Cisco Firewall :: ASA551 - Not Accessing Server In DMZ From Outside
Aug 6, 2011I get stuck in a problem,What can be the reason for not working my configuration or any other reason that can be .
[CODE].....
ADVERTISEMENT
Cisco Firewall :: ASA 5510 - Accessing Web Server From Another One Within DMZ?
Nov 19, 2012Is this possible and if so what commands do i need to configure on my ASA 5510 for it to work.I have two web server within my DMZ and i want to access the outside url of on on the web server from the other. Currently i can access the internet from both webserver server but not the url form either webservers.
E.g. config
webserver 1 https://xxxxxx.xxxxxxx.com ---> public ip---> dmz ip
webserver 2 https://xxxxxx.xxxxxxx.com ---> public ip---> dmz ip
Cisco Firewall :: ASA Version 8.2 (5) / Web Server Not Accessing Internet?
Mar 14, 2013 active# sh running-config
: Saved
:
ASA Version 8.2(5)
!
hostname active
domain-name dhalahore.org
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
[code].....
Cisco Firewall :: ASA5510 / Accessing Exchange Server From DMZ?
Aug 16, 2011We have a ASA5510 with a webserver in the DMZ network 10.2.2.0/24. We now want this web server to be able to access the Exchange server in the Inside network 10.1.1.0/24. I researched this and it seemed straight forward according the the Cisco document below:
[URL]
I'm looking to do this with smtp so I added these lines to the config:
static (inside,DMZ) 10.2.2.30 10.1.1.11 netmask 255.255.255.255
access-list dmz extended permit tcp host 10.2.2.2 host 10.2.2.30 eq smtp
The configuration line:access-group DMZ in interface DMZ Already existed in the configuration so didn't need to be re-entered.
ASA Version 8.0(4)
!
hostname xxxx
domain-name xxxx.com
enable password xxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxx encrypted
names
[code]....
Cisco Firewall :: ASA 8.0(5) / Block Specific Url From Accessing Server In Dmz?
May 4, 2011I have Cisco ASA 8.0(5) and I need to block specific url to acees my https server in dmz ?I read about websence technology, but I think it's not free right? Also I read abotu policy inspection map's but in my case is HTTPS not http ..
View 1 Replies View RelatedLaptop Restarting When Accessing Server?
Jun 29, 2011my laptop is re-staring when access the server
View 1 Replies View RelatedAccessing User Folders On Server?
Mar 8, 2012I have a Windows Home Server v.1 I set it up nearly a year ago, and everything runs fine.I have 3 different user accounts that are password protected.On my PC, i have been running Windows 7 and using the server as my My Documents folder.I recently installed Windows 8 Consumer Preview on an old Hard Drive, and i can't seem to access any folder on the server that isn't already given public permission. Whenever i try to access my User folder i get an access denied message, but no prompt to enter a password so i can use it.
View 3 Replies View RelatedCisco Application :: CSS 11500 - Accessing Virtual IP From Server Vlan
Jan 5, 2011I have a question regarding CSS loadbalancer. Let's say there are 2 vlans in CSS:
1. Vlan 10: 10.1.1.0/24 as external interface, interface where most of the clients are coming from.
2. Vlan 20: 10.1.2.0/24 for real server vlan.
Virtual IP 10.1.1.10 is created in CSS on behalf of two real servers (10.1.2.11 & .12) in Vlan 20. Client from Vlan 10 can http access to 10.1.1.10 successfully.
In Vlan 20 there's also few clients which need to access servers via virtual IP. Vlan 20 Client PC (10.1.2.101) can ping 10.1.1.10, but can't access 10.1.1.10 http service.
Is there any way for CSS to forward service request coming from Server vlan to be send back to the same segment?
Cisco VPN :: Connection For Accessing Server On HTTP Port Only - ASA 5520
Mar 10, 2013We have ASA5520 and we want to configure a VPN IPSEC profile so that a partner of ours can access only a server and only on HTTP port.I've tried configuring split tunneling with an Extended ACL but probably I'm missing something. I just configured the ACL so that it included any source to our server's IP on HTTP port but when testing, it didn't work.
However, if I configure a Standard ACL on the split tunneling I can access the server and all the services it provides.Do you know if I'm missing anything on the Extended ACL configuration?
Should I configure this any other way?
Routers / Switches :: Difficulty Accessing Internet Through Server
May 18, 2012I have a router and a server that are connected through two unmanage switches. The router has DSL service in it and I want to access the internet on the server but I can't. The two are in the same network and it is a static IP network. I can ping the router from the server.
View 36 Replies View RelatedAccessing Server Shares With Windows 7 Home Premium
Jul 30, 2012I recently bought a personal laptop that I'd like to use at work. It came with Windows 7 Home Premium installed and because of that, I can't join it to the Windows Server 2003 domain we have. I don't really need to print or any of the other things that go with being on the domain, I just need access to a few key folders. Is there any way to access shares on the server with Win 7 Home?
View 2 Replies View RelatedGetting (general Network Error) While Accessing Application From Server
Feb 23, 2011i'm getting "general network error" while accessing application from server..
client machine: Windows 7
server machine: Windows 2008 server
Switch : 24 port unmanaged D-Link switch ..
network cable: CAT-5 cable.
Prevent A Certain Host On LAN1 From Accessing A Server On LAN2?
Mar 17, 2011I am having some trouble understanding extended control lists. I am trying to prevent a certain host on LAN1 from accessing a server on LAN2, while still allowing the host access to the rest of LAN2.This is what I thought the command should be:
access-list 100 deny ip 175.16.1.2 0.0.0.0 175.17.2.2 0.0.0.0
My understanding was that:
Green = source & mask
Red = destination & mask
However this seems to stop all my other hosts on LAN1 from pinging the server also.
Routers / Switches :: Accessing A QNAP Ftp Server Behind A Router
Jul 12, 2011I cannot seem to see my server behind a cisco router. I have a feeling it is because our network phone system may be robbing the IP address?We have two fixed IP addresses.The first one, is assigned to the router.We have two swtiches set up behind router and all the other network stuff interanally wrks great.We also have full internet access. When I type the IP in on the web, it accesses the talkswitch phone system.I have set the internal IP to the server as fixed.I have port 21 open for FTP.When I run a test, the internet sees port 21 open. However, I cannot seem to cal lup the server over the internet. Could the talkswitch system somehow be interfereing with the logon?What would the proper syntax be to access the server?
View 3 Replies View RelatedWindows 7 - Accessing A Records Defined On A Server On VPN Connection?
Jun 19, 2011I have a VPN connection to my office network. The VPN connection appears to work fine as it connects and logs me in successfully. In the connection box I have to provide a domain and my username to log in. Once the VPN is connected I am then able to ping my office computer as if I was on the same network. That is great. The problem is that there is a server on that network that defines a bunch of A records for web applications we are working on and I can't seem to hit any of those from my home computer, even though I can at work. If I remote into the office PC and navigate to these addresses they work fine. I also know that my co-worker can hit these a records from home so it has to be something I'm doing wrong.
[Code]....
Inter Vlan Routing ASA 5505 - Accessing File Server From Second Network
Apr 24, 2013I have a Cisco ASA 5505 with the base License. I want to split my network and add a new Internet Access, the first network in Orange works fine. My question is how can i access the file server from the second network (192.168.X.0 /24) ? The 3 switches are Cisco SF300-24P.
View 7 Replies View RelatedCisco Firewall :: Accessing DVR Through ASA 5505
Mar 7, 2012We have an ASA-5505 running 8.2(1) with a Bosch DVR 600. When a machine is on the local subnet, it can see the video; however, when it's moved to the DMZ, the unit can be accessed, but all video screens are black and an java script error pops up as follows: [URL]
This message does not pop up when on the local subnet. Additionally, in the login screen, there is a language selection, and sometimes all languages are blanked out. There is a space for them, but they don't display.
I've tried this on a half a dozen machines, either XP or Win7 with IE8 and IE9, and they all do the same thing. I disabled http inspection, but that doesn't work. I also did a packet capture, and the only packets that traverse the ASA.
Cisco Firewall :: ASA 5510 DMZ Accessing From Outside IPv6
Jun 11, 2013I could access from outside to dmz but after i moved to IPv6 as there is no nat needed, i applied the acl's but dont know where i'm going wrong. I need access from outside to dmz web server.
View 4 Replies View RelatedCisco Firewall :: Accessing ASA 5505 From Internet?
Dec 4, 2012I want to access my ASA 5505 from internet.how I can achieve it.
View 1 Replies View RelatedCisco Firewall :: ASA 5510 - Accessing Hosts Over VPN?
Oct 31, 2012I've been attempting to fix this issue or confirm the issue is not with the firewall and I have kind of run into a road block. This is my problem as I understand it. A client of mine has a VPN tunnel built over a point to point connection of some kind (this client is fairly new to me) and is unable to access some hosts on the remote end of the VPN tunnel from the LAN side of the firewall. The LAN IPs are NAT'd as they leave the network from the HPH-Point-to-Point interface to the remote end. Just as a point of reference, the LAN IP of 129.200.11.19 is said to be working, however the range of 129.200.20.25 - .50 is not. I've tried packet-tracer but with the NAT happening over a VPN tunnel I am not sure if I am doing it correctly.
View 1 Replies View RelatedCisco Firewall :: Accessing SMTP From Outside Network Through ASA 5510?
Oct 11, 2012I have an issue with my mail server(SME Server) which is behind a Cisco ASA 5500(firewall) problem is that if one leaves my network they can receive but can not send email via my SMTP also internal people can only send if they use the IP address of the server rather than the domain [URL]
here is my layout
ISP - ASA 5510 - LAN (includes mailserver)
Cisco Firewall :: PIX 515e Accessing Node On DMZ From Inside Interface
Mar 31, 2013I have a PIX 515e running version 7.2(4).I have 2 interfaces - DMZ3 (sec lvl 50) and LAB (sec lvl 100) behind the pix. There is also the OUTSIDE interface (sec lvl 0) which connects to the internet.In DMZ3 I have a webserver - x.x.124.217/24 (host is NATed via static command to public IP)In LAB I have a server - x.x.1.203/24 (entire range is NATed via NAT/Global statements to public IP)The server in LAB needs to access a webserver in DMZ3. From the internet both of these hosts have public addresses that are NATed into the inside addresses. I can reach the webserver from the internet, but not from the LAB interface.I think I have to add a static command so that the LAB host can access the DMZ3 host without accessing the internet.
View 3 Replies View RelatedCisco Firewall :: Accessing Internal Sites Via External IP 5505
Jun 4, 2012I have a Cisco 5505, 2 sites that are internal, 1 external IP (dhcp from cable modem). While on my laptop, ipad, iphone, I cannot access the server via it's external IP address. I MUST use the internal IP in order to access this site. I have heard of hairpinning, internal dns server(don't really want this).
View 8 Replies View RelatedCisco Firewall :: ASA5525-X / Accessing IPs Of Public Servers From Inside Interface?
Oct 30, 2012Got an ASA5525-X with 8.6 release. We have an inside interface (10.11.1.0/24) and a DMZ interface (10.254.1.0/24). On that DMZ interface theres an SMTP server; by using the Public server feature in ASDM we created a rule so we have mapped the 10.254.1.29 internal ip to an external ip 217.x.x.x Everything is fine; working ok, but for several reasons we need to access the public ip 217.x.x.x from an inside ip (10.11.1.10). I tried to do it by creating an exemption for the dynamic nat; if i don't do that i have a 'deny ip spoof from...' message rolling on my syslogs.Seems to do the trick.....but only for pings! i ping the public ip from the inside ip, and got the reply from the internal ip on the DMZ. But if i want to telnet port 25 from inside to public; its not working.
View 7 Replies View RelatedSecurity / Firewalls :: Visiting Laptops From Plugging In CAT Cable / Accessing LAN Protected By Perimeter Firewall?
Jun 29, 2012Besides MAC address filtering, is there another good / easier way to keep visiting laptops etc from plugging in a CAT cable and accessing a LAN protected by a perimeter firewall?
View 5 Replies View RelatedCisco Firewall :: ASA 5510 / Add A Mail Server In The LAN And A Webmail Using Port 3000 On The Server?
Jul 24, 2011I'am using ASA 5510 and I try to understand how PAT is working.I want to add a Mail Server in the LAN and a webmail using port 3000 on the server. ( webmail must be reachable from the WAN)This is my Configuration :actually LAN users access internet using NAT with one global IP ( 194.x.x.69) which is the ASA WAN interface.
WAN ----- ISP Router ---------- FW ---------- LAN -------- Mail Server + Webmail
| (25) | (3000)
194.x.x.69 192.168.1.254 192.168.1.6
I need to forward port 3000 and port 25 from outside to inside.For example, from the WAN : [URL] must be redirect toward 192.168.1.6:3000 . What is the Correct Configuration ? And what about the Inside/Outside Traffic,Is there any configuration to add ?
Cisco Firewall :: ASA 5505 - Proxy Server Send Register To Hosted Server Private IP Changed
Aug 23, 2011We have Cisco ASA 5505 with ASDM 5.2 We have one Proxy server in our Local Lab and pointed to Hosted service(Simple Signal)issue is, When our proxy server send register to hosted server, ASA change private IP and post with outside IP and src port as 1063 every time.
Here is debug log on real time monitoring.
Aug 24 2011 05:21:19 302015 203.xxx.xxx.226 192.168.1.51 Built outbound UDP connection 3774 for outside:203.xxx.xxx.226/5060 (203.xxx.xxx.226/5060) to inside:192.168.1.51/27014 (99.119.161.107/1142)
Aug 24 2011 05:21:19 607001 203.xxx.xxx.226 Pre- allocate SIP Via UDP secondary channel for inside:192.168.1.51/27014 to outside:203.xxx.xxx.226 from REGISTER message
Aug 24 2011 05:21:19 710005 203.xxx.xxx.226 99.xxx.xxx.107 UDP request discarded from 203.xxx.xxx.226/5060 to outside:99.xxx.xxx.107/1063
Here 99.xxx.xxx.107 is Our ASA Outside IP address 203.xxx.xxx.226 is Hosted server IP address. My ASA config is attached.
Cisco Firewall :: ASA 5520 - NTP Server For Firewall Clock Setting
May 22, 2013I have ASA 5520 installed. I want to use ntp server for firewall clock setting. I found one open-access ntp server (stratum 2) in Los Angeles:
[URL] 209.151.225.100
Can I use the following command to set ntp server?
ntp server 209.151.225.100 source outside.
Cisco Firewall :: 172.16.10.1 / Allow Traffic Through Firewall To DHCP Server
Jun 11, 2013My setup is as below
inside host--> ASA1--Outside interface- layer_ 2_Switch1--outside interface--> ASA2--inside interface-DHCP SERVER.
We want that inside host should get ip from subnet 192.168.10.0 /24. This ip pool is configured in DHCP server (ip 172.16.10.1) which is connected to ASA2. There is no routing issue as we are able to ping DHCP srever 172.16.10.1 from ASA1. to do config needed on ASA1 and ASA2 , so that host connected to ASA1 inside interface can get ip from DHCP srever. We have configured 192.168.10.1 /24 to ASA1 inside interface which will be gateway to inside host of ASA1.
Cisco :: Can't Ping New Firewall From Server
Jul 8, 2011I've recently swapped out an old pix firewall for a new ASA5505 and have been trying to match the configs as best I can. However I still can't ping the new firewall from the server and it still won't let them serve out. The firewall exists on a separate VLAN (vlan30), but the previous pix never seemed to care about that. I'm wondering if that might be part of the problem.
View 8 Replies View RelatedCisco Firewall :: SNMP Server On PIX IOS 7.2 Over VPN
Sep 4, 2011I have a simple query for the issues I m facing currently.I have @ remote site remote site PIX firewall which is configurd to get the Snmp poll on the server locate outside via site to site VPN.There is another snmp server located also in inside which I’m not managing it .
========================================================================
below are the command for the snmp configured on PIX.
snmp-server host inside x.x.x.x community XXXXX ---This is not managed by us
snmp-server host inside x.x.x.x community XXXXX
snmp-server host outside y.y.y.y (private IP tunneled though VPN) poll community YYYYY ---Managed by us
snmp-server host outside y.y.y.y poll community YYYYY
[code]....
there are 2 snmp community & server defined in snmp-server host command for 2 different IP address belongs to snmp server and we can only define one global snmp-server community for any one of them .Question is how the snmp community take a precedence currently I am able to ping from my snmp server from outside to the PIX firewall outside interface over L2L VPN but somehow the snmp server is not listening when i do port query on 161 por!.
Cisco Firewall :: ASA 8.3 Server NAT To Different Interfaces?
Apr 10, 2011Do i need to create 2 objects for nating a server to 2 different interfaces?That is an inside server published in two different dmzsAutomatic migration to 8.3 creates 2 objects (one for each nat)Can I do the same with only one object? like this or I need an object for each nat?
object network server
host 192.168.128.10
nat (inside,dmz) static 172.24.1.10
nat (inside,dmzguests) static 10.10.0.10
Cisco Firewall :: ASA 8.4 TCP With RDP Server 5.2 Usage Only
Feb 16, 2013I decided to migrate to ASA 8.4(5) from 7 and everything went very well with the exception of this one issue. All ACL and NAT for our various remote desktop servers work perfectly as long as the servers are running an RDP server version greater than 5.2. For instance, Server 2008 machines (or Win 7 Pro desktops) work perfectly as configured; however, Server 2003 machines (or WinXP Pro desktops) will not. I'm using manual, static NAT for the object to avoid automatic NAT issues.
The client computer displays the non-vista warning message, "The indentity of the remote computer cannot be verified...", but then fails to properly connect stopping at the "Configuring remote session..." status message. The ASA log shows that it built the TCP, then it displays a teardown with reason TCP Reset-I.
I can use a working ACL and NAT (using default TCP 3389 for instance) with a Server 2008 at IP 192.168.15.10 and move a Server 2003 machine to that same IP without touching any configuration at the firewall and it fails. Move the Server 2008 machine back to that IP and it works perfectly (both set at Port 3389 of course).
Here is the relevant info from the config that I am using for this:
------------------------------------------
object network RDPServer
host 192.168.15.10
object service RDP
service tcp source eq 3389
access-list out2in line 1 extended permit tcp any object 192.168.15.10 eq 3389
nat (inside,outside) 1 source static RDPServer interface service RDP RDP,The above works pefect as long as a server 2008 machine is at the IP, but fails with a server 2003 machine at the IP.