Cisco Firewall :: ASA 8.4 / NAT Some Subnets To One IP And Other Subnets To Another IP?

Aug 15, 2012

I need to NAT some subnets to one IP and other subnets to another IP. The range command want work because some of the subnets are out of order.For example  subnets 192.168.1.0 - 192.168.7.0 and 192.168.25.0, 192.168.28.0 nat'd to 1.1.1.1.  subnet 192.168.26.0-192.168.27.0 nat'd to 1.1.1.2

View 2 Replies


ADVERTISEMENT

Cisco Firewall :: Multiple Subnets On ASA 5510?

Mar 26, 2013

I have an ASA5510 that is connected to outside for WAN, inside for LAN (10.22.254.0/24), and a iSCSI switch plugged into Ethernet 0/3 (10.22.244.0/24). I can ping the Eth0/3 interface (10.22.244.1) but I can't ping across that interface from WAN or LAN side.
 
START CONFIGURATION
ASA Version 9.1(1)
!
hostname ASA5510

[Code].....

View 7 Replies View Related

Cisco Firewall :: 8.4 / NAT Multiple Inside Subnets?

Jun 23, 2011

NAT command on 8.4? I am trying to PAT multipule Inside subnets to an IP address. With the example I found I can only PAT one subnet. If I do it the way I have below, it will end up with the last subnet (3.3.3.0) stay in the config. What is the best way of doing it? I have about 20 inside subnets I need to PAT.
 
object network obj-Inside-sub1
subnet 1.1.1.0 255.255.255.0subnet 2.2.2.0 255.255.0.0subnet 3.3.3.0 255.255.0.0nat (inside,outside) dynamic 199.246.5.2

View 5 Replies View Related

Cisco Firewall :: ASA 5510 Two Public IP Subnets?

Aug 31, 2011

i just got an extra public subnet from our ISP (co hosting center) But I can't figure out how to use them on my ASA.
 
New:

IP-adresses: 87.1.1.194 - 87.1.1.254
Default gateway: 87.1.1.193
Subnetmask: 255.255.255.192
 
Old:

IP-adresses: 200.1.1.34 - 200.1.1.46
Default gateway: 200.1.1.33
Subnetmask: 255.255.255.240
 
Config:

route wan 0.0.0.0 0.0.0.0 200.1.1.33 1
 
And statics like:

static (interface,wan) tcp 200.1.1.37 3389 192.168.3.100 3389 netmask 255.255.255.255

View 22 Replies View Related

Cisco Firewall :: 5520 Change Of Subnets

May 19, 2013

i have a asa 5520 that is working with three zones DMZ, inside and outside.
 
my DMZ is for all my branches and it had a /24 subnet my inside had a /24 subnet and all was fine i could talk to branches and they could talk to me. i also had all the branchess accessing internet via the ASA which is at HO. i changed the subnets from /24 to /21 and broke everything
 
below is the configs for the asa
!
interface GigabitEthernet0/0
nameif outside

[Code].....

View 4 Replies View Related

Cisco Firewall :: S2S VPN Between ASA 5520 And 5505 With 2 Subnets On Different VLAN

May 26, 2013

Site A:
ASA5520
VLAN data               subnet 172.16.10.x/24
VLAN Voice             subnet 10.0.0.x/24
 
Site B:
ASA5505 Base license
VLAN data               subnet 192.168.10.x/24
VLAN Voice (restr)    subnet 10.0.1.0/24
 
The callmanager is located on site A and needs to sent out DHCP-offers to site B through the VPN so the IP-phones can register to the callmanager. I got the VPN up and running for the data-subnet but i can't get traffic through the voice-subnet/VLAN.
 
Can the ASA's do the job or do I need to route traffic before the ASA's on both sides and sent it through the tunnel, configured both subnets as interesting traffic? Ofcourse the last situation I need to upgrade the license for the 5505 to gain more VLAN's.

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Two External Subnets On The Same Interface

Oct 21, 2012

I have two ASA 5510 in an active-standby cluster, not that I think that the fact that they are clustered will be of any importance here so feel free to think of it as a single 5510. The internet connection is delivered in a single RJ45 connection. To be able to use it with the cluster there is a simple unmanaged switch connected between the ISP and the ASA's. I have two subnets with public addresses, for simplicity lets call them 1.1.1.0/24 and 2.2.2.0/24. Default routers are 1.1.1.1 and 2.2.2.1 respectively.
 
Can I somehow use both these subnets in the ASA's? Im currently using the first subnet and use PAT to direct traffic to internal servers. But if I want to use adresses from the second subnet wont that mess up the routing, since there is no way I can specify the default router for the second subnet? I have as of yet not tried anything, Im just trying to plan ahead and I cant seem to wrap my head around how this could possibly be done.

View 5 Replies View Related

Cisco Firewall :: Routing To Internal Subnets From ASA 5510

May 17, 2012

Having trouble with a couple items.  First of all, should I be able to ping the inside interface of the ASA from all internal subnets assuming all of these subnets/vlans are directly connected to the same L3 switch?  I can ping the ASA inside interface from our L3 switch, but I cannot ping the inside interface from a host on a different internal subnet.  I have setup static routing on the ASA [

route inside 10.10.96.0 255.255.248.0 10.30.1.1 1]and verified that I can ping the host [10.10.96.212] from the ASA inside interface [10.30.1.5].  The inside interface is on the 10.30.1.x/24 subnet.  My host is on the 10.10.96.x/21 subnet.  From the ASA I can ping 10.10.96.212, but I cannot ping 10.30.1.5 from 10.10.96.212.  I can however ping 10.30.1.1 from 10.10.96.212.
 
This leads to my next issue, which is trying to setup the ASA to work concurrently with our current firewall.  I'm doing this in order to transition to the ASA.  I'd much prefer to cutover inbound NAT a little at a time vs. doing it all at once.  Our current firewall is setup at 10.30.1.2 and this is the default route on our L3 switch (0.0.0.0 0.0.0.0 10.30.1.2).  So my question is, if I setup an inbound NAT to one of our web servers on the 10.10.96.x subnet, will I be able to get it to route back to the ASA as opposed to ending up in asymmetric routing **** since the default route points back to our other firewall? 

View 2 Replies View Related

Cisco Firewall :: PIX 515E - Multiple External Subnets

May 23, 2011

I have an existing pair of PIX 515E that has two interfaces. One connected to the public internet via my ISP and one internal.  
I recently ran out of IP's and had the ISP route an additional block to public IP of my firewall. This isn't working for some reason and I'm trying to figure out why.
 
The "ip address outside XXX" command defines the outside address and I don't see any way to add a secondary sub net.
 
I tried just adding a rule to the firewall for one of the IP's in the new subnet, but I can't seem to get traffic to pass though the device.

View 1 Replies View Related

Cisco Firewall :: Netgear FVX538 - Multiple Subnets On SA520

Jan 5, 2012

I am new to Cisco products. We have currently got a Netgear FVX538 running in front of a few servers. We currently have 2 ranges of IP addresses provided to us on 2 separate subnets. We configured the netgear box with the first IP addresses of each subnet as the IP address of each of the primary and secondary LANs. This then allowed us to set the gateway addresses of servers on the network to either of those 2 addresses, depending on it's range.
 
This all worked fine - except for the fact that the Netgear box is incredibly flakey, so we decided to get a Cisco box.
 
We have gone for the SA520, which I have been trying to configure this afternoon. Unfortunately I am now having concerns as to whether it is possible to configure 2 separate subnets internally on this box in the same way we have done with the netgear box. ie - classical routing, one incoming WAN interface with multiple subnets?

View 5 Replies View Related

Cisco Firewall :: ASA 5585 -Advertising Public Subnets Used By NAT Using OSPF

May 27, 2013

ASA 5585-x10, ver 9.1. I have about 10 public sub nets that will be used for NAT translation on the outside interface.  These sub nets are different from the sub net the outside interface. Is there a way to advertise these routes using OSPF from the ASA? 
 
I tried to redistribute a static route, but can't make the destination router an interface that is on the ASA. I  don't own or control the upstream router.

View 1 Replies View Related

Cisco Firewall :: 5585 - Two Different Subnets Assigned To Single Bridge Group

Apr 9, 2013

We are deploying two Cisco 5585 in transparent mode and multiple contexts. they are running Active-Active fail over.
 
There are a lot of V LANs need to be added in the contexts, we are trying to use least contexts to fulfill.
 
ASA supports 8 bridge groups for each contexts, and maximum 4 interfaces for each bridge group.
 
We have assigned four interfaces in different V LANs , set two of them as a pair with one IP sub net and the other two interfaces are in another IP sub net.
 
For example :
 
Bridge group 1:
 
inside1  and  outside1    ------->   192.168.1.0/24
inside2  and  outside2    ------->   192.168.2.0/24
 
However, we can only make one sub net(V LAN pairs ) work when the BVI is set to that IP sub net. If the BVI set to  192.168.1.0/24, the inside1 and outside1, the other pair not work. If the BVI set 192.168.2.0/24, then only inside2 and outside2 work. 
 
Since the BVI can only be assigned to either of the sub net, Is it possible to make both vlan pairs work ? Or we only can have one sub net in one bridge group ?

View 1 Replies View Related

Cisco Firewall :: 3560 - ASA Limit Bandwidth Per Subnet For Multiple Subnets

Sep 16, 2012

I have an ASA which is managing internet access from mutiple VLANs configured on a 3560 switch. I want to be able to limit the 100MB internet connection on the ASA on a per subnet (VLAN) basis for the multiple subnets configured on the switch..
 
so for example
 
VLAN10 - 10.0.10.0 - limit to 5MB
VLAN20 - 10.0.20.0 - limit to 10MB
VLAN30 - 10.0.30.0 - limit to 3MB

View 7 Replies View Related

Cisco Firewall :: ASA 5505 - VPN NAT Overlap Subnets Remote Interface Does Not Reply

Jul 10, 2012

Not really a big problem, but not knowing the answer is killing me.  This is what I have:
 
Host 1 <-> ASA 5505 <-> VPN connection<-> ASA5510 <-> Host 2
 
The problem is when one of the hosts trys to reach the inside interface of the remote ASA.  E.g. Host 1 trying to ping ASA5510 inside interface.  Again Host 1 and 2 have the same subnet address of 10.1.1.0/24.  I have configured the ASA 5505 to do the the NAT translations. 
 
[code]...

View 3 Replies View Related

Cisco Firewall :: ASA 5520 - Allowing Guest Wireless Network Access To Internal Subnets

Jan 23, 2012

We have a Cisco wireless infrastructure in place that includes a guest network with its own subnet that is a sub interface of the inside interface on our ASA 5520.  There are no routes for it to be allowed access to the internal subnets.  So it can only access the internet.  This is primarily used by the public, but we have several non employee personnel that we only want to give internet access and force them to access the internal network through our clientless SSL vpn portal or through other internet facing internal resources such as webmail.I have done packet traces from within the ASA and the break appears to be there is no ACL allowing the traffic back into the network once the web resource replies to the request and the traffic is attempting to come back into the network from the web resource.  Is that as clear as mud?
 
I know that this has to be a common problem and a way around this is to allow the guest wireless network access to the internal network but only for the select resources that they require.  And that this can be done seemlessly by network specific routes and or alternate DNS entries, but I would like to keep this simple and just allow them to access the web resource, webmail and VPN, from the guest wireless using internet DNS servers without route trickery.

View 8 Replies View Related

Connection Between Two Subnets

Apr 12, 2012

I have a home network. There are a total of 3 PCs. Each runs Server 2008 32 bit. One PC - Lets say Server A has 2 NICs with Ip addresses, 10.0.0.10/30, 10.0.0.2/30. Other two computers Server B and Server C have single NIC with addresses 10.0.0.1/30 and 10.0.0.9/30 resp. So as you can see that there are two subnets 10.0.0.2 - 1 and 10.0.0.9 - 10. I can ping B and C from A. I want that B and C can also ping each other and if I run tracert on B or C, it should give me the route to the destination via A. All this without any other hardware. Like using route add... etc eg. if I write tracert 10.0.0.9 on B, it should return a route like 10.0.0.1-----10.0.0.10------10.0.0.9.

View 3 Replies View Related

Two Subnets Across Same Link

Aug 24, 2012

I have two subnets, that need to share a common link, and each with its gateway at the opposite end. What kind of switch do I need for the two red boxes?

View 7 Replies View Related

Same MAC Addresses In Different Subnets?

Nov 20, 2012

I have an exercise with picture you find below. The question is: Will the network shown in the diagram work correctly when you consider that the MAC-addresses PC0 and PC8 are the same, and why?

View 1 Replies View Related

How To Connect Two Subnets

Mar 26, 2013

I have 2 DSL Lines going into a load balancing router. The load balancer is set up to distribute the traffic equally on the two lines, hence doubling the bandwidth. Though great at load balancing, it cannot handle DHCP for the 50+ users on our network, and therefore we are using another router for DHCP, which is running DD-WRT firmware.DSL 1 - 10.1.0.1DSL 2 - 10.2.0.1Load Balancer - external 10.1.0.2, 10.2.0.2 internal 192.168.10.1. DHCP Router - external 192.168.10.2, internal 192.168.1.1All other devices - 192.168.1.xThe load balancer has many options to direct traffic to one WAN port or the other based on IP address, which we would like to implement. But right now, since all my devices are on the 192.168.1.x subnet, it can't see anything but the DHCP router. So essentially it thinks it has only one client.

View 1 Replies View Related

Split Network Into 3 Subnets?

Oct 9, 2012

I need to split a network: 10.0.4.0/24 into 3 subnets with the following hosts per subnet:

Subnet 1: 80 hosts
Subnet 2: 10 hosts
Subnet 3: 120 hosts

split into 3 subnets?

Im thinking something like this:

Subnet 1
Network 10.0.4.0
Subnet Mask 255.255.255.128

[Code].....

View 1 Replies View Related

How To Find Out Range Of Subnets For Given IP

Jul 7, 2011

if some gave me an IP address and subnet mask, and they told me to identify the range of valid subnets I have no clue how to do it. I know how to work out the total number of subnets and hosts, you just look at how many subnet bits have been borrowed and use the 2^ formula. For example with the IP 172.28.123.0/25 I know the default mask for a classs B address is 255.255.0.0/16 so in this example we have borrowed 9 subnet bits to give mask of 255.255.255.128/25 and 7 host bits remain. In order to find the total number of subnets you do, 2 to the power of 9 because we borrowed 9 bits, which tells us that there's 512 subnets and to find out how many hosts we do, 2 to the power of 7 because we have 7 host bits, so that gives us 128 hosts in each subnet. Now this is where I get lost, how do I find out the number of the first and last subnet? I know there's 512 subnets and each subnet has 128 hosts. But I don't know the number of each subnet, the range to be more precise. How do I workout the first, second, third, fourth etc subnet address

View 3 Replies View Related

Connecting Two Subnets At Layer 2

Jul 2, 2012

I have :

- two different subnets (S1, S2)

- these subnets are connected to an IP backbone via wirelles acces points

I would like to physically connect these subnets together so the networks devices in S1 could directly communicate with the devices in S2 and vice versa without going through the backbone.

The obvious solution seems to interconnect these subnets with a router or a switch L3. But I would like to connect these subnets and stay at layer 2.

So, is it possible to connect S1 and S2 with a switch L2 ? If I do that, what is going to happen? Can I create just one subnet S3 from this two subnets when I connect them together and have my two separate subnets back as soon as I disconnect them?

View 1 Replies View Related

Folder Sharing Between 2 Subnets?

May 11, 2012

our office has 2 branches recently the static ip of the branch was changed to a different subnet. earlier it used to be

111.170.150.140 subnet mask (255.255.255.128) main branch router (1) ip which forwards all request to server (dmz) - unchanged

111.170.150.141 subnet mask 255.255.255.128 sub branch (2) router ip changed to 111.170.150.61 subnet mask 255.255.255.224

after this change i am not able to access shared folders on the dmz server (1) (111.170.150.140). i am able to ping the ip and also able to open remote desktop connections from sub branch (2).i suspect that it is because of subnet change as i was earlier able to access shared folders?How can we access the shared folders across the subnet? what settings to change?

View 7 Replies View Related

Making 4 Subnets For VLANs?

Dec 4, 2012

You have to make 4 subnets for 4 VLANs, the router interface assigned to each VLAN is the LAST usable host on the subnet.so unless I'm really bad at networking the graph should be:

NET ID // HOSTS // BROADCAST ADDRESS // VLAN

192.168.0.0 // 192.168.0.1 - 192.168.0.62 // 192.168.0.63 // VLAN1
192.168.0.64 // 192.168.0.65 - 192.168.0.126 // 192.168.0.127 // VLAN2
192.168.0.128 // 192.168.0.129 - 192.168.0.190 // 192.168.0.191 // VLAN3
192.168.0.192 // 192.168.0.193 - 192.168.0.254 // 192.168.0.255 // VLAN4

So if I'd have to write down a single host configuration for VLAN2..I think it should be:

IP: 192.168.0.65
subnet mask: 255.255.255.192
default gateway: 192.168.0.126

Is this correct? I'm not sure whether the default gateway should be 192.168.0.255 (as would with normal subnets) or as I wrote down 192.168.0.126, this is the first time i've ever gotten assignments including VLANs and I havn't really gotten a solid explanation.

View 1 Replies View Related

Cisco :: Designing A Network Using Subnets?

May 5, 2011

I recently added a post lately referring to drawing a topology of a large network with a high number of hosts. Now with project itself, I'm designing a network for a large organisation with a different number of hosts at each location.These are, 500,18,52,236 and 12. The location with 500 hosts is the head office, to which every other branch has a wide area network connection through a serial link.How many subnets would I require? I wrote down subnet details, but only for 5 subnets, a subnet for each location. Is that all I need? Or do the WAN connections count as subnets

View 9 Replies View Related

Cisco :: Communication Between Subnets On 5510

Sep 13, 2011

I am working on a Cisco 5510 with multiple interfaces and requirements. I have experience with Cisco IOS, but not too much with the ASAs. I seem to be getting a bit confused on the NATing and ACLs on a firewall that was started by another employee, who is no longer here. With my current config I can get the firewall in place (we are currently using an older PIX) and most basic functions work except for two key things: 1) communication from the finance interface to the inside interface. The finance subnet has some restrictions that you will see in the ACL- we are trying to limit connections to the those systems, but they need to be able access an e-mail server on the inside. 2) communication from the DMZ interface to the inside interface. Maybe related to the first problem?

View 2 Replies View Related

Cisco :: Multiple Public Subnets On Asa

Mar 2, 2012

I've currently got my ASA (5505) serving a /28 public subnet. I've ran out of IPs, so my DC has issued me an additional /24 subnet that they have routed to my ASA. What needs to be done on my ASA so be able to use these new addresses? I've been trying to search and not been able to find a good answer (some say I shouldn't have to do anything, everything else references NATing, which I currently don't do and would rather not do).The servers I assign these to, I'd like them to have the public ip assigned directly to them.

View 5 Replies View Related

Cisco :: VPN Can't Access Subnets Behind 2nd Router

Mar 11, 2012

I purchased an ASA 5505 and placed it between my Cable Modem and Cisco 3745 router. The outside interface on the ASA is dhcp, the inside interface is 192.168.100.1. The outside interface of the 3745 is 192.168.100.2 and the inside is 192.168.1.1. The VPN pool is 192.168.200.10 - 192.168.200.10.

1. When I establish a VPN session to the ASA, I can ping and access any resources dierectly connected to the ASA's interfaces and on the ASA's internal 192.168.100.0 network. However, I cannot access any resources behind the 3745. I cannot even ping 192.168.1.1. Even directly connected hosts on the ASA cannot access Hosts in the 192.168.1.x subnet. There appears to be no traffic between 192.168.100.0 and 192.168.1.0.

2. Although I believe that I sent up split-tunnel, I cannot U-Turn back to the internet once connected to the VPN.

Here is my network topology as well as my ASA config and Router config.....

ASA ......
ASA Version 8.2(5)
!
hostname poog-fw1
domain-name poog

[code]....

View 7 Replies View Related

Cisco :: Connecting 3 Subnets On 1 Switch?

Mar 31, 2012

I have 1 Cisco switch 24 ports and 12 computers. The 12 computers are divided in three groups and every group is a different network segment.

question 1: I need that every group has communication with its own set of computers but no communication with the computers on the other segments.If I connect the computers to any port on the switch, can they communicate within its own groups? Can the switch pass the network traffic for all of them?

question 2; What I need to do on the switch to have them to reach the internet?

View 9 Replies View Related

Cisco LAN :: Connecting 2 Subnets Using 2921?

Feb 12, 2013

I have a cisco 2921. I have 2 networks that has its own router
 
192.168.1.0 network is connected to watchguard firewall 192.168.9.0 network is connected to the cisco 2921 router.
 
I want to connect the 2 subnet using one of the interface of the cisco router. How I can get this work? It is not connected via vpn tunnel but we want to have LAN speed when accessing resources on both network. Each network is connected to a dell switch.

View 22 Replies View Related

Cisco :: 5508 Will Not Discover AP's On Other Subnets

Nov 8, 2011

I have a 5508 controller that has 14 APs connected to it. I installed them without an issue. The 2 new APs are on a different subnet. I can ping them from the 5508 controller ping command, but they do not self discover from the web interface. The 2 new APs are at a differnet physical location.

View 21 Replies View Related

Cisco VPN :: ASA 5520 Not Processing RRI Subnets

Jun 18, 2012

I am coming to this forum because TAC and several CCIEs are having trouble finding me a solution to my problem.
I have Two 5520s each running 841 connected in two different data centers with two different internet providers. I have 100+ 5505s that have the capability to connect to either 5520 via EZVPN to either 5520. Up to now there has not been a need for a 5505 connected to one 5520 to talk to another 5505 on the other 5520. Each 5505 accesses network resources as in any enterprise network. Our company recently started telecommuting and I have been giving 5505s and a VOIP phone out to people. What was discovered is, if you are on one 5505 connected to a 5520 and the other 5505 is connected to the other 5520 the audio in voip does not work. If both the 5505s are connected to the same 5520 than everything works fine. Conversely a 5505 on one 5520 cannot ping a 5505 on the other 5520. 5505s on the same 5520 can ping each other no problem.
 
My problem: All 5505's are configured for a 172.18.xxx.xxx  255.255.255.224 subnet. This subnet is not used anywhere else. So I have a 100 Class "C" subnets carved up into 255.255.255.224 networks. If I look at a specific route for a subnet on one 5520 I see it pointed to the outside interface via RRI. I can look for the route in the 5520s connected CORE switch and I see the route pointed to the 5520. We have a fiber connection to the CORE in the other data center. The route is in this CORE switch as well. When I look for the route in the 5520 connected to this core it is not there. I have all other routes visible but not this particular route which should show on the inside interface. All I show on the 5520 are the 5505s connected to this ASA. So the 5520 is not processing the RRI subnets from the other 5520 and vise versa. Thats why a 5505 on one 5520 cannot ping a 5505 on the other 5520. I only see 172.18.0.0/27 on the outside interface of both 5520s. I do not see any 172.18.0.0/27  on the inside interface on either.
 
I have had numerous TAC cases open on this and no one seems to either understand my problem or have a solution for me. My local sales rep CCIE says the problem looks like a bug in 841 (which I am running) and that the ASA is not processing RRI from eigrp which I am running as well. The whole network is running the same instance of EIGRP including the 5520's.
 
My questions:
1) Is it possible the 5520 is not allowing 172.18.0.0/27  on both the outside and inside interface? Even though all subnets are masked proper the ASA maybe thinks it is being spoofed? I have not been able to confirm this using the real time log.
2) Could this really be a bug? I have looked at all the release notes and have not found anything resembling my problem. TAC has not recommended that I upgrade or downgrade my IOS.

View 6 Replies View Related

Cisco Switches :: SF-300 24 - 2 Subnets And Uplinks

Oct 6, 2011

I have 2 sub nets and 2 up links
port g1 = 211.122.10.x
port g2 = 210.211.10.x
 
Can use 1 switch (sf-300 24)
assign port 1-12   up/down to g1
assign port 13-24  up/down to g2

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved