Cisco Firewall :: Configuring A5505 Setup Public Server And DMZ
Oct 8, 2012
Setup:
LAN (192.168.1.X, with .3 as gateway)
DMZ (192.168.2.X with .1 as gateway)
WAN (X.X.X.146 as primary public IP, .145 as gateway and .147-150 as additional public IPs)
I want to set it up so that X.146 is where all my outbound traffic appears to originate.I want tcp HTTPS and SMTP to be allowed from the WAN (via the X.147 IP) to a specific server (192.168.1.11) on the LAN.Also, HTTP traffic to X.148, X.149 and X.150 should go to DMZ and 192.168.2.8, 192.168.2.15 and 192.168.2.18 respectively, but I haven't added that to my config yet. Looking to get the HTTPS and SMTP ones working first, then I'll fix the others (one step at a time)I've got contact with the outside world when I've configured it using the ASDMs "Public Server" interface, but it refuses to properly establish the connection, I get a "SYN timeout".
My config:
: Saved
:
ASA Version 8.2(5)
!
hostname kcisco
enable password X encrypted
passwd X encrypted
names
[code]....
View 7 Replies
ADVERTISEMENT
Mar 16, 2011
we have hosted voip and would like have our internet as back for their router. We gave them public static ip so they can configure that in their router. How can i configure the ip address in our firewall let say on asa5510 ethernet port 3 so if their router T1 goes out then our internet will work as backup.
View 4 Replies
View Related
May 10, 2012
getting my additional IP addresses working on my ASA 5510. I have a /29 allocation and outbound access and inbound access to my internal www server is working fine through the default outside interface. However, I now need to setup a second IP address that maps internally to a different web server. When I setup a new network object with automatic NAT translation to the new IP address, it does not work. If I setup the same scenario using the outside interface, it works fine. What is the proper way to setup additional IP address on my ASA v8.4?
View 10 Replies
View Related
May 15, 2013
Could I get a validation that this config is correct in that it allows inbound access to the web server and that I should be able to ping it from my inside interface.
I tried to use the example code from Cisco DocID: 115904 for DMZ WebServer, but I found the object NAT parts did not work with my 8.6 IOS so I modified them as shown in my config.Example from 115904 doc.
!!!!
object network WebServerPublic
host 24.25.26.80
object network WebServerPrivate
host 192.168.1.80
nat(dmz,outside) static WebServerPublic service tcp www www ---> this does not code
!!!!
With the below code I do not get a ping reply sourcing from a 10.1.0.X host to 192.168.1.80 web server.And I cannot browse in from the outside to it either.I do see the MAC for 192.168.1.80 in the ASA's arp cache for the dmz interface.The web server is on a VMware ESX environment and I'm not sure it is set up correctly.
!
ASA Version 8.6(1)2
!
hostname A5515
!
interface GigabitEthernet0/0
[code]....
View 4 Replies
View Related
May 23, 2013
i can't get it working to expose on internal server to an outside interface.I used the public server function in ASDM.Internet access works if i nat my private adress to one of the available ipadresses provided by our isp.
Internal Server : owncloud 172.10.0.4
External Server : ext181 46.245.171.181
I can't see the error in the configuration,
: Saved
:
ASA Version 9.1(1)
!
hostname rhedetest
domain-name xxxxx.de
enable password 59t92OvRofWL9yf3 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
[code]....
View 10 Replies
View Related
Sep 11, 2012
I hava ASA5510. INSIDE,DMZ and OUTSIDE interfaces are configured. I hava web server on DMZ ip:10.0.0.1 and it is static natted to 1.1.1.1. From internet i can reach to web server with IP:1.1.1.1 and from INSIDE connect to web server with IP:10.0.0.1. Now i want to connect from INSIDE to WEB server via public IP(1.1.1.1).how can configure it?
View 2 Replies
View Related
Apr 19, 2012
I'm trying via the ASDM to port forward http connections to a DVR for the purpose of viewing IP cams.I've tried via ASDM to create a public server but I'm not allowed to use my public IP address for the public Interface.I have only one public IP address available.Is there any way round this ? I would also like to know how I can enable NAT with PAT.I've tried setting the outside Interface for use with PAT but It keeps reverting to the setting for a range of external addresses.I'm not really used to the ASA cli yet , I'm getting there.If there's a workaround via the CLI , I'll take that route.
View 4 Replies
View Related
Jul 30, 2012
I have an ASA 5510, one public IP address on my outside interface, an internal email server and a private network.I would like...
1: Users on my private network to be able to access the internet (PAT them to external outside address)
2: Email to be delivered to my MX (my single public IP address translated back to my internal email server.
i.e. can I share my single public IP address to serve translation in both directions (private users surfing the Internet (in-to-out) and an outside to inside NAT for email) ?
Email (MX) = 1.2.3.4
Public (outside) address = 1.2.3.4
Email server internal = 10.1.2.3
Internal private subnet for users = 10.0.0.0/8
View 1 Replies
View Related
Jul 9, 2012
I want to configure ad agent on windows server 2008 R2 SP1 with all need patch installed.When i try to connect to DC with adacfg dc list, status is UP. Log ADOBserver's don't show any errors. But when try to do command "adacfg cache list", result - empty. In what may be the problem? Perhaps it is related to the language of the OS?
View 4 Replies
View Related
Jun 10, 2012
I need configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.I have attempted to configure rdp access but it does not seem to be working for me. How to modify my current configuration to allow this? I need to allow the following IP addresses to have RDP access to my server: [code] The other server shows up as 99.89.69.334 but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. My configuration file and what are the commands i need in order to put this through. Also, if there are any bad/conflicting entries. Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course.Also the bolded lines are the modifications I made but that arent working. [code]
View 8 Replies
View Related
Jan 20, 2012
I've replaced my dead ASA5505 with a 861-K9.Our ISP provides a subnet of public address /29 (wan side) by example: 200.200.200.xxx /29,we have 3 servers (lan side) in the example 10.1.1.xxx /24 is the same case than Johnatan, the only difference are the public addresses. [URL], everything is ok when NAT via the FE4 public address, but when do the same with other public IPs doesn't work.
View 7 Replies
View Related
Jun 23, 2011
We will acquire a DSL connection with 5 static public address. How can I use the 5 static public address using a linksys router. Is it depends with linksys router model?
View 2 Replies
View Related
Jul 10, 2011
i have an ASA 5520 8.4(1) setup as follows
public wan
|
|
ASA-- public dmz
|
|
private lan
i need to allow https traffic to a server in the DMZ that will have a routable IP address will just an ACL suffice ?which interface do i apply it to ? wan or dmz ?i dont need a NAT since the DMZ is a routable space?
View 6 Replies
View Related
May 9, 2011
I need to setup a syslog server for PIX w/ 6.2 and was hoping to get detailed instruction how to go about it. I would like exact syntax w/ an example on the pix and any configuration on the computer that will be receiving the log info. I have downloaded tftpd32 onto computer
View 1 Replies
View Related
Oct 25, 2012
I'm having trouble setting up the correct rules on an ASA 5505 I'm using in my home office. I have a couple of IP Cams I need to access remotely.
I've tried setting up simple NAT(PAT) and/or Access Rules, but it hasn't worked. I have a single dynamic IP for the Outside interface. Call it 77.76.88.10 and I am using PAT. The CAM is setup to connect on port 80, but could be configured if necessary. I've tried setting up NAT Rules using ASDM as follows:
Match Criteria: Original Packet
Source Intf = outside
Dest Intf = inside
[Code]....
I'm afraid to use CLI only because I am not confident I'll know how to remove changes if I make a mistake.
View 9 Replies
View Related
Sep 9, 2012
I have assigned a task to configure a vpn between windows 2008 server and cisco asa 5505, what kind of vpn should i go with as the windows 2008 server r2 is on cloud and is it possible to configure site-to-site vpn for this network senario or not.. i have try ikev1/ipsec remote access vpn with l2tp with (CHAP, MS-CHAP v2) and couldn't find any document which will allow me to configure windows 2008 server to behave a client and connect it to asa, well what i did is that i configured a dail-up connnect with l2tp and found the following debug message
Sep 09 20:04:02 [IKEv1 DEBUG]IP = 172.16.32.5, Oakley proposal is acceptable
Sep 09 20:04:02 [IKEv1 DEBUG]IP = 172.16.32.5, IKE SA Proposal # 1, Transform # 1 acceptable Matches global IKE entry # 1
[Code].....
View 1 Replies
View Related
Apr 30, 2011
I'm trying to setup my DMZ so all my servers will have public IPs assigned to them. I'm currently trying to use two interfaces on each server, one with a private IP and then one with a public IP. All my internal traffic will go over the private interfaces...this is working. However, I'm having a problem trying to get it so the public interfaces work. Ultimately, these will be VM Hosts and have VM guests on them, each guest will have it's own public IP.
View 14 Replies
View Related
Jan 22, 2013
I am trying to set up Public wifi on my three AP1142AG WAPs. They are configured for WDS and VLAN 1 is our corporate network. VLAN 2 is the public network. All this works just fine.What I need to do is make the Public WiFi available without a password. But, the client (a City) is adamant.)Failing a NO PASSWORD scenario is there a way to make the password short (3 or 4 characters at most).
View 17 Replies
View Related
Apr 7, 2011
At my company, we lease 3 static public IP addresses from 1 ISP. We want to have 3 separate networks that each use one of the IP addresses. Network 1 is the computer network, network 2 is the VOIP network, and network 3 is the security camera network. I am trying to determine the best way to do this. I have come up with 2 solutions in my head, but I'm not sure if they will work or not. I would like to get some input. Solution 1:Solution 1 looks something like this. Fiber box -> Router-> 3 switches. There would be one WAN input on the router, that would have a static route to 3 different LAN ports. For example, address 24.244.208.101 would be assigned to LAN port 1, 24.244.208.102 would be assigned to LAN port 2, and 24.244.208.103 would be assigned to LAN port 3 (by assigned, I mean have a static route to it). Is there some type of router that is capable of doing this? Solution 2:Solution 2 looks something like this. Fiber box -> Switch -> 3 Routers. The ethernet cable would run from the Fiber Box to a switch, and then 3 routers would be plugged into the switch. Each router would have the Static information configured in them. Would both of these methods work? If so, which would be the best way to go?
View 2 Replies
View Related
Dec 28, 2012
I would like to set up a free wireless network in our local church hall for the local teenagers to use on the way home from school.We have an ADSL router and an office computer that we would need to keep secure.Obviously we'll need a wireless hub, but keeping the public wireless separate from the Ethernet connected PC is essential.
View 7 Replies
View Related
Nov 9, 2012
I got 1 public IP for router and 16 Public IP's for NAT from ISP. Both router IP in one range and the NAT IP's are in different range. I want to use 1 NAT public IP for one of my windows server.Am using cisco 1841 router, in which I ve configured the public IP provided by the ISP for router.
View 10 Replies
View Related
Aug 9, 2011
I have a Netgear ProSafe VPN Firewall FVX538. But I also have 10 Public IP Addresses that I will like to setup for three web services. So how do I set this up. With multiple routers. Or can my Netgear FVX538 take multiple Public IP Addresses to the same ports. If not how can setup multiple routers. one being the main one.
View 1 Replies
View Related
Jan 17, 2012
we need to implement a scalable solution where we can provide for each customer it's own public IP so that they can access some content restricted by IP range.the solution consists of a proxy software that will "listen" to multiple IP's, then reroute the HTTP requests and rewrite the URL's to a different format.Anyways, we came to the conclusion that what we need is the following:
- broadband line with a pool of 8 IP's
- a router that can support multiple IP's
- a server
what kind of router or device is required for this kind of configuration. basically the network diagram will be like this:
Internet ----> broadband -------> cable modem ------ > multiple static IP router -------> server NIC
we should be able to add the same above combination once we run out of IP's, another broadband line, another device and server ...
View 3 Replies
View Related
Feb 16, 2012
I have a virtual FreeNAS server running from VMPlayer and I want to allow my friends to connect to my media server from their houses, but I don't want to buy a domain. Is there a way to port them to it when they connect to my Public IP? I am willing to use another program if necessary. I have looked at Filezilla, but have the same issue.
View 4 Replies
View Related
Jul 5, 2011
The router is 2821 and is setup to perform static NAT from one internal ip address mapping to one external ip address for each of our servers (inside the LAN): [code] Servers all have internal ip addresses and each of them represented to the outside world by their public ip address with above command on the router. Here is the problem.When I'm in a server (for example 192.168.0.210) and try to access other servers by their public ip addresses (i..e. *.*.*.211) the connection fails. However, When i try to access the same server by it's private IP address (i.e. 192.168.0.211) it works!
My issue is i don't want to modify windows host file for a manual mapping (for example mail.mydomian.com goes to 192.168.0.211 rather than *.*.*.211) because we host many domains and just doesn't make sense to do it one by one.So we must be able to access our servers by their public IP addresses in order for us our applications works correctly.
View 10 Replies
View Related
Jan 13, 2011
I have a new (linksys/cisco) RV082 Router that I have just set up and everything is working except that I can't configure it to allow public access to our web server. I have tried configuring port forwarding under the Forwarding and UPnP menus and still no access from the outside. I have tried accessing it from the outside using both the URL and the IP address and still no access. I have checked with my ISP and no ports are being blocked from their end. I can ping my public static IP from the outside with no problem. The documentation that I've found for this router refers to a menu that is different from the menu of this router and refers to an Applications & Gaming menu which isn't there, but it seems like the port forwarding should handle this.
I have a static public IP, a static internal IP for the server. I have set the port forwarding and UpNP to point to the IP of the server using port 80 and a secondary forward to port 8080. There are no issues accessing the website from within the LAN.
View 2 Replies
View Related
Feb 20, 2012
i have a windows 2003 server using it as a proxy server with 2 nics. 192.xxx.xxx.xxx to the LAN and 172.xxx.xxx.xxx to the internet router. although I can browse on the LAN, i cannot ping any public ip. because of that i cannot use my outlook to get my mail.
View 1 Replies
View Related
Dec 14, 2011
Is there a simple way to have a web server have both a static public ip (I have a block of static IP's) and an static private ip (ex 192.168.0.60)? I am running a web project management application....
View 4 Replies
View Related
Jan 25, 2012
Does anyone have or know of a tried and true method of configuring a Windows Server 2008 box to provide authentication/accounting services for Cisco devices. I've read a few websites already and a lot of them seem to be geared toward VPN and some of the settings each site goes through are different.I've got NPS installed and a RADIUS client configured with the shared key. Right now I'm in the process of creating the Network Policy which only allows a Windows "admin" group to log in. Curious about the "Constraints" section where the NAS Port Type is selected and the "Settings" section where the service-type and vendor specific options are configured.
View 18 Replies
View Related
Nov 21, 2012
New to the ASA 5505 8.4 software version, but here is what I'm trying to do:
-Single static public IP: 16.2.3.4
-Need to PAT several ports to three separate servers behind firewall
-One server houses email, pptp server, ftp server and web services: 10.1.20.91
-One server houses drac management (port 445): 10.1.20.92
-One server is the IP phone server using a range of ports: 10.1.20.156
Basically, need to PAT the ports associated with each server to the respective servers behind the ASA 5505. Is anything missing from this config? Do I need to include a global policy for PPTP and SMTP? [code]
View 11 Replies
View Related
May 24, 2012
I'm having some trouble with my P660RU-T1 configuration. I have recently set up a linux SFTP server at my home and am trying to access it via my public ip (eg 1.1.1.1), the problem is this public IP goes to the router which doesnt pass on the requests to the server.Last summer when i first messed around with this i had no problems with using the public ip to access the server, its only recently.
View 1 Replies
View Related
Sep 18, 2011
I am following instructions I found to set up my wirelss network, but am having trouble configuring my router. I'm specifically at a standstill, because I can't connect to http://192.168.1.1. I pinged the router and got a response and went to run/ip config to confirm I have the right URL for the router, but still not able to get to the URL.
View 1 Replies
View Related
Feb 19, 2013
Im trying to configure remote access VPN on ASA5505. I configured it as local CA server, installed digital certificate on remote station and everything looks fine as far as i can see. I'm using cisco VPN client 5.0 on remote station. when i initiate VPN session it fails while trying to connect. Looks like im missing some configuration but i cannot figure out what it is. Currently i have firewall configured to use group authentication and everything works fine. I want to switch it to use certificate authentication, and if possible, confiure firewall to use main mode instead of aggressive mode for better security.
View 4 Replies
View Related
