Cisco Firewall :: Initial ASA 5505 Setup?
Aug 4, 2011I have a new Cisco ASA 5505 which I am trying to just setup so that all computers on the LAN can get to the internet (browsing and ping). My current setup attached.
View 1 Replies
ADVERTISEMENT
Cisco :: 2620xm Initial Setup Console
May 7, 2012I can start a console connection with my 2620xm, but the only output I get from the terminal software (Putty and Tera Term) is the character " ÿ " at all times even through bootup. For every boot up, I get an additional " ÿ ".I have Baud 9600, 8 bit, no parity, stop 2 bits, no flow.Is there something I am missing?
View 10 Replies View RelatedCisco Switching/Routing :: 891W ISR - Can't Do Initial Setup?
Nov 6, 2011I'm new to using Cisco Config Professional Express but a lot of things are just "off" with this utility. But my problem for this post is specifically the 891W's internal access point, or initial access to it.
My situation is that I have some 891W's. It's my first time working with them, as well as with CCP Express (2.5). After isolating the router and my PC to their own network, using the IP my PC got via DHCP frmo the router I opened a web broswer and connected to the router. The initiial configuration wizard came up and I went through the various screens. One of those screens had basic config info for the internal wireless AP which I provided. Somewhere in that screen it asked for a Hostname for the AP, and a password. It doesn't askfor a username though. To ensure I wouldn't run into confision, I made sure to set every password I ever get asked to configure as the same thing so the AP's password was also the same.
However after I finish with the wizard, the java-based CCP Express begins prompting me for first the main router credentials which I provide and it gets the router config, then it prompts mefor the username/password for the Access Point. First of all, the initial config wizard had never asked me for the username for the access point, only the hostname, and the password. I had assumed it was just going to use the main router username, or perhaps a blank username.
In any case, nothing I type ever works. I've used cisco/cisco, or a blank username with my new password, or the same username as the main router with the password ---- nothing. This is now the 4th time I have completely Reset the router to factory defaults and while I am learning the use of CCP Express through repetition, I'd also like to get this thing configured and out the door so my customer can use it.
Cisco :: 851W Initial Setup / SDM Wizard Fails
Jun 21, 2011I bought a Cisco 851W router from a coworker about a year ago and tried setting it up at my home with nothing but headaches. I finally gave up and went with DD-WRT and have yet to look back (my $40 router outperforms this thing on so many levels, but I'm getting off-topic!). I recently re-discovered this beast and pulled it out of storage to see if I could get a test network setup at home to practice on. I checked for any IOS updates and downloaded (and installed) the lastest image (c850-advsecurityk9-mz.124-15.T15.bin). I consoled in and verified the initial 10.10.10.1 IP was configured in the VLAN1 interface and directly connected a PC to one of the switchports and pulled a 10.10.10.2 address. I pull up SDM from my browser (I have used FF, IE, and Chrome, all with the same results. Java version is the latest, 6 Update 26.) and it launches the initial configuration wizard. I go through the steps and get up to the DHCP Configuration (after LAN, before Internet/WAN setup) and try to click Next and nothing happens. It doesn't freeze as I can easily go Back, but can never move forward beyond the DHCP configuration. Pressing Cancel on the wizard just shuts down SDM as a whole and exits.
In my troubleshooting steps, I did notice that as soon as I click Next in the DHCP configuration, nothing will happen in the wizard, but the SDM window in the background will automatically present the "Apply Changes" and "Discard Changes" buttons, which weren't there in the previous steps. Of course, neither of those are clickable due to the wizard being open. I really don't want to configure this thing from scratch using the CLI if I don't have to..is there ANY way I can bypass the SDM Wizard at all? Also, I'm running SDM Express, would downloading ASDM and trying to connect from there make any difference?
Cisco Wireless :: Initial Setup Loop On 5508
Apr 5, 2013I have a new from the box 5508 which I am attempting to follow the initial setup process to IP it. When I make it through the initial setup the box reboots buts brings me back to the "terminate auto-install" prompt again for some weird reason?
View 2 Replies View RelatedCisco Switching/Routing :: ASA 5505 Initial Switch Configuration
Jun 24, 2012I am interested in learning and setting up VPN IPSec with Cisco ASA 5505. I've managed to successfully setup VPN andcan connect to it from outside and browse securely to the outside/internet via tunnel. However, once I am connected to VPN, I cannot access any of my internal hosts/servers via VPN client. I am wondering it its a missing ACL/NAT...ASA Version 8.2(5)
!
hostname ciscoasa
enable password xxxxxxxxxxx encrypted
passwd xxxxxxxxx encrypted
names
[code]....
Cisco Wireless :: 6500 - Unable To Connect Via GUI After Initial WISM2 Setup
Feb 7, 2013I've installed our previous WISMs and other WISM2s previously and never had a problem.
6500 running SXJ2. WISM2 running 7.3.101.0 (which is what the rest of our WISM2s are on)
Insert WISM and go through initial setup. Run a show wism status on the 6500, and show sysinfo on the WISM. All looks good. Service port and management vlans are up. From the 6500 I can ping the service port IP, but not the management IP. From the WISM I can't ping the managment default gw but I can the service port. Unable to get anything back from the GUI..not surprising as not even ping works.
Now, as I said I've done it this way many times before...in fact I'm following my documentation from the last successful implementation and even adding in Cisco docs.
Cisco Switching/Routing :: SR520-FE-K9 Initial Setup Blocks HTTP
Sep 4, 2012I have a fresh SR520 that I only did two things to it using CCA 3.2(1):
1. Assign the address of FA4 to be 1.23.456.90 with a mask of 255.255.255.252
2. Declared a static nat of 1.23.456.90 port 80 to 192.168.75.12 port 80
I connected laptops to two ports:
1. FA0 (DHCP assigned laptop the address 192.168.75.12)
2. FA4 with the address on the laptop set to 1.23.456.90 and mask of 255.255.255.252
This is an exercise to simulate a cable internet configuration I will install the SR520 into.I can ping and point my browser to 1.23.456.89 and access the web server running there on port 80 via the inside laptop.I CANNOT point my browser to 1.23.456.90 from the outside laptop and make a connection.
What I am doing wrong with NAT? (I believe the problem lies therein as I did even try telling CCA to delete the firewall and I still could not connect to the inside web server).I have a network monitor (Wireshark) on the inside and see nothing coming across. I THINK I see successful NAT translations in the NAT logging (also in the attachment).
Cisco Firewall :: Failover ASA 5505 - Setup Second Inside Interface On Firewall?
Feb 19, 2012I have a Cisco ASA 5505 in our office. We are currently using Interface 0 for outside and 1 for inside. We only have 1 Vlan in our environment. We have two three switches behind the firewall. Today the uplink to Interface 1, to the firewall, on the switch went bad. I want to setup a second inside interface on the firewall and configure it as failover incase this happens again. I want to attach it to the other switch. Can I do this? If so, what do I need to do? would it only be a passive/standby interface?
View 1 Replies View RelatedCisco Firewall :: ASA 5510 And 5505 Setup
Aug 16, 2010I currently use MS ISA Server 2006 to protect a windows internal network, where there is also an MS Exchange server. I have acquired a Cisco 5510 to enhance security at main office. Later I will have ASA 5505 for branches, including VPN-ning. to have firewall at main office. I have several public IPs and would like to setup DMZ for Web, Exchange server and FTP. How do I setup interface and sub-interface for the DMZ?Can I continue using ISA Server connecting to Cisco 5510 on the perimeter? If so, How do I set the interfaces (and sub-interfaces) as well as NAT-ting and access configuration between the inside and outside?
View 12 Replies View RelatedCisco Firewall :: Initial Connections To SQL Servers Timeout Through ASA 8.2(1)
Aug 23, 2012I am on version 8.2(1) of ASA Code.When accessing a SQL server on a secure internal interface,(Traffic is sourcing from DMZ) i'm getting some timeouts on the initial connection on port 1433. All subsequent connections work fine. Packet tracer shows the connection builds properly, and shouldn't have a connectivity issue. The problem server is a webserver that connects back through the firewall to access the SQL server on port 1433. We also have many other webservers in the DMZ which access the same SQL server, but do not have the same timeout issues. Here are my timeouts, from the config
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
arp timeout 14400
I've seen a couple articles about increasing the tcp timeout to 3 hours for the DMZ interface?
Cisco Firewall :: Stuck At Initial Stage PIX 515e
Oct 30, 2011I have a new pix 515e for Home practice.
1. I couldn't telnet the switch after configuring. should i have to use cross cable or not to connect PC-PIX? (as new switches and routers run through straight cable). more importantly i couldn't even ping the inside ip which is telnet and ssh enabled.
2. Receiving the following after executing each and every command on global mode.
-Configuration Replication is NOT performed From standby Unit to Active Unit
-Configurations are no longer synchronized.
Cisco Firewall :: ASA 5505 Transparent Mode Setup?
Dec 5, 2011i need to configure a ASA 5505 in transparent mode.learned from Internet, my configuration is :
int e0/0 --- vlan 1---->nameif outside
int e0/4 --- vlan 2------> nameif inside
gloable ip is 172.17.104.10 255.255.255.0
http server enable
http 172.17.104.0 255.255.255.0 inside
when i connect the outside interface to one PC with ip addr 172.17.104.194 my PC connect to inside interface with ip 172.17.104.249 cannot ping each other even when i set rules as permit any any on both direction
Cisco Firewall :: Two 5505 Redundant With Active Standby Setup?
Oct 21, 2012I have two 5505 ASA. I would like to know can I make two 5505 failover redundant with active standby setup?
View 11 Replies View RelatedCisco Firewall :: ASA 5505 With Dual ISP - How To Setup Backup Connection
May 22, 2012how can I setup that the backup connection will start but after 30s of icmp timeout the default gateway (tracket object - 192.168.1.1)
My configuration:
sla monitor 123
type echo protocol ipIcmpEcho 192.168.1.1 interface outside
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1 track 1
route backup 0.0.0.0 0.0.0.0 192.168.2.1 254
track 1 rtr 123 reachability
Cisco Firewall :: ASA5520 Unit Not Accessible On Network For Initial Configuration
Dec 15, 2011We received an ASA5520-K8 through Cisco's Loan program so we could demo it as a replacement for our aging Cisco 3005 VPN appliances. Given that we are a non Cisco shop (except for specific appliances like concentrators and wireless access points), I don't have a great deal of experience with Cisco gear.I started to set to setup the appliance this morning but immediately ran into issues. The 5520 doesnt seem to be acting as a DHCP server, and worse yet, I can't access the unit even if I hard code the IP on the PC being used for configuration. I have to say that I feel kinda stupid having to post this, since I actually followed the documentation avaiable for this menial task and I fully expect the problem to be a simple one. Namely, I am using two specific sources of info for connections.
View 20 Replies View RelatedCisco Firewall :: Setup ASA 5505 Access Or NAT Rules To Inside Server / IP Cam
Oct 25, 2012I'm having trouble setting up the correct rules on an ASA 5505 I'm using in my home office. I have a couple of IP Cams I need to access remotely.
I've tried setting up simple NAT(PAT) and/or Access Rules, but it hasn't worked. I have a single dynamic IP for the Outside interface. Call it 77.76.88.10 and I am using PAT. The CAM is setup to connect on port 80, but could be configured if necessary. I've tried setting up NAT Rules using ASDM as follows:
Match Criteria: Original Packet
Source Intf = outside
Dest Intf = inside
[Code]....
I'm afraid to use CLI only because I am not confident I'll know how to remove changes if I make a mistake.
Cisco VPN :: ASA 5505 Setup As Firewall Connected To Cox Cable Modem And Wireless AP
Aug 27, 2011I have two ASA 5505's. One is currently setup as my firewall connected to the Cox Cable modem and wireless AP. I have another ASA that I would like to use, I have an idea that I could set that one up as a VPN unit, but not sure how I could do that. If that is not an option, can you provide the command line instructions on how to setup the VPN via the console cable. [code]
View 1 Replies View RelatedCisco Firewall :: ASA 5505 - Setup Single Port Exclusion For Static NAT?
Sep 20, 2012I have been using static NAT to map between a single server behind an ASA 5505 and a single public IP address. In other words, I've been doing this:
object network NAT_ME
nat (inside,outside) static interface
Now I would like to start using the clientless VPN feature of the ASA, so I of course don't want that particular port forwarded to the server. Is there a way to define such an exclusion? I've tried several things, including setting up a separate NAT rule to direct that port back to the ASA's interface, without luck.
If that is not possible, what configuration would I need to move to in order to get the behavior that I want? It is important that all (non-VPN) traffic is passed exactly as it arrives at the firewall (whether it is coming from internal or external), with the exception of changing the IP address (i.e., I need static port mappings for some of my services).
Cisco Firewall :: Unable To Setup VPN Between Windows 2008 Server R2 And ASA 5505?
Sep 9, 2012I have assigned a task to configure a vpn between windows 2008 server and cisco asa 5505, what kind of vpn should i go with as the windows 2008 server r2 is on cloud and is it possible to configure site-to-site vpn for this network senario or not.. i have try ikev1/ipsec remote access vpn with l2tp with (CHAP, MS-CHAP v2) and couldn't find any document which will allow me to configure windows 2008 server to behave a client and connect it to asa, well what i did is that i configured a dail-up connnect with l2tp and found the following debug message
Sep 09 20:04:02 [IKEv1 DEBUG]IP = 172.16.32.5, Oakley proposal is acceptable
Sep 09 20:04:02 [IKEv1 DEBUG]IP = 172.16.32.5, IKE SA Proposal # 1, Transform # 1 acceptable Matches global IKE entry # 1
[Code].....
Cisco Firewall :: ASA 5505 Setup A Site To Site Tunnel?
Nov 13, 2012I have a 5505 asa code version 8.3(2). Trying to set up a site to site tunnel with someone and he is asking if I can use ike v2. How do I go about setting up the tunnel to use ikev2? Is ikev2 an option with site to site tunnels?
View 5 Replies View RelatedCisco VPN :: To Setup Anyconnect On ASA 5505
Aug 31, 2010To set up AnyConnect on my ASA5505? I have my VPN access working properly through the Cisco client however I want to be able to use the clientless program as well that is available.
View 1 Replies View RelatedCisco WAN :: 5505 With 9.1 VPN Server Setup?
Mar 17, 2013ASA 5505 Sec plus lic w/OS 9.1
I want to setup a quick and simple VPN server on my ASA. I want to do local authentication and, once authenticated, I want to allow all internal access. I only have 1 WAN IP. I'm finding a ton of conflicting info online. The ASA is already setup and is operational. I just need the correct commands to setup the VPN.
Cisco WAN :: ASA 5505 IDS Promiscuous Setup
May 7, 2012I ordered a IPS module to a small ASA to replace a Snort IDS Server.I want only to perform IDS and reporting (not inline) The design (simplified) is
The problem is that i read this morning that ASA cannot handle this type of scenario, it can only analyse the traffic that is passing through it. Is there a chance to make this work ?
Cisco VPN :: How To Setup L2TP On ASA 5505
Jun 13, 2011There is so much mis-information on the Internet and Cisco's own support site has bits and pieces everywhere (I've found at least 5 support pages in Cisco that address this subject), none work or are directly targeted at what I would consider is a major use case for this product. I can see from the many posts everywhere that getting L2TP/IPSEC to work is a major problem, requiring many configuration steps that all have to be perfect and there seems to be some trick to get it to work that most people struggle with. Most of the advice out there is impertinent and highly technical but doesn't work.
I would like to know if there is any consolidated instructions that WORK to create a VPN server on the 5505 using the ASDM and also how to set your Windows 7 (or 2008) client to work with it.
Like I've said, I've spent hours and hours on this and have yet to get anything to work. I have a brand new 5505 connected directly to DSL (static IP) that I ran the wizard on and followed the best advice I could find (by the way there's TONS of information on getting XP to work but afaik, this does NOT work for windows 7). Now that I've tried various things without success, I believe I've gotten it so fouled up I need to reset to factory defaults and start over.
I also have another brand new 5505 connected to a different DSL line. Behind that firewall, I have both windows 7 clients and windows 2008 server. I've tried lots of different things to get these to work including the registry hacks (which, if indeed is required, I seriously can't believe that Cisco hasn't given us a tool for).
I have tried to use the ASDM to do all my programming as I find the CLI to be extremely error prone and virtually incomprehensible.So, what the world needs is one place that gives all the instructions on what to do, step-by-step that really work for this simple use case of windows connecting to the ASA.
Cisco VPN :: ASA 5505 Split DNS Setup
Mar 2, 2011I have an ASA 5505 configured using easy VPN connecting to our corporate ASA. The ASA5505 is configured for network extension mode with a routable subnet. The clients that hang off the ASA 5505 are DHCP and get their IP address and DNS settings from the ASA 5505. I have a split tunnel setup, so only certain networks go over the tunnel back to corporate. Local Internet browsing goes out the ASA 5505 to the ISP.
My questions is how to setup split-dns. i would like to have my clients query the ISP's DNS servers for Internet based websites and when they need to access the exchange server the query goes to our corporate DNS servers. I see a setting for DNS names under the group policy on the corporate ASA, but how does the client know which DNS server to use?
The clients receive a primary DNS server (ISP) and a secondary (Corporate DNS) from the ASA5505.
Cisco VPN :: 5505 - Most Secure VPN Setup
May 26, 2013I have an ASA 5505 that I would like to use only as a VPN access device into my network. I am looking for the most secure setup.
Currently I have a router with 4 networks/subnets: DMZ, public, protected, perimeter. DMZ is public DNS and web, no access to any other subnets, only 80 and 53 from public. Perimeter is an edge email server, only port 25 allowed to the email server on the protected subnet. Protected is all internal servers and workstatoins, no access from any other subnet and limited access out to public.
Where would I place the VPN device?
Cisco ASA 5505 - VPN On Stick Setup
Aug 13, 2012I have been asked to setup a VPN on a stick setup so that people on the move can use the encryption of our SSL VPN for web browsing etc using Any Connect. This works fine, whats my ip shows the external IP of the office when connected to the VPN and all traffic is pushed down the pipe. The only issue is when connected I have no access to local resources such as IP printers etc. How to do this on 5505?
View 6 Replies View RelatedCisco Switching/Routing :: 891 Initial Configuration?
Jan 9, 2013On a recommendation from a network engineer, I got a used Cisco 891. Having worked with small business routers most of my working life, I thought this should not be a problem. However, I had no clue these things used a console and command line to initialize. I have the console cable, am able to console into the device, but am haphazardly issuing command lines straight out of the PDF manual but cannot get Cisco CP to discover the device.
From what I can tell, I am stuck at the point where the manual tells me to enable http server. I ran the command lines several times, executed write mem where available, but when I run the show services command, http is not enabled.
And if you do refere to command lines, I was reading some other forums and they were speaking of "run this command, run that command" but I could not make out the correct syntax, in what mode, whether it be config or config t, etc. So I might need a wee bit of handholding.
I'm hoping that once I can get Cisco CP or CPE to discover the device, I can make my way through the GUI to configure since those usually do make sense to me. As of now, I'm in the thick of it ...
PC Not Connecting On Initial Boot But On Restart It Does
Jan 15, 2013My PC doesn't connect to internet on initial boot, says there is a disconnected cable. On a restart it finds the wirelss card and connects no problem to our BT hub. Tried disabling the wired option, tried a number of things around repairing links etc. but nothing works. it is annoying. PC spec below. Windows 7 is the OS
Giga byte mother board GA-Z68P-DS3
4x4gb of RAM
Intel i5 3.2 CPU
Radeon HD 6770 Graphics card
A wireless adapter TL-WN350GD
A 120 GB SSD hard drive
And a 1TB hard drive
A CnM card reader
Optical DVD drive too
Cisco VPN :: Setup ASA 5505 With Another Or IOS Router (Static IP)
Nov 1, 2011I have an ASA 5505 with a dynamic IP address from the ISP.What I need to accomplish is the following:
- Either setup that ASA (Dynamic IP)VPN with an IOS router (Static IP)
- Or setup that ASA (Dynamic IP) with another ASA (Static IP)
Cisco VPN :: L2L Setup Between Two 5505 ASA With Overlapping Subnets
Mar 25, 2011I need to setup a L2L vpn between two ASA 5505 model. but due to poor planning and documentation both sites has same subnet (192.168.1.0/24) now i need to set up L2L wtih overlapping subnets. is it possible with asa 5505?
View 1 Replies View RelatedCisco :: Branch Office Setup With ASA 5505
Apr 23, 2013I have a problem with a branch office setup, and I can't for the life of me think of what the problem is.I have a remote office setup, using an ASA 5505 that is set up to establish an easy vpn connection to the central network. The connection at the branch office is a 20/5 cable modem, the central network has a 25/25 fiber connection.
The issue I have is this. Wired clients work fine at this branch office, at least 95% of the time. I have a lightweight AP there that can come up and join the controllers at the central network, no problem. I haven't done anything with H-REAP because there are really no resources locally they need that would allow them to do their work, so all traffic is tunneled back to the WLC.
Wireless clients can authenticate to the AP, and I can get 15-20ms ping responses from them all day. Latency never comes close to the 600ms proposed limit with CAPWAP. Yet, for some reason the performance of the clients is problematic. Webpages will frequently not load correctly, they experience some freezing, and with one application we use - it refuses to load completely.If we bring these same computers to an AP connected to our central network, on the same SSID, they work flawlessly.
Something about this particular location is causing a lot of grief for our users.For what it's worth, we are running WCS 7.0.230.0 and the WLCs are on 7.0.116.0. The ASA is running a pretty basic configuration, pretty much out of the box with the easy vpn configuration entered.