Cisco Firewall :: Configure ASA 5505 With TimeWarner Business Class Service
Apr 30, 2013
I'm trying to support a friend. They just switched to TWC Business Class from Megapath. They have a Cisco 5505 ASA and are trying to configure it to work with the new TimeWarner cable modem. But we can't get PCs behind the firewall out to the Internet.
Â
We think it should be a pretty simple config. They have the ASA connected directly to the modem. The modem is running DHCP, and we''ve configured the ASA to get its address via DHCP. We have a Windows server behind the firewall; it can't get out the Internet either. It's set up to be a DHCP server and is giving IP addresses to the PCs on the network.
Â
Laptops connected via wifi to a wireless router attached to the modem are able to connect to the internet, thus we know the modem is up and running fine.
Â
Here's our running config:
Â
ASA Version 8.4(1)!hostname ciscoasadomain-name opanslab.comenable password yYME2neTGgA0S1./ encryptedpasswd yYME2neTGgA0S1./ encryptednames!interface Vlan1nameif insidesecurity-level 100ip address
[Code].....
View 5 Replies
ADVERTISEMENT
May 9, 2012
I was under the impression that all Cisco ASA firewalls shipped with a default inspection policy.
Â
ExampleÂ
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
[Code]......
Â
can I build this myself? Why is it missing (I have two other ASA 5505s here that also do not have it). What would I do to rebuild it?
View 2 Replies
View Related
Jun 3, 2012
I am trying to confgure a L2L VPN tunnel to a service provider using an ASA 5505.My problem is that the service provider will not accept traffic from a LAN subnet, they will only accept traffice from a public IP.We have a small public subnet of x.x.x.50/255.255.255.248, our public IP (outside interface IP on the ASA 5505) is x.x.x.50 and the service provider wants to see traffic coming from us on x.x.x.51How can I NAT our LAN subnet (10.0.0.0/24) to one public IP (x.x.x.51)?
View 14 Replies
View Related
Mar 21, 2012
I'm trying to establish a VPN tunnel between our main office running a Cisco ASA 5505 [8.3(2)] and a remote user using a Cisco Small Business WRVS4400N firmware version V2.0.1.3.
Â
The Cisco ASA 5505 is already configured to allow incoming IPSec VPN connections via the Cisco VPN Client.
Â
Is this possible, and if so, how would I go about doing so? The remote user has a static IP address as well as the main office.
Â
I'm trying to establish a VPN tunnel between our main office running a Cisco ASA 5505 [8.3(2)] and a remote user using a Cisco Small Business WRVS4400N firmware version V2.0.1.3.
Â
The Cisco ASA 5505 is already configured to allow incoming IPSec VPN connections via the Cisco VPN Client. Is this possible, and if so, how would I go about doing so? The remote user has a static IP address as well as the main office.
View 2 Replies
View Related
Apr 18, 2013
I am trying to determine why Comcast Business Class modem configured with a static IP (IPV4) works with a laptop or Linksys Cable modem but not with a Cisco ASA 5505. After a few minutes, the 5505 stop passing web traffic. I am able to ping the default gateway even though I can not surf the web. Restarting the 5505 and the Comcast modem, web traffic flows for a short period of time, then stops. I can connect inside the firewall via ASDM 7.1.1 and via SSH. I can not connect via either from the outside. Comcast tech support indicated their router is working and is configured in bridge mode. I swapped out the 5505's memory, and then with another 5505. Nothing seems to resolve the issue. I am trying to determine if the 5505 or the Comcast router is not configured correctly.
Â
Here are the parameters: The 5505 was reset to default factory settings via the command: config factory-default. Configured the outside interface with static IP Address followed by the no shutdown command, then removed DHCP features from outside interface. Added Comcast DNS servers, default route, ntp servers, configured DHCP features on the inside interface. Enabled HTTP/SSH (inside & outside interfaces) and ICMP echo-reply (outside only).
Â
I believe the Comcast modem is not configured correctly. The show version and show startup output are below.
Â
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 9.1(1)
Device Manager Version 7.1(2)
[Code].....
View 5 Replies
View Related
Oct 23, 2012
I have found cisco's config for dynamic DNS on an ASA. However, I have seen many articles that the ASA doesnt support the HTTP update method that most dynamic dns services use.
View 2 Replies
View Related
Feb 18, 2013
I currently have 2 5505 SEC BUN as Primary/FO Firewalls and I am considering purchasing the ASA5510-AIP10-K9 for use as a dedicated IPS device. Looking at [URL] I see that for service updates, CON-SU1-AS1A10K9 is available for this product, providing "IPS Signature and Engine Updates" and "OS Updates."It is my understanding that in the ASA5510-AIP10-K9 there are 2 OS:
1. ASA OS
2. AIP SSM-10 OS
Â
My question is: Are both the ASA and AIP SSM-10 able to receive "OS updates" with this service contract?
