We're running three networks (inside, outside and dmz). Inside is 10.0.1.0/24, dmz is 10.0.2.0/24, outside is a static ip allocated by our ISP. We'd like to configure the following:All traffic from the outside to [static provider ip] on port 80 should go to 10.0.2.200 port 8080.
View 14 RepliesI have one webserver which open for public via http and https. The server sit behind Cisco ASA 5510. Today our webserver have been hacked by someone. The index.html has been replaced by hacker own index.html file. Is it anyway to detect who did (by IP) this? is my Cisco ASA can give any clue about it? How to prevent from this happening in Cisco ASA? FYI, my ASA only allow HTTP and HTTPS port from outside to internal. This ASA is solely dedicated to protect the webserver.
View 3 Replies View RelatedI need to redirect all http and https traffic from one source in a dmz network, to port tcp/8080 on a proxy server on the inside network.
The source device doesn't handle proxying very well, so i've been advised to redirect the tcp/80 and tcp/443 ports to tcp/8080 as it passes through the firewall.
Scenario is thus:
PIX 515E 6.3 (5)
DMZ server: 172.31.255.250 (Real IP), 10.44.181.236 (NAT IP)
Inside Proxy server: 10.44.132.28 (Real IP), 172.31.255.110 (NAT IP)
I've configured a static NAT redirect using the following command: static (inside,dmz) tcp 172.31.255.110 www 10.44.132.28 8080 netmask 255.255.255.255 0 0
When I try to add the next command of: static (inside,dmz) tcp 172.31.255.110 443 10.44.132.28 8080 netmask 255.255.255.255 0 0
I get the following error: ERROR: duplicate of existing static
Is there a work around for this at all or am I stuck with the limitations of the software?
I've tried to get my head around this but beeing used to Juniper and Watchguard devices I just can't get my home webserver published to the outside interface.I have a ASA5505 with ASA version 8.4 and ASDM version 6.4 and the basic license.
Outside interface is X.X.X.32/255.255.255.248 so I have 5 static IP:s on my external interface, .34 is in use for the outside interface.
Inside 10.10.10.0/25
DMZ 10.0.0.0/24
I have a webserver in DMZ located at 10.0.0.253 and would like to publish it to the external IP X.X.X.35.I've tried to make the static NAT but every time I do either nothing goes in or out of the DMZ zone or you can't access the webserver from the outside interface.Right now I deleted all trials since none of them work so only the basic config is applied. Everything get's NAT:ed to the external interface .34 IP.
I have the syntax correct and thought process down right on a solution to allowing guest wireless users access to an internal webserver. (DMZ discussion aside)
We have an ASA5510 with interfaces setup as:
outside - 65.x.x.x address
inside - 172.20.1.2
guest_inet - 10.2.1.1
Internally clients resolve our website to 192.168.40.40 and that part works as it should. Clients outside of our network resolve our website to the correct external address (lets just call it 1.1.1.1). We have a NAT statement static (inside, outside) 1.1.1.1 192.168.40.40 netmask 255.255.255.255 and an ACL to permit tcp any host 1.1.1.1 eq www
Clients on our guest_int use an external DNS server and hence resolve our website to 1.1.1.1. However it seems traffic goes out and back in our outside interface and this connection never occurs.
What I'm wondering is the correct NAT statement / ACL to add that would allow our internal clients on the 10.2.1.x network to access our internal website. Would that be: static (inside,guest_inet) 1.1.1.1 192.168.40.40 netmask 255.255.255.255 ? Since there is already an ACL permitting port 80 traffic to 1.1.1.1 we should be taken care of on the ACL side of things, right?
We have a customer that recently changed IT Vedors and came to us. We needed to change the ISP and need to make changes in their Firewall. I went out on site and wasn't able to get into the Routers and I contacted the previos company but they wouldn't release that information. So we had to reset the devices and set everything back up. Everything works great except before they had an IPSEC VPN Tunnel between the 2 buildings. Both Buildings have WRVS4400N Routers and I have setup a VPN IPSEC Tunnel on both sides. I have named them the same and the summary says that both are up. But when I try to go from one side to the other I am unable to Ping or resolve anything. I called Cisco but they said they are out of warranty. Cisco directed me here.
View 1 Replies View RelatedWithin a workgroup environment we have four large drives, statically assigned and all accessbile via VPN. Our FW is a Cisco ASA-5505. Where within the ASA-5505 GUI can one of these drives be made inaccessible via VPN ?
View 0 Replies View RelatedI have a customer with an ASA5505 where it will not reply to SNMP polls from any source, i have followed the configuration guide [URL].at and tested another ASA in our internal network and i have that working fine on our LAN, here is the snmp and logging sections of the show-run on the ASA, it there anything obvious im missing to make the SNMP work on this device?
snmp-server host outside 203.XX.75.122 community XXXX
snmp-server host outside 203.XX.84.196 community XXXX
snmp-server host outside 203.XX.86.82 community XXXX
snmp-server host outside 82.XX.244.3 community XXX
[Code] .....
Ok, so what I want to do is make a router/firewall/proxy (maybe add webserver/FTP as well). Just to start off I want to say that I have moderate knowledge of Linux, enough to administer it from the CL. I have setup routers before but it was years ago and I've forgotten some of the details involved. What I do is a base LAMP install, with DNS, Samba, DHCP server, OpenSSH and then Webmin for easier administration. I've also installed EHCP (easy hosting control panel) in the past but have not at this point.
So, what I want to know is how do I setup the NIC's in the etc/network/interfaces file. Let's say that eth0 connects to the modem and eth1 & 2 are internal adapters. Currently my network is running a Linksys WRT54GL with DD-WRT and the router is set to DHCP for the WAN connection and DHCP is running on the internal network as well. The modem is at 192.168.254.254 and is giving the router an address of 192.168.254.1 my internal network is 192.168.1.1 (192.168.1.0/24). I would like to setup my internal router address to 192.168.1.1 so I guess I need to set it to static in my interfaces config and then set my eth0 to dhcp. Does this sound correct?
So if I do the above my only question is how do I setup the routing tables after that? I always get messed up when I need to make the switch from my Linksys router to my Linux box. I'm not worried about firewall rules at first I can change those once I have the router up and running. I just don't know if I need to make some kind of bridge to bridge the eth0 and eth1 (external NIC and internal NIC).
I've just installed a new app on my Android phone called PushDoc, for wireless file transfer between phone and PC. It tells me to point my browser to 192.168.2.8:8080/ but every time I do, I get a can't connect message. I've tried turning off my firewall, even though I know it's a local address, but of course it made no difference.
View 3 Replies View Relatedhow do I block / unblock ports in ASA Firewall 5500 series?
View 2 Replies View Relatedconfiguring an ACL for a 857 Cisco router for web-server traffic. I've configured a NAT for the inside network and added ACL entries for port 80 access but dont seem to have any luck accessing the website remotely. I suspect there's an ACL rule blocking access.
Setup Internet === Router === Webserver
Router address: 10.0.10.1 Web-server address: 10.0.10.77IP from ISP address: XXX.XXX.XXX.XXX
(masked for security)
The remote office is connected to hq via site to site vpn. I have 1 static IP (on the remote site)that I use for the site to site. I need to publish a web server at the remote site. My question is can I use the same IP for VPN and web server publishing, I am having trouble getting the web server to publish
View 2 Replies View RelatedI'm trying to develop and test a website from my iPad. I have my laptop and iPad on same local network, 192.168.1.xThey can see each other over network and I can access the page:192.168.1.105:80 (my laptops local web server) from both iPad and laptop. However the application server runs on port 8080 and I cannot access this from either device/machine. the router's firewall is playing a role, and I have no software firewall running on laptop that I'm aware of (turned off windows 7 firewall).localhost:8080/myWebSite or 127.0.0.1 also works on port 8080.The only combo that does not work is 192.168.1.105 with port 8080. I need this so the iPad can hit the site so I can test locally while developing.
View 4 Replies View RelatedI am a D-I-Y type of guy and have managed to setup Apache on my LAN and make it accessible via WAN over port 80 and Tomcat on port 8080.I aim to possibly get a home web server up (will calculate the costs), but I need some questions answered about networking.
My understanding on ports are that they can be a risk if left open (which I have done) if there is no service or application listening on my side on those ports.So I take it that leaving those ports open and removing the services or applications that run on my side for these ports is a major security risk?
I noticed though that Xampp (1.8.1) does not allow requests over WAN unless I set my password for Apache. Does setting this password imply that Xampp is safe to use in a production environment?
In my office environment, my machine is configured with an IP address, Subnet Mask and a Default Gateway. The Default Gateway does not allow internet connectivity but is configured to provide us with connectivity to some server based tool.
Now in order to provide us with the internet access, a proxy server is configured via the LAN settings in the IE. The problem here is the Proxy is restricted for some sites that I need like certain technical blogs and all, which it filters out in the blogs category and does not load.
I do have another Gateway server address that I can use in Local Area Connection IPv4 Properties as Default Gateway address which removes this restriction. I thought that this should be configurable to the LAN Settings as a proxy as well. But when I do so, I lose the connection to the internet.
I am not sure if all Gateways can act as proxy servers. Or is there anything that I am doing wrong. I am using the default port 8080 in LAN Settings.I can ask this from the technician but I am not sure if he would be able to answer that as he is just a first level guy. I thought of figuring it out myself.
wondering if redirection or conversion port 8080 into port 80 is possible? if so how and what cisco equipment can do that?
View 11 Replies View RelatedI have my webserver (30.30.30.50) located at DMZ zone. The public IP of my webserver is (119.2.116.191). From outside i can ping my webserver using public IP thats fine.The issue out here is, if i want to ping my webserver using public IP from Internal LAN then i cannot ping but i can ping my webserver using private IP.I am using ASA5520. [code]
View 2 Replies View RelatedI am trying to scan a directv device that is connected on my lan it uses port 8080. My hardwired machine returns the expected data, any call from a device connected via my wireless network returns a page can not be displayed. It appears as if the router is blocking ports 8080 over wifi only.
View 4 Replies View RelatedASA 5510I'm trying to add a static NAT for to allow access to an internal webserver on my DMZ. I've added the config, however i'm still unable to get to it from the outside. I'm able to ping and browse the server from the LAN and I'm also able to ping the external interafce from the outside, but just unable to browse.I've turned on logging and the error I'm getting is "Inbound TCP connection denied...flags SYN on interface outside"
View 0 Replies View RelatedIm currently working on setting up a small network at home. I have a Dell 2716 and a dell 2650 server running windows server 2003. Ive already setup the dns and domain controller on my server. I have 3 desktops that will connect to the server. so far I have the following setup. ISP---> Dell 2716 --->dell 2650/ computers. I set the computers prefered dns to the servers ip. Im able to join the domain and log in but is there a better way to set it up. Also the server and computers are set to static ip.
View 2 Replies View RelatedI am running a webserver locally and I am unable to resolve it by domain name (e.g. mydomain.com) when I am inside my network. However, I am able to hit it internally (e.g. 192.168.0.10) just fine. When I try to access mydomain.com from inside my network it comes up with my Actiontec router's admin page on 192.168.1.1.Here is my configuration:Actiontec FIOS router 192.168.1.1 (connected to internet)DHCP disabled Netgear Router 192.168.1.2 is in the DMZHas cable running from Actiontec's LAN port to Netgear's WAN port[CODE]
View 7 Replies View RelatedI am running a websever on virtual machine on ubuntu .how can i forward all traffic coming to my ip to virtual machine which is 192.168.1.4 on my LAN.here are my configs.
OS - Windows 7
Router - DLink
Virtual machine network Setting - Bridged adapter.
I have a cisco 1841 and I am hooking up some cameras onto my network. My global IP is 64.190.170.2 and my internal IP which is going to my cameras DVR is 192.168.1.15. I need to be able to forward port 8080 from my global IP to my local IP so i can view my DVR remotely. What is the command i need to put in my Cisco 1841 to forward this port?
View 2 Replies View RelatedI have got a Cisco router connected to a LAN and to the internet.I was wondering if I could nat https traffic from inside to internet to a local server (Proxy) on a given port for example tcp 8080.
int tunnel0
ip address 192.168.0.1 255.255.255.0
ip nat inside
int fa0/1
des internet connexion
ip address 41.x.x.x.x 255.255.255.248
ip nat outside
ip access-list extended Proxy_Redirect
permit tcp 192.168.0.0 0.0.0.255 any eq 443
I have a sg300-10 switch. i update the firmware with the last one. Things are complicated when i create 2 VLAN. ( really 1 VLAN cause the first is native ).So i have the first VLAN with the interface 192.168.1.254 ans the VLAN 2 wich IP is 192.168.2.254
I'm connected with my workstation ( ip : 192.168.1.2/24 with GW 192.168.1.254 ) and i try to ping a web server on VLAN 2 ( ip : 192.168.2.2/24 GW 192.168.2.254 )
Ping is OK ! But when i try to reach any ports of the webserver : Nothing.
I configurated ipsec remote vpn at catalyst 6500.
192.168.14.0/24-- my servers are assigned this subnet
vpn user:10.10.10.0/24
192.168.10.229 ---- webserver ip address
[code]...
I've configure two ACE 4700 in a SLB modus http to a web server.To understand how the ACE works and to see if all are ok, I want to test it? but how?
How do I do to initiate a http connection between my test pc to the webserver through the ACE?
I own an E4200 and my wife and I use Goodreader on our ipads at home. To add docs to goodreader we need to connect to the ipads ip on port 8080 but the E4200 is blocking all traffic for it. How can I open port 8080 for our 2 ipads?
View 1 Replies View RelatedI have home network with my Linksys E-4200.
My HP Microserver (Ubuntu +Samba+Apache) is connected via LAN. I have notebook (Windows 7). To my server (FILE+WEB) I have access only when I connected via LAN cable. In windows 7 i see my server and have access to the files. Webserver works also properly: access with the name of the server in web browser.
But by WiFI connection, there is no access ! The server has the reserved local IP-address, like 192.168.1.200.
What should I do to solve it? By typing "192.168.1.200" i see the localhost page, but nothing more!
i bought a computer the old one works fine but it is slow. am using ethernet dsl cable. it connects through lan connections. the new one connects local only and will not let me get on internetwhen i try to go on the internet it brings up a connection through broadband and askes for a user name and password. the other computer doesn't and i have no username or password through the dsl.
View 2 Replies View Relatedi want to make my minecraft and gmod servers permanent so i got stupid and built a low powered server out of an old athlon media pc i had laying around. anyways my current setup i have going is my main router is in the basement and i have a dd-wrt d-link repeater in my room. ok so i gave the repeater a static ip of 192.168.1.56, and gave my server a static ip of 192.168.69.25 (i made the ip of the repeater 192.168.69.1) i forwarded all the necessary ports to the static ip of the repeater then to the static ip of the server. but my servers wont work. on minecraft it says "end of stream" but if i look at the active server log on the server it says "myipaddress has lost connection" and on gmod i just cant connect or see my server at all.
View 4 Replies View RelatedMaking Configuration between 2 Apps?
View 1 Replies View Related