Cisco Firewall :: DNS Server Group On ASA 5510

Apr 5, 2011

I can not have "dns server-group" on my asa 5510, could you tell me how to get this command in my ASA 5510.

View 3 Replies


ADVERTISEMENT

Cisco AAA/Identity/Nac :: 5510 Assigning A User Group Using RSA Secure ID RADIUS Server

Feb 3, 2007

We have several ASA 5510 firewalls which are being used as VPN gateways.RSA SecurID is the authentication mechanism using native SDI connectivity. No ACS server is being used.Is it possible to assign user Group and other attributes (such as ACL), using the SecurID RADIUS server? I know this is what the Cisco ACS is for, but is it possible using the RSA RADIUS server itself?

View 11 Replies View Related

Cisco Firewall :: 5510 No Translation Group Found Error

May 31, 2011

I have a 5510 with just a inside and outside interface, everything works on the lan inc internet access and exchange hosting to the net, but I have another exchange server on the wan and I can't get to that because I'm not natting inbound traffic and the default route sends traffic elsewhere.
 
If I put a nat any statement on the inside interface inbound it works, however all LAN internet traffic fails with a  No translation group found error.I've removed the static nat commands as they are all named anyway, but below is what I have before I do a nat any inside inbound command global (outside) 1 interfaceglobal (inside) 2 interfacenat (inside) 0 access-list inside_nat0_outboundnat (inside) 1 0.0.0.0 0.0.0.0.

View 3 Replies View Related

Cisco Firewall :: ASA 5510 - Multiple Pools / Group Authentication?

Apr 8, 2011

can i have on asa 5510 multiple pools and multiple group authentication for various departments along with restricted access if any

View 3 Replies View Related

Cisco Firewall :: Object Group Network Limit With Asa 5510

Oct 29, 2012

We have Cisco ASA 5510, I am about to add another 2 Objectgroup network  groups on the firewall to our already growing list. Under this Object-group Network xxxx , we are planning to add about about 500 network-object host xxx.xxx.xxx.xxx . This objectgroup will then be applied to an ACL. Just wanted to know if thats possible - meaning addnig 500 hosts? If it is whats the limit?
 
Also are there any other things to keep in mind before i go-ahead with this huge object group?

View 3 Replies View Related

Cisco Firewall :: 5510 - No Translation Group Found For UDP Src Inside

Jan 10, 2013

I have seen many of these errors lately.  We have just moved to a new office and I have basically only assigned a new IP to the outside interface.
 
[code]....

View 6 Replies View Related

Cisco Firewall :: ASA 5510 - Authenticate Users Of Specific LDAP Group

Apr 19, 2010

I'm actually require authentication for users who are coming from the PublicVLAN (the vlan associated with the wireless hotspot) to authenticate themself to the LDAP server via my firewall ASA 5510

View 12 Replies View Related

Cisco Firewall :: ASA 5510 / Add A Mail Server In The LAN And A Webmail Using Port 3000 On The Server?

Jul 24, 2011

I'am using ASA 5510 and I try to understand how PAT is working.I want to add a Mail Server in the LAN and a webmail using port 3000 on the server. ( webmail must be reachable from the WAN)This is my Configuration :actually LAN users access internet using NAT with one global IP ( 194.x.x.69) which is the ASA WAN interface.

WAN ----- ISP Router ----------     FW     ---------- LAN -------- Mail Server + Webmail
|             (25) | (3000)
194.x.x.69    192.168.1.254                     192.168.1.6
 
I need to forward port 3000 and port 25 from outside to inside.For example, from the WAN : [URL] must be redirect toward 192.168.1.6:3000 . What is the Correct Configuration ? And what about the Inside/Outside Traffic,Is there any configuration to add ?

View 2 Replies View Related

Cisco Firewall :: ASA 5510 / Ip Service Object And Service Group

May 16, 2011

When I create a service object or group and add the object to a new rule it never works.I mean the traffic match not the rule. I see not hits.I placed the rule on top of my access list to check if I do somethink wrong but it is not working. When I place only a service for example tcp/23 it is working.
 
my ip service object
object-group service g-as400 description access client 2 as400 machine service-object tcp-udp destination eq 397 service-object tcp destination eq 137 service-object tcp destination eq 2001 service-object tcp destination eq 3000 service-object tcp destination eq 445 service-object tcp destination range 446 447 service-object tcp destination eq 449 service-object tcp destination eq 5010 service-object tcp destination eq 5544 service-object tcp destination eq 5555 service-object tcp destination range 8470 8476 service-object tcp destination eq 8480 service-object tcp destination eq

[code]...

View 8 Replies View Related

Cisco Firewall :: ASA 5510 - Accessing Web Server From Another One Within DMZ?

Nov 19, 2012

Is this possible and if so what commands do i need to configure on my ASA 5510 for it to work.I have two web server within my DMZ and i want to access the outside url of on on the web server from the other. Currently i can access the internet from both webserver server but not the url form either webservers.
 
E.g. config
 
webserver 1       https://xxxxxx.xxxxxxx.com ---> public ip---> dmz ip
webserver 2       https://xxxxxx.xxxxxxx.com ---> public ip---> dmz ip

View 2 Replies View Related

Cisco Firewall :: ASA 5510 - Cannot Access Web Server

Mar 23, 2013

I bought ASA 5510 about a week ago, very basic configuration and my priority was and still to get access list inbound the outside “Security Level 0 “so I can access my web server from the cloud but unfortunately I could not make it work (((TCP access denied by ACL from 92.40.X.X/52511 to outside:81.108.X.X/80))). ••à>> 92.40.X.X is a pc from the cloud that I used to access my web server and the 81.108.X.X is my public ip address My recent Conf is as follow:

Nat Section:
==================================================================================
Dynamic:
nat (inside,outside) source dynamic any interface <<<To have the PCs that inside the Network to have access to Internet>>>>

[Code].....

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Configuration For Authentication With ACS 5.X Server

Dec 30, 2012

when we are configuring ASA 5510 8.2(5) for Authenticating with ACS 5.X Server is not authentication fail error.

View 2 Replies View Related

Cisco Firewall :: ASA 5510 Server's NAT Address Not Changing

Nov 16, 2011

I added a new server and created a new static NAT assignment on the ASA 5510 to the server's IP.  When I browse to the web to check what public IP it's reporting, it shows the wrong IP.  I disabled the network interface on the server, ran "clear xslate", reenabled the network interface, ran "sho xlate" and while the correct translation was in the table, the server still reported the wrong IP address.I even ran a packet trace and it showed the IP address being correctly translated to the proper public IP, but when I browse to the web I get the same erroneous public IP. [code]

View 8 Replies View Related

Cisco Firewall :: ASA 5510 Server IAS First Authentication Failed

Jun 5, 2011

I have a little problem with my ASA 5510 version 8.2(1) with a IAS server RADIUS for strong authentication.
 
I have configured a double authentication for my client to access SSL portal:
 
First authentication: AD serverSecondary authentication: IAS for my token SAFENET ALADDIN The server IAS is declared on a W2K3 and it's standard.
 
The problem I have is that after more than 24hours of unutilization, when i try to log in, my authentication failed the first time and then the other tries work fine as long as I use it in a period of 24hours.
 
I first thought about the timeout so i tried to put a "timeout" of 15seconds for AD and IAS servers and a "retry intervall" of 3 seconds, it doesn't change much.
 
Is there a tool/option in the ASA to check connectivity with the radius every 1h for example.

View 4 Replies View Related

Cisco Firewall :: Backup ASA-5510 From A Server Via TFTP?

May 29, 2012

ow to backup Cisco ASA-5510 from a Linux server via TFTP?I do know how to backup a switch or a router. Basically creating an access list such as:
 
access-list 55 remark PERMIT hosts requesting TFTP access
access-list 55 permit host 172.16.0.27
 
and allowing access to
 
tftp-server nvram:startup-config 55
 
all this inside the router or the switch. From the Linux box just running a simple command such as:
 
tftp 172.16.0.3 -c get startup-config newbackup.conf
 
where 172.16.0.3 is the IP address of the switch and newbackup.conf is the name of the config file stored on the Linux machine.So, how do I do that with an ASA box? how to backup ASA from inside it.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Can't Access Server On Different Subnet

Sep 7, 2011

First off, let me preface this by saying that I'm a novice when it comes to firewalls and more specifically, the ASA.  I do however, have an above average understanding of switches/routers.
 
We have an ASA 5510 running 8.3 and recently I've decided to clean up the last admin's mess.  All hosts and servers are on the same subnet, multiple subnets on the same VLAN... and a slew of other problems.  Anyway, I recently placed the IT department on another subnet to test some things out before I migrated other departments to different networks.  Everything seems to be working as it should be with the exception of one of our servers.  The IT subnet is 192.168.150.0/24 and the problem server is on the 192.168.10.xxx network.  I'm guessing the issue lies somewhere in the fact this server does have a static NAT and is accessible from the public.  Let me give you an overview of what our network looks like:
 
ISP ---->ASA----->3750----->2960
 
My workstation is directly plugged into the 3750 switch, and the server is plugged into the 2960.  I'm able to ping this server by both IP and hostname.  However, I cannot access port 80 by IP or hostname.  The users that are on the 192.168.10 and 192.168.11 (sadly both of those are on the same VLAN) network are able to access this server without a problem.  Thinking logically, I thought I would send a packet from my workstation, it would head to the layer 3 switch's VLAN interface corresponding to my subnet, realize the .10 network is directly connected and then forward the packet straight to the server.  However, it doesn't seem to be working that way.  It look like it's being routed to the ASA then being dropped.  I guess there's an access rule or firewall rule preventing me from getting to the server.  Is there a specific part of my config you will need to see...

View 15 Replies View Related

Cisco Firewall :: 5510 Client Need Small Server With VPN

Feb 26, 2011

We have cisco 5510 and on our floor we have client who we provide internet connection.  One of our client has small server and 2 computers and they want setup vpn connection so they can access their server from outside.  We have only one static public ip for firewall and exchange.  We don't want provide another public static ip to the our client so they can setup the vpn.  Is their any other way to setup vpn for them? can they the use our 1 public ip for vpn?

View 11 Replies View Related

Cisco Firewall :: ASA 5510 Email And Terminal Server Going Out

Mar 5, 2011

I am having two issues:
 
1. my email going out is working along with internal, but inbound email is not working. My barracuda email filter is 192.168.1.107 and my exchange 2007 is 192.168.1.222 along with this OWA does not work.
 
2. Terminal Services does not work when I try from the home pc in I get server not available or disconnected

Below is my congig

ASA Version 8.3(1)!hostname wsigatewaydomain-name wsystems.comenable password yVSkMxWRc/S396FB encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0 nameif outside security-level 0 ip address 64.XXX.XXX.XXX 255.XXX.XXX.XXXinterface Ethernet0/1 nameif inside security-level 100 ip address 192.168.1.1 255.255.0.0!interface Ethernet0/2 shutdown no nameif no security-level no ip address!interface Ethernet0/3 [Code]....

View 2 Replies View Related

Cisco Firewall :: 5510 8.3 (1) Static Nat For Web Servers And FTP Server As Well

Sep 13, 2011

I got the charge of a ASA 5510 running with 8.3(1) version.Found that this is simple config with Patting for inside host and couple of Static Nat for web servers and FTP server as well.
 
There is lots of other configuration being done,I assume for the purpose of just R&D by the previous administrator.I need to understand if the following Nat statements holding any relevance?
 
Where we are running Only  NETWORK_OBJ_192.168.0.0/23 subnet at inside and there is no other subnet defined in rest of the statements.i.e 10.0.0.0/27 and 192.168.1.128/27 doesn't exist at all.

View 1 Replies View Related

Cisco Firewall :: Teardown TCP Connections With Kaseya Server (ASA 5510)

Sep 12, 2011

normaly the agents has a persistent connection with the kaseya server (monitoring server),The connection  re-established afther the next check-in of the agent, instead of a persistent connection. Now we need to wait to the next check-in before we can connect to the agent. This is a big performance issue, the check-in time of the agents are 3 minutes.I see a lot of the following messages in de syslog:
 
6Sep 12 201120:27:48302013customer site527985721Built inbound TCP connection 5418112 for outside:(customer site)/52798 (customer site/52798) to inside:kaseya server/5721 (outsideIP/5721) 
6Sep 12 201120:29:09302014customer site527985721Teardown TCP connection 5418112 for outside:(customer site)/52798 to inside:kaseya server/5721 duration 0:01:21 bytes 45 TCP FINs 
  
I create a normal static nat rule from the kaseya server to a public ip address, and i define the protocols in de secutiry policy.ICMP has been allowed.cisco asa details:System image file is "disk0:/asa824-k8.bin" This platform has an ASA 5510 Security Plus license.It's look like a connection time-out between the agents and our cisco asa.

View 8 Replies View Related

Cisco Firewall :: ASA 5510 / SNMP Server To Receive Trap?

Apr 9, 2011

How to prepare my network for snmp,currently i don't have SNMP configured with community,so what is the requirement for that?what server i need to configure in order  to receive SNMP traps coz last time i had issue ,one of my tunnels (terminated on asa 5510) goes down for 2 hours and i didn't realized that

View 7 Replies View Related

Cisco Firewall :: Create Dhcp Server Pool On ASA 5510

Jul 16, 2012

I'd like to create dhcp server pool on ASA 5510. I was wondering how big is the DHCP scope that Cisco ASA 5510 can support? Are there any ASA models which can support up to subnet mask 22 for DHCP scope?

View 7 Replies View Related

Cisco Firewall :: ASA 5510 - Enable External Access To Server On DMZ

Apr 5, 2011

i'' ve one appliance ASA 5510, v8.X and asdm 6X here u have my configuration :
 
interface Ethernet0/0 description Link To WAN nameif outside security-level 0 ip address 212.96.23.186 255.255.255.252!interface Ethernet0/1 description Link to LAN(forefront) nameif inside security-level 100 ip address 10.20.80.1 255.255.255.252!interface Ethernet0/2 description Link to CoreSW (DMZ) nameif DMZ security-level 50 ip address 10.70.70.254 255.255.255.0
  
i have on server ssh (10.70.70.10) on my DMZ .
 
I wan to enable my external user, i mean outside user to be able to access to this server which is in my DMZ for this port ( ssh)

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Connect From Inside To Web Server On DMZ With Public IP

Sep 11, 2012

I hava ASA5510. INSIDE,DMZ and OUTSIDE interfaces are configured. I hava web server on DMZ ip:10.0.0.1 and it is static natted to 1.1.1.1. From internet i can reach to web server with IP:1.1.1.1 and from INSIDE connect to web server with IP:10.0.0.1. Now i want to connect from INSIDE to WEB server via public IP(1.1.1.1).how can configure it?

View 2 Replies View Related

Cisco Firewall :: ASA 5510 - Connecting To External IP Of Internal Server

Sep 25, 2012

I was just wondering if it's possible with an ASA 5510 to connect to the external IP address of an internal server from inside the network.  I have already set up dns doctoring for dns lookups, and everything is working fine there.  We have an application inside the network that tries to connect straight to the external Ip of another internal server.  where to look in the ASDM 6.4?

View 2 Replies View Related

Cisco Firewall :: 5510 - How To Allow Access From LAN To Server Using External FQDN

Feb 20, 2012

I may have phrased the topic not too clearly, but I have an external domain name of mail.company.com , I want my users INSIDE the company be able to also get to url..., currently they cannot (nothing loads, looks to me as if firewall simply drops it) and I'm drawing a blank on how to get this done. Externally this works fine so if you're outside the company you can load up OWA just fine since my NAT rule translates the external IP to internal IP, but something is blocking this from the inside.
 
I have an ASA 5510. If you can just sent me on the right path with theory I'll figure it out on my own, I don't need exact steps, but I must be thinking of this wrong as I'm not getting anywhere.

View 10 Replies View Related

Cisco Firewall :: File Transfer Using Secure Copy Server On ASA 5510?

Nov 13, 2008

I have SSH and SCP enabled on the ASA 5510.  I can SSH fine into the device. However, I cannot copy files to the device usng WinSCP.  Used all options but nothign seems to work.  I see the log authentication successful, but then WinSCP reports no response from ASA.

View 5 Replies View Related

Cisco Firewall :: 3750 / ASA 5510 - Allow Access To Server On Inside Interface From DMZ?

Feb 28, 2013

My internal network consists of Catalyst 3750 switches segmented into different VLANs.  There is a default route on the layer 3 Catalyst switch sending all unknown traffice to the inside Internet of the ASA 5510.  However, I'd like to have a separate VLAN for wifi guest access and send all of that traffic through one of the DMZ interfaces on the ASA 5510.  I don't think you can have separate default routes based on VLANs on the 3750 switches so my only option is to make the ip address of the DMZ port the default gateway for all hosts on the wifi guest VLAN. 
 
The problem I have is that I have a couple servers behind the inside interface that have services available to the public Internet via a NAT address on the outside interface.  I want the guests on the wifi VLAN to have the ability to access the servers on the inside interface using the public address as well, but have not been able to come up with a solution yet. 
 
Here is my config that pertains to this setup:
 
interface Ethernet0/0description Outside Interfacenameif Outsidesecurity-level 0ip address 76.47.10.x 255.255.255.224 rip send version 1rip receive version 1!interface Ethernet0/1description Inside Interfacenameif Insidesecurity-level 100ip address 192.168.17.1 255.255.255.0 rip send version 1rip receive version 1!interface Ethernet0/3description Wifi Guest Accessnameif DMZ2security-level 50ip address 192.168.60.1 255.255.255.0
 
global (Outside) 1 interface
nat (Inside) 0 access-list nonat
nat (Inside) 1 0.0.0.0 0.0.0.0
nat (DMZ2) 1 0.0.0.0 0.0.0.0
static (Inside,Outside) 76.47.10.x 192.168.17.88 netmask 255.255.255.255
 
I've tried the following commands below but no dice. 

same-security-traffic permit intra-interface
static (inside, inside) 76.47.10.x 192.168.17.88 netmask 255.255.255.255

View 3 Replies View Related

Cisco Firewall :: Configure ASA 5510 For Individual Server Traffic Routing

Jan 27, 2013

I am wondering if this is possible. We have multiple internet connections with fixed IP's coming into the office. We'd like to use one for FTP backup and another to service our websites. From what i have read a 5510 doesn't do policy based routing, but we'd like to configure our ftp server to use one of the internet pipes and our webserver to use another internet pipe. Is that possible?
 
We'd have two outside fixed IP interfaces and two internal interfaces. I could then use one of the internal interfaces for the web server and the other for the FTP server. consequently if the internal web server and FTP server use the fixed IP"s corresponding DNS server wouldn't that effectively route all FTP traffic out one interface and all web traffic out the other?
 
Then the FTP traffic would be NAT'ed to an internal interface and the HTTP & HTTPS traffic would be NAT'ed to a separate internal interface.
 
Then if each of the internal servers used the corresponding internal NIC on the ASA as it's gateway and the fixed IP's that correspond to the external DNS server, then it would affectively only use that gatway out for traffic? Would that work? Does it should route traffic out those pipes correct? Will the asa support two different next hop routers for the two different interfaces?

View 2 Replies View Related

Cisco Firewall :: Securely Access Exchange Server 2007 Through ASA 5510?

Dec 27, 2011

Is there any way to access a MS Exchange Server 2007 on Windows server 2008 through an ASA 5510 running 8.4 with a full MS Outlook client (not using OWA - web browser)?  OWA is currently working fine but I was wondering if access via the full Outlook client is possible and more importantly...is it opening up too many ports on my 5510? 

View 1 Replies View Related

Cisco Firewall :: 5510 Single Outside Public / Can PAT Out And NAT SMTP Server Back

Jul 30, 2012

I have an ASA 5510, one public IP address on my outside interface, an internal email server and a private network.I would like...

1: Users on my private network to be able to access the internet (PAT them to external outside address)
2: Email to be delivered to my MX (my single public IP address translated back to my internal email server.
 
i.e. can I share my single public IP address to serve translation in both directions (private users surfing the Internet (in-to-out) and an outside to inside NAT for email) ?
 
Email (MX) = 1.2.3.4
Public (outside) address = 1.2.3.4
Email server internal = 10.1.2.3
Internal private subnet for users = 10.0.0.0/8

View 1 Replies View Related

Cisco VPN :: 5510 - Authenticate One User In Only 1 Group?

Oct 20, 2011

I have two tunnel groups using WEBVPN , I have local users at ASA 5510 version 7.2.

How can I authenticate one user in only one group?Now with local users I can loggin in both tunnel groups

View 1 Replies View Related

Cisco VPN :: Specific Tunnel-group With User On ASA 5510?

May 13, 2011

I would like to ask some question about VPN clinet and SSL VPN, on my ASA 5510 i have many tunnel-group it have around 5 tunnel-group and i have one SSL VPN,i also have user 20 user. let me show you that:
 
1- tunnel-group Staff-VPN remote-access
2- tunnel-group Manager-VPN remote-access
3- tunnel-group normalstaff-VPN remote-access
4- tunnel-group guest-VPN remote-access
5- tunnel-group other-VPN remote-access
and tunnel-group sslgroup type remote-access
 
and i have user around 20 user and i want to specific user to tunnel-groups like this
 
1- tunnel-group Staff-VPN remote-access
username AAA password AAA
username AAA01 password AA01
 
2- tunnel-group Manager-VPN remote-access
username BBB password BBB
username BBB01 password BBB01
 
3- tunnel-group normalstaff-VPN remote-access
username CCC password CCC
username CCC01 password CCC01
 
5- tunnel-group other-VPN remote-access
username DDD password DDD
username DDD01  password DDD01
 
So, How can i manag tunel-groups with user?

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved