Cisco Firewall :: ASA5505 DMZ Configuration Versus Linksys E4200 DMZ
May 11, 2013
I am using a Cisco E4200 router today but I am moving to a ASA5505. I have a device that sets up a VPN tunnel that I want to put in my DMZ. It's called the ATT Gateway. I have attached the diagram. When I use a Cisco E4200 all I do is put the outside private ip address of 192.168.0.99 of the ATT Gateway into the DMZ of the E4200 and the VPN tunnel of the ATT Gateway comes right up. I cannot configure the DMZ to do the same with the ASA. I also need to have the laptop behind the gateway access the printers in the inside network.
View 15 Replies
ADVERTISEMENT
Apr 17, 2012
I am trying to configure the firewall of a linksys 4200. I would like to be able to close or open every single port on protocols/incoming/outgoing. There doesn't seem to be a straightforward way in the e4200 web interface, is there any other way to perform this? Google doesn't seem to provide me many alternatives.
View 2 Replies
View Related
May 17, 2011
i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.
View 2 Replies
View Related
Dec 18, 2011
We have an ASA5505 that we need to enable hairpinning on.... In the old firmware versions, we used to be able to configure a public to private static mapping along with hairpinning by using
static (inside,outside) outside_ip inside_ip netmask 255.255.255.255
static (inside,inside) outside_ip inside_ip netmask 255.255.255.255
In 8.4, if I use object nat, the hairpin functionality works perfectly,
object network obj-insideip
nat (inside,inside) static publicip
however, since object nat only allows a single nat statement, I was attempting to use a twice nat to enable the hairpin functionality, but have been unsuccessful in coming up with the right combination of parameters for the functionality.
nat (inside,inside) source static private_object public_object destination static public_object private_object
allows hairpinning to successully work from the same machine. Meaning on any given host, I can ping itself using the private or public ip, but I can't get the right combination for hairpinning from any private host to another private host via the public ip. Other combinations have yielded icmp responses, however, they specify the private IP as the source of the reply instead of the public ip.
View 1 Replies
View Related
Nov 24, 2011
I am trying to find an effective way to extend the wireless signal across our home. I have tried various different solutions. Currently, I have an e4200 primary router that is cascaded with two additional e1500 routers that have been configured as access points. The Linksys support team hosted my computer and configured the devices. The e1500 routers are connected via ethernet wires running through the walls. And, this seems to be working well. Here's my question. The e1500 routers are configured with different SSID names, which Linksys advised was required to avoid conflicts in communications from the three router devices. Is there any way to configure this set up or something similar so that the entire wireless network has the same SSID and is seamless. In the current configuration, I have to specifically connect to the primary router or one of the two access points.
View 3 Replies
View Related
Feb 20, 2011
I like to take log backup in ASA.. and i like to check whether any attack pattern is there?? how could i do this...?Also how could i do a best practise for this?
View 12 Replies
View Related
Sep 28, 2011
I am trying to configure a trunk between the above two devices. I like to have vlan11 on ASA. Then I like to connect a host to my switch, and have it communicate with other devices in VLAN 11 or other vlans that reside on the ASA. Below is the config that I currently have.
ASA:
ciscoasa# show run interface Ethernet0/1
!
interface Ethernet0/1
[Code].....
View 5 Replies
View Related
May 27, 2013
so we have been using our current ASA5505 for a long time. Since it only support up to 10 VPN licenses, so we buy a new ASA5505-SEC-BUN-K9(support up to 25 users).
the old ASA are running: 8.0.3 and ASDM 6.0.3
the new ASA are running: 8.2.5 and ASDM 6.4.5
I thought it would be simple as export and import the config file, but when i tried to restore, the new one is looking for a zip file but the old one doesn;t backup file in ZIP. It looks like i need to update the ASA version or/and ASDM?
I am pretty new to this and never upgrade any of these versions since I am aware of the upgrade may mess things up. So do I need to upgrade both the ASA version and the ASDM in order to restore my config? any effect if i do the upgrade? I also read some articles, we need to upgrade on the version one by one, like 8.0 to 8.1 then 8.2?
View 4 Replies
View Related
Jan 9, 2012
I am wondering if it's possible to convert a Pix 501 configuration running version 6.3(5) to a new ASA5505 which we just purchased? We have site to site VPN on this device and i am just trying to save some time. I believe Cisco TAC might have a tool to do this but i am not sure.
View 4 Replies
View Related
Dec 26, 2011
I’m trying to configure my ASA 5505, in order to allow my inbound and outbound mail communications. Here with this mail I’ve attached a diagram which illustrates my exact network setup along with ip addresses.
In this setup I’ve enabled port forwarding on my ADSL router (port 25 and 110) and configured the ASA accordingly, and my mail server is located inside my network.
My problem is currently I can send mails from my inside network to outside but my not receiving any mails which originate from outside. I’ve attached my current ASA configuration as well,
C:UsersSuthakarDocumentsOffice_DocsThakralABC Computers
Final config on ASA5505
host name Cisco
enable password 8Ry2YjIyt7RRXU24 encrypted
password 2KFQnbNIdI.2KYOU encrypted
names
!interface Vlan1
nameif inside
security-level 100
ip address 192.168.155.201 255.255.255.0
[Code] ......
View 3 Replies
View Related
Sep 26, 2011
We are planning on testing a new ISP provider in our company but we have the following doubt: This new provider is using a Optical Fiber line (GPON – PT Prime) for this new internet connection and we already have a Cisco RV220W router but they are not sure if that can be used, so they just informed that they a capable router is the Cisco 2951-SEC/K9, that they are selling of course. So our actual doubt is if the Cisco 2951-SEC/K9 can have some “extra” WAN configurations/authentications that are not available in our Cisco RV220W and that can implicate that we cannot use our RV220w router?
View 3 Replies
View Related
Dec 2, 2012
There is anyway to change the timeout on the tcp/udp connection? So the router close the connection automatically.
View 1 Replies
View Related
Jan 11, 2012
Just picked up the E4200 and used Cisco Connect to install. Wanted to know a few things?
-Windows 7, 64 bit
-E4200 router
-AE2500 adapter
1) How can I tell if its running at optimal configuration?
2) Before with my previous router (netgear) I didn't see my router in Device Manager. Now its under Network Infrastructure Devices. It lists the name of my router, under that it lists Microsoft Wireless Router Module??
3) Before with my previous adapter (belkin) I would see my Network Adapter in Device Manager. I see my network adapter listed, under that Realtek PCI (LAN), but now there is another new device? Microsoft Virtual WiFi Miniadapter??
Why are these Microsoft devices showing in Device Manager? Did they not get installed correctly?
View 2 Replies
View Related
Jan 2, 2012
I got my NTFS formatted drive to work with the E4200 router via its USB port.I do not see any 'Access' option to configure different access types based on users. I do have users configured in the Administration tab; these are what came per-configured on the router.
View 4 Replies
View Related
Apr 24, 2012
We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510. One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover. I have configured a number of isr's for this and i know it works good.
View 1 Replies
View Related
Dec 27, 2011
By now, I'm sure E4200 and other Router users that have twonky have noticed they cannot access the twonky configuration pages, as you have chosen to block them. Please give advanced users a work around to this, because if Twonky does not recognize our newer TV/devices, then we cannot play certain file formats without manually configuring the service.
View 3 Replies
View Related
Mar 27, 2013
My E4200 storage config (portions of it) does not persist through reboot cycles. We often have to reboot the router because we lose wireless conectivity, and each time we reboot, we lose our mapped drives because the router is no longer sharing the folders and permissions I set up. And in the storage settings, my shared folder setup looks like factory default (sharing only root /) after each reboot. Those settings do not persist. I have to restore my router config from a backup after each reboot, which is a real pain. Especially when the kids reboot the router to get their wireless back, but restore is just too complicated for them, and so they call me when they then can not access their network share folders with homework on them.
View 9 Replies
View Related
May 30, 2012
When I'm trying to access the Twonky setting page on http://192.168.1.1:9000/config I get: Access is restricted to MediaServer configuration! Is this normal or not?
View 2 Replies
View Related
Jul 6, 2011
how to get at the configuration interface for the "built-in" Twonky server on the E4200.Specifically, I'm trying to figure out how to get to the "clients.db" file and the area of the UI where I can configure the receiver settings. I'm getting the dreaded "unknown file format" message when streaming mp4 files to my Samsung BD-C6500 bluray player. Installing Twonky on my laptop and working with the problematic files has shown that the solution is a simple matter for BD-C6500 understand how the files are encoded.
View 9 Replies
View Related
Oct 23, 2011
I use to run Twonky media server on my iMac and I was very happy with it. Now I have purchased a Linksys Wifi Router E4200. Twonky server embedded works fine with all my devices except with my Samsung D8000 Led TV. In the Mac version I must identify manually the player (Samsung TV), if not mkv won't play. The question is: How can I select the device in the Linksys E4200? The config page is not available and displays "Access is restricted to mediaserver configuration" E4200 firm V. 1.0.03
View 9 Replies
View Related
Feb 14, 2012
I am setting up a new E4200 modem, and have not been able to use the wired connection. The Windows 7 diagnositic on all three computers tells me "Local Area Connection, doesn't have a valid IP configuration."Model: E4200v1..I am using a new E4200 router, along with a new SE1500 5-port switch and a new SE2800 8-port switch.I am using a wired network that consists of two desktop computers, a laptop computer, a network printer, three Direct TV recorders, two Roku streaming video players, a BluRay player, and an XBox gaming console.Here is what I have done so far.
1- I can bypass the router to establish a direct wired connection to the cable modem. This works to access the internet. It establishes a new wired connection called Network 2.
2- I can access the internet using the wireless connection to the router. It shows a valid IPv4 address.
3- With all cables in place, all the lights are flashing on the router and on the computers.
4- I had changed cables and swapped cable ends.
5- Using the wireless connection, I can access the router home page (192.168.1.1). It shows valid IP addresses.
The problem is that my old Linksys BEFSR81 stopped working, with the same eror message for the LAN connection, "Local Area Connection, doesn't have a valid IP configuration."How often does the WAN port go bad? On both a five-year old BEFSR81, and a brand new E4200?
View 7 Replies
View Related
Oct 5, 2011
we are running 8.4(2) on the asa with the below configuration we basically have a static for .7 on .25 and a nat for .7 for port direction with manual nat that takes precedense over auto nat within the object group am I correct that I dontneed the dynamic statement and that its redundant?
-object network obj-10.X.0.25-02host 10.X.0.25
-object network obj-10.X.0.25nat (any,INSIDE) static X.X.X.7 dns
-object network obj-10.X.0.25-01nat (INSIDE,OUTSIDE) static X.X.X.7 service tcp smtp smtp
-object network obj-10.X.0.25-02nat (INSIDE,OUTSIDE) dynamic X.X.X.7
View 1 Replies
View Related
Jul 20, 2012
i have the asa5505 with asa8.4.5 and asdm 6.4.2. my asa work like site to site vpn with the other asa5505. i would be love that monitoring status of VPN. i enabled on asa logging, i puted address of smtp server, receipent email, source email, the problem is because my smtp server require authentication, TLS. how set configuration on asa5505?
configuration of logging for send notification on email.
View 3 Replies
View Related
Aug 22, 2012
Our client has a vendor who needs to establish a VPN tunnel to their own router which sits behind our Firewall.
VPN Concentrator (Vendor) <------> ASA5505 Client (7.2) <-------> 3750 Switch <-------> VPN ASA outside Interface - 208.64.1x.x4 DG - 208.64.1x.x3
ASA Inside Interface - 172.20.58.13/30
3750 Switch Interface Connected to ASA - 172.20.58.14/30 and DG - 172.20.58.13
3750 Switch Interface connected to VPN router - 172.20.58.21
VPN Router Interface connected to the 3750 - 172.20.58.22/30 DG - 172.20.58.21
I have also attached a Visio for this and the running configuration from the ASA and 3750. We don't have access to the TNS VPN router. Our responsibility is to just to make sure the tunnel comes up.
1) Create a static NAT on the ASA for Public to Private IP of the VPN router
Public - 208.64.1x.x5 / 28
Private - 172.20.58.21 / 30
Will the ASA automatically ARP for this address or do i have to configure another interface on the ASA with this public IP?
2) What would the access list look like on the ASA?
3) The client gave us some config to copy the stuff on the ASA so that they can create the tunnel but i couldn't put those commands in the ASA. How would this be applied and on what interface?
Firewall Access: The following information pertains to access between the VPN router and the
VPN concentrator. If a firewall/router is present in front of the VPN the following services need to be
allowed:
permit esp host 208.224.x.x any
permit gre host 208.224.x.x any
permit udp host 208.224.x.x any eq isakmp
permit udp host 208.224.x.x any eq non500-isakmp(code )
View 2 Replies
View Related
Mar 28, 2011
currently my firewall is Microsoft ISA Server 2006 and im using it very nicely but based on some security treats im changing my firewall from isa to ASA 5520 but im facing a problem that my i had installed on software name Soft Perfect Bandwdith Manager and i was limiting each users based on their MAC address to prevent using of full bandwidth in my internet so thats why i had a very relialble internet useage in my network.
after many search and searching i didnt find a good software or hardware that should support with Cisco ASA Apliances to support bandwidth management for endpoint users and etc and this is very troubel i dont want all users to use full badnwidth in my company becouse i have only 2MB internet badnwith taken via VSAT connection
View 3 Replies
View Related
Mar 8, 2011
I would like to configure a cisco ASA5505 IPSEC VPN. I used the wizard and tried to connect to the outside .. does not work .. The network is configured in this manner: - ADSL router with public address and internal address 192.168.2.1 -> firewall interface inside and outside 192.168.2.2 192.168.3.1 (my network is 192.168.3.0). I used a VPN to the pools ranging from 192.168.4.1 to 192.168.4.100.
INTERNET ----- ROUTER ------ ASA5505 -------LAN
What should I change? there could be problems between the router and firewall?
View 6 Replies
View Related
May 27, 2013
Best practices for an ASA5520. I'm currently running a pair of these as internal firewall for my organization, and have about 750 rules dictating traffic. A lot of the rules are for individual ports to specific server(s), some of them having 50+ ports opened. For example, Exchange has about 115 ports opened right now, anywhere from port 25 to 55000.
My question is that would it be better (faster, less strain on the ASA) to open a port range, (ie 52000-55000) or would the individual ports (ie: 52112, 52336, 52698,53441,53495, etc...) be ok?Obviously the individual ports are much more granular for security, but I don't want to take that into consideration now. Just strictly individual ports vs ranges.
View 2 Replies
View Related
Mar 8, 2013
I've been asked to deploy an ASA in Transparent Mode because of concerns of putting another layer 3 hop between PE and CE routers running BGP.
Is there some problem with allowing BGP to flow freely through an ASA the is also terminating site to site and remote access vpn tunnels?
I just don't see the need for Transparent Mode here and you cannot have a standard DMZ setup with Transparent Mode: you have to use bridge groups to provide for multiple interfaces on the ASA and then have an external router route between those bridge groups.
what I'm missing here as to why Transparent Mode is needed (not needed)
ASA is 5512
View 4 Replies
View Related
Mar 17, 2012
i have the asa5505. the configuration of asa 5505 is:
: Saved
Code...
i analyzed this traffic i see problem with the nat- Asymmetric NAT rules matched for forward and reverse flows. where i made error?
View 0 Replies
View Related
Mar 22, 2012
We have had an ASA5505 for close to two years. About a year ago, we added a second ISP ("BOB") which became our primary and our old one (SBC) became our backup. I successfully modified the config for this and it's been working well.
Now we're changing our primary ISP to Comcast and getting rid of BOB, so right now we actually have 3 ISPs coming into our building.
I removed the BOB interface and routes, then added an interface for Comcast using an IP address from the range they provided as well as a static route to the gateway they provided - everything is analagous to the previous interfaces and routes, but it doesn't work. If I physically disconnect the Ethernet cable going to the Comcast cable modem, then the ASA does fail back to the SBC interface as expected. If I put the BOB interface & route back in there, it works again through BOB.
If I connect a PC to the Comcast cable modem and use an IP/Gateway they provided, the Internet connection *does* work. Using this same exact IP info in the ASA doesn't work.
Is there some other configuration item besides interfaces and static routes that I should be modifying? Is there some way I can dig deeper into the ASA to see exactly what is failing?
View 2 Replies
View Related
Apr 8, 2012
I teach in a High School and we've got about a 300 node MS Windows Network. Two MS2003 File Servers act as my DNS/WINS/DHCP servers. We have been using a WATCHGUARD FIREBOX III to act as the router/gateway between the outside external address and my internal (10.0.0.1) gateway address. All p.c's inside the network are routed to one of the Servers (10.0.0.2 or 10.0.0.4) for DNS/WINS/DHCP addressing. The servers point to 10.0.0.1 for gateway.
We are trying to replace the Watchguard Firebox with a CISCO ASA 5505 (eventually we'd like to implement VPN). When I connect the CISCO ASA, I get no internet passthrough at all.
View 1 Replies
View Related
Jan 9, 2012
There are two issues which are testing my resolve.
1) Bad Cryptochecksum Ignored error
2) Unable to boot to a save startup-config file.
I want to take the configuration from one ASA 5505 and move it to another ASA 5505. I copied the startup-config file from an ASA 5505 running asa821-k8.bin to an ASA running 8.222-k8 to flash using tftp. I set the boot config parameter on the new asa to flash:/startup-config which is the location of the startup file. If I use copy run start command, I over write the startup file. When I copy the startup configuration to the running configuration I get a Bad Cryptochecksum Ignored error and the startup file does not copy over to the running file. How can I resolve this issue?
View 1 Replies
View Related
Oct 17, 2011
Client has an ASA5505 anchoring an MPLS network. One of their branch offices is experiencing frequent circuit outages due to theft of copper lines. I am looking at an 881G with wireless aircard as a backup solution and creating a VPN tunnel to the ASA but am unsure about how to handle routing on the ASA. There will already be a route for the branch subnet for the MPLS network.
View 2 Replies
View Related
