Cisco Firewall :: ASA5510 Cannot Publish Internal Web Servers To Outside
Mar 26, 2013
Cisco ASA 5510 directly facing the internet on E0/0 (1 Public IP only) with internal LAN on E0/1. Exchange 2010 OWA working fine with ACL and NAT rules configured.Problem:
•1. Cannot publish internal web servers to outside, have tried PAT.
•2. Have multiple web servers to publish with all on one protocol (HTTP) to a single public IP which I don’t know if it’s possible on a ASA.
•3.When SSL VPN is configured with Local user database, connecting from Anyconnect client gives a certificate error. Upon viewing the certificate it points to the internal mail server.
View 7 Replies
ADVERTISEMENT
Mar 18, 2012
I have an ASA5510 running 8.2 code and I have over 200 static nats from the outside to the inside interface and that is how I expose our systems to the Internet. If this inside interface fails we also have a bypass interface that also terminates on the internal network but I am not sure how the nats will behave given they are statically mapped to the inside.
View 1 Replies
View Related
Oct 19, 2011
I've a question about VPN IPSEC on ASA5510
In the LAN network , we use a DHCP on a Windows2003Server. Is it Possible to Configure the remote VPN Clients to use this DCHPserver throughout the VPN IPSEC and Assigned Automatically IP when the connection is done?
View 1 Replies
View Related
Apr 26, 2011
We recently got a Cisco ASA 5510 Security Appliance and I have some general question.
We have 1 T1 internet connection, and we have 2 internal networks. These 2 internal networks currently hav access to the internet. I am having issues with the 2 internal networks being able to communicate with each other.
View 2 Replies
View Related
Apr 3, 2013
I am having some trouble accessing some backup Email (Outlook Web Access) and Citrix servers located behind an ASA 5505 firewall at a remote datacentre. Simply put, when I go to the specific URL (e.g. [URL]) I do not arrive at the splash page, I just get a message saying that the server took too long to respond in the web browser. I'm wondering whether I have missed something on the configuration or the firewall itself is not letting my requests through. The remote servers are located at a remote Disaster Recovery site and use the subnet 192.168.4.0/24. I am at head office which is connected to the DR site via a VPN using 192.168.1.0/24.
[Code] .....
View 2 Replies
View Related
Sep 18, 2012
I've tried a bunch things but it didn't work, I'm about to gave up! :-/
I have the following scenario:
ASA5510 - v8.3(2)
Interfaces
ETH0/0 = outside = 189.xxx.xxx.129
ETH0/1 = inside = 10.xx.1.15
[Code]....
What should I do to get the SIP and 8080 port working on my Public IP, likewise just as access from my browse the http://189.xxx.xxx.129:8080 and get through directly to my internal server 10.xx.xx.61 ?
View 5 Replies
View Related
Dec 21, 2012
Currently my ASA5510 has a 64MB internal flash. Does the ASA require a higher capacity flash for an IOS upgrade from 7.2(x) to 8.2(x)? The Cisco Release Notes does not state any internal flash requirement, but just wanted to double check.
View 2 Replies
View Related
May 17, 2012
I am currently managing an ASA5510 using ASDM through the management port but I would like to manage the ASA through the internal port.
My concern is that I thought I remembered reading someplace that if you setup an internal port for management that it can't be used for anything else. Is this correct?
I only configured one internal port and it is the path to my LAN. I would hate to configure the port for management only to find that I disconnected my firewall from my internal network in the process. Can I use my one and only configured internal port for both ASA management and route from my LAN thru the ASA firewall?
I currently have the management port set to 192.168.1.1 and my internal interface is 10.1.1.1. If I open ASDM and connect thru the management port and select Configuration/Device Management/Management Access/ASDM/HTTPS/Telnet/SSH
select "ADD"
select access type "ASDM/HTTPS"
select interface "internal"
IP Address "10.1.1.0"
Mask "255.255.255.0"
Will that give me access to ASA management thru my internal network but cripple my network access to the ASA?
View 6 Replies
View Related
Oct 25, 2012
I have a cisco ASA5505, it runs a wide site to site VPN network and has 4 servers connected to it
10.50.15.4 > fileserver
10.50.15.5 > domain controller (exchange)
10.50.15.6 > terminal server
10.50.15.7 > terminal server
Now yesterday i removed 10.50.15.6 and replaced it with a new terminal server with the same ip address, ever since the ASA is blocking traffic between it and the domain controller (example)
2Oct 27 201214:51:0510600710.50.15.655978DNSDeny inbound UDP from 10.50.15.6/55978 to 10.50.15.5/53 due to DNS Query What has me baffled is the only thing different between today and yesterday is the new server is windows server 2008 and the old one was windows server 2003. The new server has the same LAN ip address as the old one to make the changeover seamless for the users.
why all the sudden my ASA has decided to block the traffic between those machines? all the other machines can talk to it fine just not the domain controller, and seeing that this is a terminal server naturally you can see the problem i face!
this router has worked flawlessly for 2 years now without any config changes and i cant work out why its blocking traffic between those 2 machines.
View 15 Replies
View Related
Feb 13, 2011
I am using ASA5510 and i want to know if it is possible to redirect http traffic to an internal proxy software. I explain : PC from the LAN use a internal proxy in their IE browser but some other PC doesn't use it.They are directy connected to the Internet using the Public IP from the WAN interface ( via NAT). Can we redirected this HTTP Traffic from the WAN interface to the Proxy in the LAN ?
Http Traffic will be routed like that : PC -> WAN interface -> Proxy -> WAN interface -> Internet In fact,can we create a rule saying : All http traffic which doesn"t come from the IP Proxy must be redirected toward proxy.
View 6 Replies
View Related
Jun 3, 2012
I have an ASA5510 running version 8.2(5) I am having an issue with routing/natting from an internal network to the outside interface IP on port 443 which has a nat back in to another internal address. i works externally in from a public address. i also see log messages to do with IP Spoofing
View 1 Replies
View Related
Dec 5, 2012
Since the power failure two days ago, my -ASA stops forwarding traffic to internal servers, for no apparent reason. Packet trace shows all OK, packet capture buffer stays empty when I try to http into the mail server. The only way to get it working is to change the Outside Ip to the one used for mail, then to change it back. It will work OK for a few hours, then stop, with nothing obvious in the logs.
View 2 Replies
View Related
Feb 11, 2013
I'm configuring a Cisco ASA 5505 ASA Version 8.3.1 I want to publish my web server is in the DMZ (10.30.30.1) and server address is 10.30.30.30 but it still fails.I have only one public IP, and hope that when they call the Public IP, my web server appears, another problem I have is that when I assign the public IP to my interface OUTSIDE my LAN loses internet connection.I have to do to publish my web server and the LAN computers have internet access?
View 16 Replies
View Related
May 9, 2012
We have gotten our anyconnect clients to connect to the VPN with no issues and verifying credentials with RADIUS. Remote users however cannot access internal resources through the VPN. I know I need to setup an NAT Exempt statement for my VPN Pool to the Internal Network,
View 5 Replies
View Related
May 18, 2011
We have ASA5510s and I've configured an SSL VPN using AnyConnect.. The VPN address pool is 10.10.10.0/24 and our internal network is 10.10.20..0/24. After successful login, using LDAP. the client receives a 10.10.10.0/24 address from the pool, but cannot access anything on the internal 10.10.20.0/24 network. I've toyed with access lists and NAT exemption, but to no avail. What do I need to do?
View 8 Replies
View Related
May 26, 2011
i am trying to use windows server 2008 R2 as a host machine, and i will be using windows server 2008 R2, and windows server 2008 serverCoreR2 as guest virtual machines. I have two NICs on my computer, and my computer has the memory, the hard drive space, and the cpu to handal this.
View 1 Replies
View Related
Oct 13, 2010
I recently cut over from a WRT54G to a RV120W. I am having an issue where I type [URL] (for a server running on my network) in my web browser while on the internal network and it always comes back with the router login page. Basically it is supposed to go out of the router and then come back in on the public IP address and hit that server. There was a function on the WRT54G called "Filter Internet NAT redirection" which when turned off would allow this to happen. I am not seeing a feature like this on the RV120W
[URL]
View 29 Replies
View Related
Sep 20, 2012
I just moved from a Linksys wired router to the Cisco EA2700 wired/wireless router.I have three web servers on my network that serve up content via standard web URLs. For example, pretend www.domain.com pointed to the WAN side of my EA2700. Port forwarding routes port 80 traffic to the server, located on an internal, private IP (ie, 192.168.1.21).All works well when accessing these servers from outside my network (I checked this via my mobile broadband connection). But when I'm on a workstation internal to the same network as the servers, I cannot connect to the servers via the web URL. Of course, I can hit them via the IP or an internal-only DNS network entry. For example, when on 192.168.1.55 on a desktop machine, and I type the URL in the form www.domain.com, it just hangs and times out. I was able to do this on the old Linky router. Traffic should go stop at the router and be re-routed back internally to the port-forwarded server - but it does not.
I have to route properly via the web URL and not the internal DNS name or IP addy, as I am running virtual web servers on IIS on one of the servers.Is there a setting I failed to set on the EA2700?
View 6 Replies
View Related
Sep 6, 2011
The remote office is connected to hq via site to site vpn. I have 1 static IP (on the remote site)that I use for the site to site. I need to publish a web server at the remote site. My question is can I use the same IP for VPN and web server publishing, I am having trouble getting the web server to publish
View 2 Replies
View Related
Jan 19, 2013
I'm using a 2601X router connecting to a broadband connections. The following NAT connections is working but I need to do NAT exemptions to set up my VPN appliance on the DMZ. I see a lot of documentation on how to use a pool of public addresses to do that, but I only have the one dhcp address from my isp.
!
boot system flash:c2600-adventerprisek9-mz.124-25d.bin
!
!
!
interface FastEthernet0/0
[code]....
View 5 Replies
View Related
Jun 11, 2013
We are planning to split the Private servers from the DMZ Servers and configure an additional Interface and segment for this purpose.
Private Servers Segment: 192.168.4.0/24 (there is no DHCP all servers' IPs are statically configured)
DMZ Segment: 192.168.3.0/24 (This is a future deployment)
LAN Segment: 172.17.0.0/16
Both, Private Servers and DMZ Servers are in a collocation as well as the ASA5520. There are multiple Branch offices that uses subnets within the 172.17.0.0/16 Network and they are connected to the ASA5520 via Metro-E.
I do not know if this is possible but what I want to do is this:
In order to avoid the change of internal DNS records I want to mask the DMZ servers with a Private Server IP when a Private server or LAN host wants to access it like this:
The FTP server in the DMZ has the IP address: 192.168.3.100. But when a PC from the LAN wants to reach the FTP server it should points to its old IP: 192.168.4.100. This way the PC sends a packet to the ftp.corporate.net (192.168.4.100) the ASA recieves the packet and translate it to the (192.168.3.100) and send it out through the DMZ Interface.
Also if the Private Servers wants to reach the same FTP the ASA will act like a proxy-ARP and send the paquet to the DMZ by means of the translation of the IP.
View 6 Replies
View Related
May 12, 2011
i have configured SSL VPN on Cisco ASA5510 which is working fine .My Users connected the VPN and access the servers remotely. But now i face one challange my users use PPTP VPN of the customer now a days configured at the Customer Network. When they Connect the PPTP VPN unable to Access the servers remotely defined on the SSL VPN Route.
View 1 Replies
View Related
Jun 6, 2012
ASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?
View 3 Replies
View Related
Feb 18, 2013
I want to know if is possible to publish a port of an internal server to be accesible from internet but only from a specific IP.I know that in Setup menu exists Forwarding but it allows to publish ports to all internet no matter the source IP.
View 1 Replies
View Related
Apr 20, 2011
i'm currently studying at a college which has a website with a student intranet that is available to log in from any computer. So far it has been working well and I can log in on my home laptop and upload documents and look at presentations etc. Today for no reason when I try and log in I get the message Error Code 500: Internal Server Error and the webpage does no appear.I have had no problems previously and this has only happened today and yesterday, I went down to the college and accessed the website fine from the computers in the library but still no joy from my home computer.
View 1 Replies
View Related
Jun 11, 2012
I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:
[Code].....
View 7 Replies
View Related
Jun 29, 2011
I have two ASA5510's set up in failover, and the secondary keeps crashing after doing the interface checks when bringing failover up. This only happens if I try to upgrade the image on the secondary to anything newer than 8.4.1 (I've tried with 8.4.1-11 and 8.4.2). The primary one run just fine with new images.
I don't have the exact error right now, as I need to do a screen capture from console. It's just a huge crash dump.Are there anything I might have missed during the upgrade? Should I cold-boot both the firewalls in the correct order?
View 7 Replies
View Related
Nov 21, 2012
New to the ASA 5505 8.4 software version, but here is what I'm trying to do:
-Single static public IP: 16.2.3.4
-Need to PAT several ports to three separate servers behind firewall
-One server houses email, pptp server, ftp server and web services: 10.1.20.91
-One server houses drac management (port 445): 10.1.20.92
-One server is the IP phone server using a range of ports: 10.1.20.156
Basically, need to PAT the ports associated with each server to the respective servers behind the ASA 5505. Is anything missing from this config? Do I need to include a global policy for PPTP and SMTP? [code]
View 11 Replies
View Related
Sep 10, 2012
i have a ASA5510 in the office, that already configured 3 context, namely, admin, user, server.in the server context, the last running config was not saved, and there was a power trip last friday night. 1 of the sub interface was affected, and i need to recreate that interface.I am getting the below error, it only allow me to do changes those pre-defined interface.how to I create extra sub interface?
View 3 Replies
View Related
Jul 21, 2011
I have a ASA5510 and I have a question about the speed the ports can handle, here is one port:
-interface Ethernet0/2
- speed 100
-shutdown
- no nameif
-no security-level
-no ip address
it's ethernet and not fastethernet so I figure it will only go to 10Mbps, but at the same time I can hard code the speed to 100.
View 2 Replies
View Related
Feb 22, 2012
i have cisco ASA 5510 Firewall using in my network, i have planning to upgrade the Flash memory from 256 mb to 512 mb and the RAM from 256 mb to 1GB.
View 1 Replies
View Related
Feb 18, 2013
I have 2 modules of FWSM in 6500 switch (failover).I need 5 context.When I use in routed mode (like in the picture) , I cannot ping the servers behind the firewall. (I have ping to FW context),In transparent mode, it is not happening.what is the problem with routed mode?
View 1 Replies
View Related
May 4, 2012
I have a cisco asa 5510 with security plus license in Live enviroment . I need to add a secondary firewall . I was planning to do in active /standby mode for failover .But i have a doubt , when i do "show version " on live asa output says Active /active failover , does this means that i can only configure failover in active/active mode not in active/standby (which i want to do )?
Maximum Physical Interfaces : 8
VLANs : 20, DMZ Unrestricted
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 25
WebVPN Peers : 2
Dual ISPs : Enabled
VLAN Trunk Ports : 8
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions : 2
This platform has an ASA 5505 Security Plus license...
View 4 Replies
View Related
