Cisco Firewall :: ASA5520 Basic Configuration

May 21, 2012

This is my 1st time trying to configure an ASA.

I'm trying to establish a very basic connection (ping) between 2 laptops, one sat on the outside interface, and one on the inside as per the diagram below:
  
I can ping back and forth from the ASA to 192.168.1.4, and to 10.1.1.1. However, what I'm trying to achieve is to be able to ping from 10.1.1.1 to 192.168.1.4 and vice versa.

I have attached the configuration file with this post as well.

View 4 Replies


ADVERTISEMENT

Cisco WAN :: 520 Basic Firewall Configuration With DMZ Required

Apr 19, 2011

I am trying to set up my Cisco 520 router with a firewall that will: Allow port 80 traffic to the vlan 20,Block all other incomming ports to vlan 20 (unless initalised from inside),Allow all outgoing ports on vlan 20,Block all access from vlan 20 to vlan 10 (unless initalised from vlan 10)

View 35 Replies View Related

Cisco Firewall :: Basic DMZ Configuration On ASA 5510

May 8, 2011

creating a DMZ with my current configuration. Most of my configuration has been through the ASDM as I am still learning. I'm looking for a good tutorial through the ASDM to get me on my way. What I need to accomplish is this:
 
I have an internal GIS server which needs to have a constant database connection to an remote GIS Server which is already configured. I've got a separate VLAN setup on my 3750 switch which connects to the DMZ configured port on my ASA with a security level of 50. My GIS server has been placed in the DMZ VLAN which is accessible from my internal clients. I have a /30 Internet block which is being used for Internet and VPN. I have a separate /28 block that I'm assuming I'll need for the DMZ to work properly.

View 1 Replies View Related

Cisco Firewall :: Pix 515e Basic CLi Configuration

Oct 12, 2011

I dint have any experience in Using cisco pix firewall. i got this for home lab practice.the pix can be accessed and configured by web based and CLI mode right. basic configuariton tto configure pix 515e in cli mode.
 
as of now im using console( hyper terminal) to access the pix. in cli based commands  i need the following
 
1. how to assign ip address to inside ethernet and outside ethernet

2. how to enable telnet and after enabling it , can i connect my pc directly to the pix inside ethernet and do telnetting or if at all possible with (https enabled)web based config. any of these are ohk.
 
went at browsing to find these all i could find is web based configs. i need cli commands.

View 9 Replies View Related

Cisco Firewall :: 871 Configuration - Basic Rules

Jan 3, 2013

I have an 871 and all I need to do is some basic rules. Here is the config I am  having the issue with.

View 1 Replies View Related

Cisco Firewall :: Getting ASA5520 Total Configuration Dump?

Oct 9, 2011

We have a pair of ASA5520 firewalls setup in a very inefficient fashion, and I wish to convert them to an active/passive cluster. Trouble is, there are a number of configuration option I will need to re-implement (VPN tunnels, remote users etc), and trying to capture the configuation with a simple "show running-config" or "show running-config all" or even "show startup-config" doesn't get me things like the pre-shared-key from the VPN configurations - and I don't know them all, so I can't simply re-enter them.Is there any way to get a dump of the running (or startup) config which shows the hidden settings like pre-shared keys and OSPF message digest keys?

View 5 Replies View Related

Cisco Firewall :: ASA5520 Unit Not Accessible On Network For Initial Configuration

Dec 15, 2011

We received an ASA5520-K8 through Cisco's Loan program so we could demo it as a replacement for our aging Cisco 3005 VPN appliances.  Given that we are a non Cisco shop (except for specific appliances like concentrators and wireless access points), I don't have a great deal of experience with Cisco gear.I started to set to setup the appliance this morning but immediately ran into issues.  The 5520 doesnt seem to be acting as a DHCP server, and worse yet, I can't access the unit even if I hard code the IP on the PC being used for configuration.  I have to say that I feel kinda stupid having to post this, since I actually followed the documentation avaiable for this menial task and I fully expect the problem to be a simple one.  Namely, I am using two specific sources of info for connections.

View 20 Replies View Related

Cisco Firewall :: ASA5520 Configured NAT / ACL With Real IP In Existing Configuration After Upgrade

Mar 7, 2011

I am forced to upgrade my ASA 5520 software from 7.1 - 8.2 or higher, as I am not familiar with ASA I need expert opinions.I have following concerns regarding the upgrade.
 
1-Do I need to worry about the software licensing when I download 8.2

2-I read about the few difference in commands (ACL and NAT) in 8.2 what exactly I have to do here should I change the configured NAT and ACL with real IP in the existing configuration after the upgrade ?

View 5 Replies View Related

Cisco Firewall :: Migrating PIX515E To ASA5520 - Update BIN Files In Configuration For ASA?

Jul 18, 2011

I am in the process of migrating my config from my PIX running 8.0(4) to my ASA5520 running 8.2(1).  I have converted the config so that it is ready for the ASA.  I noticed the "boot system flash:" and "asdm image flash:" command references the old PIX files.  Do I need to update these or will they be updated when the ASA reboots with the new config?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 Basic Configuration Through CLI?

Oct 21, 2011

step by step ACS 5.1's basic configuration through CLI?

View 2 Replies View Related

Cisco WAN :: 887VA-M Basic Configuration Non Nat

Jan 3, 2013

I am struggling to get this working after spending many hours looking at it I am now completely stuck. We are upgrading from a 857W to this 887 VA-M I have some experience of IOS and the 800 series. Our 857W works perfectly using almost the same config. Our situation is that the router will sit in front of our firewall and act essentially as a simple router passing everything through to our Firewall. Nat is done at the Firewall.
 
We currently have the following configuration that seems to connect the the ISP fine but I cannot connect to the vlan2 port on the switch the firewall cannot connect to he internet or route anything via the Vlan2 port no pings etc.. I am using Fast Ethernet 0 as the Vlan2 port and the rest are V LAN 1 with a local network address to allow me to connect a laptop.
 
We have a block of static IP addresses, the base of which is assigned to the V LAN 2 interface and used by Dialer 0 as IP Unnumbered. Config below.

4590 out of 262136 bytes
! Last configuration change at 17:42:06 UTC Thu Jan 3 2013
! NVRAM config last updated at 17:43:00 UTC Thu Jan 3 2013
! NVRAM config last updated at 17:43:00 UTC Thu Jan 3 2013
[ code].....

View 2 Replies View Related

Cisco :: Basic Configuration For An ASA To Reach The Internet

Sep 30, 2011

I have an ASA running 8.2(2).I am trying to get the network on the inside interface to be able to communicate through the outside interface and on to the internet.

View 18 Replies View Related

Cisco WAN :: 800 Series Router Basic Configuration

Sep 4, 2012

I have just bought my first non-domestic router, a CISCO 887VA-K9 which needs basic configuration to get it working.  I have a copy of the configuration guide (334 pages) and CP Express user's guide (94 pages) and have spent an hour reading but either they are missing something or my brain is too small to figure out step 1.  How to get started.  Perhaps from where to download a CP Express installation kit for Windows.
 
Is the only way via a terminal emulator connected via a serial port ?  Is there a graphical interface I can use ?  Are there any basic tutorials for beginners ?  This is probably the only non-domestic routrer I shall work on so I don't want to invest in a full training course.  I just need enough to plug in the ISP credentials and set up DHCP.

View 27 Replies View Related

Cisco :: Basic Ace30 Configuration For Management Access

Dec 13, 2012

in lab trying to run a test upgrade of an Ace30,can seem to get it right ace30 is in slot 1 of the 6500, management vlan 10

View 4 Replies View Related

Cisco WAN :: Linksys E2500 - Basic Configuration Of 819 Using CP Express

Aug 12, 2012

I set up a basic Linksys E2500 with the following information and connected to the internet straight away without a problem: I have spent several hours simply trying to get this basic information into the Cisco 819 using CP Express without success, i.e. I get no internet.  Rather than show my inputs, What is the correct setup.  I am a novice so I'd rather solve this issue using CP Express just to get connected in the first instance. I have a static IP address, I connected the ethernet cable carrying the internet to the internet port of the E2500 and an ethernet cable from one of the ethernet ports of the E2500 to my PC.  For the 819, I connected the internet cable to the GE WAN 0 port and the PC to one of the FE ports.

View 18 Replies View Related

Cisco Switching/Routing :: 3750X - Basic Configuration

Jul 19, 2012

We currently have 7 Cisco 3524-XL switches (10-12+ yrs old) which are 10/100.  We purchased a handful of Cisco 3750X switches to replace them going with the whole stackwise and redundant power supplies.  Our current configuration on the old 3524 switches is that they have hardset all the ports on them to 100MB/FULL since devices would auto-neg to 100/Half. Since we're going from 10/100 to 10/100/1000 switches, I want things to auto-neg as I have heard in the past and experienced that things work better when it auto-neg to gigabit.  My upper management is afraid since the old switches wouldn't auto-neg correctly that we should hard set all the ports on the new switches, which would be a nightmare since some ports would be hard set to 100/FULL others to 1000/FULL, etc..  We've tested just about all of our devices at auto with the switches and they've all auto-neg to the correct speed. In short, is Auto-Negotiation the way to go with the newer switches or is it still better practice to hard set your ports?

View 3 Replies View Related

Cisco WAN :: ASA5505 Basic Configuration / No Internet Pass-through At All

Apr 8, 2012

I teach in a High School and we've got about a 300 node MS Windows Network.  Two MS2003 File Servers act as my DNS/WINS/DHCP servers. We have been using a WATCHGUARD FIREBOX III to act as the router/gateway between the outside external address and my internal (10.0.0.1) gateway address. All p.c's inside the network are routed to one of the Servers (10.0.0.2 or 10.0.0.4) for DNS/WINS/DHCP addressing.  The servers point to 10.0.0.1 for gateway.

We are trying to replace the Watchguard Firebox with a CISCO ASA 5505 (eventually we'd like to implement VPN).   When I connect the  CISCO ASA, I get no internet passthrough at all. 

View 1 Replies View Related

Cisco WAN :: 2600 With IOS 12.3 / Basic Configuration To Allow Traffic Between Two LANs?

Dec 16, 2011

I have a Cisco 2600 with IOS 12.3.  I need a very basic configuration to allow traffic between two LANs. To test this I cleared the router config to the factory default state and configured my network addresses on the interfaces.
 
When I connected a PC to each interface I found they could ping each other, I was expecting to have to write ACLs to permit the traffic into the interfaces, thinking that the default behaviour of the router would be to deny access. default bahaviour without any ACLs or other routing configurations?
 
My config, such as it is, is as follows:  
 
Current configuration : 770 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption

[code]....

View 5 Replies View Related

Cisco WAN :: 1841 Basic ADSL Configuration Guide

Aug 5, 2012

I am trying to configure a Cisco 1841 to allow the users to access the internet. This is my first step with ppp. All the rest of the configuration is ok but I don't know how to setup the interfaces Dialer0 and ATM0/0/0.

Need very basic configuration that I can analyze and use on my device?

View 10 Replies View Related

Cisco Wireless :: 1941W Basic Configuration Required

Apr 22, 2012

I am replacing a cisco linksys router with a 1941w.
 
I have the 0/0 accepting a DHCP from the ISP then I have 0/1 going to a switch and hosting a dhcp server.
 
Where I have an issue is:
 
A) Finding a way to turn on the wireless and make it use the same DHCP as wired and setting up a user name/wep password
 
B) Turning on the GUI that is supposed to be embedded on this.
 
C) Finding a way to make the DNS point to the default gateway so that I don't have to set the address everytime we move the box.
 
Here is my current configuration, and with it I can get onto the wired network and get to the internet.
 
Current configuration : 4712 bytes
!
! No configuration change since last restart
version 15.1
[Code]...

View 6 Replies View Related

Cisco Firewall :: ASA5520 To ASA5520 Via L2L Tunnel

May 31, 2011

Our firewall expert has gone off on long term illness leave and I am trying to pick up the pieces :-(
 
We have an ASA 5520 (local office) talking to another ASA (remote office) via a VPN Tunnel.
 
My 1st problem is that I cannot ping from my inside network (local) to the outside interface of my remote ASA.
 
My 2nd is that I have debug enabled on my rules but am not logging anything.

View 1 Replies View Related

Cisco Switching/Routing :: 4900M - Basic Configuration And Administration

Jan 1, 2013

First time user of cisco hardware and we just purchased the 4900m catalyst switch.  My question is very general.  I am simply hoping to network 3 servers together and I do not wish to do any fancy or advanced configuration.  Can I simply use the web management interface for network administration and setup?  I just downloaded the Catalyst 4500 Series Switch Cisco IOS software configuration guide and they talk about Cisco View network management system, is this my answer or is this what most people use for basic configuration and administration?

View 3 Replies View Related

Cisco Firewall :: 891 Setting Up Same Basic Firewall Attributes

Nov 29, 2011

In comparing the 891 (IOS 15.1) firewalling/security features to that of the small business routers, how does one go about setting up the same basic firewall attributes?  with the small business line, you have simple "enable/disable: SPI, DOS, Block WAN request, etc..."how do you go about enabling those same simple things in this router, in particular the "Block WAN request"?

View 3 Replies View Related

Cisco :: RME 4.2 Can't Get Configuration File From ASA5520

Aug 10, 2010

I have a problem with RME 4.2 from CWLMS 3.1. I have configured SSH in my asa 5520 device but RME can't get the configuration file. I ran a job to sync archive but i get this message error:
 
*** Device Details for ASA_5520_VOZ_01 ***  Protocol ==> Unknown / Not Applicable  Selected Protocols with order ==> Telnet,TFTP,SSH  Execution Result: CM0062 Polling ASA_5520_VOZ_01 for changes to configuration.  CM00 Polling not supported on

[Code].....

View 2 Replies View Related

Cisco Firewall :: Basic Setup For 5510?

Nov 27, 2012

basic configuration for setting up cisco ASA 5510 for NAT and DMZ.

View 9 Replies View Related

Cisco Security :: Copying Configuration From PIX To ASA5520?

Aug 21, 2012

i hav asa5520 i copying configuration from PIX to ASA5520 (7.2) everything working fine bt problem is that after sometime my DMZ interface losing connectivity ...

View 1 Replies View Related

Cisco Firewall :: Basic ASA 5520 To Allow Access From Internet

Jan 17, 2013

I've got what is probably a very basic question - but i can't figure it out.I have: Internet (ADSL) -> 2851 (ADSL wic) -> 5520 -> internal LAN (192.168.1.x/24)
 
The asa has just replaced a Checkpoint firewall.I've set up the ASA to the point where all hosts on the internal LAN have internet access (using a dynamic PAT on that network).  This all works well.
 
The problem i have is i am trying to allow access from the internet to an internal host on a specifc TCP port (as i had done on the Checkpoint) but i'm getting:
 
Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src outside:111.111.111.11/52135 dst inside:192.168.1.252/5555 denied due to NAT reverse path failure
 
From what i have read i need to add a NAT exemption for this particular use case - to avoid the dynamic NAT i have setup, but im not sure how to do so.I'm running 9.1 on the ASA, no VPNs yet.  Just this basic setup.

View 8 Replies View Related

Cisco Security :: ASA5520 How To Remove Configuration File

Jul 15, 2007

I want to put the asa5520 to the factory default please let me know how to do that. how to remove the configuration file from it.

View 5 Replies View Related

Cisco Firewall :: Basic Config Transparent Mode ASA 5510

Apr 19, 2012

I m trying to set my friewall in my network. The network is very simple. I have my router in 192.168.16.1 255.255.255.0 (mac-address  58-98-35-2a-4c-39) I have my switch in 192.168.16.26 255.255.255.0 (mac-address 00-19-99-5d-1f-43) and i have my firewall ASA between the router and the switch in 192.168.16.250 255.255.255.0 (mac-address 64-9e-f3-ba-28-c9)
 
So i need to configure 3 interface in my ASA.
- OUTSIE e0/0(I call it INTERNET)
- INSIDE e0/1(I call it LAN)
- MANGEMENT m0/0(I call it MANAGEMENT)
 
[Code]....
 
But with this config when I plug the firewall, i dont have access to internet anymore.

View 7 Replies View Related

Cisco VPN :: ASA5520 - Migrate Configuration / Certificates And Private Keys?

Apr 1, 2013

I am going to migrate an ASA5520 with another one having VPN configuration+certificates etc. I am a bit concern about the certificates. Shall I need a new certificate because of new IP addresses on the new ASA ? Should I configure the same IP in order to avoid this. There are many VPN clients with public keys that also need to change. Is there any way for minimal changes for migration ?

View 4 Replies View Related

Cisco Firewall :: Basic Port Forwarding ASA5505 Version 8.4 ASDM 6.4?

Nov 24, 2012

configuring the ASA particulary after the change to how NAT is implemented.  What I am trying to accomplish logically seems fairly simple, yet I cannot get it to work.  I have a Synology NAS at home that I am trying to reach via the internet.  Prior to using my ASA, I had Verizon's FIOS router as my gateway and everything forwarded with no issues.  The ports I need forwarded or reachable via the internet are TCP port 80 and 5000.I can also configure it via command line if that's the easier/preferred method.

View 11 Replies View Related

Cisco Firewall :: ASA 5550 / Basic NAT From Outside Remote-access IPSec VPN To Inside?

Mar 16, 2012

I cannot get this to work properly and I've even had a Cisco engineer from TAC set-this up... and it literally broke my inside network.  I have a VPN range of addresses..x.x.x.x on the Outside that needs access to a server on the Inside at y.y.y.y.  HTTPS/443 connectivity.  I need to NAT my VPN subnet/pool in order to talk to the inside host, as that host will not accept traffic from my VPN subnet, but obviously, will accept traffic from Inside my private network.
 
The Cisco tech entered the following static NAT statement to "fix" the problem - nat (outside,inside) source static VPN Inside-Network destination static Host-y.y.y.y Host-y.y.y.y For whatever reason, whenever this is configured on my ASA 5550 v8.3(2)25 the Inside interface starts proxy arping and assigns all IP addresses on my private network with the MAC address of the Inside interface. 
 
The y.y.y.y is on a remote, routed network within my private, corporate MPLS network.  My Inside private network (Inside-network shown in the static NAT above) is x.x.x.x.  Not sure why this happens, but it kills my entire network and I have to jump through hoops to quiesce the network and get everything back to normal.I've tried to Dynamic-PAT/hide the VPN range behind the Inside interface through ASDM and that seems to do nothing.The NAT statement above will break my network. How to NAT this connection without killing my Inside network?  Or, on how to properly hide my VPN subnet/pool behind my Inside interface and back to the VPN subnet/pool.

View 1 Replies View Related

Cisco Firewall :: ASA5520 Bypass All Network Through Firewall

Dec 22, 2011

With regarding to the firewall ASA5520, i'm using it in my network, all the confiuration are properly configured and working but with the use of proxy address in internet explorer(e.:206.53.155.129/3128) all the blocked contents as easily accessible simply it bypass all the network through firewall.so will u guide me to block the proxy servers.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved