Cisco Firewall :: ASA551 - Not Accessing Server In DMZ From Outside

Aug 6, 2011

I get stuck in a problem,What can be the reason for not working my configuration or any other reason that can be .

[CODE].....

View 4 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5510 - Accessing Web Server From Another One Within DMZ?

Nov 19, 2012

Is this possible and if so what commands do i need to configure on my ASA 5510 for it to work.I have two web server within my DMZ and i want to access the outside url of on on the web server from the other. Currently i can access the internet from both webserver server but not the url form either webservers.
 
E.g. config
 
webserver 1       https://xxxxxx.xxxxxxx.com ---> public ip---> dmz ip
webserver 2       https://xxxxxx.xxxxxxx.com ---> public ip---> dmz ip

View 2 Replies View Related

Cisco Firewall :: ASA Version 8.2 (5) / Web Server Not Accessing Internet?

Mar 14, 2013

active# sh running-config
: Saved
:
ASA Version 8.2(5)
!
hostname active
domain-name dhalahore.org
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted

[code].....

View 7 Replies View Related

Cisco Firewall :: ASA5510 / Accessing Exchange Server From DMZ?

Aug 16, 2011

We have a ASA5510 with a webserver in the DMZ network 10.2.2.0/24. We now want this web server to be able to access the Exchange server in the Inside network 10.1.1.0/24. I researched this and it seemed straight forward according the the Cisco document below:

[URL] 
 
I'm looking to do this with smtp so I added these lines to the config:
 
static (inside,DMZ) 10.2.2.30 10.1.1.11 netmask 255.255.255.255
access-list dmz extended permit tcp host 10.2.2.2 host 10.2.2.30 eq smtp
 
The configuration line:access-group DMZ in interface DMZ Already existed in the configuration so didn't need to be re-entered.

ASA Version 8.0(4)
!
hostname xxxx
domain-name xxxx.com
enable password xxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxx encrypted
names

[code]....

View 28 Replies View Related

Cisco Firewall :: ASA 8.0(5) / Block Specific Url From Accessing Server In Dmz?

May 4, 2011

I have Cisco ASA 8.0(5) and I need to block specific url to acees my https server in dmz ?I read about websence technology, but I think it's not free right? Also I read abotu policy inspection map's but in my case is HTTPS not http ..

View 1 Replies View Related

Laptop Restarting When Accessing Server?

Jun 29, 2011

my laptop is re-staring when access the server

View 1 Replies View Related

Accessing User Folders On Server?

Mar 8, 2012

I have a Windows Home Server v.1 I set it up nearly a year ago, and everything runs fine.I have 3 different user accounts that are password protected.On my PC, i have been running Windows 7 and using the server as my My Documents folder.I recently installed Windows 8 Consumer Preview on an old Hard Drive, and i can't seem to access any folder on the server that isn't already given public permission. Whenever i try to access my User folder i get an access denied message, but no prompt to enter a password so i can use it.

View 3 Replies View Related

Cisco Application :: CSS 11500 - Accessing Virtual IP From Server Vlan

Jan 5, 2011

I have a question regarding CSS loadbalancer. Let's say there are 2 vlans in CSS:

1. Vlan 10: 10.1.1.0/24 as external interface, interface where most of the clients are coming from.

2. Vlan 20: 10.1.2.0/24 for real server vlan.
 
Virtual IP 10.1.1.10 is created in CSS on behalf of two real servers (10.1.2.11 & .12) in Vlan 20. Client from Vlan 10 can http access to 10.1.1.10 successfully.
 
In Vlan 20 there's also few clients which need to access servers via virtual IP. Vlan 20 Client PC (10.1.2.101) can ping 10.1.1.10, but can't access 10.1.1.10 http service.
 
Is there any way for CSS to forward service request coming from Server vlan to be send back to the same segment?

View 9 Replies View Related

Cisco VPN :: Connection For Accessing Server On HTTP Port Only - ASA 5520

Mar 10, 2013

We have ASA5520 and we want to configure a VPN IPSEC profile so that a partner of ours can access only a server and only on HTTP port.I've tried configuring split tunneling with an Extended ACL but probably I'm missing something. I just configured the ACL so that it included any source to our server's IP on HTTP port but when testing, it didn't work.
 
However, if I configure a Standard ACL on the split tunneling I can access the server and all the services it provides.Do you know if I'm missing anything on the Extended ACL configuration?
 
Should I configure this any other way?

View 6 Replies View Related

Routers / Switches :: Difficulty Accessing Internet Through Server

May 18, 2012

I have a router and a server that are connected through two unmanage switches. The router has DSL service in it and I want to access the internet on the server but I can't. The two are in the same network and it is a static IP network. I can ping the router from the server.

View 36 Replies View Related

Accessing Server Shares With Windows 7 Home Premium

Jul 30, 2012

I recently bought a personal laptop that I'd like to use at work. It came with Windows 7 Home Premium installed and because of that, I can't join it to the Windows Server 2003 domain we have. I don't really need to print or any of the other things that go with being on the domain, I just need access to a few key folders. Is there any way to access shares on the server with Win 7 Home?

View 2 Replies View Related

Getting (general Network Error) While Accessing Application From Server

Feb 23, 2011

i'm getting "general network error" while accessing application from server..

client machine: Windows 7

server machine: Windows 2008 server

Switch : 24 port unmanaged D-Link switch ..

network cable: CAT-5 cable.

View 1 Replies View Related

Prevent A Certain Host On LAN1 From Accessing A Server On LAN2?

Mar 17, 2011

I am having some trouble understanding extended control lists. I am trying to prevent a certain host on LAN1 from accessing a server on LAN2, while still allowing the host access to the rest of LAN2.This is what I thought the command should be:

access-list 100 deny ip 175.16.1.2 0.0.0.0 175.17.2.2 0.0.0.0

My understanding was that:

Green = source & mask
Red = destination & mask

However this seems to stop all my other hosts on LAN1 from pinging the server also.

View 11 Replies View Related

Routers / Switches :: Accessing A QNAP Ftp Server Behind A Router

Jul 12, 2011

I cannot seem to see my server behind a cisco router. I have a feeling it is because our network phone system may be robbing the IP address?We have two fixed IP addresses.The first one, is assigned to the router.We have two swtiches set up behind router and all the other network stuff interanally wrks great.We also have full internet access. When I type the IP in on the web, it accesses the talkswitch phone system.I have set the internal IP to the server as fixed.I have port 21 open for FTP.When I run a test, the internet sees port 21 open. However, I cannot seem to cal lup the server over the internet. Could the talkswitch system somehow be interfereing with the logon?What would the proper syntax be to access the server?

View 3 Replies View Related

Windows 7 - Accessing A Records Defined On A Server On VPN Connection?

Jun 19, 2011

I have a VPN connection to my office network. The VPN connection appears to work fine as it connects and logs me in successfully. In the connection box I have to provide a domain and my username to log in. Once the VPN is connected I am then able to ping my office computer as if I was on the same network. That is great. The problem is that there is a server on that network that defines a bunch of A records for web applications we are working on and I can't seem to hit any of those from my home computer, even though I can at work. If I remote into the office PC and navigate to these addresses they work fine. I also know that my co-worker can hit these a records from home so it has to be something I'm doing wrong.

[Code]....

View 2 Replies View Related

Inter Vlan Routing ASA 5505 - Accessing File Server From Second Network

Apr 24, 2013

I have a Cisco ASA 5505 with the base License. I want to split my network and add a new Internet Access, the first network in Orange works fine. My question is how can i access the file server from the second network (192.168.X.0 /24) ? The 3 switches are Cisco SF300-24P.

View 7 Replies View Related

Cisco Firewall :: Accessing DVR Through ASA 5505

Mar 7, 2012

We have an ASA-5505 running 8.2(1) with a Bosch DVR 600. When a machine is on the local subnet, it can see the video; however, when it's moved to the DMZ, the unit can be accessed, but all video screens are black and an java script error pops up as follows: [URL]

This message does not pop up when on the local subnet. Additionally, in the login screen, there is a language selection, and sometimes all languages are blanked out. There is a space for them, but they don't display.
 
I've tried this on a half a dozen machines, either XP or Win7 with IE8 and IE9, and they all do the same thing. I disabled http inspection, but that doesn't work. I also did a packet capture, and the only packets that traverse the ASA.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 DMZ Accessing From Outside IPv6

Jun 11, 2013

I could access from outside to dmz but after i moved to IPv6 as there is no nat needed, i applied the acl's but dont know where i'm going wrong. I need access from outside to dmz web server.

View 4 Replies View Related

Cisco Firewall :: Accessing ASA 5505 From Internet?

Dec 4, 2012

I want to access my ASA 5505 from internet.how I can achieve it.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Accessing Hosts Over VPN?

Oct 31, 2012

I've been attempting to fix this issue or confirm the issue is not with the firewall and I have kind of run into a road block. This is my problem as I understand it. A client of mine has a VPN tunnel built over a point to point connection of some kind (this client is fairly new to me) and is unable to access some hosts on the remote end of the VPN tunnel from the LAN side of the firewall. The LAN IPs are NAT'd as they leave the network from the HPH-Point-to-Point interface to the remote end. Just as a point of reference, the LAN IP of 129.200.11.19 is said to be working, however the range of 129.200.20.25 - .50 is not. I've tried packet-tracer but with the NAT happening over a VPN tunnel I am not sure if I am doing it correctly.

View 1 Replies View Related

Cisco Firewall :: Accessing SMTP From Outside Network Through ASA 5510?

Oct 11, 2012

I have an issue with my mail server(SME Server) which is behind a Cisco ASA 5500(firewall)  problem is that if one leaves my network they can receive but can not  send email via my SMTP also internal people can only send if they use  the IP address of the server rather than the domain [URL]

here is my layout
 
ISP - ASA 5510 - LAN (includes mailserver)

View 7 Replies View Related

Cisco Firewall :: PIX 515e Accessing Node On DMZ From Inside Interface

Mar 31, 2013

I have a PIX 515e running version 7.2(4).I have 2 interfaces - DMZ3 (sec lvl 50) and LAB (sec lvl 100) behind the pix. There is also the OUTSIDE interface (sec lvl 0) which connects to the internet.In DMZ3 I have a webserver - x.x.124.217/24 (host is NATed via static command to public IP)In LAB I have a server - x.x.1.203/24 (entire range is NATed via NAT/Global statements to public IP)The server in LAB needs to access a webserver in DMZ3. From the internet both of these hosts have public addresses that are NATed into the inside addresses. I can reach the webserver from the internet, but not from the LAB interface.I think I have to add a static command so that the LAB host can access the DMZ3 host without accessing the internet.

View 3 Replies View Related

Cisco Firewall :: Accessing Internal Sites Via External IP 5505

Jun 4, 2012

I have a Cisco 5505, 2 sites that are internal, 1 external IP (dhcp from cable modem).   While on my laptop, ipad, iphone, I cannot access the server via it's external IP address.  I MUST use the internal IP in order to access this site. I have heard of hairpinning, internal dns server(don't really want this).

View 8 Replies View Related

Cisco Firewall :: ASA5525-X / Accessing IPs Of Public Servers From Inside Interface?

Oct 30, 2012

Got an ASA5525-X with 8.6 release. We have an inside interface (10.11.1.0/24) and a DMZ interface (10.254.1.0/24). On that DMZ interface theres an SMTP server; by using the Public server feature in ASDM we created a rule so we have mapped the 10.254.1.29 internal ip to an external ip 217.x.x.x Everything is fine; working ok, but for several reasons we need to access the public ip 217.x.x.x from an inside ip (10.11.1.10). I tried to do it by creating an exemption for the dynamic nat; if i don't do that i have a 'deny ip spoof from...' message rolling on my syslogs.Seems to do the trick.....but only for pings! i ping the public ip from the inside ip, and got the reply from the internal ip on the DMZ. But if i want to telnet port 25 from inside to public; its not working.

View 7 Replies View Related

Security / Firewalls :: Visiting Laptops From Plugging In CAT Cable / Accessing LAN Protected By Perimeter Firewall?

Jun 29, 2012

Besides MAC address filtering, is there another good / easier way to keep visiting laptops etc from plugging in a CAT cable and accessing a LAN protected by a perimeter firewall?

View 5 Replies View Related

Cisco Firewall :: ASA 5510 / Add A Mail Server In The LAN And A Webmail Using Port 3000 On The Server?

Jul 24, 2011

I'am using ASA 5510 and I try to understand how PAT is working.I want to add a Mail Server in the LAN and a webmail using port 3000 on the server. ( webmail must be reachable from the WAN)This is my Configuration :actually LAN users access internet using NAT with one global IP ( 194.x.x.69) which is the ASA WAN interface.

WAN ----- ISP Router ----------     FW     ---------- LAN -------- Mail Server + Webmail
|             (25) | (3000)
194.x.x.69    192.168.1.254                     192.168.1.6
 
I need to forward port 3000 and port 25 from outside to inside.For example, from the WAN : [URL] must be redirect toward 192.168.1.6:3000 . What is the Correct Configuration ? And what about the Inside/Outside Traffic,Is there any configuration to add ?

View 2 Replies View Related

Cisco Firewall :: ASA 5505 - Proxy Server Send Register To Hosted Server Private IP Changed

Aug 23, 2011

We have Cisco ASA 5505 with ASDM 5.2 We have one Proxy server in our Local Lab and pointed to Hosted service(Simple Signal)issue is, When our proxy server send register to hosted server, ASA change private IP and post with outside IP and src port as 1063 every time.

Here is debug log on real time monitoring.
 
Aug 24 2011    05:21:19    302015    203.xxx.xxx.226    192.168.1.51     Built outbound UDP connection 3774 for outside:203.xxx.xxx.226/5060 (203.xxx.xxx.226/5060) to inside:192.168.1.51/27014 (99.119.161.107/1142)
Aug 24 2011    05:21:19    607001    203.xxx.xxx.226         Pre- allocate SIP Via UDP secondary channel for inside:192.168.1.51/27014 to outside:203.xxx.xxx.226 from REGISTER message
Aug 24 2011    05:21:19    710005    203.xxx.xxx.226    99.xxx.xxx.107     UDP request discarded from 203.xxx.xxx.226/5060 to outside:99.xxx.xxx.107/1063

Here 99.xxx.xxx.107 is Our ASA Outside IP address 203.xxx.xxx.226 is Hosted server IP address. My ASA config is attached.

View 2 Replies View Related

Cisco Firewall :: ASA 5520 - NTP Server For Firewall Clock Setting

May 22, 2013

I have ASA 5520 installed. I want to use ntp server for firewall clock setting. I found one open-access ntp server (stratum 2) in Los Angeles:
 
[URL] 209.151.225.100
  
Can I use the following command to set ntp server?
 
ntp server 209.151.225.100 source outside.

View 3 Replies View Related

Cisco Firewall :: 172.16.10.1 / Allow Traffic Through Firewall To DHCP Server

Jun 11, 2013

My setup is as below
 
inside host--> ASA1--Outside interface- layer_ 2_Switch1--outside interface--> ASA2--inside interface-DHCP SERVER.
 
We want that inside host should get ip from subnet 192.168.10.0 /24. This ip pool is configured in DHCP server (ip 172.16.10.1) which is connected to ASA2. There is no routing issue as we are able to ping DHCP srever 172.16.10.1 from ASA1. to do config needed on  ASA1 and ASA2 , so that host connected to ASA1 inside interface can get ip from DHCP srever. We have configured 192.168.10.1 /24 to ASA1 inside interface which will be gateway to inside host of ASA1.

View 6 Replies View Related

Cisco :: Can't Ping New Firewall From Server

Jul 8, 2011

I've recently swapped out an old pix firewall for a new ASA5505 and have been trying to match the configs as best I can. However I still can't ping the new firewall from the server and it still won't let them serve out. The firewall exists on a separate VLAN (vlan30), but the previous pix never seemed to care about that. I'm wondering if that might be part of the problem.

View 8 Replies View Related

Cisco Firewall :: SNMP Server On PIX IOS 7.2 Over VPN

Sep 4, 2011

I have a simple query for the issues I m facing currently.I have @ remote site  remote site PIX firewall which is configurd to get the Snmp poll on the server locate outside via site to site VPN.There is another snmp server located also in inside which I’m not managing it .
========================================================================
below are the command for the snmp configured on PIX.
 snmp-server host inside x.x.x.x community XXXXX ---This is not managed by us
snmp-server host inside x.x.x.x community XXXXX 
snmp-server host outside y.y.y.y (private IP tunneled though VPN)  poll community YYYYY ---Managed by us
snmp-server host outside y.y.y.y  poll community YYYYY

[code]....

there are 2 snmp community & server defined in snmp-server host command for 2 different IP address belongs to snmp server  and we can only define one global snmp-server community for any one of them .Question is how the snmp community take a precedence currently I am able to ping from my snmp server from outside to the PIX firewall outside interface over L2L VPN but somehow the snmp server is not listening when i do port query on 161 por!.

View 3 Replies View Related

Cisco Firewall :: ASA 8.3 Server NAT To Different Interfaces?

Apr 10, 2011

Do i need to create 2 objects for nating a server to 2 different interfaces?That is an inside server published in two different dmzsAutomatic migration to 8.3 creates 2 objects (one for each nat)Can I do the same with only one object? like this or I need an object for each nat?
 
object network server
 
host 192.168.128.10
 nat (inside,dmz) static 172.24.1.10
 nat (inside,dmzguests) static 10.10.0.10

View 5 Replies View Related

Cisco Firewall :: ASA 8.4 TCP With RDP Server 5.2 Usage Only

Feb 16, 2013

I decided to migrate to ASA 8.4(5) from 7 and everything went very well with the exception of this one issue.  All ACL and NAT for our various remote desktop servers work perfectly as long as the servers are running an RDP server version greater than 5.2.  For instance, Server 2008 machines (or Win 7 Pro desktops) work perfectly as configured; however, Server 2003 machines (or WinXP Pro desktops) will not.  I'm using manual, static NAT for the object to avoid automatic NAT issues.
 
The client computer displays the non-vista warning message, "The indentity of the remote computer cannot be verified...", but then fails to properly connect stopping at the "Configuring remote session..." status message.  The ASA log shows that it built the TCP, then it displays a teardown with reason TCP Reset-I.
 
I can use a working ACL and NAT (using default TCP 3389 for instance) with a Server 2008 at IP 192.168.15.10 and move a Server 2003 machine to that same IP without touching any configuration at the firewall and it fails.  Move the Server 2008 machine back to that IP and it works perfectly (both set at Port 3389 of course).
 
Here is the relevant info from the config that I am using for this:
------------------------------------------
 
object network RDPServer
host 192.168.15.10
 
object service RDP
service tcp source eq 3389
 
access-list out2in line 1 extended permit tcp any object 192.168.15.10 eq 3389
 
nat (inside,outside) 1 source static RDPServer interface service RDP RDP,The above works pefect as long as a server 2008 machine is at the IP, but fails with a server 2003 machine at the IP.

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved