I'd like to create dhcp server pool on ASA 5510. I was wondering how big is the DHCP scope that Cisco ASA 5510 can support? Are there any ASA models which can support up to subnet mask 22 for DHCP scope?
View 7 Replies
I was trying to set a DHCP pool with 127.16.0.0/16 with RV220W, however, RV220W UI can't save it. It displays "IP Address Range -"Step to reproduce: (it is 100% reproducible)
1. login into RV220W admin web
2. Create a VLAN, id 201
3. Go to "Multiple VLAN subnets", select the VLAN, click edit
4. Enter following info:
IP Address: 172.16.0.1
Subnet Mask: 255.255.0.0
DHCP Mode: DHCP Server
Domain Name: Cisco
Starting IP Address: 172.16.2.100
Ending IP Address: 172.16.10.254
Primary DNS Server: 172.16.0.1
Leave rest of settings with default value.
DNS proxy is enabled
5. Press Save button. The UI shows text "IP Address Range -".
Expected result: RV220W shall save the setting and make use of 172.16.0.0 subnet in IP pool. By the way, the error message "IP Address Range -" seems incompleteI tried same setting on netgear FVS318N (very similar settings to RV220W), it accepts 172.16.0.0/16 as DHCP IP pool and works.RV220W has great feature set meets my needs. Its UI is slow and sometime dashboard freezes, which I can live with comparing to features. But DHCP server IP pool can't be class B is huge limitation to me.
Can a layer 2 cisco 2950 switch be used as a dhcp server with it's own address pool.
View 3 Replies View RelatedI want to configure multiple DHCP configuration on ASA 5505. I tried to create sub interface for different IP Pool but it was not configure on ASA 5505. is it possible to create subinterface on ASA 5505?
ASA 5505 IOS version: 8.3(1)
License: Security Plus
I got a project where I have to provide NATTED addresses to cutomers for the internal servers and I found out that the outside address range /27 already in use. We are using 5510 with ver 8.1. We cant use PAT here.
View 1 Replies View RelatedI have a asa 5510 vpn client groups configured and connected to the internal network DHCP server stops giving network service dhcp and the network goes down.
View 6 Replies View RelatedCan we assign Secondary ISP-2 Pool IP to DMZ Server, network design attached for reference.
View 2 Replies View RelatedI need to be able to create vlans in my ASA 5510.
I can'T find anywhere to do this.
I've tried the "routers command" I know, like vlan databse and it does'nt work
Is there a way to "enable" vlan on a ASA 5510 ?
User want to create on 5 network , 100.x , 200.x , 210.x , 250.x , 220.x .at the ASA5510, no enough port for 5 network.So I want to create 4 vlans on eth 0/3. I can create vlan but i cannot run this command " switchport mode trunk" " "switchport trunk allowed vlan list" how can be done for that?
Actually i want to use like thisASA5510-----4 vlans on eth 0/3------switch----vlan200,vlan210,vlan250,vlan220.
May I know the reason why we cannot create interface vlan on Cisco ASA 5510?
View 2 Replies View RelatedSuccessfully creating a port-forward in ASA5510, ASA version 8.3(1) ASDM6.3(1)?I have spend hours now trying, but I'm still unsuccessful.What I want is a simple: "if this particular ip-adress hits the wan interface on this tcp-port redirect to this inside ip-address on this tcp-port.I have never had any trouble on any other firewall creating something like this, but the ASA is killing me.
View 10 Replies View RelatedI have recently upgraded my ASA 5510 to 8.3 code and honestly I am confused on the best and most efficient way to do many nat translations through it. I have a group of about 100 IP's that need http/https/and sqlnet allowed through for our web farm.
I have a text file with the real and translated IP addresses and in 8.2 I could simply modify it and dump the thing in and make the NAT rules and access-lists. Now with the new object based model I am having a hard time wrapping my brain around how to do this using as few lines of code as possible.
Do I have to create an network object for each and every IP i want to nat through?
ON ASA, I understand that we can assign a static IP for a specific VPN client, or we can use a DHCP pool to assign IP. Now if I want to create DHCP pools, say pool_A and pool_B, for user A, B and C they use the IP from Pool_A, and user D, E, and F they get the IP from pool_B. Is there a way to do this in ASA?
View 4 Replies View RelatedWe have the configuration below set up in a 3560 switch (addresses and names modified for privacy). We are running out of dynamic IP’s in the current pool (6.35.159.0 – 6.35.159.255). We have a new set of IP’s that we can use (6.44.56.0 – 6.44.57.255 – an additional 512 addresses). Although I can figure out the commands to add a new dhcp pool, secondary subnet, etc., I’ve never done this before so I’m not sure of everything I need to do. The end result I need is that the 3560 needs to be able to hand out IP addresses from the current and new pool to anything connecting to vlan 300 – our datanet where computers access the Internet. What I need to do as far as modifying the vlan, adding the secondary subnet, defining helper IP’s, gateways, whatever, so that computers connecting via vlan 300 have Internet access via either of the pools? I have been told that all I need to do is create the pool, but not sure if that is correct...
[code]....
I am trying to setup intervlan routing with a Cisco ASA 5510 and two 2960-S switches. The 5510 currently is using ASA Version 7.0(2) and has a base license. I tried to create a sub interface today based on some info I found regarding the routing piece and it didn't recognize the command. I'm thinking I may need to update the IOS code or the license on the firewall. I know the syntax was correct because I looked it up and found it in a Cisco document.
View 15 Replies View RelatedUnable to create VLAN interfaces in ASA 5510
View 1 Replies View Relatedwhy I am not able to receive an IP address on remote access VPN connection while I can get an IP address on local DHCP pool?I am trying to setup remote access VPN with ASA 5510. It works with local dhcp pool but doesn't seem to work when I tried using an existing DHCP server. It is being tested in an internal network as follows:
!
ASA Version 8.2(5)
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.6.0.12 255.255.254.0
[code]....
why I am not able to receive an IP address on remote access VPN connection while I can get an IP address on local DHCP pool?
I am trying to setup remote access VPN with ASA 5510. It works with local dhcp pool but doesn't seem to work when I tried using an existing DHCP server. It is being tested in an internal network as follows:
!
ASA Version 8.2(5)
!
interface Ethernet0/1
[Code]....
I am configuring IPSec Remote Access VPN on a ASA 5505. There are one external interface and one internal interface configured on the device. Internal interface connected to subnet 192.168.1.0/24.en VPN client get connected, I would like to assign the IP from some subnet(for example 192.168.2.0/24) other than the current internel subnet (192.168.1.0/24), but the VPN client can still access to 192.168.1.0/24. Is there a way to do this?
View 2 Replies View RelatedMy AP get IP from 6509, but client cannot get dhcp from my dhcp pool for client, what is the reason?i have 3750g switch with integrated WLC, i connect it to 6509 I did all configs yesterday here is outputs
WLC
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
ap-manager LAG 10 172.16.10.100 Static Yes No
globus LAG 20 172.16.20.254 Dynamic No No
management LAG 10 172.16.10.99 Static No No
service-port N/A N/A 0.0.0.0 Static No No
[code].....
Can you confirm that if I want to disable temporarily a dhcp pool on a 4500, I need just to shutdown the interface VLAN corresponding to a specific dhcp pool?
ip dhcp pool test
network 10.X.27.0 255.255.255.0
default-router 10.15.27.250
[Code].....
I'm trying via the ASDM to port forward http connections to a DVR for the purpose of viewing IP cams.I've tried via ASDM to create a public server but I'm not allowed to use my public IP address for the public Interface.I have only one public IP address available.Is there any way round this ? I would also like to know how I can enable NAT with PAT.I've tried setting the outside Interface for use with PAT but It keeps reverting to the setting for a range of external addresses.I'm not really used to the ASA cli yet , I'm getting there.If there's a workaround via the CLI , I'll take that route.
View 4 Replies View RelatedI'am using ASA 5510 and I try to understand how PAT is working.I want to add a Mail Server in the LAN and a webmail using port 3000 on the server. ( webmail must be reachable from the WAN)This is my Configuration :actually LAN users access internet using NAT with one global IP ( 194.x.x.69) which is the ASA WAN interface.
WAN ----- ISP Router ---------- FW ---------- LAN -------- Mail Server + Webmail
| (25) | (3000)
194.x.x.69 192.168.1.254 192.168.1.6
I need to forward port 3000 and port 25 from outside to inside.For example, from the WAN : [URL] must be redirect toward 192.168.1.6:3000 . What is the Correct Configuration ? And what about the Inside/Outside Traffic,Is there any configuration to add ?
I've got a Catalyst 3560G, and I want to reset the current index for a DHCP pool. I could remove the leases given for that pool, but I couldn't find this option.
View 3 Replies View Relatedcan i have 2 pools each with diifferent subnet [code] i wanna put restricution on remote vpn users having address from pool-2,and just give them access to 172.16.10.0/24,is it possible on the asa 5510?
View 7 Replies View RelatedMy VPN Cisco client connects to the ASA 5510 and everything looks good but when i try send traffic(RDP) severs connects and the logs shows a sync timeout. [code]
View 8 Replies View RelatedI got a project where I have to provide NATTED addresses to customers for the internal servers and I found out that the outside address range /27 already in use. We are using 5510 with ver 8.1. We cant use PAT here. Any other option to accomplish this task.
View 1 Replies View RelatedIs the following sysntax correct in removing a remote access vpn address pool and inserting a new one on an ASA5510?
(config)# NO ip local pool BWCVPN 192.168.200.1-192.168.200.128
(config)# ip local pool BWCVPN 192.168.300.1-192.168.300.128
(confif)# tunnel-group BWCVPN ciscovpn general-attributes
(config-general)# address-pool BWCVPN
3750 can not support multiple subnets in it's DHCP server pool config.
Is this an issue that can be fixed with a different iOS or is there a different Cisco switch that I can replace the 3750 with that will handle multiple subnets within an individual pool?
I am configuring DHCP pool for voice vlan on cisco 2921 router.
Here is the setup.
2921 router -> 3750 -> 2960 PoE -> 7942 IP Phone
Router Config
ip dhcp excluded-address 10.146.54.1 10.146.89.50
!
ip dhcp pool VoiceVlan
network 10.146.54.0 255.255.255.0
subnet prefix-length 24
dns-server 10.144.68.32 10.144.68.33
option 150 ip 10.146.68.36
default-router 10.146.54.1
netbios-name-server 10.144.68.32 10.144.68.33
netbios-node-type h-node
[code]....
I'm following a tutorial that 'dumbs down' the modem and lets me use the router for everything.
It asks me to set up a static LAN IP (10.x.x.x range) and edit the DHCP pool of the router. When I'm logged in to the routers admin, it doesn't seem I'm able to do any of this.
Earlier in the tutorial it also asked me to set up a static IP for the router, which I did I suppose.
I've added a screenshot of the admin panel, in case that's relevant.
Is it possible to set up DHCP server with reservations for specific IPs?
View 1 Replies View RelatedMy setup is as below
inside host--> ASA1--Outside interface- layer_ 2_Switch1--outside interface--> ASA2--inside interface-DHCP SERVER.
We want that inside host should get ip from subnet 192.168.10.0 /24. This ip pool is configured in DHCP server (ip 172.16.10.1) which is connected to ASA2. There is no routing issue as we are able to ping DHCP srever 172.16.10.1 from ASA1. to do config needed on ASA1 and ASA2 , so that host connected to ASA1 inside interface can get ip from DHCP srever. We have configured 192.168.10.1 /24 to ASA1 inside interface which will be gateway to inside host of ASA1.
