Why I can't contact 97.x.x.218 trough a remote desktop client from a remote WAN? On the LAN the RDS server (192.168.1.20) can be reached, that works fine. It seems the ASA firewall is causing the problem.
I have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via eithier. When I access It via SSH I get a disclaimer saying the following
*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***
It then cuts me off.
When I try to access the ASDM I get the following
The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with
I have a PIX 501 that I used to be able to connect to just fine. Now I cannot get the PDM to come up Inside, Outside, Nothing. I am using the same(old) version of JAVA 1.4 that I have always used. I can Telnet etc.. just fine. The HTTP server is enabled and have granted access to from my IP's.
I'm using ASA 902, and I deploy any connect ssl only and no IPSec... It always open only connection if you start via browser, you cannot reconnect using installed software.
I'm building a dual firewall solution for exchange. Currently, I also have people connecting VPN to the PIX 515E.
Internet ==vpn== 5505 == LAN
Looking to set up
PIX515E ==dmz== Edge server == ASA 5505 == LAN
In a setup like this, which device should I have people connect VPN to? The pix will be the only device directly connected to the internet. Everything else will be natted.
I have a Cisco ASA configured for Any Connect clients. I also want to pass 443 traffic back to an internal web server, but not sure if I can do this since the Any Connect clients are already connecting over 443 to the ASA, right?
I am transitioning from a Microsoft ISA server to a Cisco ASA 5510. So far so good, until it comes to getting AAA functioning properly. I have a Microsoft IAS server that is functioning properly, however when I try to test it through the ASA's ASDM it errors out. When I run a packet trace it shows it's being blocked by the dreaded implicit ACL. The funny thing is that I can ping and traceroute to the IAS server from the ASA. I found numerous config examples for AAA using IAS, but still not working.
Could it possibly be behaving this way because my ASA and my IAS server are on two different internal netowrks? (172.31.1.x-ASA, 10.1.1.x-IAS)
I need connecting ASDM to ASA 5525x management port its a brand new ASA i just updated ios and ASDM port configuration is following
Management por 0/0 ip 192.168.1.1 secure-level 100 http server enable http 192.168.1.10 255.255.255.255 inside port is up
When I am launching Internet explorer it just said cant connect Chrome shows connection with 192.168.1.1 is was interrupted but i can ping asa and backward .
I'm trying to access my ASA 5505 by https://192.168.1.1 but I can't. I'm using Windows 7. I already have installed ASDM and I can enter in the box by ASDM. I am preparing to reformat my PC and I'm afraid that I won't be able to access my ASA if I do.
The Mozilla show the message: An error occurred during a connection to 192.168.1.1.Cannot communicate securely with peer: no common encryption algorithm(s).(Error code: ssl_error_no_cypher_overlap)
I'm trying to connect to something through an ASA.My traffic is coming in on a DMZ interface (security level 0) and going to something on a DMZ3 interface (security level 50).
From the GUI I configured NAT exemption from the source network (on DMZ) to the destination network (on DMZ3) therefore following the guidelines that the translation is set up from most secure to the least secure interface
I have no network connectivity to the host I need to get to From the GUI I removed the NAT exemption rule and configured a static NAT translation instead, translating the source (on DMZ) to itself (on DMZ3) - still no joy.The ACLs in place are fine, if I use the packet tracer tool, it fails at the NAT stage; [code]
I can't see what's wrong here. I've configured static NAT or NAT exemption between inside and outside or inside and DMZ many times over the last 10 years but can't work this out.the only thing I can thing of is that there might be a bug that affects DMZ to DMZ NATing, as everything between inside to DMZ and DMZ to Outside works fine.
i am working on a project with 2 security ASA's 5520 with Microsoft ISA/TMG-2010 Server having 2 DSL's my question is regarding the designing issue where should i connect the 2 DSL's using ISA/TMG-2010..
I've got an ASA5510 with an IPS/IDS module. Because of a merger, I've got two 10.10.10.x networks (West and Central). I'd like all West traffic to be IPS checked before going into Central. Once it goes into Central, it's out of my hands. Can I set up NAT to accomplish this?
Again, the traffic flow would be from West (10.10.10.1) through the ASA/IPS, and then to Central (10.10.10.1).
Is this possible? If not, do I need another router?
I have a problem with ASDM connection to ASA 5520 cluster. When I'm trying to connect the ASDM shows: "Contacting the device. Please wait..." and nothing happen. The http server is enabled with default port. Both cluster members after restart.
Cisco Adaptive Security Appliance Software Version 8.4(1) Device Manager Version 6.4(1)
I'm running two C6509 Chassis with FWSM and ACE module install on each chasiss.I have no problem with session into 1 FWSM and 2 ACE modules.But 1 FWSM module can't be access by session command.As I understand two FWSM module status is OK, and working fine.When I tried to session into FWSM, I got these messages..
I set up an ASA 5505 at home through PPPOE connection. The ASA seems to obtain an IP address correctly.and I can ping a public ip address using the outside nic, but not the inside nic. I saw the error message when I ping: No route to ff0213 from fe801bc2b1288cd5bc1. As a result, I cannot connect to the Internet.
Recently, I have bought an ASA 5505 firewall which I have tried to connect to my ADSL router (Modem).It is now more than a week that I am trying to get internet connection through the firewall but I still can't succeed. I have tried many advices I get from this community but I still don't know what is wrong with my ASA Firewall configuration. From inside I am able to ping the inside and outside interface with a great success. and from my laptop which is connected to the firewall, I am able to ping the both interfaces (inside and outside) but still I can't access the internet.
As I don't have a static IP address from my ISP, I have configured the outside interface to pick up the ip address dynamically. Most of the time, the outside interface get the 192.168.1.2 ip address. [code]
I have a question about my ASA 5520, it worked well till two weeks ago, and suddenly cannot be accessed by SSH/Telnet/TFTP....only can use the Consoel port to access it now, but other VPN/ACL setting working well. [code] If I enabled the outside access for SSH like below, it works well for outside port.ssh 0.0.0.0 0.0.0.0 outside.
I have an @Remote appliance through Ricoh for our copiers. This appliance connects to their site to transfer meter readings and other information. This appliance can't connect to their site to transmit data. Ricoh is telling me the problem is on our firewill. I have assigned the Ricoh appliance a static IP address in our network. Our firewall is a Cisco ASA 5510. I don't have much expereince with logging on the ASA, so I'm not sure what "teardown dynamic TCP translation from inside" means. Is there something that is preventing this IP from contacting the Ricoh site? [code]
I had a design question, Currently we have a active/passive asa 5520 firewall setup. We have our edge router (3845), on which Gig 0/0 connects to the internet, Gig 0/1 connects to a port on the active firewall. We also have a one port fast ethernet card on the router.How can i use the fast ethernet port on the router to connect to the passive firewall, so that if the active firewall fails, there is internet connectivity through the fast ethernet port on the router.
We have a cisco asa 5505 on which we have setup a group VPN. The VPN connections from all cisco vpn clients works fine except one. The keep getting the below error
"Secure VPN Connection terminated locally by the client. Reason 412: The remote peer is no longer responding. Connection Terminated".
Not sure why only one client won't be able to connect. The version we are using is 5.0.02 for VPN client.
Can An ISP Filter Traffic within the VPN Tunnel? Sounds weird but..We have a Avaya IP Office 500 Head end Phone Server. Several 5610 IP Phones.I've setup a PIX 501 to Connect to our ASA 5510. In the Office, going from one Public IP Subnet to the Public IP on the ASA 5510 I'm able to connect up the 5610 IP Phone through the PIX 501 through the ASA 5510 to the IPOffice 500 Server and place calls.I take the same setup home and connect it to my Comcast Internet connection anf it does not work. I can connect a Laptop behind the PIX501 and Connect to the HQ network just fine. I can see the Phone do a TFTP Transfer to the VM Server, though it stops short can cannot connec to the Call Server.
I then gave the unit to 4 other Comcast Users, all of them do not work.I then gave it to a AT&T DSL user, works Great! then another local DSL ISP (Sonic.Net) and it works great.Same hardware, same VPN, Same everything except ISP.Both With Comcast we tried directly to the Cable Modem, or behind a edge router. PCs connect, Phone does not.The thing I do not understand is If Comcast is filtering something, how can they filter something that is in my VPN Tunnel?
For some reason there are some sites that I cannot access websites from inside interface.One such example is lxer.com where I am receiving this message in the browser:The connection has timed out The server at www.lxer.com is taking too long to respond.This has "suddenly" happened, and so I am wondering what others have done when such things has happened. My outside has a dhcp-IP, and I have noticed that this address had changed, so I corrected this in my router settings.ASA version is 5505
We recently got a Cisco ASA 5510 Security Appliance and I have some general question.
We have 1 T1 internet connection, and we have 2 internal networks. These 2 internal networks currently hav access to the internet. I am having issues with the 2 internal networks being able to communicate with each other.
However, whenever I try and run the ASDM client, I get the following error:
"Your ASA image has a version number 8.4(4)1 which is not supported by ASDM 6.2(1)."
How do I get the latest version installed on my Mac desktop? I know that I can connect via the web interface and run the ASDM client, but the same error persists. I have the asdm-649-103.bin file, but cannot connect to the ASA to install (I don't recall ever setting up SSH).
I am having an issue where I can't connect to VPN after upgrading the license. The license upgraded is related to AnyConnect VPN. I noticed from the newly upgraded license, the Encryption-3DES-AES is disabled whereas previously it was enabled.
We have an ASA5510 with the IPS ASA-SSM-10 module installed. All is working well except event notification. When sending a test email from the SSM IPS, we get the error "could not connect to SMTP host". The Exchange SMTP host does allow traffic from the IPS and ASA. I can ping to the SMTP host by IP and name. What am I missing here?
I was able to connect to my ASA 5510 with a browser, install ASDM, and configure my ASA 5510 with my Windows 7 laptop. Since I needed the laptop for another task, I am now trying to connect using a Linux laptop to do the same, but without success.
I can ssh into the firewall using the management port (192.168.1.1) from the Linux command line. However, I cannot connect using a browswer (192.168.1.1) to install ASDM.
I'm unable to have any internet connection for my new setup.
here's the overview.
Current setup is
Internet -> Router -> PIX 501 -> Switch -> clients
Internet -> static ip given is 210.193.34.1 - 210.193.34.6 Router -> Static ip assigned for NAT/External is 210.193.34.1, Local ip is 192.168.1.246 PIX 501 setting -> IP to Router, According to router screen is 210.193.34.2, but not sure what settings are done in the PIX itself as I'm unable to access it.
local ip is 192.168.1.1 Clients - > 192.168.1.0
Old setup is working fine and connected to internet. for the new setup, as i do not want any downtime for the old setup. As you can see, there are two firewalls connected concurrently to the router. I've configured it this way.
Internet -> Router -> ASA 5505 -> Switch -> clients
ASA 5505 setting -> IP to Router NAT/External/ Outside Interface, 210.193.34.6 (Or do i set as 192.168.1.0?), local ip/ Inside Interface is 192.168.2.1 Clients - > 192.168.2.0
some setup details. security policy, NAT, set to default. routing is route outside 0.0.0.0 0.0.0.0 210193.34.6
I'm unable to access after a week of troubleshooting.
So I have a client with an ASA 5520 running version 9.0 (was on 8.4) that I am trying to get either IPSec or SSL VPN configured on. I got everything setup and tried to connect. However, I couldn't connect to either. I fired up the real time monitoring and didn't see any syslog messages referring to a VPN build up. I also enabled SSH/Telnet on the outside interface and cannot connect to the ASA outside interface. I can ping the outside interface and can ping the internet from the ASA. I did set up a test ACL on the ASA and ran packet tracer on it and the results came back fine.
There is an IPS in the ASA as well, but I disabled the ACL for that and still am having these issues. Part of me wonders if the ISP has something set up to block inbound traffic. This should be a business class connection.
Let me explain my current situation before asking my question:I have a Motorola Netopia7347-44 VDSL modem/router (with WiFi). The type of signal that I get from my ISP is analogue for phone, TV and intenet.This modem has an input for the Internet connection (dynamic IP address) and provides the IP addresses and connection for the other devices connected to it (via WiFi or cable), such as the TV over IP box, laptops, iPads and smart phonesI would like to implement content filtering on my WiFi network in order to avoid access to some websites, and my modem/router doesnt provide this feature (or at least I cant find it with my ISPs configuration) thought about using OpenDNS, but since I have a dynamic IP address and I cant install an updater on all the devices, then this solution didn work.
The next idea I have is getting a physical Firewall.Question: I am wondering if I can just connect the Intenet cable (that comes from the splitter between phone and Internet) to the Firewall, then I connect a RJ-45 cable from the firewall to my existing modem/router and should that be all (besides configuring content filtering on the firewall)?What should I take into account regarding the IP addresses? Should I enable the DHCP server in the firewall (I assume that most come with one), and disable the DHCP server in the modem?
