I have a PIX 515 that i need to use as an ip redirector.For example if users try to access 80.80.80.80 ,they need to be redirected to 90.90.90.90 show ver,
Hardware: PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0: Ext: Ethernet0 : address is 000b.5fad.0c99, irq 10
1: Ext: Ethernet1 : address is 000b.5fad.0c9a, irq 11
I want to make it so if a user tries to use a different DNS server the request will be redirected to the one they should be using.I thought this might work but the ASA doesn't do PB routing
ip access-list extended transparent_dns permit udp any any eq 53 route-map redirect_dns permit 10 match ip address transparent_dns set ip next-hop ip.of.your.server route-map redirect_dns permit 20
[code]....
The DNS server is windows 2003?Would policy based NAT or WCCP work for this? If so how would I go about it?
Windows IIS server configured behind a Cisco ASA 5540 listening on port 443 currently. Access-list and static translation configured. I have been ask to redirect all port 80 calls to port 443 for this web site only at the firewall. I have suggested moving it behind our content switch with negative results. Can we do this at the firewall level? how to accomplish the redirect for a single site. 8.2.4 is current code
On the inside interface and network, we have a server at, (as an example) 192.168.87.1, which acts as an email server.
The outside ip address of the ASA is, say, 200.0.0.1.
The ASA directs any imap requests from the outside interface to 192.168.87.1, which works fine from the outside. Users simply open up email, and collect emails etc.
When they come inside the office, their machine of course attempts to contact the ip address 200.0.0.1. the ASA knows it is outside interface, so they are unable to collect emails.
that any internal IMAP requests from machines on the inside to 200.0.0.1 are directed to the machine inside on 192.168.87.1?
i would like to use ISP2 for all http/https/ftp traffic.how could I force my ASA to set a different gateway for http/https/ftp traffic ?i have tried several solutions such as nat/pat rules, nothing seems to work.
Wondering if on the ASA (8.4) its possible to do something like what DNS rewrite does, but with IP requests. Scenario. Mobile phone accesses a web app inside our network fine over cellular. Once it comes inside on to wifi it still has the public IP address cached so the ASA doesn't allow its request to loop around and the app appears broken. We're considering lowering the TTL on the DNS host entry but I think we are battling phones/mobile OS's that don't have a strict adherence to name resolution standards. A lot just seem to refresh their caches every 10-15 minutes.
I have the need to do an outbound NAT redirection. So what I mean is this. I have a custom program that uses SSH to port 22 from a server inside the ASA firewall. This goes out to a server on the Internet over port 22. The ISP of the SSH server told me that they changed their SSH port from 22 to 2102. So instead of changing the custom code on the developed application on the server... I thought it would be easier to do a OUTBOUND NAT redirection for the ASA to see port 22 from the server and redirect it OUTBOUND to port 2102.
so for example:
The server is at 192.168.0.2 and it uses a program to initiate SSH traffic to 205.246.1.1. The server sends to port 22 but I need it automatically changed on the firewall to port 2201 at 205.246.1.1.
It is a Cisco ASA 5510. The server at 192.168.0.2 does have a fixed IP address on the outside with INBOUND NAT for things like port 25 (mail) traffic etc. Lets pretend that was at 64.18.23.60.
I need to redirect all http and https traffic from one source in a dmz network, to port tcp/8080 on a proxy server on the inside network.
The source device doesn't handle proxying very well, so i've been advised to redirect the tcp/80 and tcp/443 ports to tcp/8080 as it passes through the firewall.
Right now, in my network there is no proxy server and all users go straight through the ASA to access internet. I would like to put a squid with dansguardian (for web filtering). Steps in getting all http and https traffic from ASA go via my squid?
I am using ASA5510 and i want to know if it is possible to redirect http traffic to an internal proxy software. I explain : PC from the LAN use a internal proxy in their IE browser but some other PC doesn't use it.They are directy connected to the Internet using the Public IP from the WAN interface ( via NAT). Can we redirected this HTTP Traffic from the WAN interface to the Proxy in the LAN ?
Http Traffic will be routed like that : PC -> WAN interface -> Proxy -> WAN interface -> Internet In fact,can we create a rule saying : All http traffic which doesn"t come from the IP Proxy must be redirected toward proxy.
ip redirect or forwarding. I have a web server with public IP as B.B.B.B, and I have another server with public IP as A.A.A.A.. My web site contents are with B.B.B.B, but I do not want to expose IP B.B.B.B. Users can visit my web site using A.A.A.A, and when they visit A.A.A.A, I would like to have A.A.A.A redirected to B.B.B.B behind scene. Both IP's are public, and stay different locations remotely.How to redirect IP A to B, so I can hide B?The machine with IP A.A.A.A is windows 2003 server standard.
You have a Cisco ASA 5520 where clients connect using Cisco Anyconnect SSL VPN, say the URL is connect.whatever.org. You would like for when a user enters either [URL] or just connect.whatever.org into their web browser that it automatically puts the required url...
How do I redirect the visits to a specific homepage (web site) to access a "sub" page in the same domain? Is it possible to use the Hosts file to do this? I want redirect visits to [URL]
What the most cost and time effective way to have an ip request return with another ip address from outside the WAN of the router.Specifically want to have an application request for example 192.168.1.121 and have 173.194.43.41 respond and communicate with the application instead. To make it a bit more interesting I'd like actually to set a table or config file to point to a domain name (url) which gets resolved as an ip address. (Port independent)To get a better understanding:one example might be typing in 192.168.1.121 in a browser and googles search engine comes up on the browser.another example might be typing in 192.168.1.121 in an ftp client and it hooks to an ftp server on the other side of the world which resolves to [URL]. I was looking at openwrt and tomato a little but I don't think I have such a complete grasp on how to do it in general. Being that it seems they are 2 different layers of the network model, I was told it can't be done but I don't know if I can believe that yet. Either by third party software or reprogramming the router or adding another device to the network.
I currently have CenturyLink (Qwest) DSL (12Mbps/896Kbps) and Comcast Cable (12Mbps/2Mbps) going into a Cisco RV08. I redirected all DNS traffic to the DSL line as an experiment with no decrease in web browsing speed. e are rural and speeds fluctuate considerably during the day. It seems like it's more of a response issue than a bandwidth issue. I would like to order a 2Mbps dedicated line from Comcast to use for DNS and VOIP traffic only, the DNS resolution times should be faster on that connection. There would be several tenants in this building using it for that purpose. The secondary purpose of this line would be for backup internet connectivity
I wonder if is posible to have (again) the usual redirect after log in. On DIR-635, DIR-855 after log in you get redirect to the STATUS if WAN connection si functional, else you get SETUP. Now, on DIR-825 even if WAN is active/functional the redirect is to SETUP page.
It's been awhile since work has thrown me a curve ball so I was about due. We've got a client that wants us to log into their secure portal, this is normally not a issue. The link they sent us to their 'portal' apparently takes us to the wrong page. Their solution to this is for us to create a DNS entry to resolve that URL to a specific IP address. We don't currently have a DNS server setup in house so I assumed this would be something done on the Sonicwall.
I asked them why I couldn't just go to the IP address instead of the URL anyway and they said it wouldn't work. Is this something that I can maybe create a NAT Policy for and have it redirect traffic to there? I know the SonicWall has a DNS tab but I've never touched it and I'm not sure what I would need to put in there anyway.
Is it possible to redirect all web traffic to a Symantec web filtering address on a particular listening port. I had a look at the Srp527w Router and can't find where this could be done.
I have a problem configuring URL redirect on ACE 30 (Version A4(1.0)).When a user enters IP address or a name of a service [URL], the ACE module should redirect him to the page [URL]. Here is my non-working config:
access-list OUTSIDE line 8 extended permit tcp any any eq https access-list OUTSIDE line 16 extended permit tcp any any eq www access-list OUTSIDE line 24 extended permit icmp any any probe http Test_HTTP_1 port 80 interval 60 passdetect interval 30 passdetect count 2 request method head url /index.html expect status 200 200 open 1 rserver redirect URL_Redirect_01 webhost-redirection [URL] 302 inservicerserver host S1 ip address 10.0.0.2 inservicerserver host S2 ip address 10.0.0.3
[code]....
it works, ACE load balances to rservers. Of course, user must enter full url.With redirection configured, user recieves HTTP url redirect message with correct address [URL], but his browser does not display the page. Even directly entered full url does not display it while redirection is configured.Alternatively, does ACE30 already support url rewrite?
We have a WLC 2504, since a few months, it was working fine, we have a guest Wlan configure with web authentication and the DHCP scope for this in the WLC. The problem today is that its no redirecting the web browser to 1.1.1.1, we try it with 3 laptops and they recieve a correct IP from the DHCP but still can not get redirect to the web authentication portal. Have the default configuration Internal (Default).
In laptops we check the firewall, dont have a proxy activate and have google DNS.. 4.2.2.2 8.8.8.8. In fact this laptops connected to this ssid before.
I have a application where I have to redirect a specific URL to another. The point is that the primary URL, have some information that I want to preserv after redirection, for example: url...
The default CSS11501 behavior is to redirect the primary URL to http://xyz.com. Just that.
i have ACE 4710 appliance that terminate SSL and the connection to the servers is http.
The ACE (one Armed) is load balancing between two web servers and i am using stickness in order to take the connection on the same server based on cookie.I can access the website either by http or https., where on the web page there is a login credential to access using username and password.
When i access the website using https everything works fine and i can login to my account in https mode.When i access the website through http and login to my account the URL is redirected to https...normal because i am using action-list to rewrite the http into https. But when i exit the browser and access the website again using http it is not redirected to https(although i see that i am still login into my account i can see all the inforamtion in my account).
The customer wants the connection to be https even when i exit the browser and access the website again (within short time before the cookie exipres)
I upgraded the firmware on my wap121 and the URL redirect option is now gone. The docs all talk about using Captive portal but that is only on a wap321. How can I get the redirect back so customers who connect to my network see the site for our bar before they go on the internet?
I upgraded from the 1.0.0.3 to the latest (1.0.2.3)
We have W2K3 domain with Catalyst 4507 routers.Client (laptop, tablet etc) needs to redirect web traffic (port 80) to a proxy server that listens on port 8080.
Before you ask, this cannot be done using a PAC file distributed via Group Policy or the like because these devices are not controlled by us. These devices are client owned and could be non-Microsoft OS and/or non-IE browser. The theory is to have a WiFi network where clients can bring whatever they like - iPad, Android, Windows, whatever it may be but we do not control them and therefore cannot send a PAC file to it. In the case on Android it does not have a proxy setting even if we could force something.
I've looked at Policy Based Routing which appears to do half the job. I can route a web request that is on port 80 to a new location ie our proxy server. But the problem is that it arrives on the same port 80 when the proxy server only listens on port 8080.
I would like to know whether LMS 4.1 (local server mode) has the ability to relay syslog messages received from devices to an external syslog server? If so, how do I configure such?
From reading the document and going through the LMS 4.1 GUI, it appears that it could receive and forward messages but only between LMS system (ie. multi server mode) as SSL is required.
So stupid old copy machine in office only recognizes an IP address to send scans to.Detail:We've had an old slow XP box hooked up on the network as that IP address and it works fine... scan on copy machine and it sends it to a folder on that desktop. Everyone gets scans from that folder from a mapped drive on their esire:Want to nix the XP box and put a share folder on my WinServer2003 box (which I already set up and set permissions on).n I set on my network (and how) for IP (192.168.1.199) to go to that share folder now instead of a PC with that IP#?
Our company uses a commercial copier monitoring package called FMAudit to obtain meter readings from our clients' copiers, and it uses a feed to send the readings back to us. We have used port 90 for this purpose.Due to a recent server crash and emergency reconfiguration of our network, we have moved our FMAudit central server from in-house to a hosted service, with of course a different external IP address.
Without interfering with our other systems, is there a way to redirect JUST PORT 90 to another IP address external to our own? I don't care if it has to happen at the router or server level. We are using Server 2003 and a Cisco 887VAW.
On my 2960, 3550, and 2801 equipment which all have IOS 12.2 or 12.3 I am able to obtain things like "show tech" and save it on a tftp server in this manner: ch3550#show tech | redirect tftp://192.168.18.18/techsupport.txt,This is because the | pipe has a bunch of options it refers to as output modifiers.HOWEVER, on my 3750, I am not able to do this. The list of output modifiers has changed, and "redirect" is not available. Consider the following: The 3750 unit I am working with is WS-C3750G-12S with IOS version 12.2(25)SEB2,Now, I know I can capture the show tech output via other means such as in the buffer of Putty.exe.
I have a cisco 2504 running 7.0.220.0. I am trying to configure Web Auth for External Redirect, Passthrough. I have a page created on an external web server that was taken from the Web Auth Bundle and modified. It is a simple "accept" or "reject" on a Terms and Conditions page. I have a Pre-Auth ACL configured to only allow communication to the server the T&C page resides on.
When I connect to the SSID, the page redirects to the external URL and the the URL shows up in the browser window with all the variable data as a GET on the URL line, but the page never loads. It just hangs. I can copy the the URL data, paste that in once I am on-net, and the page loads just fine.
So, something is happening when the WLC is attempting to proxy-redirect the page back to the client.
I am having an issue with the user VPNs. For users connected via the AnyConnect VPN client, all of their Internet traffic goes out their local Internet connection, since I am using split tunneling. However, I need a specific public IP address to go through the VPN tunnel and out the DIA at the main office, rather than the user's local internet connection. I managed to have this IP address go through the tunnel to the ASA at the main office, but it appears that it gets blocked somewhere there, or maybe the return traffic gets blocked. I am using an ASA 5520 at the main office, with software version 8.3.
I am configuring a WAE-7341 for standalone content engine ACNS used for webcaching only.When I enable the l2-redirect and l2-return on the WAE I get high CPU on my Cisco 6504-E with WS-SUP32-GE-3B - WS-F6K-PFC3B. The 6500 shows the wccp status as L2 for redirection and return and webcache works but this CPU spikes to 70%. [code] I don't see which process is causing this but if I remove WCCP from the interface, it drops to 1% so I know for a fact that WCCP is causing this.
If I remove the l2-redirect and l2-return on the WAE, WCCP on the 6500 registers GRE for redirection and return on the 6500 and CPU drops to 5%.If I enable the "wccp webcache accelerated" option on the 6500, I cannot get WCCP up with or without the l2-return and l2-redirect options on the WAE, it displays: [code] does this 6500 not have the hardware redirect/rewrite capability? My WAE is directly connected to the 6500 WS-X6548-GE-TX blade on the same vlan that I am doing a wccp redirect on.
