Cisco Firewall :: Allowing Internet Access Only For Specific Computers On PIX 501?
Jan 8, 2012
I'm a college student working on a lab involving a Cisco PIX 501 Firewall.
My project involves 1 computer and a firewall. My goal is to use the firewall to allow access to the internet for that computer which uses a static IP 192.168.1.5 and ONLY for that IP address. The firewall is connected to the internet.
I have the computer hooked up to the firewall with the serial and using hyper terminal to enter commands. I think I need to use access lists in order to deny traffic on those ports for those particular hosts. I can't figure out exactly how I need to set it up.
What I need to do is permit internet access for 192.168.1.5 alone. Any other IP should not be able to access the internet.
I tried:
access-list 1 permit tcp host 192.168.1.5 any eq 80
access-group 1 in interface inside
I cannot access the internet using the computer with 192.168.1.5. The goal is to be able to access with that IP and no other.
I've setup my VPN on the cisco ASA 5505 which works perfectly, users from outside can access my internal LAN. Now what i want, Is to create another VPN Tunnel group with another set of IP in which i want to allow them access to one server inside our LAN. See below details of network. [code]
One of our servers recently lost its outbout network connectivity. It can ping and communiate with any computer on our LAN, but it can't communicate with anything outside our network. It has a statically asigned IP address, and can ping the default gateway. We haven't changed any settings on the firewall or gateway....
I was wondering if it is possible to share my internet connection to specific computers on my home network. Both my laptop and desktop computer is connected to the same Wi-Fi router (no internet connection). This network connection is mainly used for file sharing. I want to share the mobile internet connection on my laptop with my pc without giving the other computers on my network access to the internet connection and without disconnecting from the home Wi-Fi router. Is this possible and if so how
I have a Linksys WRT54GS router that I have installed dd-wrt on.My household is overloaded with wireless devices, and living in a home of 6, speeds for everyone seem to slow down drastically later at night when everyone is simultaneously connected and streaming media -- whether it be Netflix, YouTube, etc.. My typical speed wired to the router with no other connections is around 25 mb/s down and 1-2 mb/s up.Obviously, it's going to slow to a crawl when we have an iPad, 3 iPod touches, an iPhone, a Wii (playing Netflix) and 4 PCs all connected simultaneously.What I need to do is give my personal computer priority and throttle all other devices. So that I myself will have decent speeds while hampering all of the other household connections. I rely on those speeds for my job and that should have priority over my brother watching music videos on YouTube.
I have a 5540, and i am trying to allow access to internet for an specific network object group, who has inside a bunch of users, who needs direct internet access without any restrictions, i have tried with dynamic NAT, but that configuration ask for a specific IP o a Network range, and is not permitted to configure an object group as a source
The group is located in LAN zone, so a permission from one zone to another zone is needed i think, but i can allow the internet acess to that group Is there another way to get that , different from NAT ?
My company has a peer to peer network of 10 personal computers without a server. Operating systems from Windows XP to Vista. I've recently installed a Cisco RV120W Wireless-N VPN Firewall. It's configured in DHCP Server Mode with printers/copiers that have static IPs below the DHCP range.
I'm having a problem with certain stations being used for personal networking, shopping, etc. during business hours. Consequently I would like to limit internet access on these stations. However, some internet access is required because of online database software that's an integral part of our business. I've been reading in the Administration Guide about URL Blocking. Would it be possible to give static IPs to certain stations and then limit their internet access to 1 or 2 specific websites?
FYI, I've read about the Trusted Domains and Blocked Keywords but cannot quite understand how to parley this into the solution I need.
We had an ASA 5510 as a firewall in our environment, and there is a requirement to access an ftps server from our location. Currently from the server location they configured everything by allowing our public ip to their server and gave the following details to access ftp.Please suggest which traffic needs to be allowed in our ASA to access the ftp server address as mentioned above. From my initial analysis, it's found that 989 port is also enabled for the access, but that was not mentioned by them.
I have an ASA 5550 at our main site with an external ethernet interface to our ISP for internet access. I would like to allow 10.100.41.x/24 http / https access but block this network's access to all other internal networks including 172.17.x.x,, 10.100.1 - 40.x, and others. I'm having trouble identifying what IP address to use as the desitination for the permit rule for access to the internet. The rule that comes after the permit is to deny 10.100.41.x/24 access to internal network addresses.
We have a Cisco ASA 5520 and Web sense. I added a filter but it seems like it is still not allowing us to access a certain website from most of the machines however some machines with the same configuration work on the DMZ. Accessing website tells us:
"Firefox has detected that the server is redirecting the request for this address in a way that will never complete".
Abruptly internet access disappeared. It's a router issue, none of the computers here can connect. Further, I can't access the router through a browser - 192.168.0.1 results in a "Firefox cannot connect" message. I've tried resetting the DNS to no avail. I'm typing via cell phone and it's annoying, but I'm willing to try about anything.
I have a computer behind the ASA 5505 firewall. The computer needs to access Microsoft Activation Server. Reading some website information, I need to allow a huge list of servers that basically points to www and https traffic. Therefore, looking at this heavy requirements, I prefer to allow this computer to navigate to any https or http (www) server outside of the firewall.I have included my current asa 5505 configuration. [code]
I recently got a new Toshiba laptop, which works perfectly. We already have an HP desktop PC as well as a Dell laptop, which are both connected to an Ethernet router. When I got my Toshiba, I couldn't connect to the router, whether from a new Internet cable, the cable the Dell uses, or the cable the HP uses (it works perfectly fine with Wifi). The next day I got up early and tried again, and it worked. The HP was turned on, and it connected. But then the Dell wouldn't. Over the next couple days, we realized the problem was that the router only allowed the first two computers that were connected to it to connect to the Internet, but not the third one. The router itself allows eight cables to be plugged into it at a time, so I don't see why it's only allowing two computers, whether laptop or desktop, to connect. Is there a possible solution to this?It's an 8-Port Workgroup Switch, Model EZXS88W.Also, our router DOES NOT support Wifi
I just bought the 655, mainly for school/Xbox. My parents use it also, but I bought it for myself mainly (shh). I set it up correctly and got connected, but suddenly I wasn't allowed Internet access. The router connects to my laptop, but won't get Internet access. I called customer service and he didn't know what to do. We tried everything he knew and nothing worked. I don't want to return the router cause I read it was very good, but I need internet for school. I have Rev. A and F/W 2.00.
i bought a cisco 2950 series switch to play around with and im trying to set it up to SSH. I have google'd a bit on how to do this and i've sort of hit a wall... i have downloaded the cryptographic image from cisco's website, installed a TFTP server (think this is where my issue lies) but when i do the copy tftp flash global command i keep getting the error accessing "xxxx" message.I have tried allowing the server through windows firewall, disabling windows firewall, allowing access through the router..
We have a Cisco wireless infrastructure in place that includes a guest network with its own subnet that is a sub interface of the inside interface on our ASA 5520. There are no routes for it to be allowed access to the internal subnets. So it can only access the internet. This is primarily used by the public, but we have several non employee personnel that we only want to give internet access and force them to access the internal network through our clientless SSL vpn portal or through other internet facing internal resources such as webmail.I have done packet traces from within the ASA and the break appears to be there is no ACL allowing the traffic back into the network once the web resource replies to the request and the traffic is attempting to come back into the network from the web resource. Is that as clear as mud?
I know that this has to be a common problem and a way around this is to allow the guest wireless network access to the internal network but only for the select resources that they require. And that this can be done seemlessly by network specific routes and or alternate DNS entries, but I would like to keep this simple and just allow them to access the web resource, webmail and VPN, from the guest wireless using internet DNS servers without route trickery.
My Netgear wireless router had been working just fine and then inexplicably stopped allowing wireless internet access. My modem is fine. I contacted my internet service provider, and no luck. I unplugged the router's power source and plugged it back it in. Still not working. I switched the power on and off. Nothing. I do not know what to try next.
Belkin N450 Router. I want to restrict Internet access completely but allow LAN access to a shared drive for a particular computer on my wireless network. I have gone into the web based set up page and under access controls have enabled and added this computer to the list. I have blocked http, https, ftp and nntp. I don't know if this is enough. The reason I am asking is that I am in Iraq right now and I want to allow my fellow team members access to the wireless for using viber on their iphones but one cat even though he has hardwired internet wants to continuously suck off my wireless for his computer to download stuff since I paid for faster internet. I am trying to do this quietly and still allow him access to the shared drives on the LAN. Sooooo If I block him just outright will he still have access to the drives or do I need to pick and choose like I did above and if I need to pick and choose did I miss anything other then pop3 email and imap?
Installed new N600 router and every box in the house can access the internet - except for my Vista powered laptop. My network shows up as Unidentified network with 'locla only' access. Ben scouring message boards all day. Can't find a solution at Microsoft.
I have 5508 controller in my lab. I am working on a project to set up a public internet but with some condition.
- User should able to connect to the SSID without any authentication.
- Once user will connec to the SSID it should redirect to an external URL which indicates terms and condition and email address field.
- User should enter his/her email address in email addrss filed and click I accept button.
- Once that is done then he/she is allowed to access internet.
We are not sure how can we achive this as I do not know what should be the return value for WLC to allow that user to go through or what should be the settings on the WLC to redirect to the page.
I have seen a settings on web authentication for external URL but I guess it is only for username passwor or Radius authentication. While in this case I do not want to use any authentication just an accept buttor or Decline button and all good to go.
I was asked to enable netflow in an ASA Firewall for Orion/Solarwinds server monitoration. Firewall is a 5550, with 4G RAM, and no extra modules but SSM-4GE. This firewall has 5 DMZ segments and ans specific segment for internet traffic.There are segments as unique subinterfaces in physical interfaces. Other segments as individual subinterfaces in the same physical interface (but individual VLANs)Usually firewall CPU flows between 30% to 40%. Rarely to 50%.
1 - How dangerous or risky could be implement netflow in this firewall?...This firewall is very critical for the customer. My concern is regrading CPU, traffic generated, memory, etc
2 - In a month, firewall will be migrated from 8.2 software version to 8.4 software version. Is there any incompatibility in some commands?...Would be recommended to perform netflow configuration after software upgrade?
3 - How could it be implemented for Orion monitoring, regarding each individual sub-interface (and so, each VLAN assigned)?I there any recommendation regarding configuration, best practices?
I do have one other question first. What's the effect of the crypto key zeroize rsa command, and then crypto key generate rsa modulus 1024 while I'm SSH'd to the ASA? Can I do it? Or do i need to be consoled in or connected a different way?
ASA 5510: ASA Version 8.4(1) asdm image disk0:/asdm-641.bin asdm history enable http server enable http 10.1.1.83 255.255.255.255 inside http 10.1.1.82 255.255.255.255 inside
Shouldn't that right there be enough to access ASDM from either host .82 or .83? Because I cannot. But if I add http 0.0.0.0 0.0.0.0 inside, then I of course can.
I want to share one folder in my network but it can be accessed by only specific computers in the workgroup, not all. How I can do that? I want to restrict other computers.
Is there a way to block specific computers on the LAN from specific web sites by the domain name? All I can see is that if I put, for example, www.facebook.com, it will be blocked from all computers on the LAN, whereas if I want to block only 192.168.1.3 for example, I have to use the IP address through the Access Control, which is much harder and ****e to some "work around" by the user.
I have the Qwest/Actiontec Q1000 modem/router. I go to the ip address using my web-browser and open up advanced configurations -> access scheduler. I select a computer (and it automatically adds the MAC address) and then the days/times I want the internet to be accessible. However, when I click "add" (to add my internet allowance to the scheduler list) it just says 12:00 to 0:00, which is essentially permanently blocking the internet for that computer.
I cant seem to access a webpage. I have 2 computer hooked up to a router and the router to a cable modem. One computer works fine and the other all of the sudden stopped being able to access the web. It says I have a connection but internet explorer and firefox can pull anything up. On bottom right it says local area connection is connected but another one says local are connection4 network cable unplugged. all cables are fine and network adapter says its working properly
We have an ASA 5505 running version 8.4. We are having problems allowing external traffic to access computers behind the firewall. Our current config is:
I will like to know that i have 3 computer in a router (tplink broadband router n-series) network which has internet access but i don't want to access internet in other 2 computer how can i do that?
I have a wireless OS X 10.7.1 Mac a Windows 7 laptop, also wireless and one Windows 7 desktop, also wireless but close enough to my wireless modem that it can be hard lined in. If I use the "bridging" option in the modem settings, which I assume requires I enter the Mac address all devices:1. do I need to include my network printer?2. can I still access the internet from all computers?3. if I can access the internet, do I need to do so with everything going thru one computer or can they all connect independently?
I've been using "Linksys by Cisco Wireless-N Home ADSL2+ Modem Router WAG120N". I can restrict internet access to only 8 computers using their Mac adresses but there are no ore entry fields for Mac adress than 8. What shall I do when I need to block internet access to more than 8 computers say 20 computers on wired LAN? I don't like the option blocking the internet access via IP address. I found they are not that effective as the option Mac adress
