if ASA 8.3 uses real IP address in ACL, why in this example "ASA 8.3 and Later: Mail (SMTP) Server Access on Inside Network Configuration Example" uses the public (natted) ip address for the smtp server ACL?
View 6 Repliesin the ASA Migration Guide for Version 8.3 says about real ip address: "All of the access-listcommands used for these features are automatically migrated unless otherwise noted"
But my ACL's have not been migrated to real ip address. In my migration log:
INFO: NAT migration completed. Real IP migration logs: No ACL was changed as part of Real-ip migrationWhy?So, do I have to migrate them manually?
ASA v 8.2What does the ACL hit count count ? I always thought that the acl hitcount counted the numbers of packets hitting that line in the ACL, however that is not the case. if I setup a icmp permit rule then that will only increment 1 even if I send 4 packets that hits the line. udp and tcp seems to do the same. is there some way I can make the ACL actually count the packets that hits ? where can I learn more about this ?
View 4 Replies View RelatedSo in the past from 8.2 down I had one to one NATs like so
static (inside,outside) A.A.A.A B.B.B.B netmask 255.255.255.255
but for 9.1 im running now I need to do this
object network obj-B.B.B.B
host B.B.B.B
nat (inside,outside) static A.A.A.A
So if I make an ACL to permit outside public access to the public IP (A.A.A.A) in 9.1 do I use real B.B.B.B ip address or the object itself obj-B.B.B.B?
I have the following situation. A colleagues installed a spam block (Norton something) and he put two ip's on itsinterfaces. 192.168.2.20 and 192.68.2.21. One will be used to receive and one to send mail but both on port 25. They use a sinlge real IP 175.75.67.32. I am using a 5540 ASA with 8.2 IOS.
I am pretty sure this cannot happen but i got some advice to NAT the outgoing IP/Port and then PAT the incoming port to both IP's and it will work. I tried to do it with no success. I know that ASA 8.4 changes everything in NAT/PAT but is there any way with the newer OS my setup can work or not?
I am forced to upgrade my ASA 5520 software from 7.1 - 8.2 or higher, as I am not familiar with ASA I need expert opinions.I have following concerns regarding the upgrade.
1-Do I need to worry about the software licensing when I download 8.2
2-I read about the few difference in commands (ACL and NAT) in 8.2 what exactly I have to do here should I change the configured NAT and ACL with real IP in the existing configuration after the upgrade ?
I installed a new ASA using 8.2.2 version and ASDM 6.2.5 version in contexts mode.When i enable logging for ASDM as debugging i cannot use the real time log viewer because I have an error "Syslog connection Lost. Try restarting the syslog connection", I tried to reconnect using the icon at the bottom but nothing change.
View 9 Replies View RelatedI have an issue on an ASA 5510 that I have noticed today, when I am using the log viewer all of the information recorded only shows the high end source and destination ports. For example
Source IP 10.10.4.69
Source Port 59886
Destination IP 8.8.8.8
Destination Port 59866
So what seems to be happening is that I am seeing only half of the connection in the log viewer, I see the side with the high end ports and not the side with the ports the application uses, this example was done with a ping. All my services are working correctly and the client sending the ping gets the response expected, it just seems I have lost the logging display?
I'm running into this issue on an ASA 5520 running version 8.2(2)9 and ASDM version 6.2(1).
I have an ACL denying traffic to a certain IP range and the logging level set to Debugging. The hit count is rising quite rapidly but when selecting "Show Log" the Real-Time Log Viewer opens with a value of 0x13d0ee2a in the "Filter By" field and no logs are ever shown.
Logging is enabled globally and Logging Filters on ASDM is set to Debugging as well.
how I can get the RTLV working?
We have a Cisco ASA 5520 and im looking for a way to monitor largest outgoing and incoming traffic per ip in real time so to know which of my internal computers are using the most of our Internet Line. Is there a way to this through ADSM ? We use version 6.3.
View 1 Replies View RelatedI have a new ASA 5510 running 8.3(1) and ASDM 6.4(5)
I am trying to use the real time log viewer to troubleshoot some access issues, but I am getting delays of up to 30 seconds or more between my client connecting to the ASA and the corresponding events showing in the RT Log viewer. I am using a simple filter for source IP as it's quite a busy device.
I've seen an article that says to turn off certain logging IDs (such as 304001 from memory) which I have done, but no different.
I have an ASA 5520 and I'm using Solar winds real time interface tool to monitor the through put of the port. It seems I can never get it to use more than 100mb, where should I check?
I have run a sh int giga 0/1 and it shows the port is 1000mb full duplex and the I have also checked the other end where it plugs into the LAN and this also says the port is running at 1000mb full duplex.
I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to 192.168.1.244:92 (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at 192.168.1.244:92. The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did.
View 7 Replies View Relatedi got CCNA but i feel that it doesn't teach me how to build networks for business and how to chose an network architecture. What is the best way to learn this? Also, what is the best way to learn how to build a wireless network for a company that runs on multiple floors without user losing wifi connectivity when they roam
View 19 Replies View RelatedHow to get Real IP of user that Online via Proxy without using x-forwarded for(When proxy server not trusted)?
View 9 Replies View RelatedI have no problem connecting to my work computer from home with my VPN but my Real VNC will not connect. This happened after a tech crew got into my work computer remotely to fix my POS system
View 1 Replies View RelatedI am using RealVNC, have the Viewer and Server installed on three systems on my home network. I have a laptop which I am trying to use to connect to either of my two PC's, but cannot get them connected.With that being said I did have some luck with RealVNC as I have the 5900 and other ports forwarded and was able to connect with my Android tablet and Android Phone to the my two PC's and laptop with no problems....well kind of. I did have issues with this at first till I figured out I had to use a 142.*.*.* ip address because my network ip adresses were behind a NAT IP.Now back to the connecting my laptop to my two PC's issue.I have tried using the 142.*.*.* ip address and I have tried using my network ip 192.*.*.* to no avail. I just can't seem to connect.
View 5 Replies View RelatedI had recently switched to Comcast Xfinity Blast internet. I ordered the service with 22 mbps. Now when I download something, it becomes a challenge for the download to get faster than 500kbps. I don't understand, It should be a lot more. If it stays at this rate, than there would be no difference between my current and previous service.
[code]....
I need a virtual switch in my Linux OS instead of a real switch for doing some research purpose. Means it works same as a real hardware switch work. Suggest me any virtual switch for linux. For example there are 3com, cisco switches.. I need a virtual switch which work same as real switch.
View 1 Replies View RelatedI still use some old applications on windows XP.So I run them on vware.I could visit the real PC from virtual PC without any problem.But I could not visit the virtual pc by another real PC.No matter how I change the connection type.
View 1 Replies View RelatedI've been running into an issue with Cisco CSM for a number of years, but always found a way around it. Im attempting to get to the bottom of this to find out once and for all, if this is infact a limitation of the device, or a config issue/work around is possible.
Here is my situation. My CSM's are configured in bridging mode. Traffic works great, traffic bridges across vlans correctly. Everything works and have many instances of smilar configurations running in production. Every once and a while, a client requests that a "real" server (ie LWCMW-021)
cannot ping its VIP address (10.95.88.68). I am assuming this is related to the NAT Server, but not 100% sure. Clients have requested this functionality for some type of application based purpose, but Im unaware if CSM in bridging mode can provide this or not.
real LWCMW-021
address 10.95.88.59
inservice
!
real LWCMW-022
[Code]....
someone at work sent me an e-mail they claim was forwarded. I don't think it was, and I need to know before I ask, because accusing someone of making it look forwarded, I viewed the source code, but I can't tell, it was sent through a microsoft exchange server.I think they copied and pasted and changed dates, is there anyway to tell from the source code?
View 2 Replies View RelatedI had assumed it was quite difficult or at least time consuming for anyone to break into a password protected WPA2-PSK encrypted wireless network. I'm still a novice or a learner when it comes to computer networking, so I realized this could be untrue.
Some days ago, my 9 year old nephew visited my parent's home where I had set up a WPA2-PSK encrypted network with what I know to be a strong password for both the router and the security phrase.
When I arrived back to my parent's home, I found out that my nephew was some how able to use the password encrypted network. There was no way he could have known the network password himself. I don't mind if my nephew uses our network, but it shows there are serious holes in the security of a WPA wireless network if he was able to bypass the password.
My parent's later told me that while I was away, my nephew was unable to connect to the network, and so used his cell phone and called his father (my brother-in-law). In just a short of time, my brother-in-law explained to my nephew how to bypass the password on our wireless network and use the internet. My parent's are not too happy about what happened and did not realize what my nephew and brother-in-law were doing at the time.
No matter what password is used to protect the network and no matter how complicated, my brother-in-law uses some type of technique to bypass them. And as demonstrated by the story above, he even uses his own children to bypass our network security.
I would greatly appreciate if some users could instruct me on how to better secure my parent's WPA-PSK2 network from this criminal to prevent the breaching from happening again. And if he was able to break through, then I'm guessing it really isn't too difficult for others to breach the security of a WPA-PSK2 network either.
We have below queries regarding new version of ACS 5.3.
a) Is it possible to view real time logs for AAA clients and for ACS administrator?
b) Is it possible to track each and every change record for ACS Administrators and sessions in ACS . Ex addition and deletion of commands in command sets. As of now, we are able to see that config has changed by ACS admin but not able to see which commands are changed (Added or Removed)
c) As per user guide of ACS 5.3, we have an option for creating customized reports but unfortunately we are not able to see same option in ACS 5.3 GUI. Need confirmation on the same.
d) Is it possible to do configuration changes for ACS via Command line.
I have a problem with that the ACE20 (A2(3.2)) does send the connections to a backup real server in the serverfarm. I will how to troubleshoot in this case ? This is serverfarm configuration.
serverfarm host fix-http
failaction purge
probe PROBE-TCP-80
rserver fix11
inservice standby
rserver fix12
I recently installed a Cisco ACE 4710 version A4(2.0) into our test network. Load balancing across a number of web servers appears to be working ok and serving pages to users. However, when i tried to check the real time stats via device manager (Monitor> virtual contexts> context > Real servers) a number of fields specifically "current connections", "total conns", "failed conns" etc were showing N/A. Do I need to enable this somehow i.e. polling, if so how?
View 5 Replies View Relatedmy ACE 4710-K9
I cannot reach a web page when accessing my VIP on ACE, here is i paste my configuration
VIP at 10.49.30.223
RS1 at 10.49.30.221
RS2 at 10.49.30.221
[Code].....
I have a d link dir 615 "ipv6 ready". My internet provider give tome a native ipv6 /48. I configure the router with my ipv6 /48 address the internal propagation of the address is good.
On the status ipv6 page all seems OK marked "connected" but I can't have an ipv6real connection and my provider say to me that i am not connected.
Is there a known problem of connection between an public /48 and the internal /64 and if so could it be corrected.
Trying to set up a asa 5505 in transparent firewall mode. I cannot set the management ip address:
ciscoasa> enable
Password:
ciscoasa# config term
[Code].....
I've been getting internet from a SMC8014WN Wireless Cable Modem gateway and I've been having sporadic connection issues ever since. I use Wireless USB Adapters on my own computer to connect to it from across a hallway and into another room and the connectivity is not very consistent. [URL]No matter what adapter I use (I have many) I sometimes get "now connected" messages and when I'm playing games like TF2 my connection either spikes, or drops and comes back (I'll get DC warnings and the game will freeze, and then come back in)
View 2 Replies View RelatedI would like to know how can I block a ip address from the CLI at the Cisco PIX Firewall Version 6.3(4)
View 4 Replies View RelatedTopologies in real time implementation compare and contrast each other?
View 3 Replies View RelatedI am about a level 4 maybe (10 being highest) when it comes to network configuration.I know what a router is, an IP addreess (external ones from ISP that is) and how to get around a little bit like how to access wireless config , edit properties on network connections and run ipconfig..My setup....I have a cable modem with 18mbs line...hooked into a Linksys E1000 wireless (N) router.From that I have 3 laptops setup (and a desktop thats never used).(none of whats next may be important but added it just in case)
Laptop a. is hardlined into wireless router (so I can edit config) and will be main machine it runs Vista
Laptop b. is connected to wirless connection from router and will main #2
Laptop c. is connected to wireless router
Desktop is connected to wireless router
(all others above run XP as OS)
My wife is running some webcam software that uses our internal IP address for its connection.It is no problem for her to connect her cam to the site with one laptop (any of the above) but when she tries to go to laptop b. and run another connection it says "You are currently broadcasting From This IP and cannot start another connection".
p.s. We have also tested bandwidth connection over and over on many sites (via browser) and it seems that when a cam is setup and the bandwidth is displayed what comes from / to the cam is WAYY slower than what we get in our tests...