, 2011

I have a remote VPN with split tunnelling enabled. Currently, users connected to this VPN browses internet with his/her internet connection. Now, my requirement is that a roaming user connecting to the vpn must use our company's internet connection for his browsing purposes. How can I do this?Equipment we are using: ASA 5510

View 3 Replies View Related

Cisco Firewall :: Unable To Access Remote Network After Connecting ASA 5510 And 5505

Sep 24, 2011

I am using two firewalls to connect two different offices. Firewall 5510 is running ASDM 6.3 and 5505 is running ASDM 6.2, Problem is that even after connecting two sites, i am unable to ping remote network from either side. I am mentioned static route as tunneled.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved