Cisco Firewall :: ASA 5512x Restrict Email Delivery To Ip Address Range
Feb 2, 2013
I was wondering how to tighten the security of my email delivery to a range of ip addresses (I know how on my old firewall but the cisco is quite a bit different). Right now anyone sending email to a particular ip address on my firewall can do so. I want to restrict that to two ip address ranges it will accept deliver from. I'm thinking I need two network objects for the two ranges then add to a network object group. Configuring the ACL for delivery using that group if I'm correct about that ?
View 4 Replies
ADVERTISEMENT
May 20, 2012
I need to only allow 5 Mac Addresses on a range of ports on a 2955 switch. If I do the following it only changes the first port in the range:
interface range fastEthernet 0/5 - 10
no spanning-tree portfastswitchport port-securityswitchport port-security maximum 5switchport port-security violation restrictswitchport port-security mac-address 00:1D:24:25:F7:AA
[Code].....
View 2 Replies
View Related
May 3, 2011
I have a XSR-1805 (Version 7.5.0.0) enterasys router here. Got SNMP server to work successfully. The thing is that I couldn't make the router restrict a range of address allowed to use a community. Only 10.1.0.13 is allowed to use SNMP in this case.
View 1 Replies
View Related
Jan 21, 2013
I'm trying to get started on setting up my first Transparent ASA.I understand an ASA in Transparent Mode can now have an ip address with Bridge Groups or some such mechanism. I'm looking for examples of how to set that up and other information below. Is the ip address associated with the device or is it interface specific? Will I be able to SSH with that ip address setup? Can I use ASDM if the Transparent ASA has an ip address? This 5512X has an IPS. Any one who has setup an IPS on this platform knows it has some very particular requirments in order to communicate with the outside world. I need examples of how to do that with a Transparent ASA.How is NAT setup differently (if at all) on a Transparent ASA?Are ACLs done any differently?
View 3 Replies
View Related
Mar 17, 2011
Got an ASA5520 running V8.2(3) and we want to upgrade our internet bandwidth. Our ISP says OK but we need to install different physical circuit, upgrade CPE router, etc.
Then they say, btw your globally allocated IPs will change - this is a problem as we have Site-to-Site VPN Tunnels, IPSEC RA, etc.
ISP are proposing to give us a 3 month period whereby old & new IP blocks will be routed to our ASA (by means of secondary IP address on their Cisco CPE).
Multiple IPs on the same physical i/f on the ASA require sub-interfaces/IP Addresses/VLAN ids on my "outside" i/f.
Is this going to horiibly break Site-to-Site VPN Tunnesl, IPSEC remote access ?
Will VLANs work at all with IPSEC on the "oustide" i/f at all ?
View 2 Replies
View Related
Aug 8, 2012
I have a question about NAT behavior on FWSM 4.0. The problem is email server (Company A) cannot connect to email gateway (Company B) on the outside network and it randomly happen. I got this error from server guy "Detail: xlate has blocked the connection between A’s mail gateway and B’s mail gateway". It work fine again after clear xlate on firewall. [code]
1. How FWSM create xlate table like that? I mean it look like NAT0 for 158.137.21.26 but it doesn't has any nat rule for 158.137.21.26 on firewall.
2. What does it mean "connections 24" at the first of line? In the normal time, I only see the connections is 0 like the second line of xlate
3. After clear xlate global 158.137.21.26, the first line of xlate table is gone then email server can connect each other. Does is a bug on FWSM? or This is a normal NAT behavior of FWSM.
View 1 Replies
View Related
Mar 12, 2013
We are in the middle of upgrading from two PIX's to some new ASA5512X's. To give you some background on the situation we are upgrading these since the PIXs are fairly old. We had one extra that we had to use since one PIX has failed already. The guy that implemented the PIXs orginally was learning how to do so as he went so there is alot of needless config in the PIX, atleast from what I can tell. Another guy that works with me has done some configuration on the new ASAs and has done the majority of it so far. Today we went to install the new ASAs and switch everything over hoping it would work, but that didn't happen. It seems that there is something wrong with our NAT and ACLs somewhere along the lines. The way our network is laid out is that we have two school campus with a site-to-site VPN one is 172.17.0.0/16 and the other is 172.18.0.0/16. We also have a remote-access VPN on both ASA's. When we connected the new ASAs up and brought up the interfaces, nothing on the inside could ping the internet nor the other side. The VPN showed active on the ASA's and each ASA could ping the others outside interface, but that was it. I have posted the configs below.
ASA1:
: Saved
: Written by enable_15 at 04:26:18.240 CDT Tue Mar 12 2013
!
ASA Version 8.6(1)2
[Code].....
View 5 Replies
View Related
Apr 13, 2011
ISP assigned us the following:xxx.yyy.zzz.32/30 as the outside interface network.This means .33 is the next hop, gateway, or default route.This means .34 is the outside interface on the ASA.xxx.yyy.zzz.64/26 as the ip address pool.This means xxx.yyy.zzz.65 to xxx.yyy.zzz.127 is the address pool.xxx.yyy.zzz is identical in all cases.Addresses .35 through .63 are owned by other parties and are not usable to us.The 33-34 setup works using static routing - IPSEC VPN is setup and functioning properly using these addresses.
[ie. Route outside 0.0.0.0 0.0.0.0 xxx.yyy.zzz.33]
After NAT and ACL entries are created to provide altnernate external IP address on the outside interface [ie. static (inside,outside) [external ip] [name] netmask 255.255.255.255 and access-list [name2] extended permit tcp any host [alternate outside ip] eq https], attempting to browse to an internally hosted website from an external IP address results in the following messages in the ASDM log.
6 Apr 14 2011 17:58:51 110003 [redacted external IP Address] 37763 [Internal Website Name] 80 Routing failed to locate next hop for TCP from Outside:[redacted external IP Address]/37763 to Inside:[Internal Website Name]/80
How do I setup routing for this non contiguous address range?
View 4 Replies
View Related
Jul 8, 2012
I am updating my 8.2(3) code for my new ASA5512 that is running 8.6(1) and am unable to get on the internet with my current configuration from the inside interface.
Information:
Outside: ***.***.33.11
Gateway: ***.***.32.9
Inside: 192.168.215.0 /24
dhcp 215.100 - 150
[Code] .....
View 6 Replies
View Related
Dec 19, 2012
I need to know if the 5512X IPS will work if the ASA is in transparent mode and/or any limitations.
View 5 Replies
View Related
Aug 5, 2012
Trying to setup a new ASA 5512 and like a ******* I've somehow locked myself out.
how to do a hardware reset?
View 5 Replies
View Related
Jan 6, 2013
i found this part number for asa5512x product "ASA5512-SSD120-K9" it's a New Product Hold and under group "Cisco ASA CX Context-Aware Security" Who have know more information about this? Cisco ASA CX Context-Aware Security ASA5512-SSD120-K9 ASA 5512-X with SW, 6GE Data, 1GE Mgmt, AC,3DES/AES,SSD 120G
View 3 Replies
View Related
Dec 20, 2012
Recently upgraded to an Asa 5512x from a pix 515e. I have an Ipswitch secure MoveIT server on the dmz1 interface that needs to be accessed from both the inside and outside interfaces. I have setup a static nat from the outside to the dmz1 and it works, I can also connect from the inside interface. Now I need the MoveIT server to access the DNS server and email server on the inside interface so it can send notifications. On the pix I just created a static from the inside to the dmz1 using its own IP address - static (inside,dmz1) 192.168.1.7 192.168.1.7 net mask 255.255.255.255. I would then add the access-list to allow. How would I set this up with the Asa 8.6 commands?
View 5 Replies
View Related
Apr 28, 2013
I have ASA 5512X and I'm trying to run CX features on it. but the problem is I don't have SSD drive in the chassis. how can I get one? is any kind of SSD drive compatible with cisco ASA-CX firewalls or i should order it from cisco only? what is the part number for that model?
View 3 Replies
View Related
Apr 30, 2012
url...For the New Firewalls i.e. 5512X , 5515X etc there seems to be integrated IPS and we don't need to order any extra license or part number to get the IPS features .
But for the 5585X It says 2Gbps for SSP10 engine but I have seen in the Dynamic Configuration Tool that SSP10 and IPS-SSP10 are different things . Which means that I will have to order 2 service engines SSP10 and IPS SSP10 to get the IPS features and if I only order SSP10 with that Chasis I will only get firewalling ?
View 3 Replies
View Related
Oct 12, 2011
We will be opening a shop with a number of computers available to the public connected to the Web via one ISP with fixed IP using a RV220W router.
We wish to restrict web access to our company's web site only, say 'OurCompany.com'; how can we code this in the router?
View 4 Replies
View Related
Dec 12, 2012
I bought a sf300 48 and made 4 vlans.
How can I restrict the mac address of device can be connect each vlan ? I just want allow the macs for vlan, dont need join the pc to a vlan.
View 8 Replies
View Related
Apr 7, 2013
Does the ASA treat an object-group with a network-object containing a range of IP addresses as a netmask? For example, I can apply this configuration without the ASA throwing any errors though the configuration calls for a 'net mask':
object-group network test
network-object 192.168.0.0 192.168.63.255
?
network-object-group mode commands/options:
A.B.C.D Enter an IPv4 network mask
sh run ob id test
object-group network test
network-object 192.168.0.0 192.168.63.255
I found that in the documentation it requires a netmask as oppose to a range. Is this a bug in the code? I am running code version 8.0(5)23 on a 5520. If this is not a bug how does the ASA treat this type of configuration when applied to an access list? When I ran a quick packet trace and denied access from that range it looks like the ASA doesn't read that configuration properly.
View 5 Replies
View Related
May 20, 2011
Why does DSL CKT gets bounced with delivery of large packet?
View 11 Replies
View Related
Aug 9, 2011
I think I've done a wrong move and cancel my company e-mail address.I'm not familiar with this , but is it pssible to restore.??..and if so be as clear as possible for each step to do cause I'm not a computer wiz in that stuff.
View 1 Replies
View Related
Sep 21, 2011
How I can transfer an email address from my computer to my laptop?
View 1 Replies
View Related
Oct 2, 2011
how do i change my out look express email address as it is being used by a hijacker.
View 3 Replies
View Related
Aug 24, 2012
I have 3 Twitter accounts that all work fine on my iphone and my sony experia phone but I can not get into twitter on my home cpu because I cant find the email address that I used to start the account i tell them i lost it so they email it to my email address on file that they wont share. So I need to find out every single email account i have set up in the last 2 years.How do i do that? I tried the option to security to optioms again and nothing for twitter. I need those account on my desk so i can send photos off my hard drive.
View 1 Replies
View Related
May 15, 2013
we ordered a data e-delivery PAK L-SL-29-DATA-K9= (FOR A 2900 SERIES ROUTER) but after we received the PAK we discovered that the client actually has a 1900 router. Any easiest way of rectifying this mistake so that we can use the PAK on a 1900 series router?
View 1 Replies
View Related
Jul 25, 2010
I've got a client with a WLC 4400 series and WCS that wants to setup a public guest wireless access network. They want to have the users put in their email address to authenticate and they want to capture the email addresses to use for marketing campaigns. I know you can setup the login page to have them put in their email address, but i can't remember if you have to use an external web server to actually capture and record the email addresses.
View 7 Replies
View Related
Mar 4, 2013
I have a WLC 2500 which I would like to configure with guest access. I want to set up a web passthrough with email input. Is it possible to collect the email address information? Is it stored somewhere in the controller or do I need some external server?
View 1 Replies
View Related
May 27, 2011
From the WAP4410N admin pages or console you can enable e-mail alerts. You have to set the essential TO address and mail server address. Where can I put the FROM address ? From what I can see it uses the hostname value as from address. The hostname in my case is ap02. Then you could try setting a mail address in the hostname field, but thats not allowed.
[Code]....
View 3 Replies
View Related
Dec 10, 2012
can i retrieve my old email address my oll one ass gone it is xxxxxxxxxxxxx edited by moderator: removed email address
View 2 Replies
View Related
Aug 23, 2012
I cannot sponsor a guest account using his/her email address. When I try to create a guest account, its show as file attached.
For example,
email.m@email-me.co.xx ->>>>>> cannot create
email.me@email-me.co.xx ->>>>>> can create
ISE version 1.1.1.268
Patch version 1
View 4 Replies
View Related
Oct 24, 2012
I am running v6.3.1172.4 of InterScan for Cisco CSC SSM. The previous administrator has left and I need to change the email address that email notifications go to. I click "Administration", then I click "Notification Settings" and type over the previous admin's email address.
When I click the "Save" button, I get:
The email address entered was not recognized. Verify the syntax and try again.
View 2 Replies
View Related
Dec 11, 2012
i am trying to validate an email address through telnet connection, i followed these steps How to Verify an Email Address and Find if it is Real or Fake? sadly when i try the "telnet gmail-smtp-in.l.google.com 25"
View 1 Replies
View Related
Nov 8, 2012
I have a list of email addresses, people who have subscribed to a free electronic newsletter. The email address is all the information we have about each subscriber.A satellite office is going to begin handling print and electronic subscriptions for subscribers in Peru. Is there any way to determine which of these email addresses are from Peru?
View 5 Replies
View Related
May 29, 2011
Router does not accept any email address that start with a number. For example, if you want to set email address 1abcd@efg.com in the from field you will receive the following error: The given FROM address (1abcd@efg.com) is invalid. Same error if you use it in the to field.HW ver. A4 running firmware 1.35NA.
View 5 Replies
View Related
