Cisco Firewall :: IP Redirect With PIX 515?
Jan 3, 2012
I have a PIX 515 that i need to use as an ip redirector.For example if users try to access 80.80.80.80 ,they need to be redirected to 90.90.90.90 show ver,
Hardware: PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0: Ext: Ethernet0 : address is 000b.5fad.0c99, irq 10
1: Ext: Ethernet1 : address is 000b.5fad.0c9a, irq 11
[code]....
This platform has an Unrestricted (UR) license.
View 12 Replies
ADVERTISEMENT
Feb 29, 2012
I want to make it so if a user tries to use a different DNS server the request will be redirected to the one they should be using.I thought this might work but the ASA doesn't do PB routing
ip access-list extended transparent_dns
permit udp any any eq 53
route-map redirect_dns permit 10
match ip address transparent_dns
set ip next-hop ip.of.your.server
route-map redirect_dns permit 20
[code]....
The DNS server is windows 2003?Would policy based NAT or WCCP work for this? If so how would I go about it?
View 1 Replies
View Related
Dec 21, 2011
Windows IIS server configured behind a Cisco ASA 5540 listening on port 443 currently. Access-list and static translation configured. I have been ask to redirect all port 80 calls to port 443 for this web site only at the firewall. I have suggested moving it behind our content switch with negative results. Can we do this at the firewall level? how to accomplish the redirect for a single site. 8.2.4 is current code
View 4 Replies
View Related
Jan 5, 2012
On the inside interface and network, we have a server at, (as an example) 192.168.87.1, which acts as an email server.
The outside ip address of the ASA is, say, 200.0.0.1.
The ASA directs any imap requests from the outside interface to 192.168.87.1, which works fine from the outside. Users simply open up email, and collect emails etc.
When they come inside the office, their machine of course attempts to contact the ip address 200.0.0.1. the ASA knows it is outside interface, so they are unable to collect emails.
that any internal IMAP requests from machines on the inside to 200.0.0.1 are directed to the machine inside on 192.168.87.1?
View 5 Replies
View Related
Apr 25, 2011
i have the following scenario :
ISP1-------ASA 5510----------ISP2
|
|
|
LAN
i would like to use ISP2 for all http/https/ftp traffic.how could I force my ASA to set a different gateway for http/https/ftp traffic ?i have tried several solutions such as nat/pat rules, nothing seems to work.
View 7 Replies
View Related
Mar 27, 2012
Wondering if on the ASA (8.4) its possible to do something like what DNS rewrite does, but with IP requests. Scenario. Mobile phone accesses a web app inside our network fine over cellular. Once it comes inside on to wifi it still has the public IP address cached so the ASA doesn't allow its request to loop around and the app appears broken. We're considering lowering the TTL on the DNS host entry but I think we are battling phones/mobile OS's that don't have a strict adherence to name resolution standards. A lot just seem to refresh their caches every 10-15 minutes.
View 4 Replies
View Related
Jan 24, 2012
I have the need to do an outbound NAT redirection. So what I mean is this. I have a custom program that uses SSH to port 22 from a server inside the ASA firewall. This goes out to a server on the Internet over port 22. The ISP of the SSH server told me that they changed their SSH port from 22 to 2102. So instead of changing the custom code on the developed application on the server... I thought it would be easier to do a OUTBOUND NAT redirection for the ASA to see port 22 from the server and redirect it OUTBOUND to port 2102.
so for example:
The server is at 192.168.0.2 and it uses a program to initiate SSH traffic to 205.246.1.1. The server sends to port 22 but I need it automatically changed on the firewall to port 2201 at 205.246.1.1.
It is a Cisco ASA 5510. The server at 192.168.0.2 does have a fixed IP address on the outside with INBOUND NAT for things like port 25 (mail) traffic etc. Lets pretend that was at 64.18.23.60.
View 1 Replies
View Related
May 20, 2011
I have ASA5505 with bese-license. I like to install proxy sever in my network and i want redirect traffic to the proxy server.
Below i added configuration in my firewall.
ASA(config)#access-list wccp-servers permit ip host 192.168.6.10 any ASA(config)#access-list wccp-traffic permit ip 192.168.6.0 255.255.255.0 any ASA(config)#wccp web-cache group-list wccp-servers redirect-list wccp-traffic ASA(config)#wccp interface inside web-cache redirect in
furher configuration and if this configuration is enough, then how to check whther its working or not in my firewall.
View 1 Replies
View Related
Feb 27, 2013
I need to redirect all http and https traffic from one source in a dmz network, to port tcp/8080 on a proxy server on the inside network.
The source device doesn't handle proxying very well, so i've been advised to redirect the tcp/80 and tcp/443 ports to tcp/8080 as it passes through the firewall.
Scenario is thus:
PIX 515E 6.3 (5)
DMZ server: 172.31.255.250 (Real IP), 10.44.181.236 (NAT IP)
Inside Proxy server: 10.44.132.28 (Real IP), 172.31.255.110 (NAT IP)
I've configured a static NAT redirect using the following command: static (inside,dmz) tcp 172.31.255.110 www 10.44.132.28 8080 netmask 255.255.255.255 0 0
When I try to add the next command of: static (inside,dmz) tcp 172.31.255.110 443 10.44.132.28 8080 netmask 255.255.255.255 0 0
I get the following error: ERROR: duplicate of existing static
Is there a work around for this at all or am I stuck with the limitations of the software?
View 2 Replies
View Related
Dec 20, 2010
Right now, in my network there is no proxy server and all users go straight through the ASA to access internet. I would like to put a squid with dansguardian (for web filtering). Steps in getting all http and https traffic from ASA go via my squid?
View 18 Replies
View Related
Feb 13, 2011
I am using ASA5510 and i want to know if it is possible to redirect http traffic to an internal proxy software. I explain : PC from the LAN use a internal proxy in their IE browser but some other PC doesn't use it.They are directy connected to the Internet using the Public IP from the WAN interface ( via NAT). Can we redirected this HTTP Traffic from the WAN interface to the Proxy in the LAN ?
Http Traffic will be routed like that : PC -> WAN interface -> Proxy -> WAN interface -> Internet In fact,can we create a rule saying : All http traffic which doesn"t come from the IP Proxy must be redirected toward proxy.
View 6 Replies
View Related
Oct 24, 2012
ip redirect or forwarding. I have a web server with public IP as B.B.B.B, and I have another server with public IP as A.A.A.A.. My web site contents are with B.B.B.B, but I do not want to expose IP B.B.B.B. Users can visit my web site using A.A.A.A, and when they visit A.A.A.A, I would like to have A.A.A.A redirected to B.B.B.B behind scene. Both IP's are public, and stay different locations remotely.How to redirect IP A to B, so I can hide B?The machine with IP A.A.A.A is windows 2003 server standard.
View 5 Replies
View Related
Oct 18, 2011
Is it possible in Cisco 800 Router to redirect a website request coming from a user to an IP address?
View 3 Replies
View Related
Dec 26, 2011
You have a Cisco ASA 5520 where clients connect using Cisco Anyconnect SSL VPN, say the URL is connect.whatever.org. You would like for when a user enters either [URL] or just connect.whatever.org into their web browser that it automatically puts the required url...
View 1 Replies
View Related
Apr 12, 2011
How do I redirect the visits to a specific homepage (web site) to access a "sub" page in the same domain? Is it possible to use the Hosts file to do this? I want redirect visits to [URL]
View 5 Replies
View Related
Oct 15, 2012
What the most cost and time effective way to have an ip request return with another ip address from outside the WAN of the router.Specifically want to have an application request for example 192.168.1.121 and have 173.194.43.41 respond and communicate with the application instead. To make it a bit more interesting I'd like actually to set a table or config file to point to a domain name (url) which gets resolved as an ip address. (Port independent)To get a better understanding:one example might be typing in 192.168.1.121 in a browser and googles search engine comes up on the browser.another example might be typing in 192.168.1.121 in an ftp client and it hooks to an ftp server on the other side of the world which resolves to [URL]. I was looking at openwrt and tomato a little but I don't think I have such a complete grasp on how to do it in general. Being that it seems they are 2 different layers of the network model, I was told it can't be done but I don't know if I can believe that yet. Either by third party software or reprogramming the router or adding another device to the network.
View 3 Replies
View Related
Jun 15, 2012
I currently have CenturyLink (Qwest) DSL (12Mbps/896Kbps) and Comcast Cable (12Mbps/2Mbps) going into a Cisco RV08. I redirected all DNS traffic to the DSL line as an experiment with no decrease in web browsing speed. e are rural and speeds fluctuate considerably during the day. It seems like it's more of a response issue than a bandwidth issue. I would like to order a 2Mbps dedicated line from Comcast to use for DNS and VOIP traffic only, the DNS resolution times should be faster on that connection. There would be several tenants in this building using it for that purpose. The secondary purpose of this line would be for backup internet connectivity
View 1 Replies
View Related
Nov 2, 2011
I wonder if is posible to have (again) the usual redirect after log in. On DIR-635, DIR-855 after log in you get redirect to the STATUS if WAN connection si functional, else you get SETUP. Now, on DIR-825 even if WAN is active/functional the redirect is to SETUP page.
