Cisco Firewall :: Multiple Subnets On ASA 5510?

Mar 26, 2013

I have an ASA5510 that is connected to outside for WAN, inside for LAN (10.22.254.0/24), and a iSCSI switch plugged into Ethernet 0/3 (10.22.244.0/24). I can ping the Eth0/3 interface (10.22.244.1) but I can't ping across that interface from WAN or LAN side.
 
START CONFIGURATION
ASA Version 9.1(1)
!
hostname ASA5510

[Code].....

View 7 Replies


ADVERTISEMENT

Cisco Firewall :: 8.4 / NAT Multiple Inside Subnets?

Jun 23, 2011

NAT command on 8.4? I am trying to PAT multipule Inside subnets to an IP address. With the example I found I can only PAT one subnet. If I do it the way I have below, it will end up with the last subnet (3.3.3.0) stay in the config. What is the best way of doing it? I have about 20 inside subnets I need to PAT.
 
object network obj-Inside-sub1
subnet 1.1.1.0 255.255.255.0subnet 2.2.2.0 255.255.0.0subnet 3.3.3.0 255.255.0.0nat (inside,outside) dynamic 199.246.5.2

View 5 Replies View Related

Cisco Firewall :: PIX 515E - Multiple External Subnets

May 23, 2011

I have an existing pair of PIX 515E that has two interfaces. One connected to the public internet via my ISP and one internal.  
I recently ran out of IP's and had the ISP route an additional block to public IP of my firewall. This isn't working for some reason and I'm trying to figure out why.
 
The "ip address outside XXX" command defines the outside address and I don't see any way to add a secondary sub net.
 
I tried just adding a rule to the firewall for one of the IP's in the new subnet, but I can't seem to get traffic to pass though the device.

View 1 Replies View Related

Cisco Firewall :: Netgear FVX538 - Multiple Subnets On SA520

Jan 5, 2012

I am new to Cisco products. We have currently got a Netgear FVX538 running in front of a few servers. We currently have 2 ranges of IP addresses provided to us on 2 separate subnets. We configured the netgear box with the first IP addresses of each subnet as the IP address of each of the primary and secondary LANs. This then allowed us to set the gateway addresses of servers on the network to either of those 2 addresses, depending on it's range.
 
This all worked fine - except for the fact that the Netgear box is incredibly flakey, so we decided to get a Cisco box.
 
We have gone for the SA520, which I have been trying to configure this afternoon. Unfortunately I am now having concerns as to whether it is possible to configure 2 separate subnets internally on this box in the same way we have done with the netgear box. ie - classical routing, one incoming WAN interface with multiple subnets?

View 5 Replies View Related

Cisco Firewall :: 3560 - ASA Limit Bandwidth Per Subnet For Multiple Subnets

Sep 16, 2012

I have an ASA which is managing internet access from mutiple VLANs configured on a 3560 switch. I want to be able to limit the 100MB internet connection on the ASA on a per subnet (VLAN) basis for the multiple subnets configured on the switch..
 
so for example
 
VLAN10 - 10.0.10.0 - limit to 5MB
VLAN20 - 10.0.20.0 - limit to 10MB
VLAN30 - 10.0.30.0 - limit to 3MB

View 7 Replies View Related

Cisco Firewall :: ASA 5510 Two Public IP Subnets?

Aug 31, 2011

i just got an extra public subnet from our ISP (co hosting center) But I can't figure out how to use them on my ASA.
 
New:

IP-adresses: 87.1.1.194 - 87.1.1.254
Default gateway: 87.1.1.193
Subnetmask: 255.255.255.192
 
Old:

IP-adresses: 200.1.1.34 - 200.1.1.46
Default gateway: 200.1.1.33
Subnetmask: 255.255.255.240
 
Config:

route wan 0.0.0.0 0.0.0.0 200.1.1.33 1
 
And statics like:

static (interface,wan) tcp 200.1.1.37 3389 192.168.3.100 3389 netmask 255.255.255.255

View 22 Replies View Related

Cisco Firewall :: ASA 5510 - Two External Subnets On The Same Interface

Oct 21, 2012

I have two ASA 5510 in an active-standby cluster, not that I think that the fact that they are clustered will be of any importance here so feel free to think of it as a single 5510. The internet connection is delivered in a single RJ45 connection. To be able to use it with the cluster there is a simple unmanaged switch connected between the ISP and the ASA's. I have two subnets with public addresses, for simplicity lets call them 1.1.1.0/24 and 2.2.2.0/24. Default routers are 1.1.1.1 and 2.2.2.1 respectively.
 
Can I somehow use both these subnets in the ASA's? Im currently using the first subnet and use PAT to direct traffic to internal servers. But if I want to use adresses from the second subnet wont that mess up the routing, since there is no way I can specify the default router for the second subnet? I have as of yet not tried anything, Im just trying to plan ahead and I cant seem to wrap my head around how this could possibly be done.

View 5 Replies View Related

Cisco Firewall :: Routing To Internal Subnets From ASA 5510

May 17, 2012

Having trouble with a couple items.  First of all, should I be able to ping the inside interface of the ASA from all internal subnets assuming all of these subnets/vlans are directly connected to the same L3 switch?  I can ping the ASA inside interface from our L3 switch, but I cannot ping the inside interface from a host on a different internal subnet.  I have setup static routing on the ASA [

route inside 10.10.96.0 255.255.248.0 10.30.1.1 1]and verified that I can ping the host [10.10.96.212] from the ASA inside interface [10.30.1.5].  The inside interface is on the 10.30.1.x/24 subnet.  My host is on the 10.10.96.x/21 subnet.  From the ASA I can ping 10.10.96.212, but I cannot ping 10.30.1.5 from 10.10.96.212.  I can however ping 10.30.1.1 from 10.10.96.212.
 
This leads to my next issue, which is trying to setup the ASA to work concurrently with our current firewall.  I'm doing this in order to transition to the ASA.  I'd much prefer to cutover inbound NAT a little at a time vs. doing it all at once.  Our current firewall is setup at 10.30.1.2 and this is the default route on our L3 switch (0.0.0.0 0.0.0.0 10.30.1.2).  So my question is, if I setup an inbound NAT to one of our web servers on the 10.10.96.x subnet, will I be able to get it to route back to the ASA as opposed to ending up in asymmetric routing **** since the default route points back to our other firewall? 

View 2 Replies View Related

Cisco Firewall :: ASA 5510 / Multiple VLANs Behind Single Firewall Segment?

Feb 5, 2012

I need to create a firewalled segment that not only separates hosts from general population, but also from each other.  The solitary confinement of firewalled segments.I know that I could create a bunch of sub-interfaces, one for each host or group that needs to be isolated, but I'd really rather not have to do that if possible.  1) It could become a management nightmare between ACLs and sub-interfaces and 2) it's a waste of IP addresses.s there any way that I can create a bunch of separate VLANs behind the firewall and have them all terminate at the firewall, using a single firewall IP address for the gateway?
 
VLAN 1 - hosts 1.1.1.5 and 1.1.1.6VLAN 2 - hosts 1.1.1.7
Firewall DMZ Interface - 1.1.1.1VLAN 3 - hosts 1.1.1.8 and 1.1.1.9 

This way, the hosts are isolated and can't talk to each other unless they're on the same VLAN.I'm working with an ASA 5510 running 8.2.4(4).

View 1 Replies View Related

Cisco Firewall :: ASA 8.4 / NAT Some Subnets To One IP And Other Subnets To Another IP?

Aug 15, 2012

I need to NAT some subnets to one IP and other subnets to another IP. The range command want work because some of the subnets are out of order.For example  subnets 192.168.1.0 - 192.168.7.0 and 192.168.25.0, 192.168.28.0 nat'd to 1.1.1.1.  subnet 192.168.26.0-192.168.27.0 nat'd to 1.1.1.2

View 2 Replies View Related

Cisco Firewall :: ASA 5510 - Multiple V LAN's And ACLs

Feb 27, 2013

I'm having a bit of trouble determining the best way to do this... I have 12 V LAN's set up (sub interfaces on a redundant group of two NICs) on my ASA 5510.  On several of these, I want them to be able to access the internet but not access other V LAN's. 

By default, they have a rule like "any to any less secure", and since the outside interface has a lower security level, this works great.  But if I create an ACL on the interface, this rule disappears.  I can restore internet access by adding an "any to any" or "(this interface's sub net) to any" rule, but this seems to imply that it allows access to any v LAN.  Do I have to create a set of "deny" rules for each V LAN, on each V LAN, followed by an any-any rule to allow internet access, or is there a cleaner approach?

View 2 Replies View Related

Cisco Firewall :: Use Multiple ISP Connection To 5510?

Feb 7, 2013

i've two cisco asa5510 with 4 FastEthernet interfaces each.They are connected as below:

[code]...

to three different ISP each of them! The 4rth interface of each of them, is connected to internal LAN network. Both Firewalls, offers VPN Services to ISP connections on Fa0/0
 
How can i achieve high availability for this scneario?is this possible to implement some HighAvailability and to offer the actual services to each of them, in case that the other firewall fail?What about using subintefaces? can i connect bothe ISP and Customers links on one or each of them, in case that firewall01 fails, all the services to be online on firewall02?

View 1 Replies View Related

Cisco :: Multiple Public Subnets On Asa

Mar 2, 2012

I've currently got my ASA (5505) serving a /28 public subnet. I've ran out of IPs, so my DC has issued me an additional /24 subnet that they have routed to my ASA. What needs to be done on my ASA so be able to use these new addresses? I've been trying to search and not been able to find a good answer (some say I shouldn't have to do anything, everything else references NATing, which I currently don't do and would rather not do).The servers I assign these to, I'd like them to have the public ip assigned directly to them.

View 5 Replies View Related

Cisco Firewall :: ASA 5510 Same Vlan On Multiple Interface

Jan 13, 2013

Whether it is possible to have same vlan on multiple interface on ASA 5510 and higher models ?

View 2 Replies View Related

Cisco :: SG200-08 Setting Up Multiple Subnets

Aug 26, 2011

I am setting up my home lab to practice and play around.I have VMWARE ESXi environment with two workstations as my servers.I would like to setup two domains with two domain controllers  but i want each domain to have its own subnet.So this is my setup. I have Cable modem from cablevision , thay connects to my router which is Apple Airport which acts as the DHCP server. DNS server and default gateway. The network on the router is 10.0.1.xThen i have two switches . One is a 5 port unmanaged switch that connects to the three physical desktops .Then i have a Cisco small business switch SG200-08 that connects to my ESX servers and NAS. Now currently all is good and working but like i said all my machines physical or virtual get an IP that is 10.0.1.x and they get all this from the router. And i think i can setup two domains with two domain controllers without an issue and they will all get an IP address of 10.0.1.x. This is all good but i want to have one domain on one subnet and other on another so for example one domain will have 10.0.1.x and other 10.0.2.x. I am just not sure what i need to to  get this setup like this. I know my SG200-08 supports vlans and i am pretty sure on the apple router you can only have one subnet i think. So can i do this with my current setup by setting up a DHCP server with two scopes ?

View 3 Replies View Related

Cisco Routers :: RV042 Multiple Subnets

Jan 22, 2013

Here's what I want to do with my RV042: I have a bunch of devices, including a server, inside my network at 192.168.1.100
 
I've set up VPN using PPTP. It works, but if my clients have their own remote DHCP set up to 192.168.1.x, they can't get to the server. If their home DHCP is 10.x.x.x., everything works
 
I am considering changing my internal network to something obscure.
 
My server has two NICs. So I thought, I why not set one address up to 10.x.x.x But the two nets can't ping each other. I tried using "multiple subnet" on the RV042, setting up 10.1.1.1, but no luck.

View 1 Replies View Related

Multiple Networks Different Subnets Windows 7?

Jan 24, 2013

I have a Windows 7 Pro Desktop with an on-board Ethernet and an Axis USB To Ethernet adapter. The on board Ethernet is configured as dhcp and obtain the address 10.162.146.123 with 255.255.255.0 subnet. The Axis USB to Ethernet adapter is static ip configuration with 10.38.25.37 and 255.0.0.0 as subnet. Under the adv settings I have also another ip 11.38.25.37 with 255.0.0.0 subnet. When the Axis is communicating 10.38.0.1 network I can not access the internet using the on board Ethernet 10.162.146.123. I have to disable either one of the cards to access one network at a time.

View 3 Replies View Related

Cisco Firewall :: ASA 5510 - How To Assign Multiple Public IP Addresses

Dec 2, 2010

I'm currently replacing my ASA 5505 with a 5510. I have a range of public IP addresses, one has been assigned to the outside interface by the setup wizard (e.g. 123.123.123.124 ) and another I would like to NAT to an internal server (e.g 192.168.0.3 > 123.123.123.125). On my asa 5505 this seemed fairly straigh forward, i.e. create an incoming access rule that allowed SMTP to 123.123.123.125 and then create a static nat to translate 192.168.0.3 to 123.123.123.125. Since I've tried to do the same on the 5510 traffic is not passing through so I'm assuming that the use of additional public IP addresses is not handled in the same way as the 5505? I also see that by default on the 5505, 2 VLANs are created, one for the inside and one for the outside, where as this is not the case on the 5510. Is the problem that VLANs or sub-interfaces need to be created first?  I'm doing the config via ASDM.
 
Everything else seems to OK i.e. access to ASDM via 123.123.123.124, outbound PAT and the site-to-site VPN.

View 15 Replies View Related

Cisco Firewall :: 5510 - Multiple ASA Configs For Cold Spare

Oct 2, 2012

I have a few sites all running Cisco ASA 5510s. They all share the same asa (8.4(4)1) and asdm (6.4.9) version, but their configs differ significantly. I have a cold spare sitting in my office in the event we have a physical failure. Is there a quick and simple way I can load up multiple configs and then boot up the cold spare to then run the config from Site_A or Site_B?  Just looking for a quick solution rather than doing a full restore should something fail spectacularly.  Nice to say upon bootup, using confreg perhaps, to boot Site_A config rather than Site_C.

View 1 Replies View Related

Cisco Firewall :: Backup ASA 5510 Multiple Context Mode

Oct 19, 2011

I am running a ASA 5510 in multiple context mode. IOS 6.4(2), ASDM 6.4(5)106.
 
In older ios/asdm versions it was possible to backup the configuration using ASDM.

In 6.4(5)106 i am missing this feature (see attachment)
 
Is it possible to backup a multiple context firewall using ASDM and above mentioned software versions?

View 3 Replies View Related

Cisco Firewall :: ASA 5510 - Multiple Pools / Group Authentication?

Apr 8, 2011

can i have on asa 5510 multiple pools and multiple group authentication for various departments along with restricted access if any

View 3 Replies View Related

Cisco Firewall :: ASA 5510 - Multiple Static Route Tracking

May 15, 2013

I am trying to set up my ASA5510 the fail over of ISP when it can't ping three different IP. I create three different tracking to three different IP using sla monitor & track rtr. But when I do

   route isp2  0 0  yy.yy.yy.yy  50
   route isp1  0 0  xx.xx.xx.xx  31  track 1
   route isp1  0 0  xx.xx.xx.xx  32  track 2
   route isp1  0 0  xx.xx.xx.xx  33  track 3

the last route will replace the previous two and only the last route command takes effect.Is there anyway I can set up the fail over to ISP2 only when it can't ping three different IP from ISP1?

View 1 Replies View Related

Cisco Routers :: RV042 VPN Tunnel For Multiple Subnets?

Aug 5, 2011

We have 4 RV 042 routers and  cisco router at HQ, we have Site to Site VPN tunnels in between, All branch offices are connected to HQ via S2S VPN tunnels
 
10.10.1.0/ 24 HQ
10.10.2.0/24 Branch 1
10.10.3.0/24 Branch 2
10.10.4.0/24 Branch 3
10.10.5.0/24 Branch 4
  
now lets say i am branch 1, i can access 10.10.1.0/24 network but cant access 10.10.5.0/24 network, means i dont have branch to branch connection, it should be through HQ, means my RV042 at brnach  should fwd all traffic to HQ for another branches also. Under VPN tunnel if i try to configure remote destination 10.10.0.0/21 its not allowing me it says network overlaping with local network, how i can sole it, I know how to do in cisco, we can permit those networks in access lists.

View 1 Replies View Related

Multiple Public IP Addresses From Different Subnets On 1 Router

Feb 20, 2012

Is it possible to have multiple public IP addresses that are from different subnets going through one router? I have been told that this is not possible with most routers and that I would have to spend a lot of money on a router to be able to do it. I am still not totally clear on what defines a subnet even after reading up on them. What I am trying to achieve:

-My office has 10 computers.

-All would be connected to one router.

-My internet service provider has provided me with 10 public IP addresses, that are all very varied (which I asked for)

View 3 Replies View Related

Cisco Routers :: RV042 Protocol Binding Multiple LAN Subnets?

Aug 16, 2011

We have Point to point T1 environment where 3 additional WAN sites get internet access through our RV042. When we setup load balancing we have problems with https traffic, so we setup protocol binding for https and everything worked great from the local LAN. When trying to access https content from the remote LAN across the WAN the sites failed and I see no option to add additional subnets to the protocol binding. Is there a command line feature that supports adding additional subnets for protocol binding or is the local LAN the only option?

View 7 Replies View Related

Cisco VPN :: ASA5505 - Multiple Distinct Inside Subnets And VLANs?

Nov 17, 2011

The ASA device is going to be the gateway for multiple distinct inside IP subnets.   We can have have a unique outside IP address to correspond to each inside IP subnet if needed, but we need some means for a VPN client or a site-to-site VPN to have acess to a pre-definied IP subnet (i.e. if customer A establishes a VPN connection, they have connectivity to IP subnet X; customer B establishes a VPN connection, they have connectivity to IP subnet Y, etc.).Currently, the two inside IP subnets are 10.10.0.0/16 and 10.20.0.0/16. We will be adding more.The problem we are facing is that we cannot reach the VLAN 201 from the ASA we believe this is because. I have setup two addresses on port 0/1 Vlan1, 10.10.20.2 and 10.20.20.1 as an alias. How can we make traffic for the 10.10.0.0/16 subnet untagged and traffic for the 10.20.0.0/16 subnet tagged for VLAN 201.

View 1 Replies View Related

Cisco Routers :: RV180W VPN Configuration / How To Choose Multiple Subnets

Jan 4, 2013

I have setup 15 x RV180W's so far for a particular client.They have requested that we add a Corporate Wireless VLAN for their laptop users (not guests) and add a Special Use WiFi VLAN for a particular mobile platform that is being deployed (in this case we need 2 separate WiFi VLANs to ensure compliance).Also, none of the VLANs can talk to eachother and they have their own subnets.I have the Wireless and VLANs setup, no problem... but I am having an issue wiht the VPN settings.I have the wired network's subnet working fine. But I do not know how to add the subnets for both Wireless VLANs to the traffic selection.The IP schemes will not allow me to just select a large subnet... here are some examples:
 
Wired VLAN: 10.10.x.y
Corporate WiFi VLAN: 10.15.x.y
Special WiFi VLAN: 10.18.x.y
 
x is the octet that defines the physical unit location (unit 1 = .23, unit 2 = .24, etc...) y is the octet the host.Since they are not in a contiguous block, I cannot just use a larger subnet mask.I can add multiple traffic selection rules to the ASA5515 at HQ, so that side of the tunnel is perfect... I just don't know how to add the three VLANs to the RV180. Is it as simple as using commas or semicolons?

View 1 Replies View Related

Cisco Firewall :: Statically PAT Multiple Internal Hosts To One External Host 5510

Feb 20, 2012

I am working on replacing our Checkpoint Firewalls with ASA's, and am running into the following NAT problem. On some of our Checkpoints, there are external NAT's that are mapped to multiple internal hosts based on ports.Is there any way to translate that to the ASA? I'm not sure the ASA will let you have multiple internal hosts mapped to one external IP using static NATs. The main issue, is these are alarm panels that receive data from external hosts (the traffic is initiated externally on the Internet) so I can't use dynamic PAT with this.

View 1 Replies View Related

Cisco Switching/Routing :: 2901 - Multiple Subnets On Same Vlan Switchport?

Jun 29, 2012

I have a Cisco 2901 with the 4port gigabit ethernet switch module that I'm trying to get configured to have a seperate subnet for each port.  So far I have it set up so each subnet is a vlan, then on each port I use the switchport access vlan command to tell it which subnet I want that port to be on.  However, there is one port that I need to have 2 subnets on.  The way I found to do that was to use switchport trunking on that port, but it doesn't seem to be working properly. how they would configure this?  Right now I have vlan 101 as x.x.x.17/28 and vlan 103 as x.x.x.53/30.  I think where I'm getting hung up is the proper association between the physical port and the vlan subnets.

View 5 Replies View Related

Cisco WAN :: 6509 Fwsm Multiple Subnets Routed On One Port From 3750

Dec 20, 2010

We have a 6509 that was connected to 2 other locations(location A and B) and our local lan (location MAIN).  We wanted to move the location A and B to a 3750 switch and only allow the traffic that needed to access our location MAIN to come through the firewall.  The only problem I ran into is that before location A and B were on different interfaces so in the 6509 firewall the routes for traffic to our MAIN location was done by static routes.
 
I.E.
static (MAIN_intf,A_intf) 192.1.1.72 10.94.10.72 netmask 255.255.255.255 0 0
static (MAIN_intf,B_intf) 192.2.2.72 10.94.10.72 netmask 255.255.255.255 0 0

[Code]....

because it has a static overlap, which makes sense to me, but my question is how do I configure the network to get this to work?  Do I have to reconfigure my network and access-list?  Do I need to add more ports between the 6509 and 3750?  I'm not sure if this is the best way to do what we want. If something is not clear I'll try my best to explain the setup, but I just took over for our I.T. guy when he left.
 
I put 10.10.10.72 instead I should have put 10.94.10.72. the routed port is on a different subnet than the computer I'm trying to access.

View 4 Replies View Related

Cisco Routers :: 3750 / RV042 And Multiple LAN Subnets Access To Internet

Nov 27, 2011

We have RV 042 deployed for internet access/firewall purposes. Due to growing number for Wireless devices and also to separate WLAN traffic from wired devices, we have created a separate VLAN/IP Subnet for the wifi devices. We are having trouble accessing the internet from the WiFi VLAN/IP Subnet.  Cisco 3750 is layer 2 and layer 3 device. We have VLAN 1 (10.10.10.0/255.255.255.0), all wired devices and RV 042 are part of VLAN 1. Connectivity to internet from VLAN 1 is good. VLAN 2 (192.168.1.0 / 255.255.255.0) was created for wifi devices, 3750 does the inter-vlan routing, I have enabled the multiple subnet feature on the RV 042 and added 192.168.1.2 / 24 to the subnet list, we still have issues accessing internet from vlan 2 devices.
 
As a workaround, I shutdown vlan 2 and added 192.168.1.0/24 as secondary address to the VLAN 1 interface on 3750 and i was able to access internet from 192.168.1.0/24 network with wifi devices also on vlan 1, we want wifi devices to be on separate vlan / ip subnet. Looking at the documentation for RV series routers, it talks about supporting multiple subnets access to internet by enabling multiple subnet feature but it doesn't seem to work.Are there restrictions on having multiple vlans?

View 4 Replies View Related

Cisco :: Communication Between Subnets On 5510

Sep 13, 2011

I am working on a Cisco 5510 with multiple interfaces and requirements. I have experience with Cisco IOS, but not too much with the ASAs. I seem to be getting a bit confused on the NATing and ACLs on a firewall that was started by another employee, who is no longer here. With my current config I can get the firewall in place (we are currently using an older PIX) and most basic functions work except for two key things: 1) communication from the finance interface to the inside interface. The finance subnet has some restrictions that you will see in the ACL- we are trying to limit connections to the those systems, but they need to be able access an e-mail server on the inside. 2) communication from the DMZ interface to the inside interface. Maybe related to the first problem?

View 2 Replies View Related

Cisco Switching/Routing :: 3750 - Multiple Subnets In Single DHCP Pool On Device

Mar 25, 2012

3750 can not support multiple subnets in it's DHCP server pool config.

Is this an issue that can be fixed with a different iOS or is there a different Cisco switch that I can replace the 3750 with that will handle multiple subnets within an individual pool?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved