Cisco Firewall :: Accessing ASA 5505 From Internet?
Dec 4, 2012I want to access my ASA 5505 from internet.how I can achieve it.
View 1 RepliesI want to access my ASA 5505 from internet.how I can achieve it.
View 1 RepliesWe have an ASA-5505 running 8.2(1) with a Bosch DVR 600. When a machine is on the local subnet, it can see the video; however, when it's moved to the DMZ, the unit can be accessed, but all video screens are black and an java script error pops up as follows: [URL]
This message does not pop up when on the local subnet. Additionally, in the login screen, there is a language selection, and sometimes all languages are blanked out. There is a space for them, but they don't display.
I've tried this on a half a dozen machines, either XP or Win7 with IE8 and IE9, and they all do the same thing. I disabled http inspection, but that doesn't work. I also did a packet capture, and the only packets that traverse the ASA.
I have a Cisco 5505, 2 sites that are internal, 1 external IP (dhcp from cable modem). While on my laptop, ipad, iphone, I cannot access the server via it's external IP address. I MUST use the internal IP in order to access this site. I have heard of hairpinning, internal dns server(don't really want this).
View 8 Replies View Related active# sh running-config
: Saved
:
ASA Version 8.2(5)
!
hostname active
domain-name dhalahore.org
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
[code].....
we connect to Cisco ASA 5505 on IPSEC VPN the cisco fowards the demand to the our Juniper router. what ever we do on VPN works #1 exept FTP. [code] Since most home routers use 0.0 1.0 or 2.0 most of our clients cant connect to the VPN so my boss configured our Juniper to translate the IP.So to access 2.0 we do 202.0.So exemple to access in RDP a server in 192.168.2.220 we write in windows RDP 192.168.202.220 and the Juniper converts the data to 2.220 and all works fine. [code]
View 4 Replies View RelatedI have an ASA 5505 and have a problem where when I connect through VPN I can RDP into a server using its internal address but I cannot RDP to another server using its internal address.The one I can connect to has an IP of 192.168.2.10 and the one I cannot connect to has an IP of 192.168.2.11 on port 3390.Both rules are configured exactly the same except for the IP addresses and I cannot see why I cannot connect to this one server.I am also able to connect to my camera system with an IP 192.168.2.25 on port 37777 and able to ping any other device on the internal network.I've also tried pinging it and telneting to port 3390 with no success.
Here is the config.
ASA Version 8.4(4)1
!
!
interface Ethernet0/0
switchport access vlan 3
!
interface Ethernet0/1
[code]...
Trying to figure out how to configure the VPN client side to access a remote LAN.
Lan A - 172.16.17.0 - ASA5505 8.2(3)
Lan B - 200.200.0.0 - ASA5510
Cisco Client - V5
At present there exist a VPN tunnel between LAN A and LAN B. The client has a VPN tunnel to LAN A to run software package X on the LAN A server. The client also needs to run software package Y which needs access to a database on LAN B. The computers on LAN A have no problem using package Y since a VPN tunnel exist between LAN A and LAN B. How can I get the Client to also access LAN B on the same tunnel created when the client connects to LAN A? I can't seem to get packets that are directed to LAN B to cross the Client tunnel to A which would then hopefully move onto the LAN A/ LAN B tunnel.
Got a problem accessing our webservers on the inside interface from other clients on the inside interface on our ASA 5505.As in, they type in url... in their browser, and it wont work.
However, if we use a PC on another outside network, it works just fine! [code]
setting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:
Network Address Network Mask BTnet NTE Router LAN Address
There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.
I am trying to configure access to several remote offices for users who VPN into our main datacenter. The datacenter has a 5520, and the branches are connected through IPSec L2L VPNs. Branches all have 5505 or 5510's. Remote users use IPSec via the Cisco remote Client. Remote access into our data center works, and the L2L VPNs are perfect...just now that i need remote users to access the branches after Remote access VPNing (for support) i cant get that part to work.
View 2 Replies View RelatedI have a Cisco ASA 5505 with the base License. I want to split my network and add a new Internet Access, the first network in Orange works fine. My question is how can i access the file server from the second network (192.168.X.0 /24) ? The 3 switches are Cisco SF300-24P.
View 7 Replies View RelatedI am trying to configure DMZ on ASA 5505, basic license. After changes I have made I cannot access Internet from DMZ. I think I am missing an access list for DMZ, but I am not sure.
interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1 !interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5switchport access vlan 3!interface Ethernet0/6!interface
[Code].....
I have basically started fresh, from a clean image. We bought these with the expectation that we would be able to configure them using the GUI for what we need, which up till this point doesn’t seem to be the case.I will tell you how I have this setup, I have our ADSL going to a modem acting as a bridge with a static IP supplied by the ISP. If i connect a laptop to that modem and set the static ip on the laptop, I get internet access fine.So I then connect the modem to ethernet0/0 and the laptop to ethernet 0/1 I connect to the ASDM and run the startup wizard with the following:
· Outside ip : 87.87.87.87 255.255.252.0 (this works on the lappy straight to the modem)
· Inside ip : 192.168.10.1 255.255.255.0
· No dmz
[code]......
First time attempting to set up a 5505. Trying to replace a snapgear firewall and replicate the settings to the 5505.
View 12 Replies View RelatedI have a 5505 ver 8.2 connected to a router with a T1 internet connection. There was a problem with the internet service and when it was resolved the ASA did not pass traffic to the internet until it was power-cycled. Unfortunately that's all the info I have, as I was not onsite and couldn't access the ASA.
View 3 Replies View RelatedI am using ASA 5505.Below are my sh run.I am not able to ping my gatway i.e 182.73.131.89
interface Ethernet0/0
description Internet Interface
switchport access vlan 61
!
interface Ethernet0/1
description office Internet
switchport access vlan 50
[code]....
I have not been having much success configuring my 5505 for Internet access, and I'm sure there are a few small things I'm missing. At times I believe I got it to the point where I could ping, but still not pass through the Internet traffic. At this point, I reset the 5505 and only changed a couple of settings. I have an external range with these characteristics: Network Address 67.139.113.16 (.17 is Gateway), SM: 255.255.255.248, available IP: 67.139.113.218 The external connection is through a T1 modem, and when I put those settings in my laptop, I can access just fine. When I went through the startup wizard in the ADSM, I maded the internal interface 10.209.0.3, subnet mask: 255.255.255.0 I selected PAT in the Wizard, but don't know if I should have, or if the NAT rules I tried to put in are fine. Eventually I want to add a Site to Site VPN to the rest of the 10.0.0.0 network, but I can't even pass the Internet through to the inside. Also, this will eventually be behind another hosted firewall, so I'm not worried about restricting access, even currently. However, I suspect the problem is that traffic is being blocked with the NAT rules or Access rules.I wish I could just disable those inherent deny rules Outside of pings to 10.209.0.3, all pings come back as request timed out.
Config:
: Saved
:
ASA Version 8.2(5)
!
[Code].....
I am trying to configure Nat on a clean ASA 5505, but can't get it to work. I ran the commands below. On the ASA I can ping the internet and inside vlan ip. On my laptop I can ping the ASA inside vlan ip, but I can't ping the outside vlan ip. From another network I can ping the ASA outside public ip. Is there an access-list that denies inside from accessing outside?
I am running version 8.4(3) and I erased the existing configuration.
ASA(config)# interface vlan 1
ASA(config-if)# ip address 10.0.0.1 255.255.255.0
ASA(config-if)# nameif inside
[Code].....
I have an ASA 5505 behind my internet router. i have got only one public ip configured on the router outside interface.192.168.20.0/24 subnet is configured between ASA and router and inside network is 192.168.10.0/24 (Refer the attached diagram).
I have exposed my mail server and ftp server to public through static PAT in router and ASA with the same public on router outside interface. Iam facing issue some of the machines inside my network internet is not working(actually DNS is not resolving) some of the PC's internet is working fine some of the PC's randomly working. i have attached the diagram and ASA config , after this issue is sorted out i need to configure a L2L VPN to my head office.
I have a Cisco ASA 5505 that has been configured to act as a router as well. I have configured 3 VLANS that have access to the internet. For some reason the "InsideWifi" and the "Guest" VLANS have very slow internet speeds and sometime web pages wont finish loading properly. The "Inside" VLAN gets the speeds that are expected. The DNS server does reside on the "Inside" VLAN. Is there anything wrong with my configuration that would cause the internet speeds on the other VLANS to be slow? My config is attached.
View 6 Replies View RelatedWe currently use a linux software based firewall called IPCop that sits between our network and router (This is in bridged mode) IPCop conects over PPPoE and everything works fine.
However the system is not reliable and I fear not that secure so have purchased an ASA5505 now I have added the PPPoE info to the device using the ADSM software however although it picks up my external static IP I'm unable to access the internet. On IPCop I only had to enter the broadband credentials and it worked however I feel like I may have to add more to the Cisco, for example do I have to specify DNS servers and do I have to set a static route?
Here is my config file so far (Note I think I have turned on the ability to ping from internal to external). My config I have done through the ADSM as opposed to the CLI
: Saved:ASA Version 8.4(3) !hostname ciscoasaenable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface
[Code].....
I'm trying to allow SSH traffic from the Internet to my DMZ. I gave my remote guy my ip and he can see the ASA 5505 but not get into the DMZ. The outside is 70.165.19.137. The DMZ server is 192.168.60.2. I have the inside talking to the DMZ fine. [code]
View 9 Replies View RelatedI recently bought an ASA on eBay the plan was to try and learn how to configure them and get more familar with Cisco's ASA hardware etc.
I want it to do the routing for my home network. The way things are setup at the moment is pretty standard. I have an ADSL modem which is also a router which was provided by my ISP (Orange).
The first thing I did was change the router to be in "modem only" mode which seems to have worked. I then got the ASA to use PPPOE by following this guide [URL] I assume that worked as it is authenticating with the ISP and I'm getting a puplic IP address assigned to the outside interface. The default gateway is being set by the "ip address pppoe set route" command which I have verified with the "show route" command. The problem I'm having is that even though I'm getting a public IP I can't ping any thing from the ASA I've pinged 8.8.8.8 and 4.4.4.2 using the outside interface as the source but I'm not getting any responce. I have tried changing the MTU a few times to different amounts on the outside interface with no luck.
I set up an ASA 5505 at home through PPPOE connection. The ASA seems to obtain an IP address correctly.and I can ping a public ip address using the outside nic, but not the inside nic. I saw the error message when I ping: No route to ff0213 from fe801bc2b1288cd5bc1. As a result, I cannot connect to the Internet.
View 11 Replies View RelatedI'm trying to configure a second server on my network but whenever I add the static NAT rule, the internet stops working on that computer.
Here's my Cisco ASA configuration:
ASA Version 7.2(3)
!
hostname domain
[Code].....
I have config ASA 5505 and it is conencted to layer 3 switch that connects to cable Modem.
ASA is config with DHCP option and PC is able to get the IP from ASA. But from PC i am unable to access the internet. From ASA itself i am able to ping the Websites fine.
ASA has config with DHCP for inside and also it is doing NAT.
When i connect the ASA directly to Cable modem then pc is able to access the internet.
I have setup 5505 ASA for Testing purposes. It has static route to layer 3 switch on outside interface that goes to the internet.
ciscoasa# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
[Code].....
I would like to restrict Internet traffic (HTTP & HTTPS) for Inside Users with an ASA 5505. I would like to setup a proxy-like system where a User/Password must be entered before the User can actually browse the web.
I know that this can be done with an additional RADIUS/TACACS+ Server. Is this also possible without any external AAA Server, so with User/PW stored on the ASA locally only?
I have configured the ASA 5505 for internet access and outside users to use two servers in the DMZ. Every thing is working fine. When I was configure VPN, I did some mistake I guess, now inside users are not able to access internet. They get an error 405. Thats an error. The request method XXX is inappropriate for the URL /. Thats all we know. Even I am not able to access the server in the DMZ from outside and I get an error : Bad Request - Invalid HeaderThese things just happend after I did some thing on the ASA. I copy and pasted the my old configuration but still insider users are not able to connect to internet and from outside I am not ableto connect to server. The weired thing is that I can user VPN with out any issues. I can connect to vpn but I cant access any internal resources. Even inside users are able to ping internet addresses with out any issue.
View 2 Replies View RelatedI changed a configuration and suddenly I lost the internet connectivity... Result of the command: "show running-config"
: Saved:ASA Version 8.2(1) !hostname ciscoasaenable password qVQaNBP31RadYDLM encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 !interface Vlan2 nameif ATT security-level 0 pppoe client vpdn group ATT ip address pppoe setroute !interface Ethernet0/0 switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveclock timezone EST -5clock summer-time EDT recurringsame-security-traffic permit inter-interfaceobject-group service DM_INLINE_TCP_1 tcp port-object eq ftp port-object eq ftp-data port-object eq wwwaccess-list ATT_access_in remark Linkstation Accessaccess-list ATT_access_in extended permit tcp any host 99.23.119.78 object-group DM_INLINE_TCP_1 access-list ATT_access_in remark Linkstation
[code]....
I found a tricky task for our ASA 5505 firewall. I am not able to go internet when using DHCP but I can access by using fixed IP address in client PC.Same IP, Same Mask, Same DNS, Same Gateway. All the same but no hope. Any configuration i missed in firewall?
View 5 Replies View RelatedI'm unable to have any internet connection for my new setup.
here's the overview.
Current setup is
Internet -> Router -> PIX 501 -> Switch -> clients
Internet -> static ip given is 210.193.34.1 - 210.193.34.6
Router -> Static ip assigned for NAT/External is 210.193.34.1, Local ip is 192.168.1.246
PIX 501 setting ->
IP to Router, According to router screen is 210.193.34.2, but not sure what settings are done in the PIX itself as I'm unable to access it.
local ip is 192.168.1.1
Clients - > 192.168.1.0
Old setup is working fine and connected to internet. for the new setup, as i do not want any downtime for the old setup.
As you can see, there are two firewalls connected concurrently to the router. I've configured it this way.
Internet -> Router -> ASA 5505 -> Switch -> clients
ASA 5505 setting ->
IP to Router NAT/External/ Outside Interface, 210.193.34.6 (Or do i set as 192.168.1.0?),
local ip/ Inside Interface is 192.168.2.1
Clients - > 192.168.2.0
some setup details.
security policy, NAT, set to default. routing is route outside 0.0.0.0 0.0.0.0 210193.34.6
I'm unable to access after a week of troubleshooting.
i am looking for the best practices when using a Cisco ASA 5505 to provide NAT and protect my inside network from the outside.
I have the inside security level set to 100 and the outside set to 0, want other features can be used to protect the network from the Internet, am assuming that the security levels will ensure no traffic comes from the outside to the inside unless there is a rule that allows it.
Would any firewall policies be required to increase the level of security?