View 7 Replies
View Related
Dec 11, 2012
It's been awhile since work has thrown me a curve ball so I was about due. We've got a client that wants us to log into their secure portal, this is normally not a issue. The link they sent us to their 'portal' apparently takes us to the wrong page. Their solution to this is for us to create a DNS entry to resolve that URL to a specific IP address. We don't currently have a DNS server setup in house so I assumed this would be something done on the Sonicwall.
I asked them why I couldn't just go to the IP address instead of the URL anyway and they said it wouldn't work. Is this something that I can maybe create a NAT Policy for and have it redirect traffic to there? I know the SonicWall has a DNS tab but I've never touched it and I'm not sure what I would need to put in there anyway.
View 7 Replies
View Related
Mar 16, 2012
Is it possible to redirect all web traffic to a Symantec web filtering address on a particular listening port. I had a look at the Srp527w Router and can't find where this could be done.
View 1 Replies
View Related
Dec 18, 2011
I have a problem configuring URL redirect on ACE 30 (Version A4(1.0)).When a user enters IP address or a name of a service [URL], the ACE module should redirect him to the page [URL]. Here is my non-working config:
access-list OUTSIDE line 8 extended permit tcp any any eq https access-list OUTSIDE line 16 extended permit tcp any any eq www access-list OUTSIDE line 24 extended permit icmp any any
probe http Test_HTTP_1 port 80 interval 60 passdetect interval 30 passdetect count 2 request method head url /index.html expect status 200 200 open 1
rserver redirect URL_Redirect_01 webhost-redirection [URL] 302 inservicerserver host S1 ip address 10.0.0.2
inservicerserver host S2 ip address 10.0.0.3
[code]....
it works, ACE load balances to rservers. Of course, user must enter full url.With redirection configured, user recieves HTTP url redirect message with correct address [URL], but his browser does not display the page. Even directly entered full url does not display it while redirection is configured.Alternatively, does ACE30 already support url rewrite?
View 8 Replies
View Related
Apr 4, 2013
We have a WLC 2504, since a few months, it was working fine, we have a guest Wlan configure with web authentication and the DHCP scope for this in the WLC. The problem today is that its no redirecting the web browser to 1.1.1.1, we try it with 3 laptops and they recieve a correct IP from the DHCP but still can not get redirect to the web authentication portal. Have the default configuration Internal (Default).
In laptops we check the firewall, dont have a proxy activate and have google DNS.. 4.2.2.2 8.8.8.8. In fact this laptops connected to this ssid before.
View 1 Replies
View Related
Oct 19, 2011
I have a application where I have to redirect a specific URL to another. The point is that the primary URL, have some information that I want to preserv after redirection, for example: url...
The default CSS11501 behavior is to redirect the primary URL to http://xyz.com. Just that.
View 1 Replies
View Related
Sep 20, 2011
i have ACE 4710 appliance that terminate SSL and the connection to the servers is http.
The ACE (one Armed) is load balancing between two web servers and i am using stickness in order to take the connection on the same server based on cookie.I can access the website either by http or https., where on the web page there is a login credential to access using username and password.
When i access the website using https everything works fine and i can login to my account in https mode.When i access the website through http and login to my account the URL is redirected to https...normal because i am using action-list to rewrite the http into https. But when i exit the browser and access the website again using http it is not redirected to https(although i see that i am still login into my account i can see all the inforamtion in my account).
The customer wants the connection to be https even when i exit the browser and access the website again (within short time before the cookie exipres)
View 3 Replies
View Related
Jan 9, 2013
I upgraded the firmware on my wap121 and the URL redirect option is now gone. The docs all talk about using Captive portal but that is only on a wap321. How can I get the redirect back so customers who connect to my network see the site for our bar before they go on the internet?
I upgraded from the 1.0.0.3 to the latest (1.0.2.3)
View 9 Replies
View Related
Jul 12, 2011
We have W2K3 domain with Catalyst 4507 routers.Client (laptop, tablet etc) needs to redirect web traffic (port 80) to a proxy server that listens on port 8080.
Before you ask, this cannot be done using a PAC file distributed via Group Policy or the like because these devices are not controlled by us. These devices are client owned and could be non-Microsoft OS and/or non-IE browser. The theory is to have a WiFi network where clients can bring whatever they like - iPad, Android, Windows, whatever it may be but we do not control them and therefore cannot send a PAC file to it. In the case on Android it does not have a proxy setting even if we could force something.
I've looked at Policy Based Routing which appears to do half the job. I can route a web request that is on port 80 to a new location ie our proxy server. But the problem is that it arrives on the same port 80 when the proxy server only listens on port 8080.
View 10 Replies
View Related
May 16, 2012
I would like to know whether LMS 4.1 (local server mode) has the ability to relay syslog messages received from devices to an external syslog server? If so, how do I configure such?
From reading the document and going through the LMS 4.1 GUI, it appears that it could receive and forward messages but only between LMS system (ie. multi server mode) as SSL is required.
View 1 Replies
View Related
Jun 5, 2012
So stupid old copy machine in office only recognizes an IP address to send scans to.Detail:We've had an old slow XP box hooked up on the network as that IP address and it works fine... scan on copy machine and it sends it to a folder on that desktop. Everyone gets scans from that folder from a mapped drive on their esire:Want to nix the XP box and put a share folder on my WinServer2003 box (which I already set up and set permissions on).n I set on my network (and how) for IP (192.168.1.199) to go to that share folder now instead of a PC with that IP#?
View 2 Replies
View Related
Oct 28, 2012
Our company uses a commercial copier monitoring package called FMAudit to obtain meter readings from our clients' copiers, and it uses a feed to send the readings back to us. We have used port 90 for this purpose.Due to a recent server crash and emergency reconfiguration of our network, we have moved our FMAudit central server from in-house to a hosted service, with of course a different external IP address.
Without interfering with our other systems, is there a way to redirect JUST PORT 90 to another IP address external to our own? I don't care if it has to happen at the router or server level. We are using Server 2003 and a Cisco 887VAW.
View 2 Replies
View Related
Mar 7, 2012
On my 2960, 3550, and 2801 equipment which all have IOS 12.2 or 12.3 I am able to obtain things like "show tech" and save it on a tftp server in this manner: ch3550#show tech | redirect tftp://192.168.18.18/techsupport.txt,This is because the | pipe has a bunch of options it refers to as output modifiers.HOWEVER, on my 3750, I am not able to do this. The list of output modifiers has changed, and "redirect" is not available. Consider the following: The 3750 unit I am working with is WS-C3750G-12S with IOS version 12.2(25)SEB2,Now, I know I can capture the show tech output via other means such as in the buffer of Putty.exe.
View 3 Replies
View Related
Feb 6, 2012
I have a cisco 2504 running 7.0.220.0. I am trying to configure Web Auth for External Redirect, Passthrough. I have a page created on an external web server that was taken from the Web Auth Bundle and modified. It is a simple "accept" or "reject" on a Terms and Conditions page. I have a Pre-Auth ACL configured to only allow communication to the server the T&C page resides on.
When I connect to the SSID, the page redirects to the external URL and the the URL shows up in the browser window with all the variable data as a GET on the URL line, but the page never loads. It just hangs. I can copy the the URL data, paste that in once I am on-net, and the page loads just fine.
So, something is happening when the WLC is attempting to proxy-redirect the page back to the client.
View 7 Replies
View Related
Sep 11, 2012
I am having an issue with the user VPNs. For users connected via the AnyConnect VPN client, all of their Internet traffic goes out their local Internet connection, since I am using split tunneling. However, I need a specific public IP address to go through the VPN tunnel and out the DIA at the main office, rather than the user's local internet connection. I managed to have this IP address go through the tunnel to the ASA at the main office, but it appears that it gets blocked somewhere there, or maybe the return traffic gets blocked. I am using an ASA 5520 at the main office, with software version 8.3.
View 3 Replies
View Related
Jan 31, 2011
I am configuring a WAE-7341 for standalone content engine ACNS used for webcaching only.When I enable the l2-redirect and l2-return on the WAE I get high CPU on my Cisco 6504-E with WS-SUP32-GE-3B - WS-F6K-PFC3B. The 6500 shows the wccp status as L2 for redirection and return and webcache works but this CPU spikes to 70%. [code] I don't see which process is causing this but if I remove WCCP from the interface, it drops to 1% so I know for a fact that WCCP is causing this.
If I remove the l2-redirect and l2-return on the WAE, WCCP on the 6500 registers GRE for redirection and return on the 6500 and CPU drops to 5%.If I enable the "wccp webcache accelerated" option on the 6500, I cannot get WCCP up with or without the l2-return and l2-redirect options on the WAE, it displays: [code] does this 6500 not have the hardware redirect/rewrite capability? My WAE is directly connected to the 6500 WS-X6548-GE-TX blade on the same vlan that I am doing a wccp redirect on.
View 7 Replies
View Related
