I was wondering if i can create (a) bookmark(s) of resources which are located behind a particular Site-to-Site VPN?We are using a Cisco ASA 5510 (9.0.2) with SSL VPN configured. The tunnel is up but when i try the bookmark, i get the error "server unavailable".
View 2 RepliesI have recently deployed a Cisco ASA 5510 Security plus firewall on my companies network, but there is a problem that I am finding hard to get by and I think it is ASA related.
From (inside we are not able to hit any of our sites that are on the (outside). I have nat policies in place to translate the public to private, but I think I that I need some thing more. This seems to be occuring mainly with our external web sites as well as another animoly with regards to FTP (but it may be fixed if the http issue is resolved.)
I was hoping some with a lot more knowledge on ASA firewalls than my self can spot the error in my run-cfgs.
[code]....
Came across problems with missing Bookmarks on an SSL RA VPN (ASA 8.4, ASDM 641)?I have an SSL group policy which is configured to use a Bookmark list. When a user signs into the SSL VPN, they can see other settings that have been manually configured such as Smart Tunnels but no bookmarks appear. I know the user is receiving the correct group policy (I created a banner which the user gets successfully when they sign in) but I'm at a bit of a loss.
View 3 Replies View RelatedI've got a VPN setup on an ASA 5510, it connects fine and my users, and myself are able to remote desktop, and ping. However, when accessing the servers by hostname I get nothing. When I want to access a fileshare I have to do it by IP. I've got my internal DNS added in the config.
View 3 Replies View RelatedWe have an Asterisk/FreePBX phone system located behind an ASA 5505 device where we are having problems with sip inspection.
We connect to three different phone providers, and things works as expected for 2 of the 3 providers,but for the last one (Draytel) we are having problems with sip inspection.
The key difference about the VoIP provider where we are having problems is that they are using differetn servers for the voice (RTP) traffic than the server we are registered with to establish SIP sessions.
sip inspection is configured with the default out of the box options.The problems we see are this:
1. For ingoing calls sip inspection does not open the required pinhole to allow the traffic to flow through. As a result we can not hear the voice of the calling party, but voice from our side is passed through ok.As a workaround we have added and ACE allowing traffic in the used UDP (RTP) range from this VoIP providers ip addresses to pass through the ASA, and with that in place incoming calls work.
2. Outgoing calls doesn't work because sip inspection doesn't kick in, and as a result of this we forward internal ip addresses in the SIP / SDP body to the VoIP provider. I'm not sure whether this is a consequence of sip inspection not kicking in for this provider, or a result of having added the ACE for an ip ragnge that covers the ip address we register with.
As stated above sip inspection does work as expected for two other providers where all traffic goes through a single server.We actually have had this working with ASA firmware 7.2(4), but as that version intermittently had a problem where sip inspection would stop working (fixable by power off/on or a clear command), then we decided to upgrade.
I am getting to many teardown tcp connection for outside interface.
i want to block this ip using CISCO IPS or using A access-list in ASA 5520 .
Since we upgraded our ASA from 8.3 to 8.4(4), VPN users cannot access resources. This worked fine until the appliances were upgraded. We get the message:
[code]....
i just installed a pix515e ( ios ver 6.2) in my network. and the vpn users can connect to it from the internet successfully but they aren't able to connect to any of the internal resources. some other informaion: i configured nating between the internal network (10.0.0.0/24) and the internet and another static nat policy between an internal resource through another public ip address on outside interface. but right now i need to let the vpn clients to connect to my internal resources.
View 5 Replies View RelatedASA 8.21Within a clientless WebVPN homepage, is there a way to open a listed link/bookmark in a new tab? When I try to do it with the browser (right click.. Open in New Tab) it simply opens the site in the current tab.
View 2 Replies View RelatedWe have 2 ASA5520's running SSL VPN, we would like to allow users to create their own bookmarks but so have been unable to find out how
View 1 Replies View RelatedI just reinstalled windows and am trying to restore my previous settings. I was wondering how to do that, specifically with the bookmarks.I originally saved my bookmarks with an export, and I have the saved file.I cannot seem to get my bookmarks back. I have tried all of the options.I am using the internet browser, google chrome.
View 2 Replies View Relatedwhere is the WEP located on my att Motorola router?
View 1 Replies View Relatedhow do i connect my dvr to a router that is in another room is there a way i can do it wireless
View 1 Replies View RelatedI want to use the flexconnect in the same network where the wlc is located. Normally we will do it for over WAN and branch office. But I want to use in the same main office to avoid more bandwidth utilization on my distribution layer. Wlc is connected on Distribution switch.I want to do local switching in the access layer switch.
The below is the sample topology. But real topology contains nearly 200 AP's(3600 series) and 20 access switches and so on.....So there is a chance of 200 AP * 350 Mbps can flow on the distribution layer.So ,
1)If I use flexconnect any issues will be occuring?
2)Does it cause any impact on VOWLAN?
Where can you find the security key in a wireless router
View 18 Replies View RelatedI am renovation my own house, and I have started to hard wire for the network/s, but I am also trying to incorporate so much more than any previous “wireless” setup I have had, well I am a bit confused to say the least.I would like to set up a home network and media server system which includes:Internet browsing (multiple rooms and wireless) File sharing, printer sharing, scanner etc Music/Video sharing/streaming, TV etc.I have started wiring (we are renovating) with Cat5e, and have just replaced the old POTS (telephone) wiring with Cat5e and taken the individual telephone wires (including the incoming telephone cable) back to one central connection unit in a network patch panel. This has improved the speed of my DSL download connection speed from 1.2mbs to 6.2mbs. unreal!, so that did get me a bit fired up!I am currently wiring data points (Cat5es from each room) back to the same panel, but to be honest I am not really sure where to go from there! Also, I have wired Sat cables back to this point ready to be connected to sat TV (dish) in case if we get it. This patch panel is in a small passageway that goes through to the garage from the house. It is conveniently located next to the mains board which I have just replaced. My original idea was to put any extra needed equipment in the same location, but looking at it, I think that I may have to think again, for there is little room. I have found a small alcove in the upstairs games room which has a shelf, and which could take any hardware, also it will be dust free (unlike the place leading to the garage). I can run as many cables as needed from this location to the patch panel, but obviously I would like to know how many, as I am not familiar with networking on this scale, my only other experience being wireless setups. For example, would the switch need to be located where the patch panel is, or else can it be on the shelf with the other stuff? (away from the panel), and the existing D-link 4 port router?? is this no longer required?Im presuming i will need an old PC or some sort of media storage device here too... no ideas with this either. Have tried asking three different computer stores, got three different answers...?!
Have I dropped a clanger wiring to the passageway, when infact any server/switch or whatever wont be in the same location?Also, I am planning on getting a MAC book, and would like to use this on the system sometimes (might not be relevant), just thought to mention. And, I was thinking of trying Linux, as I am fed up with all the windows problems. But not sure if that is a good idea either.We have TVs in the (when its finished) media room, also three other areas, which I would like to get connected so that they will be able to get either TV or watch a film from storage wow this is getting complicated and if it matters I do have a PS3, which we only really bought to use as a TV storage system/recorder.
I have tried numerous times to install the disk and the adapter, but it always says it cannot locate the adapter. I know that the ports (I have tried them all) are working properly because they have been in use. I tried the chat. He suggested I call the 1-800 number. I don't have time to wait on hold forever, which I did anyway until I finally hung up.
View 5 Replies View Relatedwhy my router will not synchronize with an NTP server located an off-site facility; the NTP server is located at the Naval Observatory. I have a Cisco 7200 VXR IOS 12.4 The clock and calendar both are set correctly.
View 2 Replies View RelatedWe have 2003 Domain With Active desktop enable for client.Problem Is who ever loging in to my domain they are getting desktop icons in blue color.i have check these but no result
1}My computer properties-advance- performance
2} desktop right click -arrange icons -lock web items on desktop
3} i have checked with display properties.
I am having difficulty getting my HP Officejet Pro 8500(A910) configured to save digital faxes to my Iomega 2TB Home Media Sever (cloud edition). My home network is setup through a Linksys E4200.I was able to successfully configure it to save to a folder on my PC, but I do not want to leave it running 24/7.I believe the breakdown is in the Authentication part of the setup... It asks for the Windows username and password, which works fine for the PC setup but not for anywhere else. Do I use the UN & PW for the home media server if I'm saving to one of its folders? If so, how do I correctly type the path? It is communicating with the folder and leaving an alphanumeric file saved inside the folder when I use the 'save and test' option, but it breaks down from there.
View 1 Replies View RelatedI got asked recently to start working on QoS for our networks. I have dealt very little with this. I ordered the Cisco Press QoS book and have been saving information from Cisco's website on this.
View 5 Replies View RelatedI have set up a smal LAN in my home with two Windows XP PCs connected tot he Internet using a DSL connection. I have a DSL router box connected to the DSL and to a small switch. My two PCs connect to the switch. I can browse the Internet from either PC. However, I discovered that each PC cannot use the resources on the other PC. What is the problem and what do I do?
View 14 Replies View RelatedI have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
[Code]......
I need to create a firewalled segment that not only separates hosts from general population, but also from each other. The solitary confinement of firewalled segments.I know that I could create a bunch of sub-interfaces, one for each host or group that needs to be isolated, but I'd really rather not have to do that if possible. 1) It could become a management nightmare between ACLs and sub-interfaces and 2) it's a waste of IP addresses.s there any way that I can create a bunch of separate VLANs behind the firewall and have them all terminate at the firewall, using a single firewall IP address for the gateway?
VLAN 1 - hosts 1.1.1.5 and 1.1.1.6VLAN 2 - hosts 1.1.1.7
Firewall DMZ Interface - 1.1.1.1VLAN 3 - hosts 1.1.1.8 and 1.1.1.9
This way, the hosts are isolated and can't talk to each other unless they're on the same VLAN.I'm working with an ASA 5510 running 8.2.4(4).
I have a ASA 5510 firewall with CSC module and Security Plus license for CSC module.Will you tell me how to configure my firewall to send emails to particular mail ID when someone login into the firewall or any virus attacks from outside.
View 6 Replies View RelatedWe were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510. One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover. I have configured a number of isr's for this and i know it works good.
View 1 Replies View RelatedI would just like to to open UDP port 123 in the ASA 5510 Firewall so that our Primary Domain Controller could use this port to sync time with an external time source. We have already added an access rule for this port under the firewall configuration in ASDM 6.4 and this port was also allowed in the inbound and outbound rule of the PDC's Firewall but it seems that it was still blocked.
View 23 Replies View RelatedI am quite new to firewall, in my company one asa 5510 firewall is there.I configured inside, outside, dns, dhcp and nating.I need to config bandwidth limit (1Mbps) for inside port and I restruct like facebook, youtube and pornsites..And I heard that some subscription is required, really is it required?
View 1 Replies View RelatedI have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via eithier. When I access It via SSH I get a disclaimer saying the following
*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***
It then cuts me off.
When I try to access the ASDM I get the following
The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with
http 192.168.200.0 255.255.255.0 inside
I have just configured identity firewall on our ASA 5510.I have 3 nodes that authenticates against Active Directory, using the Windows Server 2008 R2 builtin Network Policy Server: A laptop, a stationary PC, and a Android Phone. All 3 nodes are authenticated using the same user/password.
Now, in ASDM -> Monitoring -> Properties -> Identity -> Users, I can see two of the nodes with my user name attached to it, namely the laptop and the stationary PC.But not the Android phone.
Then it dawned on me. To set up the ADAgent properly, you have to apply 2 group policy entries. Unfortunately, those 2 entries are applied to the Computer Configuraton part of the Group Policy.This means that your COMPUTER has to be a member of your domain for USER IDENTITY to work.So my Android phone and other nodes not a member of the AD Machine Store will never be detected by identity rules, and can roam the network free.
I'm trying to install an ASA 5510 transparent firewall using ASA version 8.4(3)9 but I don't understand how traffic will ever pass through my firewall if both interfaces are on the same sub net(V lan) as the host and it's default gateway? The reason I'm doing this is were installing UAG (or Direct Access) and the UAG appliance need to have public IP's but still be behind a firewall (see attached diagram).
Looking at the documentation (which all seems to be for 5505's running 8.2) it almost seems like i need to have the transparent firewall 'in-line' to the ISP router?, but this router services another IP address range on another v lan for other (routed) firewalls (not shown on diagram) so putting it 'in-line' is not possible. Surely this can't be the case can it? If not how is it supposed to be cabled up and configured so packets go through the firewall?
I currenty have 2 cisco 5510 firewalls one of the firewals is completly dead but contains a Cisco ASA SSM-10 can i remove this card and just place it into a working unit, will i have any problems doing so.
View 1 Replies View RelatedI am unable to see 4th interface on my firewall i.e fastether0/3 on my firewall ASA 5510.
Below is the output.
ciscoasa# sh int ip br Interface IP-Address OK? Method Status Protocol Ethernet0/0 x.x.x.x YES CONFIG up up Ethernet0/1 x.x.x.x YES CONFIG up up Ethernet0/2 unassigned YES unset administratively down down Internal-Control0/0 127.0.1.1 YES unset up up Internal-Data0/0 unassigned YES unset up up Management0/0 192.168.1.1 YES CONFIG up up