My web server is out of public IPs. I requested more from my ISP and I got a different range with a different gateway. How do I handle the configuration on my Cisco ASA? Without any configuration changes to the firewall I saw the traffic hitting it and being blocked. I added an access rule to allow the traffic. I added a virtual interface on the ASA. I added a virtual interface on the web server. Using "Packet Tracer" the traffic flows from the outside interface to the new virtual interface. But I'm unable to access my web server and I don't see any traffic on that IP reaching the web server.Using Cisco ASA 5510.
Recently, I've been having significant problems with denial of service on our ASA-5510. Two IP addresses in particular attack my ASA regularly. What kind of rule do I need to create to deny these IP's access to my firewall?
We just switched to a 5510 from a PIX 515 last evening, and the only things that are not working are any services from the outside to the inside. Example: I am unable to connect to a RDP server on the inside from the outside. I've been looking at the config for the past five hours, but am unable to see my mistake. Running 8.2(1) People on the inside are able to get out.
domain-name aaaa.org names name 10.10.8.13 mailserver name 10.10.8.12 video-conf name 184.108.40.206 PubMail name 220.127.116.11 VidCon name 18.104.22.168 Ms-Aderson !
We have ASA5510 with version 7.x and asdm 5.X, i upgraded it to 8.3 and asdm 6.2, and i got vpn peers 250 and 2 ssl.when i try to connect through client software , i can see in the logs UDP 500 port is created as shown below.Mar 31 2011 23:54:40 302015 22.214.171.124 57013 x.x.x.x 500 Built inbound UDP connection 56694 for outside:126.96.36.199/57013 (188.8.131.52/57013) to identity:x.x.x.x/500 (x.x.x.x/500) no other things are going on , and i get error as shown below.
Secure VPN Connection terminated Locally by the client Reason 412: Remote peer is no longer Responding Connection terminated on.
i am suspecting it is VPN-3DES-AES activation key issue.when i go to Remote Access VPN ---Advanced---SSL Seetings--From Left Encryption Panel Available Algorithems i have DES-SHA1 when i try to drag it tto Right panel of Active algorithems it gives me error *** below [ERROR] sl encryption rc4-sha1 des-sha1 The 3DES/AES algorithms require a VPN-3DES-AES activation key and currently in right panel of Active Algorithms i have only RC4-SHA1,
I purchased a SA520W for my company, and i have some probles for configuring firewall. I want to deny access to facebook, youtube and twitter but not for 4 hosts which needs this websites for work. I tried to configure content filtering > blocking URLs but with this solution, I deny acces for all users, So, I tried to make IP v4 rules :
The 4 hosts who may access to these websites are 192.168.50.124 to 127
Example : FROM Zone : LAN TO : WAN Service : Any Action: block always Source hosts : 192.168.50.32 to 192.168.50.123 destination hosts : 184.108.40.206 (one of the facebook's ip)
but it does not work. So, I am looking for an other solution, or maybe my rule is not correctly configured ?
My company uses a pair of 5510 ASAs as the gateway to Internet. I once configured policy-map to filter certain webpages (facebook, twitter, ...etc) and they work fine. However nowdays those websites all support HTTPS. In the https the URL seems encrypted so can't do regex match... Is there anyway that I can still block those webpages?
Another two ways I can think of are
1. Block IPs (don't really want do this unless absolutely necessary)
2. Block DNS for the URL (however they can work around by setting static DNS entries)
I have been working on figuring out a VPN problem on my companies ASA5510. I was accessing the device via: ASDM, SSH using Putty, and even initially with a console cable (also using Putty) using a computer in the networking closet. All 3 of these access methods worked properly for me.I believe I may have inadvertently changed something as of Friday using ASDM. I am mostly assuming this because, as of yesterday I can no longer connect to the device. I actually cannot even communicate with it (ping the interface I normally use to manage, which I could previously ping). No computer on the same subnet as me is able to ping the interface. The device is still accepting VPN connections, dishing out DHCP addresses and everything else it normally does, but I really need to be able to gain access to it again. I am thinking to reboot the device when there is some downtime, in the hopes that ASDM doesn't save to startup-config and only to running-config.
we have ASA5510 with version 7.x and asdm 5.X, i upgraded it to 8.3 and asdm 6.2, and i got vpn peers 250 and 2 ssl.when i try to connect through client software , i can see in the logs UDP 500 port is created as shown below. [code]
and currently in right panel of Active Algorithms i have only RC4-SHA1,
I have been trying to block access to Steam and Left 4 Dead 2 on a specific computer, using the correct listed ports and using the port forwarding section of the router (setting the access to deny) however they seem to still be able to access both steam and L4D2 on their computer.how I can still block the access?
I configured a Cisco 861 router to allow only youtube.com and block all other URLs. I used the below configuration but is not working. Actually everything is blocked even the access to the router. Is there any other way to acheive this requirement?
I was configure IPSEC vpn on ASA5540 and i have problem with port blocked. I am unable to block server ports to remote users.See below configuration. I need to configure vpn filter list but don't know how to configure vpn filter list.
I have two ASA5510's set up in failover, and the secondary keeps crashing after doing the interface checks when bringing failover up. This only happens if I try to upgrade the image on the secondary to anything newer than 8.4.1 (I've tried with 8.4.1-11 and 8.4.2). The primary one run just fine with new images.
I don't have the exact error right now, as I need to do a screen capture from console. It's just a huge crash dump.Are there anything I might have missed during the upgrade? Should I cold-boot both the firewalls in the correct order?
i have configured SSL VPN on Cisco ASA5510 which is working fine .My Users connected the VPN and access the servers remotely. But now i face one challange my users use PPTP VPN of the customer now a days configured at the Customer Network. When they Connect the PPTP VPN unable to Access the servers remotely defined on the SSL VPN Route.
i have a ASA5510 in the office, that already configured 3 context, namely, admin, user, server.in the server context, the last running config was not saved, and there was a power trip last friday night. 1 of the sub interface was affected, and i need to recreate that interface.I am getting the below error, it only allow me to do changes those pre-defined interface.how to I create extra sub interface?
I have been trying to delete unwanted contacts from my contact list. I have done all of the things on your list and nothing works. Your old system was so much better'than this new yahoo mail. Why did you change something that worked, and was so much easier to understand?
This is just a tip that we used on our controllers that I wanted to pass along. We were having issues with unwanted access points associating to our controllers. We had a stack of older 1242s that came up missing and hit our network. On way we came up with to prevent this was to number all of our wlans above I'd # 16 on the controller. By default the default ap group allows all wlans from 1 to 16. By starting with 17 we are not allowing any SSIDs in the default group. All if our production access points are in their own ap groups. Any access point that hits our controllers that has not been configured with the correct ap group name will be in the default ap group and will not be servicing any SSIDs.I know there are other ways to set this up but this was a tricky way for us to set it up and see who calls about there wireless not working.
i want to block all internet access on all my computers from the time range of 9 PM to 8 PM. Yes, that gives 1 hour of internet access per day. However, it seems that there are certain rules of the router that won't let me do this. It seems I can't make 2 different policies for PC's within the same IP range (192.168.1.0 to 192.168.1.254) , it gives me the error: "The values you entered are invalid. Please try again."every time I try to do so. And when I try to give the time range from 9 PM to 8 PM it gives an error stating that the end time must be bigger than start time. I am using the WRT54GL with firmware v4.30.7.