I recently bought an all brand new ASA 5510 and it is here by my side. I'm trying to configure it but when entering https://192.168.1.1/admin I get Page Not Found error on IE. I'm able to ping 192.168.1.1 and have success telnet 443 port.
View 13 RepliesThis is my first time to use the Cisco ASA 5500 family. I have a request from a user to create an access rule, to allow all LAN traffic to Destination IP address 165.241.29.17, 165.241.31.254 with Destination TCP port 5060,5061,5070 and UDP port 50000-52399.
View 9 Replies View RelatedI am trying to add 89,462+ access list rules to an ASA 5510 running 8.2(5). I have added all the rules to an object group and when I try to apply the access list to an interface it gives me the following error:
ERROR: Cannot add policy to rule engine ERROR: Unable to assign access-list wan-out to interface wan
I have not tried not using an object group and just putting the rules in the access list. I want to be able to add to these rules if needed easily.
I think it's clear that i have exceeded the rule limit for the ASA. So my question is, what is the rule limit for an ASA 5510 and which ASA could I purchase that would handle this amount of rules?
I have a 5510 with just a inside and outside interface, everything works on the lan inc internet access and exchange hosting to the net, but I have another exchange server on the wan and I can't get to that because I'm not natting inbound traffic and the default route sends traffic elsewhere.
If I put a nat any statement on the inside interface inbound it works, however all LAN internet traffic fails with a No translation group found error.I've removed the static nat commands as they are all named anyway, but below is what I have before I do a nat any inside inbound command global (outside) 1 interfaceglobal (inside) 2 interfacenat (inside) 0 access-list inside_nat0_outboundnat (inside) 1 0.0.0.0 0.0.0.0.
I'm having a problem configuring an ASA 5510. A previous employee started the config and left abruptly. He established a VPN Tunnel between two of our sites and that's working without an issue. The problem is, the network behind the 5510 at the remote location cannot access the internet.
ASA Version 8.2(1)
!
hostname PH-Firewall
domain-name pleasehelpme.com
enable password HXrQty4kqW8s8yeE encrypted
passwd ucA.qrYJWD9UyIFz encrypted
names
[code]....
I am confiuging a DMZ on my ASA 5510 but I have run out of physical ports, since I have dual Wan ports configured. I plan to implement a DMZ using subinterfaces. I have 2 questions:
1) Do I need to configure a Vlan to complete this task?
2) Do I need to re-configure the other interfaces for subinterfaces and/or vlans as well?
I'm trying to configure an asa 5510 8.2(1)?I have a range of pub ips 3*.108.234.145-150
>>> E0/0 3*.108.234.146 outside public
>>> E0/1 192.168.1.1 inside
>>> E0/2 192.168.3.1 dmz
would like to map dmz host 192.168.3.107 to external 3*.108.234.147 on port 5000 and 50001 LOCAL LAN should also be able to get to dmz host ports.i've tried a few configs and also following this example:
[URL]
without any luck, here is my config, also posted the out put of show arp which is able to see and ping the host on dmz, also the output of show access-list which shows hits to it.
prophase-pix(config-if)# show running-config
: Saved
:
ASA Version 8.2(1)
!
hostname prophase-pix
enable password encrypted
[code]....
I have turned on the aaa command authorization without applying adequate privileges to the user. I can now log in through that user but the ASA 5510 displays an error :ASA 5510# show running-config
ERROR: % Invalid input detected at '^' marker.
ERROR: Command authorization failed.
I am unable to make any configuration changes on the firewall. Is there any default user through which I can log in and disable the aaa authorization ? if not, how can I resolve this situation ?
I am absolutely new in the enterprise firewall world but I would like to start learning how to configure ASA 5505 and 5510. I did some research myself and I found that the material or the topic itself is a huge adventure (lots to read and understand). My company uses IOS versions until 8.2 due to the differences in the NAT-ting rules with 8.3 and 8.4.
View 1 Replies View RelatedI need to allow connection from IPHONE (in Internet) to connect Exchange on private network, synchronising with activesync (https) We have a microsoft TMG on frontal (inside network)
What is the method to parameter CISCO ASA using clientless access: Port forwardind? smarttunnel, web proxy? Nat?
i want the activesync request to cross ASA to go directly on TMG without asking password and user
Have a new ASA 5510 connected to the laptop via console. I need to load the IOS and the configure from another ASA. I have tftp client on the laptop. Do I just need to set the inside IP to the same subnet as my laptop? Will I need a crossover cable?
View 1 Replies View RelatedI have an ASA 5510 and I can not configure fine.
My problem is that I have 10 public address connected to ASA and each public address is redirectioned to an internal IP address.
An of these public address is the ip address of mi ASA.
how to configure and access-list and an NAT, the others I will configure.
interface Ethernet0/0
description Interface_WAN_World-Ttrends
speed 100
duplex full
nameif outside(code)
I have 2 ASA5510-SSL50-K9, can I configure HA Failover ?
View 7 Replies View RelatedI have a few devices that the manufacturer told us we have to set with a public IP (No Natting) We have Internet ->ASA5510-> Switch 3550 with 3 vlans. Up to now we have always use Natting to configure internet access to specific devices. I heard setting up a witch with one VLAN connected to the internet and all other internals is a bad idea. that was the only Idea we had.
View 3 Replies View Relatedhow to configure ASA 5510 anti X edition ? Can I have a link explaining the configuration step by step ?
View 2 Replies View Relatedi have a cisco asa 5510 and would like to add a NAT rule for a range of ports like 50000-59999
View 15 Replies View RelatedI have to configure a default-factory firewall (ASA 5510) in a simple scenário like this image represents:At this moment i have configured the interfaces as represented above and at this moment what i want is grant access from a LAN computer (10.10.0.0/24) to the internet.
Should i configure some acl? I read that all traffic from an interface with a superior security level to other interface is allowed, so since my inside interface has a security level of 100 and the outside 0, it should be possible access to internet from an inside computer?!
From all configurations and examples i have seen around, they all contemplate a fixed IP address from the ISP, but in my scenário i have a dynamic one. This fact matter for the configuration i want to do?
My firewall is running the software version 8.2(5).
Cisco ASA 5510 and I want to configure it as an access gateway following this .[URL] the basic configuration steps on what to do on ASDM.
View 2 Replies View RelatedI have inherited an asa 5510 whit 4GE SSM module installed. The asa runs fine, but i can not use the 4GE SSM ports. Using ASDM or console i can get and configure the gigabitethernet1/x ports but i can not get traffic on it. The ping from the console to the ip address of the Gigabitethernet1/0 is successful. On switches or hubs connected to those ports i can not see the port's mac address. The two Internal-data0/0 and Internal-data1/0 are down and i can get they up. How to configure 4GE SSM or ASA internal-data ports.
View 8 Replies View RelatedIs it possible to import the config of a 5510 to a 5520. Trying to replace two 5510's with 5520's and wondering is there a way import the existing config files for the 5510's into the 5520's?
View 3 Replies View RelatedI have one Cisco ASA 5510 with 2611 router two 2960 switch how to configure.
View 1 Replies View RelatedI am wondering if this is possible. We have multiple internet connections with fixed IP's coming into the office. We'd like to use one for FTP backup and another to service our websites. From what i have read a 5510 doesn't do policy based routing, but we'd like to configure our ftp server to use one of the internet pipes and our webserver to use another internet pipe. Is that possible?
We'd have two outside fixed IP interfaces and two internal interfaces. I could then use one of the internal interfaces for the web server and the other for the FTP server. consequently if the internal web server and FTP server use the fixed IP"s corresponding DNS server wouldn't that effectively route all FTP traffic out one interface and all web traffic out the other?
Then the FTP traffic would be NAT'ed to an internal interface and the HTTP & HTTPS traffic would be NAT'ed to a separate internal interface.
Then if each of the internal servers used the corresponding internal NIC on the ASA as it's gateway and the fixed IP's that correspond to the external DNS server, then it would affectively only use that gatway out for traffic? Would that work? Does it should route traffic out those pipes correct? Will the asa support two different next hop routers for the two different interfaces?
