Cisco Firewall :: NAT Stops Working With VLAN On PIX 515e
Jan 3, 2012
I have a PIX 515e (8.0 (2)) and 1841 router (12.4(25)).I had the following setup working without issue:
[Internet] <-----> PIX <-----> 1841 <-----> [LAN]
I then tried to introduce VLANs and now I can not reach the Internet from the LAN. It seems that no nat translations are taking place.
-I can successfully ping the LAN from the PIX.
-I can successfully ping the Internet from the PIX.
-I can successfully ping the PIX inside_lan interface from the router
-I can not ping the outside interface from the router
-I can not ping the Internet from the router
I introduced the LAN side VLAN first and everything still worked. However, once i introduced the VLAN between the router and PIX, things have broken down. [code]
View 2 Replies
ADVERTISEMENT
Mar 24, 2011
I have a PIX-515E that I'm trying to configure for what I thought would be a simple task. I've been playing with VMWare ESXi on a Dell PowerEdge 1850 in a lab environment. The server's IPMI is bound to one of its two physical interfaces, which I've connected to Ethernet 1 on the firewall. The interface has the following configuration:
PIX Version 7.2(4)!interface Ethernet1 nameif FrontEnd security-level 40 no ip address!interface Ethernet1.2 vlan 2 nameif IPMI security-level 90 ip address 172.16.0.161 255.255.255.224
The server's baseboard manager has been configured to tag its traffic on VLAN 2, priority left at 0 (default), and its IP address appears in the firewall's ARP cache; however, here's what I get for a ping response: Sending 5, 100-byte ICMP Echos to 172.16.0.164, timeout is 2 seconds:?????Success rate is 0 percent (0/5)
View 1 Replies
View Related
May 21, 2012
I've been struggling to get ASDM (PDM) installed and running on my PIX 515e. The PIX IOS version is 7.2.4(30) The ASDM version I've copied to flash is 524.
I've followed the Cisco documentation verbatim, however I still cannot connect via the Java ASDM client or via http. When I try to connect via http, my PIX shows the following error: "tcp access denied by acl from..." I do not this this is a security (ACL) issue as I've tested after opening everything up and still no luck.
Here's my running config (w/ the relevant statements prepended with ">>>"):
show run
: Saved
:
[Code]....
View 14 Replies
View Related
Feb 12, 2012
Turned up a new colo service last week using some PIX 515E firewalls and two Cat 2950 series switches. I have attached a diagram of the layout which I have used elsewhere with good success. Basically I have two switches connected together via port channel (2 ports). The colo facility gives me two HSRP enabled links, of which I plug one into switch A and the other in switch B. The PIxes are a failover pair with the primary plugged into the same switch A as the primary HSRP link.The backup PIX is plugged into the backup switch where the backup HSRP link is. When I unplug the primary HSRP link the PIX can ping the HSRP gateway still, but nothing beyond that. Nothing gets it to work until I plug the link back in.
The only thing I could see that might cause an issue is the 'ip verify reverse-path' command on the PIXes. But even the switches cannot ping out beyond the HSRP gateway. Just seems like all inbound routing stops. I am not sure what the colo facility has going on their side but it seems like they are using just some Cisco 6509s and doing HSRP between them. Seems pretty simple but so far this is proving un-usable as is.
The PIX BTW just uses a default route to the HSRP gateway.
View 3 Replies
View Related
Feb 5, 2013
I find are steps to turn on SSH access. I have quite a few customers with ASA5510's installed. SSH is set up and working fine on every one. After a period of time, you are no longer able to SSH into the firewall. Using Putty, it just sits there on a blank screen without giving a "denied access" message or a login prompt. Rebooting the firewall will solve the issue and SSH access works again. Today, I had a customer with and active/standby configuration where I had to reboot both of them to be able to log in. Most of my customers are on 8.2.software as most don't want to reconfigure for the new NAT, etc.
I'm sure others have seen this before since it appears to be occuring on almost every ASA that I have access to. Is there any fix to eliminate this or is there something that can be run from the ASDM that will grant SSH access again without just doing a reboot?
View 4 Replies
View Related
Aug 22, 2011
I need to redo the configuration on the new one?
View 11 Replies
View Related
May 8, 2012
I know that I've run into this before but I can't remember the fix. I have a 5510. The 3 interfaces involved are INSIDE, OUTSIDE, and GUEST. Corporate users are allowed to put their iPhones on the Guest network, but the problem is that their Exchange ActiveSync stops working. It is tied to the external DNS name of the OWA server (we'll say webmail.abc.com). So the users are funneled out one public IP on the OUTSIDE interface and are trying to communicate with the outside of the OWA server, which is NATed to another public IP on the same outside interface. What do I need to do on the ASA to allow users on the guest network (behind the GUEST interface) to access the mail server using its public IP (behind the INSIDE interface)
View 1 Replies
View Related
Jun 4, 2013
I have a RV042 router on a single WAN and an internal LAN. I have configured port forwarding as follows: HTTP[TCP/80~80]->10.0.0.6HTTPS[TCP/443~443]->10.0.0.6IMAP[TCP/143~143]->10.0.0.5IMAP SSL[TCP/993~993]->10.0.0.5SMTP SSL[TCP/587~587]->10.0.0.5
Everything works just fine when I have the firewall DISABLED. However, when I enable it the behaviour is erratic. 1 out of 10 attempts to connect to ANY port forwarded works. Almost all attempts time out. Notice that this happens even if using only the default firewall rules (which should be bypassed by the port forwarding as I read in other posts).
My second try was to create firewall rules manually, overriding the default ones. I tried adding rules from source WAN1 (where my connection is) to ANY and to SINGLE IP's on every port. Nothing seems to work.
I don't know what I'm doing wrong, this is really bugging me. I had to turn the firewall off so we can access our servers from outside the office. This shouldn't have to be done.
Just found out that my firewall is getting LOTS and LOTS of Blocked - SYN Flood entries. I think this is why we are having trouble with the firewall. Could this be the problem? I have no idea where all these SYN packets are coming from since they appear with spoofed IPs or come from different bots all over.
View 1 Replies
View Related
Mar 17, 2011
I´m trying to configure a subinterface named Inside with vlan 1 but the interface stops work with this vlan.My switch is a Cisco and use the lan with vlan 1 too.If I change de vlan for other i.e vlan13 works fine. And all others vlans works fine too.Is there a problem to use the vlan 1?
My configuration is:
Cisco ASA:
interface gig0/3
no ip address
no security
no nameif
Interface gig0/3.1
vlan 1
nameif Inside
Securirity-level 100
ip address 10.x.y.x 255.255.224.0
The giga port of the swtich is configure to trunk model.
View 2 Replies
View Related
Apr 24, 2013
i have a 876 Router, connected to the Internet and a VPN. From inside i would like to pass all traffic destinied to 192.168.0.0 255.255.255.0 to the VirtualPPP IF and al the other to the Internet (vlan2) I have created this rule, but after applying ist works only for about 30 to 60 seconds. after that only the Internet reachable. Everytime i do a clear ip nat trans * both Interfaces will work für 30 to 60 secs again...
This is the relevant part of the cfg
ip nat inside source route-map Di1 interface Virtual-PPP1 overload
ip nat inside source route-map VLAN1 interface Vlan2 overload
!
access-list 1 remark CCP_ACL Category=2
[Code].....
View 5 Replies
View Related
Jun 13, 2012
I have an Pix 515E firewall with Pix724-33.bin IOS. I just want to know that does this IOS support SNMPV3 or I will have to upgarde it with some other version.
View 1 Replies
View Related
Jan 16, 2013
Ive got a problem with passing traffic through a Cisco 515e firewall.im trying to telnet to devices on the inside net, 172.16.x.x fom an outside net 10.x.x.x? ive configured a group called infrastructure and added the 10.x.x.x addresses.ive configured acl 101 inbound on the outside interface:
access-list 101 permit tcp object-group INFRASTRUCTURE any eq telnet
theres a route to the inside net:
inside 172.16.0.0 255.255.0.0 172.16.163.1
and theres a translation:
static (inside,outside) 10.4.4.34 10.4.4.34 netmask 255.255.255.255
when i try and connect, using a packet capture I can see traffic from 10.4.4.34 to the inside device 172.x.x.x on the inside interface but i cant see the traffic leave the outside interface ive used the same group infrastructure group before to connect to VM machines on the 172.x.x.x net on RDP and this wrks ok. access-list 101 permit tcp object-group INFRASTRUCTURE object-group VMs eq 3389
View 8 Replies
View Related
Nov 25, 2012
I am trying to set the PIX firewall to transparent mode.After I set it to transparent firewall, I allowed all icmp, tcp, udp traffics.Currently, any devices in the inside network can get the ip automatically from DHCP server in the outside network but cannot ping to any servers in the outside network either access the internet.Do I need additional confiration on the firewall?
Here's the configuration:
PIX Version 7.0(1)
firewall transparent
names
!
interface Ethernet0
[Code]....
View 1 Replies
View Related
Mar 5, 2012
I have a cisco asa 5010 where, during the process of configuring, the outside ports become down/down. The /0 port won't even reactivate after cycling power on the unit.Port /1 is the inside interface and it is not affected by the problems.I switched the outside port to port /3 and it worked for awhile then it stopped working. I switched it to Port /2 and the same thing.Port /2 and Port /3 are on after a power recycle but shut down completely (down/down) during the reconfiguration. It seems like a hardware failure, but I'm wondering if it could be anything else.
View 4 Replies
View Related
Jul 19, 2012
I recently setup a site to site vpn between a asa 5510 and router 1921. It was working great all night and this morning. When traffic stopped rolling through for a few hours the tunnel shutdown. I checked the router using cisco configuration and tells me the tunnel is up. When I check the asa it does not show up in the active tunnels. Any know what would cuase it to drop? and if so what can I do to avoid it.
View 6 Replies
View Related
Jun 8, 2011
i've an Cisco ASA 5510 with Security Appliance Software Version 8.0(2), in this ASA i've many L2L tunnels to this ASA, anda sometims new tunnels can't connect, the older tunnels still ok and working, yesterday this situation occured again and i've tried to clear all ipsec tunnels and try to reconnect again no one cames up again. At the time of this situation memory usage was about 78% and CPU is was around 5%. I've made a reload without changes and the situation returns to the normality.
At the time of the fail i've collect the outpu from debug crypto isakmp 255, the outpu was in the annexed file.
View 1 Replies
View Related
May 17, 2011
I have a problem with configuring brach router 891 (with IOS v15.0(1)M).I want to connect to HQ via EasyVPN connection (split-tunnel) and allow the local traffic to go directly to the Internet via NAT (PAT).When the VPN connection goes up, NAT stops working and NAT translations don't appear in show ip nat translations. When the VPN connection goes down, NAT begins to work again.
View 1 Replies
View Related
May 20, 2013
I have Pix firewall 515e on inside interface its has configured with IP 192.168.0.254.And Global Nating is configured.
global (outside) 1 interface
nat (inside) 1 192.168.0.0 255.255.255.0 0 0
I want i configured Global nating only for only specific IP address E.g 192.168.0.0-192.168.0.30 and 192.168.0.200-192.168.0.254?How i do this?
View 13 Replies
View Related
Mar 8, 2013
I have a Asus n55s. The wireless acts very funky. It sometimes disconnects and stops working. Sometimes, it will stop detecting any nearby wireless networks altogether. Then I have to enable and disable the wireless functionality until it starts seeing nearby wireless networks.
View 9 Replies
View Related
Feb 5, 2013
I've been having this problem with my laptop's wifi for a while now and it's been getting a little out of hand lately that I can't deal with it anymore. I asked some friends and they seem to have the same problem too but not nearly as often as I do. Every so often, my laptop's wifi just stops working so I turn it off and then turn it back on and it starts working again. My friend says it happens very rarely to him but for me just today it happened 2 times within 10 minutes
View 7 Replies
View Related
Oct 14, 2011
I'm having is that every few hours my TCP/IP protocol stops working. The modem lights remain normal but I can't connect to anything. The only thing that works on the internet is traceroutes at the command prompt which function normally. The solution is that I have to reboot and then everything returns to normal until a few hours later when it happens again. There are no error messages on any of my browsers. The page just goes white immediately. When I try to retrieve my email, I get a message about the TCP/IP isn't working.
View 9 Replies
View Related
May 2, 2012
I've got the same problem on my wife's Acer One 532h. Did it get resolved for you, Adrian and if so, how?
View 5 Replies
View Related
Mar 23, 2011
On Windows XP, my integrated NIC stops working after hosting a server. The server starts fine, ports are forwarded, firewall is down, modem is fine, but when I receive a connection, it shows they have made a connection, but then they drop, as do I. I can't browse or ping anywhere. I have to physically disconnect, then reconnect the ethernet cable to the port, or restart the computer. Upon ipconfig, the adapter is set with the Windows default ip (169.x.x.x) and cannot be /release'd or /renew'd.
View 10 Replies
View Related
Mar 4, 2012
It's fairly hard to explain what happens but basically, say I'm playing some type of online game, all of a sudden anything server sided such as HP amounts, damage amounts, etc. just disappears but the animation runs fine such as attacking being hit, etc. All of a sudden it'll jump forwards and I'll take any damage and do any damage that had been happening until the issue started. This happens constantly and it's really frustrating but on top of that my internet will slow to a crawl..Say I'm trying to send a message on Skype, it won't send for the longest time and I won't be able to recieve any or even open a new webpage until the problem fixes itself.'ve looked around a bit and thought I fixed the issue, I'm on wifi and multiple devices are connected but not always in use, and the forum I found suggested an ip conflict and said to open up command prompt release the ip with ipconfig /release and then renew it with ipconfig /renew.
View 3 Replies
View Related
Mar 22, 2012
Once every couple of days the wireless service seems to disappear. I've connected to the router from a wired computer and everything looks ok from the d-link panel, however its not showing up as an available wireless network on the wireless units. Pulling the power off for 30 seconds tends to get it working again. I'm configured bg and n. I need a mix... an old B laptop, have one machine that has a G NIC, and the rest are N.
View 14 Replies
View Related
May 2, 2011
After buying a new WNDR370. Sporadically and seemingly without any cause my internet will stop working. Diagnostic will always report it as "DNS Server is not responding." I've also discovered that if I enter my router settings and even just switch the DNS settings from Auto to manual or vice versa the problem corrects itself instantly-then next time it happens I just need to do it again.
I've already tried resetting my entire network and rebuilding the recommended way. Modem, Router, then computers-connecting each only after the prior has finished initializing. Hasn't worked though.
Currently I have my main rig connected directly to the modem to try and find out if I experience the problem at all this way, this is a pain in the ass though, and I don't know when long enough is long enough as the issue is completely random and simply just may not happen.
View 10 Replies
View Related
Mar 5, 2012
I have an EuroDOCSIS 3.0 cable modem from UPC Romania. It's a Cisco EPC3925, wireless modem.
My problem is that most of the time (like 80% of the time) when someone is starting or closing a PC that is connected using a wire, the whole internet crashes (wired PCs get a ! sign and the internet stops working and wireless PCs are getting disconnected completely from the network being unable to reconnect). This is solved by restarting the modem (unplugging/replugging it) or waiting for it to reconnect. I want to mention that during this process the modem lights show that everything is ok and nothing special happens.
First of all I called UPC technical support and the man there said that I should try to disable the firewall from the modem (which I had disabled already), if it won't work then to try to reset the modem to the factory settings (as I was thinking to do - because I configured the settings as I wished) and if this won't work then calling them back to change the modem.
I tried to reset to the factory settings and that didn't work at all after running tests over one week. After that I called UPC and they said that the modem is for sure the problem, they sent a technician (today) who also said that the modem is the problem. Ok ok, the technician replaced it and everything seemed to be good.
30 minutes ago my father started his PC and what should I see? Bam, internet crashing. 5 minutes ago i closed as well my PC and what should I see? The internet crashing again.
View 19 Replies
View Related
Mar 3, 2013
My Cisco 871w still stops working once a week.Today I found it frozen, after the weekend, and I have executed few commands from the HyperTerminal .The commands were given by cisco coleagues in previous post :show logshow ip int briefshow interfaces counters errorsshow interface FastEthernet1show interface FastEthernet1 statshow interface FastEthernet1 summaryshow interface FastEthernet1 switching
View 4 Replies
View Related
May 11, 2012
I have setup a Cisco SR520W and everything appears to be working. After a few hours, it looks like the WAN port stops forwarding traffic to the Internet gateway IP of the device.If I unplug and then plug in the network cable connecting the WAN port of the SR520W to my the modem, traffic startings flowing again. Also, if I restart the SR520W, the traffic will flow again.
View 1 Replies
View Related
Jun 14, 2011
I have two Cisco ASA 5520's running software version 8.2(2) set up in a HA pair. The L2L vpn is set up and works as expected between this site and another. The issue is that every few months, one subnet of the VPN, the same one all the time, stops forwarding/receiving traffic. The device in the remote location is not a Cisco device but I am certain the issue lies with the ASA as when I fail over to the slave device the VPN works again, failing back again however stays with the subnet still not passing traffic. I need to reboot the device before it starts forwarding traffic on the subnet again.
View 3 Replies
View Related
Oct 6, 2012
I have the following network.2 WAN links termination on my PIX 515e and all internal users connected to third interface.
Problem I am facing is that I have assign manual IP to users with some have full access to Internet while others have limited.
The users are changing their IP address while others are offline and I want to restrict them.
The only way I can think off is by binding IP to MAC as e.g ( Active wall software). But can it be done on PIX 515e and if so how?
View 11 Replies
View Related
Feb 10, 2013
My computer runs bit torrent almost all the time, sometimes when I start Firefox the home page google never loads and neither do any other web pages yet bit torrent is still working as if nothing has changed. If I start a download in Firefox come back to the pc a few hours later Google doesn't load but the Firefox download still continues.What causes this is it DNS ?
View 2 Replies
View Related
Mar 11, 2011
My internet (wired and wireless) usually works fine, but occasionally (read: every few days to weeks) the connection will suddenly black out for a period of time, anywhere from an hour to a day. I have tried resetting both my router and modem, and going through all the settings on my laptop, but I'm pretty sure it's not my computer, as no other devices can connect either. During the blackouts, when I look at the modem, the internet light will turn on for a second, then go off and then the red "alarm" light (aka "something is wrong" light) starts blinking like crazy, and this keeps repeating. This resolves itself after anywhere from a few hours to a whole day and everything is normal again. The light show, and the fact that I can't find any other problems, leads me to believe that it could be a problem with my provider (or the network itself) and not a hardware or software problem, but I can't be sure of this.Also, during the blackouts, I can connect to the network, but it shows that limited connectivity symbol (exclamation mark thing) and says no internet.
View 5 Replies
View Related
