Cisco Firewall :: ASA5505 - Port Forwarding For L2TP

May 25, 2011

I have a Windows 2003 server running a L2TP VPN server on it. I'm putting theASA5505 in replacement of an open source firewall.
 
My question is that, I can't seem to forward the ports correctly for L2TP to the internal address of the 2k3 VPN server. It seems to me that the ASA is trying to negotiate the VPN connection rather than forward it internally.
 
Cisco ASA5505
WAN 216.136.1.2
LAN 10.1.1.1/24
Windows server - 10.1.1.14
 
I've added the NAT and ACL and still nothing.

View 2 Replies


ADVERTISEMENT

Cisco Firewall :: ASA5505 / Port Forwarding Not Working?

Apr 6, 2012

I'm not able to access my Slingbox from the outside.  I've set up port forwarding on port 5001 to allow outside connections in, but port forwarding isn't working.  Am I missing something?
 
object network INSIDE-HOSTS
subnet 10.10.10.0 255.255.255.0
object network Slingbox
host 10.10.10.254
object-group protocol TCPUDP

[code].....

View 13 Replies View Related

Cisco Firewall :: Port Range Forwarding On Post 8.3 ASA5505

Jun 1, 2011

I have an ASA 5505 on a job. It is a smaller business that would have done better with an RV082, but they have what they have. It is running firmware 8.4. The client needed ports forwarded for their FTP server. The port range in this config is tcp 43333-43339. The FTP server ip is 192.168.1.2. [Code] ......

View 8 Replies View Related

Cisco Firewall :: ASA5505 - How To Configure Port Forwarding For All Devices

Apr 18, 2012

How to configure this setup.I have an ASA5505 with dual wan failover, FiOS (eth0) & Cable (eth1). how to configure the port forwarding for all my devices so it doesn't matter what external interface the traffic is coming from. For example, I need web traffic on port 80 forwarded to 192.168.1.150 regardless of whether it is coming through eth0 or eth1.

View 2 Replies View Related

Cisco Firewall :: ASA5505 Port Forwarding For Inside Server

Dec 20, 2011

I have installed ASA5505 in the network. Port forwarding has been done for one of the server in our LAN. Public users are able to access the server successfully. I am trying to access from inside using the same Public server IP, but unable to access it. Can I have this feature in ASA5505(I think it is loopback configuration). If so, may I know the configuration detail?

View 4 Replies View Related

Cisco Firewall :: Basic Port Forwarding ASA5505 Version 8.4 ASDM 6.4?

Nov 24, 2012

configuring the ASA particulary after the change to how NAT is implemented.  What I am trying to accomplish logically seems fairly simple, yet I cannot get it to work.  I have a Synology NAS at home that I am trying to reach via the internet.  Prior to using my ASA, I had Verizon's FIOS router as my gateway and everything forwarded with no issues.  The ports I need forwarded or reachable via the internet are TCP port 80 and 5000.I can also configure it via command line if that's the easier/preferred method.

View 11 Replies View Related

Cisco Firewall :: ASA5505 Configure Port Forwarding To Multiple Internal IP Addresses

Jun 21, 2012

ASA 5505 Firmware 8.3(4), ADSM 6.4(2).I have a public IP address of 168.87.3.4.I need to forward ports (5060, 5080, etc.) to one internal address. (192168.1.1).I need to foward different ports (10020-10080) to a different internal address (192.168.1.2) Everything I read tells me how to do this in a 1 to 1 static NAT.

View 1 Replies View Related

Cisco VPN :: Exclude IPs To Port Forwarding On 877 To ASA5505

Feb 13, 2012

I have the following setup:
 
ADSL ---> Cisco 877 with connected site-to-site VPN's ---> Cisco ASA 5505 with Remote VPN enabled
 
I want to connect my Android phone to the Cisco ASA 5505 with Remote VPN. When I forward port 500 and 4500 on the Cisco 877 to the Cisco ASA5505 I can connect with the phone.
 
But as expected, the site to site connections are lost because now they try to reach the ASA 5505 also.
 
I want to exclude the site to site external IP addresses from doing static NAT to the ASA 5505...how can I accomplish this ?

View 3 Replies View Related

Cisco Firewall :: Change Default SSH Port On ASA 5505 (port Forwarding)

Dec 2, 2011

So here is my network.
 
ASA5505--->Cisco1841--->Cat2960
Code
ASA asa831-k8.bin
Cisco 1841 c1841-adventerprisek9-mz.151-4.M2.bin
Cat 2960 c2960-lanbasek9-mz.122-55.SE1.bin
 
and here is my dilemma.
 
I can SSH from the internet to my ASA on default port 22, directly to my public IP.  I can SSH from the internet to my Cisco 1841 on port 2001. I can not however, SSH to my Cat 2960.  From what i can tell, on the Cat2960 i can't change the default port 22 for SSH to different port, just like i did on the Cisco 1841.  I looked to see if I can change the default port for SSH on he ASA, it does not look like this is an option.
 
The bottom line is that i want to be able to SSH to all three devices from the internet.  I only have one public IP.  As of now, what i can do is only SSH to the ASA on default port 22 directly to the public IP and Cisco 1841 on port 2001.  It appears that changing the default SSH port on Cat 2960 is not an option.  It also appears that I can't change the default SSH port on the ASA, if i could, i would and then i should be able to SSH to the Cat 2960 on port 22. No matter what i did on the ASA, it always listens on port 22 for SSH connections.
 
show asp table socket
TCP       001f549f  <<pub IP>>:22              0.0.0.0:*               LISTEN
 
how do i make it listen on different port?
 
Here is relevent config for SSH for cisco 1841 (port forwarding)
 
ON ASA
object network ROUTER
host 10.10.1.1

[Code].....

View 28 Replies View Related

Cisco VPN :: Connecting To ASA5505 From Home To Head-office Using L2TP VPN

Jul 16, 2012

I am connecting to a ASA5505 at from home to the head-office using L2TP VPN.
 
Head-office then has a connection to other-office via a site-to-site IPSEC tunnel.
 
When in the head-office (192.168.100.0/24) I can ping/access remote-office (192.168.200.0/24) OK.
 
When connected remotely to head-office, I can ping/access head-office OK from the road-warrior laptop.
 
My problem is that when connected remotely from home to the head-office I cannot ping/access the other-office subnet.
 
On the home laptop the L2TP VPN connection is set to route all traffic to the VPN connection using the HQ as the internet gateway I can confirm this works.
 
I cant do traceroute (I get timeouts) as my policy doesnt allow and not sure how to enable this properly on the ASA.

names
name 192.168.200.0 othersite
!
interface Vlan1
nameif inside
security-level 100

[code]....

View 1 Replies View Related

Cisco Switching/Routing :: 881W - IOS Port Forwarding Commands For Port Forwarding

Apr 7, 2013

I am trying to open up port 32400 on my 881w Cisco router but I have not had any success I need to configure manual port-forward to enable my Plex Media server.

View 1 Replies View Related

Cisco Firewall :: Management Port On ASA5505?

Nov 7, 2011

I have interfaces defined on the 5505:
 
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1

[Code].....

I only need one interface to connect to a single host on the inside (VLAN1) and then connect E0 to a DSL.
 
Is it possible (are what are the commands required) to take one of the other interfaces and create a Management port on the local office LAN?

View 2 Replies View Related

Cisco Firewall :: Port Forwarding In ASA 8.4.4 (1)?

Aug 9, 2012

I have a cisco 5520 with 8.4.4(1) and I already have a NAT for an email server on it.Here is the IP and ports on current configuration:
 
Email Server Private IP:  1.1.1.1
Email Server Public IP: 2.2.2.2 
Email Server Local Ports : 25, 587
 
Right now I have ports 25 and 587 opened for 2.2.2.2 so, now I need to add a port redirection for another port:
 
New Port : 8925
 
I need to redirect 2.2.2.2:8925  to  1.1.1.1:587 

View 1 Replies View Related

Cisco Firewall :: Port Forwarding In Pix 501?

Apr 11, 2013

i'm having a problem portforwarding/redirection for the pix 501?I'm trying to open the ports 49003 and 40085 in order to view our dvr remotely and i'm not exactly sure how to it.

View 11 Replies View Related

Cisco Firewall :: ASA 8.4 Port Forwarding

Nov 5, 2012

I have an issue with portforwarding in my teleeye cctv behind asa 8.4. I can browse the DVR outside  via http however when i attempt to login, "server busy" will prompt afterwards. Note: Theres no issue when acesssing the DVR locally.
 
Heres my config.
OUTSIDE INTERFACE:
interface Ethernet0/3
speed 100
duplex full
[Code]...

View 4 Replies View Related

Cisco Firewall :: Opening Port Range ASA5505

Mar 26, 2013

I just bought a Cisco ASA5505. I'm trying to opening a port range through CLI, but it doesn't seem to be working.
 
Background:I have an FTP Server running behind the firewall and need to allow port ranges 30000-30100 for data connections.  I have been using FTP through the command prompt and its working. However, I cannot use it through the FileZilla client as it fails to query the directories.  I have the ASA forwarding to port 1125 from 21 in passive mode.
  
Access-List:
access-list Outside_Access_In line 3 extended permit tcp any any eq ftp-data (hitcnt=0) 0xfa8ed43d
access-list Outside_Access_In line 4 extended permit tcp any any eq ftp (hitcnt=17)

[Code].....

View 14 Replies View Related

Cisco Firewall :: Port Forwarding With ASA 5510?

May 2, 2011

i have a asa with a outside IP address of 140.32.121.5. behind this firewall i have a cisco MWR 2941 that i would like to connect to via telnet. its inside ip address is 10.10.10.2. my reasoning for this is because i cannot SSH or telnet from a ASA so i need to have the ASA push my telnet request to the router on its inside interface.i have tried some NAT examples but i am very green with NAT. i have also built access lists that look like the follow " access-list 101 permit tcp any 10.10.50.2 eq 23. and then tied the access-group 101 with the outside interface. this also with no success.

View 1 Replies View Related

Cisco Firewall :: ASA 8.4 Forwarding Port Range?

Oct 30, 2012

I need to open port range 554 - 558 to a DVR on the internal network. Also, I need to NAT one of my public IP's to the DVR. How is this accomplished in 8.4? I was able to do it in an older version ASA software.

View 3 Replies View Related

Cisco Firewall :: Simple Port Forwarding On ASA 8.4?

Sep 4, 2012

I've tried setting up some simple port forwarding on my ASA, where I want to forward one port on the external interface for both UDP and TCP to the same port on an internal server.
 
It works fine for UDP, but all TCP packets are dropped on the outside interface, even though the configuration for UDP and TCP is basically the same! This is my config:
 
object network MY_SERVER
host 10.10.1.4 
object service TCP_MY_SERVICE

[Code].....
 
Port count goes up on line 2 (UDP) but never for line 1. I just see the packet denied instead. Same thing happens in the packet tracer, a packet destined for my external interface on that port for UDP is allowed and NAT'd just fine. TCP it gets dropped by the ACL on the outside interface.

View 15 Replies View Related

Cisco Firewall :: ASA 5510 And Port Forwarding?

Oct 23, 2012

I have a Cisco ASA 5510 appliance running ASDM 6.3 We have a number of public IP addresses associated with our company. In order to utilise the IP addresses effectively I want to use one puplic IP address for two servers running on different ports.e.g.
 
Public IP address 78.109.174.100
 
for both
 
Server 1 HTTPS and HTTP
 Server 2 FTP
 
Both Servers live in the same subnet (DMZ) I believe this maybe port forwarding but could be completely wrong. I've tried creating a NAT rule that goes from Server 2 Network object to Server 1 external but this didn't work.

View 2 Replies View Related

Cisco Firewall :: Port Forwarding In 5505

Feb 25, 2013

have a couple of ASA 5505's which work fine for what they are doing VPN and all that - we have 1 DLINK DFR-700 Firewall left and I need to get a new ASA to replace this since it is old.All this box really does is port forward external clients to 1 address on the internal lan for client software updates.So lets say we have client a with IP 1.1.1.1 and client b has 2.2.2.2 - at the moment this is what happens client a and b come in through http and get mapped to the internal http server 10.10.1.2So I need to setup about 100 clients which can come in through http only - get mapped to the internal IP and also keeping the internal server to be able to access anything outside.

View 16 Replies View Related

Cisco Firewall :: ASA 5505 Port Forwarding NAT

Dec 6, 2012

I have ASA5505 and am having issue with port forwarding NAT . [code]

View 11 Replies View Related

Cisco Firewall :: ASA 5510 8.4 Nat And Port-forwarding?

Jun 6, 2013

I'm trying to forward an internal service on a internal  server to the external interface on the same port on the outside  interface of our ASA.I been searching for a solution for days and found nothing.Here are the relevant parts of my config:

: Saved
:
ASA Version 8.4(2)
!
object service TCP-WebServer-8080
service tcp source eq 8080
object network WebServer_Object_10.1.10.7
host 10.1.10.7

[code]....
  
So it looks like it's being dropped by an ACL, but it looks right to me.

View 4 Replies View Related

Cisco Firewall :: Port Forwarding Using ASA 5510

Dec 3, 2012

I have a ASA 5510. I want to access the internal server IP through the ASA via http://60.54.x.x:8080/sms/DnNotify ( via port 8080).How do i configure it? NAT? ACL? configure port?

View 3 Replies View Related

Cisco Firewall :: Port Forwarding On 5505?

Sep 1, 2012

I have the following configuration in my ASA 5505 and I'm having problems connecting with other players on my XBox (moderate NAT).
 
I think my problem is that I need to forward ports tcp:3074, udp:3074, and udp:88 to my xbox which is at 192.168.2.50 (vlan 3 below).
 
[code]
# sh run
: Saved
:

[Code].....

View 3 Replies View Related

Cisco Firewall :: Port Forwarding With ASA 5505

Oct 1, 2012

I am trying to forward specific ports from the outside interface on my ASA5505 to my servers inside and can not get it to work! I have a VPN that currently works and the firewall rule in place I am just overlooking something simple I'm sure. Here is the config:
 
ASA Version 8.2(5)
!
hostname ASA
enable password <removed>
passwd <removed>
[Code]...

View 16 Replies View Related

Cisco Firewall :: Port Forwarding In ASA 5520?

Oct 3, 2012

I am trying to forward all the traffic of a particular port number to my outside interface forwarded to an internal IP address.

View 1 Replies View Related

Cisco Firewall :: PIX 515e Port Forwarding

Apr 2, 2012

I'm having issues both with port forwarding and VPN with my PIX. I've tried different ways to set up port forwarding for remote desktop, but I still haven't had any luck.
 
With the VPN, I can secure a connection into the PIX, but I cannot access the internet or ping any of my devices on the remote network.
 
hostname PIX-515E-1
domain-name #####
enable password #####  encrypted
passwd ##### encrypted
names(code)

View 5 Replies View Related

Cisco Firewall :: Multiple Static Port Translations On ASA5505

Aug 15, 2011

I am at a loss on configuring a new ASA5505 for multiple static port translations.I would have expected to simply add several service command to a network object to complete the task, however, the service command overrides the previous and replaces rather than adds to the translations. [code] However, if entered in that order the 8443 overwrites the 8080 static translation.What is the correct procedure to establish multiple translations? If someone could also provide the "old" style for pre 8.2 release, I'd like to compare because I thought I used to do this with an access-list somewhere.

View 4 Replies View Related

Cisco Firewall :: ASA5505 - Outbound Traffic Ceases Even Though Port Is Up

Mar 10, 2011

I've had a Cisco ASA 5505 firewall connected to a cable modem (Virgin Media, UK) for the past 3 years.  In the last 6 months or so I have noticed that the ASA would drop the outside (internet) connection intermittently, usually at least once every 1-2 weeks - the interface still shows as being up but no traffic crosses it, and computers on the inside network abruptly lose internet connectivity.  Rebooting the ASA or administratively shutting down the interface and bringing it back up again would cure the problem straight away until the next time it happens.
 
In the last couple of days however despite nothing having been changed in the configuration the frequency of this connection drop has increased to the point where I would lose access to the internet within an hour of rebooting the ASA.  It does not seem to matter whether or not there is traffic currently going out or not, inside computers just appear to suddenly lose internet connectivity.
 
I have tried the following without success:

1) I completely wiped the configuration (configure factory-default)

2) I changed the port the cable modem was connected to (eth0/0 -> eth0/7, changing switchport vlan accordingly)
 
I thought perhaps 2) had fixed it but it lasted a whole 2 hours before I woke up this morning to find that none of the internal equipment had internet access despite the fact eth0/7 was showing as up/up in ASA CLI.
 
This morning I manually set the eth0/7 port to "speed 10" (10Mbps, full duplex).  It was previously set to be auto-negotiation (default) on both speed and duplex.  As of this post it has managed to keep the outside connection up for 3 hours - but I'm not optimistic that it is fixed.
 
Interface counters have never shown any collisions, errors, etc - only packets input and output as expected.
 
Since the problem persisted across ports (eth0/0 -> eth0/7) I'm wondering whether or not the problem could either be faulty memory, or some kind of speed/duplex incompatibility between the cable modem and ASA.

View 13 Replies View Related

Cisco Firewall :: ASA5505 Port 3306 Request Discarded

Oct 20, 2012

ASA5505 port 3306.I have been fighting for days to open the port 3306 on my appliance, I have read carefully all the forums and no success.

View 9 Replies View Related

Cisco Firewall :: Setting Up Port Forwarding ASA 5505

Mar 15, 2012

We are trying to setup our ASA 5505 to do port forwarding to multiple internal servers and have run into some issues. A little background on what we are trying to do.
 
We have 1 static external IP. Internally we have one exsisting server (10.1.1.184) that has port 80 forwarded to it and another exsisting server (10.1.1.185) that has port 443 forwarded to it. Both of these servers are serving seperate web apps to our employees who of course use them offsite. We have now added an additional server (10.1.1.186) that needs to use both ports 80 and 443. Is there any way to set it up so that these ports can be forwarded to all the servers that need them? Also, how would this work as far knowing what traffic will need to go to which server even though it is using the same port?
 
The equipment is: ASA 5505ASA Version 7.2(4)ASDM Version 5.2(4)   I appologize in advance if what I'm trying to do is difficult/impossible. I inherted the ASA 5505 at this location and I was not here when it was initially installed. In fact no one on staff was here when it was initially installed. I did manage to find the passwords to it though. I'm not at all familiar with the ASA 5505 or Cisco secuirty appliances in general.

View 19 Replies View Related

Cisco Firewall :: Enable Port Forwarding On CLI For ASA 5510?

Aug 21, 2011

how do i enable port forwarding on the CLI for ASA 5510. outside subnet is 192.168.1.0/27. when i try to ping another IP with that range i can't access.

View 37 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved