Cisco Firewall :: ASA5510 - Two Distinct Public IP Ranges On DMZ

Mar 6, 2013

I’ve been trying to figure out this for quite a while. I have a range of public IP addresses directly assigned on my dmz servers. The inside interface of ASA 5510 has one of those public IP addresses assigned (the default gateway for all dmz servers). Now I have a new range of public IPs that I also want to directly assign to new dmz servers. My goal is to have two distinct public IP ranges on dmz that should communicate between them. The inside ASA interface should be the default gateway for both networks.

View 1 Replies


ADVERTISEMENT

Cisco Firewall :: ASA5510 Adding New Public IP Block

Nov 1, 2012

My web server is out of public IPs.  I requested more from my ISP and I got a different range with a different gateway.  How do I handle the configuration on my Cisco ASA? Without any configuration changes to the firewall I saw the traffic hitting it and being blocked.  I added an access rule to allow the traffic.  I added a virtual interface on the ASA.  I added a virtual interface on the web server.  Using "Packet Tracer" the traffic flows from the outside interface to the new virtual interface.  But I'm unable to access my web server and I don't see any traffic on that IP reaching the web server.Using Cisco ASA 5510.

View 8 Replies View Related

Cisco Firewall :: ASA5510 - Change Public IP Address On Outside Interface?

Mar 10, 2011

we have two Cisco ASA 5510 in failover configuration.We tried to change the public IP address on the Outside interface of the primary device but it didn't works. The new IP is not reachable from Internet nor pingable from device on the same LAN.The new IP address is in the same subnet of the old IP.

From the switch on which the ASA is connected and from another Cisco PIX we can see the ARP entry. In the analysis, on the old public IP address there was a VPN site-to-site and Webvpn defined.We tried also to shut/no shut the interface and reboot the device.

View 1 Replies View Related

Cisco Firewall :: ASA5510 - Additional Public IPs Added To Outside Interface

Jul 31, 2012

I have run out of public facing IP addresses and I need more. Assuming I have been issued 1.1.1.0/24 and my new/additional range/subnet issued is 2.2.2/0/24 - Can I carry on with the same configuration on my ASA5510 and just add static NAT for new services in the 2.2.2.0/24 range.

i.e.existing config
route 0.0.0.0 0.0.0.0 1.1.1.254 (upstream ISP)
Interface outside ip address 1.1.1.1 255.255.255.0
 NAT 2.2.2.1 to 10.1.2.3

or, assume my ISP will deliver 2.2.2.1 to my outside interface (1.1.1.1.1/24) and if my NAT is in place it will get delivered to 10.1.2.3 inside.
or, put another way I dont need change my set-up as I just static route to my ISP!
 
my real public IP is a /27 can I use my broadcast address (its a legit public IP address)?

i.e 1.2.3.0/27 = 1.2.3.1 to 1.2.3.31
Outside interface = 1.2.3.1/27

Can I use 1.2.3.31 and NAT it to an internal server?

View 3 Replies View Related

Cisco WAN :: ASA5510 - Multiple L2L VPN With Overlapping Remote Network Ranges?

Feb 4, 2013

I have an ASA5510, and site-to-site VPN with several remote clients. I have to add another client but their network range overlaps an existing tunnel. Both are using 172.16.0.0/16. I would like to 1-to-1 NAT them as 172.17.0.0/16.
 
Is it possible to perform the NAT on my device, post-decryption, or is it necessary that I have them perform the NAT at their end?

View 2 Replies View Related

Cisco Firewall :: ASA5510 - Outlook Clients Disconnect From Public Exchange?

Apr 4, 2011

We have a setup where clients on the internal network send/receive their emails through Microsoft Outlook client, while the Exchange server is hosted on the internet, outside the organization.The clients are connected to a Cisco switch, behind an ASA5510 Firewall. The Firewall is connected to an internet router, with double NAT (On the ASA and Router).

the outlook clients disconnect from the Exchange server, sometimes for hours, and then reconnect again. During these disconnections, the same client PCs are able to browse the internet normally. There are no restrictions for the traffic going from the inside to the outside. During the disconnections, if we try to connect using a public IP bypassing the ASA & router,.

View 1 Replies View Related

Cisco VPN :: Single ASA5510 - Two Public IPs For Web VPN

May 5, 2013

We have an asa5510 running as an SSL VPN gateway using one public IP address (e.g. 1.1.1.1) as the target IP address for the users.

Now we need to run a 2nd public IP address on the same asa5510 as target IP address for a different set of users, e.g. 2.2.2.2.

NAT is not working, secondary IP address is not possible, sub-interface is not the right way. Is this really not possible?

View 1 Replies View Related

Cisco Firewall :: 891w - Web Filtering For IP Ranges?

Feb 24, 2011

Alright, well I have a Cisco 891w router and have just about everything up and ready to deploy. I'm primarily using Cisco CP 2.4 to provision the router with minor tweaks being done in the CLI. I want to set up a filter to allow access to roughly 20 websites for the majority of my network which is all on the same VLAN. The ip ranges are x.x.x.10 - x.x.x.169 which I have set into a Network Object group called limitac. The second group ranges at x.x.x.170 - x.x.x.199 and is called allowac. I have set up DHCP bindings for all the devices that will connect to the network but I want to set up a web filter for only the first group. I cannot seem to find anything in the Cisco CP manual or the IOS manual for setting up filtering for a range of IPs only. Primarily there are a few computers that need full access to the web while the others should only have access to the sites I set up in the filter.

View 14 Replies View Related

Cisco Firewall :: ASA5520 Individual Ports Versus Ranges

May 27, 2013

Best practices for an ASA5520. I'm currently running a pair of these as internal firewall for my organization, and have about 750 rules dictating traffic. A lot of the rules are for individual ports to specific server(s), some of them having 50+ ports opened. For example, Exchange has about 115 ports opened right now, anywhere from port 25 to 55000.
 
My question is that would it be better (faster, less strain on the ASA) to open a port range, (ie 52000-55000) or would the individual ports (ie: 52112, 52336, 52698,53441,53495, etc...) be ok?Obviously the individual ports are much more granular for security, but I don't want to take that into consideration now. Just strictly individual ports vs ranges.

View 2 Replies View Related

Cisco VPN :: ASA5505 - Multiple Distinct Inside Subnets And VLANs?

Nov 17, 2011

The ASA device is going to be the gateway for multiple distinct inside IP subnets.   We can have have a unique outside IP address to correspond to each inside IP subnet if needed, but we need some means for a VPN client or a site-to-site VPN to have acess to a pre-definied IP subnet (i.e. if customer A establishes a VPN connection, they have connectivity to IP subnet X; customer B establishes a VPN connection, they have connectivity to IP subnet Y, etc.).Currently, the two inside IP subnets are 10.10.0.0/16 and 10.20.0.0/16. We will be adding more.The problem we are facing is that we cannot reach the VLAN 201 from the ASA we believe this is because. I have setup two addresses on port 0/1 Vlan1, 10.10.20.2 and 10.20.20.1 as an alias. How can we make traffic for the 10.10.0.0/16 subnet untagged and traffic for the 10.20.0.0/16 subnet tagged for VLAN 201.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 8.4(1) Public WAN To Public DMZ?

Jul 10, 2011

i have an ASA 5520 8.4(1) setup as follows
 
      public wan
          |
          |
       ASA-- public dmz
          |
          |
      private lan
 
i need to allow https traffic to a server in the DMZ that will have a routable IP address will just an ACL suffice ?which interface do i apply it to ? wan or dmz ?i dont need a NAT since the DMZ is a routable space?

View 6 Replies View Related

Cisco Firewall :: Difference ASA5510-BUN-K9 And ASA5510-Sec-Bun-K9

Jun 6, 2012

ASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?

View 3 Replies View Related

Cisco Firewall :: 5505 PAT With Single Public IP And Several Servers Behind Firewall

Nov 21, 2012

New to the ASA 5505 8.4 software version, but here is what I'm trying to do:
 
-Single static public IP:  16.2.3.4
-Need to PAT several ports to three separate servers behind firewall
-One server houses email, pptp server, ftp server and web services: 10.1.20.91
-One server houses drac management (port 445): 10.1.20.92
-One server is the IP phone server using a range of ports: 10.1.20.156
 
Basically, need to PAT the ports associated with each server to the respective servers behind the ASA 5505.  Is anything missing from this config? Do I need to include a global policy for PPTP and SMTP? [code]

View 11 Replies View Related

Cisco Firewall :: ASA5510 - Unable To Ping From User Desktop To Firewall Inside IP

Jun 11, 2012

I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to  FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
 
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:

[Code].....

View 7 Replies View Related

Cisco Firewall :: ASA5510 Secondary Firewall Crashes After Upgrade To 8.4.1

Jun 29, 2011

I have two ASA5510's set up in failover, and the secondary keeps crashing after doing the interface checks when bringing failover up. This only happens if I try to upgrade the image on the secondary to anything newer than 8.4.1 (I've tried with 8.4.1-11 and 8.4.2). The primary one run just fine with new images.
 
I don't have the exact error right now, as I need to do a screen capture from console. It's just a huge crash dump.Are there anything I might have missed during the upgrade? Should I cold-boot both the firewalls in the correct order?

View 7 Replies View Related

Cisco Firewall :: ASA5510 Firewall Transparent Mode

Sep 10, 2012

i have a ASA5510 in the office, that already configured 3 context, namely, admin, user, server.in the server context, the last running config was not saved, and there was a power trip last friday night. 1 of the sub interface was affected, and i need to recreate that interface.I am getting the below error, it only allow me to do changes those pre-defined interface.how to I create extra sub interface?

View 3 Replies View Related

Cisco Firewall :: ASA5510 Firewall Interface Speed

Jul 21, 2011

I have a ASA5510 and I have a question about the speed the ports can handle, here is one port:
 
-interface Ethernet0/2
- speed 100
-shutdown
- no nameif
-no security-level
-no ip address
 
it's ethernet and not fastethernet so I figure it will only go to 10Mbps, but at the same time I can hard code the speed to 100.

View 2 Replies View Related

Cisco Firewall :: Memory Upgrade Of ASA5510 Firewall

Feb 22, 2012

i have cisco ASA 5510 Firewall using  in my network, i have  planning  to upgrade the Flash  memory  from  256 mb  to  512 mb  and   the RAM  from 256 mb to  1GB.

View 1 Replies View Related

Cisco Firewall :: Asa5510 - How To Add Secondary Firewall

May 4, 2012

I have a cisco asa 5510 with security plus license in Live enviroment . I need to add a secondary firewall . I was planning to do in active /standby mode for failover .But i have a doubt , when i do "show version " on live asa output says Active /active failover , does this means that i can only configure failover in active/active mode not in active/standby (which i want to do )?

Maximum Physical Interfaces  : 8
VLANs                        : 20, DMZ Unrestricted
Inside Hosts                 : Unlimited
Failover                   : Active/Active
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
VPN Peers                    : 25
WebVPN Peers                 : 2
Dual ISPs                    : Enabled
VLAN Trunk Ports             : 8
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions            : 2

This platform has an ASA 5505 Security Plus license...

View 4 Replies View Related

Cisco Firewall :: RDP Access Through ASA5510 Firewall?

Feb 12, 2012

i  am  using Cisco ASA5510 Firewall  in my  Network in the distrubition Layer .Private Range of Network Address  use  in the Network  and PAT  at the FW for  address translation.presently  encountering an issue  the users  behind  the FW  in my network  unable to  RDP  at port 2000  presented  at the Client Network.Able to Telnet  on port2000 but  not RDP .  any changes needed at the FW end  to  get the RDP Access.

View 12 Replies View Related

Cisco Firewall :: 80 / 443 - How To NAT Public Address To DMZ

May 13, 2011

1. how do I nat a public address to a dmz address.

2. how do I open port 80/443 in the public to this address?

View 1 Replies View Related

Cisco :: Overlapping IP Ranges?

Jun 1, 2012

I am trying to trouble-shoot / map out a large network with a freaking butt load of over lapping IP addresses

View 8 Replies View Related

Connecting Two Different Ip Ranges?

Jul 25, 2011

Is it possible to connect two different ips together? A proxy server : 192.168.1.1. All the connections are going through this Server, everything is working fine if the ip range is 192.168.1.XXX Now, when i changed the ip range from 192.168.1.XXX to 192.168.2.XXX im not able to access network, Note: default gateway is the proxy server itself..

View 2 Replies View Related

Cisco Firewall :: Setup 2nd Public IP In ASA 5510?

Mar 16, 2011

we have hosted voip and would like have our internet as back for their router.  We gave them public static ip so they can configure that in their router.  How can i configure the ip address in our firewall let say on asa5510 ethernet port 3 so if their router T1 goes out then our internet will work as backup.

View 4 Replies View Related

Cisco Firewall :: Map Public IP To Private In DMZ In ASA 5510?

Jul 22, 2012

I am now using ASA 5510 as a firewall device.I have configured 3 interfaces ethernet 0/0,ethernet 0/1,ethernet 0/2 as Wan interface, DMZ interface and Internal Lan interface. Internet is working fine from LAN as well as DMZ.The WAN interface use the Public Point 2 point IP(/30) Provided by the ISP and  another pool of Public Ip is also provided by the ISP (/28). Now I want to Map the /28 IP to some servers in DMZ . DMZ servers currently have 192.168.101.0/27 private IP . Now the problem is how to Map the Public IP to those Private IP in DMZ servers.

View 9 Replies View Related

Cisco Firewall :: Two Public IP Blocks On ASA 5505?

Jan 16, 2013

We have 2 IP blocks from my ISP.  We have been using just one a /30 block with one IP address used on the outside interface of the device.  The new block is a /29 range and I would need to use just two of those IP addresses.  Here is the situation I am facing.A company we partnered with wants to set up a VPN, they will send us 2 Cisco 861s to put behind our ASA.  Is it possible to assign these 861's with public IPs from the block that we are not currently using? (the /29 range)?  I know that it might require an upgrade to the Security Plus.

View 7 Replies View Related

Cisco Firewall :: Add Public IP 162.196.212.32 / 29 With Port 51241 In ASA?

Oct 7, 2012

I am having normal network need to add public ip 162.196.212.32 / 29 with port 51241 in ASA firewall

View 8 Replies View Related

Cisco Firewall :: ASA 5505 Grabbing More Public IPs From ISP

May 2, 2013

The client I am doing work for as ASA 5505 at a remote location that is using Cox Communications for the ISP.  The ISP assigned 5 static IP addresses, but we only need 1 for this location.  However, that is the minimum you get no matter what.  The issue is that the subnet mask is a /25 and what they are telling me is that the ASA is grabbing all the IP addresses in that range.  They asked if there is anyway to keep the ASA from grabbing those IP addresses.  Now, I have never run into this issue before with a provider.  The gateway is in the /25 subnet, so going to a /30 isn't an option.

View 5 Replies View Related

Cisco Firewall :: ASA 5510 Two Public IP Subnets?

Aug 31, 2011

i just got an extra public subnet from our ISP (co hosting center) But I can't figure out how to use them on my ASA.
 
New:

IP-adresses: 87.1.1.194 - 87.1.1.254
Default gateway: 87.1.1.193
Subnetmask: 255.255.255.192
 
Old:

IP-adresses: 200.1.1.34 - 200.1.1.46
Default gateway: 200.1.1.33
Subnetmask: 255.255.255.240
 
Config:

route wan 0.0.0.0 0.0.0.0 200.1.1.33 1
 
And statics like:

static (interface,wan) tcp 200.1.1.37 3389 192.168.3.100 3389 netmask 255.255.255.255

View 22 Replies View Related

Cisco Firewall :: Multiple Public IPs On ASA 5520?

Apr 28, 2013

I have ASA 5520 with Ver 8.2.Outside interface is directly connected to ISP's router(TelePacific) and is assigned one of public IP:198.24.210.226.There are two servers inside the network with the private IP's:192.168.1.20 for DB Server, and 192.168.1.91 for Web Server.I did Static NAT 198.24.210.226 to 192.168.1.20  and 198.24.210.227 to 192.168.1.91.When I access DB Server(198.24.210.226) it's working OK but when I access Web Server(198.24.210.227) there is no response at all.I checked the inside traffic, it even did not get into the firewall.Is this the problem with ISP's router?  How can we route all of our public IP's to the outside interface(198.24.210.226)?

interface GigabitEthernet0/1nameif insideip address 192.168.1.1 255.255.255.0security-level 100no shutdown
interface GigabitEthernet0/0nameif outsideip address 198.24.210.226

[Code].....

View 9 Replies View Related

Cisco Firewall :: ASA 8.4 NAT Static And Dynamic With Same Public IP

Nov 8, 2011

in ASA 8.4, I need to use to static nat an internal IP with a public IP and use the same public IP to dynamic nat another internal IP:
 
-nat (inside,outside) source static IP1_PRIVATE IP_PUBLIC
-nat (inside,outside) source dynamic IP2_PRIVATE IP_PUBLIC
 
All outgoing connection from IP1_PRIVATE and IP2_PRIVATE should be natted to IP_PUBLIC and all incoming connection to IP_PUBLIC should be forwarded to IP1_PRIVATE: is it correct ?

View 3 Replies View Related

Cisco Firewall :: 5510 NAT Public Ip To Private

Sep 5, 2012

We have the setup as shown above, our requirement is to access mail server via ports smtp and pop3.But as the mailserver is hosted at internet users at site were not able to aceess. we need to nat a intranet ip with mail server ip and mail server ip back to intranet ip and provide the access.We use ASA 5510 firewall.

View 7 Replies View Related

Cisco Firewall :: No Traffic To Public Servers PIX 515

Jun 8, 2011

Upgrading from a PIX 515 ,V6.2, I can get internet traffic out through the ASA , but no traffic in to the servers. The NATS are the same on the old firewall. The routers outside the firewalls are doing further natting from the .253 netwrok to a publilc address. No changes have taken place on the routers. [code]

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved