active# sh running-config
: Saved
:
ASA Version 8.2(5)
!
hostname active
domain-name dhalahore.org
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
[code].....
I get stuck in a problem,What can be the reason for not working my configuration or any other reason that can be .
[CODE].....
Is this possible and if so what commands do i need to configure on my ASA 5510 for it to work.I have two web server within my DMZ and i want to access the outside url of on on the web server from the other. Currently i can access the internet from both webserver server but not the url form either webservers.
E.g. config
webserver 1 https://xxxxxx.xxxxxxx.com ---> public ip---> dmz ip
webserver 2 https://xxxxxx.xxxxxxx.com ---> public ip---> dmz ip
We have a ASA5510 with a webserver in the DMZ network 10.2.2.0/24. We now want this web server to be able to access the Exchange server in the Inside network 10.1.1.0/24. I researched this and it seemed straight forward according the the Cisco document below:
[URL]
I'm looking to do this with smtp so I added these lines to the config:
static (inside,DMZ) 10.2.2.30 10.1.1.11 netmask 255.255.255.255
access-list dmz extended permit tcp host 10.2.2.2 host 10.2.2.30 eq smtp
The configuration line:access-group DMZ in interface DMZ Already existed in the configuration so didn't need to be re-entered.
ASA Version 8.0(4)
!
hostname xxxx
domain-name xxxx.com
enable password xxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxx encrypted
names
[code]....
I have Cisco ASA 8.0(5) and I need to block specific url to acees my https server in dmz ?I read about websence technology, but I think it's not free right? Also I read abotu policy inspection map's but in my case is HTTPS not http ..
View 1 Replies View RelatedI have a router and a server that are connected through two unmanage switches. The router has DSL service in it and I want to access the internet on the server but I can't. The two are in the same network and it is a static IP network. I can ping the router from the server.
View 36 Replies View RelatedI want to access my ASA 5505 from internet.how I can achieve it.
View 1 Replies View RelatedI have a WRT54G2 version 1 router. I want to access it via internet remotely. I have a static IP and I enabled Remote Management option. I tried to access it from outside my home network entering my router static IP followed by :8080 in web browser. The username and password window appeared. After entering the right username and pass I just get a blank page
View 2 Replies View Relatedprovide me with the important links which can show me how to do the software upgrade for my ASA 5520 ver 7.0(1) to ver 8.4 ? as well as the ASDM
View 10 Replies View RelatedI would like to block internet IP address from VPN client. I tried setup a rule by using ADSM, the rule was hitted but no blocked. how to do it?
Our ASA Platform:
ASA Verison: 8.0(4)
ADSM Verison: 6.4(7)
i am using Cisco ASA 5510 with ASA Version 8.0(4) and memory 256MB. me to Upgrade it to 8.3
View 6 Replies View Relatedmy laptop is re-staring when access the server
View 1 Replies View RelatedI have a Windows Home Server v.1 I set it up nearly a year ago, and everything runs fine.I have 3 different user accounts that are password protected.On my PC, i have been running Windows 7 and using the server as my My Documents folder.I recently installed Windows 8 Consumer Preview on an old Hard Drive, and i can't seem to access any folder on the server that isn't already given public permission. Whenever i try to access my User folder i get an access denied message, but no prompt to enter a password so i can use it.
View 3 Replies View RelatedI have a question regarding CSS loadbalancer. Let's say there are 2 vlans in CSS:
1. Vlan 10: 10.1.1.0/24 as external interface, interface where most of the clients are coming from.
2. Vlan 20: 10.1.2.0/24 for real server vlan.
Virtual IP 10.1.1.10 is created in CSS on behalf of two real servers (10.1.2.11 & .12) in Vlan 20. Client from Vlan 10 can http access to 10.1.1.10 successfully.
In Vlan 20 there's also few clients which need to access servers via virtual IP. Vlan 20 Client PC (10.1.2.101) can ping 10.1.1.10, but can't access 10.1.1.10 http service.
Is there any way for CSS to forward service request coming from Server vlan to be send back to the same segment?
We have ASA5520 and we want to configure a VPN IPSEC profile so that a partner of ours can access only a server and only on HTTP port.I've tried configuring split tunneling with an Extended ACL but probably I'm missing something. I just configured the ACL so that it included any source to our server's IP on HTTP port but when testing, it didn't work.
However, if I configure a Standard ACL on the split tunneling I can access the server and all the services it provides.Do you know if I'm missing anything on the Extended ACL configuration?
Should I configure this any other way?
I recently bought a personal laptop that I'd like to use at work. It came with Windows 7 Home Premium installed and because of that, I can't join it to the Windows Server 2003 domain we have. I don't really need to print or any of the other things that go with being on the domain, I just need access to a few key folders. Is there any way to access shares on the server with Win 7 Home?
View 2 Replies View Relatedi'm getting "general network error" while accessing application from server..
client machine: Windows 7
server machine: Windows 2008 server
Switch : 24 port unmanaged D-Link switch ..
network cable: CAT-5 cable.
I am having some trouble understanding extended control lists. I am trying to prevent a certain host on LAN1 from accessing a server on LAN2, while still allowing the host access to the rest of LAN2.This is what I thought the command should be:
access-list 100 deny ip 175.16.1.2 0.0.0.0 175.17.2.2 0.0.0.0
My understanding was that:
Green = source & mask
Red = destination & mask
However this seems to stop all my other hosts on LAN1 from pinging the server also.
I cannot seem to see my server behind a cisco router. I have a feeling it is because our network phone system may be robbing the IP address?We have two fixed IP addresses.The first one, is assigned to the router.We have two swtiches set up behind router and all the other network stuff interanally wrks great.We also have full internet access. When I type the IP in on the web, it accesses the talkswitch phone system.I have set the internal IP to the server as fixed.I have port 21 open for FTP.When I run a test, the internet sees port 21 open. However, I cannot seem to cal lup the server over the internet. Could the talkswitch system somehow be interfereing with the logon?What would the proper syntax be to access the server?
View 3 Replies View RelatedI have a VPN connection to my office network. The VPN connection appears to work fine as it connects and logs me in successfully. In the connection box I have to provide a domain and my username to log in. Once the VPN is connected I am then able to ping my office computer as if I was on the same network. That is great. The problem is that there is a server on that network that defines a bunch of A records for web applications we are working on and I can't seem to hit any of those from my home computer, even though I can at work. If I remote into the office PC and navigate to these addresses they work fine. I also know that my co-worker can hit these a records from home so it has to be something I'm doing wrong.
[Code]....
I have a Cisco ASA 5505 with the base License. I want to split my network and add a new Internet Access, the first network in Orange works fine. My question is how can i access the file server from the second network (192.168.X.0 /24) ? The 3 switches are Cisco SF300-24P.
View 7 Replies View RelatedMcAffee scan of acs 1113 appliance running the 4.2 build 124 patch 12 version reports that a medium vulnerability exists because the system has SSH version 1. Any way to specify only version 2 or turn off SSH?
View 9 Replies View RelatedWe have an ASA-5505 running 8.2(1) with a Bosch DVR 600. When a machine is on the local subnet, it can see the video; however, when it's moved to the DMZ, the unit can be accessed, but all video screens are black and an java script error pops up as follows: [URL]
This message does not pop up when on the local subnet. Additionally, in the login screen, there is a language selection, and sometimes all languages are blanked out. There is a space for them, but they don't display.
I've tried this on a half a dozen machines, either XP or Win7 with IE8 and IE9, and they all do the same thing. I disabled http inspection, but that doesn't work. I also did a packet capture, and the only packets that traverse the ASA.
I could access from outside to dmz but after i moved to IPv6 as there is no nat needed, i applied the acl's but dont know where i'm going wrong. I need access from outside to dmz web server.
View 4 Replies View RelatedI've been attempting to fix this issue or confirm the issue is not with the firewall and I have kind of run into a road block. This is my problem as I understand it. A client of mine has a VPN tunnel built over a point to point connection of some kind (this client is fairly new to me) and is unable to access some hosts on the remote end of the VPN tunnel from the LAN side of the firewall. The LAN IPs are NAT'd as they leave the network from the HPH-Point-to-Point interface to the remote end. Just as a point of reference, the LAN IP of 129.200.11.19 is said to be working, however the range of 129.200.20.25 - .50 is not. I've tried packet-tracer but with the NAT happening over a VPN tunnel I am not sure if I am doing it correctly.
View 1 Replies View RelatedLooking through the logs of our SF300 switches I am seeing errors for SNTP:
%SNTP-D-NTPBADVER: NTP server version not compatible
We have two NTP servers listed, both are MS Windows 2008 R2 domain controllers. The actual time on the switches seems to be correct but we are still receiving these errors?
I have the following commands on my Cisco 3845 router running IOS version 12.2(24)T4:
ntp server 192.168.1.1 prefer
ntp server 192.168.1.2
ntp source loopback0
I see that the router is sending out NTP version 4; however, my NTP server is configured to accept only NTP version 3. Anything other than version 3 will be dropped.
How do I go about to configure NTP on the Cisco IOS router to send out only version 3 and not version 4?
I am currently migrating a netscreen firewall to a asa 5515 version 8.6 The issue is setting up the management connectivity.
basically the management IP of the cisco asa is not advertised. But, we want to route a management IP through the management interface to interface Gi0/2.
so IP of management interface is say - 216.10.100.10. and the IP of the inside interface is say - 198.1.1.10/24 on our router we have a static route sending 198.1.1.0/24 to next hop of 216.10.100.10 (management interface of cisco asa).
On the Cisco ASA can I send the traffic to the inside interface and manage the firewall via ssh that way?
I'm trying to install an ASA 5510 transparent firewall using ASA version 8.4(3)9 but I don't understand how traffic will ever pass through my firewall if both interfaces are on the same sub net(V lan) as the host and it's default gateway? The reason I'm doing this is were installing UAG (or Direct Access) and the UAG appliance need to have public IP's but still be behind a firewall (see attached diagram).
Looking at the documentation (which all seems to be for 5505's running 8.2) it almost seems like i need to have the transparent firewall 'in-line' to the ISP router?, but this router services another IP address range on another v lan for other (routed) firewalls (not shown on diagram) so putting it 'in-line' is not possible. Surely this can't be the case can it? If not how is it supposed to be cabled up and configured so packets go through the firewall?
I have an issue with my mail server(SME Server) which is behind a Cisco ASA 5500(firewall) problem is that if one leaves my network they can receive but can not send email via my SMTP also internal people can only send if they use the IP address of the server rather than the domain [URL]
here is my layout
ISP - ASA 5510 - LAN (includes mailserver)
I have a client that is getting disconnected quite frequently from our VPN Concentrator and in looking at the server I cna find no issues or cause for the disconnect. his ping to the concentrator never fails, but yet is disconnects. I have hundreds of remote VPN clients connecting to the same concentrator without issues.
[CODE]...
We are using Cisco ACS server Version : 5.3.0.40.6. Our tacacs appliances are crashing on AD authentication on a fairly regular basis. I have been searching Cisco.com to see whether we are on the latest version or not however I couldn't find anything lattest than what we are currently using. Are we on the latest version?
View 1 Replies View RelatedHow are asa5540 in high availability mode upgraded for their versions.
View 1 Replies View Related