Cisco Firewall :: NAT Config Changes From 6.2 To 8.4?
Sep 14, 2011
I am converting one PIX config (in 6.2) format to 8.4 format manually.I am stuck at the following statements.
---------------------------
global (outside) 1 192.168.21.100-192.168.21.150 netmask 255.255.255.0
global (outside) 1 192.168.21.44 netmask 255.255.255.255
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-list 101 permit ip host 10.130.101.2 10.132.102.0 255.255.255.0
-----------------------------
My understanding from the old config file was that any traffic coming from source 10.130.101.2 to destination 10.132.102.0 would NOT be translated and this shall remain the same in 8.4.How can I rewrote the NAT commands?
View 5 Replies
ADVERTISEMENT
Sep 23, 2012
I have a strange issue which happened to me last weekend with two ASA 5515X on version 8.6(1)2. There was a planned power shutdown which only affected the primary firewall. Failover was configured and running successfully. The configuration was also saved after every change made. After power was shut and primary firewall went off the secondary took over like it should but unfortunately all configuration was gone. We immediately powered on the primary again but also this one lost the configuration.
While reconfiguring the firewall we ran into another problem. The devices won't pair although it was the correct configuration. After three times removing and adding the same failover configuration the devices accepted the failover and worked together again.
I went through the bug toolkit and white papers regarding ASA 5515x and this particular version but were not able to find anything.
View 2 Replies
View Related
Mar 14, 2011
I am configuring an ASA5540 firewall for a client, only difference to usual being that it is to run in Transparent mode. I have looked through for an EAL4 transparent firewall config guide but found nothing and therefore assumed that the usual one would be used.The clients security bod has now come back and insisted MAC filtering should be used but I can find no reference of this anywhere. Does MAC filtering is required to make a transparent box EAL4 compliant and if so where I can find documentation supporting this?
View 1 Replies
View Related
Apr 17, 2012
If i connected the latop to brand new out of the box ASA 5505 through consloe cable and i have a config file on this laptop from other ASA5505, is there anyway i can upload that config file into startup-config of this new ASA5505 through console cable, without using TFTP or FTP?
View 5 Replies
View Related
Nov 15, 2009
I have a Cisco 2811 router and when I turn of the router the running config is lost. I have to the following to get the router running of the start-up config settings.
router#copy start-up running-config
View 9 Replies
View Related
Dec 17, 2012
I'm upgrading ASA firewalls from a 5510 (running 8.2.2 code) to a 5515-X (running 8.6.1 code). What is the best way to move the existing config to the new firewall? Can I simply copy it?
View 2 Replies
View Related
Sep 27, 2011
we are looking at having a 172.168.40.0 network on our LAN. BUT i want to tie it down to JUST accessing the internet!So i'm looking for some ideas on how that ACL would look like.i have an ASA 5510 as our firewall and i've attached a simple network diagram for reference.
View 7 Replies
View Related
Sep 12, 2012
I'm sure this is simple to resolve. I just bought a new Cisco 2901 ISR Router. How do I configure the Cisco 2901 ISR Router for Zone Firewall? The "zone" command is not recognized and does not show up in the "?" list in config or user modes -
View 4 Replies
View Related
Jun 6, 2013
I know that configuration in 8.2.x and 8.4.x is different in terms of NAT and object groups.
I just want to know is it possible to do a direct upgrade from 8.2.3 to 8.4.x ?Secondly, will ASA automatically convert all the configuration from 8.2 to 8.4 format during the reboot after the upgrade?
View 2 Replies
View Related
Jan 22, 2013
Customer has a ASA5540 at their main location and need a new ASA5500 for a DR site.
Can I simply take a config file from an ASA5540 and easily drop it on an ASA5545-X or what ever?
They are going to be using it as a VPN concentrator primarily.
Or are there going to be issues since the 5540 is running 8.4(5) and the 5545-X? Or if they upgrade to 9,0(1) or higher, then they should be the same?
View 2 Replies
View Related
Sep 26, 2012
I have ASA 5505 and I save the configuration in the ASA 5505 using write memory or using copy run start but whe i unplug the power cord and plug it back in the ASA gets its factory default configuration.
View 8 Replies
View Related
May 1, 2011
What is the factory default config on ASA5505 with 8.4.1?
View 3 Replies
View Related
Dec 23, 2012
We just changed over to Comcast Business and after changing the outside interface to new IP and setting static route. I have access to internet and everythig appears to be good, However asdm will never fully load, alway stuck at 17% or 77%, and I always see "parsing running config".
When I do a show run it will not fully load either, always stop at certain out put. 5 seconds after pulling the Comcast cable out both asdm and running config will load fine.
View 12 Replies
View Related
Nov 6, 2012
I have CISCO pix, version 525, today while trying to save the config, I am getting below error
GPRS-PIX# wrBuilding configuration...no memory available
Error executing command
[FAILED]
Cisco PIX Security Appliance Software Version 8.0(4)Device Manager Version 6.1(5)51
Compiled on Thu 07-Aug-08 19:42 by buildersSystem image file is "flash:/pix804.bin"
[Code]....
View 4 Replies
View Related
Apr 19, 2012
I m trying to set my friewall in my network. The network is very simple. I have my router in 192.168.16.1 255.255.255.0 (mac-address 58-98-35-2a-4c-39) I have my switch in 192.168.16.26 255.255.255.0 (mac-address 00-19-99-5d-1f-43) and i have my firewall ASA between the router and the switch in 192.168.16.250 255.255.255.0 (mac-address 64-9e-f3-ba-28-c9)
So i need to configure 3 interface in my ASA.
- OUTSIE e0/0(I call it INTERNET)
- INSIDE e0/1(I call it LAN)
- MANGEMENT m0/0(I call it MANAGEMENT)
[Code]....
But with this config when I plug the firewall, i dont have access to internet anymore.
View 7 Replies
View Related
Apr 10, 2011
I have two ASA5510 configured in an active/standby failover configuration. Everything is working well, but I would like to remove DMZ2 as it is no longer needed. On my DMZ2 interface, I have removed the security level and the IP address and shutdown the interface. However, when I do a "show failover" DMZ2 is still showing up. I would like to remove it completely so that failover isn't even "monitoring" this interface. What command am I missing or what do I need to do to completely remove this interface from this "show failover" listing? [code]
View 7 Replies
View Related
Mar 20, 2011
I have an ASA5510 that was working in a HA config that is now constantly rebooting itself. Here is a copy of the dump of traceback messages:
Booting system, please wait...
CISCO SYSTEMSEmbedded BIOS Version 1.0(11)5 08/28/08 15:11:51.82
Low Memory: 631 KBHigh Memory: 256 MBPCI Device Table.Bus Dev Func VendID DevID Class Irq 00 00 00 8086 2578 Host Bridge 00 01 00 8086 2579 PCI-to-PCI Bridge 00 03 00 8086 257B PCI-to-PCI Bridge 00 1C 00 8086 25AE PCI-to-PCI Bridge
[Code] .........
View 1 Replies
View Related
Jun 13, 2012
I have ASA 5520 using ios 8.2(2)
I received a new ASA 5550 and want to transfert my config from 5520 to 5550
View 2 Replies
View Related
Mar 17, 2012
working config with least amount of code for:
IOS post 8.3
Subnet: 192.168.1.0 /24
Static NAT (from any source) to server 192.168.1.100 and allow the same incoming connections on outside interface
Ports:
TCP 20,21
TCP 80
UDP 50000-50020
View 1 Replies
View Related
Aug 21, 2011
It's been a while since I've done a lot with a PIX config so what is the best way to allow access for 2 IP addresses that need to RDP into a server here inside our network. They also wanted to have ports redirected, 3391 to 3389 and 3397 to 3389.
View 12 Replies
View Related
Oct 29, 2012
We have a customer who has 4 x 'WS-SVC-FWM-1' modules installed within 2 x 6513 chassis. The FWSMs are all running version 3.1(16) with failover group 1 and 2 enabled.After a few recent planned and un-planned power outages the FWSMs have come up without a full configuration. Is this a common fault? If so it there any kind of workaround that can be implemented?
View 5 Replies
View Related
Apr 5, 2011
since our update of Cisco ASA 5510 (active/standby cluster) from version 8.22 to version 8.24 it isn't possible to transfer files from/to a sftp client. The request just times out. SSH from this client is possible.
[Code]...
View 2 Replies
View Related
May 30, 2013
I have a fresh out the box asa5510 with 8.4 on it.I have built these before but for some reason cannot get this one to work. I am consoled on, have applied the following config but can still not ping to or from, can not asdm, cannot http/s. Arp table shows device it tries to ping, but device trying to pping it has incomplete arp entry. [code]
View 7 Replies
View Related
May 21, 2012
I'm attempting to configure two ASA 5520 for active/standby failover.When I enter the “failover” command to enable the config on the primary ASA, the entire routing table disappears.There is no routing process running, only static routes are configured.
Is this an expected behavior of the failover process and if so, how long should I wait for the routes to come back?
View 5 Replies
View Related
Aug 22, 2011
I need to redo the configuration on the new one?
View 11 Replies
View Related
Sep 11, 2011
I'm running into and interesting issue concerning a twice NAT config.
We have a remote site that needs to connect to a server cluster on our end. Using ASDM I have created a NAT rule that uses PAT to map our server addresses to a single IP (this is due to constraints placed on us by the remote site). This in and of itself shouldn't be a problem. The issue is that the VPN tunnel won't come up unless I also map an address to the remote site's sever.
Example:
Appliance: ASA 5510
ASA Version: 8.4(2)
ASDM Version: 6.4(5)
Original Packet:
Source Interface: inside
Destination Interface: outside
Source Address: Server_Cluster
Destination Address: Remote_Server
Service: any
Translated Packet:
Source NAT Type: Dynamic PAT (Hide)
Source Address: Mapped_Server_Cluster_Address
Destination Address: Mapped_Remote_Server_Address
Service: -- Original --
Within the Translated Packet section, if I set Destination Address to the actual remote server address nothing happens when I attempt to bring up the tunnel. However, if I map an address to the remote server, the tunnel begins to come up and then fails during phase two (as the mapped address doesn't match the addressing that has been defined in the remote end's connection profile).
Initially I thought the issue may be due to an IP addressing overlap since both sites are running similar numbers, but the default route statement on our ASA, should contend with this issue. Also, each time I change the NAT rule, I change the connection profile to match those changes.
So, ultimately, what I wish to accomplish is to allow connectivity between my site and the remote site without having to map another address to their remote server. How may I do this?
View 2 Replies
View Related
Jul 8, 2012
I have 2 office buildings using Cisco 800 series routers with a L2L VPN between both. I'm upgrading the router to an ASA5505 at one of the offices but can't figure out the L2L VPN on the ASA. Specifically, can't figure out how to set the pre-shared key. On the Cisco 800 it's:That doesn't seem to work on the ASA. Here is my current config on the Cisco 800. [code]
View 9 Replies
View Related
Feb 7, 2013
How do I turn off "logging esm config"? I tried conft no logging esm config and that worked for the moment, but when the switch reboots, or I run reload, it comes back.What does that do anyway? This switch was giving an out of memory error and seemed to be flooded with messages, so I trying to turn logging off/lower the log level.
View 5 Replies
View Related
Aug 15, 2011
my config and all the show's ive run sofar tryign to figure this out, but the policy map isnt matching the traffic for some reason
View 9 Replies
View Related
Feb 6, 2007
I have tried the config-register command and it is not available. Here is part of the show ver command. I want to change the config-reg from 0xF to 0x2102.I have run into this before but don't remember how to correct it.....I think I have to use the boot command but not sure. Here it the output show ver Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)FX, RELEASE SOFTWARE (fc1)
ROM: Bootstrap program is C2960 boot loader
BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)FX, RELEASE SOFTWARE (fc4)
System returned to ROM by power-on?System image file is "flash:c2960-lanbase-mz.122-25.FX/c2960-lanbase-mz.122-25.FX.bin"cisco WS-C2960-24TT-L (PowerPC405) processor (revision A0) with 61440K/4088K bytes of memory.last reset from power-on
4 Virtual Ethernet interfaces
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.64K bytes of flash-simulated non-volatile configuration memory.
Model number : WS-C2960-24TT-L
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 26 WS-C2960-24TT-L 12.2(25)FX C2960-LANBASE-M
Configuration register is 0xF
View 6 Replies
View Related
Aug 2, 2011
We have two offices in the US and one in Mexico. Our site in Mexico connects to our headquarters in the US over an AVPN/ MPLS circuit .Mexico has a separate Internet connection through TelMex. There is an ASA 5510 at headquarters and an ASA 5505 in Mexico. We have a fail over VPN set up in the ASAs for times when the MPLS circuit goes down. All Internet traffic in Mexico is supposed to be routed to the TelMex connection. All company traffic is supposed to be routed to the Cisco router. ASA is supposed to be last resort route. We have a fail over VPN set up in the ASAs for times when the MPLS circuit goes down. (Or at least we did until I had someone work on the configuration) Everything had been working fine for the last 4 years.
Yesterday when the MPLS went down, so did their Internet connection. I realized the Internet traffic is now coming through the MPLs circuit to head quarters and out our ASA. Obviously there is a problem with the configuration. I do not have enough experience to figure this out. I have attached the configs and the routes for both the ASA and the router.
View 11 Replies
View Related
Jul 31, 2011
I tried to deploy configuration templates with Cisco LMS Template Center, due to the 10 Cool LMS Tricks to better manage your network i am able to do it now.Just i don't know why, after deploying these templates the configuration is not save to the startup-config.another problem i have with the snmp-server location configuration. It seems my template does not support spaces in the textbox. Any way to put spaces in the snmp location?
<parameter name="snmp-location">
<description>SNMP Server Location</description>
View 3 Replies
View Related
Jul 18, 2012
I have run a netconfig jobs in LMS 4.2.1 with these settings: [code] After running the job the "Device Details" of the jobs say "Successful Devices" for all three switches:"Deploy successful (Primary Login Succeeded / Primary Enable Succeeded )" For the devices switch-1 and switch-2 I get the desired output: [code]. Why there is no output although the job is successful?
View 3 Replies
View Related
