I am updating my 8.2(3) code for my new ASA5512 that is running 8.6(1) and am unable to get on the internet with my current configuration from the inside interface.
Information:
Outside: ***.***.33.11
Gateway: ***.***.32.9
Inside: 192.168.215.0 /24
dhcp 215.100 - 150
[Code] .....
We are in the middle of upgrading from two PIX's to some new ASA5512X's. To give you some background on the situation we are upgrading these since the PIXs are fairly old. We had one extra that we had to use since one PIX has failed already. The guy that implemented the PIXs orginally was learning how to do so as he went so there is alot of needless config in the PIX, atleast from what I can tell. Another guy that works with me has done some configuration on the new ASAs and has done the majority of it so far. Today we went to install the new ASAs and switch everything over hoping it would work, but that didn't happen. It seems that there is something wrong with our NAT and ACLs somewhere along the lines. The way our network is laid out is that we have two school campus with a site-to-site VPN one is 172.17.0.0/16 and the other is 172.18.0.0/16. We also have a remote-access VPN on both ASA's. When we connected the new ASAs up and brought up the interfaces, nothing on the inside could ping the internet nor the other side. The VPN showed active on the ASA's and each ASA could ping the others outside interface, but that was it. I have posted the configs below.
ASA1:
: Saved
: Written by enable_15 at 04:26:18.240 CDT Tue Mar 12 2013
!
ASA Version 8.6(1)2
[Code].....
I need to know if the 5512X IPS will work if the ASA is in transparent mode and/or any limitations.
View 5 Replies View RelatedTrying to setup a new ASA 5512 and like a ******* I've somehow locked myself out.
how to do a hardware reset?
i found this part number for asa5512x product "ASA5512-SSD120-K9" it's a New Product Hold and under group "Cisco ASA CX Context-Aware Security" Who have know more information about this? Cisco ASA CX Context-Aware Security ASA5512-SSD120-K9 ASA 5512-X with SW, 6GE Data, 1GE Mgmt, AC,3DES/AES,SSD 120G
View 3 Replies View RelatedRecently upgraded to an Asa 5512x from a pix 515e. I have an Ipswitch secure MoveIT server on the dmz1 interface that needs to be accessed from both the inside and outside interfaces. I have setup a static nat from the outside to the dmz1 and it works, I can also connect from the inside interface. Now I need the MoveIT server to access the DNS server and email server on the inside interface so it can send notifications. On the pix I just created a static from the inside to the dmz1 using its own IP address - static (inside,dmz1) 192.168.1.7 192.168.1.7 net mask 255.255.255.255. I would then add the access-list to allow. How would I set this up with the Asa 8.6 commands?
View 5 Replies View RelatedI'm trying to get started on setting up my first Transparent ASA.I understand an ASA in Transparent Mode can now have an ip address with Bridge Groups or some such mechanism. I'm looking for examples of how to set that up and other information below. Is the ip address associated with the device or is it interface specific? Will I be able to SSH with that ip address setup? Can I use ASDM if the Transparent ASA has an ip address? This 5512X has an IPS. Any one who has setup an IPS on this platform knows it has some very particular requirments in order to communicate with the outside world. I need examples of how to do that with a Transparent ASA.How is NAT setup differently (if at all) on a Transparent ASA?Are ACLs done any differently?
View 3 Replies View RelatedI have ASA 5512X and I'm trying to run CX features on it. but the problem is I don't have SSD drive in the chassis. how can I get one? is any kind of SSD drive compatible with cisco ASA-CX firewalls or i should order it from cisco only? what is the part number for that model?
View 3 Replies View RelatedI was wondering how to tighten the security of my email delivery to a range of ip addresses (I know how on my old firewall but the cisco is quite a bit different). Right now anyone sending email to a particular ip address on my firewall can do so. I want to restrict that to two ip address ranges it will accept deliver from. I'm thinking I need two network objects for the two ranges then add to a network object group. Configuring the ACL for delivery using that group if I'm correct about that ?
View 4 Replies View Relatedurl...For the New Firewalls i.e. 5512X , 5515X etc there seems to be integrated IPS and we don't need to order any extra license or part number to get the IPS features .
But for the 5585X It says 2Gbps for SSP10 engine but I have seen in the Dynamic Configuration Tool that SSP10 and IPS-SSP10 are different things . Which means that I will have to order 2 service engines SSP10 and IPS SSP10 to get the IPS features and if I only order SSP10 with that Chasis I will only get firewalling ?
I have basically started fresh, from a clean image. We bought these with the expectation that we would be able to configure them using the GUI for what we need, which up till this point doesn’t seem to be the case.I will tell you how I have this setup, I have our ADSL going to a modem acting as a bridge with a static IP supplied by the ISP. If i connect a laptop to that modem and set the static ip on the laptop, I get internet access fine.So I then connect the modem to ethernet0/0 and the laptop to ethernet 0/1 I connect to the ASDM and run the startup wizard with the following:
· Outside ip : 87.87.87.87 255.255.252.0 (this works on the lappy straight to the modem)
· Inside ip : 192.168.10.1 255.255.255.0
· No dmz
[code]......
I recently bought an ASA on eBay the plan was to try and learn how to configure them and get more familar with Cisco's ASA hardware etc.
I want it to do the routing for my home network. The way things are setup at the moment is pretty standard. I have an ADSL modem which is also a router which was provided by my ISP (Orange).
The first thing I did was change the router to be in "modem only" mode which seems to have worked. I then got the ASA to use PPPOE by following this guide [URL] I assume that worked as it is authenticating with the ISP and I'm getting a puplic IP address assigned to the outside interface. The default gateway is being set by the "ip address pppoe set route" command which I have verified with the "show route" command. The problem I'm having is that even though I'm getting a public IP I can't ping any thing from the ASA I've pinged 8.8.8.8 and 4.4.4.2 using the outside interface as the source but I'm not getting any responce. I have tried changing the MTU a few times to different amounts on the outside interface with no luck.
I have a Cisco ASA 5510 with 3 inside interfaces each connected to a 3750X switch port in a vlan. Outside interface is connected to external router with 209.155.x.x public IP. Static route exists for outbound traffic on outside interface.
3750X is configured for inter-vlan routing. VLANs 10, 20, and 30 have 172.16.x.1 IP address with static routes pointing to the each of the ASA inside interfaces - 172.16.x.254. Connected hosts are configured with gateways pointing to the appropriate vlan interface IP - 172.16.x.1.
Inter-vlan routing appears to be working - I can ping back and forth between hosts on different vlans, and I can ping each vlan IP.I can also ping each ASA inside interface from a host in the appropriate vlan, but I cannot ping internet sites (4.2.2.2 or 8.8.8.8) from hosts on the inside interfaces.
I can ping 4.2.2.2 from the ASA CLI. I can ping internal hosts on vlans 10,20,30 from the ASA CLI. But, no luck with pinging from inside host to internet hosts
I have a problem with an internet connection with a customer.They have a Zyxel 660 in bridge mode and the public ip is delivered to the eth0/0 outside interface of a 5505 ASA.They lose internet connectivity a couple of times per hour. What solves the problem immediately is disconnecting the ethernet cable from the eth0/0 and then directly plugging it back. Then it runs for 20-30 minutes or so.The isp doesnt't notice any errors on the dsl connection, only that they cannot ping the outside interface from time to time (duhhh)However, yesterday, when problem appeared for first time , I noticed that this Zyxel was very hot since it was placed on top of the ASA. Now it is set apart.In the meantime I already replaced all cables, but I think it's the Zyxel so I urged that the ISP send a new Zyxel.Though it sounds strange. [code]
View 4 Replies View RelatedI am looking into a DR plan where should a primary site go down users with the Cisco anyconnect client will be able to VPN to a second site. The ASA I am configuring is a 5512x for the 2nd site. The main site has a pair of 5510's in a HA pair. Is it possible to setup a secondary Remote Access VPN connection for users to connect to? If I was to configure Anyconnect RA VPN on the ASA on the 2nd I would need to purchase an SSL cert in order to configure this?
View 9 Replies View RelatedI am purchasing 2 5512x ASAs to be configured as an Active/Passive pair as a VPN device. Do I need to purchase anyconnect licenses for both devices?
View 2 Replies View RelatedMy laptop is not connecting to the internet, I know that it is not a router problem as my mine PC and Notebook are connecting with no issues.I have removed all router devices as had an new once once it was last working.I tried this morning to set it up again without success. I have compared to setting with my pc and have found the difference is with the IPV6 connectivity.
View 6 Replies View RelatedWe would like to enable our HelpDesk and Network team the ability to connect to Laptops using our ASA 5510 VPN device using Secure VNC application. Not sure if this is possible or how to enable this option.
View 5 Replies View RelatedI'm not sure how to connect my firewall for Active/Active.
I'm sure the 5510 has layer 3 ports.
Can i configure more than one port to sit on the same VLAN?
Or configure more than one port to Trunk the same VLANs.
I had a previous issue in which I couldn't make a connection to an ASA 5505 behind an edge firewall found here: url...My continuing issue is that I can indeed connect to the ASA 5505 remotely but I cannot access anything internally. I believe it is a NAT issue but as of yet, nothing has worked.
View 1 Replies View RelatedI have been tasked to connect a 2800 router to our ASA 5510 firewall. The router will be used as a VPN router. It will terminate two different VPN connections to two different networks. I can setup the 2800 VPN config but what would I need to do to setup the firewall. I am using an extra Ethernet port(it has 4) to directly connect the router. The FW has our outside internet connection, the DMZ, and our inside LAN connection. I do not have a lot of experience with Firewalls and I do not want to create a security breach while trying to set this up!!
View 5 Replies View RelatedI have a dynamic VPN site to site between a Firewall ASA 5510 with ASA version 8.2(1) (firewall ASA have a Static IP 201.111.14.114) and a C870 ISR (the ISR have a dynamic IP). The tunnel and the conectivity in both sides is successfull, however each time that occurs a interface restart because the Internet link is unstable in ISR side the VPN tunnel does not going to UP STATE again
These are the ISR logs listed when VPN going to DOWN
*Mar 10 13:58:45.157: %LINK-3-UPDOWN: Interface ATM0, changed state to down
*Mar 10 13:58:46.157: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to down
[Code]......
I am currently configuring an ISR 892 without wifi. I got the start-up config working and am now stuck with zone-based firewalling. I configured four zones: private, dmz and internet-static and internet-dial. The private zone is configured for Vlan1 witch covers one ethernet switch port connected to the LAN. The dmz zone is currently not configured. The internet-static zone is configured for GigabitEthernet0 which connects us to our ISP providing a static IP. Internet-dial is configured for FastEthernet8 and connects to another ISP using a dial-up ADSL line, which is currently not connected. So, in short: I try to connect the private zone to internet-static and get traffic flowing, but can't get this working. The private zone can talk to the router and the router can talk to the internet. I suppose I forgot some basic configuration for the router itself because the zone configuration was done with this config guide: [URL]
This is my current running config:
Current configuration : 6076 bytes
!! Last configuration change at 08:26:03 UTC Thu Feb 3 2011 by admin!version 15.1service timestamps debug datetime msecservice timestamps log datetime
[Code].....
Physical devices are a Cisco 2901 (CISCO2901/K9) with GE0/0 configured as 192.168.1.1
Connected through a D-Link DGS-1210-24 configured as 192.168.1.202
Running on a domain with an HP domain server as 192.168.1.2
The 2901 was an EHWIC (VA-DSL-A oPoTS) on EHWIC 0/0/0
GE 0/0 on the 2901 is physically connected to the DGS-1210 which is physically connected to the server.
VDSL 0/0/0 is physically connected to the DSL jack.
So far the configuration reports all is connected, and I can ping the gateway of our ISP (using CLI or Cisco CP); however the server reports no internet connection and no workstations can access the 'net.
Once connected; I'd also like to allow ports through for use on the network (25, 80, 110, 443, 987, 1723) - but not sure on how to do that just yet!
Our IP is 202.27.19x.19x
Our Gateway is 202.27.217.5
[Code] ......
RACK 1 is the old rack and NEW RACK is the rack which is going to be procurred for some new Servers. All the Servers in the RACK 1 has a default gateway as PIX Inside IP. As of now the 3560 Switches acts as Layer 2 and does not have L3 IP routing enabled. How can I enable conenctivity between 192.168.36.0 range and 192.168.57.0 range wihtout making any change to current PIX inside IP address 192.168.57.1?Is it possible that I can enable IP routing on the 3560 Switches , create interface VLAN 36 and since already Switch 2 has it 's default gateway as 192.168.57.1 , Would the traffic from 192.168.36.0 be routed to 192.168.57.1 ? Or do I need to create static route for that ?Since L3 Routing is not enabled and since the 3560 Switches are just acting as L2 , the VLAN 2 - 192.168.57.0 range does not have any interface VLAN configured. When it is changed I would need to create interface VLAN 2 on 3560 Switches?
View 18 Replies View RelatedI've searched the forums and found similar problems that relate to mine but after trying done of their solutions with no success I decided to make a new thread. This problem started 2 days ago with the same network I've been using for about 2 months.I'm running vista sp 1. I use google chrome and when I try to open a page it says unable to connect to proxy server. I changed the lan setting s (unchecked the box for using a proxy server for my lan) and now the page says the dns lookup failed.
View 1 Replies View RelatedWe have netgear router and 3 laptops which were all working on the internet fine but one laptop has had a full recovery done on it and now won't connect it just says there is limited connectivity, what it could be as the net is still working through Ethernet and the other laptops through wireless. Its windows vista.
View 5 Replies View RelatedI currently have a 20MB down and 2MB internet. I have a Cisco Linksys E4200 with Firmware Version 1.0.05. We have a two bedroom apartment, one of the bedrooms is our office which is by the front door. We have the wireless router and our modem in the office. We have an apple TV in our living room that is connected to the wireless internet. Every time we get random times where the video output is very pixely and seems we are streaming shows/movies on a 56k modem.
View 1 Replies View RelatedI'm currently living in a shared house right now, and for our internet, the landlord has us on Virgin Media's basic package, which in theory should be netting us around 10mb (according to the lady that I spoke to on the phone from there anyway). It comes into the house via a cable, then goes into a modem, and then that modem is connected to a wireless router which pumps it out into the house for everyone (at least it tries to anyway - read on!). That's what I can make out from what I can see at least.
Now, when I connect my laptop to said router via a cable, the internet works fine, and doing speed tests, I get relatively consistent results around the 10mb mark that they should be. However, when I try to use the wireless with my laptop, even sat right next to the router, most of the time, the internet doesn't seem to work at all. Webpages just load indefinitely, or I get an error message saying that the connection was reset whilst the page was loading.
On rare ocassions where the wireless does work, and I run a speed test, then I'm lucky to see results close to 1mb, and in my wireless properties, the speed usually says something like 18mbps.
ISP : ShawPC >> SMC Modem/Router >> Netgear Router >> PS3 and Denon Stereo Receiver ( Both hardwired to Netgear Router), 2 Laptops and 2 Phones connected wireless- The reason I do not use the SMC as a router is because I was getting terrible wireless signal- When everything is working properly I am getting great speedsroblem : I keep losing internet connectivity. On the wireless devices I still have have great signal strength but no connectivity. I need to run netgear genie oripconfig/release/renew to get it back. It always comes back but this is annoying.It also does this on the PS3 and Denon which are hardwired to the router..as with the other ones if I reset the router or do a connection test on the PS3 it will fix it. Finds IP but no internet connectivity.My PC has also started to lose connectivity and I need to do a ip release/renew and it comes back fine.The fact that this is happeneing on my PC would lead me to believe that it may be an issue with the Modem/router. Are there some settings I need to change on it since I am only using it for modem purposes? I have disabled the wireless on it but I don't think that would be the issue anyways
View 14 Replies View RelatedJust recently my internet got slow, and when it got slow nothing worked. I can connect to the internet and get on skype and some websites but when i try downloading something it says No internet Connectivity Detected.
View 2 Replies View RelatedNo connectivity for any application other than Internet Explorer.Can not update any applications. Can not sign in to any apps, such as Paltalk, AIM, etc.Internet Explorer runs fine.
Computer Specs:
-Compaq Evo N800c
-Windows XP SP3
-Pentium 4 - M 2.0ghz 1.99ghz
-512MB RAM
Computer was bought refurbished and I believe XP had been re-installed and I am not sure if all the factory divers were properly re-installed...
I want internet for the clients behind the ASA. When i made an entry like:
object network as-us-db11_internet
nat (inside,outside) dynamic nat_usa_pool_72
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
then have the computer internet but the Client vpn connection wont work. i can not connect to the computer over vpn. but vpn connection worked.
