Cisco Firewall :: Basic Setup For 5510?
Nov 27, 2012basic configuration for setting up cisco ASA 5510 for NAT and DMZ.
View 9 Replies
ADVERTISEMENT
Cisco Firewall :: Basic DMZ Configuration On ASA 5510
May 8, 2011creating a DMZ with my current configuration. Most of my configuration has been through the ASDM as I am still learning. I'm looking for a good tutorial through the ASDM to get me on my way. What I need to accomplish is this:
I have an internal GIS server which needs to have a constant database connection to an remote GIS Server which is already configured. I've got a separate VLAN setup on my 3750 switch which connects to the DMZ configured port on my ASA with a security level of 50. My GIS server has been placed in the DMZ VLAN which is accessible from my internal clients. I have a /30 Internet block which is being used for Internet and VPN. I have a separate /28 block that I'm assuming I'll need for the DMZ to work properly.
Cisco Firewall :: Basic Config Transparent Mode ASA 5510
Apr 19, 2012I m trying to set my friewall in my network. The network is very simple. I have my router in 192.168.16.1 255.255.255.0 (mac-address 58-98-35-2a-4c-39) I have my switch in 192.168.16.26 255.255.255.0 (mac-address 00-19-99-5d-1f-43) and i have my firewall ASA between the router and the switch in 192.168.16.250 255.255.255.0 (mac-address 64-9e-f3-ba-28-c9)
So i need to configure 3 interface in my ASA.
- OUTSIE e0/0(I call it INTERNET)
- INSIDE e0/1(I call it LAN)
- MANGEMENT m0/0(I call it MANAGEMENT)
[Code]....
But with this config when I plug the firewall, i dont have access to internet anymore.
Cisco Switching/Routing :: 891W / Basic WAN Setup (IP And DNS)?
Feb 9, 2012I am trying to configure the FE8 (WAN port) to connect to the Internet. We're swtiching ISP'ssoon so this router was set up at my office and has since been deployed at the client site. So far it is just plugged in and powered, with a console cable attached but no LAN cabling since this router will replace an existing one using the same addressing (except the WAN settings of course). So for now I am just focused on working on the WAN side since I have the ISP's cable modem attached . I had intiially used CP Express to config the wan port with an IP and mask and the various port forwarding options I intend to use. Now, connected via console cable, I tried pinging the IP of the wan port, which works. Beyond that, can't ping anyting (8.8.8.8 - a Google IP), also can't resovle any DNS names which makes sense with no apparent connectivity. Likely my config is just imcomplete. Nowhere in sh run do I see a Default Gateway, yet this ISP did specify one so I assume I need to enter it. Not sure what's the right way - I get confusing results on searches telling me either to use ip default-gateway or ip default-network. I want to think that it's as simple as entering in the IP but so far I've learned with the IOS that you never do anythign without knowing all the possible implications, which I don't. Also while I am at it, I don't know what I should have for DNS entries. This router will not be a DNS server for any internal systems that function will be managed by the two Windows 2008 R2 DNS machines. The ISP has also provided two IP's for their DNS servers. I thought it would be a simple matter of just adding two entrires via ip name-server command, which I did. So now I have four entries, first the two internal servers (inaccessible currently due to no LAN cabing to this router), and the two ISP servers. Can't ping those either, but again there's no default gateway.
View 39 Replies View RelatedCisco :: 6509 - Basic NetFlow Setup With SolarWinds
Oct 14, 2012I am trying to setup netflow with on 6509 and SolarWinds NetFlow Traffic Analyzer v3.10.0
The problem I have is that after configuring the basic settings of NetFlow on both side I can't see all the traffic I expected to capture in NetFlow.
The details of my problem.
I want to monitor the traffic on VLAN 20.
In the general configuration of the switch I have entered the following
ip flow-export source vlan 10
ip flow-export version 9
ip flow-export destination 132.5.200.123 8080
Where vlan 10 is the management vlan. Vlan10 can ping 132.5.200.123 no problem.
On VLAN20 interface I configured this
ip flow egress
ip flow ingress
ip route-cache flow
When I go to SolarWinds Netflow Traffic Analyzer I can see maybe 1 or 2 packets flows, like nothing of the data. If I do a capture of the traffic on VLAN 20 I can see there is loads of IP traffic on that VLAN but why is netflow not capturing the statistics of those flows and reporting it to NetFlow ?
command "ip flow-export source vlan 10" ?
Routers / Switches :: Basic Networking Setup For More Than 40 PCs
Jul 23, 2011How to set up more than 40 pc's with out internet connection using linksys switch.
View 3 Replies View RelatedCisco Switching/Routing :: 4900M Basic Management Setup
Apr 13, 2010I' ve three 4900M switches equipped with the WS-X4920-GB-RJ45 module and the WS-X4908-10GE module. Now I'm started to setup these switches in our lab environment for the first time. They behave a little bit strange in comparison with the C3750 series which I used before and which I will replace by these powerful machines.
I tried to setup these switches to be managed through the management port. I configured IP address, default route in the management vrf, set the source-interface for tftp,ssh,ftp and tacacs to use the management port. Ping using the manangement port was successful. After finishing theses steps I configured the TACACS and AAA settings accordingly the informations I found on CCO. I tested the settings with "test aaa group authentication" command- without success. On my Cisco ACS no request was received and the switch told me he could't reach the tacacs server. Other switches in the same IP subnet are working without failure, so firewall or server should not be the problem.
D-Link DIR-615 :: Setup Using Vista Basic Sp1 And Dial Up Modem?
Jul 31, 2012My daughter is on an Army Base in the South Pacific. They have Dial up internet on their home telephone not DSL. They have high speed wireless at the base community center/coffee shop. I will be going there in 9 days to install the dir-615. She has a Dell Desktop with Vista Basic SP1, laptop with XP, IPAD2 and a NOOK Tablet. The dir-615 HVE1 with firmware 5.00na on the bottom sticker. She said she was able to go to web address, login, change the user name and password, started on the wireless configuration and she paniced. My question is basically this. by using a cat5 cable from the desktop to the dir-615 with dialup internet connected can the router be setup using the automatic method as opposed to manual. Our first priority is to be able transfer files to the 2 tablets without being connected to the internet like a switch and secondly If possible go on to the internet from a Tablet or the Laptop. I assume the second option would reuire internet sharing option when setting up the network and performance would be ugly.
Can get I get this router to work this way with just dialup to set it up
Cisco Firewall :: Setup 2nd Public IP In ASA 5510?
Mar 16, 2011we have hosted voip and would like have our internet as back for their router. We gave them public static ip so they can configure that in their router. How can i configure the ip address in our firewall let say on asa5510 ethernet port 3 so if their router T1 goes out then our internet will work as backup.
View 4 Replies View RelatedCisco Firewall :: ASA 5510 SLA Monitor Setup?
Jul 24, 2012I have 2 outside connections one of which works as a backup connection. I am trying to setup SLA monitor so that when primary fails, the secondary connection takes over. However I never get connected to the primary connection after reboot, the backup connection is active after reboot.
View 2 Replies View RelatedCisco Firewall :: ASA 5510 And 5505 Setup
Aug 16, 2010I currently use MS ISA Server 2006 to protect a windows internal network, where there is also an MS Exchange server. I have acquired a Cisco 5510 to enhance security at main office. Later I will have ASA 5505 for branches, including VPN-ning. to have firewall at main office. I have several public IPs and would like to setup DMZ for Web, Exchange server and FTP. How do I setup interface and sub-interface for the DMZ?Can I continue using ISA Server connecting to Cisco 5510 on the perimeter? If so, How do I set the interfaces (and sub-interfaces) as well as NAT-ting and access configuration between the inside and outside?
View 12 Replies View RelatedCisco Firewall :: ASA 5510 - ISP Backup Setup
Apr 5, 2011I would like to setup backup ISP in our ASA5510. Right now the the firewall has for default gateway following command:
"route outside 0.0.0.0 0.0.0.0 114.324.321.33 1" i am changing this to route outside 0.0.0.0 0.0.0.0 114.324.321.33 10 track 1 ...so i can setup sla monitoring. As soon as i do the above command and remove the original "route outside 0.0.0.0 0.0.0.0 114.324.321.33 1" from asa then internet connection drops. Right now asa interface Ethernet0/0 has main isp configured and configuring interface Ethernet0/3 as backup. interface Ethernet0/3 name if backup security-level 0 ip address 114.324.321.34 255.255.255.252 no shut global (backup) 1 interface.
route outside 0.0.0.0 0.0.0.0 114.324.321.33 10 track 1 ( Right now in firewall i have" route outside 0.0.0.0 0.0.0.0 114.324.321.33 1 " ) route backup 0.0.0.0 0.0.0.0 115.283.212.23 20 track 2
track 1 rtr 1 reach ability
track 2 rtr 2 reach ability
sla monitor 1type echo protocol ipIcmpEcho 114.324.321.33 interface outside sla monitor schedule 1 life forever start-time now sla monitor 2type echo protocol ip Icmp Echo 115.283.212.23 interface backup sla monitor schedule 2 life forever start-time now. Also our firewall has site to site vpn and 1 main ip configured for exchange and remote access.
Linksys Wireless Router :: WRT54G V8 / Unable To Navigate The Basic Setup Page
Jan 14, 2008I have been trying to change my password and all the settings on my WRT54G V8 router today because I forgot the password, and I can't seem to navigate the Basic Setup page. I can log in (most of the time) after resetting the router, but whenever I try to click on a different tab (like "Wireless", or "Security") it comes up with the page saying "This Page Cannot Be Displayed." I'd like to be able to put a password on it (which I have successfully done before on this router) because I live in a college dorm and would like to keep my internet from being bogged down by other people using it.
View 9 Replies View RelatedCisco Firewall :: Setup Port Mirroring On An ASA 5510?
Sep 14, 2011I'm trying to setup port mirroring on a Cisco ASA 5510, but when I try to use the switchport monitor command, that command is not recognized.I've selected what interface I want to configure (conf-if), but the switchport command seems to not be part of the IOS.I'm running ASA version 8.2(1)
View 9 Replies View RelatedCisco Firewall :: ASA 5510 First Setup Can't Get Internet WAN Access
Dec 18, 2011I have an ASA 5510. I am doing a new install at our new data center. I am having trouble getting internet access from an inside LAN interface to the outside WAN interface.Our colo center has given us the below IP info. [code]If I do a static config on my laptop of IP 198.145.XXX.82 Mask 255. 255. 255. 240 DG 198.145.XXX.81 I am able to get the web fine from the line in our rack. I used the ASDM software to setup the ASA. I set its WAN IP of 198. 145. XX X. 82 and mask as 255.255.255.40 for interface 0/0. For interface 0/1 I made a management LAN of 192.168.180.1 with mask of 255.255.255.0.I can connect to my LAN ok but do not have outside internet access. I have also tried .80 and .81 for the WAN IP of the ASA. [code]
View 8 Replies View RelatedCisco Firewall :: 5510 / Setup Snmpv3 With Active Failover?
Apr 1, 2012What I am attempting to do is setup snmpv3 on two failover 5510's .The problem I am running into, the snmp management software rejects one of the devices as it sees it as having a duplicate engine ID since the two devices share the same config. Would like to know how this would work in an active/active setup being able to poll both devices.
View 2 Replies View RelatedCisco Firewall :: 5510 - ASA 8.4 - How To Setup Additional Public IP's On Outside Interface
May 10, 2012getting my additional IP addresses working on my ASA 5510. I have a /29 allocation and outbound access and inbound access to my internal www server is working fine through the default outside interface. However, I now need to setup a second IP address that maps internally to a different web server. When I setup a new network object with automatic NAT translation to the new IP address, it does not work. If I setup the same scenario using the outside interface, it works fine. What is the proper way to setup additional IP address on my ASA v8.4?
View 10 Replies View RelatedCisco Firewall :: 891 Setting Up Same Basic Firewall Attributes
Nov 29, 2011In comparing the 891 (IOS 15.1) firewalling/security features to that of the small business routers, how does one go about setting up the same basic firewall attributes? with the small business line, you have simple "enable/disable: SPI, DOS, Block WAN request, etc..."how do you go about enabling those same simple things in this router, in particular the "Block WAN request"?
View 3 Replies View RelatedCisco Firewall :: 5510 Setup In Active / Standby Failover Configuration
May 8, 2012We have 2 ASA 5510's setup in an active, standby failover configuration. When the primary fails over to standby, the 3rd party cert does not failover to the standby ASA. The users then receive the CERT missing, invalid message and have to select yes, no to move on. This does not occur when the primary is not in failover mode. It is my understanding that failover fails over certs but in our case it does not apper to be working correctly.
View 1 Replies View RelatedCisco Firewall :: ASA 5510 / Setup A Priority Queue For Voice And Video Traffic?
Mar 7, 2013Trying to set-up a priority queue for Voice and Video traffic, below is the current ASA config. The WAN link is 6mb, trying to limit the Internet traffic to 4mb and save 2mb for the PQ, config belowTraffic just isn't hitting the PQ
priority-queue outside
queue-limit 512
tx-ring-limit 200
!
class-map Video
description Video
match dscp af31
[code]....
Cisco WAN :: 520 Basic Firewall Configuration With DMZ Required
Apr 19, 2011I am trying to set up my Cisco 520 router with a firewall that will: Allow port 80 traffic to the vlan 20,Block all other incomming ports to vlan 20 (unless initalised from inside),Allow all outgoing ports on vlan 20,Block all access from vlan 20 to vlan 10 (unless initalised from vlan 10)
View 35 Replies View RelatedCisco Firewall :: Pix 515e Basic CLi Configuration
Oct 12, 2011I dint have any experience in Using cisco pix firewall. i got this for home lab practice.the pix can be accessed and configured by web based and CLI mode right. basic configuariton tto configure pix 515e in cli mode.
as of now im using console( hyper terminal) to access the pix. in cli based commands i need the following
1. how to assign ip address to inside ethernet and outside ethernet
2. how to enable telnet and after enabling it , can i connect my pc directly to the pix inside ethernet and do telnetting or if at all possible with (https enabled)web based config. any of these are ohk.
went at browsing to find these all i could find is web based configs. i need cli commands.
Cisco Firewall :: ASA5520 Basic Configuration
May 21, 2012This is my 1st time trying to configure an ASA.
I'm trying to establish a very basic connection (ping) between 2 laptops, one sat on the outside interface, and one on the inside as per the diagram below:
I can ping back and forth from the ASA to 192.168.1.4, and to 10.1.1.1. However, what I'm trying to achieve is to be able to ping from 10.1.1.1 to 192.168.1.4 and vice versa.
I have attached the configuration file with this post as well.
Cisco Firewall :: 871 Configuration - Basic Rules
Jan 3, 2013I have an 871 and all I need to do is some basic rules. Here is the config I am having the issue with.
View 1 Replies View RelatedCisco Firewall :: Basic ASA 5520 To Allow Access From Internet
Jan 17, 2013I've got what is probably a very basic question - but i can't figure it out.I have: Internet (ADSL) -> 2851 (ADSL wic) -> 5520 -> internal LAN (192.168.1.x/24)
The asa has just replaced a Checkpoint firewall.I've set up the ASA to the point where all hosts on the internal LAN have internet access (using a dynamic PAT on that network). This all works well.
The problem i have is i am trying to allow access from the internet to an internal host on a specifc TCP port (as i had done on the Checkpoint) but i'm getting:
Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src outside:111.111.111.11/52135 dst inside:192.168.1.252/5555 denied due to NAT reverse path failure
From what i have read i need to add a NAT exemption for this particular use case - to avoid the dynamic NAT i have setup, but im not sure how to do so.I'm running 9.1 on the ASA, no VPNs yet. Just this basic setup.
Cisco Firewall :: Basic Port Forwarding ASA5505 Version 8.4 ASDM 6.4?
Nov 24, 2012configuring the ASA particulary after the change to how NAT is implemented. What I am trying to accomplish logically seems fairly simple, yet I cannot get it to work. I have a Synology NAS at home that I am trying to reach via the internet. Prior to using my ASA, I had Verizon's FIOS router as my gateway and everything forwarded with no issues. The ports I need forwarded or reachable via the internet are TCP port 80 and 5000.I can also configure it via command line if that's the easier/preferred method.
View 11 Replies View RelatedCisco Firewall :: ASA 5550 / Basic NAT From Outside Remote-access IPSec VPN To Inside?
Mar 16, 2012I cannot get this to work properly and I've even had a Cisco engineer from TAC set-this up... and it literally broke my inside network. I have a VPN range of addresses..x.x.x.x on the Outside that needs access to a server on the Inside at y.y.y.y. HTTPS/443 connectivity. I need to NAT my VPN subnet/pool in order to talk to the inside host, as that host will not accept traffic from my VPN subnet, but obviously, will accept traffic from Inside my private network.
The Cisco tech entered the following static NAT statement to "fix" the problem - nat (outside,inside) source static VPN Inside-Network destination static Host-y.y.y.y Host-y.y.y.y For whatever reason, whenever this is configured on my ASA 5550 v8.3(2)25 the Inside interface starts proxy arping and assigns all IP addresses on my private network with the MAC address of the Inside interface.
The y.y.y.y is on a remote, routed network within my private, corporate MPLS network. My Inside private network (Inside-network shown in the static NAT above) is x.x.x.x. Not sure why this happens, but it kills my entire network and I have to jump through hoops to quiesce the network and get everything back to normal.I've tried to Dynamic-PAT/hide the VPN range behind the Inside interface through ASDM and that seems to do nothing.The NAT statement above will break my network. How to NAT this connection without killing my Inside network? Or, on how to properly hide my VPN subnet/pool behind my Inside interface and back to the VPN subnet/pool.