View 3 Replies
View Related
Mar 15, 2011
Have a customer who has two ISPs right now and only using one through a basic SOHO router. Looking to upgrade to something that supports dual WAN and allows connections from outside in on both WAN ports. There are 25-30 inside hosts.Requirements: Allow incoming connections on BOTH WAN ports to a single inside host
-This is a web app that needs as close to 100% uptime as possible
-Round robin DNS is set up
-Failover for internal people should one of the ISPs go down
Â
Looking at either an ASA 5505 with Security Plus or an 891 Integrated Service Router.
View 1 Replies
View Related
Feb 13, 2013
connecting ASA 5505 with the Action Tech Router?
View 1 Replies
View Related
Apr 6, 2011
i want 192.168.0.1 with mask 255.255.255.0 class network to communicate with 10.7.27.1 with 255.255.255.128 mask to have the same gateway
View 2 Replies
View Related
Apr 26, 2012
I want to be able to gather some time metrics based on source IP, and destination port. Is it possiable to track how much time a user spends using a service based on it's port number.  I have figured out how to capture all the data, and I can then look at timestamps, but I would like a better way if possible. Can this be done at the firewall, or do I need a different appliance?
View 1 Replies
View Related
May 16, 2011
When I create a service object or group and add the object to a new rule it never works.I mean the traffic match not the rule. I see not hits.I placed the rule on top of my access list to check if I do somethink wrong but it is not working. When I place only a service for example tcp/23 it is working.
Â
my ip service object
object-group service g-as400 description access client 2 as400 machine service-object tcp-udp destination eq 397 service-object tcp destination eq 137 service-object tcp destination eq 2001 service-object tcp destination eq 3000 service-object tcp destination eq 445 service-object tcp destination range 446 447 service-object tcp destination eq 449 service-object tcp destination eq 5010 service-object tcp destination eq 5544 service-object tcp destination eq 5555 service-object tcp destination range 8470 8476 service-object tcp destination eq 8480 service-object tcp destination eq
[code]...
View 8 Replies
View Related
Mar 27, 2013
I am attempting to set up failover dual ISP on a 5505 running 8.4(4) with the Sec Plus license. Everything i have been able to reference so far, points to old commands not available or relevant in 8.4
Â
For instance:
Â
global (backup) 1 interface
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 20.20.20.1 1
route backup 0.0.0.0 0.0.0.0 30.30.30.1 10
Â
What is the new syntax that should be used to mimic these commands? I have the sla and trach reachability configuration already set up.
View 1 Replies
View Related
Mar 19, 2013
I am trying to configure an IPSEC vpn on an ASA5505 I setup an SSL vpn and it works fine, I can browse to the https: address log in and connnect to servers However when I try to setup the ipsec client access vpn it will not connect and I am getting the errors below I used the wizard for the initial configuration Looks like the inital IKE is being blocked or dropped?
Â
%ASA-7-710005: UDP request discarded from my external IP/35781 to external:ASA-external/500
%ASA-7-710005: UDP request discarded from my external IP/35781 to external:ASA-external/137
View 10 Replies
View Related
Sep 14, 2011
I have a firewall Cisco ASA 5505, and currently it is a command line firewall. I want to configure ASDM so that i can use it as a GUI Web Base interface.I really don't know what to do. How can I configure ASDM on my firewall.
View 7 Replies
View Related
Nov 15, 2011
I want to configure my Cisco asa 5505 as a dns server, so that when i configure any of my network systems ip address and use my firewall as a default gateway and dns ip, the system should be able to browse internet.
View 5 Replies
View Related
Mar 20, 2012
Got new ASA5550, code 8.2.2 in flash, can't configure "nameif" or "ip address" on the interfaces: [code] These are all the options that I get! Another weird thing I noticed is "<system>" string in "show ver" top line: [code]
View 2 Replies
View Related
Mar 18, 2012
I am absolutely new in the enterprise firewall world but I would like to start learning how to configure ASA 5505 and 5510. I did some research myself and I found that the material or the topic itself is a huge adventure (lots to read and understand). My company uses IOS versions until 8.2 due to the differences in the NAT-ting rules with 8.3 and 8.4.
View 1 Replies
View Related
Mar 25, 2013
I have a test ASA 5505 at home. The DHCP IP address in my real home firewall is 192.168.1.x and as you are aware the default ip address in ASA is the same. how to configure the ASA.
In the link below there is an instruction, it seems it is working for everybody except me. I followed the instruction up and the only change was assigning the IP address, which I chose something other than 192.168.1.x But after the step of creating NAT, I do not have access to the internet. [URL] Also I followed the link below, but the revision of the ASDM in the instruction does not match with mine, so I was not lucky to figure the device.[URL]
1- How can I configure the ASA 5505 with an IP address different than 192.168.1.x (at home = no incoming static IP address = DHCP on subnet 192.168.1.x for the incoming internet) I have installed ASDM 6.3 on my laptop (From work) but when I connect to the ASA it wants to install ASDM 5.7.I tried to connect to the device through ASDM 6.3 and input the IP address 192.168.1.1It takes for ever and it does not connect to the device
2- How can I connect to the device by ASDM 6.3 or any ASDM with higher version than the original of the device?
View 17 Replies
View Related
Dec 23, 2011
I want to configure multiple DHCP pool on ASA. that I create like
Â
int e0/2
no shut
Â
interface Ethernet0/2.10vlan 10nameif inside10security-level 100ip address 192.168.10.1 255.255.255.0
interface Ethernet0/2.20vlan 20Â Â Â Â Â Â nameif inside20 security-level 100ip address 192.168.20.1 255.255.255.0
dhcpd address 192.168.10.10-192.168.10.254 inside10dhcpd dns x.x.x.x y.y.y.y interface inside10dhcpd enable inside10
dhcpd address 192.168.20.10-192.168.20.254 inside20dhcpd dns h.h.h.h z.z.z.z interface inside20dhcpd enable inside20
Â
I have following query...
Â
1. int e0/2 work as trunk port, is it? any special confiduration require other than dot1Q?
Â
2. How can I configure inside interface? is it like,
   access-group inside_access_in_1 in interface inside10
   access-group inside_access_in_1 in interface inside10
Â
3. How can I configure static NAT ?
Â
4. How can i configured inside route?
Â
5. How can I configured default NATing?
Â
6. On which interface I access ASA? currently using inside interface.
View 5 Replies
View Related
May 20, 2012
I have ASA 5505 with 8.4(2)8 software for one of my branch offices and I can't configure port forwarding.It seems to be very simple, but it's not working. I use my ASA as a gateway to the internet for users in office and for site-to-site IPSec VPN to HQ. I have pppoe-enabled outside interface, but ISP gives me static routable ip address. I have server behind my firewall and I should "publish" to the WAN some of its' tcp and udp ports, but I see that no packets forwarded through ASA. I tried to configure PAT as stated in official "Cisco Security Appliance Configuration Guide" through CLI and ASDM.[code]
View 4 Replies
View Related
Nov 18, 2012
I have a closed network that is not connnected to the internet, just other sites that we want to communicate with. We have a cisco router connected to the outside interface on an ASA5505 and a cisco router connected to the inside interface on the same ASA5505. I have an inside interface that connects our management LAN, five separate DMZ interfaces with a separate LAN (VLAN) on each DMZ interface and the outside interface that connects to the other sites. Data is not allowed to mingle between the five DMZ's.Â
Â
Alll connections to the other separate nodes are handled with the router on the external interface. IPSEC GRE tunnels have been established between all sites and BGP routing has been verified. Pings are good between inside, dmz and external interfaces and between the DMZ's and the other sites, to include hosts on our local networks and hosts at the remote sites. Inter and intra traffic is enabled.
Â
When a remote site attempts an https connection, the initial ACK handshake makes it through the ASA5505, but the return SYN/ACK is being knocked down and I don't understand why (it is not because of ACL's, they are any any at this point).
Â
Why the return SYN/ACK to the remote site isn't getting through the ASA5505 outbound. Will probably have the same issue with FTP, but right now, just trying to solve one problem at a time.
Â
ASA5505 is in routed mode, not looking to NAT since the IP addresses in the DMZ need to be reached by their real IP address.
View 3 Replies
View Related
Nov 1, 2012
I am trying to configure an ASA 5505 with a username and password. I set all the pass words: [code]
Â
When I reload the device it prompts me for the username, then the password and it fails and just asks for the username again. I have even tried to delete the username / password combo but it still prompts me for it. When I do password recovery the confreg is 0x00000001.
View 6 Replies
View Related
Sep 16, 2012
[URL] I am not savy configuring ASAs at all and I can't get it to work. We are switching to a SIP trunk phone system and I am in charge of setting up the ASA to not only make it work but also make sure that there's packet priority or QoS.I've never configured something like this and I was giving another set of instructions to make sure that this is working:
[URL]
Configuration:
My configuration is very basic:
3 interfaces - Outside/Inside/Guest
ASA Version: 7.2(3)
ASDM Version 5.2(3)
Firewall Mode: Routed
Â
Solution: When I tried following the instructions on brian-kayser's blog I get an error when I'm sending the following command:
shape average
^Â Invalid marker
service-policy PRIORITY-POLICY
^ Incomplete commandÂ
Â
I think it's because my version of ASA doesn't have this functionality but I don't know.
View 5 Replies
View Related
Jun 10, 2011
I am setting up a Cisco ASA 5505 first time for My organisation, I usually setup Cisco Router, I have 10 Static IP, & Have 6 Server (S-1, S-2, S-3, S-4, S-5, S-6), Traffic Should be pass through the ASA and is distributed to the destination server that is specified in the packet. LAN servers can be separated into discrete networks for security. For example, a private LAN for internal traffic accessed only via remote dial-in VPN sessions and Want to Configure DMZ for Server (S-4, S-5, S-6) that allows public web traffic.
Â
I have Attached My Network Diagram I have some question,
1:- Can we Configure Multiple Static IP On ASA 5505 ?
2:- If Diagram is wrong what change need to be done ?
View 2 Replies
View Related
Nov 20, 2011
I am now going to configure IPSec VPN connection for Cisco ASA 5505 (Version 8.4)
View 3 Replies
View Related
Nov 30, 2011
ASA 5505 and DMZ, I have a Base License.
Â
What do I need to do for access inside network to DMZ?
Â
I successfully configure, internet Access for DZM and inside network, web server can be accessed from internet, but I have problem to configure communication from inside network to DMZ.
View 14 Replies
View Related
Dec 23, 2011
Currently I have an ASA setup as a Firewall with 1 outside interface and 2 inside interfaces. Initially, the Guest interface was setup to receive DHCP from the ASA and everything was working. I'm adding router and a server for the guest interface and what I'm trying to accomplish now is the following: ASA 5505 > Airport Extreme with a public static IP (69.xx.xx.6), handling DHCP and NAT > Mac Server as DNS Server.Right now, when I connect to my Airport Extreme with any computer, I don't have internet. I don't understand what's wrong. My DNS Server has a reserved IP address: 192.168.226.2 and it's pointing to itself and forwarding the ISP DNS servers, the Airport Extreme is handling the DNS Server IP and the ISP DNS Server IP but I can't connect to the internet from the server. [code]
View 31 Replies
View Related
May 9, 2012
We've just started with the ASA 5505. We do run a DHCP server on the inside interface, so it is in the same VLAN 1 as all of the clients. However, we cannot get it to work.We can't use DHCP Relay, as the ASA 5505 only allows to relay to DHCP servers in a different subnet.Or do we have to move the DHCP server to a different subnet. If so, how would we configure that scenario?
View 13 Replies
View Related
Aug 30, 2011
I'm trying to learn Cisco ASA IOS commands, I have bought myself a 5505 ASA for my home network and plan to implement it. How best to configure it.
I have attached a diagram of how I want my network to look. The internet connection is via the Virgin Media cable modem.
View 7 Replies
View Related
Aug 3, 2011
I have a request for blocking urls using a class map. I have made this work with HTTP, however it does not work for https. This is a 2851 router with IOS Version 12.4(15)T7. I see i could use the command "match protocol secure-https" however this does not let me specify any specific urls.
Â
Does a new IOS version will support what I'm trying to do? Or if there is another way?
View 2 Replies
View Related
Aug 21, 2012
I have a Cisco 871 router that used to have Access list based security. now I am trying the ZBFW for the first time. I thought I had a pretty good program until I found all my traffic was getting dropped. This is my first stab at ZBFWs and I am a bit confused esp with the default class part.
Â
The router is for my house and thus also has to have priority for gaming. I will add the gaming and voice QOS once I get it working,
Â
Guest VLAN has access to 2 IP's in Data for printing. Cisco871#sh run
Building configuration...
 Â
Current configuration : 8005 bytes
!
version 12.4
no service pad
[Code].....
View 1 Replies
View Related
Jul 23, 2011
I really need understanding some of the logic behind the default ZBFW settings on my Cisco 881W courtesy of Cisco Configuration Professional. Here are my two questions:
Â
1.)Â What is the purpose and logic behind consolidating the first class-map (ccp-cls-insp-traffic) in to the second Class-Map (ccp-insp-traffic) as follows?
Â
Code ....
2.) What is the purpose and logic of Policy-Map ccp-inspect is trying to drop traffic from ccp-invalid-src, which is filtering based on ACL 100:
policy-map type inspect ccp-inspectclass type inspect ccp-invalid-src drop logclass type inspect ccp-insp-traffic inspectclass type inspect ccp-protocol-httpclass class-default drop.
Code ....
View 1 Replies
View Related
