Cisco Firewall :: ASA5510 Not Working Properly From Outside
Feb 27, 2012
I not familiar with the ASA 5510 product. I having trouble since last 24 hours and still cant find out the root cause yet. Here is my scenario, my network should be
WAN --- ASA5510 (FW) --- SERVER (192.168.1.0/24)
Now I face the problem, all the NAT static 1-to-1 is working OK. All my public IP can be ping from outside internet. But the problem happen when I try to telnet to port 80 on each server. I had try telnet from my PC to public IP 124.xxx.179 80, it's work fine, but failed on 124.xxx.180 80, then on 124.xxx.181 80, its work fine.
Then I do try on my colleague PC, in same network as mine, I face another case where the public IP 124.xxx.179 80 cannot be telnet, but it's ok for 124.xxx.180, then failed on 124.xxx.181 80.
FYI.. all our PC can ping to the Public IP and no packet lose.
The scenario is very weird, I cant find any other solution as had review my configuration few times.
check does my configuration is working perfectly or not.
ASA Version 8.2(5)
enable password xxx encrypted
An ASA5510 (with 1 webserver behind it, just starting to build the cluster) was functioning OK with version 8.2: I was able to log in using RDP to the server bhind it from some trusted IP's.
I updated ASDM to the latest version 6.4.7, and then the ASA-software to 8.3.2. After reloading, I could not access the server anymore. I saw that changes were made to the config. Then I updated to version 8.4.3, same results of course, and this is the config. [code]
I have a problem with an ASA5510 (8.0.4) firewall in South Africa (I'm in the UK).It's a replacement firewall that I am trying to configure remotely through a serial device with an internet facing connection, but the enable password is not working.I can connect to the device OK, type 'en' and when propted for the password whatever I use (blank, cisco, Cisco etc.) I get an 'invalid password' message.
Cannot access to cisco asa5510 asdm nor ssh thru anyconnect vpn, attached is the current configuration. user authetnicaties aaa locally and has admin service-type. When vpn session is established, it lets me go thru the certificate warning and when trying to install the asdm laucher its failing. ssh access is enabled but not working. i can access both asdm and ssh from the inside network, and from a pc on that network.
We have several pairs of ASA5510s in failover A/P mode, some running 8.3(2) and others running 8.4(1).
e0/0 = outside e0/1 = inside m0/0 = management
The problem we're having is we can't get anything to route out of the management interface unless we put in a static route at least to the subnet level. For example, we want syslog traffic to exit out m0/0 to our syslog server 10.71.211.79. Our 'gateway of last resort' points to the next hop out e0/0, and a second static route with a higher metric and a more distinct network space is for m0/0 as in:
This doesn't work, and ASDM loggin gives this error: ".....Routing failed to locate next hop for udp from NP Identity Ifc:10.72.232.89/514 to management:10.72.211.79/514"
If I put in a more granular subnet route, or a host route of the syslog server it works, such as:
route management 10.72.211.0 255.255.255.0 10.72.232.94 10 <------------- this works
route management 10.72.211.79 255.255.255.255 10.72.232.94 10 <------------- this works too
Why won't a static route for 10.71.0.0 255.255.0.0 work in this case?
We are going to have numerous hosts access and be sent messages though the management interface of these ASAs, and it would be very burdonsome to have to add a host, or even a subnet, route for every one. I've removed all static routes and tried to rely on EIGRP, but that doesn't work. I also had to put 'passive-interface management' under the EIGRP for this to work.
Here is the pertinant ASA config concerning syslog, routing, and interfaces:
i had an extra network under my wireless networks that was just called "network" which was not connected to anything, but since i had this, on the bottom right of my screen where it normally showed the bars for the wireless connection, it had the bars grey with a red X on them, but my connection worked fine still.I am using windows 7 64x bit. I always use a wireless connection on my laptop.
I have 2 computers, One running Vista 32, Desktop.Another, Laptop, Win 7 64bit.Both computers have given Error 651 when using PPPoE wired connections, usually at the peak of the day.My ISP says that Error 651 is the problem, while I am starting to think its the amount of bandwidth their giving my neighborhood/home.Also, can that dosen't work,how to fix the overall problem of my Internet shutting off at peak hours?
when I couldnt turn on the wifi from the switch. It remained orange(which is its off state) and so I went to the device manager and the wifi adapter was shown there but with an exclamation mark. Showing the error "the device cannot be started(code 10)". So I uninstalled and rebooted, only to get the same error when it got reinstalled.
I have a Netgear CVD31T modem delivered by my internet provider. I can't change any settings on the modem. My connection speed is 30 gb up and 5 GB down.Until now I used a Linksys WRT54GV ver. 2 router to share my connection between my computers and NAS server and it worked ok. In speed tests I normally get approx 25 - 28 GB speed. To optain more speed on my LAN I want to buy a GB router. And here started my problems. First I tried a D-link DIR655, then a Netgear WNDR3700 and latest a Linksys E3000. I all 3 occations my WAN speed droped drasticaly down to between 3 - 5 GB speed, at under a ping test I have a loss of between 10 - 30 % and time on approx 50 ms.If I connect my PC directly to the modem or re-connect my old router it works perfect. I have tried to replace cables etc. etc.
Last night on the xbox 360 i was suddenly experiencing alot of lag on other peoples voices. i took no notice of it and the next day i went on my laptop and alot of websites wouldn't load properly.i can go on google,obviously this and my hotmail(after having to wait a long time for the hotmail to load), but others such as ebay will not load. I cannot even access my router settings by typing in my ip address, instead i get a message saying the page cannot be found. also i was disconnected from xbox live with the internet to xbox live part not working. Obviously the first thing i done was turn the router off and back on but it hasn't made any difference.
OS Version: Microsoft Windows Vista Home Premium , Service Pack 2, 64 bit Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz, Intel64 Family 6 Model 23 Stepping 10 Processor Count: 2 RAM: 4055 Mb Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1804 Mb Hard Drives: C: Total - 290204 MB, Free - 141170 MB; E: Total - 14999 MB, Free - 5644 MB; Motherboard: Dell Inc., 0G848F, , .5MDJWJ1.CN7016697U05OT. Antivirus: AVG Anti-Virus Free Edition 2011, Updated and Enabled
I bought a TP-Link TL-WR841N which i have managed to setup up properly, i am able to connect to the wireless and get internet access. However the minute i walk out of the room or a few meters away i am disconnected and i can't re-connect, i get the "windows cannot connect to TP-LINK" message. The signal strength in on excellent and i know it works because when i stand near it, it works perfect.I phoned TP-LINK technical support who were pretty useless and couldn't fix the problem.
The Network icon in the notification area in the bottom right hand corner of my screen will almost always look like this:Quite frequently, though, I will get an exclamation mark inside a triangle with a message instead saying No internet access (I don't have a screenshot). If I give it a few seconds, usually never more than a minute (30 seconds on average it seems), it corrects itself and gives me back internet access.
I have configured my CIsco 2911 router and there seems to be something wrong with my configuration regarding subinterface 0/0.102 The hosts on this subnetwork cant access the Internet and i cant spot the error.
Here is my running config on this matter.
class-map type inspect match-any LAN_TO_WAN match access-group name LAN_TO_WAN class-map type inspect match-any WAN_TO_LAN match access-group name WAN_TO_LAN class-map type inspect match-any GRE_TO_WAN match access-group name GRE_TO_WAN class-map type inspect match-any WAN_TO_GRE
I have a user using windows 7 64 bit. I tried vpnclient-winx64-msi-5.0.07.0290-k9.exe and vpnclient-winx64-msi-5.0.07.0440-k9.exe. Installation is fine. Connecting is fine. But no traffic goes through.The remote end cisco is 1811 VPN Server split tunnel. User get authenticated by Radius server.
After connected, user get the correct IP address. In router, sh crypto session, it has SA, etc. But sh ip route, can't find the Static route point back to the client IP like other connections.
At user end, windows show the IP address but no gateway. Windows route print shows the VPN network via gateway xxx.xxx.xxx.1 which is not available.Other 32bit users have no issues with VPN.
ive been having some issues with my internet, i had an attack on my pc recently by some american orginization, ive reinstalled new windows on my pc, reset my modem, and nothign seems to work, i have too many tunnel adapters in cmd ip config i think, bell canada hooked up my internet lines and they actually joined two or more wires together and strung them up on the neighbours fence and mine and even wrapped it around a tree branch, god knows why they would even do that, maybe they think when the tree grows it will cost me money to fix it and theyll earn from thier mistakes instead of learn from them... anyway this is my ipconfig test results as explained in previous post from someone.Windows IP Configuration[CODE]
Some Trouble With My Wired Internet Connection,basically it worked somedays other days it cut off and didnt work for a few days,i phoned virgin media who sent me a new modem.Everything is set up and activated and it worked for about a day,now it has stopped working even though the computer says im connected,everytime i try internet explorer or firefox i get a white screen and every webpage i try fails,but if i bring up utorrent i can see that my internet is connected because it begins to download the ebooks
So I have an HP Pavilion dv9000 laptop with window 8 installed and when I try to connect to the internet I keep getting an error that says the "Ethernet" Adapter is not working properly. I used to be able to go on the internet and then my dad had my computer for a while and now it's not working.
I recently replaced a Linksys wireless router with a Netgear wireless router(provided by Comcast) to the modem in my house. I used my HP Pavilion as the computer to run the setup disk and the wireless wizard to link the new router to the modem. I unplugged my HP from the router and proceeded to setup my computer on the wireless network.
When I check the strength sometimes it indicates it's good if I'm practically sitting on top of the router, this seems to eventually degrade to low until finally the connection drops.Repairing' with XP repair facility doesn't work. I can forget about getting a connection if I move further away from the router. At the moment I'm relying on using an ethernet cable snaking across the dining room, which isn't really practical with a toddler and a dog racing around. Recently a friend put a bigger HD in and before this it was working fine, so I suspect that it may be due to this. I think it's due to the wirless card in the laptop, as I have a number of other devices in the house which all work fine.
Is this known bug that you cannot backup (export) full running or startup config from this switch? Will this be fixed in next firmware? (btw, still no new firmware with CDP support for this script altough sales literature mentions that it should have already been available...)Switch does let you backup configuration as text file (which looks similar to normal IOS config syntax), but it doesn't contain all settings so the file is pretty much useless to restoring the config to another switch.At least following settings are missing from the file:
- management interface config (including DNS settings) - passwords - remote syslog server config - SNTP server config - IGMP config - LLDP config
I have recently installed 4 3560 (WS-C3560X-48T-S) Switches. At first the switch comes up, indicating all connected ports with a green LED. Whenever i unplug a cable and plug it back in, the status LED will stay off. The same thing happens when I push the mode button and cycle throgh the different modes, i lose certain LEDs.
I'm using 12.2(53)SE2, another user reported the same issues under 12.2(55)SE1 .
We are having an issue with the the ASA RDP2 plugin, it has been working correctly since the installation of the ASA 2 years ago.1 month ago the functionality stopped working in IE activeX. I performed an upgrade of the ASA software in an attempt to fix, unfortunately this has not resolved the issue. Reimporting the plugin has not solved our issue either.
When using the Java client, there is a warning that -"The terminal server disconnected before licence negotiation completed. Possible cause: terminal server could not issue a licence"When a user clicks on a bookmark or types in a server name that is associated to the RDP2 plugin, the page timeouts and goes back to the home screen of the clientless SSL vpn.
I recently made an old router into a repeater by using DD-WRT. It seems to be working fine if I use LAN, but I cannot get WLAN to function properly. When I go to add a virtual interface and all the proper info, I all of a sudden cannot connect to the Internet. More specifically it seems to not assign me an IP address.
i am trying to connect wifi .i have two wifi hotspots. it just connects with one hotspot and if i try to to switch to other one it just shows windows was unable to connect. and it does not switch back to the previous connection. even it does no go to communicate with access point. directly shows widows was unable to connect.