Cisco Firewall :: Does ASA 5520 Support Dual Network Drops

Oct 9, 2011

We are looking to deploy an ASA 5520, but I need to know if it is possible for it to work in this environment.
 
We have colo space, with two IP ranges. They provide two network drops, one from each switch connected to different routers. One in which has 4 usable IP's for management purposes. This address range will be used only for remote access to the ASA and VPN into the management VLAN. The management VLAN will have all internal devices such as the switches, etc. The second range is for the servers, of which will be assigned directly to the hosts and the ASA will need to act as just a firewall. I can do this on IOS, but not sure about the ASA.
 
I need to answer the following questions:
 
Does the ASA support dual network drops, and would this be a failover port configuration in order for it to work?A management VLAN with outbound internet access only, and VPN/RA capability. NAT will need to be used I'm guessing. Can we have a DMZ VLAN which has defined ports, say 80, 443 and 25 inbound and outbound. I need the hosts to have the public IP assigned to them with no NAT configuration.
 
I know there are some advantaged to using NAT, but I really can't use it because the applications behind prefer public IP's being assigned to them.

View 23 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5520 - Dual ISP

Mar 12, 2011

I have Cisco ASA 5520 . I want to deploy this in the following scenario. Two ISP( for internet) links are connected in the ASA. Three  zone ( Outside , DMZ , Inside) specified on the ASA.In DMZ , there are two proxy server ( proxy 1 , proxy 2) . Branch user will use proxy server 1 and Head office will use proxy 2. 
 
In the above scenario management requirements are, Proxy 1 will use ISP 1 and proxy 2 will use ISP 2.If ISP 1 goes down then proxy 1 will use ISP 2 for internet. Please suggest me how I will configure the ASA in the above requirements or if possible send me the configuration.

View 3 Replies View Related

Cisco Firewall :: ASA 5520 / How To See / Log Drops Due To Inspection

Jan 29, 2013

ASA 5520 running 8.4.5:We had an issue with a remote SMTP connection getting screwed up as a result of ESMPT inspect.It took me 3 hours of troubleshooting the SMTP connection before finally figuring out that the firewall was the culprit. What really through me off was that I saw nothing in the ASA logs (warning and above) that showed packets were being dropped. I'm probably crazy but I thought I remembered seeing entries in the log when packets were dropped due to a type of inspection (specifically, I remember entries in the log saying something to the effect of packet dropped due to ESMPT inspect, packet too big). My quesiton to Cisco TAC was: Is there a simple way to have the log give a warning every time a packet is dropped due to any inspection rule, just like we can see any drops due to ACLs?  So far the only answer has been a complex list of log changes to allow debugging and notifications of certain events. This isn't something I want to roll out to all my ASAs.

View 5 Replies View Related

Cisco Firewall :: ASA 5520 Dual ISP Feature

May 31, 2013

I would like to knwo if i have dual ISP feature with my ASA 5520 licence? With ASA 5505 i can see Dual ISP feature but with ASA 5520 it's not!

View 3 Replies View Related

Cisco Firewall :: Does PIX 6.3 Support Dual ISP And Policy Based Routing

Mar 19, 2011

Just want to ask if a PIX firewall specific with a 6.3 OS version do support Dual WAN and PBR.

View 2 Replies View Related

Cisco Firewall :: ASA 5520 8.3 VPN Tunnel Drops Traffic

Aug 23, 2011

We have a 100 Mbps WAN circuit, we have configured an IPsec tunnel between ASA 5520 and Cisco 3845 Router for our DR site replication via Veeam Backup and Replication, it was working fine before, when we established the 3DES tunnel the traffic for certain subnets is dropped after an hour and it stops the replication, although tunnel remains up and we can access the other subnets, as soon as we clear the crypto SA and ISAKMP sessions on the firewall the traffic starts flowing again and then after an hour the traffic is dropped again.So far the testing and differnet configurations we tried are as under.
 
Tried with a different MTU size both on firewall and ESXi servers but nothing happened.Their is no QOS configuration.Checked the utilization on both ends its Noram although their are subsequent 100% spikes on Cisco 3845 but on average it remians at 30-40%.

