Cisco Firewall :: ASA 5520 NAT And DMZ / Inside Network Configuration?

Jan 27, 2013

I am trying to configure a server(192.168.5.50) in DMZ(192.168.5.0/24) to be able to communicate with a domain controller(10.5.44.220) in the inside network(10.5.44.0/24). I made some configuration using ASDM(not familiar with the CLI) but not working and it caused existing NAT not to work, for example RDP(TCP 3389) connection to 38.96.179.220
 
The things I am trying to achieve are
 
1. two way commucation between 192.168.5.50 in DMZ and 10.5.44.220 in Inside for SecureAuthPorts and SecureAuthOutbound service groups

2. NAT for 192.168.5.50 mapping 38.96.179.50 for the service groups mentioned above

3. NAT for other hosts already existing

View 2 Replies


ADVERTISEMENT

Cisco Firewall :: 5520 / Add NAT For Outside X.x.x.77 Going Inside X.x.x.22 Port 80?

Oct 3, 2012

I have an ASA 5520 Cisco Adaptive Security Appliance Software Version 8.4(2)8 Device Manager Version 6.4(5)206. I am trying to add a nat for outside x.x.x.77 port going inside x.x.x.22 port 80 . the wan interface is .74 with subnet of 255.255.255.248 the rule will add but traffic wont pass in.

View 14 Replies View Related

Cisco Firewall :: 5520 Can't Access From DMZ To INSIDE

Mar 13, 2012

I have a cisco asa 5520 ios 8.2. This is my configuration [code] But i can not access from DMZ to INSIDE.

View 3 Replies View Related

Cisco Firewall :: 5520 - Traffic From Inside To Outside

Mar 2, 2011

I am setting up a pair of 5520 in A/S mode but the traffic from inside to outside seems blocked somehow.

asa01# sh run : Saved
ASA Version 8.3(1)
host name asa01
enable password LFJ8dTG1HExu/pWQ encrypted
password 2KFQnbNIdI.2KYOU encrypted
names
[code]......

Base on the above configuration, I still cannot ping or HTTP.

View 10 Replies View Related

Cisco Firewall :: 5520 Can't Get Traffic From Inside To Internet

Nov 27, 2011

I am trying to make a basic config on my 5520. The first goal is to make trafic from inside to outside.The internet address is 64.28.29.200 and the default internet gw is 64.28.20.193What am I missing since I can not get trafic from inside to the internet? [code]

View 10 Replies View Related

Cisco Firewall :: ASA 5520 - PING From Outside Into Inside Host

May 13, 2013

I have ASA 5520. I cannot ping the host(192.168.1.20) which is inside firewall from outside hosts. Inside host (192.168.1.20) is translated into (198.24.210.226) using static NAT.From outside host, I used "PING 198.24.210.226".  Is it because I used dynamic PAT for inside hosts?

interface GigabitEthernet0/0nameif outsidesecurity-level 0ip address 198.24.210.230 255.255.255.248!interface GigabitEthernet0/1nameif insidesecurity-level 100ip address 192.168.1.1 255.255.255.0

[Code].....

View 3 Replies View Related

Cisco Firewall ::5520 - NAT SIP Registration From Outside To Inside Interface On ASA?

Mar 7, 2012

I'm trying to NAT SIP registration from OUTSIDE interface to Inside interface on ASA

View 1 Replies View Related

Cisco Firewall :: DMZ Access To Internet And See Inside On ASA 5520

Sep 23, 2012

I am new in ASA, I have the DMZ (10.1.1.0/24) configured on ASA 5520 and I achieve the reach Internet from DMZ (10.1.1.0/24), but now need reach DMZ from inside (172.16.12.0/24) and inside (172.16.12.0/24) from DMZ  (10.1.1.0/24), in other words round trip.

View 6 Replies View Related

Cisco Firewall :: ASA 5520 - Static Route To Inside Interface

Mar 29, 2011

I have inherited an ASA 5520.  In doing some auditing of the setup, I have noticed a Static Route that has the inside interface of the ASA as the Gateway IP.  I am trying to understand the purpose of this route or why a route would be setup this way.

Example Static Route:
Inside 10.xx.31.0 255.255.255.0 10.xx.xx.10 (10.xx.xx.10 is the inside interface of ASA)

View 2 Replies View Related

Cisco Firewall :: ASA 5520 - Permit Traffic To Inside Via MAC - Address?

Apr 6, 2011

I have a handheld device that will be used for inventory outside of our office. It has 3g capabilities. Is there anyway I can permit traffic from this device from the outside world coming into my network?  I need to open a couple of ports so it can hit the server. But I have no intention to open these ports up to the entire world.  I use an ASA 5520 with a managed router from our provider. I looked around on the Cisco site and the only information I found was for permitting and denying traffic from devices that are within the network.

View 2 Replies View Related

Cisco Firewall :: Configure Secondary IP On Inside Interface Of ASA 5520?

Nov 24, 2012

We already have a subnet defined to inside interface and is in produciton. the default gateway is this interface ip. In that setup now I have to add one more subnet and as the first subnet is been defined in ASA indside interface, I have to assign secondary Ip to the inside interface so that new subnet users can easily reach here and go outside.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 / Deny IP Spoof On Interface Inside

Jun 17, 2012

I'm trying to attach tacacs server (ACS Version 5.2) in server group on ASA 5520 (Version 8.4). When I test connection in ASDM (Version 6.4) between ASA and ACS it fails. The log message on ASA is:
 
%ASA-2-106016: Deny IP spoof from (10.8.27.126) to 10.8.48.10 on interface inside.
 
Packet-tracer from ASA is:
 
InternetASA# packet-tracer input inside tcp 10.8.27.126 4444 10.8.48.10 49
 Phase: 1
Type: CAPTURE
Subtype:
Result: ALLOW
Config:
Additional Information:
MAC Access list

[code]....
 
What access-list or implicit rule may be the reason of denying these packets?

View 2 Replies View Related

Cisco Firewall :: ASA 5520 With 9.0.1 IOS - Capture To Inside Interface Not Supported

Dec 9, 2012

I recently upgraded my 5520 to 9.0.1 IOS.  Today I tried to apply a capture to my inside interface referencing a simple ACL and I get this error.
 
ERROR: Capture doesn't support access-list <capin> containing mixed policies
 
I also created a capture for the outside interface with a similar ACL and it worked just fine.  I can't seem to find anything on the web that gives me a clue to resolving the error above. 

View 7 Replies View Related

Cisco Firewall :: Unable To Ping Inter Interface (inside To Outside) Of ASA 5520

Jul 26, 2011

I am unable to ping inside interface (Rin) to outside interface (Rout) of my Cisco ASA 5520 runing on ASA Version 8.4(1). 
 
ASA Version 8.4(1)
!
hostname FW5520

[Code].....

View 10 Replies View Related

Cisco Firewall :: Asa 5520 / Configure Two Static Nat Statements From Inside To Outside And Backup Interface?

Oct 16, 2011

I have a asa 5520 with an outside and backup interface. I am trying to configure two static nat statements from the inside to the outside and backup interface. Here is what I have configured so far.

object network obj-10.1.1.254
host 10.1.1.254
object network obj-10.1.1.254
nat (inside,outside) static 172.25.10.3
 
I want to also use nat (inside,backup) static 172.25.10.3

View 3 Replies View Related

Cisco Firewall :: 5520 - Inside Server To See Actual Outside Host Source IP In Udp Packet

Mar 3, 2013

I have a 5520 in production at a customer's site between an outside 802.11 network and an inside server.   The server can get to outside hosts OK, and the traffic is being NATed  properly, and sockets initiated by the server on the inside can pass data both ways, but I need to allow outside hosts the ability to send  'announcement' UDP packets to the inside server.  I thought this might be an  outside-NAT-required issue to get the traffic routed, but I need the inside server to see the  actual outside host source IP in the UDP packet, so I basically set the  outside host up similar to the inside host, just without the NAT table on the firewall -- it's subnet is outside the  destination (inside server) subnet, and its gateway is the outside  interface of the ASA, the same way the inside server is able to get to  hosts outside.  The firewall should just route the packet with a destination of the inside subnet once it sees that it hits a 'permit' ACL.
 
I have the appropriate ACL's set up, and when I do 'show access-list' I  see policy hits for the 'permit' statements where the outside host is  generating the announcement and it's hitting the ACL.  I even duplicated  the ACL into list 101 and 102, and applied 101 for inbound traffic on  the outside int, and applied 102 for outbound traffic on the inside int,  and I'm seeing policy hits on both permit statements outside and  inside, so it looks like the traffic is being passed on to the inside  interface and permitted, but the server isn't seeing the packets.
 
I can ping the outside interface from the outside, but cannot ping the  inside interface or any inside hosts from the outside, even though I  have 'permit icmp any any' enabled on the ACL on both ints. When I  remove the firewall and put the outside clients on the same subnet, the server sees the packets just fine.
 
I set up the same scenario in my lab with an ASA 5505, with the same results.  Below is the running config from the 5505 in the lab.  The production firewall is running a slightly older version of ASA, so I made the configuration as basic as possible on the 5505 to match the config in the field:
 
: Saved
:
ASA Version 8.3(1)
!
hostname ciscoasa
enable password Guh9Xxhb9mcC8lV1 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan2
description Outside WAN Interface
nameif outside
security-level 0
ip address 192.168.10.1 255.255.255.0
!
interface Vlan3
description Inside LAN Interface
nameif inside(code)

View 6 Replies View Related

Cisco Firewall :: ASA 5520 - Moving Inside Port To 1gb SFP Port

Jun 11, 2012

We have an ASA 5520 and it's inside interface is currently plugged into a fast ethernet port on a 3750.  I have just bought a 1gig SFP module and have copied the fast ethernet port config to the gigabit port, but the port seems to be flapping
 
The port conf gi is this:
 
interface GigabitEthernet1/0/4
description Link to Inside ASA
switchport access vlan 2
switchport trunk encapsulation dot1q

View 1 Replies View Related

Cisco Firewall :: ASA 5520 Vpn Configuration?

Oct 10, 2012

I must create a point-to-point vpn connection with two firewall cisco asa by using certificates.  Do i have to buy 2 separate certificates or one is enough? 

View 3 Replies View Related

Cisco Firewall :: SSH In ASA 5520 Not Working Even With All Configuration In It

May 3, 2013

I am having a wierd case, where in i have a 5520 and i am not able to ssh into that firewall. When did a capture on that firewall it shows my connection is getting reset as soon as i try to ssh into the box. Given below is the config for ssh into the firewall.

!
ssh 10.252.253.0 255.255.255.0 inside
ssh 10.114.255.240 255.255.255.255 inside
ssh 169.2.162.75 255.255.255.255 inside

[Code].....

View 3 Replies View Related

Cisco Firewall :: ASA 5520 Configuration For ASDM?

Jul 13, 2011

My ASA confi are as follows. i cant to do use ASDM, HTTP, Telnet from my local interface and ip 192.168.0.46 &14.My ASDM is ok as i can connect other ASA. what mismatch here i cant understant.
 
hostname ciscoasa
 enable password DtMryzGjBATmCElZ encrypted
 passwd 2KFQnbNIdI.2KYOU encrypted
 names
 dns-guard

[code]....

View 5 Replies View Related

Cisco Firewall :: ASA 5520 Email Alert Configuration

Apr 26, 2010

I am trying to setup email alert on our ASA 5520 so that i can receive emails to my exchange account below is the configuration [code] The smtp server is in our internal network.first i am not able to ping 172.17.1.12 as ping is blocked.i did this confgi like two days before..but ca see alerts and error messages through asdm but no mail is  coming in.

View 5 Replies View Related

Cisco Firewall :: Export Configuration From ASA 5510 To ASA 5520?

Oct 14, 2012

I have new ASA 5520 units currently we are using ASA 5510... I have to migrate all the configuration to the new ASA 5520 units....I am wondering is there a possible way to export and import certificates from ASA 5510 to 5520....
 
how to export or copy all the configurations, plug-ins, certificates from 5510 to 5520.Existing configuration snapshot...CA certificates from third party installed for authentication and identity certificate from Verisign

WebVPN
Anyconnect
Plug-ins
IPSEC tunnels
NAT

View 1 Replies View Related

Cisco Firewall :: ASA 5520 Configuration Backup With Archive?

Nov 15, 2011

On our cisco 3750 switches we can take config backups with the archive command. After every "write mem" it rights the config to our backup server. We would like to do this also for our asa 5520 with version 8.2(2). I also searched in the command reference guide, but I can't seem to find the proper command to do it.

View 2 Replies View Related

Cisco Firewall :: Multi Context Configuration On ASA 5520

Jan 29, 2012

I am trying to configure multi context on the 5520 ASA , how can i configure 1 outside and 1 inside for the 2 context or how to configure both outside from the same subnet and insides also from the same subnet , i did the below configuration but didn't work . [code]

View 4 Replies View Related

Cisco Firewall :: ASA 5520 SSL VPN LDAP Authentication Configuration Required

Oct 16, 2012

I've gotten to the point where I can test against active directory and get in, also I can get AD groups from my server on the ASA. My problem, I can't connect in via my AnyConnect client on my Android. I immediately get a "log in failed" and I know I'm using the right username/pass. Doing a little troubleshooting, I have attached my AnyConnect debug log and the results of the "debug ldap 255" command on the ASA. Also, I've used ldp.exe to determine I can connect in with the username/password combo I'm using.Combing through the AnyConnect logs I see a few instances of "global error unexpected" but no Google searches have brought up anything useful.

View 7 Replies View Related

Cisco Firewall :: No Internet Access From Inside Network Of PIX 525?

Dec 11, 2012

I am working on pix 525, when connected through console I can access the whole internet but when i connect the pc to the inside interface i have no access to the internet. the pc can ping the pix inside interface and from pix i can ping the pc. My configuration is shown below.

PIX Version 7.2(2)
!
hostname pix
domain-name xyz.edu.pk
enable password xxxxxxxx encrypted

[code]....

View 8 Replies View Related

Cisco Firewall :: ASA 5510 - VPN Termination On Inside Network

Apr 17, 2011

I am setting up a new ASA 5510 on our inside network so that we can terminate our VPN connections on this ASA. I can get the VPN to work fine however I noticed that once I turned on my VPN profiles now when I try to access the ASDM I'm getting the VPN logon page. So I decided that in order to resolve this I need a separate interface dedicated to management of my ASA.
 
I'm trying to come up with the best way to do this. I've got two ports on the ASA plugged into my core switch. One is on a separate VLAN from the rest of my network traffic. This is the port I want to use for management. The second will be used to route all of my VPN traffic.
 
So far I haven't been able to get this to work at all. My thought was that it had to do with routes, NAT and ACLs. I've been playing with them but can't get any combination to work.

View 2 Replies View Related

Cisco WAN :: 2811 - Cannot Ping Inside Global IP From Inside Network

Dec 18, 2010

I have 2 questions.Om my cisco 2811 (IOS 12.4(15) T9 IPBASE W/O Crypto) i am using 3 interfaces.And i have a pool of Global addresses: 200.x.z.97-200.x.z.126 255.255.255.0
 
FastEthernet 0/1 description WAN interfaceip nat outsideip address 200.x.y.253 255.255.255.0
 
GigabitInterface 0/2/0description DMZ interfaceip nat insideip address 10.0.0.1 255.255.255.0
 
GigabitInterface 0/3/0description LAN interfaceip nat insideip address 192.168.0.251 255.255.255.0
[Code]....

View 8 Replies View Related

Cisco Firewall :: ASA5505 Cannot Access Inside Network From IPSec VPN

Jan 20, 2013

I'm trying to make a very plain and simple network with the ASA 5505, I've strated from scratch over a dozen times triyng to find where I'm going wrong.  My main goal is to simply create an IPSec VPN connection to my ASA 5505 and simply ping and connect to devices with the "inside network", so far I can easily create and establish a IPSec VPN Connection, but up to this point, I cannot successfully ping or access a single device on the ASA 5505 inside network.I've taken, create the IPSec profile with the ASDM wizard, add exemption for the VPN IP Pool, add access-list from this Cisco link, url...All this and I can't make a single connection to the inside network.  [code]

View 7 Replies View Related

Cisco Firewall :: ASA5540 Can't Get DHCP Service From Outside To Inside Network

Jun 13, 2012

I have an inside network using PAT to one outside address. Our DNS server is on another local, but outside address.  I can't get the inside network to successfully get addresses.I have another inside address that just uses the wirewall and gets addresses just fine from the same server.I have the box checked in ASDN that enables DHCP on the inside interface and points to the correct DHCP server,PAT service is working properly if I use a hard coded address for a machine on the inside network.This is an ASA5540 with 8.3(2)

View 2 Replies View Related

Cisco Firewall :: ASA 5505 - Configure Communication From Inside Network To DMZ

Nov 30, 2011

ASA 5505 and DMZ, I have a Base License.
 
What do I need to do for access inside network to DMZ?
 
I successfully configure, internet Access for DZM and inside network, web server can be accessed from internet, but I have problem to configure communication from inside network to DMZ.

View 14 Replies View Related

Cisco Firewall :: PIX 515E Slow Http From Inside To Dmz Network

Oct 16, 2012

I have a PIX 515E V7.0.4 and I'm having trouble with http access between the inside interface and a DMZ zone I have.  I have a web server setup in the DMZ with an web interface to upload/download files.  I can connect to this interface from a workstation in the inside network but when I try to download a file it is incredibly slow.  If I upload a file there are no speed issues.  If I connect using an https connection then both upload and downloads are at speeds I would expect.
 
I have disabled http inspect but this didn't improve the speed connection.
 
Other http communications from inside to outside do not have any speed issues in either direction.

View 34 Replies View Related

Firewall Is Deep Inside Private Network PIX515

Jan 7, 2011

I am having a spot of bother with a Cisco PIX515, I have posted the current running config below, now I am no cisco expert by any means although I can do basic stuff with them, now I am having trouble with traffic sent from the outside to address: 10.75.32.25 it just doesn't appear to be going anywhere.

Now this firewall is deep inside a private network, with an upstream firewall that we don't manage. I have spoken to the people that look after that firewall and they say they they have traffic routing to 10.75.32.21 and 10.75.32.25 and thats it (although there is a website that runs from the server 172.16.102.5 which (if my understanding is correct) gets traffic via 10.75.32.23. [code]

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved