Cisco Firewall :: Configure DMZ On ASA 5510
Mar 3, 2013
I am confiuging a DMZ on my ASA 5510 but I have run out of physical ports, since I have dual Wan ports configured. I plan to implement a DMZ using subinterfaces. I have 2 questions:
1) Do I need to configure a Vlan to complete this task?
2) Do I need to re-configure the other interfaces for subinterfaces and/or vlans as well?
View 4 Replies
ADVERTISEMENT
Nov 4, 2012
This is my first time to use the Cisco ASA 5500 family. I have a request from a user to create an access rule, to allow all LAN traffic to Destination IP address 165.241.29.17, 165.241.31.254 with Destination TCP port 5060,5061,5070 and UDP port 50000-52399.
View 9 Replies
View Related
Sep 11, 2011
I'm having a problem configuring an ASA 5510. A previous employee started the config and left abruptly. He established a VPN Tunnel between two of our sites and that's working without an issue. The problem is, the network behind the 5510 at the remote location cannot access the internet.
ASA Version 8.2(1)
!
hostname PH-Firewall
domain-name pleasehelpme.com
enable password HXrQty4kqW8s8yeE encrypted
passwd ucA.qrYJWD9UyIFz encrypted
names
[code]....
View 12 Replies
View Related
Jul 25, 2011
I'm trying to configure an asa 5510 8.2(1)?I have a range of pub ips 3*.108.234.145-150
>>> E0/0 3*.108.234.146 outside public
>>> E0/1 192.168.1.1 inside
>>> E0/2 192.168.3.1 dmz
would like to map dmz host 192.168.3.107 to external 3*.108.234.147 on port 5000 and 50001 LOCAL LAN should also be able to get to dmz host ports.i've tried a few configs and also following this example:
[URL]
without any luck, here is my config, also posted the out put of show arp which is able to see and ping the host on dmz, also the output of show access-list which shows hits to it.
prophase-pix(config-if)# show running-config
: Saved
:
ASA Version 8.2(1)
!
hostname prophase-pix
enable password encrypted
[code]....
View 2 Replies
View Related
Mar 18, 2012
I am absolutely new in the enterprise firewall world but I would like to start learning how to configure ASA 5505 and 5510. I did some research myself and I found that the material or the topic itself is a huge adventure (lots to read and understand). My company uses IOS versions until 8.2 due to the differences in the NAT-ting rules with 8.3 and 8.4.
View 1 Replies
View Related
Feb 28, 2012
I need to allow connection from IPHONE (in Internet) to connect Exchange on private network, synchronising with activesync (https) We have a microsoft TMG on frontal (inside network)
What is the method to parameter CISCO ASA using clientless access: Port forwardind? smarttunnel, web proxy? Nat?
i want the activesync request to cross ASA to go directly on TMG without asking password and user
View 2 Replies
View Related
Aug 21, 2012
I recently bought an all brand new ASA 5510 and it is here by my side. I'm trying to configure it but when entering https://192.168.1.1/admin I get Page Not Found error on IE. I'm able to ping 192.168.1.1 and have success telnet 443 port.
View 13 Replies
View Related
May 2, 2011
Have a new ASA 5510 connected to the laptop via console. I need to load the IOS and the configure from another ASA. I have tftp client on the laptop. Do I just need to set the inside IP to the same subnet as my laptop? Will I need a crossover cable?
View 1 Replies
View Related
Jun 15, 2011
I have an ASA 5510 and I can not configure fine.
My problem is that I have 10 public address connected to ASA and each public address is redirectioned to an internal IP address.
An of these public address is the ip address of mi ASA.
how to configure and access-list and an NAT, the others I will configure.
interface Ethernet0/0
description Interface_WAN_World-Ttrends
speed 100
duplex full
nameif outside(code)
View 59 Replies
View Related
Jun 8, 2013
I have 2 ASA5510-SSL50-K9, can I configure HA Failover ?
View 7 Replies
View Related
Apr 13, 2013
I have a few devices that the manufacturer told us we have to set with a public IP (No Natting) We have Internet ->ASA5510-> Switch 3550 with 3 vlans. Up to now we have always use Natting to configure internet access to specific devices. I heard setting up a witch with one VLAN connected to the internet and all other internals is a bad idea. that was the only Idea we had.
View 3 Replies
View Related
Dec 13, 2011
how to configure ASA 5510 anti X edition ? Can I have a link explaining the configuration step by step ?
View 2 Replies
View Related
May 22, 2012
i have a cisco asa 5510 and would like to add a NAT rule for a range of ports like 50000-59999
View 15 Replies
View Related
Dec 9, 2012
I have to configure a default-factory firewall (ASA 5510) in a simple scenário like this image represents:At this moment i have configured the interfaces as represented above and at this moment what i want is grant access from a LAN computer (10.10.0.0/24) to the internet.
Should i configure some acl? I read that all traffic from an interface with a superior security level to other interface is allowed, so since my inside interface has a security level of 100 and the outside 0, it should be possible access to internet from an inside computer?!
From all configurations and examples i have seen around, they all contemplate a fixed IP address from the ISP, but in my scenário i have a dynamic one. This fact matter for the configuration i want to do?
My firewall is running the software version 8.2(5).
View 7 Replies
View Related
May 10, 2013
Cisco ASA 5510 and I want to configure it as an access gateway following this .[URL] the basic configuration steps on what to do on ASDM.
View 2 Replies
View Related
Feb 4, 2013
I have inherited an asa 5510 whit 4GE SSM module installed. The asa runs fine, but i can not use the 4GE SSM ports. Using ASDM or console i can get and configure the gigabitethernet1/x ports but i can not get traffic on it. The ping from the console to the ip address of the Gigabitethernet1/0 is successful. On switches or hubs connected to those ports i can not see the port's mac address. The two Internal-data0/0 and Internal-data1/0 are down and i can get they up. How to configure 4GE SSM or ASA internal-data ports.
View 8 Replies
View Related
Jan 3, 2013
Is it possible to import the config of a 5510 to a 5520. Trying to replace two 5510's with 5520's and wondering is there a way import the existing config files for the 5510's into the 5520's?
View 3 Replies
View Related
Dec 29, 2012
I have one Cisco ASA 5510 with 2611 router two 2960 switch how to configure.
View 1 Replies
View Related
Jan 27, 2013
I am wondering if this is possible. We have multiple internet connections with fixed IP's coming into the office. We'd like to use one for FTP backup and another to service our websites. From what i have read a 5510 doesn't do policy based routing, but we'd like to configure our ftp server to use one of the internet pipes and our webserver to use another internet pipe. Is that possible?
We'd have two outside fixed IP interfaces and two internal interfaces. I could then use one of the internal interfaces for the web server and the other for the FTP server. consequently if the internal web server and FTP server use the fixed IP"s corresponding DNS server wouldn't that effectively route all FTP traffic out one interface and all web traffic out the other?
Then the FTP traffic would be NAT'ed to an internal interface and the HTTP & HTTPS traffic would be NAT'ed to a separate internal interface.
Then if each of the internal servers used the corresponding internal NIC on the ASA as it's gateway and the fixed IP's that correspond to the external DNS server, then it would affectively only use that gatway out for traffic? Would that work? Does it should route traffic out those pipes correct? Will the asa support two different next hop routers for the two different interfaces?
View 2 Replies
View Related
Jun 11, 2012
We have configured ASA 5510. We have configure Ethernet 0/0 ( Outside ) connected with ADSL line and Ethernet 0/1 ( Inside ) Local LAN. we have configured NAT and all the traffic is passing through outside interface. Now we have connected ethernet 0/3 ( leasedline ) interface with static public IP. Now we want to allow SMTP traffic to pass through from this interface.
How to configure it if we want our local lan SMTP traffic sending through new leased line ( Static Public IP ).
View 2 Replies
View Related
Aug 14, 2011
Attached is a diagram of my network. My company has leased some office space to an outside company that handed me a 5505 and said "We want to VPN to our HQ through your Internet". I have two issues: I need this to work and I need to be able to access the 5505 from the management network. I don't care about the VPN aspect as much as making sure that I have basic communication down. I have everything configured per the diagram, but I can't ping the 5505 outside (Vlan 2) interface. I want to be able to configure and test the VPN setup on the 5505 from Putty on my PC.
The default route on the 5520 sends traffic to 10.10.1.1 and the default route on the 5510 sends traffic to the WAN interface. I added this route on the 5510:
outside 10.94.4.0 255.255.255.0 10.10.8.1
I still can't ping the default gateway on the 5505. There is a switch between my PC and the 5520 but the default route passes the traffic to the 5520. However on my tracert I don't even get to the 5520. Do I have to add a route to the switch just to manage the ASA 5505?
View 1 Replies
View Related
Dec 5, 2011
I have a Cisco ASA 5510 and a Cisco ASA 5505. I want to configure the ASA 5510 as Easy VPN Server and 5505 as Easy VPN hardware client.Using either CLI or ASDM.
View 1 Replies
View Related
Aug 16, 2011
how to configure public ip on router 1841 and ASA 5510. let me show you my issue that: i have router 1841 ( for F0/0 use pubic ip add 10.10.10.1 /30, and F0/1 use other rang public ip add 20.20.20.1 /24) and on ASA 5510 i use public ip add E0/0 20.20.20.2 /24 ) all this for public ip add and my lan ip is 192.168.0.1/24.
could you let me know how to configure on router 1841 and ASA 5510. for router 1841 if you use private ip we can use nat but for all public ip add how can we do it?
View 9 Replies
View Related
Sep 23, 2011
I am trying to configure remote access VPN to my network, i have a Cisco ASA 5510 IOS 7.0(7).
I configured the VPN using ASDM 5.0.9 and below is the configuration received:
access-list 90 extended permit ip 192.xxx.xxx.0 255.255.255.0 192.xxx.xxx.248 255.255.255.248
access-list ClientVPN_splitTunnelAcl standard permit 192.xxx.xxx.0 255.255.255.0
ip local pool VPNIpPool 192.xxx.xxx.250-192.xxx.xxx.252 mask 255.255.255.0[code].....
View 5 Replies
View Related
Jan 11, 2012
Can i configure proxy on ASA 5510? i.e for internet use my user should be authenticate by ASA5510 and after successful authentication user should be allowed to access internet and futher is it possible to do bandwidth managment with ASA5510?
View 1 Replies
View Related
Jan 30, 2012
Is there a way to send an SNMP trap form the ASA when port 80 is trying to be accessed??
We use the ASA5510 and also use ScanSafe Web Security. Web Security is great but we find ourselves worrying if user has edited their Browser connection settings to remove the proxy settings that we push down using Group Policy. We also cut off the users ability to make changes to those settings but it interferes when I need to troubleshoot a special program that cant use a proxy server. It just makes it harder for me. The other thing is that Group Policy only works for IE. Google Chrome will inherit the system settings in IE. So we have Safari and Firefox as well as a lot of others to worry about not getting the configuration. There is also debate about limitting the use of anything but IE and FireFox.
Without laying down the law and getting all sorts of hate mail and death threats I would like to run ScanSafe in such a way as to make sure each user receives the Group Policy settings and that is all.
I would now like to just set up an SNMP trap on the ASA for ANY traffic that is trying to get to port 80. Either get in in my syslog server or have the asa email me directly. Scansafe sends the Internet traffic out on 8080 to the Proxy towers.
I could block port 80 outbound but again, I limit my ability to troubleshoot on the fly. I would have to break this every time I need to troubleshoot.
View 1 Replies
View Related
May 22, 2012
I configure Easy vpn on ASA 5510. it is working everything is ok. How can i configure vpn client without username and password?
View 1 Replies
View Related
May 22, 2012
I configure Easy vpn on ASA 5510. it is working everything is ok. How can i configure vpn client without username and password?
View 1 Replies
View Related
Jun 4, 2013
Our ASA 5510 was configured with a public interface, a DMZ interface, and a private interface. I have a remote access VPN using AnyConnect client and LDAP authentication for Active Directory. We are changing ISP (groan!), which means all new public IP addresses. The new circuit is installed, so I have a second public interface (same security level as the first public interface, wholly different IP address range) enabled on the ASA. I hope to transition whatever I can, which means get the VPN access through either public interface. Can I just enable client access on the second public interface at the Anyconnect Connection Profiles tab in ASDM? That seems too simple. Can they share the one address pool?
View 1 Replies
View Related
May 20, 2012
I have a Cisco catalyst 2950 and would like it's basic setup. It is connected to a Cisco ASA5510 on GigabitEthernet0/1. The ASA has two v lans configured. 101 and 102. I would like to configure my switch to be managed on the following IP which is on the 102 sub net:
172.16.102.253/24
Also, i would like to configure GigabitEthernet0/1 as a runk port to allow both v lans.
View 14 Replies
View Related
Aug 12, 2012
I am adding a second external connection to an existing system on an ASA 5510 with ASA V8.2 and ASDM 6.4. I added the new WAN using an other interface (newwan).
The intention is to route most internet traffic over the new route/interface (newwan) but keep our existing VPNs using the former interface (outside).
I used the ASDM GUI to make the changes and most of it works.ie. The default route goes via (newwan). Outgoing VPNs of a site to site nature use the previous route via (outside) as they now have static routes to achieve this.
The only problem is that incomming Remote Access Anyconnect VPNs are not working. I set the default static route to use the new interface (newwan) and the default tunneled route to be via (outside) but this is the point is goes wrong....
I can no longer ping the outside IP address from an external location. It seems the outside interface does not send traffic back to the - outside interface (or at least that's where I think the problem lies). How do I force replies to the incomming VPN remote traffic from unknown IPs to go back out on the outside interface?
The only change I need to make to get everything working on the outside interface again is to make the Default Static route use the outside interface. Which puts all the internet traffic back on the original (outside) connection.
View 6 Replies
View Related
Jan 26, 2012
now i have some problem on Cisco Switch 3750 and ASA 5510, i would like to do loandbalancing on Cisco Switch 3750 and Active/Standby on ASA 5510.
which topology that we can use on this diagram, i mean which protocol connect 3750(2unit) to ASA 5510(2unit) and ASA 5510 to 3750, which protocol 3750.
View 6 Replies
View Related
Jun 10, 2011
I configure for our office site to site VPN project. Now I configured already Site to site vpn between ASA 5510 and 1841 router.
HQ LAN
Branch LAN 10.2.1.0/24 >>> ASA 5510>>>>> 1841 >>> INTERNET <<<<<< 1841 <<<<<< 10.30.3.0/24 ^^^^ Call Manager 2851
Now can access from Branch LAN to HQ LAN each other. I face the problems that are
1) In branch LAN , they can access HQ LAN & resource , but cannot access internet. I didn't configure NAT on PH Router
2) Can I access internet from BRANCH LAN through HQ LAN to INTERNET. Or Can I access Internet from Branch LAN from PH Router directly while access to VPN to HQ LAN ?
3) In Branch Site , hard phone cannot work but soft phone on PC can call to HQ. Hard phone IP are same in Remote Network (172.16.1.0/24 ) . Is it problem ? how can I configure separately ?
View 2 Replies
View Related