Cisco Firewall :: ASA5505 DMZ Configuration Versus Linksys E4200 DMZ

May 11, 2013

I am using a Cisco E4200 router today but I am moving to a ASA5505.   I have a device that sets up a VPN tunnel that I want to put in my DMZ.   It's called the ATT Gateway.  I have attached the diagram.   When I use a Cisco E4200 all I do is put the outside private ip address of of the ATT Gateway into the DMZ of the E4200 and the VPN tunnel of the ATT Gateway comes right up. I cannot configure the DMZ to do the same with the ASA.   I also need to have the laptop behind the gateway access the printers in the inside network. 

View 15 Replies


Linksys Wireless Router :: Granulated Firewall Configuration On E4200

Apr 17, 2012

I am trying to configure the firewall of a linksys 4200. I would like to be able to close or open every single  port on protocols/incoming/outgoing. There doesn't seem to be a straightforward way in the e4200 web interface, is there any other way to perform this? Google doesn't seem to provide me many alternatives. 

View 2 Replies View Related

Cisco Firewall :: ASA5505 Lose Configuration If Upgrade Firewall

May 17, 2011

i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.

View 2 Replies View Related

Cisco Firewall :: Object To Twice NAT Configuration ASA5505 8.4?

Dec 18, 2011

We have an ASA5505 that we need to enable hairpinning on.... In the old firmware versions, we used to be able to configure a public to private static mapping along with hairpinning by using
static (inside,outside) outside_ip inside_ip netmask
static (inside,inside) outside_ip inside_ip netmask
In 8.4, if I use object nat, the hairpin functionality works perfectly,
object network obj-insideip
  nat (inside,inside) static publicip
however, since object nat only allows a single nat statement, I was attempting to use a twice nat to enable the hairpin functionality, but have been unsuccessful in coming up with the right combination of parameters for the functionality.
nat (inside,inside) source static private_object public_object destination static public_object private_object
allows hairpinning to successully work from the same machine.  Meaning on any given host, I can ping itself using the private or public ip, but I can't get the right combination for hairpinning from any private host to another private host via the public ip.  Other combinations have yielded icmp responses, however, they specify the private IP as the source of the reply instead of the public ip.

View 1 Replies View Related

Linksys Access Point :: E4200 / E1500 - Cascading Routers Versus Access Points?

Nov 24, 2011

I am trying to find an effective way to extend the wireless signal across our home. I have tried various different solutions. Currently, I have an e4200 primary router that is cascaded with two additional e1500 routers that have been configured as access points. The Linksys support team hosted my computer and configured the devices. The e1500 routers are connected via ethernet wires running through the walls. And, this seems to be working well. Here's my question. The e1500 routers are configured with different SSID names, which Linksys advised was required to avoid conflicts in communications from the three router devices. Is there any way to configure this set up or something similar so that the entire wireless network has the same SSID and is seamless. In the current configuration, I have to specifically connect to the primary router or one of the two access points.

View 3 Replies View Related

Cisco Firewall :: Best Practice For Log Configuration And Backup In ASA5505

Feb 20, 2011

I like to take log backup in ASA.. and i like to check whether any attack pattern is there?? how could i do this...?Also how could i do a best practise for this?

View 12 Replies View Related

Cisco Firewall :: Trunk Configuration Between ASA5505 And 3750 Switch

Sep 28, 2011

I am trying to configure a trunk between the above two devices. I like to have vlan11 on ASA. Then I like to connect a host to my switch, and have it communicate with other devices in VLAN 11 or other vlans that reside on the ASA. Below is the config that I currently have.

ciscoasa# show run interface Ethernet0/1
interface Ethernet0/1


View 5 Replies View Related

Cisco Firewall :: Restore Configuration To New ASA5505 On Different ASDM Version

May 27, 2013

so we have been using our current ASA5505 for a long time. Since it only support up to 10 VPN licenses, so we buy a new ASA5505-SEC-BUN-K9(support up to 25 users).
the old ASA are running: 8.0.3 and ASDM 6.0.3
the new ASA are running: 8.2.5 and ASDM 6.4.5
I thought it would be simple as export and import the config file, but when i tried to restore, the new one is looking for a zip file but the old one doesn;t backup file in ZIP. It  looks like i need to update the ASA version or/and ASDM?
I am pretty new to this and never upgrade any of these versions since I am aware of the upgrade may mess things up. So do I need to upgrade both the ASA version and the ASDM in order to restore my config?  any effect if i do the upgrade? I also read some articles, we need to upgrade on the version one by one, like 8.0 to 8.1 then 8.2?

View 4 Replies View Related

Cisco Firewall :: Possible To Convert Pix 501 Configuration Running Version 6.3(5) To New ASA5505

Jan 9, 2012

I am wondering if it's possible to convert a Pix 501 configuration running version 6.3(5) to a new ASA5505 which we just purchased? We have site to site VPN on this device and i am just trying to save some time. I believe Cisco TAC might have a tool to do this but i am not sure.

View 4 Replies View Related

Cisco Firewall :: ASA5505 - Configuration To Allow Inbound / Outbound Mail Communications

Dec 26, 2011

I’m trying to configure my ASA 5505, in order to allow my inbound and outbound mail communications. Here with this mail I’ve attached a diagram which illustrates my exact network setup along with ip addresses.

In this setup I’ve enabled port forwarding on my ADSL router (port 25 and 110) and configured the ASA accordingly, and my mail server is located inside my network.

My problem is currently I can send mails from my inside network to outside but my not receiving any mails which originate from outside. I’ve attached my current ASA configuration as well,

C:UsersSuthakarDocumentsOffice_DocsThakralABC Computers

Final config on ASA5505

host name Cisco
enable password 8Ry2YjIyt7RRXU24 encrypted
password 2KFQnbNIdI.2KYOU encrypted
!interface Vlan1
nameif inside
security-level 100
ip address
[Code] ......

View 3 Replies View Related

Cisco Routers :: WAN / ISP Configuration - RV220w Versus 2951-SEC/K9

Sep 26, 2011

We are planning on testing a new ISP provider in our company but we have the following doubt: This new provider is using a Optical Fiber line (GPON – PT Prime) for this new internet connection and we already have a Cisco RV220W router but they are not sure if that can be used, so they just informed that they a capable router is the Cisco 2951-SEC/K9, that they are selling of course. So our actual doubt is if the Cisco 2951-SEC/K9 can have some “extra” WAN configurations/authentications that are not available in our Cisco RV220W and that can implicate that we cannot use our RV220w router?

View 3 Replies View Related

Linksys Wireless Router :: E4200 TCP UDP Timeout Configuration?

Dec 2, 2012

There is anyway to change the timeout on the tcp/udp connection? So the router close the connection automatically.

View 1 Replies View Related

Linksys Wireless Router :: How To Tell If E4200 Running At Optimal Configuration

Jan 11, 2012

Just picked up the E4200 and used Cisco Connect to install.  Wanted to know a few things?
-Windows 7, 64 bit
-E4200 router
-AE2500 adapter
1)  How can I tell if its running at optimal configuration?
2)  Before with my previous router (netgear) I didn't see my router in Device Manager.  Now its under Network Infrastructure Devices.  It lists the name of my router, under that it lists Microsoft Wireless Router Module??
3)  Before with my previous adapter (belkin) I would see my Network Adapter in Device Manager.  I see my network adapter listed, under that Realtek PCI (LAN), but now there is another new device?  Microsoft Virtual WiFi Miniadapter?? 
Why are these Microsoft devices showing in Device Manager?  Did they not get installed correctly?

View 2 Replies View Related

Linksys Wireless Router :: E4200 USB Disk And Access Configuration

Jan 2, 2012

I got my NTFS formatted drive to work with the E4200 router via its USB port.I do not see any 'Access' option to configure different access types based on users.  I do have users configured in the Administration tab; these are what came per-configured on the router.

View 4 Replies View Related

Cisco Firewall :: IOS Firewall Versus ASA (5505 / 5510) For Smaller Clients (less Than 50)?

Apr 24, 2012

We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510.  One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover.  I have configured a number of isr's for this and i know it works good. 

View 1 Replies View Related

Linksys Wireless Router :: E4200 / Cannot Access The Twonky Configuration Pages

Dec 27, 2011

By now, I'm sure E4200 and other Router users that have twonky have noticed they cannot access the twonky configuration pages, as you have chosen to block them.  Please give advanced users a work around to this, because if Twonky does not recognize our newer TV/devices, then we cannot play certain file formats without manually configuring the service.

View 3 Replies View Related

Linksys Wireless Router :: E4200 Storage Configuration Shared Folders

Mar 27, 2013

My E4200 storage config (portions of it) does not persist through reboot cycles. We often have to reboot the router because we lose wireless conectivity, and each time we reboot, we lose our mapped drives because the router is no longer sharing the folders and permissions I set up. And in the storage settings, my shared folder setup looks like factory default (sharing only root /) after each reboot. Those settings do not persist. I have to restore my router config from a backup after each reboot, which is a real pain. Especially when the kids reboot the router to get their wireless back, but restore is just too complicated for them, and so they call me when they then can not access their network share folders with homework on them.

View 9 Replies View Related

Linksys Wireless Router :: E4200 - Access Restricted To Media Server Configuration

May 30, 2012

When I'm trying to access the Twonky setting page on I get: Access is restricted to MediaServer configuration! Is this normal or not?

View 2 Replies View Related

Linksys Wireless Router :: Configuration Interface For Built-in Twonky Server On E4200?

Jul 6, 2011

how to get at the configuration interface for the "built-in" Twonky server on the E4200.Specifically, I'm trying to figure out how to get to the "clients.db" file and the area of the UI where I can configure the receiver settings. I'm getting the dreaded "unknown file format" message when streaming mp4 files to my Samsung BD-C6500 bluray player.  Installing Twonky on my laptop and working with the problematic files has shown that the solution is a simple matter for BD-C6500 understand how the files are encoded.

View 9 Replies View Related

Linksys Wireless Router :: E4200 - Access Is Restricted To Media Server Configuration

Oct 23, 2011

I use to run Twonky media server on my iMac and I was very happy with it. Now I have purchased a Linksys Wifi Router E4200. Twonky server embedded works fine with all my devices except with my Samsung D8000 Led TV. In the Mac version I must identify manually the player (Samsung TV), if not mkv won't play. The question is: How can I select the device in the Linksys E4200? The config page is not available and displays "Access is restricted to mediaserver configuration" E4200 firm V. 1.0.03

View 9 Replies View Related

Linksys Wireless Router :: E4200 Local Area Connection Doesn't Have A Valid IP Configuration

Feb 14, 2012

I am setting up a new E4200 modem, and have not been able to use the wired connection. The Windows 7 diagnositic on all three computers tells me "Local Area Connection, doesn't have a valid IP configuration."Model: E4200v1..I am using a new E4200 router, along with a new SE1500 5-port switch and a new SE2800 8-port switch.I am using a wired network that consists of two desktop computers, a laptop computer, a network printer, three Direct TV recorders, two Roku streaming video players, a BluRay player, and an XBox gaming console.Here is what I have done so far.

1- I can bypass the router to establish a direct wired connection to the cable modem. This works to access the internet. It establishes a new wired connection called Network 2.
2- I can access the internet using the wireless connection to the router. It shows a valid IPv4 address.
3- With all cables in place, all the lights are flashing on the router and on the computers.
4- I had changed cables and swapped cable ends.
5- Using the wireless connection, I can access the router home page ( It shows valid IP addresses.

The problem is that my old Linksys BEFSR81 stopped working, with the same eror message for the LAN connection, "Local Area Connection, doesn't have a valid IP configuration."How often does the WAN port go bad? On both a five-year old BEFSR81, and a brand new E4200?

View 7 Replies View Related

Cisco Firewall :: 8.4(2) Static NAT Versus Dynamic NAT

Oct 5, 2011

we are running 8.4(2) on the asa with the below configuration we basically have a static for .7 on .25 and a nat for .7 for port direction with manual nat that takes precedense over auto nat within the object group am I correct that I dontneed the dynamic statement and that its redundant?

-object network obj-10.X.0.25-02host 10.X.0.25
-object network obj-10.X.0.25nat (any,INSIDE) static X.X.X.7 dns
-object network obj-10.X.0.25-01nat (INSIDE,OUTSIDE) static X.X.X.7 service tcp smtp smtp
-object network obj-10.X.0.25-02nat (INSIDE,OUTSIDE) dynamic X.X.X.7

View 1 Replies View Related

Cisco :: How To Set Configuration On Asa5505

Jul 20, 2012

i have the asa5505 with asa8.4.5 and asdm 6.4.2. my asa work like site to site vpn with the other asa5505. i would be love that monitoring status of VPN. i enabled on asa logging, i puted address of smtp server, receipent email, source email, the problem is because my smtp server require authentication, TLS. how set configuration on asa5505?
configuration of logging for send notification on email.

View 3 Replies View Related

Cisco VPN :: VPN Configuration On ASA5505

Aug 22, 2012

Our client has a vendor who needs to establish a VPN tunnel to their own router which sits behind our Firewall.
VPN Concentrator (Vendor) <------> ASA5505 Client (7.2) <-------> 3750 Switch <-------> VPN ASA outside Interface - 208.64.1x.x4 DG - 208.64.1x.x3
ASA Inside Interface -
3750 Switch Interface Connected to ASA - and DG -
3750 Switch Interface connected to VPN router -
VPN Router Interface connected to the 3750 - DG -

I have also attached a Visio for this and the running configuration from the ASA and 3750. We don't have access to the TNS VPN router. Our responsibility is to just to make sure the tunnel comes up.
1) Create a static NAT on the ASA for Public to Private IP of the VPN router
Public - 208.64.1x.x5 / 28
Private - / 30
Will the ASA automatically ARP for this address or do i have to configure another interface on the ASA with this public IP?
2) What would the access list look like on the ASA?
3) The client gave us some config to copy the stuff on the ASA so that they can create the tunnel but i couldn't put those commands in the ASA. How would this be applied and on what interface?
Firewall Access: The following information pertains to access between the VPN router and the
VPN concentrator. If a firewall/router is present in front of the VPN the following services need to be
permit esp host 208.224.x.x any
permit gre host 208.224.x.x any
permit udp host 208.224.x.x any eq isakmp
permit udp host 208.224.x.x any eq non500-isakmp(code )

View 2 Replies View Related

Cisco Firewall :: ASA 5520 Versus ISA Server 2006

Mar 28, 2011

currently my firewall is Microsoft ISA Server 2006 and im using it very nicely but based on some security treats im changing my firewall from isa to ASA 5520 but im facing a problem that my i had installed on software name Soft Perfect Bandwdith Manager and i was limiting each users based on their MAC address to prevent using of full bandwidth in my internet so thats why i had a very relialble internet useage in my network.
after many search and searching i didnt find a good software or hardware that should support with Cisco ASA Apliances to support bandwidth management for endpoint users and etc and this is very troubel i dont want all users to use full badnwidth in my company becouse i have only 2MB internet badnwith taken via VSAT connection

View 3 Replies View Related

Cisco VPN :: ASA5505 Configuration Not Working

Mar 8, 2011

I would like to configure a cisco ASA5505 IPSEC VPN. I used the wizard and tried to connect to the outside .. does not work .. The network is configured in this manner: - ADSL router with public address and internal address -> firewall interface inside and outside (my network is I used a VPN to the pools ranging from to
INTERNET ----- ROUTER ------ ASA5505 -------LAN
What should I change? there could be problems between the router and firewall?

View 6 Replies View Related

Cisco Firewall :: ASA5520 Individual Ports Versus Ranges

May 27, 2013

Best practices for an ASA5520. I'm currently running a pair of these as internal firewall for my organization, and have about 750 rules dictating traffic. A lot of the rules are for individual ports to specific server(s), some of them having 50+ ports opened. For example, Exchange has about 115 ports opened right now, anywhere from port 25 to 55000.
My question is that would it be better (faster, less strain on the ASA) to open a port range, (ie 52000-55000) or would the individual ports (ie: 52112, 52336, 52698,53441,53495, etc...) be ok?Obviously the individual ports are much more granular for security, but I don't want to take that into consideration now. Just strictly individual ports vs ranges.

View 2 Replies View Related

Cisco Firewall :: 5512 - BGP Through ASA Versus Transparent Mode Deployment

Mar 8, 2013

I've been asked to deploy an ASA in Transparent Mode because of concerns of putting another layer 3 hop between PE and CE routers running BGP.
Is there some problem with allowing BGP to flow freely through an ASA the is also terminating site to site and remote access vpn tunnels?
I just don't see the need for Transparent Mode here and you cannot have a standard DMZ setup with Transparent Mode: you have to use bridge groups to provide for multiple interfaces on the ASA and then have an external router route between those bridge groups.
what I'm missing here as to why Transparent Mode is needed (not needed)

ASA is 5512

View 4 Replies View Related

Cisco Switching/Routing :: No Configuration On Asa5505

Mar 17, 2012

i have the asa5505. the configuration of asa 5505 is:
: Saved


i analyzed this traffic i see problem with the nat- Asymmetric NAT rules matched for forward and reverse flows. where i made error?

View 0 Replies View Related

Cisco Security :: Changing ASA5505 Configuration To Use Different ISP

Mar 22, 2012

We have had an ASA5505 for close to two years. About a year ago, we added a second ISP ("BOB") which became our primary and our old one (SBC) became our backup. I successfully modified the config for this and it's been working well.
Now we're changing our primary ISP to Comcast and getting rid of BOB, so right now we actually have 3 ISPs coming into our building.
I removed the BOB interface and routes, then added an interface for Comcast using an IP address from the range they provided as well as a static route to the gateway they provided - everything is analagous to the previous interfaces and routes, but it doesn't work. If I physically disconnect the Ethernet cable going to the Comcast cable modem, then the ASA does fail back to the SBC interface as expected. If I put the BOB interface & route back in there, it works again through BOB.
If I connect a PC to the Comcast cable modem and use an IP/Gateway they provided, the Internet connection *does* work. Using this same exact IP info in the ASA doesn't work.
Is there some other configuration item besides interfaces and static routes that I should be modifying? Is there some way I can dig deeper into the ASA to see exactly what is failing?

View 2 Replies View Related

Cisco WAN :: ASA5505 Basic Configuration / No Internet Pass-through At All

Apr 8, 2012

I teach in a High School and we've got about a 300 node MS Windows Network.  Two MS2003 File Servers act as my DNS/WINS/DHCP servers. We have been using a WATCHGUARD FIREBOX III to act as the router/gateway between the outside external address and my internal ( gateway address. All p.c's inside the network are routed to one of the Servers ( or for DNS/WINS/DHCP addressing.  The servers point to for gateway.

We are trying to replace the Watchguard Firebox with a CISCO ASA 5505 (eventually we'd like to implement VPN).   When I connect the  CISCO ASA, I get no internet passthrough at all. 

View 1 Replies View Related

Cisco VPN :: ASA5505 - Bad Cryptochecksum Ignored And Setting Default Startup Configuration

Jan 9, 2012

There are two issues which are testing my resolve.
1) Bad Cryptochecksum Ignored error
2) Unable to boot to a save startup-config file.
I want to take the configuration from one ASA 5505 and move it to another ASA 5505. I copied the startup-config file from an ASA 5505 running asa821-k8.bin to an ASA running 8.222-k8 to flash using tftp. I set the boot config parameter on the new asa to flash:/startup-config which is the location of the startup file. If I use copy run start command, I over write the startup file. When I copy the startup configuration to the running configuration I get a Bad Cryptochecksum Ignored error and the startup file does not copy over to the running file. How can I resolve this issue?

View 1 Replies View Related

Cisco WAN :: ASA5505 - Seeking Failover To WWAN Configuration Specifics?

Oct 17, 2011

Client has an ASA5505 anchoring an MPLS network. One of their branch offices is experiencing frequent circuit outages due to theft of copper lines. I am looking at an 881G with wireless aircard as a backup solution and creating a VPN tunnel to the ASA but am unsure about how to handle routing on the ASA. There will already be a route for the branch subnet for the MPLS network.

View 2 Replies View Related

Copyrights 2005-15, All rights reserved