Cisco Firewall :: How To Configure PBR For ASA 8.4
Aug 12, 2012We heard that ASA ver 8.4 has PBR. Do we have some guidelines on how to configure PBR for ASA and can it do routing based on URL?
View 2 RepliesWe heard that ASA ver 8.4 has PBR. Do we have some guidelines on how to configure PBR for ASA and can it do routing based on URL?
View 2 RepliesThis is my first time to use the Cisco ASA 5500 family. I have a request from a user to create an access rule, to allow all LAN traffic to Destination IP address 165.241.29.17, 165.241.31.254 with Destination TCP port 5060,5061,5070 and UDP port 50000-52399.
View 9 Replies View RelatedHow to configure ASA failover for 8.4.
View 1 Replies View RelatedI'm having a problem configuring an ASA 5510. A previous employee started the config and left abruptly. He established a VPN Tunnel between two of our sites and that's working without an issue. The problem is, the network behind the 5510 at the remote location cannot access the internet.Â
ASA Version 8.2(1)
!
hostname PH-Firewall
domain-name pleasehelpme.com
enable password HXrQty4kqW8s8yeE encrypted
passwd ucA.qrYJWD9UyIFz encrypted
names
[code]....
I have a asa 5505 Sec plus with 3vlan, inside, outside and dmz.
Â
On the outside i have 5 ip's for my use, and in the dmz i have a webserver that need to communicate with one sql server on the inside.
Â
The "sql" also needs to be accessible from outside and thus has a static nat with a dynamic nat so it replies from same ip as on nat ie 72.72.72.5 webserver is natted with 72.72.72.6
Â
sql inside ip is 192.168.1.2, gw 192.168.1.1
webserver ip is 192.168.2.100 gw 192.168.2.1Â
sec lvl on inside is 100 and on dmz 50
Â
with a dynamic policy running inside-net/24 to dmz-network/24 translagt to dmz 192.168.2.2 i can get it to ping 1 way from inside to dmz, but not the other way around...
Â
All i need is to open 1 port ie 6677 both ways for this communication to work.
Â
I'm not very familiar with the CLI and do most stuf in GUIÂ (know i should learn CLI, but time doesnt let me)...
on access rules i have just added everything from any to any using , ip, icmp, tcp and udp just to be sure... :-)
I am confiuging a DMZ on my ASA 5510 but I have run out of physical ports, since I have dual Wan ports configured. I plan to implement a DMZ using subinterfaces. I have 2 questions:
Â
1) Do I need to configure a Vlan to complete this task?
2) Do I need to re-configure the other interfaces for subinterfaces and/or vlans as well?
Do you know how to configure PAT on Cisco ASA 5545x?
View 2 Replies View RelatedWe have Cisco ASA 5520 firewall. ASA Version - 8.0(4). ASDM Version - 6.1(3). Firewall Mode - Routed.
Â
We want to configure QoS for some subnets and enable policing such that they cannot use more than 1mb of bandwidth. I think we cannot create more than 1 policy for it. In that case i created a policy with QoS enabled and configured the Input and Output policing with Commited Rate of 1024000 bits/second. But it does not seem to work.
Â
how can i create such policy in the ASA to limit certain subnets to 1mb bandwidth ?
I'm trying to configure an asa 5510 8.2(1)?I have a range of pub ips 3*.108.234.145-150
Â
>>> E0/0 3*.108.234.146 outside public    Â
>>> E0/1 192.168.1.1 inside      Â
>>> E0/2 192.168.3.1 dmz         Â
Â
would like to map dmz host 192.168.3.107 to external 3*.108.234.147 on port 5000 and 50001 LOCAL LAN should also be able to get to dmz host ports.i've tried a few configs and also following this example:
Â
[URL]
Â
without any luck, here is my config, also posted the out put of show arp which is able to see and ping the host on dmz, also the output of show access-list which shows hits to it.
 Â
prophase-pix(config-if)# show running-config
: Saved
:
ASA Version 8.2(1)
!
hostname prophase-pix
enable password encrypted
[code]....
i'm trying to configure an ASA with two ISP to be reached from internet for vpn access, the objective is that the user can use any of the Public address attached to ASA to connect to the company. Is this possible? i'm facing some problems because i can not use two different default routes (same AD) pointing to two different interfaces, this is the message that i receive "ERROR: Cannot add route entry, possible conflict with existing routes" and when i change the AD of one of the default routes i just can reach one ISP.
View 1 Replies View RelatedI'm using windows XP Pro , in a local Lan, internet connection through a DHCP, and System software on IP 192.168.0.254. I'm the Admin of my PC, I just want to use the Internet and the System program. I want to block any user from accessing my PC or viewing my Processes by other programs like (Ideal Admin.). How to configure the AVG Firewall to do that ??
View 11 Replies View RelatedConfiguring Cisco 1841 router and firewall.My provider has put their equipment and given me 2 subnets with public ip address. I am used to getting just one Subnet and connecting my firewall straight to the hand off. But in this case I am a bit confused. I assume I will need to put a router and configure it with before I connect my firewall. [code] I also have a firewall that I would like to be on the subnet 2 at 200.xxx.97.130 and have my private network 192.168.xxx.xxx behind it.
View 2 Replies View RelatedWe just switched over from a T1 line to 50/4 Mbps cable Internet. The speed was fine with the T1, but when we switched over to cable, the download speeds didn't increase. I'm getting 2-3 Mbps up and still only 1.5 Mbps down. I inherited this network a few years ago, so I didn't configure the Pix initially but I have been managing it and can't find a setting limiting the bandwidth for the liffe of me. I know it's not the Internet because when I connect a computer straight to the modem, the speed is great. As soon as I put it through the Pix though, it slows way down.Â
View 8 Replies View Relatedconfigure the firewall Cisco ASA5510 in HA Mode.Enclosed Network diagram.
View 14 Replies View RelatedI am attempting to set up failover dual ISP on a 5505 running 8.4(4) with the Sec Plus license. Everything i have been able to reference so far, points to old commands not available or relevant in 8.4
Â
For instance:
Â
global (backup) 1 interface
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 20.20.20.1 1
route backup 0.0.0.0 0.0.0.0 30.30.30.1 10
Â
What is the new syntax that should be used to mimic these commands? I have the sla and trach reachability configuration already set up.
How to configure SSH access on my PIX 506e. I would like to use local authentication with no AAA server. Also I would like to have telnet disabled completely.
View 3 Replies View RelatedHow to config RDP to internal host from outside. With new OS, unable to configure RDP having issue with NAT commands are different.
View 1 Replies View RelatedI am trying to configure an IPSEC vpn on an ASA5505 I setup an SSL vpn and it works fine, I can browse to the https: address log in and connnect to servers However when I try to setup the ipsec client access vpn it will not connect and I am getting the errors below I used the wizard for the initial configuration Looks like the inital IKE is being blocked or dropped?
Â
%ASA-7-710005: UDP request discarded from my external IP/35781 to external:ASA-external/500
%ASA-7-710005: UDP request discarded from my external IP/35781 to external:ASA-external/137
I have a firewall Cisco ASA 5505, and currently it is a command line firewall. I want to configure ASDM so that i can use it as a GUI Web Base interface.I really don't know what to do. How can I configure ASDM on my firewall.
View 7 Replies View Relatedif there is a way to configure pim-ssm on asa 5585x-ssm20.
View 1 Replies View RelatedI want to configure my Cisco asa 5505 as a dns server, so that when i configure any of my network systems ip address and use my firewall as a default gateway and dns ip, the system should be able to browse internet.
View 5 Replies View Relatedam trying to config a FWSM by ASDM 6.2f.there are formerly configured interfaces and new interfaces i created.when i add a new access rule it gets added only to all the old interfaces but not to the new ones i created.
Â
1. what wrong with the new interfces i created?
2. whats the logic of auto adding a rule to "all" interfaces , the rules are incoming rules specific to interfaces or groups , why add the to the rule to "all" intefaces?.
I am new in networking. All my knowledge is based on books and no real life experience.At my job I am required to set up the network and configure all apparatus I never worked,before with.We have regular cable internet in the office. Modem is connected to Apple router (time capsule). No trouble. Now we are getting fibre optic in the office. Mngmnt has abought the following Cisco:
Cisco Wireless Controller 2504
Cisco 3501 AP 802.11g/n Ctrlr based AP
Cisco ASA 5510 Firewall appliance
Cisco Power Injector AP3500 Series
We have one Cisco ASA5515 firewall, I configured ftp mode to passive, inspect ftp in service, use anoother public to do NAT with ftp server, and also configued ACL in outside interface, but I failed to access the ftp server from internet use that public ip address, no problem to acces the ftp server use its inside address in LAN.
View 9 Replies View RelatedGot new ASA5550, code 8.2.2 in flash, can't configure "nameif" or "ip address" on the interfaces: [code] These are all the options that I get! Another weird thing I noticed is "<system>" string in "show ver" top line: [code]
View 2 Replies View RelatedI am absolutely new in the enterprise firewall world but I would like to start learning how to configure ASA 5505 and 5510. I did some research myself and I found that the material or the topic itself is a huge adventure (lots to read and understand). My company uses IOS versions until 8.2 due to the differences in the NAT-ting rules with 8.3 and 8.4.
View 1 Replies View Relatedhow can I configure policy NAT on ASA5510. I would like to do the following;
Â
9.1.1.9    NAT to     10.1.1.9
 If source IP =    1.1.1.1
then NAT to    =     10.2.2.9
the rest NAT to = 10.1.1.9
Â
The issue is I want 1.1.1.1 NAT to 10.2.2.9 when access www.example.com. The rest NAT to current NAT.
I have a test ASA 5505 at home. The DHCP IP address in my real home firewall is 192.168.1.x and as you are aware the default ip address in ASA is the same. how to configure the ASA.
In the link below there is an instruction, it seems it is working for everybody except me. I followed the instruction up and the only change was assigning the IP address, which I chose something other than 192.168.1.x But after the step of creating NAT, I do not have access to the internet. [URL] Also I followed the link below, but the revision of the ASDM in the instruction does not match with mine, so I was not lucky to figure the device.[URL]
1- How can I configure the ASA 5505 with an IP address different than 192.168.1.x (at home = no incoming static IP address = DHCP on subnet 192.168.1.x for the incoming internet) I have installed ASDM 6.3 on my laptop (From work) but when I connect to the ASA it wants to install ASDM 5.7.I tried to connect to the device through ASDM 6.3 and input the IP address 192.168.1.1It takes for ever and it does not connect to the device
2- How can I connect to the device by ASDM 6.3 or any ASDM with higher version than the original of the device?
I need to allow connection from IPHONE (in Internet) to connect Exchange on private network, synchronising with activesync (https) We have a microsoft TMG on frontal (inside network)
Â
What is the method to parameter CISCO ASA using clientless access: Port forwardind? smarttunnel, web proxy? Nat?
Â
i want the activesync request to cross ASA to go directly on TMG without asking password and user
i have a server with a private ip of 192.168.0.2, and NAT http port 80 to 192.168.0.2 so the outside world can access the web.. but my computer on the same lan as the server cannot use the domain name or public ip to access the web...i must use the http://192.168.0.2 to access. how to configure cisco 857 so i can use http://mydomain to access?
View 2 Replies View RelatedI have a cisco ASA 5520 that i'm configuring.From the actual Firewall (with is a linux server), we have the outside interface eth0 with has a public IP and other sub-interfaces (eth0.1; eth0.2,...) with others publics IPs.I'd like to know how I can configure it in an ASA
View 7 Replies View Relatedi have an ASA 5520 with ios 8.4 and asdm 6.4.
Â
my configureation is belowÂ
my asa interfacesÂ
inside ip
172.16.0.0/22
[Code].....Â
Â
so now i want to configure my asa to give access to user based. what configurations should i use to do so.
Â
i have attached the Edit Active Directory Server dialuge box so what should i put there in the box's
I recently bought an all brand new ASA 5510 and it is here by my side. I'm trying to configure it but when entering https://192.168.1.1/admin I get Page Not Found error on IE. I'm able to ping 192.168.1.1 and have success telnet 443 port.
View 13 Replies View Related