Cisco Firewall :: ASA 5520 / Cannot Ping External Servers Like Yahoo Or Sony
Jun 14, 2011
I have installed quite recently a cisco ASA 5520 replacing a linux based firewall I have only 2 zones ..one is internal netowrk and other external the internal network has web servers, dns and mail server all having public IPs Every thing is OK but i have seen that if I try to ping an external server for example [URL] i cannot ping says
[sylvan@kmdns1 ~]$ ping www.yahoo.com
PING eu-fp.wa1.b.yahoo.com (87.248.112.181) 56(84) bytes of data.
--- eu-fp.wa1.b.yahoo.com ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5010ms
but I can ping from systems which are outside my firewall perfectly with the linux firewall i had before i could ping perfectly to yahoo from any of my internal servers?
View 5 Replies
ADVERTISEMENT
Jun 11, 2013
We are planning to split the Private servers from the DMZ Servers and configure an additional Interface and segment for this purpose.
Private Servers Segment: 192.168.4.0/24 (there is no DHCP all servers' IPs are statically configured)
DMZ Segment: 192.168.3.0/24 (This is a future deployment)
LAN Segment: 172.17.0.0/16
Both, Private Servers and DMZ Servers are in a collocation as well as the ASA5520. There are multiple Branch offices that uses subnets within the 172.17.0.0/16 Network and they are connected to the ASA5520 via Metro-E.
I do not know if this is possible but what I want to do is this:
In order to avoid the change of internal DNS records I want to mask the DMZ servers with a Private Server IP when a Private server or LAN host wants to access it like this:
The FTP server in the DMZ has the IP address: 192.168.3.100. But when a PC from the LAN wants to reach the FTP server it should points to its old IP: 192.168.4.100. This way the PC sends a packet to the ftp.corporate.net (192.168.4.100) the ASA recieves the packet and translate it to the (192.168.3.100) and send it out through the DMZ Interface.
Also if the Private Servers wants to reach the same FTP the ASA will act like a proxy-ARP and send the paquet to the DMZ by means of the translation of the IP.
View 6 Replies
View Related
Nov 28, 2011
I have a issue that i am at a loss as how to solve it. I have an ASA 5505 as my firewall. I have users from other companies who visit from time to time and are unable to use their outlook email to send messages. They can however receive messages without a problem. I also have a situation where users who use windows live to access gmail are unable to send messages.
I have narrowed it down to the fact that these uses are using ssl/tls to send the mails. I did some research and found out about the inspect esmtp setting in the ASA. I have disabled it and i still have to problem. I have also removed all outbound deny statements and still no luck.
Of note is that i can send emails without attachments. They take a long time to go out ( from minutes to hours) but eventually they do. Emails with attachments of even 10k do not go at all.
I was running image 8.2.3 and i downgraded to 8.0.5...still did not work...i upgraded to 8.4.3...still did not work. I am now back at 8.2.3.
My Firewall config is attached. I am at my wits end as to what else to try. The company has not renewed support for the device so i am on my own here!
View 2 Replies
View Related
May 21, 2011
I had problem accessing to my yahoo mail (Beta) half way replying an email in yahoo itself, 9 hours ago. Since then, I can't log on to yahoo mail eventhough yahoo homa page is working. No problem with yahoo-ing for news but just the mail. I tried these links thourh google search:You may be able to get to your mail with one of these links.http:[url]... Or: http:[url]....
.
but every time the links show a dead-end, "Error encountered processing your last request!We have run into a problem processing your last request! Refreshing the page may fix the problem, or use the link below to return to your Inbox." while no link to be found.I am also using microsoft outlook 2010 for a separate email address. Just don't know how to import yahoo mail.Is it a problem with yahoo beta? or yahoo mail in general?
View 1 Replies
View Related
Jan 7, 2013
How to find the IP from Yahoo Messenger. Real e-mails show the IP, but not Yahoo Messenger.I'm sure the IP is there somewhere, but how do I find it?
View 4 Replies
View Related
Feb 18, 2013
I have 2 modules of FWSM in 6500 switch (failover).I need 5 context.When I use in routed mode (like in the picture) , I cannot ping the servers behind the firewall. (I have ping to FW context),In transparent mode, it is not happening.what is the problem with routed mode?
View 1 Replies
View Related
Nov 4, 2011
I've configured a 5505 but internal clients can't ping external ip. To test I've connect a pc with the ip of the default router on the Outside int the ASA can ping the PC and the PC can ping the ASA, but internal clients can't ping the PC
PC config 195.12.23.241/28
Here's the ASA config, so far I've wiped the ASA and started with a blank sonfig and built it up but still not working.
ASA Version 8.2(5)
!
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
[Code] .....
View 2 Replies
View Related
Dec 20, 2011
We can´t reach DMZ servers from other DMZ servers?If I make a ping from DMZ server to another, sometimes only recieve one ping, sometimes 4, sometimes 0.How can I allow the traffic between DMZ servers??
(ASA 5520 Version 8.4)
View 2 Replies
View Related
Jul 1, 2012
I am working on adding a mapping to our external address for our mail server - let's call it mail.example.com
I would like to be able to access mail.example.com internally for our user's smartphones - if they access our company WiFi they are not able to get mail using the mail.example.com as the server name in their phone setups. However, once they leave the office and use any other WiFi it works fine. Also, I am unable to ping that address from any internal device. I believe also this is the reason Exchange accounts do not work on our site to site VPN connections.
I have a ASA 5520 and work primarily in the ASDM 6.4 to do configurations in the main office and have 5510 in our site to site connections.
View 6 Replies
View Related
Dec 8, 2012
I have an ASA 5520 with a DMZ with private addresses that I SNAT to my outside network. From inside the DMZ I can reach servers by both the internal private IP and the public IP, except if the IP is from the server trying to connect. So, say I have server1 and server2. I can connect from server1 to server 2 with both public and private, but can't connect from server1 to server1' using the public IP. ASA logs show that packets are being denied due to land attack. DNS doctoring is not an option for me.
View 1 Replies
View Related
Sep 18, 2011
Since several weeks ago we are triyng to solve a disconnection problem related to servers benind an ASA 5520 behind this ASA there are:
-subnet with public ip addres
-sunbet with prive ip address, the server on this subnet are acccesible via NAT.the problem is worst when some ousite our network and behind a nat device (like a adsl modem/router) tries to connect to those servers wich are using natted ip behind the ASA.I tried from my home to connect to this ASA5520 using annyconnect and get reset tcp packets. Are there some aditional configuration to make the ASA work properly?. We have other firewalls like PIX or software firewall (ASG), they work with no problem. Only the ASA 5520 has this issue.
View 1 Replies
View Related
Aug 23, 2011
So I have a laptop that wont connect to the internet, my other laptop works fine using the same router.I can ping google.com and yahoo.com fine. Intel(R) PROSet/Wireless says connected but no internet. I cant use a network cable to connect either. Laptop: DELL XPS M1210, Windows XP, Service Pack 2..[code]
View 5 Replies
View Related
Feb 3, 2013
I cannot seem to ping from the outside of my 5520 firewall to an inside network. I have a single physical outside interface connected to a Layer 2 switch, with a laptop connected to it. This is on network 10.11.131.0/28. From there, I cannot ping to the inside interface (which is a sub interface on G0/0) with network 10.11.130.0/24/ For some reason, it doesnt work.
Now. I had access-lists in place, but have removed them for testing and it still doesnt work. I have set the security level of inside and outside to 100, and entered the same-security-traffic permit inter-interface command - still no joy. Below is the relevant configuration.
Inside Interface
interface GigabitEthernet0/0.96
description L3 Interface - Informational Zone
vlan 96
[Code].....
View 4 Replies
View Related
May 13, 2013
I have ASA 5520. I cannot ping the host(192.168.1.20) which is inside firewall from outside hosts. Inside host (192.168.1.20) is translated into (198.24.210.226) using static NAT.From outside host, I used "PING 198.24.210.226". Is it because I used dynamic PAT for inside hosts?
interface GigabitEthernet0/0nameif outsidesecurity-level 0ip address 198.24.210.230 255.255.255.248!interface GigabitEthernet0/1nameif insidesecurity-level 100ip address 192.168.1.1 255.255.255.0
[Code].....
View 3 Replies
View Related
Dec 8, 2009
I got 2 x 5520 ASAs configured in active/standby mode and they are connected to 2 x 4500 switches in which too configured for failover.Telnet to ASAs is allowed only via subnet 172.18.0.0./24
I can only ping and telnet to the active ASA from subnet 172.18.0.0./24 but not the standby But i can ping and telnet to both the active and standby ASAs within the 4500 switches.
View 20 Replies
View Related
Sep 28, 2011
I have a cisco asa 5520 version 8.2.
I found big problem with ping. I can't ping any internet ip with packet size bigger than 990.
I checked runing again. I see config every thing fine. I can't ping bigger than 990 byte.
C:Usersuaydinli>ping 172.17.97.2 -l 1000
Pinging 172.17.97.2 with 1000 bytes of data:
Request timed out.
Request timed out.
[Code]......
View 5 Replies
View Related
Mar 20, 2012
I'm trying to configure an ASA firewall (FW2) for syslog and tacacs and am experiencing strange behavior. Both the syslog and ACS server are on the inside of another firewall (CoreFW). Whenever a log message is generated on FW2 the request is dropped by CoreFW and message '%ASA-4-313004: Denied ICMP type=0, from laddr FW2 on interface outside-b2b to syslog01: no matching session' is displayed. The same thing occurs for tacacs.
It appears that the syslog and ACS requests are generating ICMP echo replies, which the core firewall drops since no session exists on a lower security interface. I have access lists configured on CoreFW to allow the syslog and tacacs requests.
FW2 is running asa825-k8.bin, CoreFW is asa824-k8.bin
View 1 Replies
View Related
Jul 26, 2011
I am unable to ping inside interface (Rin) to outside interface (Rout) of my Cisco ASA 5520 runing on ASA Version 8.4(1).
ASA Version 8.4(1)
!
hostname FW5520
[Code].....
View 10 Replies
View Related
May 22, 2012
I have a client that has 2 servers behind the same router. They have an IP block from Time Warner -> (x.x.x.18-.30) The router has the IP address of x.x.x.18. Server A (192.168.1.6) is setup with the forwarding of ports 22, 23, and 115 and can be seen with the ip address x.x.x.18. An external company needs to access the other server and is requesting an external IP for Server B (192.168.1.5) which need the same ports open along with 6200.What is the best way to set this up with what they have? The router is a Linksys WRT54G. Is there a way to set them up with a x.x.x.19 address from time warner? Is this something time warner will need to do?
View 4 Replies
View Related
Mar 24, 2011
I'm running a windows lan that connects 3 computers and a shared storage external hard drive. The whole network, including the external hard drive is connected by ethernet back to my adsl modem/router. I want to convert the external hard drive into an ftp server to enable secure file sharing on the internet by allowing remote access (for the purpose of downloading files) to anyone that I offer a username and password to.The external hard drive is a Western Digital World Edition (blue light)I believe it's a 2008 model.The adsl modem/router is a Billion Bipac 7300(G) RA.Is this doable?
View 3 Replies
View Related
Oct 13, 2010
I recently cut over from a WRT54G to a RV120W. I am having an issue where I type [URL] (for a server running on my network) in my web browser while on the internal network and it always comes back with the router login page. Basically it is supposed to go out of the router and then come back in on the public IP address and hit that server. There was a function on the WRT54G called "Filter Internet NAT redirection" which when turned off would allow this to happen. I am not seeing a feature like this on the RV120W
[URL]
View 29 Replies
View Related
Jun 9, 2011
DNS resolution works and I can surf the web without fail. But if I try to ping any external hosts (I can ping inside interface of ASA fine) from the LAN I get timeouts. I can ping anything from the ASA without fail.
ASA Version 8.4(1)
!
hostname fw1-nat-ann
domain-name inmd.infoblox.com
enable password anWLNen9CTFp7B/X encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
View 1 Replies
View Related
Mar 19, 2013
I've had some issues with my 892 router. [code] When match address is set to acl-net12, I can't ping my router on external interface and tunnel is working very bad (15%-20% packet loss).If I change match address from acl-net12 to acl-net12-new then I can ping my router on external interface and vpn si working fine.
I have also an acl (set on external interface) which allow ping but it seems that is not working when acl-net12 is used on crypto map. [code]
View 6 Replies
View Related
Mar 24, 2013
I have setup a new RV180 and it appears to be connected to the WAN, however, I cannot ping the external IP. In some of the documentation, there are references to default access rules, however, there does not appear to be any rules setup. What other settings need to be made to allow the firewall to be pinged on the WAN interface?
View 1 Replies
View Related
Mar 12, 2011
I have spent two days on the phone with virgin mobile broadband where I bought the device and they do not know what I am talking about.First of all the mifi is working fine on the one and only computer I have set up so for..it is Vista operating system..I am trying to set up my vista computer as an FTP server on the mifi or wifi or whatever you call it.when I disable the DHCP service on this virgin mobile mifi device so that I can generate my own internal ip for this particular computer..It is not functioning that is I cannot connect to the internet..I tried to get from Virginmobile the DNS server address but they were confused...When I log into the device itself under advanced options it does allow for me to disable DHCP..but my problem is what IP do I use when setting up the wireless connections, I disengaged the automatic, but I am having a heck of a time trying to use the right IP then the gateway address and the DNS.
View 14 Replies
View Related
Sep 27, 2011
I Have 15 computer and they all are in Internet Connection.And I Have Network of C class that is 192.168.5.11.But the main Problem is that the computer are not getting ping with each other.How can I get them Pinging between them.Can any antivirus stop them?
View 1 Replies
View Related
Jan 14, 2013
As a raw test it is handy for us to ping externally the WAN port of the SRP 527W. How we configure the SRP 527W to allow this? FYI we have the inbulit SRP firewall enabled.
View 2 Replies
View Related
Mar 1, 2010
I have a 1760-v router set up at my home lab and I am unable to access IP addresses outside my local network. I have my Cisco router's fast Ethernet port connected to a small net gear router which then connects to my cable modem. The Cisco router is able to ping local address fine, but when I try to ping an outside address or domain name it times out. However, when I am at the CLI and type something like Ping { URL}, it resolves Google's IP address but it will not ping it. I have IP DEFAULT-GATEWAY and IP NAME-SERVER both pointing to my net gear router and pointing to my ISP's DNS server.
View 3 Replies
View Related
Aug 30, 2011
I have two hosts behind an ASA on a private network. Both hosts are NAT'ed (each has a unique public IP). I need Host A to be able to talk to Host B through their respective external IP's.
View 5 Replies
View Related
Jul 11, 2011
I'm trying to setup my home network so that I can access it when away from home but I've ran into problems and I can't figure out what is causing the problem.I've setup the router to forward incoming requests on port 80 to be directed to my PC running WAMP. The PC has a static IP and if I access it from another PC on my network I get the WAMP page load as expected.I've also setup an account with no-ip.com to resolve my (dynamic) ip. If I use the address they have setup while I'm on my network I get the login page for the router, again this is what I expect.The problem begins when I try and access my home address (whatever.no-ip.biz) from outside my network. I've tried it from 2 different locations and via a dial-up account and I get nothing.
View 6 Replies
View Related
Mar 14, 2013
Both my DIR-655 and DIR-815, when setup as wireless access points, are unable to ping external IP addresses and thus cannot contact the dlink ntp servers. I've disabled UPnP, disabled DHCP, changed the LAN IP address to an available address on the network. The wireless works, devices are getting an IP from the network DHCP server and can surf the internet. But the DLink router itself cannot ping any external IP addresses. But the DLink router itself cannot ping any external IP addresses.
View 3 Replies
View Related
Aug 15, 2011
I'm looking to setup a few ip security cameras in my house and would like to monitor from work. The first thing I did was give the ip camera a static ip on my local LAN 192.168.1.104. I also forwarded port 9000 to this ip. I then went to [URL] to look up my external ip address. I was able to obtain one ip for my router and another for my modem (disconnected router and went direct through modem).
I've since tried to ping my router WAN ip from work numerous times via http://24.x.xxx.xx:9000 and I get timeout errors. I've tried traceroute and it gets close, but times out the last 3 hops. I've had Comcast on the phone many times trying to resolve and needless to say they weren't able to work.
View 6 Replies
View Related
Sep 22, 2012
Hard Drive (Gembird not detected on My PC
View 3 Replies
View Related
