Cisco Firewall :: ASA5520 Basic Configuration
May 21, 2012
This is my 1st time trying to configure an ASA.
I'm trying to establish a very basic connection (ping) between 2 laptops, one sat on the outside interface, and one on the inside as per the diagram below:
I can ping back and forth from the ASA to 192.168.1.4, and to 10.1.1.1. However, what I'm trying to achieve is to be able to ping from 10.1.1.1 to 192.168.1.4 and vice versa.
I have attached the configuration file with this post as well.
View 4 Replies
ADVERTISEMENT
Apr 19, 2011
I am trying to set up my Cisco 520 router with a firewall that will: Allow port 80 traffic to the vlan 20,Block all other incomming ports to vlan 20 (unless initalised from inside),Allow all outgoing ports on vlan 20,Block all access from vlan 20 to vlan 10 (unless initalised from vlan 10)
View 35 Replies
View Related
May 8, 2011
creating a DMZ with my current configuration. Most of my configuration has been through the ASDM as I am still learning. I'm looking for a good tutorial through the ASDM to get me on my way. What I need to accomplish is this:
I have an internal GIS server which needs to have a constant database connection to an remote GIS Server which is already configured. I've got a separate VLAN setup on my 3750 switch which connects to the DMZ configured port on my ASA with a security level of 50. My GIS server has been placed in the DMZ VLAN which is accessible from my internal clients. I have a /30 Internet block which is being used for Internet and VPN. I have a separate /28 block that I'm assuming I'll need for the DMZ to work properly.
View 1 Replies
View Related
Oct 12, 2011
I dint have any experience in Using cisco pix firewall. i got this for home lab practice.the pix can be accessed and configured by web based and CLI mode right. basic configuariton tto configure pix 515e in cli mode.
as of now im using console( hyper terminal) to access the pix. in cli based commands i need the following
1. how to assign ip address to inside ethernet and outside ethernet
2. how to enable telnet and after enabling it , can i connect my pc directly to the pix inside ethernet and do telnetting or if at all possible with (https enabled)web based config. any of these are ohk.
went at browsing to find these all i could find is web based configs. i need cli commands.
View 9 Replies
View Related
Jan 3, 2013
I have an 871 and all I need to do is some basic rules. Here is the config I am having the issue with.
View 1 Replies
View Related
Oct 9, 2011
We have a pair of ASA5520 firewalls setup in a very inefficient fashion, and I wish to convert them to an active/passive cluster. Trouble is, there are a number of configuration option I will need to re-implement (VPN tunnels, remote users etc), and trying to capture the configuation with a simple "show running-config" or "show running-config all" or even "show startup-config" doesn't get me things like the pre-shared-key from the VPN configurations - and I don't know them all, so I can't simply re-enter them.Is there any way to get a dump of the running (or startup) config which shows the hidden settings like pre-shared keys and OSPF message digest keys?
View 5 Replies
View Related
Dec 15, 2011
We received an ASA5520-K8 through Cisco's Loan program so we could demo it as a replacement for our aging Cisco 3005 VPN appliances. Given that we are a non Cisco shop (except for specific appliances like concentrators and wireless access points), I don't have a great deal of experience with Cisco gear.I started to set to setup the appliance this morning but immediately ran into issues. The 5520 doesnt seem to be acting as a DHCP server, and worse yet, I can't access the unit even if I hard code the IP on the PC being used for configuration. I have to say that I feel kinda stupid having to post this, since I actually followed the documentation avaiable for this menial task and I fully expect the problem to be a simple one. Namely, I am using two specific sources of info for connections.
View 20 Replies
View Related
Mar 7, 2011
I am forced to upgrade my ASA 5520 software from 7.1 - 8.2 or higher, as I am not familiar with ASA I need expert opinions.I have following concerns regarding the upgrade.
1-Do I need to worry about the software licensing when I download 8.2
2-I read about the few difference in commands (ACL and NAT) in 8.2 what exactly I have to do here should I change the configured NAT and ACL with real IP in the existing configuration after the upgrade ?
View 5 Replies
View Related
Jul 18, 2011
I am in the process of migrating my config from my PIX running 8.0(4) to my ASA5520 running 8.2(1). I have converted the config so that it is ready for the ASA. I noticed the "boot system flash:" and "asdm image flash:" command references the old PIX files. Do I need to update these or will they be updated when the ASA reboots with the new config?
View 2 Replies
View Related
Oct 21, 2011
step by step ACS 5.1's basic configuration through CLI?
View 2 Replies
View Related
Jan 3, 2013
I am struggling to get this working after spending many hours looking at it I am now completely stuck. We are upgrading from a 857W to this 887 VA-M I have some experience of IOS and the 800 series. Our 857W works perfectly using almost the same config. Our situation is that the router will sit in front of our firewall and act essentially as a simple router passing everything through to our Firewall. Nat is done at the Firewall.
We currently have the following configuration that seems to connect the the ISP fine but I cannot connect to the vlan2 port on the switch the firewall cannot connect to he internet or route anything via the Vlan2 port no pings etc.. I am using Fast Ethernet 0 as the Vlan2 port and the rest are V LAN 1 with a local network address to allow me to connect a laptop.
We have a block of static IP addresses, the base of which is assigned to the V LAN 2 interface and used by Dialer 0 as IP Unnumbered. Config below.
4590 out of 262136 bytes
! Last configuration change at 17:42:06 UTC Thu Jan 3 2013
! NVRAM config last updated at 17:43:00 UTC Thu Jan 3 2013
! NVRAM config last updated at 17:43:00 UTC Thu Jan 3 2013
[ code].....
View 2 Replies
View Related
Sep 30, 2011
I have an ASA running 8.2(2).I am trying to get the network on the inside interface to be able to communicate through the outside interface and on to the internet.
View 18 Replies
View Related
Sep 4, 2012
I have just bought my first non-domestic router, a CISCO 887VA-K9 which needs basic configuration to get it working. I have a copy of the configuration guide (334 pages) and CP Express user's guide (94 pages) and have spent an hour reading but either they are missing something or my brain is too small to figure out step 1. How to get started. Perhaps from where to download a CP Express installation kit for Windows.
Is the only way via a terminal emulator connected via a serial port ? Is there a graphical interface I can use ? Are there any basic tutorials for beginners ? This is probably the only non-domestic routrer I shall work on so I don't want to invest in a full training course. I just need enough to plug in the ISP credentials and set up DHCP.
View 27 Replies
View Related
Dec 13, 2012
in lab trying to run a test upgrade of an Ace30,can seem to get it right ace30 is in slot 1 of the 6500, management vlan 10
View 4 Replies
View Related
Aug 12, 2012
I set up a basic Linksys E2500 with the following information and connected to the internet straight away without a problem: I have spent several hours simply trying to get this basic information into the Cisco 819 using CP Express without success, i.e. I get no internet. Rather than show my inputs, What is the correct setup. I am a novice so I'd rather solve this issue using CP Express just to get connected in the first instance. I have a static IP address, I connected the ethernet cable carrying the internet to the internet port of the E2500 and an ethernet cable from one of the ethernet ports of the E2500 to my PC. For the 819, I connected the internet cable to the GE WAN 0 port and the PC to one of the FE ports.
View 18 Replies
View Related
Jul 19, 2012
We currently have 7 Cisco 3524-XL switches (10-12+ yrs old) which are 10/100. We purchased a handful of Cisco 3750X switches to replace them going with the whole stackwise and redundant power supplies. Our current configuration on the old 3524 switches is that they have hardset all the ports on them to 100MB/FULL since devices would auto-neg to 100/Half. Since we're going from 10/100 to 10/100/1000 switches, I want things to auto-neg as I have heard in the past and experienced that things work better when it auto-neg to gigabit. My upper management is afraid since the old switches wouldn't auto-neg correctly that we should hard set all the ports on the new switches, which would be a nightmare since some ports would be hard set to 100/FULL others to 1000/FULL, etc.. We've tested just about all of our devices at auto with the switches and they've all auto-neg to the correct speed. In short, is Auto-Negotiation the way to go with the newer switches or is it still better practice to hard set your ports?
View 3 Replies
View Related
Apr 8, 2012
I teach in a High School and we've got about a 300 node MS Windows Network. Two MS2003 File Servers act as my DNS/WINS/DHCP servers. We have been using a WATCHGUARD FIREBOX III to act as the router/gateway between the outside external address and my internal (10.0.0.1) gateway address. All p.c's inside the network are routed to one of the Servers (10.0.0.2 or 10.0.0.4) for DNS/WINS/DHCP addressing. The servers point to 10.0.0.1 for gateway.
We are trying to replace the Watchguard Firebox with a CISCO ASA 5505 (eventually we'd like to implement VPN). When I connect the CISCO ASA, I get no internet passthrough at all.
View 1 Replies
View Related
Dec 16, 2011
I have a Cisco 2600 with IOS 12.3. I need a very basic configuration to allow traffic between two LANs. To test this I cleared the router config to the factory default state and configured my network addresses on the interfaces.
When I connected a PC to each interface I found they could ping each other, I was expecting to have to write ACLs to permit the traffic into the interfaces, thinking that the default behaviour of the router would be to deny access. default bahaviour without any ACLs or other routing configurations?
My config, such as it is, is as follows:
Current configuration : 770 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
[code]....
View 5 Replies
View Related
Aug 5, 2012
I am trying to configure a Cisco 1841 to allow the users to access the internet. This is my first step with ppp. All the rest of the configuration is ok but I don't know how to setup the interfaces Dialer0 and ATM0/0/0.
Need very basic configuration that I can analyze and use on my device?
View 10 Replies
View Related
Apr 22, 2012
I am replacing a cisco linksys router with a 1941w.
I have the 0/0 accepting a DHCP from the ISP then I have 0/1 going to a switch and hosting a dhcp server.
Where I have an issue is:
A) Finding a way to turn on the wireless and make it use the same DHCP as wired and setting up a user name/wep password
B) Turning on the GUI that is supposed to be embedded on this.
C) Finding a way to make the DNS point to the default gateway so that I don't have to set the address everytime we move the box.
Here is my current configuration, and with it I can get onto the wired network and get to the internet.
Current configuration : 4712 bytes
!
! No configuration change since last restart
version 15.1
[Code]...
View 6 Replies
View Related
May 31, 2011
Our firewall expert has gone off on long term illness leave and I am trying to pick up the pieces :-(
We have an ASA 5520 (local office) talking to another ASA (remote office) via a VPN Tunnel.
My 1st problem is that I cannot ping from my inside network (local) to the outside interface of my remote ASA.
My 2nd is that I have debug enabled on my rules but am not logging anything.
View 1 Replies
View Related
Jan 1, 2013
First time user of cisco hardware and we just purchased the 4900m catalyst switch. My question is very general. I am simply hoping to network 3 servers together and I do not wish to do any fancy or advanced configuration. Can I simply use the web management interface for network administration and setup? I just downloaded the Catalyst 4500 Series Switch Cisco IOS software configuration guide and they talk about Cisco View network management system, is this my answer or is this what most people use for basic configuration and administration?
View 3 Replies
View Related
Nov 29, 2011
In comparing the 891 (IOS 15.1) firewalling/security features to that of the small business routers, how does one go about setting up the same basic firewall attributes? with the small business line, you have simple "enable/disable: SPI, DOS, Block WAN request, etc..."how do you go about enabling those same simple things in this router, in particular the "Block WAN request"?
View 3 Replies
View Related
Aug 10, 2010
I have a problem with RME 4.2 from CWLMS 3.1. I have configured SSH in my asa 5520 device but RME can't get the configuration file. I ran a job to sync archive but i get this message error:
*** Device Details for ASA_5520_VOZ_01 *** Protocol ==> Unknown / Not Applicable Selected Protocols with order ==> Telnet,TFTP,SSH Execution Result: CM0062 Polling ASA_5520_VOZ_01 for changes to configuration. CM00 Polling not supported on
[Code].....
View 2 Replies
View Related
Nov 27, 2012
basic configuration for setting up cisco ASA 5510 for NAT and DMZ.
View 9 Replies
View Related
Aug 21, 2012
i hav asa5520 i copying configuration from PIX to ASA5520 (7.2) everything working fine bt problem is that after sometime my DMZ interface losing connectivity ...
View 1 Replies
View Related
Jan 17, 2013
I've got what is probably a very basic question - but i can't figure it out.I have: Internet (ADSL) -> 2851 (ADSL wic) -> 5520 -> internal LAN (192.168.1.x/24)
The asa has just replaced a Checkpoint firewall.I've set up the ASA to the point where all hosts on the internal LAN have internet access (using a dynamic PAT on that network). This all works well.
The problem i have is i am trying to allow access from the internet to an internal host on a specifc TCP port (as i had done on the Checkpoint) but i'm getting:
Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src outside:111.111.111.11/52135 dst inside:192.168.1.252/5555 denied due to NAT reverse path failure
From what i have read i need to add a NAT exemption for this particular use case - to avoid the dynamic NAT i have setup, but im not sure how to do so.I'm running 9.1 on the ASA, no VPNs yet. Just this basic setup.
View 8 Replies
View Related
Jul 15, 2007
I want to put the asa5520 to the factory default please let me know how to do that. how to remove the configuration file from it.
View 5 Replies
View Related
Apr 19, 2012
I m trying to set my friewall in my network. The network is very simple. I have my router in 192.168.16.1 255.255.255.0 (mac-address 58-98-35-2a-4c-39) I have my switch in 192.168.16.26 255.255.255.0 (mac-address 00-19-99-5d-1f-43) and i have my firewall ASA between the router and the switch in 192.168.16.250 255.255.255.0 (mac-address 64-9e-f3-ba-28-c9)
So i need to configure 3 interface in my ASA.
- OUTSIE e0/0(I call it INTERNET)
- INSIDE e0/1(I call it LAN)
- MANGEMENT m0/0(I call it MANAGEMENT)
[Code]....
But with this config when I plug the firewall, i dont have access to internet anymore.
View 7 Replies
View Related
Apr 1, 2013
I am going to migrate an ASA5520 with another one having VPN configuration+certificates etc. I am a bit concern about the certificates. Shall I need a new certificate because of new IP addresses on the new ASA ? Should I configure the same IP in order to avoid this. There are many VPN clients with public keys that also need to change. Is there any way for minimal changes for migration ?
View 4 Replies
View Related
Nov 24, 2012
configuring the ASA particulary after the change to how NAT is implemented. What I am trying to accomplish logically seems fairly simple, yet I cannot get it to work. I have a Synology NAS at home that I am trying to reach via the internet. Prior to using my ASA, I had Verizon's FIOS router as my gateway and everything forwarded with no issues. The ports I need forwarded or reachable via the internet are TCP port 80 and 5000.I can also configure it via command line if that's the easier/preferred method.
View 11 Replies
View Related
Mar 16, 2012
I cannot get this to work properly and I've even had a Cisco engineer from TAC set-this up... and it literally broke my inside network. I have a VPN range of addresses..x.x.x.x on the Outside that needs access to a server on the Inside at y.y.y.y. HTTPS/443 connectivity. I need to NAT my VPN subnet/pool in order to talk to the inside host, as that host will not accept traffic from my VPN subnet, but obviously, will accept traffic from Inside my private network.
The Cisco tech entered the following static NAT statement to "fix" the problem - nat (outside,inside) source static VPN Inside-Network destination static Host-y.y.y.y Host-y.y.y.y For whatever reason, whenever this is configured on my ASA 5550 v8.3(2)25 the Inside interface starts proxy arping and assigns all IP addresses on my private network with the MAC address of the Inside interface.
The y.y.y.y is on a remote, routed network within my private, corporate MPLS network. My Inside private network (Inside-network shown in the static NAT above) is x.x.x.x. Not sure why this happens, but it kills my entire network and I have to jump through hoops to quiesce the network and get everything back to normal.I've tried to Dynamic-PAT/hide the VPN range behind the Inside interface through ASDM and that seems to do nothing.The NAT statement above will break my network. How to NAT this connection without killing my Inside network? Or, on how to properly hide my VPN subnet/pool behind my Inside interface and back to the VPN subnet/pool.
View 1 Replies
View Related
Dec 22, 2011
With regarding to the firewall ASA5520, i'm using it in my network, all the confiuration are properly configured and working but with the use of proxy address in internet explorer(e.:206.53.155.129/3128) all the blocked contents as easily accessible simply it bypass all the network through firewall.so will u guide me to block the proxy servers.
View 1 Replies
View Related
