Cisco Firewall :: How To Connect To WAN Port On ASA5510 To Test Before Deployment
Oct 5, 2011
I've cloned the configuration off one of my ASA5510's to another 5510 to use as a template for a new data center deploy. I have configured the new firewalls networks and rules, and of course changed the WAN IP config to its new setting.
I want to test the firewall in y office before I deploy it. How should I configure my Macbooks ethernet configuraiton to test the firewall?, as I have tried without success to connect to it.
Let's say that my WAN configuration is 134.5.169.98/255.255.255.224 with a static route of IP address 0.0.0.0, Netmask 0.0.0.0 and a gateway IP of 134.5.169.97.
I've tried setting the route to force all traffic through the interface (sudo route add 0.0.0.0/1 134.5.169.98), but that did not work either. A trace route to the external interface IP of the firewall (or the external IP of an expose server) get's a "no route to host" error.
I've tried many configurations and have not been able to access the internal servers/services/VPN at all.I've also tried with a cross over, and straight through cables.
What should I configure my macbooks network configuration as so I can connect directly to the WAN port to test external access to the internal servers/services and test the VPN client?
View 8 Replies
ADVERTISEMENT
Nov 23, 2011
I travel a lot and use wifi in a lot of different places (hotels, airports, etc.)My apps don't always work and I suspect that in some instances the broadband provider is blocking some of the ports I need.I don't need a port scanner like NMAP since that scans a target IP for listening ports.What I need is a way to figure out whether some firewall between my PC and the Internet is blocking specific UDP or TCP port ranges.
View 2 Replies
View Related
Mar 3, 2013
I was enabling all the ports for testing on an asa 5510 and once I got to port e0/3 I got this error:
ciscoasa(config-if)# int e0/0
ciscoasa(config-if)# no shut
ciscoasa(config-if)# int e0/1
[Code]....
On the asa theres 4 ethernet ports 0 - 3 don't understand why port e0/3 is not listed. When a cable is connected the led's for that port goes green. Is the port just bad or is there a work around?
View 4 Replies
View Related
Jul 30, 2012
I have an ASA5510 and I would like to implement something like this: have two ports patched in and ready but only one active, the other one in standby (when the first one goes down the other port comes up and all the traffic goes down this way), all these on one physical box. So, it's basically like port failover on the same box.
View 1 Replies
View Related
Jan 29, 2013
I configured ASA to open port 21, 3389, 5900 (outside access in) but when i check port just success : 21 and 3389, Error: 5900 If i configured with only one port 5900 or 3389, is't ok, i don't understand what 's the problem?
ASA5510>
ASA5510> ena
Password: ***********************
ASA5510# show run
: Saved
[code]....
View 7 Replies
View Related
Dec 17, 2012
I'm looking for an example config of how to run dual ISPs while doing port fowarding for one of the publicly facing IPs. This is on 8.4 so
View 1 Replies
View Related
Aug 19, 2012
I am trying to set up a Cisco ASA 5510 running 8.2 to allow a connection to a Polycom camera that sits behind it. What I want to do is forward multiple ports to allow a connection from an outside office. The polycom camera uses the following ports:
1720 tcp
3230-3235 tcp
3230-3253 udp
I got these port numbers from the Polycom web site. So what I did was create a service object as follows:
object-group service All-Polycom-ports
service-object tcp range 3230 3235
service-object tcp eq h323
service-object udp range 3230 3253 My question is how can I use this service object in a static (inside,outside)
command so that I don't have to create multiple commands for the port forwarding. Is this even possible or do I have to sit down and write out around 30 seperate commands to do this. I've been searching the web and it seems a lot of people want to do this but so far I haven't found an answer.
View 3 Replies
View Related
Aug 7, 2011
I am using an ASA5510 for internal firewalling in my QA environment. How do I allow RDP from one subnet to those protected by the firewall? Preferably using the ASDM.
View 25 Replies
View Related
Apr 10, 2011
I would like to know how to implement high availability on a S160 ironport device.i have two S160 device but the user guide is not useful.
View 1 Replies
View Related
Dec 26, 2012
I've got an ASA5510 with an IPS/IDS module. Because of a merger, I've got two 10.10.10.x networks (West and Central). I'd like all West traffic to be IPS checked before going into Central. Once it goes into Central, it's out of my hands. Can I set up NAT to accomplish this?
Again, the traffic flow would be from West (10.10.10.1) through the ASA/IPS, and then to Central (10.10.10.1).
Is this possible? If not, do I need another router?
View 6 Replies
View Related
Mar 22, 2011
I have an @Remote appliance through Ricoh for our copiers. This appliance connects to their site to transfer meter readings and other information. This appliance can't connect to their site to transmit data. Ricoh is telling me the problem is on our firewill. I have assigned the Ricoh appliance a static IP address in our network. Our firewall is a Cisco ASA 5510. I don't have much expereince with logging on the ASA, so I'm not sure what "teardown dynamic TCP translation from inside" means. Is there something that is preventing this IP from contacting the Ricoh site? [code]
View 3 Replies
View Related
Apr 26, 2011
We recently got a Cisco ASA 5510 Security Appliance and I have some general question.
We have 1 T1 internet connection, and we have 2 internal networks. These 2 internal networks currently hav access to the internet. I am having issues with the 2 internal networks being able to communicate with each other.
View 2 Replies
View Related
Sep 3, 2011
We have an ASA5510 with the IPS ASA-SSM-10 module installed. All is working well except event notification. When sending a test email from the SSM IPS, we get the error "could not connect to SMTP host". The Exchange SMTP host does allow traffic from the IPS and ASA. I can ping to the SMTP host by IP and name. What am I missing here?
View 3 Replies
View Related
Aug 3, 2011
Test a destination port if it blocked or not by my ISP
View 8 Replies
View Related
May 4, 2011
I have a NM-4A/S serial network module which I suspect is having problem on a Cisco 3640 router. Is there a way which I can test the async ports out without connecting to any other devices? [code]
View 2 Replies
View Related
Jun 6, 2012
ASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?
View 3 Replies
View Related
Mar 8, 2013
I've been asked to deploy an ASA in Transparent Mode because of concerns of putting another layer 3 hop between PE and CE routers running BGP.
Is there some problem with allowing BGP to flow freely through an ASA the is also terminating site to site and remote access vpn tunnels?
I just don't see the need for Transparent Mode here and you cannot have a standard DMZ setup with Transparent Mode: you have to use bridge groups to provide for multiple interfaces on the ASA and then have an external router route between those bridge groups.
what I'm missing here as to why Transparent Mode is needed (not needed)
ASA is 5512
View 4 Replies
View Related
Dec 1, 2012
I am struggling in some areas to work out my firewall rules for a distributed deployment. The referenced documentation is not entirely clear in my opinion. In some instances it is easy to work out what ports need to be opened eg Admin node TCP 22,80,443 for management from administrator hosts/ranges. In other instances it difficult to work out eg TCP 1521 Database listener and AQ is this for ISE nodes only or for access devices aswell
My question is whether there is a better document that details these requirements. What rules are meant to be ISE node - ISE node communications and which rules are for access device - ISE, or ISE - access device. One of the rules I am pretty confused about is the PSN CoA ports. SHould the rule be WLC - PSN on 1700 and 3799 or is it the otherway round or unidirectional?
I am pretty sure that the ports are meant to be ISE-ISE in most instances barring the PSN for Radius and CoA.
View 3 Replies
View Related
Jun 5, 2012
I have a Cisco CBS3020-HPQ chassis switch running IOS 12.2.(25r)SEF3. One of the ports is in "disabled" state but when I try to unshut it, it doesn't work, the switch logs shows the following event:
%PLATFORM_ENV-3-LOOPBACK_PORT_POST_ERR: Gi0/1 can't be brought up because it failed POST in Loopback test
how do I resolve this, the port is unusable since I can not get it out "disabled" state.
View 6 Replies
View Related
May 3, 2011
Question re: DIR-655; Hardware ver A4; Firmware version 1.32NA
During bandwidth tests to several sites (principally speedtest.net) I get ping times of 10-11 ms, download speeds of 12+ to 17+ mbps but failure on upload tests using my DIR-655.
When I bypass the 655 and test directly with my cable modem, all (including upload) tests work reliably and consistently.
I have swapped the two ethernet cables involved as well as replacing both with new cables but the results are the same (uploads fail with 655 and work without it)
I have seen several postings over the the last year with this same problem but have never seen any comment from D-Link, or a solution from any reader.
Not that it should have any bearing, but I have TA785GE-128M motherboard and am running Windows 7 (patch current) on COMCAST
is this problem acknowledged by D-Link and is there a solution?
View 14 Replies
View Related
May 20, 2011
when doing the downloadupload test in UTorrent program it claims my port is not open (Default 17690). After I plugged my machine directly to the modem (suspect of port forwarding not working), after removing the antivirus I have, and after adding to my firewall inbounds rule regarding to that port, I still fail on the test.
View 1 Replies
View Related
Jun 27, 2012
I need configuring a newly reinstated PIX515E with IOS 6.3 to test the configuration of a load balancer.I would like to setup with two Inside interfaces (or simply two interfaces) for testing. I just need it to pass traffic (basically HTTP and HTTPS) between these two interfaces without using NAT.The older IOS is causing me some problems. I don't have an outside interface configured for Internet access,but trying to connect via IP address does't work either. I may be able to configure a second DNS server for the 192.168.12.X network for testing purposes if needed. I even tried to set the default route to the Interface of the production ASA's inside interface (3.1), but that did not work either.
View 6 Replies
View Related
Aug 11, 2012
I've recently purchased a new modem and router made by net gear I've been able to connect to the internet via laptop, cell phone, etc. but my real problem is that my Xbox will not connect through the net work test when I physically do it myself but if my Xbox is off and I reset the modem /router and then turn on the Xbox it connects me but doesn't allow me to play any games or talk to friends, so back to my first problem I test the internet using the Xbox, it connects to the network but not to internet and trows an error reset modem/router 30sec. ICMP error or MTU error I've browsed online for solutions but none are successful I've changed router settings bought an Ethernet cord bought a second more powerful router from net gear nothing is working, any ideas?
View 1 Replies
View Related
Nov 21, 2012
I have a new Toshiba Portege. It successfully connects to 2 wifi connections but will not connect to a third (my home). I have other laptops connected successfully to my home network right now. So, the problem is specific to this machine and this network.
When I run an Intel diagnostic tool (Intel� PROSet/Wireless WiFi Connection Utility) I get a failure at the "association test". [Trying to figure out how to post a screen shot. I'll post it when I do.
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz, Intel64 Family 6 Model 58 Stepping 9
[Code].....
View 6 Replies
View Related
Nov 3, 2011
Ran a diagnostics test and failed the Ping test. I'm using the university resident internet. Called the tech place and they said they're investigating their connections and networking thing on their end. Just in case though, I want to know if there's actually something wrong with my laptop rather than their equipment.
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:UsersHelen>IPCONFIG /ALL
Windows IP Configuration
Host Name . . . . . . . . . . . . : FATHERSCOMPUTER
Primary Dns Suffix . . . . . . . :
[code].....
View 3 Replies
View Related
Oct 21, 2011
I upgraded 3 days ago from a (WRT160N ver. 1) to a (E3200) After setting it up and syncing all the devices including the XBOX 360. After signing into Live I noticed that every time I power off and power on the console it's IP address would change causing the NAT to become moderate so I went over to the Xbox360 open the Network settings and Manually set the IP address Mac address, Gateway address. Then I opened the routers settings page and Port Forwarded the correct ranges also copied the IP address I manually entered earlier on the Xbox 360. On the router side I saved the changes restarted the console and my NAT was open, but here's the Issue now when I go to sign into Live I get a pop up saying I can't connect to Live to "Test the Connection". After I "Test the Connection" then and only then I can sign into Live.
View 9 Replies
View Related
Jun 11, 2012
I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:
[Code].....
View 7 Replies
View Related
Jun 29, 2011
I have two ASA5510's set up in failover, and the secondary keeps crashing after doing the interface checks when bringing failover up. This only happens if I try to upgrade the image on the secondary to anything newer than 8.4.1 (I've tried with 8.4.1-11 and 8.4.2). The primary one run just fine with new images.
I don't have the exact error right now, as I need to do a screen capture from console. It's just a huge crash dump.Are there anything I might have missed during the upgrade? Should I cold-boot both the firewalls in the correct order?
View 7 Replies
View Related
Sep 10, 2012
i have a ASA5510 in the office, that already configured 3 context, namely, admin, user, server.in the server context, the last running config was not saved, and there was a power trip last friday night. 1 of the sub interface was affected, and i need to recreate that interface.I am getting the below error, it only allow me to do changes those pre-defined interface.how to I create extra sub interface?
View 3 Replies
View Related
Jul 21, 2011
I have a ASA5510 and I have a question about the speed the ports can handle, here is one port:
-interface Ethernet0/2
- speed 100
-shutdown
- no nameif
-no security-level
-no ip address
it's ethernet and not fastethernet so I figure it will only go to 10Mbps, but at the same time I can hard code the speed to 100.
View 2 Replies
View Related
Feb 22, 2012
i have cisco ASA 5510 Firewall using in my network, i have planning to upgrade the Flash memory from 256 mb to 512 mb and the RAM from 256 mb to 1GB.
View 1 Replies
View Related
May 4, 2012
I have a cisco asa 5510 with security plus license in Live enviroment . I need to add a secondary firewall . I was planning to do in active /standby mode for failover .But i have a doubt , when i do "show version " on live asa output says Active /active failover , does this means that i can only configure failover in active/active mode not in active/standby (which i want to do )?
Maximum Physical Interfaces : 8
VLANs : 20, DMZ Unrestricted
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 25
WebVPN Peers : 2
Dual ISPs : Enabled
VLAN Trunk Ports : 8
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions : 2
This platform has an ASA 5505 Security Plus license...
View 4 Replies
View Related
Feb 12, 2012
i am using Cisco ASA5510 Firewall in my Network in the distrubition Layer .Private Range of Network Address use in the Network and PAT at the FW for address translation.presently encountering an issue the users behind the FW in my network unable to RDP at port 2000 presented at the Client Network.Able to Telnet on port2000 but not RDP . any changes needed at the FW end to get the RDP Access.
View 12 Replies
View Related
