Cisco Firewall :: Alternative To PBR On ASA5510
Mar 30, 2011
We have an ASA5510 with a backup ISP connection protecting our corporate network. I also have a mail server and I would like to route SMTP traffic over the backup network. I realize that the ASA5510 does not support PBR, but I also know that I can use static NAT rules as a workaround to direct specific types of traffic over a particular interface (e.g. "static (outside,inside) tcp 0.0.0.0 www 0.0.0.0 www netmask 0.0.0.0" and "static (backup,inside) tcp 0.0.0.0 smtp 0.0.0.0 smtp netmask 0.0.0.0"). is it possible to use something similar to force a particular host to use a specific interface? I have tried to make this work on my own without success. Is it even possible?
View 5 Replies
ADVERTISEMENT
Apr 7, 2013
From what I can find the ASA does not support policy routing.
I have two VLANS that need to go to the same destination but different routes. Anyway to accomplish this on the ASA?
View 1 Replies
View Related
Jun 6, 2012
ASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?
View 3 Replies
View Related
Jun 5, 2011
I want to migrate Exchange server to Exchange 2010, I would like to know if ACE and SSLM support Subject Alternative Name (SAN).
1. Can the current CSM (WS-SVC-SSL-1-K9) support SSL certificates that have Subject Alternative Names? I.e. a certificate that has both of these names in it.
a. exchange.ww.edu
b. legexchange.ww.edu.
2) Can the new ACE( ACE20-MOD-K9) support SSL certificates that have Subject Alternative Names? I.e. a certificate that has both of these names in it:
a. exchange.ww.edu
b. legexchange.ww.edu
View 1 Replies
View Related
May 3, 2013
I need 891 SEC router. I think this comes with advanced IP services.What I have is 1921, with IP Base.Can I upgrade 1921, so it will become alternative to 891 SEC ?
View 1 Replies
View Related
Jun 11, 2012
I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:
[Code].....
View 7 Replies
View Related
Mar 13, 2012
i have met connection problems (mainly with xp)where a laptop always have problem connecting to a secured wifi connection that has higher encryption than wep (wpa - wpa2).In general after a few tests . I am almost sure that it is xp's Wireless Zero Configuration's problem.I am wondering if there is alternatives to WZC that does not require their own brand's device to run a 3rd party Wireless Connection Manager.I am not looking for a model specific software either ,
Examples are:
toshiba connect me
tp link connection utility
intel's mobile
View 11 Replies
View Related
Jun 29, 2011
I have two ASA5510's set up in failover, and the secondary keeps crashing after doing the interface checks when bringing failover up. This only happens if I try to upgrade the image on the secondary to anything newer than 8.4.1 (I've tried with 8.4.1-11 and 8.4.2). The primary one run just fine with new images.
I don't have the exact error right now, as I need to do a screen capture from console. It's just a huge crash dump.Are there anything I might have missed during the upgrade? Should I cold-boot both the firewalls in the correct order?
View 7 Replies
View Related
Sep 10, 2012
Our company is starting to open a lot of small mpls sites across the nation. By small I mean less than 10 users, voip, 1 dc, that's it. Instead of getting the usual 2901+2960 combo, I'm interested in finding less expensive solutions. Maybe an L3 switch like a 3750? These are temporary sites so management is fine with looking into used, non smartnet covered gear?
View 7 Replies
View Related
Sep 4, 2012
As per me 24x7 network monitoring service is one of the best technique.Even we can protect large scale or enterprise level network with unwanted attacks or virus. Alternative better option of Network Monitoring Service
View 1 Replies
View Related
Sep 10, 2012
i have a ASA5510 in the office, that already configured 3 context, namely, admin, user, server.in the server context, the last running config was not saved, and there was a power trip last friday night. 1 of the sub interface was affected, and i need to recreate that interface.I am getting the below error, it only allow me to do changes those pre-defined interface.how to I create extra sub interface?
View 3 Replies
View Related
Jul 21, 2011
I have a ASA5510 and I have a question about the speed the ports can handle, here is one port:
-interface Ethernet0/2
- speed 100
-shutdown
- no nameif
-no security-level
-no ip address
it's ethernet and not fastethernet so I figure it will only go to 10Mbps, but at the same time I can hard code the speed to 100.
View 2 Replies
View Related
Feb 22, 2012
i have cisco ASA 5510 Firewall using in my network, i have planning to upgrade the Flash memory from 256 mb to 512 mb and the RAM from 256 mb to 1GB.
View 1 Replies
View Related
Sep 14, 2012
I am in need of a Static IP alternative (My ISP chooses not to offer the service). I do not need the Static IP to access my own devices. I need to access other networks as a "trusted" user.
View 10 Replies
View Related
Jan 23, 2012
I found the following on the link bundling page for the 12000 series router:"In both EtherChannel and POS channel link bundles, the Link Aggregation Control Protocol (LACP) for signalling and the 802.3ad protocol for automatic negotiation of the channel are not supported. This means that in order for the channel between two routers to be active, you must disable signaling on switches (such as the Cisco 6500/7600 Series) in the channel, and configure the switches in ON mode."
So, my question is, if lacp isn't supported, is there another way to mimic its functionality on a 12000 series router? I want to connect 2 routers together with a port channel that will pass through our layer 2 network, and I want to make sure that any failures in the path will shut down the affected link on both routers.
View 2 Replies
View Related
Sep 6, 2012
I generated a wildcard certificate for my company type *. [URL] in a CSS 11501. For the site [URL] worked fine, for the site [URL] didn't worked. I read on the web that should generate a wildcard certificate with subject alternative names. Is it possible in CSS? how can I do it?
View 5 Replies
View Related
May 4, 2012
I have a cisco asa 5510 with security plus license in Live enviroment . I need to add a secondary firewall . I was planning to do in active /standby mode for failover .But i have a doubt , when i do "show version " on live asa output says Active /active failover , does this means that i can only configure failover in active/active mode not in active/standby (which i want to do )?
Maximum Physical Interfaces : 8
VLANs : 20, DMZ Unrestricted
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 25
WebVPN Peers : 2
Dual ISPs : Enabled
VLAN Trunk Ports : 8
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions : 2
This platform has an ASA 5505 Security Plus license...
View 4 Replies
View Related
Feb 12, 2012
i am using Cisco ASA5510 Firewall in my Network in the distrubition Layer .Private Range of Network Address use in the Network and PAT at the FW for address translation.presently encountering an issue the users behind the FW in my network unable to RDP at port 2000 presented at the Client Network.Able to Telnet on port2000 but not RDP . any changes needed at the FW end to get the RDP Access.
View 12 Replies
View Related
Mar 26, 2012
Cisco announced EOL for ws-x6148A-GE-45AF line card and proposed WS-X6148E-GE-45AT. However this card seems not to be supported by the SUP2T-10G supervisor. Which alternative card should I take for this EOL line card, or can I use the proposed line card (use extra daughter card DFC4)?
I'm looking for an alternative line card for the 650x-E chassis with Supervisor 2T iso 6148-GE-45AF
View 7 Replies
View Related
Jul 10, 2013
Mine studio 1555 with intel core 2 duo P8700 [URL] processor and intel wifi 5100 agn card stopped connecting to router since last week. After searching a lot I found out that the Intel has stopped supporting 5100 for windows 8. Is there any way possible to use the same adapter with compatibility drivers on windows 8?? I have searched a lot but couldn't find much. All the new intel cards like "Intel Centrino Wireless-N 2200", n6300 are of 22nm while my processor is of 45nm. So will the newer card work with my processor.
View 1 Replies
View Related
Jul 2, 2013
what other cards are compatible with XPS 13 Ultrabook? Like so many people, I have been having a problem with my wifi when the computer is used a little far from the router, and thinking about buying a new wifi card for a replacement (which is silly, and I shouldn't have to do, given my computer is brand-new and cost more than £1000, I know... but I don't seem to have much choice). I've tried everything that has been suggested in the Dell forums, and elsewhere, including those on the Intel site. But nothing has improved my connection even a bit.I have Windows 8 (64-bit). And it currently has an 'Intel Centrino Advanced-N 6235' wifi card that came with it.
View 2 Replies
View Related
Mar 14, 2011
We have to use scp on all of our network devices. It worked quite well on our routers and switches but I can't seem to get it to work for the firewalls and IPS. I enabled scp on my ASA5510 using the command "ssh scopy enable". I also ensured that a rsa key was generated and that ssh ver 2 was enabled. But I can't seem to locate the commands to actually have my firewall either copy it's configuration to a server or reach out to a server to pull down a file. We are using IOS 8.2(1).
View 1 Replies
View Related
Mar 22, 2011
I have a customer who wants to prioritze rdp traffic throgh the firewall.I know that its port 3389, but outgoing traffic is a random port number.Any smart way to catch this traffic and get it in the LLQ ?
View 3 Replies
View Related
Sep 13, 2012
we have ASA 5510 which we need to upgrade from 8.0(3) to 8.2.5. can we directly switch to 8.2.5 from 8.0(3) , if not what all versions we need to go from.
What all point needs to check before that following is show flash output.
97 14635008
Jan 01 2003 14:12:16 asa803-k8.bin 98 4096
May 14 2008 21:22:10 tmp 2 4096
Apr 20 2008 02:21:46 log 6 4096
Apr 20 2008 02:22:16 crypto_archive 99 6851212
[Code] .....
View 4 Replies
View Related
Sep 18, 2011
My device has 3 interfaces configured: inside, outside, DMZ. Right now I can access the DMZ from the Internet and I can access the DMZ from the LAN using an exempt nat statement. I am having a few issues setting up DMZ > LAN access however. The servers running on the DMZ need to send information to my LAN such as syslog traffic for example. Will DMZ traffic be NATed or should this somehow be excluded? Bascially all LAN devices should get to the DMZ devices by their actual IP and vice versa. Are there any special statements I need to add to the ASA such as nat or ACLs to make this work? My LAN is 10.10.6.0/24 and DMZ is 192.168.254.0/24.
View 1 Replies
View Related
Oct 20, 2011
I have a ASA 5510 with asa8.4(2) and asdm6.4(5)205. Have a new basic config, nothing special at this time. I just cannot seem to get from the inside to the outside. From the outside interface I can ping, so I have a good Internet connection. [code]
View 3 Replies
View Related
Apr 24, 2012
WE have a DMZ on ASA5510 8.4, it can access anything internal interface but cannot get out to internet or outside interface. I try to ping from a host in the DMZ to 8.8.8.8 and get this in the log 6Apr 25 201208:24:431100038.8.8.80172.10.1.1501Routing failed to locate next hop for ICMP from outside:8.8.8.8/0 to inside:172.10.1.150/1. [code]
View 14 Replies
View Related
Apr 5, 2012
I am having ASA5510 firewall which has 1GB RAM currently. I want to upgrade to 2GB. When I opened the box, I can see only 1 slot to insert the RAM. I searched in Cisco website and I got to know that I need to use 2 x 1 GB RAM. So, I need to have 2 slots to do that. But, I am having only 1 slot in the box.
View 5 Replies
View Related
Dec 5, 2012
I bought a Cisco ASA 5510 (P/N: ASA5510-BUN-K9) and i would like to know if i have to buy some license,What i mean is, for the basics, it still being necessary aquire some license?
View 3 Replies
View Related
May 31, 2011
We are about to upgrade our ASA's from 7.04 to 8.2. Obviously I will be opening a TAC case to assist with the upgrade and I will also be upgrading ASDM software at the same time. These production firewalls are paired with an active --> failover scenario and not active --> active. I had previously engaged cisco regarding the upgrade and they have recommended an upgrade path to ensure success. Also, I have a pair of test ASA's that I've gone through the upgrade process with - documenting the changes in commands and any changes in my config (I didn't notice any).So, the reason for my post is this: What are the gotcha's that you may have run into when upgrading your ASA's?These are fairly high visibility ASA's and any downtime due to the upgrade needs to be mitaged as much as possible.
View 1 Replies
View Related
May 26, 2012
I have a 2811 ISR configured to provide the following services to my network:
Internet access to LAN users Cisco Call Manager ExpressSite-to-stie VPN to 3rd party networksVPN server to provide VPN access to remote usersSecurity Zone configurationsStatic NAT configurations Now I recently just got the ASA5510 device and I am not sure how to go about with the setup, whether to put the ASA in between the internet and the ISR (Internet - ASA - ISR - LAN), or put the ISR in between the internet and the ASA (Internet - ISR - ASA - LAN)?
While i know I can move most of the config unto the ASA, i know that the CME cannot be moved, hence I would like to do the setup such that users on the network still have access to CME.
View 5 Replies
View Related
Apr 24, 2012
We have an ASA5510 and I am getting absolutely no response from the console port. Not even a blip when I turn it on. If I leave the compact flash in the internal bay, I get Green Power, Amber Status, Amber Active and Green VPN when I start it up. The Flash LED flashes Green twice then goes out. If I move the compact flash to the external bay, all of the other lights remain the same as described above but the Flash LED goes to steady Green. How ever, there is still no response whatsoever from the console port. Have replaced the DIMM but that had no effect. This is a four (4) slot ASA5510 and I have just the one DIMM in slot P13 as described on a post I found. The power supply fan comes on as well as the two (2) fans that cool the heatsink. The other two (2) fans on the expansion module side do not come on.
View 1 Replies
View Related
Aug 17, 2011
We just switched to a 5510 from a PIX 515 last evening, and the only things that are not working are any services from the outside to the inside. Example: I am unable to connect to a RDP server on the inside from the outside. I've been looking at the config for the past five hours, but am unable to see my mistake. Running 8.2(1) People on the inside are able to get out.
domain-name aaaa.org
names
name 10.10.8.13 mailserver
name 10.10.8.12 video-conf
name 1.1.1.2 PubMail
name 1.1.1.3 VidCon
name 1.1.1.5 Ms-Aderson
!
[code] .......
View 6 Replies
View Related
