We have a Cisco 5505 ASA fireawll at a remote site. I can get the firewall to issue the IP addresses to the pc's, Is there a way for the pc's to get their IP addresses directly from our DHCP server?
View 3 RepliesI imagine I can use the framed-ip-address attribute to assign ip-addresses but there seem to be support for static ip addresses only?A bit of a drag when we're talking 200+ nodes.
View 1 Replies View RelatedI have a LAN with about 200 computers (192.168.10.0/24) with a DHCP Server on Windows server 2003.The problem is that my company have acquired 100 others computers that I have connected on this network.Some computer does not get IP address from the DHCP server. When I investigated the log of the DHCP server, I realized that the DHCP server was out of addresses.
View 2 Replies View RelatedI used to use a CentOS self-made server for intranet for my little office, but I bouth few days ago a Cisco 861 router to replace the linux box.
1. I have 2 public IP classes from my ISP. 1 class is limitted to 80mbit upload, the other to 30mbit upload. So I need some sort of DNAT to be able to know exactly which intranet computer uses big internet and which one limitted internet.
2. I need DHCP server and with static IP addresses (one computer must always have the same IP address, etc).. i have my needs for this.
3. Also I need external access to some servers inside (web, ftp, etc) [code]
So far so good, all looks simple and I can achieve this in 2 hours on a centos linux box (correct routes, ip forwarding enabled and few iptables rules for NAT/SNAT/DNAT).
But on this brand new Centos router well, i'm not even successful in pinging the outside world, nor the inside world I'm tired of reading the forums, the documentation..i want (at first) a simple scenario: vlan+dhcp, fa4 with 1 public ip address and ACCESS to the real world. I wasn't able to achieve not even that much. [code]
I currently have DCHP server set up on my new 1141N. Everything works great, but I wanted to know if it were possible to make the DHCP server only hand out ip addresses on the wireless connection? Currently the AP is giving out ip addresses from the pool to wired and wireless pc's.
View 3 Replies View RelatedI am a total Cisco novice who has just had a ASA5505 installed to replace a linux freeware firewall (smoothwall).I'm told that the 5505 can't port forward traffic (e.g. ssh) from two external IP addresses to two internal destination machines via the same port # (22 in this example).
View 9 Replies View RelatedSetting up a stand-alone WDS/PXE server.Current we have helper addresses setup to forward the DHCP requests from the different VLAN's to the DHCP server. The WDS/PXE server we are setting up is on its server. How do we craft the helper addresses so DHCP requests go to the proper server hosting DHCP and PXE requests go the WDS server?
Everything I seen on Microsoft Technet, lists using Helper Address as the recommended way, but assume both services are on the same server. Our helper address is as follows on each VLAN interface in router: ip helper-address X.X.X..This is a Cisco 3750.
I upgraded my SG500 switch firmware to 1.3.0.59, since there is a new functionality DHCP server v.4 well I must say I came accross the issue I cannot solve. DHCP server assign dynamic address - no hassles. troubles start with static IP hosts.I defined a couple of hosts with static address within the correct subnet. I tried with hardware address and client identifiers. no luck. my switch does not assign the IP address I assigned to the suitable mac address. to define it I use both CLI & Web.
ip dhcp pool host HP-Elliteaddress 10.10.11.7 255.255.255.0 client-identifier 01:d8:d3:85:cf:09:72client-name HP-Ellitedefault-router 10.10.11.1exit
ip dhcp pool host VAIO-Zaddress 10.10.14.108 255.255.255.0 hardware-address 54:53:ed:1c:a1:46
default-router 10.10.14.1exit
ASA 5505 Firmware 8.3(4), ADSM 6.4(2).I have a public IP address of 168.87.3.4.I need to forward ports (5060, 5080, etc.) to one internal address. (192168.1.1).I need to foward different ports (10020-10080) to a different internal address (192.168.1.2) Everything I read tells me how to do this in a 1 to 1 static NAT.
View 1 Replies View RelatedCan I directly plug a server into an inside interface in a firewall (Cisco ASA 5510). I'm just confirming that I don't need to have a switch between them.This is the only server behind the firewall.
View 2 Replies View RelatedIs it possible to assign IP addresses to remote site WIFI users from local DHCP server and forward all other traffic to 2504 WLC?
[WIFI Users] >--------<AP (DHCP server) >------ VPN ---------< WLC
Haveing issue with DHCP server handing out IP addresses to client connected to VLAN5 interface.ISP Router>Firewall -(WatchGuard Drop-in mode) I have several 3750 switches and one acting as a L3 switch. The L3 is configured as follow: [code]
If I connect a laptop to int fa1/0/10 I DO NOT get an IP address from the 10.100.0.8 scope. If I connect to another interface within the VLAN 1, I get an address from the 10.100.0.0 range.
I have a PIX 515E that I want to use to as a border between my internet connection and my Cisco AIR1131AG. I have configured the PIX to have the outside interface as a dhcp client which gets its dynamic IP address from the cable modem. the AP is connected to the E1 inside interface. Now I could see the E1 interface from the arp table from the AP but I cannot ping it. From the firewall I don't see the ARP table from the firewall. and i cannot ping the AP. what is wrong with the configuration? side note, i am able to connect to the AIR1131AG from my laptop I was not able to retrieve an IP address.
FW1 - CONFIGURATION
interface Ethernet0 description uplink towards the techsavvy modem speed 100 nameif outside security-level 0 ip address dhcp setroute !interface Ethernet1 description >>> WIFI LAN ACCESS <<< nameif inside security-level 100 ip address 10.0.0.1 255.255.255.0
[Code].....
I have a ASA5505 that i have running asdm 6.4 on it and have tried setting up some DHCP scopes for the interfaces.I have the security plus key.I set up 4 interfaces all with different subnets and all with different DHCP being doled out by the firewall for the time being.Anyway, 3 of the 4 work.I have tried to change interfaces wondering if there was an issue with that phy device.I tried enableing the subnet that would not work first and it didnt matter still would not issue dhcp.the other 3 work fine.Is there a limitation to the amount of scopes that will issue dhcp for an asa5505 ?
View 3 Replies View RelatedI have a ASA5505 with version 8.4(3) that it's working as a DHCP server and I would like to get information about IPs availables (or assignated) on theirs pools via SNMP but I can't find the MIB or OID that I need.
What MIB that I need?
I have ASA5505 as my main router (192.168.15.1) and it currently it also serves as DHCP server. I have a WNDR3700 (192.168.15.2) which work as an access point and it provide wireless access for wireless devices. I have few dhcp clients where i can't setup static IP, and i want to restrict them to use static IP through MAC reservation.
1. Make ASA5505 to do the MAC reservation f, which will be easy setup for me. But as per my search its not possible.
2. Disable dhcp on ASA and enable dhcp on my WNDR3700. i tired this and dhcp clients are getting IP from wndr3700, but the problem is dhcp clients gateway defaults to 192.168.15.2 (as well as dns) and therefore no internet connection.
My cisco representative tells me that I am limited to 10 IP addresses for my 10 user license on an ASA 5505 even though the Cisco documentation specifically states that a 10 user license allows the maximum DHCP clients to 32 IP addresses.
I want to have 30 computers get IP addresses from the ASA, but don't need any but one or two to get outside the internal network. Is this possible with a 10 USER license.
My cisco representative tells me that I am limited to 10 IP addresses for my 10 user license on an ASA 5505 even though the Cisco documentation specifically states that a 10 user license allows the maximum DHCP clients to 32 IP addresses.
I want to have 30 computers get IP addresses from the ASA, but don't need any but one or two to get outside the internal network. Is this possible with a 10 USER license.
I have an ASA5505 which provides internet (just internet) for about more than 600 pc/laptops. Can 5505's DHCP support this number?
View 4 Replies View RelatedThere is web server at the internet. The firewall ASA5505 is located at the inside edge of the edge router and the internet is at the outside edge router of the edge router. The router has already been configured can route the outside network of firewall to internet. [code]
1. I have a host at the DMZ zone of firewall and if it wants to access this web server by http, the following command lines to be added to ASA5505 good enough and anything wrong with them? [code]
2.I have a doubt here that do I need to add any command line related to the Static Mapped address of 192.168.20.10/24 like below?
access-list Outside_DMZ extend permit tcp any 192.168.20.10 255.255.255.0 eq 80.whereby the 192.168.20.10 is the static mapped address of the Host at the DMZ to Outside Nertwork. Or, any other command related with the Static Mapped address have to be added?
I have ASA5505 with bese-license. I like to install proxy sever in my network and i want redirect traffic to the proxy server.
Below i added configuration in my firewall.
ASA(config)#access-list wccp-servers permit ip host 192.168.6.10 any ASA(config)#access-list wccp-traffic permit ip 192.168.6.0 255.255.255.0 any ASA(config)#wccp web-cache group-list wccp-servers redirect-list wccp-traffic ASA(config)#wccp interface inside web-cache redirect in
furher configuration and if this configuration is enough, then how to check whther its working or not in my firewall.
Using an ASA5505, have 1 static outside address, want to access an inside SBS-Server on SMTP, RDP (3389), HTTPS and port 987
Have configured network object nat rules using the asdm, SMTP works (I can telnet to the server on port 25 from outside), however for some reason I can not telnet inside and out on port 25, so outgoing mail does not work. RDP does not seem to work from outside, 987 I havent tested from outside. When I try to create a network object nat rule for https I get this message from the ASA:
[OK] object network SBS-HTTPS
object network SBS-HTTPS
[ERROR] nat (inside,outside) static interface service tcp https https
NAT unable to reserve ports.
I have an unusual issue, for which I can find nothing on the net similar.
Setup:
ASA5505 = > CISCO3524 => Windows 2012 server
ASA is internet edge with ACL / NAT implemented.
We are wanting to implement inbound NATs for this server - 3389. We have many other servers on the internal side of this ASA that we are NATing to. Creating NATs using the same outside IP to another server is fine, no issues. This other test server resides on the same VLAN as the windows 2012 server. All IPv6 is turned off on the W2012 server, and it can web-browse out via the ASA as well. No matter what I do, however I cannot get iinbound NAT, on ANY port to this server working. Internally from another server to this server on any port is fine, i.e. we can RDP to this server without issue, so we know this works - the firewall on this server is turned off too. This is our ONLY w2012 server on the internal side. When we run a wireshark on the server whilst testing the NAT there is no traffic, so its getting blocked somewhere.
The config of the ASA is fairly big to to santize it and remove all customer reference would take a while to make display of this secure difficult.
I have installed ASA5505 in the network. Port forwarding has been done for one of the server in our LAN. Public users are able to access the server successfully. I am trying to access from inside using the same Public server IP, but unable to access it. Can I have this feature in ASA5505(I think it is loopback configuration). If so, may I know the configuration detail?
View 4 Replies View RelatedI thought I had the configuration to allow bi-directional traffic for my Blackberry server. I have a second fw with the same config and it worked on that one. But right now, my blackberry server is down, and all the users are upset.
ASA Version 8.2(2)
!
hostname asa5505
[Code]......
I ve configures an asa 5505 for remote vpn with anyconnect. it works just fíne - from remote i can ping the Clients and Server inside, i can do RDP or Connect via SSH to any machine, map some volumes local and so on but: I can not connect microsoft sql server. It uses port 1433 for the first connect and establishes then a dynamic connection. So i am a Newbie - what rules or configs do i miss?
View 3 Replies View RelatedMy setup is as below
inside host--> ASA1--Outside interface- layer_ 2_Switch1--outside interface--> ASA2--inside interface-DHCP SERVER.
We want that inside host should get ip from subnet 192.168.10.0 /24. This ip pool is configured in DHCP server (ip 172.16.10.1) which is connected to ASA2. There is no routing issue as we are able to ping DHCP srever 172.16.10.1 from ASA1. to do config needed on ASA1 and ASA2 , so that host connected to ASA1 inside interface can get ip from DHCP srever. We have configured 192.168.10.1 /24 to ASA1 inside interface which will be gateway to inside host of ASA1.
Can I have two asa firewall between dhcp client and dhcp server. if yes what solution i have to have to get dhcp leases. should i have to configure dhcp relay on both the asa.
View 5 Replies View RelatedI am using a fiber optic connection. I want to connect it directly to ASA5510. A WLC2504 will be connected to ASA and one Aironet AP will be deployed at first. (At this moment I am not using any Windows server but in near future I will need to deploy Windows Server 2003 in my corporate network) My questions are:
Can I configure ASA as DHCP server for my LAN?
Can I configure WLC as DHCP server for my LAN?
If we can configure both then what is the best practice from above two options? (I am new to Cisco stuff and first time user)
On our ASA5520 we have three subinterfaces configured on our Gi0/1. Is it possible to configure a DHCP Server on one of these subinterfaces?
View 4 Replies View RelatedI get the following message when appling "DHCPD ENABLE INSIDE"
DHCP: Interface 'INSIDE' is currently configured as CLIENT and cannot be changed to a SERVER by a SERVER feature
This is an ASA 5505 Running 8.2.
I'd like to create dhcp server pool on ASA 5510. I was wondering how big is the DHCP scope that Cisco ASA 5510 can support? Are there any ASA models which can support up to subnet mask 22 for DHCP scope?
View 7 Replies View RelatedI will set up a Dhcp server on the inside interface of my pix. I would like to have the DHCP Server authenticate to the Active Directory Server that is located on the DMZ.
Inside --pix--dmz
Inside interface
Win 2008 DHCP
DMZ interface
Active Directory Server
What would be the issues that I could run in to when I try to authenticate this server from the inside interface to the dmz? I see that Dhcprelay option is available on the PIX 6.3 I'm guessing this is the only command that I need to use: dhcprelay enable dmz