Cisco Firewall :: PIX501 Unable To Access To Corporate Network
Mar 14, 2011
I am having trouble with routing in PIX501.I have one Pix 501 and one Cisco router.Cisco Router is configured for IPSEC VPN ( LAN interface 172.19.194.1) and PIX is configured for access the internet.Default gateway of Pcs in LAN are PIX inside interface ( 172.19.194.2) but people are unable to access to corporate network but can access the internet.If i set default gateway to Cisco router LAN interface ( 172.19.194.1)then i can access to corporate network.Purpose is to pass the internet traffic using PIX 501 and corporate network traffic using Cisco router.
View 6 Replies
ADVERTISEMENT
Sep 14, 2012
I have created an IPSEC VPN tunnel using a Cisco ASA5520 (corporate) to a Cisco SRP541W (remote). The corporate subnet is 10.1.0.0/16, and the remote subnet is 192.168.1.0/24. From the remote subnet, I can ping anything on the 10.1.0.0 corporate network, but I cannot ping from the corporate network to the remote subnet. At first I thought this was something obvious, perhaps an incorrect acl or something easy on the corporate firewall. However, we have several other vpn tunnels established, all set up the same, and they work just fine. After looking at it a bit more closely, if I ping the remote subnet I see the hit counter increment by one each time, which leads me to believe that traffic is in fact being routed properly.Now I'm thinking that something in the remote SRP541W that is not allowing icmp traffic, but I can't find it anywhere. To be honest I have never used this type of firewall before, they have all been Cisco PIX501/506e and ASA5500 models.
View 2 Replies
View Related
Feb 27, 2012
i am trying to setup an old PIX501. I had reset password, restored to factory settings.I am able to go to https://192.168.1.1 but when popup open it loads a moment and nothing happens.I tried it from W7, W XP but still nothing happens.
View 11 Replies
View Related
Sep 30, 2012
Looking for input on creating a guest VLAN for a client. The goal is to create a guest VLAN that doesn't have access to the corporate network using one DSL modem. They currently have a managed switch (3COM Baseline Switch 2928-SFP Plus). There are no existing VLANs or guest access. Additionally, they are looking for a WAP that supports captive portal.
View 10 Replies
View Related
Oct 30, 2011
My ISP insists on using a /30 IP WAN block to connect to its equipment even though it is an ethernet handoff. They wil then route a /27 public IP block to my firewall. I would have liked to skip the WAN block and connect my PIX directly to the interface but now have to deal with two sets of IP blocks and routing between them but I still want to avoid having to use a router in between their equipment and my firewall.Is it possible to use one of the switch ports on the PIX and configure it as a separate VLAN to handle the WAN block and then route internally to another VLAN with the public block and still be able to use NAT, ACL and IPSec on the PIX?
View 4 Replies
View Related
Jun 19, 2012
I have a Linksys EA4500 setup on my corporate network for wireless access. I have enabled the guest network and from all I can tell it's on a seperate subnet from my internal network like it should be. 192.168.x.x My internal is on a 10.x.x.x network. I conenct to the guest network using a laptop and I'm prompted for a password to get to the internet, which I like. The one issue I'm seeing is when I'm connected to the guest network I can still do an RDP session to internal resources. How is this possible if the guest network is on a seperate subnet?I take a laptop which has not been joined to my domain, connect to the guest ssid, and then open an RPD session and enter an IP address for an internal server and it connects. Is there a setting to keep this from happening
View 6 Replies
View Related
Feb 27, 2011
I have a serious problem with my corporate firewall, witch is an ASA 5520, fv 8.3, with 8 +1 interfaces. It suddenly started to crash every 10/20 minutes and rebooting alone.
First of all I checked system resources witch are in a very low usage state. I also checked interfaces errors, but nothing strange come out o from error counters analysis. I tried disabling logging and all the service policy rules configured, but nothing changed.
Nothing changed and firewall continue restarting by itself.
Last logs I received before crash were:
%ASA-4-711004: Task ran for 35 m sec, Process = Dispatch Unit, PC = 84a619e, Call stack =
%ASA-4-711004: Task ran for 35 m sec, Process = Dispatch Unit, PC = 84a619e, Call stack = 0x084A619E 0x084A6512 0x084A70E1 0x084A7987 0x084A7AAA 0x08558B9B 0x08558E8A 0x083D3518 0x083CA145 0x080659D1 0x089196D9 0x08919790 0x089FF711 0x08A27468
Here the sh crash info command on module 0, after last reboot:
[Code] ......
View 12 Replies
View Related
Sep 24, 2011
I am using two firewalls to connect two different offices. Firewall 5510 is running ASDM 6.3 and 5505 is running ASDM 6.2, Problem is that even after connecting two sites, i am unable to ping remote network from either side. I am mentioned static route as tunneled.
View 1 Replies
View Related
Jun 11, 2012
I am trying to connect to my office wifi which uses a proxy server. Scenario 1: I am using Samsung Bada (wave 1), connected to the internet successfully and also any applications that require an internet connection including Samsung's app store. While, connecting via open networks like home wifi and other friends' wifi also worked without any issue. Scenario 2: Now I also have an android based Galaxy pocket: even after entering all the required proxy setting as mentioned above, I can access websites via browser but cannot access samsung's app store, google's play store, skype, sipdroid etc. I know it is nothing to do with the network administration as I am still accessing via my samsung wave but not via android. Is there anything like a network profile I need to assign for these applications?
View 1 Replies
View Related
Feb 27, 2013
A new Windows 8 computer can't access the SSLVPN corporate connection.
When we try to access the SSLVPN website to download the launcher (you have to download the VPN launcher everytime for our configuration), you can log in and that's fine, and then you can click on the VPN Tunnel link, a popup shows up but it doesn't actually download the launcher. Solutions we've tried so far:
1) Reinstalling C++ Redistirbutable
2) Adding the site to trusted sites and allowing unsigned ActiveX controls
3) Removing all internet objects through internet options.
Is there anything else we can try?
View 3 Replies
View Related
Aug 7, 2011
Trying to access my corporate VPN. My laptop can successfully VPN in anytime I'm on the road, but not through my WRT54gx at home. I've enabled the VPN pass through but my expertise ends there.
View 1 Replies
View Related
May 9, 2012
I have a cisco 877 configured foir lan to lan between sites A and B. I have used vlan 1 but looks like i have to bvi1 if i need to use the wireless,what is the difference between bvi and vlan. if i wanted users on the same vlan and wireless what would be the base config ? at the moment all corporate traffic goes to site A and other traffic goes to internet. now would i be able to create two ssid, one for corporate to access corporate subnets and the other for guest access alone where the traffic goes out to the internet.
View 1 Replies
View Related
May 30, 2012
How can i to prevent the demonstration of a software in corporate network?
View 2 Replies
View Related
Feb 7, 2012
I have a computer that was previously connected on-site (hard wired) to a corporate network. I am now attempting to connect it on-site to my home network. While I have a live Internet connection going into the computer, I cannot connect to the Internet. Is there soem sort of setting adjustment that i need to make?
View 5 Replies
View Related
Nov 24, 2011
I want a simple remote client-initiated VPN for employees to access corporate resources from home simultaneously with being able to access the internet. I am using CCP and seem to have several options including Easy VPN server, SSL VPN. I also can choose "Full Tunnel" or not.I have a 2911 router. I have a static range of internet IP addresses. The router is already functioning with inside to outside and outside to inside NAT, etc.
View 1 Replies
View Related
Feb 26, 2013
I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
[Code]......
View 9 Replies
View Related
Feb 24, 2011
I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.
When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.
The ASA5505 configuration is shown below.
hostname Firewall
interface Ethernet0/0
description Connected To Internet Router
switchport access vlan 10
[Code].....
View 2 Replies
View Related
May 7, 2012
I have created remote access vpn in my ASA 5505. The tunnel is established but i am not able to access the internal network.
View 3 Replies
View Related
Mar 17, 2011
I currently have 90 remote locations that have PIX501's. They are all running 6.3 on them. All of these locations are creating an IPSEC VPN to my ASA 5520 (8.4) at the data center. Web access at the remote locations is currently being handled with ACL thru split tunnels. This is getting increasingly not fun as I have to reach out and touch them one at a time whenever I have to allow more access to the net. Code...
I would like to keep my split tunnel (if possible) for ports 443 and 21. I allow access to "any" on those ports and have no plans to change it.
Can I send port 80 down the VPN tunnel to the Proxy/Web Filter and then return the results to the Remote Client.
View 4 Replies
View Related
May 13, 2013
I am having a problem w/ my PIX501 w/ "Cisco PIX Firewall Version 6.3(4)", upon issuing the command i get this WARNING, is this normal? because it works perfectly fine in version 7.2(2)..
THE ERROR:
PIX1(config)# nat (outside) 1 222.127.244.52 255.255.255.252
WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
REFERENCE:
PIX1# sh nameif
nameif ethernet0 outside security0
nameif ethernet1 inside security100
View 2 Replies
View Related
Sep 27, 2012
I have config ASA 5505 and it is conencted to layer 3 switch that connects to cable Modem.
ASA is config with DHCP option and PC is able to get the IP from ASA. But from PC i am unable to access the internet. From ASA itself i am able to ping the Websites fine.
ASA has config with DHCP for inside and also it is doing NAT.
When i connect the ASA directly to Cable modem then pc is able to access the internet.
View 4 Replies
View Related
May 15, 2011
we are not able to access port 3389 on host 10.45.4.2 over our vpn connection. vpn is up and running and we can access othet tcp ports on the host but not 3389. hereunder part of the config:
ip http serverno ip http secure-serverip nat inside source route-map SDM_RMAP_1 interface BVI1 overloadip nat inside source static tcp 10.45.4.2 18330 94.229.51.184 18330 route-map SDM_RMAP_2 extendableip nat inside source static tcp 10.45.4.1 3389 213.148.231.156 3389 extendableip nat inside source static tcp 10.45.4.1 5800 213.148.231.156 5800 extendableip nat inside source static tcp 10.45.4.1 5900 213.148.231.156 5900 extendable!access-list 1 remark SDM_ACL Category=16access-list 1 permit 10.45.4.0 0.0.0.255access-list 100 remark SDM_ACL Category=4access-list 100 remark IPSec Ruleaccess-list 100 permit ip 10.45.4.0 0.0.0.255 10.45.1.0 0.0.0.255access-list 101 remark SDM_ACL Category=2access-list 101 remark IPSec Ruleaccess-list 101 deny ip 10.45.4.0 0.0.0.255 10.45.1.0 0.0.0.255access-list 101 permit ip 10.45.4.0 0.0.0.255 anyaccess-list 102 deny ip host 10.45.4.2 10.45.1.0 0.0.0.255access-list 102 permit ip host 10.45.4.2 anyroute-map SDM_RMAP_1 permit 1 match ip address 101!route-map SDM_RMAP_2 permit 1 match ip address 102!!control-plane!bridge 1 protocol ieeebridge 1 route ip
View 6 Replies
View Related
Dec 10, 2012
I've been struggling with gaining access to the inter through our Comcast business gateway. We have had Comcast configure the device fro true static IP subnetting. Turned of local DHCP on the device etc. Here is my config.
ASA Version 9.1(1)
!
hostname TOCN-EX-01A-C5505-GW
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
[code]....
View 9 Replies
View Related
Jun 1, 2011
I recently had a vendor configure our 2 firewalls (ASA5520). We are replacing a active-failover PIX525 firewall in 2 locations. After the vendor configured the new ASA5520's, I was unable to access the ASDM. The configurations are a basically modified versions of the config on the PIX525. I did find that they did not set the ASDM image path. [code]
I have tried from my browser as well as downloading and installing th ASDM on my computer.
View 2 Replies
View Related
May 19, 2011
I have recently deployed a Cisco ASA 5510 Security plus firewall on my companies network, but there is a problem that I am finding hard to get by and I think it is ASA related.
From (inside we are not able to hit any of our sites that are on the (outside). I have nat policies in place to translate the public to private, but I think I that I need some thing more. This seems to be occuring mainly with our external web sites as well as another animoly with regards to FTP (but it may be fixed if the http issue is resolved.)
I was hoping some with a lot more knowledge on ASA firewalls than my self can spot the error in my run-cfgs.
[code]....
View 15 Replies
View Related
Aug 15, 2011
I am having FWSM in active /standby mode deployed on two different cat 6k chassis. Unable to access the fwsm module from switch using ' session module mod_no processor 1 ", it throws error " % telnet connections not permitted from this terminal" Running Version 3.2.6 on fwsm, Cat 6k is running 12.2.33.SXH1,
switch#session slot 3 processor 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
% telnet connections not permitted from this terminal
---------------------------------------------------------------------------
have allowed telnet on line vty, configuration on Line vty is simple allowing all transport protocols
line vty 0 4
exec-timeout 5 0
transport input all
transport output all
line vty 5 15
exec-timeout 5 0
transport input all
transport output all
View 3 Replies
View Related
Mar 22, 2012
I am unable to remove an access list. Currently this this access list contains 4 lines of remarks. I was unsure if I was entering the command correctly and now I have 4 lines of "trash" that needs to be removed.
Symptoms:
The "sh run" command shows that I have access-list 100 defined.
The "sh access-list" returns nothing.
Process I have tried: config t
no access-list 100
no access-list remark Test (just trying anything at this point)
clear configure access-list 100 (This returns "Invalid input detected at '^' marker" and the '^' is under the 'e' in clear.)
So the "clear configure" command is not working. The "no access-list" commands does not return an error but does not remove anything.
What step am I missing? Let me know if I can provide any more information.
View 2 Replies
View Related
Jan 17, 2013
i am unable to launch ASDM, and access https:// to run Asdm..everything worked find yesterday but now for some reason it wont work?When i am trying to log in with the asdm it just hangs on the connecting to device... please wait...When i am tryng access the https://... i get the ssl do you want to trust.. and i press proceed anyway and i get an error
Asa 5510
Device manager version 6.1
System image file is "disk0:/asa804-k8.bin
Also i am accessing the asa with ssh without any issues
View 10 Replies
View Related
Jul 19, 2007
I have an ASA5505 running ver 8.0(2). I have configured the ssh timeout, ssh host commands and did the crypt o key gen. I am unable to access the device from the host I am allowing. Is there like ca save all command required? I am trying to use the default pix and telnet password. Do those still work?
View 3 Replies
View Related
Jun 25, 2012
I have setup a few Vpn clients but no ones able to access the inside network.The clients all get a Ip address from the pool and DNS servers Ip's. But cannot ping or connect to there pc's. I'm thining its somewhere in the ACL.
View 2 Replies
View Related
Jul 20, 2012
ethernet link light is green(blinking), but i am unable to access the network
View 2 Replies
View Related
Nov 28, 2011
I have a issue that i am at a loss as how to solve it. I have an ASA 5505 as my firewall. I have users from other companies who visit from time to time and are unable to use their outlook email to send messages. They can however receive messages without a problem. I also have a situation where users who use windows live to access gmail are unable to send messages.
I have narrowed it down to the fact that these uses are using ssl/tls to send the mails. I did some research and found out about the inspect esmtp setting in the ASA. I have disabled it and i still have to problem. I have also removed all outbound deny statements and still no luck.
Of note is that i can send emails without attachments. They take a long time to go out ( from minutes to hours) but eventually they do. Emails with attachments of even 10k do not go at all.
I was running image 8.2.3 and i downgraded to 8.0.5...still did not work...i upgraded to 8.4.3...still did not work. I am now back at 8.2.3.
My Firewall config is attached. I am at my wits end as to what else to try. The company has not renewed support for the device so i am on my own here!
View 2 Replies
View Related
May 27, 2012
I have an issue where my vpn clients are unable to access certain vlans in my network.I have configured an ASA 5520 with VPN access using the wizard and using the ASA as a dhcp server for VPN clients. I find that this allows the clients to access server resources such as the Exchange and Domain Controller but I find that these vpn clients are unable to ping each other as well as certain vlans that I have.Is there a way to configure the ASA to use a particular vlan that is already configured on the core switches?If I create a vlan interface and set the IP of it to 10.50.x.x then the vpn clients are suddenly unable to connect to any network resources...
View 1 Replies
View Related
