Cisco Firewall :: Maximum Number Of 1-1 Static Nat Entries On ASA 5515X Or 5525X?
Aug 7, 2012
I have a FWSM cluster that I exceeded the maximum number of static nat entries on. i migrated the connectivity off to a pair of PIX 535's that seem to be handling the adderess translation needs. however the number of NAT entries being required is increasing and being the PIX series wal EOL'd several years back..I need to replace them.. The static 1-1 nat entries cannot be summarized into network as the hosts that are being nat'd are scattered all over various micro subnets in the all 3 rfc1918 ipv4 address ranges and they are being manged directly by snmp and SNMP-trap and other services that prohibit the use of many-to-one nat. Is there a mknown maximum number of static 1-1 nat entries that can be defined on the ASA 5515-x, 5525=x and higher ASA firewalls? Say I wanted to be able to grow to 2500 or more static 1-1 nat entries. I am currently running 2010 1-1 static host nats currently.
View 1 Replies
ADVERTISEMENT
Jan 7, 2013
what is the size of nat table for cisco router 2612 and 2610 and what is the maximum number of nat translation table entries
View 1 Replies
View Related
Jan 5, 2013
What is the max number of policies can ASA 5525X supports ? I dont find it in the datasheet.
View 5 Replies
View Related
Sep 15, 2011
Our proxy/anti-smap/IPS box called PROXY is behind our Cisco ASA firewall. The PROXY is set in transparent mode.The PROXY internal ip is 1.1.1.1 (internal ip)We have the MX record for mail.domain.com with public ip 9.2.7.5 (public ip as we entered with ISP public DNS)What happens now is that the emails that come through get "caught" by the PROXY and then we setup a thing whereby the emails are then forwarded from PROXY to our mail.domain.com server. Also, we made a static entry in PROXY whereby we can https to our email server for the outlook web access from outside of work therefore allowing for users to see the outlook web access web page.On the Cisco firewall, we put the static entry that 9.2.7.5 is mapped to 1.1.1.1 thus the mail server public ip is mapped to the PROXY.
Now, the box has this thing whereby it sends an email to all staff once a day telling them how many mails are legit, how many rejected and how many are spam - the spam emails are listed within the email and staff can at a click of a release button next to each spam email release a particular email from the PROXY box and make it to into their inbox. This works fine from the inside network, but I have issues from the outside due to the DNS and other things.I also put in the PROXY that any network can release spam and that our staff vlan can release emails. Also, on the inside of the firewall we did an access list that computers from staff vlan can access 1.1.1.1 on port 6552 (Which is the release spam port).Hence, we can release emails from internal network through the Microsoft Outlook.
On the outside network, we cannot release emails when using outlook web access.The host name for the PROXY release spam is proxy.domain.com so what we did also today is ask "ISP" to make an A record entry for another public ip which is 9.2.7.6 for proxy.domain.com.We meanwhile made an entry on the access list that comptuers from outside can access 9.2.7.6 on port 6552 (which is the release port).Now the only question is in regards to the static entries:
1. do we (and can we?) static map 9.2.7.6 to 1.1.1.1 through a port 3840 on the Cisco ASA (although we have already mapped 1.1.1.1 to 9.2.7.5 - I have a doubt here as this might mean we might not get emails? Or would we have to do the static again for this one specifcying the 9.2.7.5 as an smtp entry and the 9.2.7.6 as a release button?
2. have I made a mistake in general and should I have just told the ISP to make a CNAME entry for proxy.domain.com with the public ip 9.2.7.5 (which is the public ip for MX record?)?
View 9 Replies
View Related
Sep 10, 2012
Is there a cisco best practice on the maximum number of NAT statements on a Cisco ASA? We have a 5520 and a coworker is adding static NAT policies so a vendor can monitor around 1,029 nodes. The problem is each node inside is a 10.X.X.X and to keep the IPs from overlapping with other customers the vendor monitors they would like us to NAT to a 172.16.X.X scheme.
View 3 Replies
View Related
Jan 13, 2008
Just a very quick one. Is there any physical limitation to how many ARP entries a 6509 and sup720 can have?
