I am working on adding a mapping to our external address for our mail server - let's call it mail.example.com
I would like to be able to access mail.example.com internally for our user's smartphones - if they access our company WiFi they are not able to get mail using the mail.example.com as the server name in their phone setups. However, once they leave the office and use any other WiFi it works fine. Also, I am unable to ping that address from any internal device. I believe also this is the reason Exchange accounts do not work on our site to site VPN connections.
I have a ASA 5520 and work primarily in the ASDM 6.4 to do configurations in the main office and have 5510 in our site to site connections.
As far as I understand it Fault Manager need to be able to do reverse lookup for ip adresses to show the correct name in the "device name" column. I have double and tripple checked and all devices that only is shown as an ip address do have a reverse in the dns used by the LMS server. The device is correctly registered and inventory have been run. If I hold the mouse pointer over the crosshair on the row of the offending device all info is shown including correct device name and fqdn.
The server is upgraded from 4.2.1 to 4.2.2 and we have the same problem before the upgrade.
I am having issue with my network as my router won't resolve most of the hostname of the network, I have 30 devices on my network, and only 4 names are displayed on the available local host. It makes it very difficult to identify the devices on the network.
How to configure ASA 5520 to resolve names in ASA's. We are currently using ASDM to configure network objects with the hostnames in the internet and then specifying the IP address . But this is done manually. Is there a different way of setting it up on ASA. Also when getting reports from ASA, we see the IP's but is there a way that we could add an identity to the IP's (reverse lookup)
I have a mail server, with external access which works fine for external access thorugh our router (a 1941). I have a laptop which connects to a wireless network that is inside our router. When attempting to navigate to the webmail or use outlook, it cannot connect.
The laptop is configured to access the mail through the external path as it would be offsite occasionally.
I think the problem seems to be that the traffic is not leaving the router to come back internally. The laptop can ping the external address ok.
I read about something called hairpinning - is this what i need to be looking at?
i got an ea2700 and i cant get the external to work internally which i need for server tests now this has worked before on every other router i had without any editing done but this one doest allow that so what can i do to make it work with this router?
I am able to access ASA via hostname but with IP address it does not work.Need to know what config i need to put so i am able to access it using IP by ssh and ASDM? ASA is 5520 version is 8
I have a 2800 with one Gigabit interface connection to our Lan and the other interface connected to the internet with a public IP address. Now I'd like to setup the router to resolve both internal and external DNS requests. Thus requests like www.google.co.za and LocalLanPcName should be resolved to their public and private IP's respectively. [code] When I ping any name the only DNS server that is ever queried is 192.168.1.200 (it does resolve internal name correctly though).
None of the other servers are attempted to resolve the name. It does not matter if I specify a FQDN or not.
How do I setup the router so that my internal resolution is handled by 192.168.1.200 and .201, while external resolution is handled by 41.160.36 and .37. Or alternatively, how do I configure it to at least try all 4 specified name-servers for resolution, and not fail after trying the first one unsuccessfully.
I am unfortately the only IT staff now for 100 - 150 users in my organization besides a consultant who doesn't have an answer for this issue even though he sold us the hardware and environment. While I realize that this version of the Cisco VPN doesn't support Windows 7, we do have some Windows 7 PC's that have the software and work perfectly fine upon install. In this case, I am at a remote location with both a Windows XP SP3 and Windows 7 SP1 computer. Both have the same Cisco client installed and connect to our ASA5520. I cannot get DNS resolution out of this computer to any remote network resources or other domains such as cnn.com including localhost. Adding the entries manually in the hosts file does nothing and I even tried removing the VPN client, the network connections and components and even a manual winsock reset. I cannot resolve internet DNS but can ping all internal IP addresses. The Windows XP computer across from me has no issues. I am not going to update any VPN clients as we still don't have computers who are functional so I need to spend money where it counts before I upgrade computers and I cannot perform a downgrade on this model because the previous person who bought it didn't bother to check Windows XP compatibility before they installed them in 10+ communities.
Here's my IP config - FYI all works well when not connected to the VPN for general web domains.
C:UsersAdministrator>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : GHN-Green-S01 Primary Dns Suffix . . . . . . . :
I have an ASA 5520 with a DMZ with private addresses that I SNAT to my outside network. From inside the DMZ I can reach servers by both the internal private IP and the public IP, except if the IP is from the server trying to connect. So, say I have server1 and server2. I can connect from server1 to server 2 with both public and private, but can't connect from server1 to server1' using the public IP. ASA logs show that packets are being denied due to land attack. DNS doctoring is not an option for me.
I have installed quite recently a cisco ASA 5520 replacing a linux based firewall I have only 2 zones ..one is internal netowrk and other external the internal network has web servers, dns and mail server all having public IPs Every thing is OK but i have seen that if I try to ping an external server for example [URL] i cannot ping says
but I can ping from systems which are outside my firewall perfectly with the linux firewall i had before i could ping perfectly to yahoo from any of my internal servers?
My laptop is connected to a router via wifi but it keeps getting a DNS fault. I have another PC linked to the same router via WiFi and that works perfectly all the time. I have the same problem on both google chrome and IE browsers where I just get the message telling me that the DNS look up failed. My internet is still connected as I can dial into my remote CCTV cameras and I can ping website ip addresses. Most times I can just turn off my wireless adapter and turn it back on and it works for another hour or so. But sometimes it wont work all day, unless I start my laptop in safe mode, when it works everytime! I have flushed the DNS cache several times but to no avail.
My company recently purchased a custom domain name through In Motion Hosting (inmotionhosting.com) which has worked great up until today. As of this morning we are not able to view our webpage online (ronnysinc.com) or any inmotionhosting pages including our email accounts. However, we can view any other website and computers outside of our network seem to be able to view those pages without any problem. [code] As you can see it works fine with any other website such as google. My initial thought was it was being blocked by our firewall but when I log into the router I do not see any firewall settings that would create this block. I also tried resetting the router and flushing the DNS with no success.
I am using the Cisco VPN Client 5.0.06.0160 - and am having an issue connecting to my ASA 5510 via VPN. This issue is happening on 1 of our laptops. All other laptops connect just fine. So the problem is not in the ASA. I have double checked the client setup and config and it too is correct. The interesting thing is, we are connecting to an IP Address and not a host name.
I am running a webserver locally and I am unable to resolve it by domain name (e.g. mydomain.com) when I am inside my network. However, I am able to hit it internally (e.g. 192.168.0.10) just fine. When I try to access mydomain.com from inside my network it comes up with my Actiontec router's admin page on 192.168.1.1.Here is my configuration:Actiontec FIOS router 192.168.1.1 (connected to internet)DHCP disabled Netgear Router 192.168.1.2 is in the DMZHas cable running from Actiontec's LAN port to Netgear's WAN port[CODE]
I have been trying to connect to the Internet via a wireless connection but keep receiving the above error. None of the Windows solutions resolve the problem. On Google Chrome I see a screen saying 'This web page is not available', and receive 'Error 105: Unable to resolve the server's DNS address'. I cannot access Internet Explorer either.The strange this is that this problem only seems to occur with some wireless networks, as I can connect fine at home. In certain places, however, I am told that I am connected but that accss is 'Local Only', and I cannot open any browsers. I need the problem resolved as soon as possible as I cannot access the internet where I need it most.
Will I break anything if I create a second IP address on the physical external interface of our ASA 5510? I want to point it nowhere internally but want an active interface that can be vulnerability scanned but won't lead anywhere internally.
I am unable to login to switch c3560 through Hostname but able to login through IP address. when i am putting the command : login authentication telnetpwd
getting the below message:
AAA: Warning authentication list "telnetpwd" is not defined for LOGIN.
I have a Cisco 1721 router with an ADSL wic. I have followed guides on the Cisco website so that I can connect the router to my home adsl connection. The router connects to my broadband provider and sucesfully obtains an IP address along with Dynamically assigned DNS servers. I am able to ping google.co.uk from the router but not from clients attached via DHCP.
I have noticed that if I ping the IP address of google.co.uk from a client it resolves but it will not resolve the name. This would lead me to believe that the problem lies with DNS resolution/forwarding but I do not know how to investigate further.
I have a issue that i am at a loss as how to solve it. I have an ASA 5505 as my firewall. I have users from other companies who visit from time to time and are unable to use their outlook email to send messages. They can however receive messages without a problem. I also have a situation where users who use windows live to access gmail are unable to send messages.
I have narrowed it down to the fact that these uses are using ssl/tls to send the mails. I did some research and found out about the inspect esmtp setting in the ASA. I have disabled it and i still have to problem. I have also removed all outbound deny statements and still no luck.
Of note is that i can send emails without attachments. They take a long time to go out ( from minutes to hours) but eventually they do. Emails with attachments of even 10k do not go at all.
I was running image 8.2.3 and i downgraded to 8.0.5...still did not work...i upgraded to 8.4.3...still did not work. I am now back at 8.2.3.
My Firewall config is attached. I am at my wits end as to what else to try. The company has not renewed support for the device so i am on my own here!
I'm connected through the router, a few times a day I cannot open web pages, getting error: Error 105 (net::ERR_NAME_NOT_RESOLVED): Unable to resolve the server's DNS address.Skype continues to work. Here are the results of pinging:
Quote:
Microsoft Windows [Version 6.1.7600] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:UsersSri Guru>ipconfig /all[code]....
One technician said that this is the providers problem, but I don't think so. When I restart the modem everything works.I have a Netgear WGR614 v9 router.I use ESET 5 security. Btw, connection drops on all computers connected through the router, so it's not my firewall.
As part of our PCI compliance, we were required to add a line to all of our ACLs in our ASA 5520 running version 8.2(3). Though there is an implicit deny all, we had to add a line to deny from any source to any destination.We had no problems in adding the additional deny all statements except for our NAT access-list. This NAT access list is used for our internet connection.Currently, the NAT ACL has 4 entries to permit from a specified source to destination any. This ACL is then called on our NAT statement.nat (inside) 1 access-list NAT,Also, note that NAT control is in place and we also have NAT zero statements for our VPN connections.So to fulfill our requirements, we just had to add another line to our ACL entries. But we encountered an issue with our NAT acl.
I have a 5505 that currently has inside/outside interfaces and everything is working just fine. I am trying to create a DMZ that will essentially be just for vendors/guests. the DMZ will have full access to the outside (Internet) but no access to the inside. I am using the FW for DHCP, and 8.8.8.8 and 4.2.2.2 for DNS. I currently have 1 laptop in the DMZ vlan, and it is getting a correct IP, and it is showing 8.8.8.8 and 4.2.2.2 in ipconfig. I can ping/tracert 8.8.8.8/ 4.2. 2.2/74.125.137.147(what url... resolved to on a laptop connected to the inside vlan), but I cannot ping nor browse to url.... [code]
I was trying to upgrade from 8.3.1 to 8.3.2. but I am unable to copy via tftp to the ASA flash or disk0:
ASA5520# copy tftp: flash: Address or name of remote host []? 10.88.127.153 Source filename []? asa831-k8.bin Destination filename [asa831-k8.bin]?
[code]....
Half way thru writing to the disk, it goes for a reboot. There is more than enought space on the disk0. I tried copying via a Compact Flash, but the ASA is not detecting the Compact Flash (which I thinks should be disk1). I tried copying a asdm file, even that also went for a reboot.I am stuck now, unable to upgrade
is there any way to apply hostname or object network in the syntax? The command gives the option to use hostname or A.B.C.D but doesn't accept the hostname PIX1(config)# filter url except 0.0.0.0 0.0.0.0 ?configure mode commands/options: Hostname or A.B.C.D The address of foreign/external host which is destination for connections requiring filtering Can an FQDN be used as a foreign/external host?
my 1841 router can't resolve dns after enable ios firewall, I try to ping google.com from router's console fail, but dns resolution is fine from lan side.
my partial config--------------------------------- ! ip name-server 8.8.8.8
I have connected an ASA 5505 to an ADSL router that is able to assign the IP address and the also the DNS servers for the ISP for the outside interface. The ASA is loaded up with IOS "asa842-k8.bin"
I am using vpnclient with a hostname as oppose to an IP address to connect to a headend remote server. If I hardcode the DNS servers IPs in the "dns server-group DefaultDNS" I am able to resolve the hostname. If I then remove the IPs from the group and rely on the dhcp to assign them, when I try to resolve the name I have an error at the console "ERROR: % Invalid Hostname"
I have two hosts behind an ASA on a private network. Both hosts are NAT'ed (each has a unique public IP). I need Host A to be able to talk to Host B through their respective external IP's.
I have set up a remote access ipsec vpn on an asa 5520. I can connect, and ping internal ip addresses, however I cannot ping back out to the internet, nor can the internal network ping the vpn clients and dns resolution internal or external does not work. I am seeing nothing blocked in the logs on the asa.
