Cisco Firewall :: Limit Speed On Port Or VLAN ASA 5505

Aug 7, 2012

We need to have one connection with less internet bandwidth assigned to it than all other other connections. Basically it is a separate conection from all others, incoming just from one switch port and separate VLAN.I know this can be done on the switch by limiting the bandwidth allocated to a port,
however, is it possible to have the speed limited down, just before it goes to the internet, ie, on the ASA, rather than doing it on the switch?The firewall is an ASA 5505.

View 2 Replies


Cisco WAN :: SR520 ADSL Router - Speed Limit On VLan 3?

Jan 15, 2012

I have cisco sr520 adsl router. I have configured two vlans i need in vlan 2 speed only 2 Mbit/s from 6Mbit/s (full speed).

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Rate Limit The Internet Bandwidth / Speed?

Jul 29, 2012

In ASA 5510. How I can limit the users in (VLAN 20) to use the internet with a limited Bandwidth/speed with 3 mbps upload and 5 mbps download?
In case the outside interface (Native vlan) which is connected to the ISP and have a bandwidth/speed of 30 mbps upload and 50 mbps download.

View 4 Replies View Related

Cisco Firewall :: ASA 5505 10 Host Limit?

Feb 26, 2013

I updated an ASA 5505 to 50 users, but I still can only connect 10 hosts. In Licensing it show 50 insides hosts. I also tried to update to ASA 8.4.5 but that did not work. 

View 2 Replies View Related

Cisco Firewall :: Output Bandwidth Limit On ASA 5505

Jun 11, 2013

I'm having a bit trouble to limit the bandwidth on outgoing traffic with a Cisco ASA 5505.
In my case I want to limit the bandwidth to 31mbit/s up and down on the outside interface. but with my current configuration, just the download rate gets limited to 31mbit/s when I do a tptest. and the upload is around 40/50mbit.
Here is the policy configuration,
access-list outside_bw extended permit ip any any
class-map outside_bw
match access-list outside_bw


View 1 Replies View Related

Cisco Firewall :: ASA 5505 Connection Limit And TIME_WAIT Freezing Device

Sep 30, 2011

My little ASA 5505 is working great The device appears to be artificially crippled and limited to 10,000 connections.  This isn't a "CPU limit" it's just some fake limit in the device as far as I can tell.
The problem we have is that we are only using around 500-600 connections and CPU usage is only like 25%, and yet the connection count is pegged at 10,000 and locks us out of our network.
I am pretty sure this is because there are a lot of "dead" TIME_WAIT connections hanging around not being used.  In our application we only have the couple hundred connections but they do move around a bit every now and then.
Is there anyway to get the device to ignore the "dead" connections and not count them towards the artificial limit on the device given that it's pretty clear the CPU / etc., is not utilized sufficiently.  These aren't real connections, we only have a couple 100 established, they do just move around a bit however.
We are really only using 500-700 connections according to our servers, the others are just sitting in TIME_WAIT doing nothing.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - Limit Access To Remote Desktop To Range Of Outside IPs

Jan 7, 2013

After getting hacked I want to limit terminal server/ remote desktop to only my computer. (although I may need to let other net in later)
In other words I want only computers from my home ip range (lets say my ISP gives me at  home something in  28.28.XX.0)  to be let in to the router at work and then to port 3389. 
In the work ASA 5505 softwareVersion  7.2(4)    I now have:
access-list outside_in extended permit tcp any interface outside eq 3389
static (inside, outside) tcp interface 3389 3389 netmask
acces-group outside_in in interface outside

View 3 Replies View Related

Cabling / Cards :: Download Speed Breaks Without A Speed Limit?

