Cisco Firewall :: Information Required On ASA5505
Jan 1, 2012
I am looking into buying an ASA5505 but I would like to know if it is going to work in my setup. I have an Internet connection and 2 seperate networks. I know that the ASA5505 has 8 ports and I would like to know if I can assign each port to a different network zone? I dont want to use VLAN but physical networks. I know it is possible with ASA5510 and above but I want to make sure I can do the same with a ASA5505 (Without the security upgrade). I want to get an ASA5505 unlimited users.
So an Internet connection (with multiple IPs), 2 seperate networks, I want to filter traffic between all 3 and route between them also.
View 2 Replies
ADVERTISEMENT
Feb 13, 2013
I have a ASA5505 with version 8.4(3) that it's working as a DHCP server and I would like to get information about IPs availables (or assignated) on theirs pools via SNMP but I can't find the MIB or OID that I need.
What MIB that I need?
View 1 Replies
View Related
Jan 29, 2011
We are looking at buying an ASR1001 but I'm confused by the Licenses and I've struggled to find the information in the cisco data sheets. The router will need to run IPSEC on gre tunnels and I figure that I need the IPSEC license (FLSASR1-IPSEC) do I also require the Advanced IP Services license? or is all that is required the IPSEC license? Is there some sort of list that shows the feature set of each license, they cost the same amount so I'm not sure which license fits what we require best or if we need both.
View 1 Replies
View Related
Mar 21, 2011
I tried to find the EOL or EOS of the IOS A2(1.6a) of our ACE10-6500-K9 module.what to do ?
View 1 Replies
View Related
Jun 22, 2011
I have a ASA 5510 firewall with CSC module and Security Plus license for CSC module.Will you tell me how to configure my firewall to send emails to particular mail ID when someone login into the firewall or any virus attacks from outside.
View 6 Replies
View Related
Apr 2, 2013
Its more for information purposes. I am trying to compile some information together to get a better understanding of them so anything generic would do. Such as what it looks for in the traffic to block attacks, negative impacts of performance and a couple of top products I could have a browse of and so on.
View 1 Replies
View Related
Jan 3, 2013
I am in need of some information regarding licesnes on the ASA 5505.I have a client who is connecting their main office to a DR site via a site-to-site VPN. I understand that the standard license for the ASA 5505 is for 10 clients.Does the site-to-site connection consume one of these licenses?Does each endpoint communicating over the site-to-site VPN consume one license also?For example, if I have the site-to-site VPN and 10 servers on each side, would that mean that I need 21 licenses; 1 for the VPN and 20 for each server on each side?
View 4 Replies
View Related
May 22, 2011
I´m looking for a firewall for my company and am reading about both Cisco ASA 5505 with Security Plus bundle and Cisco ASA 5510 with Security Plus bundle and I have a few questions.This is the document i´m getting my information from.URL,It states the following:Cisco ASA 5505 Security Plus bundle,Includes Cisco ASA 5505, unlimited users, 8-port Fast Ethernet switch, stateful firewall, 25 IPsec VPN peers, 2 SSL VPN peers, stateless Active/Standby high availability, dual ISP support, DMZ support, 3DES/AES license, and 1 expansion slot.
View 5 Replies
View Related
Jun 14, 2011
i would like to get information from my ASA5520 using SNMP V2c such as :
-xtable entries
-ARP cache table
does it's possible or not ..
View 2 Replies
View Related
Nov 15, 2012
I am quite new to firewall, in my company one asa 5510 firewall is there.I configured inside, outside, dns, dhcp and nating.I need to config bandwidth limit (1Mbps) for inside port and I restruct like facebook, youtube and pornsites..And I heard that some subscription is required, really is it required?
View 1 Replies
View Related
Mar 31, 2013
I have one firewall need to be configured in transparent mode. I have inside and outside router. What is the configuration of transparent firewall ASA8.2. I didn't find the configuration on Cisco site.
View 17 Replies
View Related
May 4, 2011
Configured ASA 5510 with CSC module and working fine.Here i likes to configure, Whenever any users from outside accessing my firewall (like VPN users) that logging information i need to send one particular mail ID.Simply, i likes to enable my fireawall to send logging information to one particular mail id.
View 10 Replies
View Related
May 31, 2011
Configured ASA 5510 with CSC module and working fine.Whenever any users from outside accessing my firewall (like VPN users) that logging information i need to send one particular mail ID.
Simply, i likes to enable my fireawall to send logging information to one particular mail id.
View 1 Replies
View Related
Sep 27, 2012
I have a question about Cisco ASA 5505 firewall.We need 3 interfaces on the firewall , "inbound", "outbound" and "DMZ" , to control traffic between these zones.
Can we do this with Cisco ASA 5505 50-user bundle , or do we need to purchase Cisco ASA 5505 Security Plus bundle to get the DMZ zone working.
View 4 Replies
View Related
Oct 18, 2011
I am very confused on how I setup a Pix 515 that I just got to route traffic out a cable modem. First, let me give you a little details on my current network setup and what I am trying to accomplish with this Pix 515. Currently all my users go out the proxy for any internet access, however I have certain users that need to go out the cable modem instead of the proxy server. Below is an example of the current IP setup of a user A:The cable modem that we currently have has DHCP so I would need the external PIX address to accept a DHCP address. I also don't really understand what else I need to setup so if I have say four users hitting the cable modem through the pix how do I direct their web traffic to the correct computer (NAT ?),I will be plugging the PIX into a cisco switch that all ports are in VLAN 48 so hopefully a static internal address on the pix of 10.24.48.254 will keep me from having to do any routes since all traffic will be originating from the 10.24.48.0 network.
View 1 Replies
View Related
Jun 14, 2011
I have two ASA 5510 with Security Plus license and Shared SSL VPN licensing enabled.
The problem is that the client get “Session could not be established: session limit of 25 reached” but ther is only 6 ssl vpn user connected with AnyConnect.The software on the firewall’s is 8.2(1)Is there any BUG in this software related to this problem?
View 1 Replies
View Related
Jun 6, 2012
We have purchased a new Websense 10000 Appliance and I'm not a hundred percent how to set this up. I see that URL Filtering is a possibility and WCCP, which way to move forward on implementing this?
View 4 Replies
View Related
Apr 19, 2011
I am trying to set up my Cisco 520 router with a firewall that will: Allow port 80 traffic to the vlan 20,Block all other incomming ports to vlan 20 (unless initalised from inside),Allow all outgoing ports on vlan 20,Block all access from vlan 20 to vlan 10 (unless initalised from vlan 10)
View 35 Replies
View Related
Jan 10, 2012
I'm in the process of migrating a rather big NAT configuration from a customer running pre 8.2 ASA software.The customer has 2 Dynamic Policy NAT configured which have overlapping source addressesOther Dynamic Policy NAT has the destination address of "any"
Other Dynamic Policy NAT has a single host address as destination address towards InternetThe Dynamic Policy NAT configured with the "any" destination is applied to all translations for the source host towards Internet
What I'm interested in is the following
Since both NAT statements are equal in a sense (because they are of same type) what is the next deciding factor for ASA decides which translation rule to use?
Does the "nat_id" parameter define which rule is checked first? Is the NAT rule with the lowest "nat_id" value used regardless what the order of the NAT rules is when you check them on the CLI? (with "show run global" and "show run nat")I'm just interested on how the NAT operates in this case, even though were generally using 8.4 at the moment.
View 6 Replies
View Related
May 16, 2011
I upgraded my ASA 5520 with the latest image. Now I get an error upon launching ASDM.Your ASA image has a version number 7.2(4) which is not supported by ASDM 6.4(1), use Device Manager version 5.2(x)Continue Anyway?
What are the newest, recomended image versions of ASA and ASDM I should be using?I will also be using the SSM-20 module with this setup, so I would like to stay with a working version of ASDM.
View 1 Replies
View Related
Apr 29, 2013
I have a problem with the configuration of the ACL of my ASA 5505 router.However, the syntax seems okay,access-list 121 extended deny icmp 192.168.0.0 255.255.255.0 .
View 3 Replies
View Related
Feb 24, 2011
I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.
When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.
The ASA5505 configuration is shown below.
hostname Firewall
interface Ethernet0/0
description Connected To Internet Router
switchport access vlan 10
[Code].....
View 2 Replies
View Related
Aug 17, 2011
I am looking at upgrading an HA pair of ASA5520's from 8.2(2) to 8.3(1), and am just wondering why the huge upgrade in memory is needed. How are Cisco justifying where the additional memory is going to? Are there supposed to be some massive improvements in performance?
View 2 Replies
View Related
Jul 13, 2011
I have existing Sonic FW in my company we are moving from sonic FW to ASA 5510 Security plus lice. I have two ISP currently connected to sonic Firewall I am planning to implement Dual ISP configuration on ASA5510.
View 12 Replies
View Related
Nov 27, 2011
I have an ASA 5501 running latest code. Per the article at [URL], I need to open the below ports. I have 5 Xboxes (when people come over) and they all have a static IP. My network is 192.168.0.x and is a /24 network.Xbox LIVE requires the following ports to be open: Port 88 (UDP)Port 3074 (UDP and TCP)Port 53 (UDP and TCP)Port 80 (TCP)port 1863 (UDP and TCP) (Kinnect) I defined the various network ports as a service and then created 5 hosts called xbox1, 2, etc with a static IP. I dont have access from the command line (forgot telnet and ssh passwords) , so from the gui, what do I do next?
View 7 Replies
View Related
Feb 27, 2012
I have a 5505 configured with a active/standby dual wan setup using the sla tracked connection settings. Is there a way to configure the ASA to stay on the backup connection after activating? We had a situation where the main T1 was bouncing, so the backup connection was being activated and deactivated very often. The problem is that there is an app being used that does not allow users to reconnect to dropped connections immediately, so every time the asa switches wan connections it causes a significant disruption.I should note that I already set monitor options frequency to 240 seconds. I could set it higher, but then we have a longer delay when the main connection dies.
View 2 Replies
View Related
Feb 24, 2011
Is there a Security Plus trial license available for the ASA 5500 series? I currently have one sitting around that I would like to use for testing, but it only has the base license.
View 2 Replies
View Related
May 17, 2011
i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.
View 2 Replies
View Related
Jul 14, 2011
I've recently upgraded my old firewall from a PIX to an ASA5505 and have been trying to match up the configuration settings to no avail. I have is that I can't ping the new firewall on it's inside interface, despite having "icmp permit any inside" in the running config. Secondly, the server I have on there ("Sar") can't connect out to the internet.I've included the ASA's running config incase anybody can see if something stands out. I have a feeling it's either not letting anything onto the inside interface, or there is no nat going on. Lastly (and possibly relevant), the firewall is actually going at the end of a vlan, which is different to the firewall's inside vlan number. I don't know if this is actually the problem because the server can't connect out even if connected directly into the firewall.
View 32 Replies
View Related
Jan 9, 2013
Internet ISP -> Juniper SRX 210 Ge-0/0/0
Juniper fe0/0/2 -> Cisco ASA 5505
Cisco ASA 5505 - >Inernal LAN switch.
1. Internet is connected to Juniper Ge0/0/0 via /30 IP.
2. Juniper fe0/0/2 port is configured as inet port and configured the Internal public LAN pool provided by the ISP. And this port is directly connected to Cisco ASA 5505 E0/0. Its a /28 pool IP address. This interface is configured as outside and security level set to 0.
From Juniper SRX, am able to ping public Internet IPs (8.8.8.8).
Issue:
1. From ASA am unable to ping public ip configured on Juniper G0/0/0 port.(/30)
2. From ASA no other Public internet IP is pinging.
Troubleshooting Done so far.
1, Configured icmp inspection on ASA.
2. Used the packet tracer in ASA, it shows the packet is flowing outside without a drop.
3. Allowed all services in untrust zone in bound traffic in Juniper SRX.
4. Viewed the logs when I was trying the ping 8.8.8.8 in ASA. It says "Tear down ICMP connection for faddrr **** gaddr **
View 2 Replies
View Related
Sep 20, 2012
I like to set up a pix and router for this network for a small buss, but I need to know what type of cable do I need to set this connection to work straight through or a cross over cable? also I need a subgestion if a nat would work better on the pix or leave it on the router?
View 4 Replies
View Related
Oct 16, 2012
I've gotten to the point where I can test against active directory and get in, also I can get AD groups from my server on the ASA. My problem, I can't connect in via my AnyConnect client on my Android. I immediately get a "log in failed" and I know I'm using the right username/pass. Doing a little troubleshooting, I have attached my AnyConnect debug log and the results of the "debug ldap 255" command on the ASA. Also, I've used ldp.exe to determine I can connect in with the username/password combo I'm using.Combing through the AnyConnect logs I see a few instances of "global error unexpected" but no Google searches have brought up anything useful.
View 7 Replies
View Related
Mar 10, 2012
I got a project where I have to provide NATTED addresses to cutomers for the internal servers and I found out that the outside address range /27 already in use. We are using 5510 with ver 8.1. We cant use PAT here.
View 1 Replies
View Related