Cisco Firewall :: ASA 5510 - Access Network From Outside( Like VPN Users)?

Dec 9, 2011

I configured one ASA 5510 firewall with CSC-SSM-10 in one of my customer location.
Here i want configure my firewall to send email alerts to particular mail ID, if anybody any access my network from outside( Like VPN users).

View 1 Replies


Cisco Firewall :: ASA 5510 - Users Unable To Access Internet Through Firewall

Feb 26, 2013

I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show  running-config
: Saved


View 9 Replies View Related

Cisco Firewall :: 5510 Access List For Remote Vpn Users

Apr 5, 2011

How to designate access-list for the remote access vpn users in order to let them access specific subnet or host,asa 5510 and acs is in the picture

View 9 Replies View Related

Cisco :: 5510 - VPN Users Needs Access To All L2L Segments

May 17, 2013

Client has a Cisco ASA 5510 with 4 L2L VPN's all using 5505's
The L2L connect to the "outside" interface as do the VPN Users (I'm leary of this
The VPN Users need access to the "inside" networks and all L2L subnets.
The VPN User has its own subnet ( seperate from the Local LANs (
When the Users VPN in they can get to all the subnets connected to the inside interface but none of the L2L subnets
I have verified that the UserVPN Subnet is in the crypto acls and in the route statements of all L2L 5505s

View 3 Replies View Related

Cisco VPN :: ASA 5510 / How To Provide Only RDP Access To A VPN Users To Internal PC

Sep 27, 2011

we have a ASA 5510 firewall and i have created remote vpn user who connects the internal network via vpn any connect after connecting i want him to only access his internal PC via rdp and not access other internal website or shared folders without connecting to the RDP however now he can access the internal website wihtout connecting to RDP?

View 3 Replies View Related

Cisco VPN :: 5510 Restrict Remote VPN Access For MAC OS X Users

Feb 12, 2013

I need a way to block MAC OS X users connecting remotely to our coporate users over VPN. I know there is an option to block connections based on VPN client Version, but cant find a way to block users based on operating system.
We use Cisco ASA 5510 firewals one with v8.2(1) and other with v7.2(3). I need to do on both firewalls. They are both at diffrent sites.

View 4 Replies View Related

Cisco Firewall :: 5510 Running Code 7.2 With Ssl Users

Mar 21, 2012

I Have an asa 5510 running code 7.2 configured with ssl vpn,ssl vpn users able to connect to to portal which i have configured with the required resources,but the thing is that these ssl users unable to upload files to cifs shared directory , although they have full access to the shared folder

View 0 Replies View Related

Cisco Firewall :: 5510 - Verify Wrong Password For VPN Users?

Apr 8, 2011

when u use the debug cryoto isakmp 127 on the asa 5510, in order to troubleshhot remote access vpn users,to which entry r u looking in the debug to see if the user enter wrong password?

View 1 Replies View Related

Cisco Firewall :: ASA 5510 With 8.0.2 - Exchange 2007 Outlook Anywhere / OWA Users

Aug 15, 2011

We have a ASA 5510 which was running 8.0.2, we recently upgraded it to 8.2.5 and since the upgrade remote users for exchange 2007 are not able to download any large email attachments(over or close to 1MB). This is only happening to Outlook anywhere users or OWA users who are connecting to the exchange server using https(443) externally. If the same users connects internally they do not face any issue. When i check the logs on ASA i am gettings lots of RESET-O and RESET-I entries. Looks like the connection between the client and the server gets reset.

View 14 Replies View Related

Cisco Firewall :: ASA 5510 / 5520 - Number Of Users That Can Be Created

Jul 5, 2012

How many user accounts i can create to a Cisco ASA box? Say for example a Cisco ASA 5510 or Cisco ASA 5520?

View 5 Replies View Related

Cisco VPN :: ASA 5510 - AnyConnect Users Unable To Access Remote Subnet

Jun 9, 2013

I have a weird problem which I have already submitted a TAC ticket about. When users authenticate through AnyConnect into our HQ ASA 5510 they grab an address from 172.16.254.x. What we have been noticing intermittently is that when logged into our network through the client they are unable to access their resources at one of our remote offices which is connected over l2l to the HQ ASA. This problem just started randomly a week ago and we have been working with Cisco trying to create a solution.
My quick fix is logging into a device at the remote office which is trying to be accessed and pinging the gateway of the virtual subnet for AnyConnect users. When I ping it goes through after a few dropped icmp packets and then the issue is resolved for about 8 hours or so.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Authenticate Users Of Specific LDAP Group

Apr 19, 2010

I'm actually require authentication for users who are coming from the PublicVLAN (the vlan associated with the wireless hotspot) to authenticate themself to the LDAP server via my firewall ASA 5510

View 12 Replies View Related

Cisco Firewall :: ASA 5510 Users Are Unable To Pass Traffic When Connected Through Vpn

Sep 12, 2011

I am migrating over from and old PIX to an ASA 5510. After configuring the new device everything else is functional (Internet) but users are unable to pass traffic when connected through the vpn, they are able to authenticate and I see their session connected on the ASDM but no data is passed..[code]

View 4 Replies View Related

Cisco VPN :: Users Connected Via IPSec Using ASA 5510 To Enterprise Network

Mar 13, 2011

I have Users Connected via IPSec vpn using asa 5510  to my enterprise network,but i have seen that the user stay connected while he sleeping , now i need to tear down the tunnel if the inactivity is 15 mts,i mean if the user idle for 15 mts with any thing automatically disconnect him after 10 15 mts

View 5 Replies View Related

Cisco Firewall :: ASA 5510 - Guest Network Access To Internal Webserver

Dec 18, 2012

I have the syntax correct and thought process down right on a solution to allowing guest wireless users access to an internal webserver.  (DMZ discussion aside)
We have an ASA5510 with interfaces setup as:
outside - 65.x.x.x address
inside -
guest_inet -
Internally clients resolve our website to and that part works as it should.  Clients outside of our network resolve our website to the correct external address (lets just call it We have a NAT statement static (inside, outside) netmask and an ACL to permit tcp any host eq www
Clients on our guest_int use an external DNS server and hence resolve our website to  However it seems traffic goes out and back in our outside interface and this connection never occurs.
What I'm wondering is the correct NAT statement / ACL to add that would allow our internal clients on the 10.2.1.x network to access our internal website.  Would that be: static (inside,guest_inet) netmask ?  Since there is already an ACL permitting port 80 traffic to we should be taken care of on the ACL side of things, right?

View 3 Replies View Related

Cisco Firewall :: Unable To Access Remote Network After Connecting ASA 5510 And 5505

Sep 24, 2011

I am using two firewalls to connect two different offices. Firewall 5510 is running ASDM 6.3 and 5505 is running ASDM 6.2, Problem is that even after connecting two sites, i am unable to ping remote network from either side. I am mentioned static route as tunneled.

View 1 Replies View Related

Cisco Firewall :: Users Behind ASA5505 Firewall Are Unable To Access Internet

Feb 24, 2011

I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.

When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.

The ASA5505 configuration is shown below.

hostname Firewall

interface Ethernet0/0
description Connected To Internet Router
switchport access vlan 10


View 2 Replies View Related

Cisco Firewall :: ASA 5520 - Users Can't Access Through By Name

Mar 13, 2011

I just configure an ASA 5520, here is the config (the ip address of outside network if going to change from private direccion by reason security).
The problem that I have is the users can access to the web site through the public´s ip address but they do not can access through by name. We review all the config on the server DNS and with the command NSLOOKUP we can see that work fine. The client think that the asa is blocked the connnection.

View 1 Replies View Related

Cisco VPN :: ASA 5510 - AnyConnect Users Cannot Access Remote Office Over Site-to-site

Jul 15, 2012

we have two ASA 5510s one in 8.4(4) and one in 8.2(5) in a site-to-site VPN setup. All internal traffic is working smoothly.Site/Subnet A: - local (8.4(4)) Site/Subnet B: - remote (8.2(5)) VPN Users: - assigned by ASA When you VPN into the network, all traffic hits Site A, and everything on subnet A is accessible.

Site B however, is completely inaccessible for VPN users. All machines on subnet B, the firewall itself, etc... is not reachable by ping or otherwise.There are also some weird NAT rules that I am not happy with that were created after I upgraded Site A ASA to 8.4

Site A internal: 192.160.x.x     External: 55.55.555.201(main)/202(mail)
Site B (over site-to-site) is 192.260.x.x     External: 66.66.666.54(all)

I pretty much just have the basic NAT rules for VPN, Email, Internet and the site-to-site.What do I need to add for the VPN to be able to access the site-to-site network?

Here is my NAT config:

nat (inside,Outside) source static DOMAIN_LOCAL DOMAIN_LOCAL destination static VPN_Network VPN_Network no-proxy-arp route-lookup
nat (inside,Outside) source static DOMAIN_LOCAL DOMAIN_LOCAL destination static DOMAIN_REMOTE DOMAIN_REMOTE no-proxy-arp route-lookup
object network DMZ_Network
nat (DMZ,Outside) dynamic interface
object network DOMAIN_LOCAL


View 3 Replies View Related

Cisco Firewall :: Since Upgrading To 8.4(4)1 From 8.3 VPN Users Cannot Access Resources

Nov 7, 2012

Since we upgraded our ASA from 8.3 to 8.4(4), VPN users cannot access resources. This worked fine until the appliances were upgraded. We get the message:

View 2 Replies View Related

Cisco Firewall :: PIX 515e Allow LAN Users To Access ISP Assigned Public IPs

Dec 16, 2012

Pix 515e 6.3.4..A web server on our DMZ is exposed for external access.There is an "A" record (webserver.yyy) on a public DNS for this public IP.This works fine for external users. url..Now I have been asked to allowed our LAN user to access the same link and I CANNOT CREATE AN INTERNAL DNS RECORD TO TAKE CARE OF THIS, which means when our internal users access that link, the request goes out of OUTSIDE interface with a NAT overloaded address( that is in the same subnet as the URL is trying to resolve. Once it knows the IP address thru DNS resolution tries to comes back in thru the same Interface(OUTSIDE) to hit the web server in the DMZ and is not able to.
1- Where does the request from an internal user to hit url is dropped?
2- what can be done to allow this type of connectivity in the PIX 515e device?

View 7 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 - Screenshot Of All Users That Have Access To Configure Firewall

Jul 26, 2012

I have an auditor wanting a screenshot of all users that have acces to configure our firewall, I am unfamiliar with 5.1. Is there a way of running such a report on a paticular device?

View 1 Replies View Related

Cisco VPN :: VPN Users Unable To Access Internal Network - ASA 8.3.1

Nov 19, 2012

I have a base config of AnyConnect VPN below, however the ASA 8.3.1 code has deprecated some commands and the VPN/NAT/FW rule syntax is quite different. Can som point out what's missing from the pertinent config below that prevents the VPN Pool from accessing the internal LAN?
The Core LAN router is
ASA Version 8.3(1)
interface Ethernet0/0
nameif inside
security-level 100
ip address

View 2 Replies View Related

Cisco Firewall :: 5505 - Users Unable To Access External Email Servers ASA?

Nov 28, 2011

I have a issue that i am at a loss as how to solve it. I have an ASA 5505 as my firewall. I have users from other companies who visit from time to time and are unable to use their outlook email to send messages. They can however receive messages without a problem. I also have a situation where users who use windows live to access gmail are unable to send messages.
I have narrowed it down to the fact that these uses are using  ssl/tls to send the mails. I did some research and found out about the inspect esmtp setting in the ASA.  I have disabled it and i still have to problem. I have also removed all outbound deny statements and still no luck.
Of note is that i can send emails without attachments. They take a long time to go out ( from minutes to hours) but eventually they do. Emails with attachments of even 10k do not go at all.
I was running image 8.2.3 and i downgraded to 8.0.5...still did not work...i upgraded to 8.4.3...still did not work. I am now back at 8.2.3.
My Firewall config is attached. I am at my wits end as to what else to try. The company has not renewed support for the device so i am on my own here!

View 2 Replies View Related

Cisco Routers :: RV016 VPN To Allow Remote Users To Access Network Shares Via Samba

Jul 4, 2012

My company is using an RV016 router as a gateway to our internal network. My end goal is to allow remote users to access network shares via Samba.I've been trying to create a VPN using the router with absolutely no luck. I've tried QuickVPN. I've tried creating a client-to-site group vpn. I've tried creating a client-to-site tunnel vpn. I've tried pptp. Nothing will allow me to establish a VPN connection. Sometimes there is information logged in the router but most of the time there is not.

View 1 Replies View Related

Cisco Firewall :: How To Configure Firewall Access For ASA 5510

Nov 4, 2012

This is my first time to use the Cisco ASA 5500 family. I have a request from a user to create an access rule, to allow all LAN traffic to Destination IP address, with Destination TCP port 5060,5061,5070 and UDP port 50000-52399.

View 9 Replies View Related

Cisco Firewall :: ASA 5510 - Cannot Access To Dmz From Outside

Jun 26, 2012

I have a new ASA 5510 firewall, the objective is to set up a DMZ zone. my problem is I can't access to the web server in the DMZ from outside
DMZ ==========> outside OK 
INSIDE ==========> DMZ OK 
DMZ ============> Inside OK 
OUTSIDE ==========> DMZ  NOK "FAIL"
I put in attachment the running-config file.

View 6 Replies View Related

Cisco Firewall :: ASA 5510 - Cannot Access Asdm

Oct 5, 2012

Recently powered down device (transformer overhaul) and when it booted back up, unable to access with ASDM, SSH...can access directly using HyperTerm, but have only limited commands...will not accept known user/password credentials. When I issue 'show flash' I can see that there are upgrade_startup_errors.log files, but cannot access them.

View 5 Replies View Related

Cisco Firewall :: Access Of Asa 5510 In Standby

Feb 28, 2013

Is there a way to access the asa in a failover pair that is in standby mode from the primary asa? IE I am logged into the primary asa via command line and was hoping to access the other asa from here.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Get Internet Access From DMZ

Nov 14, 2011

I can't seem to get internet access working from the DMZ network through our ASA 5510. PCs on the DMZ can ping the ASA but can't get out to the internet.I will attach a (cleaned) configure.

View 3 Replies View Related

Cisco Firewall :: SSH Access On Outside Interface On ASA 5510?

Oct 5, 2012

I need the ssh access on my ASA outside interface and have added
ssh ipremoved outside access-list acl_outside extended permit tcp host ipremoved any eq 22 but this is the log i get from ASA
Oct 06 2012 16:10:04: %ASA-3-710003: TCP access denied by ACL from ipremoved/39884 to outside:ipremoved/22
Cisco Adaptive Security Appliance Software Version 8.2(5) Device Manager Version 6.4(5)

View 7 Replies View Related

Cisco Firewall :: No Internet Access On ASA 5510?

Oct 29, 2012

I can get access to the internet from the ASA 5510 itself and that is confirmed via pings. However, anything behind the ASA does not have internet access, on any VLAN/sub-interface. I've attached my running-config.

View 2 Replies View Related

Cisco Firewall :: ASA 5510 Need To Allow Public IP (OWA) Access To DMZ

Mar 3, 2013

I have DMZ n/w on which i have nated on public ip
-private ip : (OWA)
-public ip : 61.x.x.x.
when i try to access owa(public ip ) from dmz it is not allowing , From what rules i need to set to get work ASA 5510 8.2

View 13 Replies View Related

Copyrights 2005-15, All rights reserved