Cisco Firewall :: Configuring UC-Proxy On ASA 5505 Version 8.0?

Jan 24, 2012

I'm trying to configure UC-Proxy using an ASA 5505 with software version 8.0.4.I was following the instructions in DOC-5704 and ASA 8.0 CLI.I don't have USB security tokens in UC solution, instead I'm using IP phones Cisco 7961 with MIC.I configure all the items as the documentation says but when I restart the phone outside the Firewall, the 7961 don't registrate with the Call Manager.Checking the troubleshooting I found that it's possible certificates problems but I don't know if I need to do something in phones.
I would like to know if there is any consideration when the UC proxy works just with MIC.The outside phone is a Cisco 7961 configured with static IP address and TFTP address of Call Manager (static NAT in ASA).

View 6 Replies


Cisco Firewall :: 881W IP Configuring Auth Proxy

Apr 15, 2013

Platform: 881WIOS: C880-DATA-UNIVERSALK9-M 15.0(1)M3License:

I have tried both advsecurity and advipservices

Problem: Configuring an auth-proxy redirect on seccessful authentication,Cisco's documentation states that when you are configuring auth-proxy, you may specify a url in which the clients will be redirected to when successfully authenticated.

The command is:,ip admission proxy http success redirect <url-string>,However, the command does not seem to exist on many of the latter IOS versions. I am also unable to find any documentation with alternate methods of sending a redirection to the client after a successful authentication. Is this command depricated? Is there a more efficient method of redirecting?

View 6 Replies View Related

Cisco Firewall :: ASA Version 9.0(1) / Configuring NAT On Intranet Firewall?

Dec 26, 2012

configuring NAT on intranet firewall. here is the my topology:
  DMZ Network  - - - - - - - - - External Firewall   - - - - - - - - - Internet
  Internal Network  - - - - - - - - - Internal Firewall  
1) I can Ping the intneral host from external firewall, internet firewall and DMZ network

2) Both ASA's are running OS Version 9.0(1)

3) ACL used permit IP any any, on both (i.e inside and outside)
NAT configuration on Internal Firewall  (Identity NAT)
object network MGMT-SRV-INSIDE           subnet
object network MGMT-SRV-identity
 object network MGMT-SRV-INSIDE           nat (Inside,Outside) static MGMT-SRV-identity


View 1 Replies View Related

Cisco Firewall :: ASA IPv6 NDP Proxy With 5505

Nov 26, 2011

i have a 5505 running 8.4, and my ISP is giving me a /64 IPv6 Prefix. Basically, I have a subnet between my ASA and my ISP's box which is my outside, running into a private subnet (, as most of ISP does.I have my ASA behind, and i'd like to turn on IPv6 for my inside hosts, but the problem is that I can't modify the routing on y ISP's side, and thus it will assume all host are directly connected in my outside. Thus, I would need some kind of Neighbor Discovery Proxy on the Outside of the ASA. Is there such feature ?

View 1 Replies View Related

Cisco Firewall :: Redirecting Traffic To Proxy From ASA 5505

May 20, 2011

I have ASA 5505 with base license. I like to install proxy server in my network.I configured below commands to forward my traffic to proxy server from my ASA.

If there is any configuration that i need to configure.And if possible send me the configuration guide to setup SQUID server. ( Actually it was set up by the 3rd party vendor)

View 1 Replies View Related

Cisco Firewall :: ASA 5505 / One Way Audio For Phones Using IP Proxy?

Jun 5, 2011

I've got an ASA 5505 running 8.2 configured for solely as an IP phone proxy, it is the default gateway for the cucm box and PRI router, its inside interface is directly attached to the same subnet as all internal phones as well. Calls can be placed from either end, but after call is established, proxy phones does not hear audio from internal or pstn phones. The proxy phone registers with cucm with the remote internal IP of the phone that obviously cannot be reached by corp network.
Debugging from pri router shows the rtp traffic destination is the internal ip address of the proxy phone, why is the phone registering with its internal IP rather than its Natted external IP that can be reachable by cucm and other phones?Proxy phone is a 7945, after it registers, I do not see it under sh phone-proxy secure-phones, or sh phone-proxy signaling-sessions while on a call.
ASA Proxy config
interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address!interface Vlan2nameif outsidesecurity-level 0ip address 65.x.x.24!boot system disk0:/asa823-k8.binftp mode passivedns server-group DefaultDNSdomain-name ----.comsame-security-traffic permit intra-interfaceaccess-list inside_access_in extended permit ip host anyaccess-list inside_access_in extended permit ip any host inside_access_in extended permit ip host anyaccess-list inside_access_in extended


View 10 Replies View Related

Cisco Firewall :: ASA 5505 - Redirecting Http And Https Traffic To Proxy Server

Aug 5, 2008

I have an ASA 5505 that I am using to connect my contractors to via an inside interface, the outside interface is my private LAN. I have setup on our corporate Proxy server to allow traffic from my outside interface of my  ASA to go to the internet without credentials BUT log internet activity. The question is I want to know if the ASA can send that http & https traffic to my proxy server and all other traffic to my default route? I want to be able to send all internet traffic to my proxy server. This will avoid me asking the contractors to place proxy credentials in their browsers.

View 6 Replies View Related

Cisco Firewall :: NAT In ASA 5505 Version 8.3

Mar 14, 2011

I need to fullfill the below configuration which is working fine on my actual D-Link Netdefend firewall.
We have a range of IP assign by our ISP : is the firewall IP and 134 the isp gateway.
We have 4 interfaces
- The local user interface: lan =
- The servers interface : dmz =
- The database interface : oracle=

View 7 Replies View Related

Cisco Firewall :: ASA 5505 Loss On Configuring Twice NAT

Mar 30, 2012

There seems to be a large number of the subject queries in one form or another.  Having acquired an asa 5505 and using 8.43 firmware and the ADSM gui for router configuration it has not been an easy transition from other products.   I have come to understand embedded NAT objects for basic port forwarding but am at a loss on configuring twice nat or manual nat, not really ever dealing with it before, or in this manner.  
What I would like to suggest to the experts, is to include far more ADSM web gui examples and discussion for manual nat.   The tools are all there - in the nat rules editing page,  the display of the rules pictorially and the packet flow at the bottom of the page (and finally thru packet tracing).   What is needed is more on the actual entries on the nat editing pages and the logic and explanation of those entries.   In this forum what I would like to see is when there are responses that they include both the CLI recommended entries b AND the associated adsm web gui pics.  With good documents for reading and examples in the forum, I think there should be much less confusion allowing more attention to some very complex scenarios. At the very least I and others like me will get better edumecated.  I am looking to understand CIsco packet routing through explanations of the web gui entries. In fact, I am learning far more by trying to understand the web gui vice simply copying and entering CLI commands.  In terms of documents, for example, there should be a very thorough explanation of the relationship between "Translated Addr:" in the first NAT editing page with "Destination Inteface" in the second Advanced page .I have added the packet tracing jpegs for further context.  There is an UNNAT lookup entry (first trace block, out of view on the pic) a concept which is missing in the documentation I've read that needs to be added but it is illuminating in how the router handles traffic.   What is also interesting is the fourth jpeg which also shows the flow designation of a packet and its handling internally (new packet or one that is associated with an existing packet (previously identified and put in an appropriate table xlate etc)).

View 2 Replies View Related

Cisco Firewall :: Best Practice For Configuring ASA 5505

Jun 6, 2011

I am planning on building the configuration on my ASA 5505, and then distribute that same configuration to several places on ASA5505's.

What is the best way to do this? Screen dumps of the ASDM. Copy the running-configuration from a text file into the ASA5505. TFTP the running-config.

View 2 Replies View Related

Cisco Firewall :: Which AnyConnect Version On 5505

Sep 23, 2012

What anyconnect version do I need on a 5505 so i can have people connect via iOS devices? Right now I have "anyconnect-macosx-i386-2.5.1025-k9.pkg" on there, will that work for iOS devices?

View 7 Replies View Related

Cisco Firewall :: ASA 5505 / Understanding NAT For Both Version 8.2 And 8.3

Mar 1, 2013

ASA 5505 Version 8.2 or older nat (inside) 1 (INTF4) 1 (INTF5) 1 (INTF6) 1 (INTF7) 1 (outside) 1 netmask (outside) 1 interface
I believe this setup does the following. The inside interface and interfaces 4,5,6,and 7 will translate using this line....

global (outside) 1 netmask

and if the addresses run out is will start using the ouside interface IP address to translate, so traffic is not disrupted and is based on the line of configuration.....

global (outside) 1 interface
My question, does it do this because of the order of the configuration..
global (outside) 1 netmask (outside) 1 interface
or would it do it that way even if it was like this?
global (outside) 1 interfaceglobal (outside) 1 netmask
and if so why?Now let's convert the above configuration to ASA 5505 Version 8.3 or newer.
object network OUTSIDE-NAT-POOLrange network INTERNAL-SEGMENTSsubnet (any,outside) dynamic OUTSIDE-NAT-POOL interface
My question is how does it know to use the outside interface as a backup when the OUTSIDE-NAT-POOL is depleted?Also why do I need to define the INTERNAL-SEGMENTS ? Doesn't the "any" in the (any,outside) take care of that?Also wouldn't the "any" in (any,outside) cover interface 3 or DMZ which could be an issue?

View 7 Replies View Related

Cisco Firewall :: 5505 Latest Version Of OS Available

Jun 20, 2012

I have a ASA5505 and currently running Version 7.2(4). I was wondering what the latest version of the software would available to me would be.
Here's a show ver
Cisco Adaptive Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)
Compiled on Sun 06-Apr-08 13:39 by builders
System image file is "disk0:/asa724-k8.bin"
Config file at boot was "startup-config"
Hardware:   ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

View 1 Replies View Related

Cisco Firewall :: Configuring ASA 5505 Firewall

Sep 21, 2012

I am configuring a Cisco ASA 5505 firewall.In the office there is 1 x SBS 2008 server and 5 x PCs, all sat behind a Netgear DGN1000 ADSL router.We want to implement a ASA 5505 for added security.I have configured the internal interface of the Cisco ASA 5505 to be - this is connected to local switch. The client PCs use as their default gateway.I have configured the external ASA 5505 interface to be x.x.x.217. [code]Change the current router status from Router/Firewall/Modem to Modem only (Bridge mode). The ASA 5505 has its outside interface connected into one of the LAN ports of the netgear. The lan port has an IP of

View 3 Replies View Related

Cisco Firewall :: Configuring VLANs In ASA 5505 Switch

Apr 19, 2011

I have 2 ASA 5505 firewalls and 1 cisco 3560 switch.
One ASA 5505 firewall and cisco 3560 switch located at SITE-A. Another ASA 5505 firewall located at SITE-B. 
Below is the my connectivity:
Site-A                                       IPSec VPN                                       Site-B
cisco 3560 <----------------------------> ASA 5505<------------------------------------------------------------------------------------> ASA 5505
I planned to create 5 vlans in my cisco 3560 switch. these 5 vlans needs to have internet and needs to access Site-B.
I will write on dafault route to firewall in my cisco 3560 switch. Is ASA 5505 supports this scenario??? If it is then how to configure ASA 5505 firewall.

View 4 Replies View Related

Cisco Firewall :: Configuring ASA 5505 With Base License

May 11, 2011

I have ASA 5505 with base licence. I configured NATing and VPN(site to site). All are working fine.My ASA is base license so i created 2 VLANS, one is inside and outside.Inside i am using serie IP addresses.Below are the new requirements that i need to configre:
1. First 30 IP addresses only needs internet directly.( Servers and Management)

2. If remaining IPs likes to use web then traffic needs to forward one proxy server( where he gives user authentiation)

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Version 8.2 (5) - Can't Access ASDM From VPN

Jan 20, 2013

I've have an ASA 5505 with a inside network vlan1 ( - i've configured an IPsec VPN profile and a VPN network of I can through my VPN tunnel access inside hosts on vlan1 - but not ASDM on the ASA ( Under management i've added the VPN network of to have access to ASDM, but still does not work.

View 1 Replies View Related

Cisco Firewall :: 5505 Configuring RDP Access To Local Server

Jun 10, 2012

I need configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.I have attempted to configure rdp access but it does not seem to be working for me. How to modify my current configuration to allow this? I need to allow the following IP addresses to have RDP access to my server: [code] The other server shows up as but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. My configuration file and what are the commands i need in order to put this through. Also, if there are any bad/conflicting entries. Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course.Also the bolded lines are the modifications I made but that arent working. [code]

View 8 Replies View Related

Cisco Firewall :: ASA 5505 / Create A Static Ip Address Under Version 8.4?

Mar 20, 2012

I just upgraded my firewall to ASA 5505. Now, my original static ip address cofiguration is gone. Apperantly, Cisco went away from static ip address to something like nat (inside,outside) dynamic interface. how to create a static ip address under version 8.4? By the way, I am sharing what my configuration used to look before upgrading.
hostname cisco-asa
domain-name default.domain.invalid
interface Vlan1
nameif inside
security-level 100


View 7 Replies View Related

Cisco Firewall :: Asa 5505 Showing Version Number As Null

Feb 15, 2010

Showing Your firewall has a version number null which is not supported by ASDM 6.2(5).  I received this error when trying to run asdm on my asa 5505.  I upgraded image and asdm trying different versions.  I used many different versions of java all to no avail. 

View 4 Replies View Related

Cisco Firewall :: Configure IPSec VPN Connection For ASA 5505 (Version 8.4)?

Nov 20, 2011

I am now going to configure IPSec VPN connection for Cisco ASA 5505 (Version 8.4)

View 3 Replies View Related

Cisco Firewall :: Unable To Allow Inbound ICMPv6 On ASA 5505 Version 9.1

Nov 22, 2012

I have upgraded an ASA 5505 to 9.0(1) as I would like to use ipv6 version of dhcprelay. That said, I am unable to obtain a global unicast address but the link-local address is able to communication with the ISP's gateway/DHCP provider which I hope will allow v6 dhcprelay provide internal clients with IP's from the ISP. Trouble is, unsolicated inbound ICMPv6 messages from the ISP's gateway are being dropped on the way into outside interface.
%ASA-3-313008: Denied IPv6-ICMP type=129, code=0 from fe80::201:5cff:fe3b:3c41 on interface outside
%ASA-3-313008: Denied IPv6-ICMP type=131, code=0 from fe80::201:5cff:fe3b:3c41 on interface outside
%ASA-3-313008: Denied IPv6-ICMP type=131, code=0 from fe80::201:5cff:fe3b:3c41 on interface outside

View 4 Replies View Related

Cisco Firewall :: ASA 5505 - Proxy Server Send Register To Hosted Server Private IP Changed

Aug 23, 2011

We have Cisco ASA 5505 with ASDM 5.2 We have one Proxy server in our Local Lab and pointed to Hosted service(Simple Signal)issue is, When our proxy server send register to hosted server, ASA change private IP and post with outside IP and src port as 1063 every time.

Here is debug log on real time monitoring.
Aug 24 2011    05:21:19    302015     Built outbound UDP connection 3774 for ( to inside: (
Aug 24 2011    05:21:19    607001         Pre- allocate SIP Via UDP secondary channel for inside: to from REGISTER message
Aug 24 2011    05:21:19    710005     UDP request discarded from to

Here is Our ASA Outside IP address is Hosted server IP address. My ASA config is attached.

View 2 Replies View Related

Cisco Application :: Configuring URL Redirect On ACE 30 Version A4 (1.0)?

Dec 18, 2011

I have a problem configuring URL redirect on ACE 30 (Version A4(1.0)).When a user enters IP address or a name of  a service [URL], the ACE module should redirect him to the page [URL]. Here is my non-working config:
access-list OUTSIDE line 8 extended permit tcp any any eq https access-list OUTSIDE line 16 extended permit tcp any any eq www access-list OUTSIDE line 24 extended permit icmp any any
probe http Test_HTTP_1  port 80  interval 60  passdetect interval 30  passdetect count 2  request method head url /index.html  expect status 200 200  open 1
rserver redirect URL_Redirect_01  webhost-redirection [URL] 302  inservicerserver host S1  ip address
inservicerserver host S2  ip address

it works, ACE load balances to rservers. Of course, user must enter full url.With redirection configured, user recieves HTTP url redirect message with correct address [URL], but his browser does not display the page. Even directly entered full url does not display it while redirection is configured.Alternatively, does ACE30 already support url rewrite?

View 8 Replies View Related

Cisco :: LMS Version 4.1 - Configuring Dashboards Based On Defined Roles?

May 14, 2012

I am trying to configure the dashboards for the pre-defined roles ie) Network Operator, Network Administrator, Helpdesk, etc but I cannot find the document to do this. I am running LMS version 4.1.

The goal is to create users and put them in one of these roles and then they would inherit these dashboards when they log on. Can this be done on LMS ? The doco that I am reading says that each user needs to configure their own dashboard or they can use the public dashboard as a starting point.

View 1 Replies View Related

Cisco Firewall :: Software Upgrade For ASA 5520 Version 7.0(1) To Version 8.4?

Apr 3, 2012

provide me with the important links which can show me how to do the software upgrade for my ASA 5520 ver 7.0(1) to ver 8.4 ? as well as the ASDM

View 10 Replies View Related

Cisco Firewall :: How To Upgrade ASA 5510 Version 8.0(4) To Version 8.3

May 10, 2011

i am using Cisco ASA 5510  with ASA Version 8.0(4) and memory 256MB. me to Upgrade it to 8.3

View 6 Replies View Related

Cisco VPN :: ASA 5505 / ACL Does Not Match Proxy IDs In Two Tunnels

Feb 1, 2011

I'm getting an "ACL does not match proxy IDs" error that I'm not able to troubleshoot, googled this with a lot of results, tried some; but nothing applied.I have setup 2 tunnels, 1/one from a pix 515e (office) to an ASA 5505 (hosted server) for my guys to access the hosted server2/A second one from the ASA 5505 to my client's firewall so that its equipments can reach the hosted server and from the hosted server reach the equipments.Both tunnels are working fine, my issue comes when I'm trying to join my clients equipments from my office, ie cascading the tunnels.
This is the first time I'm trying to cascade some tunnels, no issues with other vpns I have been building.I'm joining the configuration of the pix and the asa and an extract of the syslogs showing the error, any obvious error I haven't seen!

View 7 Replies View Related

Cisco AAA/Identity/Nac :: ASA 5505 Cut Through Proxy And Redirection After Login

Jun 17, 2012

I have successfully set up a 5505 as a cut-through proxy so that wireless users are required to log in when they open a browser to access the Internet.   Is there a way to take them to the original page they requested after the login is complete, rather than having it sit at the screen where it is says they are logged in?                  

View 1 Replies View Related

Cisco WAN :: Configuring WAN And LAN IP In ASA 5505?

Apr 8, 2012

configuring the Cisco ASA 5505 device to access my both WAN and LAN ip.  LAN ip i need to configure it for web servers to face the internet.

View 11 Replies View Related

Cisco WAN :: Exempting NAT On ASA 5505 Version 9.1(1)

Jan 23, 2013

I have been using ASDM on a "Cisco Adaptive Security Appliance Software Version 8.2(5)" for a long time and in order to route packets among the interfaces without NATting the packets, I have always been using the function "Add NAT Exempt Rule" under "Configuration -> Firewall -> NAT Rules". Everything has always been working fine.
Now I am trying to use ASDM on a "Cisco Adaptive Security Appliance Software Version 9.1(1)" and I cannot find how to do the same operation: the "Add NAT Exempt Rule" option is no longer available and the only way to make the traffic passing through seems to be NATting it on the OUTSIDE interface.
where I am mistaking? My goal is to let the traffic passing through from the inside interface to the outside interface without being translated.

View 10 Replies View Related

Cisco VPN :: Configuring ASA 5505 As Local CA Server

Feb 19, 2013

Im trying to configure remote access VPN on ASA5505. I configured it as local CA server, installed digital certificate on remote station and everything looks fine as far as i can see. I'm using cisco VPN client 5.0 on remote station. when i initiate VPN session it fails while trying to connect. Looks like im missing some configuration but i cannot figure out what it is. Currently i have firewall configured to use group authentication and everything works fine. I want to switch it to use certificate authentication, and if possible, confiure firewall to use main mode instead of aggressive mode for better security.

View 4 Replies View Related

Cisco :: Setting Transparent Proxy To A Proxy Running On A Client?

May 28, 2012

I would like to connect devices to my network so that their traffic passes through a proxy running on my computer. I figured the best way to do this is by setting the proxy on my router to the one I am running, but then I would need to have another connection to the computer running the proxy or else there would be an infinite loop ?? something like that. so:

Internet -> router (1) -> my proxy on comp A -> router (2) -> computer B

View 1 Replies View Related

Copyrights 2005-15, All rights reserved