View 4 Replies
View Related
Feb 23, 2011
We are looking to find the number of maximum ARP Cache Entries for 1921 and 887VA series Routers. Do they go upto a limit that memory allows, or is there a maksimum arp cache entry limit for both of the router types?
View 3 Replies
View Related
Mar 4, 2011
For our children, we use the parental control feature of the DIR-615 (RevD, FW4.11b15), which works excellently. I use the whitelist feature, so only trusted web sites can be accessed. Unfortunately the DIR-615 only has 10 entries in that list and I will soon need more. So I wonder if there is another D-Link router that offers a bigger list with maybe 50 or even 100 entries?
View 4 Replies
View Related
Apr 10, 2012
Any info regarding the number of MAC Entries of Catalyst 3560X/3750X Platform? I can find that number in 3560, 3750 ds but not in 3560x ds.
View 2 Replies
View Related
Feb 4, 2013
We have 2 Hubs (Cisco 7200 - 2 for redudancy). Every customer have a Spoke (Cisco 881). The Spokes are 24/24 connected to the 2 hubs (2 dmvpn tunnels) to give us the access to our equipments of monitoring and for support. Every Spoke have a NAT table with a specific NAT range for every Spoke. Like this we can reach every devices with a unique IP inside the VPN.For example:
- Spoke_001 have a NAT IP range of 10.80.0.0 255.255.254.0
- Spoke_002 have a NAT IP range of 10.80.2.0 255.255.254.0
...
To connect to the hubs with our laptops, we are using the Cisco VPN client. We have different profiles created in the hubs:
- Admin profile with an ACL that allow the connectivity to every Spoke
- Integrator profiles: that allow the connectivity of one integrator to some defined Spokes.
So the integrator profile looks like this in the hub
crypto isakmp client configuration group [NAME]
key [PASSWORD]
domain [DOMAIN]
pool [NAME]
acl [NAME_VPN_Split]
[code]....
The problem is that if we can't summarize an ACL in less than 50 lines, we will have to create a second profile and to know wich one to use for wich network...
Version:
ROM: System Bootstrap, Version 12.3(4r)T3, RELEASE SOFTWARE (fc1)
BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.3(15), RELEASE SOFTWARE (fc3)
System image file is "disk2:c7200-advsecurityk9-mz.151-4.M2.bin"
View 3 Replies
View Related
Apr 30, 2013
I need connecting ASDM to ASA 5525x management port its a brand new ASA i just updated ios and ASDM port configuration is following
Management por 0/0 ip 192.168.1.1
secure-level 100
http server enable
http 192.168.1.10 255.255.255.255 inside
port is up
When I am launching Internet explorer it just said cant connect Chrome shows connection with 192.168.1.1 is was interrupted but i can ping asa and backward .
View 12 Replies
View Related
Apr 30, 2013
I am trying to get two external addresses to PAT to different ports on the same address in the dmz.
Object NAT is configured as follows:
object network Obj-192.168.1.20-1
nat (dmz,outside) static Obj-External-1 service tcp https https
object network Onj-192.168.1.20-2
nat (dmz,outside) static Obj-External-2 service tcp 2000 https
Obj-192.168.1.20-1 and Obj-192.168.1.20-2 contain the same host address.
The idea being that traffic destined for Obj-External-1 on port 443 will be forwarded to Obj-192.168.1.20-1 on port 443. Traffic for Obj-External-2 on port 443 will be forwarded to Obj-192.168.20-2 on port 2000.
Traffic for the first object, Obj-192.168.1.20-1, works but traffic for the second does not.
View 5 Replies
View Related
Dec 5, 2010
What is the maximum number of multilinks we can have on a 7206 router ?
View 4 Replies
View Related
Jun 9, 2011
I tried to add some more MACs to our Controllers through the WCS. I hate mac-filtering. We plan on stopping sometime. Three of the Controllers(4402s) are reporting that we have reached the max which appears to be 506.First, is there anyway to increase this number?Second, if not, any experience with deleting clients? Should I use reporting to find MACs that haven't been used for sometime and delete them? Is there a better way?
View 7 Replies
View Related
Jan 14, 2013
I know this sounds a simple and easy question, but I can't find the answer anywhere - so here it is :-I need to know the maximum number of vpn tunnels that a Cisco 881 can handle.(In context, we have a group of users, who work from home and this office, so their laptops have the cisco vpn client, I need to know how many of these vpn connections the 881 can handle at once before it dies a death.)Hote - I have read somewhere a line that state maximum number of users is 20 but think this was in reference to some VOIP service.
View 2 Replies
View Related
May 2, 2011
When using CSMA/CD what is the maximum number of end-to-end propagation delays that could elapse from the time a sender starts its transmission until:the collision is detected? the frame it is sending has a collision?
View 1 Replies
View Related
Apr 7, 2011
We are having random issues of users not being able to connect to our wireless network consistently. The users will have successfully accessed the network previously but then will have difficulty associating to the network. After a period of time, the association appears successful again. My first thoughts were that there was a restriction on the number of clients that could associate to a given AP at any one time.This is the equipment we have:1x Cisco Wireless Control Server (WCS) 6.0.181.04x Cisco 5508 Wireless LAN Controllers 6.0.196.060x Aironet 1142N Lightweight Access Points (LAP) Is there a hard or recommended maximum number of clients per LAP? If so, where is this defined? From what I have read on these forums, Cisco apparently recommends about 25 clients per AP but I can not find any official documentation to support this.When I go to WCS Home > General > Top APs by Client Count, the top AP reports 20 clients. However, if I click on the AP Name and go to the Current Associated Clients tab, it is only listing 8 clients - why is this?
View 3 Replies
View Related
May 2, 2011
How many routed ethernet ports do they support when using HWIC-1FE and HWIC-2FE modules? On the Cisco site for the two interface modules and in the corrseponding PDF of supported interfaces for 29xx routers a maximum number of 2 2port modules(HWIC-2FE) and 2 1port modules(HWIC-2FE) is written.Does this mean, that I can put in 4 L3 HWIC modules into one Cisco 2921 router by combining these two HWIC modules resulting in a total number of 7 interfaces for this router?
View 3 Replies
View Related
Aug 1, 2012
I cant find the maximum number of vrf supported on a 3925E ?
View 1 Replies
View Related
Feb 4, 2011
I'm planning to build a network in a office and I've decided to do that with powerline AV network adapters.I
1. what is the real limit of numbers of powerline AV adapters in one network?
2. what if my neighbours are planning to build their own network and total number of adapters in building exceeds the maximum possible number. How to filter powerline networks from each other?
View 5 Replies
View Related
Jul 2, 2012
I have a BT Home Hub 3 and quite often get messages "cannot connect to network". I have many (>20) devices connected. Have I reached the limit? With four kids in the house the pressure to connect even more devices is growing.
View 1 Replies
View Related
Apr 22, 2013
I will be implementing a new firewall (cisco asa 5515x) on my existing 3750x (server switches) and my 2960s (user switches). What should I need to apply on my firewall and swtiches to make the implementation successfull. I will put my 3750x as my DMZ and my 2960s as my inside. The 3750x have multiple subnet and also the 2960s.which features and technologies i need to know on those 3 products. my 3750x and 2960s don't have any ACL defined and most common features are vlan, switchport, trunking, spanning-tree, stacking, vtp.how my asa knows that my 3750x/2960s have multiple vlans. my current connection right now on 3750x and 2960s is just through 6 ports i assigned as one trunk, below is my config [code]
my 2960s vlans are almost the same with my 3750x except vlan 160, 170, 192. but of course when i put this in asa, i have to segragate vlan for 3750x (192, 100, 110,160, 170) and 2960s (130, 150). for my 2960s connection to the asa and since this will have big bandwidth, i will use 3 ports on my asa (and trunk it) connecting to my 2960s and i will use 2 ports on my asa (and trunk it) connecting to my 3750x. the one internet ports and my one management ports on my asa will stay like that.
View 2 Replies
View Related
Sep 23, 2012
I have a strange issue which happened to me last weekend with two ASA 5515X on version 8.6(1)2. There was a planned power shutdown which only affected the primary firewall. Failover was configured and running successfully. The configuration was also saved after every change made. After power was shut and primary firewall went off the secondary took over like it should but unfortunately all configuration was gone. We immediately powered on the primary again but also this one lost the configuration.
While reconfiguring the firewall we ran into another problem. The devices won't pair although it was the correct configuration. After three times removing and adding the same failover configuration the devices accepted the failover and worked together again.
I went through the bug toolkit and white papers regarding ASA 5515x and this particular version but were not able to find anything.
View 2 Replies
View Related
Jan 11, 2012
Is there a maximum number of licenses for connections to a 877?The reason I ask is that our routers are managed by a datacentre and when I asked for the login details I was told that I couldnt have them due to licensing reasons with no other explanation.
View 1 Replies
View Related
Jul 11, 2012
I have a few sites using the RV042 with wireless access points and some of them have over 50 devices.In reviewing the documentation (specifically,[URL]), I came across this:Enable DHCP server: Check the box to allow the router to dynamically assign IP addresses to up to 50 connected devices. Uncheck the box if you have another DHCP server on the network or you want to configure static IP addresses for your network devices.Is this accurate? Or will the RV042 allow more than 50 devices?
View 3 Replies
View Related
Apr 15, 2012
Is there a limit to the number of ssid's that can be supported in h-reap mode? I need to deploy at least 4 but the documentation does not necessarily say. I'm deploying these ssid's on a 7500 controller.
View 1 Replies
View Related
Apr 26, 2012
I need to know the maximum number of MAC addresses that can be entered in to the MAC security filter list on the AP541N.I know it has a maximum number of 200 concurrent users, however the documentation does not specifiy whether this also applies to the MAC filter.
I have used wireless acces points in the past that allow hundreds of users but only allow 64 MAC addresses, so this is very important.
View 1 Replies
View Related
Feb 28, 2012
i want to know a number of maximum tcp connection at same time on interface of my 7200 router,how i'll do that?any configuration, software?
View 1 Replies
View Related
Apr 26, 2013
I wanted to know if anyone can say with certainty how many clients can stay connected 'Aironet 1140 series. I state that I should connect WiFi in about 350 clients.
View 6 Replies
View Related
Apr 19, 2013
what is the maximum number of etherchannels i can build on a Cisco 2960S stack. We hoping to connected 15 servers using 2 port channels between two stacked 2960 for redunancey. So what is the max number of channels can i build using the 2960S? Is the max 6 or is it more?
View 4 Replies
View Related
May 20, 2012
I have a question regarding to the maximmum number of active SSID's on a WLC 5500 with 3500i, it's my understanding that the 3500i can support 16 active SSID's is it the same when connected to the WLC? Also, if possible would the WLC shutdown un-used Radios or maybe after hours?
View 1 Replies
View Related
Jul 10, 2011
which is the maximum number of simultaneous wired guest clients on a 5508? And in a 2112 controller?
Wired clients count as wireless clients??
What about anchoring limitations, what is the effect of wired guest clients on the anchor controller?
View 2 Replies
View Related
May 7, 2012
What are the maximum number of AE2500 wireless adapters can be installed on a PC running Windows XP SP3 using the windows wireless zero configuration? Recently I'm working on a program that needs multiple seperate wireless connections on a Windows XP SP3 PC. Each wireless adaptor is given a static IP address to respond to traffic at some specific ports. I can install four AE2500 adaptors without problem, but it disconnects the first AE2500 device when I plug in the fifth AE2500 adapter. I've tried on different windows XP machines. They all get the same problem. I wonder if it is a limitation in the AE2500 driver.BTW I've also tried to install an Valet AM10 adaptor as the fifth adapter, it seems ok. Yet installing more AM10 adapters beyond the fifth (4 AE2500 + 1 AM10) requires some luck. It may disconnect the other AM10 devices when I plug in another AM10 adapter.
View 1 Replies
View Related
