Cisco Firewall :: ASA 5510 - Get Email When Network Is Down

Jul 24, 2011

I am not sure if this can be done in asa 5510.  Is there any way we can configure that when our public ip goes down i get an email?

View 2 Replies


Cisco Firewall :: ASA 5510 - Unable To Receive Email From Outside Network

Mar 26, 2013

I am in the process of switching firewalls. Currently I have a Sonic Firewall inplace.  I have been tasked to switch the firewall out with a cisco asa firewall 5510.  The sonic firewall currently allows email traffic, web traffic, and dns traffic.  When I use the current config below on the asa I am unable to receive email from the outside network.  I can send and browse websites but I cannot receive email. 
ASA Version 9.1(1)
! hostname ciscoasa
enable password kdkfdjdjflkadjdsfj


View 3 Replies View Related

Cisco Firewall :: Cannot Get RDP And Email Out Through ASA 5510 5520

Jul 24, 2012

I've been trying to switch out our old firewall which is a 5510 for our new 5520, but we keep running into this problem on both devices with almost the exact same configs. Currently I have the 5510 installed, and I cannot get our email server and RDP server to ping out to our internet gateway.
Attached is a sanitized config. From the config you can see the internal address of the email server is, external address is RDP server is internal address, external Our internet gateway is
From another computer with a 11.2.1.X address I can ping out to the internet gateway. The other two devices drop (I believe) when they hit the firewall.
Static mappings (again from config):
static (inside,outside) netmask
static (inside,outside) netmask
Original access list:
access-list outside_access_in extended permit tcp host eq smtp
access-list outside_access_in extended permit tcp host host


View 6 Replies View Related

Cisco Firewall :: ASA 5510 - Email Logging VPN Traffic

Feb 29, 2012

I use ASA 5510 and I would like to log VPN traffic ( for example, as soon as a remote user try to connect to the asa). I would like this log be send to a specific mail address. I already configure Email Logging for severity  ( level 3) and it works well.
How I can add the VPN traffic Log ?

View 4 Replies View Related

Cisco Firewall :: ASA 5510 Email And Terminal Server Going Out

Mar 5, 2011

I am having two issues:
1. my email going out is working along with internal, but inbound email is not working. My barracuda email filter is and my exchange 2007 is along with this OWA does not work.
2. Terminal Services does not work when I try from the home pc in I get server not available or disconnected

Below is my congig

ASA Version 8.3(1)!hostname wsigatewaydomain-name wsystems.comenable password yVSkMxWRc/S396FB encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0 nameif outside security-level 0 ip address 64.XXX.XXX.XXX 255.XXX.XXX.XXXinterface Ethernet0/1 nameif inside security-level 100 ip address!interface Ethernet0/2 shutdown no nameif no security-level no ip address!interface Ethernet0/3 [Code]....

View 2 Replies View Related

Cisco Firewall :: Can't Send Or Receive Email From Exchange Behind ASA 5510 With CSC

Jan 17, 2012

We are upgrading from a Pix 515e to a ASA 5510 with CSC SSM.  We cannot send outbound email or receive any email from the outside world. I have placed a call with Cisco Support with no luck. [code]

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Send Only Alarm Of Attack By Email

Apr 12, 2011

I have a Cisco asa 5510. I am doing attack a my firewall, using n map. I am seeing in the log the attack but i like that firewall send only alarm of attack by email . I have active email with warning and i received very much email.
I observed that graph show attack, but not ip of attacker, is possible that Cisco asa show the ip too ? The log show scanning with n map but not shunning IP and not send alarm. How i can send alarm ? The graph no show ip, it's possible show it.

View 10 Replies View Related

Cisco Firewall :: Use ASA 5510 Smart Call Home Feature For Automatic Backup Creation By Email

Feb 10, 2013

I am trying to use the built in feature of Cisco ASA 5510 smart call home feature with the purpose of automatic backup creation by email. I found the configuration [URL]. I already configured the said instructions but when I send a test email it says it cannot contact the email server. Below is the error that I am getting from our ASA. I am new to firewall.

OGI-MNL-ASA-FW0# call-home test profile ASA_Config_Backup
INFO: Sending test message to
ERROR: Connecting to SMTP server failed: CONNECT_FAILED(33)

View 1 Replies View Related

Cisco Firewall :: FWSM 4.0 Email Server Cannot Connect To Email Gateway

Aug 8, 2012

I have a question about NAT behavior on FWSM 4.0. The problem is email server (Company A) cannot connect to email gateway (Company B) on the outside network and it randomly happen. I got this error from server guy "Detail: xlate has blocked the connection between A’s mail gateway and B’s mail gateway". It work fine again after clear xlate on firewall. [code]
1. How FWSM create xlate table like that? I mean it look like NAT0 for but it doesn't has any nat rule for on firewall.
2. What does it mean "connections 24" at the first of line? In the normal time, I only see the connections is 0 like the second line of xlate
3. After clear xlate global, the first line of xlate table is gone then email server can connect each other. Does is a bug on FWSM? or This is a normal NAT behavior of FWSM.

View 1 Replies View Related

Cisco Firewall :: IOS Upgrade On ASA 5510 In Network

Apr 4, 2012

I  am using  Cisco  ASA5510 Firewall in my network. The  IOS  is Software Version 8.0(5)24. The Flash is  512 MB and  DRAM 1GB  on the ASA. I want to  upgrade the IOS  on my Firewall and use the Latest one.
Also, what are the IOS  details for upgradation. The  Firewall is  serving both the VPN and FW Rules.

View 7 Replies View Related

Cisco Firewall :: ASA 5510 Configuration PAT For A Second Network?

Apr 30, 2013

BTW, the ASA is running version 7.0 (8) and I'm doing this through the command line.I've got a group of workers coming in a couple times per week that need wireless access to 1 printer on our network and internet access; I'll deny them access to the rest of our LAN.I've already configured an AP with WPA2 on a seperate subnet and put a router between it and our network.  I've setup the router to apply an ACL to allow access to the printer's IP, deny to the rest of our main subnet, and permit everything else to go to our ASA 5510 that is serving as our gateway. From a laptop connected to the access point:I'm able to ping the printer's ipI'm not able to ping other workstations or our servers, as intendedI'm able to ping the ASA's inside interface The only part I can't seem to pull off is the final part of getting the ASA to translate the IP's from the new subnet to the outside interface.

So we have:
Laptop > Wireless AP > Router with ACL > Primary LAN > ASA5510 > internet
PAT is working fine for the primary LAN, but the laptop can't hit the internet.

View 7 Replies View Related

Cisco Firewall :: How To Do Network Failover Between Two ASA 5510

Apr 16, 2011

How to design a network setup and achieve failover in the below scenario. 
                                                                                                    (Vendor router)
L3-Switch ---- ASA FW1 ---switch-- Router 1 ------ MPLS cloud1 ----- Router A ------------ L3 switch
                                                                                                     (Vendor router)
L3-Switch ---- ASA FW2 ---switch-- Router 2------ MPLS cloud2 ----- Router B------------ L3 switch
I am planning to achieve the failover either of the following ways -
1)  Configuring both ASA FW as active/standby method .

2) configuring ASA FW 1 tracking command pointing to the  ISP end ip address so the traffic would be moved to secondary firewall by putting a  AD as 1 on ASA FW ......pointing to the ISP ip address and other floating route ( with a higher AD value) to the secondary firewall interface.
3) To configure HSRP between the Routers.

View 2 Replies View Related

Wireless :: Deleted Item Email Troy From Incoming Email?

Mar 21, 2011

I deleted an incoming email titled troy from my email inbox by mistake I need to recover this email as it came from my son in bali [URL] edited by moderator: Deleted Email address to prevent Spam

View 1 Replies View Related

Cisco Firewall :: 5510 Set Up A Guest Wireless Network

Jun 4, 2012

I have a situation with a customer who has an ASA 5510. They have a fairly standard config with an Internal, DMZ and Outside interface, with rules on the Internal and Outside interfaces primarily. What they want to do is set up a guest wireless network.What I want to do is split the Internal interface into 2 sub interfaces - one with the same settings as the current Internal interface and the other in a second VLAN for the guest wireless traffic. In order to do this though I have to remove the current config from the internal interface. The big question mark for me is what happens to all the firewall rules for the current Internal interface when I remove it? Do they all get deleted? do they revert to Global rules?, do they remain unchanged ready to be applied to whatever interface is named as Internal in the future? (That's what I'm hoping for)
One other thing, if I put the second sub interface for the wireless guest trafffic into VLAN 2 that is effectively enabling 802.1q right? Frames tagged for VLAN 2 will go to the second sub interface and native VLAN 1 will go to the Internal sub interface right?

View 3 Replies View Related

Cisco Firewall :: 5510 Inbound To Partner Network

Feb 26, 2012

I have been asked to create an inbound connection on the ASA from the internet to a part of the network that is accessible over the Wide area network eg
-Internet address  94.175.x.100 goes to,
-The internal network is, and connects to the network over a private MPLS.
Is this possible with the ASA5510 and if so can you give me a clue how to pass the traffic

View 6 Replies View Related

Cisco Firewall :: Accessing SMTP From Outside Network Through ASA 5510?

Oct 11, 2012

I have an issue with my mail server(SME Server) which is behind a Cisco ASA 5500(firewall)  problem is that if one leaves my network they can receive but can not  send email via my SMTP also internal people can only send if they use  the IP address of the server rather than the domain [URL]

here is my layout
ISP - ASA 5510 - LAN (includes mailserver)

View 7 Replies View Related

Cisco Firewall :: ASA 5510 - VPN Termination On Inside Network

Apr 17, 2011

I am setting up a new ASA 5510 on our inside network so that we can terminate our VPN connections on this ASA. I can get the VPN to work fine however I noticed that once I turned on my VPN profiles now when I try to access the ASDM I'm getting the VPN logon page. So I decided that in order to resolve this I need a separate interface dedicated to management of my ASA.
I'm trying to come up with the best way to do this. I've got two ports on the ASA plugged into my core switch. One is on a separate VLAN from the rest of my network traffic. This is the port I want to use for management. The second will be used to route all of my VPN traffic.
So far I haven't been able to get this to work at all. My thought was that it had to do with routes, NAT and ACLs. I've been playing with them but can't get any combination to work.

View 2 Replies View Related

Cisco Firewall :: ASA 5510 - Access Network From Outside( Like VPN Users)?

Dec 9, 2011

I configured one ASA 5510 firewall with CSC-SSM-10 in one of my customer location.
Here i want configure my firewall to send email alerts to particular mail ID, if anybody any access my network from outside( Like VPN users).

View 1 Replies View Related

Cisco Firewall :: 5510 - Create Network Object For IP To NAT Through? 

Jan 30, 2012

I have recently upgraded my ASA 5510 to 8.3 code and honestly I am confused on the best and most efficient way to do many nat translations through it.  I have a group of about 100 IP's that need http/https/and sqlnet allowed through for our web farm.
I have a text file with the real and translated IP addresses and in 8.2 I could simply modify it and dump the thing in and make the NAT rules and access-lists.  Now with the new object based model I am having a hard time wrapping my brain around how to do this using as few lines of code as possible.
Do I have to create an network object for each and every IP i want to nat through? 

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - NAT And Internal Network Routing

Apr 16, 2013

I am having a problem getting my ASA to work properly.  I attached a diagram for reference and most of the config is below. When I finally got it to route properly between 2 sub nets on the internal network, the NO NAT statement broke routing for the VPN Clients who rely on a NAT statement for the same sub net that is listed in NO NAT access list.  I can get one of the 2 to work by replacing NAT statements but can't figure out a combination to allow routing for both the internal sub nets and the VPN clients to work. 

It's been about 5 days of tweaking this thing just to get the internal routing to work correctly and when I finally did I broke VPN client access.  To note, the VPN clients can still log in and get a session going, they just can't get anywhere once they are in.  I also think there's a lot of stuff in this config that is not needed like a lot of the object groups, etc. but I am being very careful about removing anything.  I took over support of this ASA after someone else put it in place and over this past weekend we moved it to a new building and new ISP and that is when I had to get it to route between sub nets.  The main point of this move was to remove building 1's reliance on building 2 for Internet and outside email access in the event that building 2 is not available (it is close to water and this has happened more than once over the past year). 

So that is why I can't go with the smartest option of just keeping the routes on the router in the other building.  I also know the 1600s are ancient but they're all we have for now.  I can provide those router configs also but they are VERY basic, all static routing. The IP for the Cisco router on the same sub net as the ASA is

This is the statement that allows the routing to work between the 2 internal sub nets but breaks VPN clients: nat (INSIDE) 0 access-list NO NAT

This is the statement that allows the VPN clients to work but breaks the internal routing: nat (INSIDE) 0 access-list INSIDE_nat0_outbound 

The rest of the config is below the diagram.
ASA Version 8.2(2)
host name Cisco asa
domain-name default.domain.invalid
enable password - encrypted
password - encrypted

View 7 Replies View Related

Cisco Firewall :: Network Is Super Slow After Deny Tcp Log In ASA 5510

Jun 28, 2011

I used the ASA 5510 and in these days, facing the problem is internet is very slow. When i check in real-time log viewer debugging, i found the following logs 6|Jun 29 2011|15:47:53|106015||416||80|Deny TCP (no connection) from to flags ACK  on interface Inside 4|Jun 29 2011|15:47:53|106023||852||80|Deny tcp src Inside: dst Outside: by access-group "Internal_access_in" [0x0, 0x0] a lot of log message are come out and I notice that ip is try to attack my network. In that moment, my network is very slow and nearly to be down.  When I block with that ip by access list, network is up again. But after a few moment, attack from other ip, it's so terrible and so tired to block a lot of ip by acl.

View 6 Replies View Related

Cisco Firewall :: ASA 5510 Address Translation Through Internal Network

Jan 19, 2013

Is it possible to perform static Nat's through an internal network?I have a ASA 5510 with a public outside interface (let’s call it, and I have an inside private IP address ( The inside IP address leads to a 4900m with that interface being configured with a (no switching). On the 4900 M I have several VLANs one of them is an internal DMZ of sorts. ( Within this DMZ network are several Web servers which need to be associated a public IP address (68.68.68.x).

Every time I configure a static Nat to associating a public IP address with an internal IP address within the DMZ, packet Tracer on the ASA informs me that the packet gets dropped at the static Nat and I cannot figure out why this is so.Safe it to say my question still stands is it possible to Nat ( to and given the configuration above, and how would I go about configuring in such the manner above so that I acn apply static nat through the network to reach the network.

View 11 Replies View Related

Cisco Firewall :: ASA 5510 Internal Network Cannot Connect To Internet

May 12, 2012

I have an ASA 5510 configured 3 interface Internet_AAPT, Internal_Network and Server_Network. The server network works fine as is able to connect to the internet and services like port 80 work from the internet in. But from the Internal_Network can only get to the server network but not internet (6May 13 201214:17:4030201310.153.111.21253663199.47.216.14880Built outbound TCP connection 42508 for Internet_AAPT: ( to Server_Network: ( The weird thing in logs i see a connection being made but for some reason its referring to the Server_Network interface? below is my current config...
ASA Version 8.2(5)
hostname ASA01
domain-name names
name QNAP
name exc2010
name zeacom


View 10 Replies View Related

Cisco Firewall :: Object Group Network Limit With Asa 5510

Oct 29, 2012

We have Cisco ASA 5510, I am about to add another 2 Objectgroup network  groups on the firewall to our already growing list. Under this Object-group Network xxxx , we are planning to add about about 500 network-object host . This objectgroup will then be applied to an ACL. Just wanted to know if thats possible - meaning addnig 500 hosts? If it is whats the limit?
Also are there any other things to keep in mind before i go-ahead with this huge object group?

View 3 Replies View Related

Cisco Firewall :: Getting Email Delay On ASA 5500

Jun 6, 2012

I have an issue with a Cisco ASA 5520. It seems to block some emails incoming from some recipients. The sender's mail server clearly reports my ASA as cause of the problem (see attached image). Unfortunately I have not the logs about that event and the time frame to close this issue is very narrow.

View 5 Replies View Related

Cisco Firewall :: How To Design ASA 5510 Failover For Process Control Network

Mar 19, 2013

I'm currently working on setting up 2 ASA 5510's with redundancy/failover. I'm not an expert when it comes to the ASA's so I'm not 100% sure if I can do what I need to.I have 2 inside networks that need to remain separate, a DMZ network,and an outside network. Since each network connects via ethernet to one of the 4 ethernet ports on the ASA 5510's, all 4 ethernet ports on the ASA 5510 will be in use. If I wanted to setup one firewall as Active and the other as standby, how would I go about doing that? Do I need a direct ethernet connection between the 2 firewalls to use something such as HSRP? Or would the Standby firewall be able to tell if the Active firewall is OK since they would both be connected on each of their interfaces to the same networks?        

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Set Up Guest Wireless Network For A Remote Office?

Jul 8, 2012

I have been tasked with setting up a guest wireless network for a remote office.  They would prefer that the guest network be on a different VLAN than the trusted network, and they want to use a different outside IP address for the guest network. 

I am trying to figure out how to configure the ASA so that it supports two different LANS, each with it's own outside IP address.  Is this possible?

View 7 Replies View Related

Cisco Firewall :: ASA 5510 - VPN Is Up But Network Traffic / Data Transfer Is Not Happening

May 2, 2013

we have ASA 5510 Configured. this is regarding site-to-site VPN.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Guest Network Access To Internal Webserver

Dec 18, 2012

I have the syntax correct and thought process down right on a solution to allowing guest wireless users access to an internal webserver.  (DMZ discussion aside)
We have an ASA5510 with interfaces setup as:
outside - 65.x.x.x address
inside -
guest_inet -
Internally clients resolve our website to and that part works as it should.  Clients outside of our network resolve our website to the correct external address (lets just call it We have a NAT statement static (inside, outside) netmask and an ACL to permit tcp any host eq www
Clients on our guest_int use an external DNS server and hence resolve our website to  However it seems traffic goes out and back in our outside interface and this connection never occurs.
What I'm wondering is the correct NAT statement / ACL to add that would allow our internal clients on the 10.2.1.x network to access our internal website.  Would that be: static (inside,guest_inet) netmask ?  Since there is already an ACL permitting port 80 traffic to we should be taken care of on the ACL side of things, right?

View 3 Replies View Related

Cisco Firewall :: ASA 5510 - Anyconnect Client Can't Reach Inside Network

Jan 2, 2012

So, I've set up Anyconnect client access to an ASA-5510.
I've got a handful of interfaces, which contain hosts that should be accesible to anyconnect clients.  I'm unable to reach addresses on a specific network, due to what packet-tracer claims is an implicit deny, though I'm unsure where to apply an access-list in this case.
fw1# show nameif
Interface                Name                     Security
Ethernet0/0.205          SECURE                  90


View 7 Replies View Related

Cisco Firewall :: ASA 5505 Sending Email Alerts?

Oct 14, 2012

I will be configuring port forwarding to a phone system on the network for remote management. I would like to have the ASA send an email alert when a connection has been made to the open port. Is this possible to do and if so how to configure it.

View 1 Replies View Related

Cisco Firewall :: 5520 - Two Private To One Public Email NAT Going

Nov 8, 2011

How to setup this Nat on an ASA 5520 running 8.3.2 code? I know this must be possible as I can do the same thing on my Check Point with no issues. I need to Nat two dmz mail servers to one public mx record. I will have an F5 to load balance inbound and outbound traffic from the mail servers. So I need to Nat two private IP’s to one public.

View 1 Replies View Related

Cisco Firewall :: Does ASA 5500 Have Email Alert Function

Oct 7, 2012

If asa finds the abnormal behavior, can set up and send email to administrative mailbox?

View 6 Replies View Related

Copyrights 2005-15, All rights reserved