Jan 24, 2013

On board NIC: Intel 82579V Gigabit Network Controller (asus sabertooth x79 motherboard)I installed the drivers for it from intel's site.f I set link speed to auto (chooses 100mbps full duplex) or 100mbps full or half duplex, any HTTP downloads get slowed to a crawl (30kbps) (steam downloads remain at normal speeds). If I set it to 10mbps full duplex, download speeds jump to normal (500kbps for most HTTP sources)his happens on just this new computer (wired connection), any other computers on the network (wireless) work just fine

View 8 Replies View Related

Cisco Firewall :: 65535 ASA - Port Scanning Protection Through Embryonic Limit Setup

Jul 1, 2011

url...I discovered that it would be possible to be protected from portscan, i mean when someone scan our nework/host from outside, the attacker will see all the 65535 ports as "open" (in that way it will be more difficult for an attacker to perform customized attacks...)So I have follow the setup in that link: policy-map global_policy class class-defaults set connection embryonic-conn-max 15 per-client-embryonic-max 3 service-policy global_policy global . The problem is that I don't have the exepected result..If i do a portscan over Internet from an external host to my hosts the portscan is successfully working and I can view my open ports...I have also tried to set this through a "match" in an access-list but without any sucess.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 Creating Interface Vlan In Firewall

May 3, 2011

I have been working with ASA 5510,20,40,80 but not with 5505 this vlan and its interfaces are quite confusing.Just want to know how it works and its connectivity to Cisco Switch.Do i have to put the interface of the switch in the same vlan as i am creating the interface vlan in firewall ?Now the switch port connecting to this Eth1 interface should also be in the same vlan ? i.e vlan3 ?? or it will be in trunk ? The default configuration shows the eth0 with no access vlan and interface eth1 with access vlan 2... does it mean the eth0 is in vlan1 ? (Nativ Vlan ) ???

View 4 Replies View Related

Cisco Firewall :: 5505 Static Nat With Port Redirection 8.3 Access List Using Un-Nat Port

Aug 15, 2012

I am having difficulty following the logic of the port-translation. Here is the configuration on a 5505 with 8.3,So I would have thought the outside access-list should reference the 'mapped' port but even with 3398 open I cannot remote desktop to the host. If I open 3389 then I can connect successfully.

View 12 Replies View Related

Cisco Firewall :: Change Default SSH Port On ASA 5505 (port Forwarding)

Dec 2, 2011

So here is my network.
ASA asa831-k8.bin
Cisco 1841 c1841-adventerprisek9-mz.151-4.M2.bin
Cat 2960 c2960-lanbasek9-mz.122-55.SE1.bin
and here is my dilemma.
I can SSH from the internet to my ASA on default port 22, directly to my public IP.  I can SSH from the internet to my Cisco 1841 on port 2001. I can not however, SSH to my Cat 2960.  From what i can tell, on the Cat2960 i can't change the default port 22 for SSH to different port, just like i did on the Cisco 1841.  I looked to see if I can change the default port for SSH on he ASA, it does not look like this is an option.
The bottom line is that i want to be able to SSH to all three devices from the internet.  I only have one public IP.  As of now, what i can do is only SSH to the ASA on default port 22 directly to the public IP and Cisco 1841 on port 2001.  It appears that changing the default SSH port on Cat 2960 is not an option.  It also appears that I can't change the default SSH port on the ASA, if i could, i would and then i should be able to SSH to the Cat 2960 on port 22. No matter what i did on the ASA, it always listens on port 22 for SSH connections.
show asp table socket
TCP       001f549f  <<pub IP>>:22    *               LISTEN
how do i make it listen on different port?
Here is relevent config for SSH for cisco 1841 (port forwarding)
object network ROUTER


View 28 Replies View Related

Cisco Firewall :: ASA 5520 Inter Vlan Routing At Low Speed

Nov 24, 2011

I have ASA 5520 and SSM-10 module. During copy between vlans, connected to gigabit port of asa the speed is up to 6,5 Mbyte/sec. Network cards and trunked switch are gigabit. I've temporarily disabled SSM but it didn't work. Here is my config. Also I found out, that putting SSM into bypass mode solves the problem. But I don't send any traffic to IPS. [code]

View 2 Replies View Related

Cisco Firewall :: ASA 5505 / Port 5901 - Alternate Port?

Aug 18, 2011

With the Cisco ASA-5505, is there a more secure port that can be configured for VNC other than 5901? I am new to Firewalls We have a User who has requested that 5901 be opened but I was advised not to do so for security concerns.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Expanding A DMZ With VLAN

Jan 30, 2012

On our ASA 5505 We have a DMZ configured to use 2 ports, which are used by the mail and Web servers. So far everything works perfectly and this router has been very stable. Now I need to add more ports in order to accomodate prototype Web servers in the DMZ, but no more ports available on the Cisco. Looking through the ASDM though I noticed the DMZ seems to be configured as "VLAN 5", sure enough with VLAN ID 5. So I tried creating a VLAN with ID 5 in my ProCurve switch, isolated from other VLANs. My theory being that plugging on of the the router's DMZ interfaced onto this VLAN would allow me to add my test servers. Well, this seems to work, but for only a very short time. I can get the landing page from my test server to display, and then everything slows down to a crawl and communication seems to be blocked. Out of curiosity, I tried to put my prod server and email server on the VLAN, together and separately, but the same thing happens. At first, I can ping the machines, then after a few request, everything stops responding.

View 1 Replies View Related

Cisco Firewall :: VLAN Traffic On ASA 5505?

Aug 15, 2011

I have a Cisco ASA 5505 that I have configured.  The outside interface is vlan 2 and the inside interface is vlan 1.  Port 0 of the ASA is configured to be in vlan 2 and is connected to the ISP provided subnet.  Port 1 is connected to my private LAN subnet.  I have an additional router connected to Port 2 for guest connectivity.  Port 2 is configured to be a member of VLAN 2 so that it can access the ISP provided subnet.  From the device connected to port 2 I can ping the vlan 2 interface address of the ASA and from the ASA I can ping the Default gateway of the ISP provided subnet.  For some reason the router on port 2 cannot ping the default gateway of the ISP provided subnet.  If the vlan were working the same as a vlan in a switch, I would expect to be able to do this. why it is not working or what I can do to get it working?

View 4 Replies View Related

Cisco Firewall :: Getting ASA 5505 Vlan Configuration?

Mar 14, 2013

I have IOS 8.0(4) and the base 50 User License...will this config work?  I have two networks; my home network, and my lab.  I want to split my Internet connection between them, but keep the networks separate for the most part.  Will my license allow this config since I can't do DMZ?
interface Ethernet0/0
switchport access vlan 3
interface Ethernet0/1
switchport access vlan 1
interface Ethernet0/2
switchport access vlan 2


View 1 Replies View Related

Cisco Firewall :: ASA 5505 8.2(1) - Poor WAN Connection Speed

Apr 26, 2011

To sum it up the ASA is maxing out at 7MB down on a 25MB connection. The connection was tested with the ASA removed and the connection is fine.
This popped out at me the most but i'm not sure what it means:

12884935775 switch ingress policy drops for eth 0/0

View 6 Replies View Related

Cisco Firewall :: ASA 5505 With Base License That Uses 3 VLAN

Jul 17, 2012

I am working on ASA 5505 with Base License that uses 3 VLAN's.
-My VLAN 1 is for used for my home network.
-VLAN 2 is connected to the public Internet and my IP gets assigned by ISP dynamically.
-VLAN 3 is DMZ where I will have few VM's that would need access to and from the Internet.
I am looking to work with following:

1) that sits on DMZ will need to access public Internet over port 80
2) Permit access from the Internet over port 3389 to
3) Permit any host on private VLAN ( network) to access over the port 3389
4) Permit second VM on the DMZ VLAN let say to access public Internet on all ports. Access in to this host is not permitted.
5) For some reason DHCP hosts are NOT getting DNS ( entry when IP hets assigned or renew. I have a statements below but it is not working.
Also, if ACL rules for VoIP are written correctly. The goal is to permit these ports (SIP related) to access VoIP router. [code]

View 1 Replies View Related

Cisco Firewall :: S2S VPN Between ASA 5520 And 5505 With 2 Subnets On Different VLAN

May 26, 2013

Site A:
VLAN data               subnet 172.16.10.x/24
VLAN Voice             subnet 10.0.0.x/24
Site B:
ASA5505 Base license
VLAN data               subnet 192.168.10.x/24
VLAN Voice (restr)    subnet
The callmanager is located on site A and needs to sent out DHCP-offers to site B through the VPN so the IP-phones can register to the callmanager. I got the VPN up and running for the data-subnet but i can't get traffic through the voice-subnet/VLAN.
Can the ASA's do the job or do I need to route traffic before the ASA's on both sides and sent it through the tunnel, configured both subnets as interesting traffic? Ofcourse the last situation I need to upgrade the license for the 5505 to gain more VLAN's.

View 4 Replies View Related

Cisco Firewall :: Inter VLAN-Routing ASA 5505?

Jul 8, 2012

Ive been readin all over the internet (including this site) trying to figure out if the asa can handle intervlan routing. Im not sure what I am missing on my config to get this to work.  Ive read that it can work and Ive read that it cant work. How to get this to work on my asa 5505.
Here is my setup
Cable Modem ---> ASA (eth0/0) 
(eth0/2) -->unmanaged switch for LAN connectivity
(eth0/3) --> Access point for wireless LAN connectivty
My config is attached
What I would like to do is be able to communicate between vlan3(LAN) and vlan4(Wireless LAN)
Whats strange is I can RDP between the two vlans but I cant ping or anything else.

View 20 Replies View Related

Cisco Firewall :: ASA 5505 VLAN Or Trunk Configuration?

Sep 2, 2012

ASA 5505, I got a security plus license which allows multiple VLANs.I want to be able to configure the ASA to allow only RDP session (One way) to another Switch where all the VLANs are. I've attached a pic of what I want but I'm struggling.
I looked at documentation saying you should have inside and outside interface but I'm not sure on this scenario.I've configured inside interface on ASA e0/1 and interface VLANs but not sure what to do between ASA and Switch?

View 2 Replies View Related

Cisco Firewall :: ASA 5505 / Multiple Interfaces In Outside VLAN?

Feb 12, 2013

This is for an ASA 5505 with the base license...I have a situation where I will not have one interface in my outside VLAN, but instead I want to have interfaces 1-7 in my outside VLAN and interface0/0 in my inside VLAN.
Is this supported with the Base license, and if so how would I do this?  Do I still just need to assign one IP address to the outside VLAN?
Or will I need to upgrade to the Security Plus license and put each interface in a separate outside VLAN, so in essence I would have 7 outside VLANs each with the same security level (0)?
My situation is that I have several partner networks that i want to "aggregate" thru my one ASA 5505.  So each outside interface represents a separate partner (outside) network, each of which I want to get to from my inside network.  Hence the many outside to one inside.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Very Slow Speed - Can't Open Some Websites

May 22, 2011

I just installed a Cisco ASA 5505 in my company's network,however the network became so slow and many websites cannot be opened or it takes toolong to open (yahoo, hotmail etc.) resulting to a request time out sometimes.
Here is my configuration:
ASA Version 8.2(1) !hostname xxxxxxenable password xxxxxx encryptedpasswd xxxxx encryptednames!interface Vlan1 nameif inside security-level 100 ip address !interface Vlan2 nameif outside security-level 0 ip address


View 2 Replies View Related

Cisco Firewall :: Enable Netflow On ASA 5505 For Vlan And Interfaces

May 17, 2013

How can i enable Netflow for each Vlan Or interface indvidually  in Cisco ASA? currently i have setup Netflow and only 2 interfaces are shwoing traffic for Netflow which are not even as my physical or Vlan interfaces . (see screen shot )
EscapeASA# sh interface ip brief
Interface                  IP-Address      OK? Method Status                Protocol
Internal-Data0/0           unassigned      YES unset  up                    up


View 9 Replies View Related

Cisco Firewall :: ASA 5505 - Unable To Assign IP To DMZ Vlan Interface

Oct 26, 2012

I have ASA  5505 with base license. I created 3rd  vlan on was created. but i am unable to assign IP to it. i assign ip address it takes it. But when i do sh int ip brief it does not show any ip.

View 7 Replies View Related

Cisco Firewall :: ASA 5505 Multi Subnet / Vlan Routing?

May 4, 2011

I'm new to Cisco equipment much more familiar w/ Sonicwall w/ that said......I have a 5505 w/ Security Plus licensing
I have set up multiple VLANs as follows
VLAN 1 inside - still setup as (will not be using this for our lan)
VLAN2 - outside


If I do add all the VLANs above I understand I will probably have to make a trunk port since I only have 5 usable interfaces

View 12 Replies View Related

Cisco Firewall :: ASA 5505 VLAN Assigned To Outside For Internet Access

Aug 7, 2011

ASA 5505 and DMZ and Base License,"For example, you have one VLAN assigned to the outside for Internet access, one VLAN assigned to an inside business network, and a third VLAN assigned to your home network. The home network does not need to access the business network, so you can use the no forward interface command on the home VLAN; the business network can access the home network, but the home network cannot access the business network." Page 6-17.
This is exactly what I need. Mail server in DMZ, full access from internet to DMZ, and from inside network to DMZ, no access from DZM to inside network. If I good understand, this is possible with base license.
I successfully configure, internet Access for DZM and inside network, Mail server can be accessed from internet, as well as RDP on inside network. But I have problem to configure communication from inside network to DMZ. [code]

View 13 Replies View Related

Cisco Firewall :: Provide Access To The Management Interface / Vlan On ASA 5505

Jun 8, 2011

I've got an ASA 5505 running 6.3 I've connected the management interface to our management vlan (which contains switch IPs, ilo's etc)Is there a way to allow access to this vlan from another?

View 1 Replies View Related

Cisco Firewall :: 5505 ASA Trunk Port In Firewall

Apr 30, 2012

I have an issue with my firewall,each time i configured a trunk port in the firewall and connect a sw 2960S with a trunk port also, all the interfaces in the Firewall go down ( virutal intertaces, inside, outside , dmz) , also another switch 3750 that is connected to another port in the firewall( access port only) it start to a new negotiation of spanning tree.What could be causing this problem? the firewall didnt sedn bdpdu i think the IOS of the firewall its a 8.2

View 3 Replies View Related

Cisco Firewall :: ASA 5505 Blocking FTP Port

Nov 28, 2011

I am working on an ASA5505 and am trying to open the ftp port. I have a server ( on the local LAN which is attempting to download antivirus updates from the net via ftp.  
ASA Version 8.3(2)
hostname SITE
enable password XXXXXX
passwd XXXXXX


View 4 Replies View Related

Cisco Firewall :: Port Mapping On ASA 5505?

Jun 6, 2011

how do you enabled multiple port mapping on asa 5505? i want to use 1 static ip address for rdp connection for 15 users, and the port will start from 3390 to 3340. 

View 4 Replies View Related

Cisco Firewall :: Port Forwarding In 5505

Feb 25, 2013

have a couple of ASA 5505's which work fine for what they are doing VPN and all that - we have 1 DLINK DFR-700 Firewall left and I need to get a new ASA to replace this since it is old.All this box really does is port forward external clients to 1 address on the internal lan for client software updates.So lets say we have client a with IP and client b has - at the moment this is what happens client a and b come in through http and get mapped to the internal http server I need to setup about 100 clients which can come in through http only - get mapped to the internal IP and also keeping the internal server to be able to access anything outside.

View 16 Replies View Related

Copyrights 2005-15, All rights reserved