We have an ASA5510 that we need to open port 25 to allow mail traffic to our internal Exchange server.We have 2 interfaces defined... one named Internal on eth0/3 ip 10.1.x.x and one named Internet on eth 0/0 ip 96.56.x.x.We followed the instructions in ASDM for allowing access to a public server but confusion over definitions have stopped us.ASDM asks for the internal interface and the internal server IP... no problem there because the internal interface and server have two different IP addresses. The Internal interface is eth 0/3 (10.1.1.1) and the server is 10.1.1.2.
However, when we get to the External interface (eth 0/1) there is only a single IP address 96.56.x.x but the ASDM asks for an Interface IP and the IP people would use to get to the mail server from the outside. Inasmuch as we have only 1 external IP address (which connects to our upstream Cisco router which in turn connects to the ISP modem) we used the same IP for both but the ASDM returns an error indicating they must be different.
Apparently we do not have a clear understanding of what the ASDM is actually asking for. When the ASDM asks for the external interface we assumed it was asking for the named value we gave the interface (which is Internet). The named value "Internet" has an ip associated with it 96.56.x.x. But when the ASDM asks for the ip people on the outside would use to get to the mail server (we created a named value called "mail server" and gave it the same ip address as the external named value. This duplication of ip address causes the ASDM to return the error stating that external Interface to be used and the external ip to be used cannot be the same.Have we made an error when we assumed that when the ASDM asked for the external interface it meant the ip of the external interface or was it asking for the eth number (as in eth 0/0) for the interface?
I would just like to to open UDP port 123 in the ASA 5510 Firewall so that our Primary Domain Controller could use this port to sync time with an external time source. We have already added an access rule for this port under the firewall configuration in ASDM 6.4 and this port was also allowed in the inbound and outbound rule of the PDC's Firewall but it seems that it was still blocked.
We have setup new ip camera system and as per our vendor to access the camera from outside we need to open,TCP ports and in firewall and forward to our camera server.
Let say our public ip address is 207.114.111.22 and our local ip address for the camera is 11.11.1.30. We have cisco asa 5510.
I just finished implementing a VOIP install and I am trying to setup some softphones and in order to allow the softphones to work I need to open some specific ports for outbound. I am not a Cisco guy, I am a Windows Administrator that also has to maintain my Cisco infrastructure.
We are running a Cisco ASA 5510 in our district. We have been using it for about a year and a half after an upgrade from our PIX. I have been using the CLI to manage it but I wanted to start using the ASDM. I installed the ASDM Launcher last Friday but could not access it. I have enable the http server on the ASA, assigned an IP to the interface, and granted my machine's IP inside access. On Friday I was unable to launch the ASDM. I then downgraded Java. I came in this morning and was able to connect through the launcher. However I could not make any changes as it would give me an error message and often popped up with "lost connection" type messages. I then closed the ASDM but could not reconnect after that. When I try to connect through the launcher I receive the message "Unable to launch ASDM from 172.16.5.1: Connection reset". When I try https://172.16.5.1/admin/ from a browser I simply receive "page cannot be displayed". I'm not sure why I can't connect.
I got a situation here for Nat-ed IPs i configured. I expected to open some ports on the interface to allow certain traffics to pass through, yet there are some of them are failed. Down is my current config.
object-group service DM_INLINE_SERVICE_1 service-object icmp service-object tcp destination eq https
[Code]....
The only ports opened are 443, www, 3389 while ports domain, 5061,3478,3389. how to open domain, 5061, 3478, and 3389 ports on my ASA .
i just ran a NMAP scan on the outside interface of a ASA 5520. It seems that the TCP Ports 7070 and 554 are open on all NAT interfaces and the outside interface of the firewall. I tried telnet on port 554 and 7070 and got connected.
This is problably a stupid question but how do I open a prot on a cisco 1811? I have a cisco 1811 and a computer that has VNC installed on it. I want to be able to access that computer from out side the network using the external ip address and port 5950. People outside the network will be able to open vnc viewer and type in *external ip address*:5950 and it will be directed to the computer with a static internal ip address of 10.11.101.10. What commands do I use to do this?
I have a static IP address over 100Mbit fiber. I've installed a Mac Mini as a webserver and opened the ports 80, 443 and 5900 and a few others for minor services. Everything works fine: the http server (and https as well) is up and pepole can reach it from wan.Yesterday I tried to setup the FTP service with less success. Into the ACCESS RULES I enabled the FTP service and, as a result the port 21 opened up.
But if I connect via Cyberduck to the server I can navigate through the folders but I can't download anything. So I tryed to open up the port 20 for data transfer with no result. Same issue when I tryed to setup the AFP service to mount remotely server volumes: port 548 opened up but no success with port 549.
I travel a lot and use wifi in a lot of different places (hotels, airports, etc.)My apps don't always work and I suspect that in some instances the broadband provider is blocking some of the ports I need.I don't need a port scanner like NMAP since that scans a target IP for listening ports.What I need is a way to figure out whether some firewall between my PC and the Internet is blocking specific UDP or TCP port ranges.
I need to open ports 5000 and 5001 on my Cisco PIX 501 to enable some users to be able to connect to our CCTV from outside, how should I open these 2 ports?
I am trying to open port 52199 on my ASA 5505 I have gone to firewall, access rules and then add tcpip.Not sure if that is the correct place but cannot get it to work?
I configured ASA to open port 21, 3389, 5900 (outside access in) but when i check port just success : 21 and 3389, Error: 5900 If i configured with only one port 5900 or 3389, is't ok, i don't understand what 's the problem?
ASA5510> ASA5510> ena Password: *********************** ASA5510# show run : Saved
I have done any and everything just to even open a specific port on my pc and try PortForward's port checker and web based checkers, and I can't get the port or any port to show as open.I am trying to make an IP webcam on my network viewable from the internet.My setup is like this"gigaset 204a" / DSL modem (Ethernet cable goes into internet port on LINKSYS WRTGS wireless router) [code] Disabled I went to LINKSYS port forwarding, the address I am forwarding to is the ip webcam server. I know if the IP changes it won't work, but before thinking of setting up a static ip for the webcam on my network, I need to get it to actually work.Nothing I do will open any ports on my pc. I've tried enabling DMZ. I've even set rules for windows firewall to allow incoming/outgoing connections on the port I want, i've disabled windows firewall. am running on windows 7 ultimate. The problem for my really is as far as I can tell, I can't even open a port to allow connections to my computer from the outside. Of course all my internet games etc work fine and have never had a problem, but I can't seem to manually open a port I want.
I've got an unconnected ASA 5510 running IOS 6.1 that I need to upgrade to 8.X (I believe 8.4 is available). The unit is a blank/default configuration and is not on any network so it can't be easily accessed via Ethernet. Is there a method that I can use its onboard USB port (0 or 1) to plugin a USB memory stick with the 8.X...bin file and process the upgrade that way?
i have a asa with a outside IP address of 140.32.121.5. behind this firewall i have a cisco MWR 2941 that i would like to connect to via telnet. its inside ip address is 10.10.10.2. my reasoning for this is because i cannot SSH or telnet from a ASA so i need to have the ASA push my telnet request to the router on its inside interface.i have tried some NAT examples but i am very green with NAT. i have also built access lists that look like the follow " access-list 101 permit tcp any 10.10.50.2 eq 23. and then tied the access-group 101 with the outside interface. this also with no success.
I have a Cisco ASA 5510. I have detected an infected workstation on my internal LAN which has caused my IP to be blacklisted by Barracuda Networks and other RBL. I have scanned and cleaned the workstation removing the spambot. I want to prevent all my internal workstations from sending SMTP traffic on Port 25 through my ASA 5510 device. I only need to allow my Exchange Server access to send out traffic on port 25. configure this setup using ASDM 5.0? I know it may be easier using CLI, but using the ASDM would really be preferred.
I have a Cisco ASA 5510 appliance running ASDM 6.3 We have a number of public IP addresses associated with our company. In order to utilise the IP addresses effectively I want to use one puplic IP address for two servers running on different ports.e.g.
Public IP address 78.109.174.100
for both
Server 1 HTTPS and HTTP Server 2 FTP
Both Servers live in the same subnet (DMZ) I believe this maybe port forwarding but could be completely wrong. I've tried creating a NAT rule that goes from Server 2 Network object to Server 1 external but this didn't work.
I'm trying to forward an internal service on a internal server to the external interface on the same port on the outside interface of our ASA.I been searching for a solution for days and found nothing.Here are the relevant parts of my config:
: Saved : ASA Version 8.4(2) ! object service TCP-WebServer-8080 service tcp source eq 8080 object network WebServer_Object_10.1.10.7 host 10.1.10.7
[code]....
So it looks like it's being dropped by an ACL, but it looks right to me.
I have a ASA 5510. I want to access the internal server IP through the ASA via http://60.54.x.x:8080/sms/DnNotify ( via port 8080).How do i configure it? NAT? ACL? configure port?
i´m trying to make a traditional port forward (http to http) on our new asa5510. Previous releases off 5505 and software prior 8.3 was no problem. Could someone tell me how do it in new 8.4 version? I ám a rookie on the new ASA series!
If nothing makes sense in this configuration please give example on how to do it correct. The object on the inside is SRV02 wich is running a webserver on port 80. So i want to open upp for http on outside interface and forward that traffic to srv02 (inside webserver)
I can not access the switch at 10.199.199.2:2301 . What am I doing wrong? Or should cleaning toilets be something I really should look at! Now if i run this NAT statment:
how do i enable port forwarding on the CLI for ASA 5510. outside subnet is 192.168.1.0/27. when i try to ping another IP with that range i can't access.
Successfully creating a port-forward in ASA5510, ASA version 8.3(1) ASDM6.3(1)?I have spend hours now trying, but I'm still unsuccessful.What I want is a simple: "if this particular ip-adress hits the wan interface on this tcp-port redirect to this inside ip-address on this tcp-port.I have never had any trouble on any other firewall creating something like this, but the ASA is killing me.
I have a private network behind a configured Cisco ASA 5510. I need to send data back and forth between a server on the inside network and a device on the outside network on port 44818. No amount of configuration is allowing this to happen. The packet tracer always fails on of the implicity "deny" rules, even though my other rule should explicitly permit it. I also realize I need to set up routing from my outside network to the inside network, but I cannot see from the documentation how to do that on this particular port without simultaneously breaking my outside connection.
The inside IP for the ASA is 192.168.25.1 The outside IP for the ASA 192.168.11.54
Here is my current configuration:
: Saved : Written by enable_15 at 08:49:25.956 UTC Thu Feb 2 2012 ! ASA Version 8.2(5)
I'm trying to setup port mirroring on a Cisco ASA 5510, but when I try to use the switchport monitor command, that command is not recognized.I've selected what interface I want to configure (conf-if), but the switchport command seems to not be part of the IOS.I'm running ASA version 8.2(1)
