Cisco Firewall :: ASA 5510 Email And Terminal Server Going Out
Mar 5, 2011
I am having two issues:
1. my email going out is working along with internal, but inbound email is not working. My barracuda email filter is 192.168.1.107 and my exchange 2007 is 192.168.1.222 along with this OWA does not work.
2. Terminal Services does not work when I try from the home pc in I get server not available or disconnected
Below is my congig
ASA Version 8.3(1)!hostname wsigatewaydomain-name wsystems.comenable password yVSkMxWRc/S396FB encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0 nameif outside security-level 0 ip address 64.XXX.XXX.XXX 255.XXX.XXX.XXXinterface Ethernet0/1 nameif inside security-level 100 ip address 192.168.1.1 255.255.0.0!interface Ethernet0/2 shutdown no nameif no security-level no ip address!interface Ethernet0/3 [Code]....
I have a question about NAT behavior on FWSM 4.0. The problem is email server (Company A) cannot connect to email gateway (Company B) on the outside network and it randomly happen. I got this error from server guy "Detail: xlate has blocked the connection between A’s mail gateway and B’s mail gateway". It work fine again after clear xlate on firewall. [code]
1. How FWSM create xlate table like that? I mean it look like NAT0 for 158.137.21.26 but it doesn't has any nat rule for 158.137.21.26 on firewall.
2. What does it mean "connections 24" at the first of line? In the normal time, I only see the connections is 0 like the second line of xlate
3. After clear xlate global 158.137.21.26, the first line of xlate table is gone then email server can connect each other. Does is a bug on FWSM? or This is a normal NAT behavior of FWSM.
I have verizon wireless router to connect to the internet via FIOS. The public IP on the wireless router is DHCP assigned. I have my home lab with cisco 2511 and octal cables. I would like to be able to access the terminal server remotely via the internet when I'm not in. I'm concerned cause the wireless router is DHCP assigned IP. Even if I have a static IP on the ethernet port of the 2511 connected to the wireless router, I'm not sure if the NAT will work so it can be accessible from the internet.
I've been trying to switch out our old firewall which is a 5510 for our new 5520, but we keep running into this problem on both devices with almost the exact same configs. Currently I have the 5510 installed, and I cannot get our email server and RDP server to ping out to our internet gateway.
Attached is a sanitized config. From the config you can see the internal address of the email server is 11.2.1.29, external address is 73.13.198.211. RDP server is internal address 11.2.1.33, external 73.13.198.212. Our internet gateway is 73.13.198.209.
From another computer with a 11.2.1.X address I can ping out to the internet gateway. The other two devices drop (I believe) when they hit the firewall.
I use ASA 5510 and I would like to log VPN traffic ( for example, as soon as a remote user try to connect to the asa). I would like this log be send to a specific mail address. I already configure Email Logging for severity ( level 3) and it works well.
We are upgrading from a Pix 515e to a ASA 5510 with CSC SSM. We cannot send outbound email or receive any email from the outside world. I have placed a call with Cisco Support with no luck. [code]
I have a Cisco asa 5510. I am doing attack a my firewall, using n map. I am seeing in the log the attack but i like that firewall send only alarm of attack by email . I have active email with warning and i received very much email.
I observed that graph show attack, but not ip of attacker, is possible that Cisco asa show the ip too ? The log show scanning with n map but not shunning IP and not send alarm. How i can send alarm ? The graph no show ip, it's possible show it.
I am in the process of switching firewalls. Currently I have a Sonic Firewall inplace. I have been tasked to switch the firewall out with a cisco asa firewall 5510. The sonic firewall currently allows email traffic, web traffic, and dns traffic. When I use the current config below on the asa I am unable to receive email from the outside network. I can send and browse websites but I cannot receive email.
ASA Version 9.1(1) ! hostname ciscoasa enable password kdkfdjdjflkadjdsfj
I am trying to use the built in feature of Cisco ASA 5510 smart call home feature with the purpose of automatic backup creation by email. I found the configuration [URL]. I already configured the said instructions but when I send a test email it says it cannot contact the email server. Below is the error that I am getting from our ASA. I am new to firewall.
OGI-MNL-ASA-FW0# call-home test profile ASA_Config_Backup INFO: Sending test message to fcaccam@example.com... ERROR: Connecting to SMTP server xxx.xx.xxx.xx failed: CONNECT_FAILED(33) ERROR: Failed: CONNECT_FAILED(33)
I'am using ASA 5510 and I try to understand how PAT is working.I want to add a Mail Server in the LAN and a webmail using port 3000 on the server. ( webmail must be reachable from the WAN)This is my Configuration :actually LAN users access internet using NAT with one global IP ( 194.x.x.69) which is the ASA WAN interface.
WAN ----- ISP Router ---------- FW ---------- LAN -------- Mail Server + Webmail | (25) | (3000) 194.x.x.69 192.168.1.254 192.168.1.6
I need to forward port 3000 and port 25 from outside to inside.For example, from the WAN : [URL] must be redirect toward 192.168.1.6:3000 . What is the Correct Configuration ? And what about the Inside/Outside Traffic,Is there any configuration to add ?
What command sequence disconnects you from a TS session? My setup is as followsr1 > TS > 2009-2621XM 2010-3825-R1 2011-3825-R2I can connect from the TS to any of the devices. The issue is that I am telnet'd to r1 and from there telnet'd to the TS. So when I type "Crtl+Shft+6, x" I go directly back to r1 and not the TS. Furthermore if I resume the session on r1 the TS is still connected to whatever session I was in prior to disconnecting. I've experimented with the disconnect and escape characters but I'm at a loss what it is that changes this.
We have the 16-port (NM-16A) and 32-port (NM-32A) asynchronous (async) network modules which provides 16 or 32 EIA/TIA-232 (formerly know as RS-232) data terminal equipment (DTE) serial interfaces at speeds up to 134.4 kbps . Few of the interfaces are connected to the console of cisco switches and routers , now we need to know that the remaining interfaces can be connected to console ports of devices other then cisco Systems to manage them , Will it work with them ?
Since Cisco 2511 is out of sale now and Cisco 1900 series are recommended to replace for the purpose of terminal/comm server. How to configure terminal server on HWIC-8A module?
I want to build up cisco 3800 series router as terminal server , i have Asycs 32A module in cisco 3825. Here is show version of device.Do i need to installed any specific IOS in Cisco 3825 device ? how to configure cisco 3825 as terminal server.
I am running ASA 5505 release 8.2(4) using a clientless SSL vpn to connect my assessors to the server via RDP to a Terminal server. Everything was working fine until last week when we had a Internet outage. During the outage some of the assessors claimed to have accepted a Cisco add-on to get into the site. once the internet came backup they could not connect to the terminal servers - what would happen is they would click on the link - say OK to connect the clipboard and the screen would pause for a few seconds then right back to the select options page.
they can get to other servers (non-terminal servers) but not to the ones they need. I can recreate the issue by waiting a REALLY long time before replying to a prompt to install an cisco add-on. I have users that can connect and others than can not. Also this only seems to affect Internet Explorer 8 and 9 does not affect Firefox
I have just purchased 2901 with HWIC-16A and 2 CAB-HD8-ASYNC Terminal Server to manage 16 (connect via console) cisco deivces.
Plese find attached the config file. I could not find proper docs on setting up this device as a terminal server. I have followed the following link but did not work.
[URL]
There are 16 Async (0/0/0 - 15) interfaces and also the following lines. line 2line 0/0/0 0/0/1line 0/0/2 0/0/15
How can I connect to other Cisco devices via the terminal router?
I've heard that you can configure an 1811 router as a terminal server for remote console work.I have several of them in the lab and would love to try it out.
I have rolled out Terminal Services on Server 2008 R2 for a company I used to work for, it worked perfect the users could go home and browse to our web domain and login and use apps straight from the server.there'd be no Microsoft stuff to be accessed just pure Linux Servers but probarbly if users access the online terminal services on Linux they'd be using a Windows PC
Im having some printing issues whenever im working on the terminal server. If I try to print a document out in "landscape", it will print out "portrait", seen though it displays properly in landscape in the print preview. If Im working locally on my PC, it prints out fine.
PC-1 connect to printer as local printer but shared for other PC.
PC-2 through TS can see the shared printer. This is OK. But when the printer move and connect to PC-3.
PC-3 connect to the server through TS and want to have print out some document from the server to the printer. But unfortunately the Printer cannot be seen through TS. Even the printer already shared.
I have a cisco 2600 router with 4A/S module, can it become the terminal server? If yes, which kind of octal cable should I choose to connect to other cisco routers console ports?
Using EMM as a nice friendly interface for their terminal server (ie router with NM-16A and octal cables)?when I ask the framework to run the following command it gets stuck will a blinking cursor and clear screen
i trying to set up a terminal server, 2811 with an HWIC-16A und two octo cables. [code] connect and sometimes not. It seems the connection is established but i don't get a prompt von the target device.The target devices are cisco 2811 and cisco catalysts 3560.
I've a RV082 with 2 internet connections.The idea is to permit external connections to my server and if one Internet line falls, automatically switch to the other.
We have configured the router in Smart Link backup.We try to connect with WAN1 and WAN2 enabled and all works fine.
We try to connect with WAN1 disabled and automatically WAN2 is activated.The problem start here...if WAN1 is activated while there are connections using WAN2, these connections falls!
How I must configure the router to permit that active connections are not disconnected from WAN2 even when WAN1 connection come back?
I have a Cisco 2901 Terminal server with AAA authentication via ACS server. I create twoaccounts on the acs server, cciesec2011 and vendor. Both accounts can log into the Cisco 2901 Terminal Server without any issues. By the way, I am NOT using AAA authorization on the Cisco Terminal Server. Once cciesec2011 or vendor accounts are authenticated, theseaccounts can access all the async line on the Cisco Terminal Server.
Now I have a new requirements. I would like to allow cciesec2011, once this account is successfully authenticated, this account has access to ALL async line on the Terminal Server. The "vendor" account, I want to restrict this account access only to async line 35 (there are 32 async lines available on the Cisco Terminal Server) and nothing else.
How can I accomplish without using AAA authorization on the Cisco Terminal Server?Is it possible to use "privlege level" to accomplish this? if so, how?
Any example of router config for a terminal server.In fact I need a configuration for a router with multiple, low speed, asynchronous ports that are connected to other serial devices, for example,modems or console ports on routers or switches.With this router I would like to use a reverse telnet to connect with my devices using the serial connection.I find many examples on the Cisco web site but none with my router hardware configuration.My router is a 3620 router with a 8 port async (NM-8A/S) network module and I would like to use the 8 serial interfaces, each of them connecting a serial device.
Here is the show run and show ver :Router#show ver Cisco Internet work Operating System Software IOS (tm) 3600 Software (C3620-I-M), Version 12.3(25), RELEASE SOFTWARE (fc1)Copyright (c) 1986-2008 by Cisco Systems, Inc.Compiled Mon 28-Jan-08 20:16 by alnguyen
ROM: System Bootstrap, Version 11.1(19)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Router up time is 1 minute System returned to ROM by reload System image file is "flash:c3620-i-mz.123-25.bin" [Code]...
I have a 2611XM that I am using as a terminal server for my lab setup. Async is using octal cables. It works great with routers of all different models, but when I connect a switch of any model, it does not work. The connectivity LEDs don't even light (they do for the routers). The switches in question are 3750s and 3560s.
I have tried straight through from the octal cable to the console port of the switch, as well as a rollover with a converter, no luck. This does seem to be independent of configuration on the console port - even before the console port of the routers were properly configured, I at least had indication of physical connectivity.
I have an annoying problem with networked printers disconnecting/disappearing when TS users logoff. Current configuration is: SQL server (WinSvr 2K8 R2 Std) has printers installed on it (standard TCP/IP Port) and printer is shared, there are also some printers installed on the DNS server and a couple of satellite offices. Users connect to TS servers (WinSvr 2K8 R2 & WinSvr 2K3) printers are connected and work fine until they logoff, when they log on the printers are gone "sometimes some printers are still there!?" I have tried logging onto the server as domain administrator and connecting printers but they won't even stay for administrator (have had this with win7 client machines) and tried directly 'console' at the server. I have looked at the printers on the SQL server and sharing properties, it is stoping printers from coming back at login on TS Note that local (client machines) connecting to the same shared printer from the SQL server don�t have the problem it's just on the TS server.
I have a set-up with multiple C2960 and C3750 switches. All these devices are being managed remotely. So basically I login to C2901, which is used as a Terminal Server, and reverse SSH to the console of each device. That's - I have assigned an IP to each port of the terminal server so that I can SSH directly to the desired device through via the mapped IP.
Now, recently I had to restart couple of switches - one C2960 and C3750. I initiated the reboot via console connection remotely. I could see the device logs for some time and then the logs stopped and there was no reaction from the console irrespective of any command I tried to enter.
I tried resetting the line on the terminal server, but that didn't work.
Now when I try to SSH the IP mapped to console of that particular device - i dont get any login prompt and there is no effect on device after giving any command. Although i can see the logs on the console session - but cant do anything.
I have a second way of connecting the device via inband- management, and checked the device config found it correct. It is same as other devices which are working correctly.
Both C3750 and C2960 are behaving exactly same - can see logs on console but see effect of even pressing enter - not getting login prompt as well.
Is this possible and if so what commands do i need to configure on my ASA 5510 for it to work.I have two web server within my DMZ and i want to access the outside url of on on the web server from the other. Currently i can access the internet from both webserver server but not the url form either webservers.
E.g. config
webserver 1 https://xxxxxx.xxxxxxx.com ---> public ip---> dmz ip webserver 2 https://xxxxxx.xxxxxxx.com ---> public ip---> dmz ip
I bought ASA 5510 about a week ago, very basic configuration and my priority was and still to get access list inbound the outside “Security Level 0 “so I can access my web server from the cloud but unfortunately I could not make it work (((TCP access denied by ACL from 92.40.X.X/52511 to outside:81.108.X.X/80))). ••à>> 92.40.X.X is a pc from the cloud that I used to access my web server and the 81.108.X.X is my public ip address My recent Conf is as follow:
Nat Section: ================================================================================== Dynamic: nat (inside,outside) source dynamic any interface <<<To have the PCs that inside the Network to have access to Internet>>>>