View 6 Replies View Related

Cisco Firewall :: ASA 5520 For Dual Active ISPs

Dec 14, 2011

I inherited a network redesign project mid implementation and ran across an issue that I was not 100% sure able to be resolved.  Implementation is occurring in which the organization is changing over to a different ISP and we have some customers that will not be able to change their settings over to our new addresses from some time.  I have seen a lot of posts about fail over and dual ISP configurations, but I could not relate them to this particular scenario.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 / 5520 Dual Gateway From 3750 And 2010

May 17, 2011

I need to move the client machines off of the 3750 (and their DHCP dependency on it) to the SGE2010 and absolutely route their internet traffic out through the outside interface on the 5505. They must also be able to communicate back into the internal environment in order to communicate with the production servers.
 
The clients currently use .254 addressing through a dumb dell switch to the 3750 but I am trying to migrate them over slowly to the .253. I know that the 2010 will not do DHCP, so I am putting a DHCP server on that switch right now. The 5505 won't let me add an additional nameif statement onto one of the other eth0/x interfaces and I'm not sure if that has anything to do with it's capabilities to act as a DHCP server (it's not an option in the ASDM) or it's ability to serve as the internet gateway for the 2010 clients. (Side notes: The 5505 has a base license and is currently also connecting 1 site to site VPN. As is the 5520, so all of it's interfaces are used as well).
  
I statically assigned a moved client with a .253 address and plugged it into the 2010. I have tried giving the 2010 both a .4 address and a .253 address but neither will allow me to ping any of the addresses on the 5505. The 2010 shows automatic routes to the two subnets and I set it's default route to 253.1. The link between the 2010 and the 3750 works - clients receive a .254 address from the 3750 and can get out to the internet via the 5505 and reach the production servers as well.
 
Why won't the 2010 see the 5505 as a gateway and allow clients to get to the internet and also traverse the 3750 when they need access to the production network?

The reason why I dont' just connect the two swtiches and call it a day is because I also need the production servers to ALWAYS go out/receive web requests via  the 5520 outbound/outside interface. I'm having such a hard time wrapping my head around why i can't get my clients moved over to the new switch, I haven't even grasped how I'm going to do that yet.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 Activating Failover Config Drops Routing Table

May 21, 2012

I'm attempting to configure two ASA 5520 for active/standby failover.When I enter the “failover” command to enable the config on the primary ASA, the entire routing table disappears.There is no routing process running, only static routes are configured.
 
Is this an expected behavior of the failover process and if so, how long should I wait for the routes to come back?

View 5 Replies View Related

Cisco Firewall :: Does The ASA 5520 Support A Product Called Untangle

Feb 27, 2011

Due to a cost savings campaign we are trying to use open source as much as possible. Does the ASA 5520 support a product called 'untangle' ?

View 2 Replies View Related

Cisco Firewall :: Upgrade From 5505 To 5520 On Network - ASA Firewall Throughput

Feb 27, 2013

I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
 
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
 
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.

View 5 Replies View Related

Cisco WAN :: 800 Router That Support Dual Wan Capability

Aug 27, 2011

i've searched the cisco product line looking for a simple router that many of my small to medium size clients can benefit from .Most of these clients have approx.  40 - 75 users and they have standard T1 Connections for Internet as well as a secondary Internet provider utilizing broadband ( cable )
 
 i would like to find them a cisco series router that can provide both load balancing to maximize the speed from both ISP's and -  provide automatic fail-over / business continuity in the event one of their Internet lines goes down.
 
i see that the 800 series router provides business continuity but it doesn't appear that is suitable for my situation ( T1  / broadband cable )  not DSL.don't want to spend 5k on something that is overkill b/c again, these are relatively small offices ( 40- 75 users  max )

View 6 Replies View Related

Cisco VPN :: Dual ISP And SSL VPN On ASA 5520?

Dec 30, 2012

I configured dual ISP on ASA 5520 following cisco doc below. Now I would like to configure SSL VPN to work with this for failover? I tried to find an article regarding this but I could not. [URL]

View 3 Replies View Related

Linksys Dual Band Wireless-N USB Adapter - Internet Randomly Drops And Reconnects

Apr 24, 2011

My wireless internet has been acting a bit weird lately. I use a linksys Dual band wireless-N USB adaptor (WUSB600N) to connect to my router, a 2wire 1000sw. I am on windows 7. Recently, the internet has been dropping and reconnecting the connection weirdly; it is apparent in Portal 2 Co-op mode; it says the connection has been lost to the server, and then within 4 seconds, re-joins the server. During that time, the little network icon (the 4 bars in the task bar) says "Identifying."

View 2 Replies View Related

TP-Link Dual-Band Wireless :: WDR 3600 - Connection Drops / Reboot Required

Feb 2, 2013

Region : Germany
Model : TL-WDR3600
Hardware Version : V1
Firmware Version : 120820
ISP : German university ISP

I have a big problem with several TP-Link routers (WDR3600, WR1043ND, WR741ND), always with the latest firmware and also with older ones. After a day or so, my internet & network connection will drop all of a sudden and all the routers need a reboot. There is no indication on what provoces these lock-ups. The routers can handle heavy traffic (bittorrent /w 100s of connections) but will stop working when browsing casually. The web-GUI will become unreachable. No pings to the outside are possible anymore, not even to direct IPs (8.8.8.8 for example). No pings to devices in the same network are possible either.

View 7 Replies View Related

Cisco WAN :: Dual ISPs In ASA 5520

Jul 10, 2011

We got 2 ISPs -------> two ASA 5520 Primary / secondary --------> LAN . ASA is configured with ACL and Static NAT for our mail , web & ftp servers .
 
My question is how to configure the 2nd ISP on the ASA to auto switch to the 2nd ISP when the 1st is down with a backup static NAT and backup ACL for the new ISP , in other words how to configure a active static NAT and Backup Static NAT and ACL only for Exchange/Mail Server.Here is the example of our configuration where PIE is Primary ISP & EMC is Backup ISP.
  
ASA Version 8.2(1)
hostname Corp-ASA
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
[code]....

View 1 Replies View Related

Cisco Routers :: RV220W To Support Dual Band Simultaneously

Jan 11, 2012

Cisco RV220W works in 2.4GHz or 5GHz.There is any plan to support these bands simultaneously?

View 1 Replies View Related

Dual-band Router With Open Firmware Support?

Jul 7, 2011

I'm about to jump on the bandwagon and drop my whr-g125 running tomato for a new wireless-n router that runs tomatousb. I can't seem to find a dual-band one that is supported.

Need:

- Wireless-n dual-band (2.4ghz+5ghz). Doesn't have to be the super fast type.. whatever is entry for this.

- At least 1 usb port for printer sharing

- Prefer gigabit, but I can live without

- Must be able to run Tomato in some form, or if I have to, run dd-wrt as a last resort.

View 2 Replies View Related

TP-Link Dual-Band Wireless :: Does WNR4300 Support With DD-WRT

Nov 15, 2012

Region : Iraq
Model : TL-WDR4300
Hardware Version : V1
Firmware Version :
ISP : Newroz Telecom

Can I replace firmawre TP-Link WDR4300 to DD-WRT to use it?, either my TP-link already has VPN,NAT,QOS,..etc like as DD-WRT so does need to replace firmware for better?

Does TP-Link WDR4300 support with DD-wrt? Is it working clearly without any problem?

View 1 Replies View Related

Cisco WAN :: BGP Multihomed ISP Dual Routers And ASA 5520

Aug 3, 2010

I have a client that is requesting redundant internet connections using 2 7204 routers to 2 asa 5520 in an active standby configuration.  There is no load balancing requirement this is strictly for failover.  The issue that I am having is that I have to have 1 of there public IP addresses on the Lan side of the 7204 for the ASA connectivity.  Because of this both routers advertise out their public subnet to the respective providers, but the issue is that when the wan link on the primary router fails and traffic traverses the secondary wan the return traffic comes back in the secondary wan and stops because it sees the link to the asa as being up even though the asa is in standby.  No matter what route manipulations I do a directly connected route is alway going to be better. How I can get this to work.  Below is a rough sketch:
  
Verizon------Router A (Primary)-----ASA A (Active)--------------Nexus1
                         |                              |                              |
                         |  IBGP                    | Keepalive               | VPC Link
                         |                              |                              |
AT&T---------Router B (Backup)-----ASA B (Standby)------------Nexus2

View 6 Replies View Related

Cisco Switching/Routing :: Nexus 7000 Dual Extender Support?

Nov 3, 2011

currently nexus 2000 and nexus 7000 does not support dual connection. you can not connect to 1 nexus 2000 to 2 nexus 7000 chasis. But for the nexus 5000, you can. what is the problem to to support this feature on Nexus 7000s? 5000s and 7000s run same software.

View 1 Replies View Related

TP-Link Dual-Band Wireless :: TL-WDR3600 - WDS Encryption Support

Mar 1, 2013

Region : Italy
Model : TL-WDR3600
Hardware Version : V1
Firmware Version : 3.13.17 Build 120508 Rel.45884n
ISP :

I've got two WDR3600

the first one is the main router:
- connected to ISP modem
- DHCP on
- 2.4Ghz radio to serve WiFi clients security WPA-PSK
- 5GHz radio to link to the second WDR3600
protocol 802.11n only

the second WDR3600 is WDS of the main router:
- DHCP off
- 2.4GHz radio to serve WiFi clients security WPA-PSK
- 5GHz radio to link to the first WDR3600
protocol 802.11n only

All is working fine, however WDS connection works only with security off. WPA-PSK is not selectable, cannot test WPA2, no radius server available, WEP not supported due to incompatibilty with 802.11n protocol. Is this the expected behaviour? How to get WDS working with WPA-PSK encryption? Could this be due to the firmware or s it a limitation of Atheros chipset?

View 1 Replies View Related

Cisco Firewall :: ASA 5520 Adding Network Objects Via CLI

Nov 3, 2011

I'm working with ASA 5520s. how to add network objects via CLI. I know I could easily do it using ASDM, but I like to learn the hardway first. How do I add the subnet mask for a network object when creating via CLI? [code] That sets up the hosts with IP addresses, but how do I add the subnet mask?

View 2 Replies View Related

Cisco Firewall :: ASA 5520 NAT And DMZ / Inside Network Configuration?

Jan 27, 2013

I am trying to configure a server(192.168.5.50) in DMZ(192.168.5.0/24) to be able to communicate with a domain controller(10.5.44.220) in the inside network(10.5.44.0/24). I made some configuration using ASDM(not familiar with the CLI) but not working and it caused existing NAT not to work, for example RDP(TCP 3389) connection to 38.96.179.220
 
The things I am trying to achieve are
 
1. two way commucation between 192.168.5.50 in DMZ and 10.5.44.220 in Inside for SecureAuthPorts and SecureAuthOutbound service groups

2. NAT for 192.168.5.50 mapping 38.96.179.50 for the service groups mentioned above

3. NAT for other hosts already existing

View 2 Replies View Related

Cisco VPN :: ASA 5520 - Configure VPN To Dual Remote Endpoints

Dec 13, 2011

Not sure if my subject is a good decription of the problem or not.
 
I have an ASA 5520 at my home office and a SonicWALL NSA2400 at my remote office.  The remote office has dual internet connections and I wanted to create two seperate VPNs between the devices using each internet connection on the SonicWALL.
 
I know how to configure this on the SonicWALL, the problem is on the ASA 5520
 
OK Basic network config
 
Main Office

ASA Public IP 1.1.1.1

ASA Internal network 192.168.1.0 (VPN source)
 
Remote office

Public IP 1     2.2.2.2

Public IP 2     3.3.3.3

Iternal network 192.168.2.0 (VPN destination on ASA)
 
If I have a VPN from the main ASA to either one of the SonicWALL's public IPs everything works fine

If I create 2 VPN tounels from the main ASA, 1 to each public IP on the SonicWALL, the VPN shows as up but no traffic flows.

View 1 Replies View Related

Cisco Security :: Dual ASA 5520 WCCP Configuration?

Dec 6, 2012

I recently configured WCCP with a Sophos Web Filter on my network it works good but the problem I am having is I have two 5520s so I am directing the device to look at 2 different IP addresses and since the devices are in an Active/Passive failover.  The problem is because the second device is in a passive failover it is not responding which is throwing connection errors to my Sophos device.  I know you can have a single management connection for the ASA's but is there a way to have a single IP for the ASAs for the WCCP?

View 1 Replies View Related

TP-Link Dual-Band Wireless :: TL-WDR4300 / Any Firmware For Unify Support

Jan 16, 2013

Region : Malaysia
Model : TL-WDR4300
Hardware Version : V1
Firmware Version :
ISP : Unifi

I just bought this hardware, I haven't tried it yet. Will tested it when I reach home today. Someone told me that I need to update the firmware. Do I really need this, or I can just simply use the existing firmware?

View 8 Replies View Related

Cisco Firewall :: Subinterface On ASA 5520 - Extend Network Sources

Apr 23, 2013

I am having an issue where I can't get to external network sources via my sub interface which is attached to a 192.168.10.X VLAN I created to for Guest wireless traffic. The internal interface is a 10.5.X.X network. I can get out the external interface, but anything that we have A records for such as our mobile iron server that we can hit from the outside via https and an external IP can't be hit from the subinterface at all. Would this be a DNS rewrite issue or inspection problem?

View 3 Replies View Related

Cisco Firewall :: ASA 5520 - IPSec Tunnel Without Private Network

Apr 11, 2013

I'm trying to achieve a site-to-site ipsec tunnel to a Cisco ASA 5520.  Most examples feature the ASA with a public interface that terminates the tuennel and a private network on another interface that the tunnel interacts with.  Where my scenario differs is that the interface that accepts the tunnel is part of a public /29 network where I want the remaining hosts on that subnet to be able to route thrugh to the other end of the tunnel.  My tunnel gets established, but any attempts to route via the IP assigned to that one interface result in the ASA rejecting traffic. If so, what configuration options should I consider?

View 5 Replies View Related

Cisco Firewall :: 5520 Can't Access Internal Web Server From Outside Network

Aug 23, 2011

I am using ASA 5520 with 8.2.4 IOS. I'm new to ASA/Firewall. I need to do access webserver from outside network.From Laptop (192.168.2.51), If I connect to url... it should open page from 10.10.10.50.I also need to ssh to webserver from laptop. If I ssh to 192.168.2.50 from laptop, it should connect to 10. 10. 10.50. [code]I can't get to webserver from outside network, so now, I connected laptop to directly ASA 5520 outside port with crossover cable.ASA Inside port connects to L3 switch. Webserver also connects to L3 switch. But still doesn't work.

View 9 Replies View Related

Cisco VPN :: ASA 5520 Support For Blackberries?

Jul 18, 2011

Does Cisco ASA 5520 have IPSEC VPN support for Blackberries?
 
I found the following document:
 
Supported VPN Platforms, Cisco ASA 5500 Series [URL] The document doesn't say anything about RIM or Blackberries.
 
The Blackberries have built-in VPN clients where you can select:

Cisco VPN Concentrator 3000 Series
Cisco Secure PIX Firewall VPN
Cisco IOS with Easy VPN Server
 
The Cisco ASA is not listed there.
 
Is it possible that using Blackberry with Cisco ASA is not supported?

View 1 Replies View Related

Cisco Firewall :: ASA 5520 - Create Network Object For Range Of Hosts?

Oct 25, 2011

I'm migrating our network objects from our current firewall to a new ASA 5520 configuration. I'm using ASDM 6.4 for configuration.
 
We have a range of IP addresses for hosts that we need to add to a firewall rule/ACL. In the previous FW software I could create an object that was a range of IP address. For example there is an object called emailservers that is defined as 192.168.2.25-192.168.2.50.
 
Is there a way to do a similar thing on the ASA 5520?
 
I can see how to create subnets, but in this case I only have a range of IP addresses, no subnet mask.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 - Enable Access Sftp / Ftp With Filezila Outside Of Network?

Feb 21, 2012

Have cisco ASA5520 on place and i want to configure it to access my webserver outside of my network throught sftp/ftp with filezila what command to add so as port/service associate to it should be able to run?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved