Cisco Firewall :: ASA Version 7.22 Email Logging Source Interface?
Jan 10, 2012
I've got email logging for a few specific syslog messages working and sending to an email server on the inside network. However, the source IP ends up being the DMZ interface. Is there a way to force it to use the inside IP instead?
ASA Code Version 7.22
Inside Interface IP: 10.104.36.4 Mask:255.255.255.0
DMZ IP: 10.100.20.1 Mask:255.255.255.0
SMTP Server IP: 10.100.10.100
Logging commands in config:
logging enable
logging list email-alerts message 106100
logging mail email-alerts
logging from-address ASA@xyz.com
logging recipient-address tgw@xyz.com level debugging
View 3 Replies
ADVERTISEMENT
Feb 29, 2012
I use ASA 5510 and I would like to log VPN traffic ( for example, as soon as a remote user try to connect to the asa). I would like this log be send to a specific mail address. I already configure Email Logging for severity ( level 3) and it works well.
How I can add the VPN traffic Log ?
View 4 Replies
View Related
May 10, 2012
customer has a server which located in inside interace. and an outside interface connected to ISPA. cu config a static nat map inside server address to ISPA address, one day customer install a new outside interface to ISPB, cu config new static nat ,map same server inside server address to ISPB address. the server will allways be vistited from outside interface and reply, custome want traffic coming from ISPA will return to ISPA, traffic coming from ISPB will return to ISPB. but i found it is difficult implement this on ASA5580. i want use route-map on static nat, but it will not satisfy customer's request.
View 3 Replies
View Related
Jul 13, 2011
i have a problem customer has a server which located in inside interace. and an outside interface connected to ISPA. cu config a static nat map inside server address to ISPA address one day customer install a new outside interface to ISPB, cu config new static nat ,map same server inside server address to ISPB address. the server will allways be vistited from outside interface and reply, custome want traffic coming from ISPA will return to ISPA, traffic coming from ISPB will return to ISPB. but i found it is difficult implement this on ASA5580. i want use route-map on static nat, but it will not satisfy customer's request.
View 6 Replies
View Related
Mar 21, 2013
I've configured the ACE4710 to bring the logging to a syslog server! Here's the configuration
[...]
logging enable
logging fastpath
[Code]....
I saw to log with connection on the syslog server but It would be interesting to know the "source ip address" and my question is : It may be possible to configure for the logging a kind of "transparent pass through"?
View 2 Replies
View Related
Nov 16, 2011
I'm encountering what I think is an issue on logging system on FW ASA 5520 - Asa Version 8.4(2), ASDM version 6.4(5). When I disabled the logging inside a rule from ASDM, or from console with the "log disable" option inside ACL, If I check in ASDM logging real time window I continue to see all the entry related to disabled rules. This is a correct behaviour about ASA logging ? How I can "hide" the entry related to disabled rules (this is what I need for troubleshooting purposes) ?
View 1 Replies
View Related
Aug 8, 2012
I have a question about NAT behavior on FWSM 4.0. The problem is email server (Company A) cannot connect to email gateway (Company B) on the outside network and it randomly happen. I got this error from server guy "Detail: xlate has blocked the connection between A’s mail gateway and B’s mail gateway". It work fine again after clear xlate on firewall. [code]
1. How FWSM create xlate table like that? I mean it look like NAT0 for 158.137.21.26 but it doesn't has any nat rule for 158.137.21.26 on firewall.
2. What does it mean "connections 24" at the first of line? In the normal time, I only see the connections is 0 like the second line of xlate
3. After clear xlate global 158.137.21.26, the first line of xlate table is gone then email server can connect each other. Does is a bug on FWSM? or This is a normal NAT behavior of FWSM.
View 1 Replies
View Related
Aug 27, 2012
I have setup an Identity Firewall on a ASA version 5.6 on a DMZ interface.I have installed the ADAgent on a domain member Win2008 and configured as follows: [code]
where ashdew is a domain user and ACL 122(only one line) is applied on the dmz interface and NAT is properly configured.The ADagent has been properly tested and ASA can register to it.The ASA can connect to AD DC controller and query user database.I have placed a laptop ip 172.17.h.x on the DMZ and can ping the DMZ interface.
The laptop cannot authenticate on the domain and the asa does not seem to retrieve the user identity.Do I need to add extra rules in the access-list 122 to permit trafic to DC?Can I check on the AD Agent if it can retrieve the user to ip mapping ?
View 6 Replies
View Related
Jun 6, 2011
I am looking for a config, as per the attached diagram, if the traffic comes from FE01 it should go via FE03 for the internet and when the traffic comes from FE02 it should go via FE04 for the internet.
View 1 Replies
View Related
Oct 31, 2012
i have a stack of 3750x, with minimal configuration. there are two vlans, and two vlan interfaces with IP addresses. when i ping out from this switch to another host, it picks vlan1's ip address as the source automatically. i tested this by doing two pings with extended options using each vlan's interface as the source, and got different results. how the switch decided to use the first vlan's ip address as a source.
View 11 Replies
View Related
Aug 20, 2012
I have configured the ip telnet source-interface Loopback 0 command on a Nexus7010, but when I telnet to another device and do a show users, the ip address is of the closest interface to the device I telnet to, not the ip address of the Loopback. All interfaces are in vrf default. I am running 5.1(6) NXOS.
View 6 Replies
View Related
Jan 21, 2013
Platform:
cisco6509-E with FWSM
Supervisor Engine 32 PISA 8GE
sup-bootdisk:s32p3-adventerprisek9_wan-mz.122-18.ZY2.bin
command:
(config)#ip nat inside source static tcp 10.10.8.147 14029 interface g7/8 14029
(config)#no ip nat inside source static tcp 10.10.8.147 14029 interface g7/8 14029
#clear ip nat tran *
(config)#ip nat inside source static tcp 10.10.8.147 14029 interface g7/8 14029
%Port 14029 is being used by system
Or %Static entry in use, cannot change
But when I perform "sh ip nat tran" command,There is nothing
View 1 Replies
View Related
Apr 3, 2012
provide me with the important links which can show me how to do the software upgrade for my ASA 5520 ver 7.0(1) to ver 8.4 ? as well as the ASDM
View 10 Replies
View Related
May 10, 2011
i am using Cisco ASA 5510 with ASA Version 8.0(4) and memory 256MB. me to Upgrade it to 8.3
View 6 Replies
View Related
Jun 22, 2011
I have a ASA 5510 firewall with CSC module and Security Plus license for CSC module.Will you tell me how to configure my firewall to send emails to particular mail ID when someone login into the firewall or any virus attacks from outside.
View 6 Replies
View Related
Apr 16, 2012
I have a internal subnet 192.168.3.0/24 sitting behind an ASA firewal 8.2 and would behind accessing to web server 192.168.11.54 which sits behind the outside interface of the ASA firewall.The access would be like this:
1) 192.168.3.0/24 will be accesing to the web server http://192.168.11.54
2) We would like to translate the source 192.168.3.0/24 to the firewall outside IP address
3) We would like to translate the destination web server 192.168.11.54 to 202.90.197.146 as well
How to perform this simultaneous source and destnation address translation in ASA firewall 8.2? Could this be done in ASA firewall 8.2?
View 1 Replies
View Related
Oct 29, 2012
Does ASA 8.4.3 check the source IP address of a DNS reply and drop it if the reply address is different to that in the query?
Customers DNS server does this due to a recent change, their server now has a virtual address, but replies are sent from its physcial address. This is temporary. Their PIX is happy with this.
Replace the PIX with the ASA, DNS fails, the only reason I can see is due to the way their internal DNS operates.
View 1 Replies
View Related
Feb 22, 2013
I have been tasked with building a vpn tunnel with a partner company between our company's PIX firewall and the other company's ASA's firewall. The traffic flow will be Partner A company users will be accessing my company's Citrix server. I want to source-pat the partner company user traffic to my company's PIX inside interface as it enters my LAN to access my company's Citrix server. The partner company will be PAT'ing their user traffic to a single ip address - let's say for discussion purpose it is 68.108.244.25. So there will be site-to-site vpn configuration and nat configuration required to be performed to enable this traffic flow according to the above requirements. I am comfortable with the site-to-site vpn configuration tunnel so I don't think it is necessary to post this portion of the configuration to be reviewed by this form. What I do need is NAT portion of the configuration.
{My Company's Citrix Server} ---------<inside ifc>-[PIX525]-<outside ifc>--------(internet)------{Partner Company A host PC's}
10.100.12.103 68.108.244.25
My proposed configuration to enable nat'ing (or pat'ing) Partner A user traffic to my PIX firewall's inside interface is the following:
global (inside) 9 interface
nat (outside) 9 access-list PartnerA_source_nat
access-list extended PartnerA_source_nat permit host 68.108.244.25 host 10.100.12.103
View 3 Replies
View Related
Dec 5, 2012
I have a server in a DMZ of my 8.4 ASA with nat:
object network FTP-SERVER
host 192.168.1.102
nat (dmz,outside) static interface tcp ftp ftp
And that's working well. However, I now need to translate the source address of connections from the outside to the FTP server as well. The aim is that the source address of packets when they reach the FTP server is an address on the DMZ subnet (as the default route for the FTP server now needs to be something else, not the ASA) as well as this outside-dmz NAT. I thought overloading the DMZ interface of the ASA? Or another IP in that range?
View 2 Replies
View Related
Jul 1, 2012
I am running a Cisco ASA 5550 in active/standby mode. We are currently running ASA OS v8.2(3)5. I am wondering if there is a way I could limit source IP concurrent connections coming in my outside interface. Does the ASA have a feature/ACL syntax that supports this?
View 2 Replies
View Related
May 25, 2011
The Cisco ASDM or the event manager show wrong source/destination for teardown tcp messages:In this example the communication is an ssh session;from 1.1.1.1 -> 2.2.2.2 ssh and the connection is reseted by 2.2.2.2
The message build outbound is correct, i.e. source is 1.1.1.1 (message id is 302013)
But the teardown is incorrect, i.e. source for the connection is 2.2.2.2 which is definitely not true (message id is 302014)
Also there seems to be a documentation bug in syslog messages for ASA 8.4 since the message for the teardown 302014 is gone!
View 3 Replies
View Related
Mar 21, 2011
I'm using a 2911 as our Public Internet Edge Router. I have 2 public sub net blocks from Sprint, we are in the process of migrating. What i need to do is NAT any source address from the Internet from an address on one of our public blocks to the other.
Example:
Source Address 11.10.10.10 ==> Destination 64.165.123.10 (nat this to 64.165.54.10) inbound.
So if from the internet tries to hit 64.165.123.10 we want to nat that to 64.165.54.10 both of which sit on our public space.
View 1 Replies
View Related
Jul 4, 2012
I have a problem with random host's geting the wrong source address on a ASA 5512-X 8.6(1). Right now there is a host, 192.168.25.108, showing up with 6.6.6.6 (fake) on whatsmyip.org, should be 5.5.5.5 like the rest of 192.168.25.0/24. In the xlate tabel I cant find anything wrong. Same yesterday with two host, that are using the right NAT address today.
nat (any,outside) dynamic interface. (5.5.5.5)
object network H-192.168.25.10
nat (inside,outside) static H-6.6.6.6X(code)
View 1 Replies
View Related
Feb 26, 2012
I'm on the ASDM of a 5510 and the logging with in the ASDM is currently set just right, but when I go into the console via SSH and use "term mon" I don't get this logging showing up. [code] As you can see I have set the ASDM and console to the same level. Currently in the ASDM I can see a user getting denied access to a device, but in the console view I dont get that, which I woudl like.
View 2 Replies
View Related
Dec 4, 2012
I can't seem to satisfy with the RV180W. I've set a firewall block rule for certain traffice lan>wan, and I'd like to view the log.
Administratration | Firewall | Firewall Logs, I can select any or all items. Where do I view the log?
I can go to Logging | Logging Policies and select everything for the 'default' policy.
No matter what, I go to Status | View Logs, and select whatever severity level I want but get little to nothing, and definitely no firewall logging.
View 9 Replies
View Related
Apr 26, 2011
One of our client has a Cisco IOS router 2851 with Zone Based Firewalls, enabled.
We tried to configure the router to receive the logs and we receive it in the following format:
<189>45: *Apr 11 11:22:14.757: %SYS-5-CONFIG_I: Configured from console by vty0 (10.151.xxx.xxx)<190>46: *Apr 11 11:23:13.109: %FW-6-DROP_PKT: Dropping tcp session 10.151.xxx.xxx:1908 212.58.xxx.xxx:80 due to RST inside current window with ip ident 0<189>47: *Apr 11 11:38:02: %SYS-5-CONFIG_I: Configured from console by vty0 (10.151.xxx.xxx)<190>48: *Apr 11 11:40:57: %FW-6-DROP_PKT: Dropping tcp session 10.151.xxx.xxx:2062 74.115.xxx.xxx:80 on zone-pair Outbound class CMAP_Inspect_Out due to Stray Segment with ip ident 0
However, we support the following format:
<190>3711348: 3711346: Jul 23 15:29:xxx.xxx IST: %FW-6-SESS_AUDIT_TRAIL_START: Start https session: initiator (172.16.14.71:2721) -- responder (132.183.xxx.xxx:443)<190>3711349: 3711347: Jul 23 15:29:59.465 IST: %FW-6-DROP_PKT: Dropping Other session 65.209.xxx.xxx:2721 132.183.106.17:443 due to RST inside current window with ip ident 49293 tcpflags 0x5014 seq.no 1653005683 ack 1796295020<190>3711350: 3711348: Jul 23 15:30:04.377 IST: %FW-6-SESS_AUDIT_TRAIL: Stop https session: initiator (172.16.xxx.xxx:2721) sent 807 bytes -- responder (132.183.xxx.xxx:443) sent 2062 bytes
What are the exact steps required to recieve the above format? If the logging needs to be enabled on Access Lists, need exact commands, from the console config mode?
View 1 Replies
View Related
Apr 22, 2013
Is it possible to NAT source & destination addresses (twice nat) on an ASA5520 running 7.2(5)?
View 4 Replies
View Related
Jun 10, 2013
I am setting up an ASA5515 to replace an existing Linux based firewall. Unfortunately the ASA5515 does not support source based routing.I have two internet connections currently used for specific connections - the second connection is NOT a failover connection.I have the default route to Internet connection 1.I want to route smtp out the second Internet connection.The routers connecting to the internet are a 877 and an 878The options I am considering is a layer 3 switch between the firewall and the routers to enable source based routing or replacing the 2 routers with a single router and the appropriate wic interfaces.
View 2 Replies
View Related
Jun 19, 2009
although cisco sw advisor said that the best IOS for my hardware 6509 Sup720 IOS: (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(18)SXF16 suits the WiSM; And I tested it already with WiSM version 5.0 but when I've upgraded the WiSM to version 6.0 the service interface from the switch side says:
B5_Noc2_CS1(config)#int gig 4/9
% This interface cannot be modified
as the customer refuse to upgrade the switch IOS & He wants to use the latest ED WiSM sw 6.0;
View 4 Replies
View Related
Aug 11, 2011
I have configured dhcpd in an ASA 5505 and every thing is working. I am testing it to give me a warning when the address pool is about to be finished or it is empty. But don't konw how to do it. if I run the "debug dhcpd packet", i get that the address pool is empty.
View 3 Replies
View Related
Jun 21, 2011
I have a problem with my ASDM Logging(ASA5520, System image file is "disk0:/asa804-k8.bin").If i generate any traffic, the ASDM do not show the packets correctly. For example, if i generate a icmp traffic from interface inside to outsite, the ASDM does not show the packets, when it shows it apperars just in one direction.
View 5 Replies
View Related
Jun 16, 2011
I have Cisco ASA 5520 and want to use any syslog server for logging of URL traffic passing through ASA firewall surffing by coorporate end users. how to configure ASA for URL logging on syslog server. so that i can log any user activity with website address with user ip address or hostname logged in syslog server.
View 3 Replies
View Related
Mar 1, 2012
I've run into an interesting problem.
-ASA: 8.4(2)
-ASDM: 6.4(5)
When I make a change at the CLI, syslog message ASA-5-111008 is generated and sent to the syslog servers, local buffer, and ASDM.When I make a change in ASDM, syslog message ASA-5-111008 is generated and sent to the local buffer and ASDM. It is NOT sent to the syslog server.
View 2 Replies
View Related