We have configured ASA 5510. We have configure Ethernet 0/0 ( Outside ) connected with ADSL line and Ethernet 0/1 ( Inside ) Local LAN. we have configured NAT and all the traffic is passing through outside interface. Now we have connected ethernet 0/3 ( leasedline ) interface with static public IP. Now we want to allow SMTP traffic to pass through from this interface.
How to configure it if we want our local lan SMTP traffic sending through new leased line ( Static Public IP ).
I have an 5510 ASA with 804 IOS. In that installed anyconnect (anyconnect-win-2.0.0343-k9.pkg) version. But when i am going to connect it from https:// I am getting the below error. So as a work around i tried to install anyconnect-win-2.5.6005-pre-deploy-k9.msi at my laptop and try to connect from https:// i am able to connect.
View 4 Replies View RelatedI have a ASA 5510 behind a 2911 router. I've trying to configure a remote access and site to site vpn tunnel. I've started on the remote access, and I have it setup, but I'm getting this error message with trying to authenicate from the VPN client (412 error)?
Nov 11 09:52:45 [IKEv1]: IP = 68.51.100.192, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 428
Nov 11 09:52:51 [IKEv1]: Group = tfx-tg, IP = 68.51.100.192, Duplicate Phase 1 packet detected. Retransmitting last packet.
[code]....
I am constantly getting a few errors in my ASA 5510 and 5505 from the same IP. The IP of my NMS server, which has also stopped recieving SNMP data from these two VPNs.
Syslog Id: 713048 Error process payload: Payload ID: 1
Syslog ID: 713902 Removing peer from peer table failed. No Match.
Syslog ID: 713903 Error: Unable to remove PeertblEntry
I have tried to configure ACL to let traffic through. SNMP traffic to be more precise, but since I am fairly new to cisco firewalls and SNMP in general this has proven very difficult.
I have a cisco ASA5510 and I'm having fun experience some configurations.I can not connect to VPN, windows me error 809. I configured the firewall to accept connections to microsoft L2PT/IPsec client by authenticating users on the domain controller LDAP.
Clientless vpn connection work, so the server connection is correct. [Code] ......
I have configured remote access VPN with radius authentication in my firewall ( ASA 5510). When tried to connect the VPN with Cisco vpn client, the following error is showing,
"Error: Secure VPN connection terminated by Peer. Reason 433 (Reason not specified by peer)".
I'm opening a new topic related to my problem with the VPN connection, to avoid confusion, since there are many, in the old information, no longer required.
I would like to configure my ASA5510 L2PT/IpSec to accept connections from Windows clients. I happen to authenticate via AD credentials. When I try to connect is because the error 691. I enabled debugging on the machine the following:
debug crypto isakmp 3
debug crypto ipsec 3
debug ldap 255
I have a HP G60 Series. Im trying to bridge connections with my xbox and wifi and i cant because it says "you don't have sufficient privileges to configure connection properties
View 1 Replies View RelatedI've got some problem with my Mail Server since I've migrated to an ASA5510.Actually the server is in a DMZ with a private Ip ( 10.x.x.2) and it is translated to a Public IP ( 194.x.x.65).I use these configuration :
static (DMZ,LAN) 194.x.x.65 10.x.x.2 netmask 255.255.255.255 static (DMZ,LAN) 194.x.x.66 10.x.x.3 netmask 255.255.255.255 static (DMZ,WAN) 194.x.x.65 10.x.x.2 netmask 255.255.255.255 static (DMZ,WAN) 194.x.x.66 10.x.x.3 netmask 255.255.255.255 static (LAN,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.248.0
Some Users received in there mailbox a system administer error message :
Object : Impossible to deliver : test Your message could not be deliver to one or more of its recipients: 421 SMTP connection went away!
When they try to re sent it some times later, message is sent without problem.
My printer has an error saying cannot connect to network......this problem occurred when i made a secure internet connection. I have tried resetting everything , unistalled printer software, i have changed all kinds of things on my router page . Apparently not the right things. I have a Dlink 524 router , Hp photosmart 5510 printer and 2 laptops.
View 1 Replies View Relatedmy Cisco ASA 5510 doesn't save the configuration to the disk.
View 1 Replies View Related