Cisco Firewall :: Adding Remote Routers To ASA 5510?

Jun 13, 2012

I am pretty new to Cisco networking and setting up a test router to use from home to connect into our network. My organization would like for us to provide upper management with home office setups to give them the ability to work from home. We will provide all of the equipment of course (router, phone and workstation). my boss wants me to use some of our old decommissioned equipment to set up a test home office to see how efficient and feasible it would be. I have a Cisco 1700 router, Altigen IP720 phone, and Dell Optiplex 380 workstation.

View 2 Replies


ADVERTISEMENT

Cisco Firewall :: Adding Failover To Active ASA 5510?

Oct 14, 2012

I am adding a failover asa to an a firewall that is already in production. They are both 5510's, they both have the same abount of ram, have the same code versions. Will there be any downtime while adding the secondary in?

View 2 Replies View Related

Cisco Firewall :: Adding Failover ASA 5510 Back After Configuration Changes On Primary

Nov 28, 2012

I had a working active/passive pair of ASA5510's, and then I had to do a rush firmware upgrade, but didn't have time to do it on the secondary at the same time.  Now I have made config changes and upgraded the secondary firmware to be the same, and wish to know if I plug it back in if it will think the secondary has the "correct" config or if it will know that the primary is newer.  I disconnected the failover cable because it was complaining about version mismatches constantly.
 
Is it safe to add the secondary back in or is it possible it will be declared newer and overwrite the config?

View 6 Replies View Related

Cisco Firewall :: NAT Route For Remote VPN On ASA 5510

Nov 15, 2011

I have configured a remote access VPN on my Firewall ASA5510. Everything worked fine and I can successfully connect through the VPN. The problem is I cannot ping or connect to any of my internal network resources. I tried to add a new NAT route from outside to my internal servers using the defined pool but due to a new ASA version there are many changed I see in the NAT routes

View 37 Replies View Related

Cisco Firewall :: ASA 5510 / ASDM Access With Remote VPN

Apr 18, 2012

I have a cisco ASA 5510 that I have set up currently to access via ASDM through the Inside interface. When I VPN in using our older VPN server I can connect to it fine.  I recently set up the ASA to also be a VPN server which will eventually replace the older server for our HQ.  I noticed that when I'm VPN using the ASA as the VPN server, I can only ASDM to the public which I prefer not to allow.  Access to the inside doesn't seem to work this way. What configurations if any would be causing this.  I'm assuming it's some thing I need to adjust in the VPN configuration.

View 3 Replies View Related

Cisco Firewall :: ASA 5510 - PCI Scan For Remote Access VPN

Jul 2, 2012

We got the below alert when we ran the PCI scan on our VPN firewall (use it for remote access VPN).
 
OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Ciphersuite Disabled Cipher Issue
 
Solution- Upgrade to OpenSSL 0.9.8j or later.
  
ASA 5510 running  8.2(2)

View 6 Replies View Related

Cisco Firewall :: Adding Multiple Site To Site VPNs In ASA 5510

Oct 10, 2012

I have a ASA 5510 at our corporate HQ that has one site to site VPN. I need to add 6 additional site to site VPN's to this ASA for our remote branches. How can I add them without affecting the existing site to site VPN?  The 6 site to site VPN's will all have the same settings however these settings are different from the existing site to site that I already have set up. How can I set it up so the 6 additional VPN's use their own crypto map and all use the same settings?

View 1 Replies View Related

Cisco Firewall :: 5510 / Adding AIP Firewalls To Existing CSC Firewalls Setup?

Mar 3, 2011

I have a customer with active/standby on a pair of 5510's with the CSC modules. They were inquiring about the AIP/ASA, and since this would NOT work in their current setup, would getting a pair of 5510/AIP configured for transparent failover work placed in front fo the existing units? Would I need to have a switch placed between the AIP and CSC ASA's?  Or would I setup the ASA's for context based Active/Active failover to interconnect the ASA's to the existing units, but I still see a need for a switch.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 Cannot Talk To Remote Networks Connected

Mar 20, 2012

We have an inside interface, 192.168.10.0/23We have an outside interface, public ip...We have the ASA connected to 5 site to sites, this is working fine and through the internal interface can access all remote sites and vice vera. These are 192.168.20.0/24, 192.168.30.0/24, 192.168.40.0/24, 192.168.50.0/24 and 192.168.60.0/24,When a user connects via Cisco VPN Client they can see the inside network but can't talk to the remote networks connected, for instance 192.168.40.0/24... whereas an internal user can. I understand that the VPN client connection is seen as an outside connection, not an inside connection... but then I read [URL] and I am confused even more.

View 8 Replies View Related

Cisco Firewall :: 5510 Remote Access VPN / Change The Outside Interface IP

Dec 19, 2012

I have a Cisco 5510 which has remote access VPN configured.Now I have new block of IP address, is there a way I can just change the outside interface IP so that people can remote in without doing anythng else?Or if I coulds be taught to create a new one.Or best way to approcah this issue?For example: it was 67.64.x.x now I need to change to 64.44.x.x.

View 1 Replies View Related

Cisco Firewall :: Remote VPN On ASA 5510 Failing To Hit Public Servers?

Mar 12, 2012

I have a Cisco ASA 5510 that was set up as a VPN server for working remote.  I have disabled split tunneling so that all traffic created while VPN'd in goes through the ASA.  The problem I'm having I believe would be resolved if I enabled split tunneling but I would prefer another solution.  Now..for the problem.When a user is connected via VPN, they can hit all intended devices both public and private accept servers that have static NATs in the FW.  So Server A has a public of 1.1.1.1 which is one to one mapped to private address of 10.1.1.1.  Now if the remote user brings up a browser and goes to 1.1.1.1 it wont work.  The FW gives me a error which is posted below.  However, using the private IP of the server works.  I thought about trying to manipulate DNS to resolve this as the remote users are using URLs and not IPs when trying to reach these servers but again, was hoping I could resolve the NAT problem that the FW seems to be having.
 
Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src Outside:192.168.202.100/49238 dst INSIDE:1.1.1.1/80 denied due to NAT reverse path failure 192.168.202.x/24 is the remote vpn ip given via the ASA. 

Here are some configurations on the ASA:
 
static (INSIDE,Outside) 1.1.1.1 10.1.1.1 netmask 255.255.255.255
 access-list INSIDE_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_2 192.168.202.0 255.255.255.0 
object-group network DM_INLINE_NETWORK_2

[code].....
 
Outside with 4.4.4.4 as the public ip traffic gets NAT'd do dynamically Inside with 10.1.1.x network on it.The ASA is running 8.2

View 2 Replies View Related

Cisco Firewall :: 5510 Access List For Remote Vpn Users

Apr 5, 2011

How to designate access-list for the remote access vpn users in order to let them access specific subnet or host,asa 5510 and acs is in the picture

View 9 Replies View Related

Cisco Firewall :: VLAN Tagging To ISP Through ASA 5510 To Remote Site

Oct 25, 2012

we have a base license ASA 5510, and been trying to get ICMP working to check that we're routing and not hitting any NAT translation. We have a VLAN280 setup to ISP for VPN link to remote site and another VLAN281 for internet access for internal users.
 
Users can browse internet from (name _inside interface e0/1 access port) which is fine. When I do a ping to remote office through the VPN I get a response pinging from VLAN280 name VPN_Link. When I do a ping from name inside interface I don't get a response both are security level 100 with same-security-traffic permit inter-interface configured.
 
Config:
 
!
interface Ethernet0/0
speed 100
no nameif

[Code]....

View 11 Replies View Related

Cisco Firewall :: ASA 5510 - Connection Refused By Remote Host

Apr 26, 2011

I am trying to telnet to my asa 5510 from the core swith,however i received the below msg,how enable it?
 
 172.30.1.100 is the inside interface of the asa
 CITYCORE#telnet 172.30.1.100Trying 172.30.1.100 ... % Connection refused by remote host
CITYCORE#

View 8 Replies View Related

Cisco Firewall :: ASA 5510 - History Of Remote Access VPN For Last Week?

Apr 7, 2011

is there any method on the asa 5510 let u see the history of the remote access vpn connection for the last week

View 6 Replies View Related

Cisco Firewall :: ASA 5510 - Set Up Guest Wireless Network For A Remote Office?

Jul 8, 2012

I have been tasked with setting up a guest wireless network for a remote office.  They would prefer that the guest network be on a different VLAN than the trusted network, and they want to use a different outside IP address for the guest network. 

I am trying to figure out how to configure the ASA so that it supports two different LANS, each with it's own outside IP address.  Is this possible?

View 7 Replies View Related

Cisco Firewall :: ASA 5510 / Internet Access For Remote VPN With Split Tunneling

Jun 23, 2011

I have a remote VPN with split tunnelling enabled. Currently, users connected to this VPN browses internet with his/her internet connection. Now, my requirement is that a roaming user connecting to the vpn must use our company's internet connection for his browsing purposes. How can I do this?Equipment we are using: ASA 5510

View 3 Replies View Related

Cisco Firewall :: Unable To Access Remote Network After Connecting ASA 5510 And 5505

Sep 24, 2011

I am using two firewalls to connect two different offices. Firewall 5510 is running ASDM 6.3 and 5505 is running ASDM 6.2, Problem is that even after connecting two sites, i am unable to ping remote network from either side. I am mentioned static route as tunneled.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 / Can LDAP-authenticated Remote User Be Assigned A Connection

Jun 30, 2011

ASA 5510 ASA 8.0 ASDM 6.1 I want some remote users to have split-tunnel connection, others not.  I used Cisco Document ID 100936 "Allow Split Tunneling for AnyConnect VPN Client on the ASA Configuration...".  I created a new Group Policy with split-tunnel enabled.  I created a new Connection Profile and assigned to it the new Group Policy.  When I authenticate at the AnyConnect client I get a dropdown of the 2 connecton profiles, to choose the one I want.  Each of them works, enabling or disabling split-tunnel.  But I want to assign a connection profile to the particular user, not give the user a choice.  The problem is I'm using LDAP authentication.  The Local Users I set up before LDAP are obsolete, assigning them a Group Policy does nothing.  I really don't want to give up LDAP and force people back to another local password.  But the LDAP authentication to Active Directory just says yes or no, it won't assign a connection profile.  At the AnyConnect Connection Profiles page I have set a switch "Allow user to select connection profile, identified by its alias, on the login page.  Otherwise, DefaultWebVPNGroup will be the connection profile".  If I clear that switch every user will be assigned the same default profile, which does not work.

View 2 Replies View Related

Cisco Firewall :: 5510 RADIUS Based AAA For Remote Access Tunnel Groups

Nov 22, 2011

How would I go about configuring RADIUS based AAA for remote access VPN users?  I have an OSX RADIUS server and an ASA 5510
 
(I want to keep console and SSH using LOCAL, so I keep this: "aaa authentication ssh console LOCAL", right?)What does the rest of the config look like to get RADIUS based AAA for remote access VPN users?

View 4 Replies View Related

Cisco Routers :: WRVS4400N V.2 - Remote Management Through The Firewall

Mar 21, 2012

I'm attempting to configure remote management (and, sometime soon, SNMP) for a newly-deployed WRVS4400N v.2.At the Basic Settings page, I enabled Remote Management, and left the port # at the default. Remotely I entered the public (static) IP for the router in the address bar of IE8 similar to this: 67.203.???.??:8080. IE8's response is, "The webpage cannot be displayed." I'm using a public wi-fi access point, and don't know how the local router is configured, so it's possible that the local router has a blocking rule in the firewall.I'll try again using another remote router that I manage.

View 3 Replies View Related

Cisco Firewall :: ASA 5510 Identity NAT Configuration For Remote Access VPN And Site-to-Site

Mar 9, 2011

I am try to configure ASA 5510 with 8.3 IOS version.My internal users are 192.168.2.0/24 and i configured dynamic PAT and are all internet .

i want configure identity NAT for remote access VPN.Remote users IP pool is 10.10.10.0 to 10.10.10.10
 
i know to configure NAT exemption in IOS 7.2 version. But here IOS 8.3 version. configure NAT exemption for 192.168.2.0/24 to my remote pool( 10.10.10.0 to 10.10.10.10).

View 6 Replies View Related

Cisco Routers :: RV082 Disabling Firewall And Remote Management

Sep 17, 2012

I have a RV082.I need to disable the firewall, since firewalling is done better elsewhere.However disabling firewall Remote management on wan ip is forcefully enabled.I don't need Remote management, keeping it enabled is a security risk for my setup.I don't understand the rationale behind the choice to forcefully enable remote management if firewall is disabled.Is there a way to disable both firewall and remote management?Or at least a workaround?
 
I'm on firmware 2.0.0.19-tm on a probably v2 hardware. (Cannot find this info in the web configuration).This is not the newest even for v2 hw but I cannot afford to break it trying to upgrade the firmware.Moreover no release notes for firmware releases refers to a correction of firewall/remote management behavior.Is this behavior also in newer firmware releases?

View 2 Replies View Related

Cisco VPN :: VPN Not Working After Adding Subinterface - ASA 5510

Nov 19, 2012

Currently I want to add a second lan (vlan) in a customers network. The new network will be for a wireless infrastructure.There is also VPN Configured on the ASA - One with L2TP for Windows Clients and an IPsec for Cisco Clients.Former we only had one outside (Eth0/0) and one inside interface (Eth0/1) on the ASA.Now I want to use the Eth0/2 with subinterfaces, so that we will be flexible for future, when deploying more vlans.But now, when i turn the first subinterface Eth0/2.2 to no-shut the VPN Connections does not work any more.Bulding up the VPN connection works, but it seems that the traffic is not tunneled. (I checked this, because tracert to an internal adress goes to the internet)Below there is my config, i don't know whats wrong. I think split-tunnel is configured correctly (because it works when i delete eth0/2.2) TREV is the network of this location.Company1,2,3 are remote locations.
  
: Saved
:
ASA Version 8.2(5)
!
hostname XXXXXXX
domain-name domain.lan
enable password XXXXXXXXXXX encrypted
passwd XXXXXXXXXX encrypted

[code]....

View 3 Replies View Related

Cisco Firewall :: 2800 Routers / ASA 5510 Cannot Ping Via Route Inside?

Mar 3, 2013

I recently added a business cable modem to relieve some of the congestion I was getting on my T1 for our MPLS network.  There was an ASA 5510 collecting dust in a closet here and I thought it would be the perfect device for firewalling the traffic coming in from the Cable modem, and handling the routing of our internal MPLS traffic as well.  Internet setup was cake.  The test laptop I have using the ASA as it's gateway has great internet service but it cannot ping across either of our MPLS networks.  I have one MPLS with AT&T and one MPLS with EarthLink.  My hope was to use the cable modem as the Default route for all unspecified internet traffic and route our internal MPLS traffic to the cisco 2800 routers that are currently in place for the MPLS.  I can ping across the MPLS when I telnet to the ASA, but I cannot ping across the MPLS from the client that is connected to the ASA.
 
Here's the topology I'm working with
 
Internet
|
Cable Modem
|
ASA 5510 10.52.120.23

[Code].....

View 8 Replies View Related

Cisco :: ASR 1001 - Adding Routers To NCS Prime?

Jan 20, 2013

This would be the first time I will be working on NCS for a client. There is completely a new install and I was just doing my reading to get my head around the overall working of the product. I had a small Q in mind which I wanted to ask here, while going the config guide, i could not find the way to add a router to the NCS prime. W have ASR 1001 in use along with switches. I read in some forum that NCS supported routers but couldnt find the way in the config guide unless i am missing somewhere. The NCS version is 1.0

View 6 Replies View Related

Cisco VPN :: Remote VPN In ASA 5510

Nov 5, 2011

We have an ASA 5510 in which remote access VPN os configured. The problem is that we are able to access all the internal resources and after an hour we get disconnected. The VPN is still up though. We have to reconnect VPN to get things going again.

View 0 Replies View Related

Cisco Routers :: RV042 Adding 2 Internet Speeds?

Dec 22, 2011

we have 2 thompson HDSL routers connected to the internet. we want to combine them to have higher bandwidth and load balancing so we attached them to a linksys rv042 router. we are running a Xbox applications that require high speed internet streaming.
 
if the RV042 can combine those 2 high speed internet connections, without disconnecting.

View 1 Replies View Related

Cisco Routers :: RV220W - Adding Alias Into Router

Aug 26, 2011

I have 3 subnets that I all want to have my RV220W (1.0.2.4) as the gateway. Where can I add an alias into the router so all three subnets and communicate with it?

View 1 Replies View Related

Cisco VPN :: ASA 5510 - Remote Access VPN And DNS?

May 25, 2011

I have a remove access vpn configured on my ASA 5510 which works fine, VPN pool easily allocates IP to all remote used , but they have few network drivers shared on their machines & most of them are linked using the computer name rather than the IP which normally doesnt work as VPN pool doesnt provides the DNS IP to the remote clients . Is it possible to allocate DNS IP with the VPN IP ?

View 1 Replies View Related

Cisco VPN :: ASA 5510 As EasyVPN Remote?

Aug 12, 2012

Can the Cisco ASA 5510 appliance be used as an EasyVPN Remote device, or only as an EasyVPN Server?

View 1 Replies View Related

Cisco VPN :: 5510 - Getting ASA (NEM) VPN Remote Clients (v8.4.5)?

Mar 30, 2013

I've some strange problems with multiple ASA (NEM) VPN remote clients (v8.4.5). On the HQ I've an ASA5510 (v8.4.5) with multiple NEM's connected to it. The group policy used on the HQ is configured for split tunneling. Now here's the problem;
 
The remote ASA (NEM) constructs easily a VPN connection to the main location; it seems that everything works well. Traffic through most of the tunneled networks works perfectly. Traffic to certain subnets or hosts brings me into trouble, there is no traffic flowing through the tunnel at all!
 
When using the command "show crypto ipsec sa | i caps|ident|spi” I can see all of the tunneled subnets. The subnets that works perfecly gives me the correct "local and remote ident" output. The subnets with problems gives me wrong values ​​in the "remote ident". The remote ident should be the IP address of the inside LAN (of the remote NEM) and not the IP address of the ouside interface (of the remote NEM). How is this posible?
 
Here's is the crypto ipsec sa output:
 
Result of the command: "show crypto ipsec sa | i caps|ident|spi"
 
local ident (addr/mask/prot/port): (10.200.60.0/255.255.255.0/0/0) <-- this is the good subnet of the inside interface (NEM)
remote ident (addr/mask/prot/port): (10.100.2.2/255.255.255.255/0/0) <-- this is the good subnet (HQ)
#pkts encaps: 54712, #pkts encrypt: 54712, #pkts digest: 54712
#pkts decaps: 31893, #pkts decrypt: 31893, #pkts verify: 31893
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
current outbound spi: A4FA947A

[code]....

View 1 Replies View Related

Cisco VPN :: Remote Access VPN ASA 5510

Mar 24, 2013

 I have a problem with a Remote Access VPN on a ASA 5510 8.6.2 .I have created a IPSEC Remote Access VPN through the wizard this is pretty much a base install on the ASA without much configuration.
 
I can connect to the ASA via the Remote Access client and get TX just no RX therefore i cannot access any of the LAN resources. [code]

View 13 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved