Cisco Firewall :: ASA 5510 ISP1 Does Not Respond
Nov 8, 2012
I have an ASA 5510 and two IPS connections. I need ISP2 to take over when ISP1 does not respond. I have followed the following link ASA/PIX 7.x: Redundant or Backup ISP Links Configuration Example and as far as i can see this part is working. I disable interface for ISP1 and the routing table changes its static route to ISP2. When i enable ISP1 again the static route changes to ISP1. However no traffic flows to the outside. I have set up a nat rule that is the same as for wan1.
View 10 Replies
ADVERTISEMENT
Jun 20, 2011
is this possible to configure HTTP traffic to ISP2 and Static NAT to ISP1 on ASA5520?
View 2 Replies
View Related
Apr 5, 2012
I'm trying to set up an 802.1 q trunk between my layer 3 switch and ASA5520. I understand I need to create a subinterface to accomplish this and have done so. However, the subinterface does not respond to pings, and when I attempt to run the packet tracer on the firewall itself, I get a message saying Flow is denied by configured rule. But the strange thing is it shows the output interface as "np identity ifc":
(The VLAN in question is VLAN2 192.168.2.3 is the VLAN2 address on the switch). The ASA config is as follows:
ASA Version 8.2(5) <context>
hostname context2
names
!
interface GigabitEthernet0/0.2
nameif Inside0/0.2
[Code] ....
View 3 Replies
View Related
Dec 13, 2011
In order to meet our requirements we had to configure PAT for TCP 80 on 2 external IP addresses to one internal IP in DMZ. TCP port 80 is being translated for both external IP addresses and it works as expected. However, since we have migrated to ASA both external IP addresses don't respond to ICMP echo requests generating following error:
%ASA-3-106014: Deny inbound icmp src outside:<Source IP> dst outside:<Destination IP> (type 8, code 0)
Previously we have been using Cisco router to achieve the same objective and it worked well.I have noticed that when I add "same-security-traffic permit intra-interface" to a configuration the message mentioned above stops appearing in a logs.
As far as I can tell ASA sends packet back through outside interface, despite the fact that appliance advertises its mac address in response to arp request for the same external IP address.Is there any way to make ASA realise that it should respond to ICMP echo requests on external IP addresses that have forwarding setup?
I do realise that ICMP would work in 1-to-1 NAT scenario, but we can't apply 1-to-1 NAT for 2 external IP addresses to point to one internal IP address.
View 11 Replies
View Related
Dec 19, 2012
I have a Cisco 4404 WLC that is up, has green status light, the interfaces are showing activity. I see it connected to my Cisco 6500, (Sh port status) it shows connected and trunking,; I also see a lot of activity on the interfaces. Also it will not let me console in, I can console in on my other Cisco 4404 WLC's with out and issues, so I know my cables and configure are correct. The only change a I made today was the time zone. I noticed the time was off by a hour and noticed that the time zone wasn't set so I set it correctly. Shortly after that I saw the WLC go belly o up in my WCS. I tried rebooting the WLC several times without luck. Since I can not gain access via the console I can not really trouble shoot.
View 10 Replies
View Related
Aug 2, 2012
Cisco 851 router Apple Ipad 3 using IPSEC setp get this message The VPN server did not respond. I have tried Anyconnect that gives me Cannot verify server identity anyconnect can't verify the identity of ios-self-signed-certificate-1164042433 would you like to continue anyway? hit continue and it just goes off. I was asking if If get an ASA 5505 to replace my 851 it would work in my environment.
I have 15 computers accessing the web thru the 851. I host a web site on one of my servers. I have a static ip address. I also host exchange server and have remote web access to my exchange as well as remote outlook users. I can VPN thru the 851 using the cisco client on Windows 7 and vista and even xp. Would like to use the native windows client and get my iphones and ipads working. Can the ASA5505 support the above? Was also looking at the cisco 1841 how about that one?
View 8 Replies
View Related
Mar 3, 2012
It is good at times but usually it gets slow and web pages come up with "The web page is taking too long to respond". When I run Diagnose, sometimes I get the computer is correctly configured, but something is wrong with the DNS server (I dont know what that is). I have a NetGear CGD24G Wireless Router that was supplied by Charter when I got internet from them again. I also run Windows 7.
View 12 Replies
View Related
Apr 8, 2012
SGE2010P won't Switch respond to login after reboot
View 1 Replies
View Related
Oct 23, 2012
I hope an easy question, in the WAN profile of our SA540 I have IP Aliases configured for a block of IP addresses we have. The active 2 IP addresses plugged into the actual RoadRunner modem respond fine to ping, the other three I have programmed to the WAN interface are not responding as I would think they should. Have I overlooked something? The "Block IP on WAN Interface" is disabled and pings back fine.
View 3 Replies
View Related
Sep 22, 2011
I've been using my 2509 router as an access server for my 3 routers, 1 frame-relay (3640) and 4 switches for the past 2 months and it work great till this morning. As soon as the async lights on when i try to connect, it just hangs. It doesn’t respond to anything. No key hits not even disconnecting the console to where im connecting too. (from router to router) if i reboot the router with out the cord plug in (the async) i can use the router with all functions working great; But as soon as i connect the async cord.
The lights blink and poof router is gone. No response. i just cant figure how from one day to the next it doesn’t work.I haven't tried a different cable yet but i tried disconnecting all console connection and just left the plug in and boot. This works but as soon as i connect to any console port physically it gone. No response?i cleared all my configes and its blank and it still just doesn’t respond as soon as i connect any thing (after configuring all the basic)
ive tried these
line 1 8
no flush-at-activation
no login local
no modem Dialin
no exec
speed 9600
still no good?
View 3 Replies
View Related
Jul 19, 2011
I just got digital cable, phone and internet and when I try to use the digital phone and internet at the same time, the internet wouldn't work. Its connected through Netgear N300. The wireless connection will not stay connected.
View 1 Replies
View Related
Feb 6, 2013
About a week ago, our network started to experience complete failure.
Our Equipment:
Router: Netgear FVS336.xxx
Switch: Dlink DES-1024D (we have 6 of these switches in our building)
Wifi Routers: Dlink DIR-601, Linksys wrt54g, wrt54gv2
Computersservers: 40x
Copiersfax: 5x
Wireless clients: (iphones, laptops) at least 30
All has been working together in harmony for many years.Fast forward to last week when my hell began with intermittent crashes.Not sure what's causing the problem.When it happens, everybody loses their internet, the ability to communicate over the network; ping tests won't respond to anything (including the router) that exists on the lan, even with a static IP against other statics.In visually inspection of the switches and router, they seem to be happily blinking away with no apparent issue (visually).The only way I've been able to fix the problem is by power cycling the router.About 1 second after doing that, we're back in action for 2-6 hours (very unpredictable).I never had to power cycle any other devices)
Steps I've taken in troubleshootingeliminating potential culprits:
Replaced the router with a spare (new) FVS318G
Replaced the power supply for the router (suspected because problem remained after router swap)
Replaced cable going from router to lan switch
Removed linksys wifi router from network (the router had needed power cycling weekly and was old. So I unplugged it)
Removed Dlink wifi router from network (I hate dlink routers, so removed it).I'm at a loss.
View 1 Replies
View Related
Jan 18, 2012
I have a DIR-655 (HW rev A2) that has worked mostly fine for a long time. Today I decided to do a firmware upgrade, and in preparation I backed up my custom config settings and did a hard reset via the factory reset button on the back of the unit.
Since then, the unit itself has been inaccessible from my computer. If I connect the DIR-655 and a PC with a network cable, the appropriate light goes on on the front of the router, but the client does not lease an IP address from the router and I can't access the router home page at 192.168.0.1.
I have tried the reset button again and also power-cycled multiple times, and I have tried connecting from multiple computers, all with the same unsuccessful results. how to "un-brick" the device?
View 6 Replies
View Related
Nov 3, 2012
I've been noticing that occasionally our 2nd Gen RV082 fails to allow internal admin management until a manual restart. After the restart, all seems to be fine and traffic/router is very responsive. The following describes typically how the issue occurs: Internet traffic is rather slow and unresponsiveContent is failing to load for end usersWebsite are loading but with images or css failing to loadWebsites fail to load and appear offline (not all, but some such as ebay for example)We recognize there is a problem, let's try to access the local router adminFails to load the log-in prompt, so we manually reboot the deviceAll is operational for now We are running Firmware Version: 2.0.0.19-tm. [URL]
View 2 Replies
View Related
Jan 29, 2012
How can I measure a respond time from a switchport to another? What I intend to do is to measure packets transmission from a server. I have a Cisco 3750G in stack, and the server is connecting to it with a 1GE NIC. How do I measure from Cisco prospective? Any tools available from Cisco to measure such respond time? I have a PRTG on bandwidth management on this particular server switchport and it is around 45-70Mbps, which is less than 10% of 1GE interface.
View 3 Replies
View Related
May 22, 2013
We are experiencing a lot of these RADIUS failed to respond messages on our WLC's leading to a lot of RADIUS server hopping within the WLC.We are using Cisco 5508's, 1142 AP's and a Microsoft NPS RADIUS backend. SSID is WPA2+802.1xThe first workaround to this problem was to disable aggressive failover on the WLC. But this is only a temporary fix, because in the end, there will be more than 3 consequetive clients, failing to authenticate to the WLAN network. As a result, the WLC will swap to the 2nd RADIUS server configured.When we dived into this a little bit more we saw the following messages being logged on the RADIUS backend at the time we saw the RADIUS messages on the WL:Event ID: 6274: Network Policy Server discarded the request for a user.
View 16 Replies
View Related
Feb 6, 2012
I have several windows 2003 virtualized on linux + kvm envirorment.One of them has a strange and unpredictable behaviour: windows 2003 network stop to work.Suddenly it's not possible to ping it. The services are not reachable.Usually it's enough to disable the network card and enable it again.At first I thought something about virtualization but there is another windows 2003 on the same server, with a network card on the same bridge, using the same drivers.
View 1 Replies
View Related
Jan 20, 2011
In each case, the routers have functioned flawlessly for a period of 2 to 8 months, then suddenly begin to require daily to hourly reboots to keep the speed up, and often times fail to respond to any web activity whatsoever. Ping tests are intermittent, sometimes failing but other times succeeding while web sites remain unresponsiveFor three years I lived with two or more room mates at a time, each of us with our own computer (or 2) and all doing a lot of peer to peer downloading. I realize a router can overheat during heavy use like this, so buying new routers so regularly has seemed vaguely understandable. However it doesn't seem like that is the case in my most recent failure.I've lived alone for the past 3 months, and have owned the Belkin Play Max N600 HD since. I have NOT been P2P downloading or putting a heavy load on my router in any way (or so it seems). Yet as of about two weeks ago, it has suffered a major slowdown just like all of its predecessors. Yet my 30 mbps internet connection roars to life the moment I plug the modem directly into a computer.
My desktop remains on 24/7 but like I said before, I do not do constantdownloading/uploading. Both wired and wireless connections are effected equally, and I have always kept all my routers WPA encrypted.When websites become unresponsive on my Belkin today, it is usually after everything has been sitting idle for some time (overnight, or all day while I am at work). Speaking of work, today is a perfect exampleI remoted into my home desktop and was able to interact just fine, yet when I would launch a browser and try to load any website at all, I get absolutely nothing. I had to transfer a text document through DropBox (which also still worked) because I couldn't get Google Docs (or gmail) to load on the remote computer
View 9 Replies
View Related
Feb 12, 2013
Setting up NTP. Currently the source for NTP within our network is our core 6500.Currently the NTP source for the 6500 are internet based NTP Servers. I would like to configure the 6500 to respond to NTP messages as the NTP Master. However will the 6500's source remain as the internet based NTP Servers?? In other words if the 6500is configured to be NTP Master, where would it get it's time from?
View 5 Replies
View Related
Jun 20, 2012
I've just installed an SG300-28 (v01) switch configured in layer 3 mode with 1.0.0.27 firmware. It's working just fine except that when running a traceroute across the switch, it does not respond with an ICMP-11 time exceeded packet. Does this behavior persist in the current 1.2.5 firmware?
View 1 Replies
View Related
Apr 8, 2012
I've just purchased a new X3000 and have spent the last 2 days trying to set it up. I can connect to the router and see the settings via the default 192.168.1.1. However when I try to get an internet connection, I keep getting this message :"Timed out waiting for authentication server to respond. Please verify that you have a network connection or contact your network administrator for assistance (412)"I'm using my company-supplied VPN software to connect to my company network, and this is mandatory for me. Not sure if the issue is with this connection software.I bought the X3000 to replace my WAG160N, which was a breeze to set up compared to the X3000.
View 2 Replies
View Related
Sep 23, 2010
I recently bought a Linksys WAG160N v2 model to replace my old setup of a Linksys WRT54GL + ASUS AM604g (ADSL2+ Modem) i had.I've set it up to dial my ISP's PPPoE connection as i had on the previous setup exactly, And it seemed to work at first.But now i've randomly noticed the connection just dies - the router doesn't respond to wireless at all anymore, and connecting from a wired machine shows the PPPoE link died, while the log says something along the lines of "PPPoE connection terminated: transport endpoint not connected" followed by a big number with lots of zeros and :'s. Probably some kind of IPv6 error address? note that i am not using IPv6 myself nor does my ISP provide any such addresses.
I've already upgraded the firmware to latest and installed the newest WiFi drivers on the machine i was connecting from wirelessly (has an Intel Wifi Link AGN5300 module).
View 9 Replies
View Related
Apr 14, 2011
I have the revision b version of the dir-655. I'm having a couple issues which im not sure if are related to the dir-655 or something else.
I used to be able to do this, then all of the sudden (I may have changed something) I cannot anymore. The issue is: If I try and access my linux server using http://[My Public IP Address]/ from *inside* my LAN, It will time out and not connect. If I try and access my same public ip address from *outside* my LAN, it works fine.
My router was noticeably slow to respond when navigating the menu system. Then, I changed the ip address to 192.168.0.2 (previously it was 192.168.0.1) and all of the sudden its fast again. I tried rebooting and power cycling before I changed the IP and it was always slow using 192.168.0.1.
View 3 Replies
View Related
Feb 26, 2013
I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
[Code]......
View 9 Replies
View Related
Feb 5, 2012
I need to create a firewalled segment that not only separates hosts from general population, but also from each other. The solitary confinement of firewalled segments.I know that I could create a bunch of sub-interfaces, one for each host or group that needs to be isolated, but I'd really rather not have to do that if possible. 1) It could become a management nightmare between ACLs and sub-interfaces and 2) it's a waste of IP addresses.s there any way that I can create a bunch of separate VLANs behind the firewall and have them all terminate at the firewall, using a single firewall IP address for the gateway?
VLAN 1 - hosts 1.1.1.5 and 1.1.1.6VLAN 2 - hosts 1.1.1.7
Firewall DMZ Interface - 1.1.1.1VLAN 3 - hosts 1.1.1.8 and 1.1.1.9
This way, the hosts are isolated and can't talk to each other unless they're on the same VLAN.I'm working with an ASA 5510 running 8.2.4(4).
View 1 Replies
View Related
Jun 22, 2011
I have a ASA 5510 firewall with CSC module and Security Plus license for CSC module.Will you tell me how to configure my firewall to send emails to particular mail ID when someone login into the firewall or any virus attacks from outside.
View 6 Replies
View Related
Apr 24, 2012
We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510. One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover. I have configured a number of isr's for this and i know it works good.
View 1 Replies
View Related
Nov 22, 2011
I am confused on how acl's respond on normal cisco switch (eg.6500) when applied on respective vlans. this is my scenario:on a 6506, i have 2 main vlans in question: Vlan 100 ( vendor1 - 172.16.100.0/24 ) & Vlan 200 ( vendor2 - 172.16.200.0/24 ). the requirement is,
- vendor1 should be able to access/ping vendor2 end points
- vendor2 should not be able to access/ping vendor1 end points
Now, if i ping from a host 172.16.100.11 in vlan 100 to another host 172.16.200.21 in vlan 200, will i be able to get a successful response ?
View 4 Replies
View Related
Oct 20, 2012
I would just like to to open UDP port 123 in the ASA 5510 Firewall so that our Primary Domain Controller could use this port to sync time with an external time source. We have already added an access rule for this port under the firewall configuration in ASDM 6.4 and this port was also allowed in the inbound and outbound rule of the PDC's Firewall but it seems that it was still blocked.
View 23 Replies
View Related
Nov 15, 2012
I am quite new to firewall, in my company one asa 5510 firewall is there.I configured inside, outside, dns, dhcp and nating.I need to config bandwidth limit (1Mbps) for inside port and I restruct like facebook, youtube and pornsites..And I heard that some subscription is required, really is it required?
View 1 Replies
View Related
May 21, 2013
I have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via eithier. When I access It via SSH I get a disclaimer saying the following
*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***
It then cuts me off.
When I try to access the ASDM I get the following
The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with
http 192.168.200.0 255.255.255.0 inside
View 4 Replies
View Related
Nov 21, 2011
I have just configured identity firewall on our ASA 5510.I have 3 nodes that authenticates against Active Directory, using the Windows Server 2008 R2 builtin Network Policy Server: A laptop, a stationary PC, and a Android Phone. All 3 nodes are authenticated using the same user/password.
Now, in ASDM -> Monitoring -> Properties -> Identity -> Users, I can see two of the nodes with my user name attached to it, namely the laptop and the stationary PC.But not the Android phone.
Then it dawned on me. To set up the ADAgent properly, you have to apply 2 group policy entries. Unfortunately, those 2 entries are applied to the Computer Configuraton part of the Group Policy.This means that your COMPUTER has to be a member of your domain for USER IDENTITY to work.So my Android phone and other nodes not a member of the AD Machine Store will never be detected by identity rules, and can roam the network free.
View 2 Replies
View Related
May 14, 2012
I'm trying to install an ASA 5510 transparent firewall using ASA version 8.4(3)9 but I don't understand how traffic will ever pass through my firewall if both interfaces are on the same sub net(V lan) as the host and it's default gateway? The reason I'm doing this is were installing UAG (or Direct Access) and the UAG appliance need to have public IP's but still be behind a firewall (see attached diagram).
Looking at the documentation (which all seems to be for 5505's running 8.2) it almost seems like i need to have the transparent firewall 'in-line' to the ISP router?, but this router services another IP address range on another v lan for other (routed) firewalls (not shown on diagram) so putting it 'in-line' is not possible. Surely this can't be the case can it? If not how is it supposed to be cabled up and configured so packets go through the firewall?
View 3 Replies
View Related