Cisco Firewall :: 5510 / Adding AIP Firewalls To Existing CSC Firewalls Setup?
Mar 3, 2011I have a customer with active/standby on a pair of 5510's with the CSC modules. They were inquiring about the AIP/ASA, and since this would NOT work in their current setup, would getting a pair of 5510/AIP configured for transparent failover work placed in front fo the existing units? Would I need to have a switch placed between the AIP and CSC ASA's? Or would I setup the ASA's for context based Active/Active failover to interconnect the ASA's to the existing units, but I still see a need for a switch.
View 1 Replies View RelatedCisco VPN :: IPSEC VPN Setup On ASA 5510
May 12, 2011We're in the process of setting up an ASA 5510 as our main VPN appliance.
The Outside interface of the 5510 faces our DMZ, the Inside interface sits on our main network. The 5510 uses radius for authentication going to a server on the same subnet for the authentication. That works fine. VPN client can connect to the 5510 and successfully authenticate. Routes are pass through to the VPN client, no problem. PC with VPN client can access internet (which is by design, it should use it's own internet connection), but cannot ping/access/trace over the tunnel at all.
My hunch is that this is a nat issue - but I am confused as to how the NAT should be configured - I've tried several configurations with no luck.
The VPN client is set to pull an ip address from the pool - 192.168.56.10 - 100. The 5510 is sitting on a separate subnet (50.x/22). This seems to work on the Cisco 1700 that it will be replacing just fine. I mirrored routes and ACLs as well onto the new 5510. No luck. Client connects, authenticates, pulls an IP address and routes, but can't see anything on the inside of the 5510.
Cisco VPN :: ASA 5510 Anyconnect VPN Setup?
May 23, 2012I have an ASA 5510 I'm trying to use as an SSL VPN provider. I have Anyconnect windows and mobile licenses from Cisco. I'm looking for a straight forward configuration guide to use. Right now I only need to iPhone and Android clients to work with the VPN, but in the future we might add windows clients.
I was going to use this guide: [URL]. Until I talked to Cisco tech support, they recommended I use the following:[URL] Which is a lot longer and a bit unclear about the whole process, and also points me to this guide:[URL]Which is longer still, and not applicable for the most part.So, what's going to be the best guide to use? Did I have it right the first time? Do I need to go to another site to find something?
Cisco Wireless :: Setup VLAN On ASA 5510?
Apr 18, 2013I am looking to set-up an isolated WLAN for the users in my organization and how to proceed What I have is the following
Cisco 5508 Wireless LAN controller
Cisco Catalyst 3750 24 port (not sure what exact model)
Cisco AIR-AP1131AG-A-K9 POE Access Point
Cisco ASA 5510
Currently what I would like to do is to setup a VLAN on the Cisco ASA 5510, connect the Catalyst to the VLAN and connect the 5508 Wireless LAN to the Catalyst via Fibre. From there on in - I would connect each AP to the Catalyst? The proposed scenario is that the VLAN would be in a DMZ and have direct access to the Internet without any filtering and users would connect their devices to the AP and get a DHCP address and be able to surf with freedom?The problem is - I am unsure as of where to start. I have been certified Cisco in 2001, however I havent started to use my skills until now.The Vlan would be the following: 192.168.20.X
Cisco WAN :: 2811 / 5510 - What Is Recommended Setup
Sep 10, 2012I am lacking experience in BGP and now I am trying to figure out what should be the ideal and recommended design.
Scenario:
- Having two Internet Service Provider with two ASN
- Having one idenpendant IPv4 public address
- Having two Internet Cisco Router e.g. 2811
- Having two Cisco ASA Firewall e.g. 5510
Cisco VPN :: ASA 5510 - Remote Access Setup / Keep Getting Logs
Apr 17, 2011I have a problem with ASA 5510 8.0(4) This is a remote-access VPN setup and it's functional, no problems here...
But I keep getting logs like this every few seconds:
Group = <censored>, Username = <censored>, IP = <censored>, Reaper overriding refCnt [0] and tunnelCnt [0] -- deleting SA!
Group = <censored>, Username = <censored>, IP = <censored>, SA lock refCnt = 0, bitmask = 00000080, p1_decrypt_cb = 0, qm_decrypt_cb = 0, qm_hash_cb = 0, qm_spi_ok_cb = 0, qm_dh_cb = 0, qm_secret_key_cb = 0, qm_encrypt_cb = 0