Cisco Firewall :: Pix 515e Basic CLi Configuration
Oct 12, 2011
I dint have any experience in Using cisco pix firewall. i got this for home lab practice.the pix can be accessed and configured by web based and CLI mode right. basic configuariton tto configure pix 515e in cli mode.
as of now im using console( hyper terminal) to access the pix. in cli based commands i need the following
1. how to assign ip address to inside ethernet and outside ethernet
2. how to enable telnet and after enabling it , can i connect my pc directly to the pix inside ethernet and do telnetting or if at all possible with (https enabled)web based config. any of these are ohk.
went at browsing to find these all i could find is web based configs. i need cli commands.
View 9 Replies
ADVERTISEMENT
Apr 19, 2011
I am trying to set up my Cisco 520 router with a firewall that will: Allow port 80 traffic to the vlan 20,Block all other incomming ports to vlan 20 (unless initalised from inside),Allow all outgoing ports on vlan 20,Block all access from vlan 20 to vlan 10 (unless initalised from vlan 10)
View 35 Replies
View Related
May 8, 2011
creating a DMZ with my current configuration. Most of my configuration has been through the ASDM as I am still learning. I'm looking for a good tutorial through the ASDM to get me on my way. What I need to accomplish is this:
I have an internal GIS server which needs to have a constant database connection to an remote GIS Server which is already configured. I've got a separate VLAN setup on my 3750 switch which connects to the DMZ configured port on my ASA with a security level of 50. My GIS server has been placed in the DMZ VLAN which is accessible from my internal clients. I have a /30 Internet block which is being used for Internet and VPN. I have a separate /28 block that I'm assuming I'll need for the DMZ to work properly.
View 1 Replies
View Related
May 21, 2012
This is my 1st time trying to configure an ASA.
I'm trying to establish a very basic connection (ping) between 2 laptops, one sat on the outside interface, and one on the inside as per the diagram below:
I can ping back and forth from the ASA to 192.168.1.4, and to 10.1.1.1. However, what I'm trying to achieve is to be able to ping from 10.1.1.1 to 192.168.1.4 and vice versa.
I have attached the configuration file with this post as well.
View 4 Replies
View Related
Jan 3, 2013
I have an 871 and all I need to do is some basic rules. Here is the config I am having the issue with.
View 1 Replies
View Related
Nov 25, 2012
I am trying to set the PIX firewall to transparent mode.After I set it to transparent firewall, I allowed all icmp, tcp, udp traffics.Currently, any devices in the inside network can get the ip automatically from DHCP server in the outside network but cannot ping to any servers in the outside network either access the internet.Do I need additional confiration on the firewall?
Here's the configuration:
PIX Version 7.0(1)
firewall transparent
names
!
interface Ethernet0
[Code]....
View 1 Replies
View Related
May 5, 2012
I just got my PIX515e configured and thought I had it working correctly, but on my 3745 router, the line protocol is down, I've looked through the configs for bot the PIX and the 3745 and can't seem to figure out why I don't have access.
Pix515E config:
pixfirewall# show run
: Saved
:
PIX Version 8.0(4)32
!
hostname pixfirewall
domain-name home.jkkcc.com
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
View 10 Replies
View Related
Jun 26, 2011
we have a pix 515E firewall with software version Cisco PIX Security Appliance Software Version 7.0(4) and ASDM version Device Manager Version 5.0(4). we are in a process of upgrading the software. Kindly suggest the software and ASDM version most fit for the device. Also the software should be compatilbe for the current configuation running.
View 3 Replies
View Related
Aug 22, 2011
I need to redo the configuration on the new one?
View 11 Replies
View Related
Oct 21, 2011
step by step ACS 5.1's basic configuration through CLI?
View 2 Replies
View Related
Jan 3, 2013
I am struggling to get this working after spending many hours looking at it I am now completely stuck. We are upgrading from a 857W to this 887 VA-M I have some experience of IOS and the 800 series. Our 857W works perfectly using almost the same config. Our situation is that the router will sit in front of our firewall and act essentially as a simple router passing everything through to our Firewall. Nat is done at the Firewall.
We currently have the following configuration that seems to connect the the ISP fine but I cannot connect to the vlan2 port on the switch the firewall cannot connect to he internet or route anything via the Vlan2 port no pings etc.. I am using Fast Ethernet 0 as the Vlan2 port and the rest are V LAN 1 with a local network address to allow me to connect a laptop.
We have a block of static IP addresses, the base of which is assigned to the V LAN 2 interface and used by Dialer 0 as IP Unnumbered. Config below.
4590 out of 262136 bytes
! Last configuration change at 17:42:06 UTC Thu Jan 3 2013
! NVRAM config last updated at 17:43:00 UTC Thu Jan 3 2013
! NVRAM config last updated at 17:43:00 UTC Thu Jan 3 2013
[ code].....
View 2 Replies
View Related
Sep 30, 2011
I have an ASA running 8.2(2).I am trying to get the network on the inside interface to be able to communicate through the outside interface and on to the internet.
View 18 Replies
View Related
Sep 4, 2012
I have just bought my first non-domestic router, a CISCO 887VA-K9 which needs basic configuration to get it working. I have a copy of the configuration guide (334 pages) and CP Express user's guide (94 pages) and have spent an hour reading but either they are missing something or my brain is too small to figure out step 1. How to get started. Perhaps from where to download a CP Express installation kit for Windows.
Is the only way via a terminal emulator connected via a serial port ? Is there a graphical interface I can use ? Are there any basic tutorials for beginners ? This is probably the only non-domestic routrer I shall work on so I don't want to invest in a full training course. I just need enough to plug in the ISP credentials and set up DHCP.
View 27 Replies
View Related
Dec 13, 2012
in lab trying to run a test upgrade of an Ace30,can seem to get it right ace30 is in slot 1 of the 6500, management vlan 10
View 4 Replies
View Related
Aug 12, 2012
I set up a basic Linksys E2500 with the following information and connected to the internet straight away without a problem: I have spent several hours simply trying to get this basic information into the Cisco 819 using CP Express without success, i.e. I get no internet. Rather than show my inputs, What is the correct setup. I am a novice so I'd rather solve this issue using CP Express just to get connected in the first instance. I have a static IP address, I connected the ethernet cable carrying the internet to the internet port of the E2500 and an ethernet cable from one of the ethernet ports of the E2500 to my PC. For the 819, I connected the internet cable to the GE WAN 0 port and the PC to one of the FE ports.
View 18 Replies
View Related
Jul 19, 2012
We currently have 7 Cisco 3524-XL switches (10-12+ yrs old) which are 10/100. We purchased a handful of Cisco 3750X switches to replace them going with the whole stackwise and redundant power supplies. Our current configuration on the old 3524 switches is that they have hardset all the ports on them to 100MB/FULL since devices would auto-neg to 100/Half. Since we're going from 10/100 to 10/100/1000 switches, I want things to auto-neg as I have heard in the past and experienced that things work better when it auto-neg to gigabit. My upper management is afraid since the old switches wouldn't auto-neg correctly that we should hard set all the ports on the new switches, which would be a nightmare since some ports would be hard set to 100/FULL others to 1000/FULL, etc.. We've tested just about all of our devices at auto with the switches and they've all auto-neg to the correct speed. In short, is Auto-Negotiation the way to go with the newer switches or is it still better practice to hard set your ports?
View 3 Replies
View Related
Apr 8, 2012
I teach in a High School and we've got about a 300 node MS Windows Network. Two MS2003 File Servers act as my DNS/WINS/DHCP servers. We have been using a WATCHGUARD FIREBOX III to act as the router/gateway between the outside external address and my internal (10.0.0.1) gateway address. All p.c's inside the network are routed to one of the Servers (10.0.0.2 or 10.0.0.4) for DNS/WINS/DHCP addressing. The servers point to 10.0.0.1 for gateway.
We are trying to replace the Watchguard Firebox with a CISCO ASA 5505 (eventually we'd like to implement VPN). When I connect the CISCO ASA, I get no internet passthrough at all.
View 1 Replies
View Related
Dec 16, 2011
I have a Cisco 2600 with IOS 12.3. I need a very basic configuration to allow traffic between two LANs. To test this I cleared the router config to the factory default state and configured my network addresses on the interfaces.
When I connected a PC to each interface I found they could ping each other, I was expecting to have to write ACLs to permit the traffic into the interfaces, thinking that the default behaviour of the router would be to deny access. default bahaviour without any ACLs or other routing configurations?
My config, such as it is, is as follows:
Current configuration : 770 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
[code]....
View 5 Replies
View Related
Aug 5, 2012
I am trying to configure a Cisco 1841 to allow the users to access the internet. This is my first step with ppp. All the rest of the configuration is ok but I don't know how to setup the interfaces Dialer0 and ATM0/0/0.
Need very basic configuration that I can analyze and use on my device?
View 10 Replies
View Related
Apr 22, 2012
I am replacing a cisco linksys router with a 1941w.
I have the 0/0 accepting a DHCP from the ISP then I have 0/1 going to a switch and hosting a dhcp server.
Where I have an issue is:
A) Finding a way to turn on the wireless and make it use the same DHCP as wired and setting up a user name/wep password
B) Turning on the GUI that is supposed to be embedded on this.
C) Finding a way to make the DNS point to the default gateway so that I don't have to set the address everytime we move the box.
Here is my current configuration, and with it I can get onto the wired network and get to the internet.
Current configuration : 4712 bytes
!
! No configuration change since last restart
version 15.1
[Code]...
View 6 Replies
View Related
Jan 1, 2013
First time user of cisco hardware and we just purchased the 4900m catalyst switch. My question is very general. I am simply hoping to network 3 servers together and I do not wish to do any fancy or advanced configuration. Can I simply use the web management interface for network administration and setup? I just downloaded the Catalyst 4500 Series Switch Cisco IOS software configuration guide and they talk about Cisco View network management system, is this my answer or is this what most people use for basic configuration and administration?
View 3 Replies
View Related
Jul 2, 2012
I need to configure a Cisco pix 515e as vpn concentrator. Now the network has 2 Cisco pix in fail over - May I add a new Cisco pix in parallel and redirect the vpn tunnel on it? How do I need to make the configuration in order to work?
View 2 Replies
View Related
Nov 29, 2011
In comparing the 891 (IOS 15.1) firewalling/security features to that of the small business routers, how does one go about setting up the same basic firewall attributes? with the small business line, you have simple "enable/disable: SPI, DOS, Block WAN request, etc..."how do you go about enabling those same simple things in this router, in particular the "Block WAN request"?
View 3 Replies
View Related
Nov 27, 2012
basic configuration for setting up cisco ASA 5510 for NAT and DMZ.
View 9 Replies
View Related
Jan 17, 2013
I've got what is probably a very basic question - but i can't figure it out.I have: Internet (ADSL) -> 2851 (ADSL wic) -> 5520 -> internal LAN (192.168.1.x/24)
The asa has just replaced a Checkpoint firewall.I've set up the ASA to the point where all hosts on the internal LAN have internet access (using a dynamic PAT on that network). This all works well.
The problem i have is i am trying to allow access from the internet to an internal host on a specifc TCP port (as i had done on the Checkpoint) but i'm getting:
Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src outside:111.111.111.11/52135 dst inside:192.168.1.252/5555 denied due to NAT reverse path failure
From what i have read i need to add a NAT exemption for this particular use case - to avoid the dynamic NAT i have setup, but im not sure how to do so.I'm running 9.1 on the ASA, no VPNs yet. Just this basic setup.
View 8 Replies
View Related
Jun 13, 2012
I have an Pix 515E firewall with Pix724-33.bin IOS. I just want to know that does this IOS support SNMPV3 or I will have to upgarde it with some other version.
View 1 Replies
View Related
Jan 16, 2013
Ive got a problem with passing traffic through a Cisco 515e firewall.im trying to telnet to devices on the inside net, 172.16.x.x fom an outside net 10.x.x.x? ive configured a group called infrastructure and added the 10.x.x.x addresses.ive configured acl 101 inbound on the outside interface:
access-list 101 permit tcp object-group INFRASTRUCTURE any eq telnet
theres a route to the inside net:
inside 172.16.0.0 255.255.0.0 172.16.163.1
and theres a translation:
static (inside,outside) 10.4.4.34 10.4.4.34 netmask 255.255.255.255
when i try and connect, using a packet capture I can see traffic from 10.4.4.34 to the inside device 172.x.x.x on the inside interface but i cant see the traffic leave the outside interface ive used the same group infrastructure group before to connect to VM machines on the 172.x.x.x net on RDP and this wrks ok. access-list 101 permit tcp object-group INFRASTRUCTURE object-group VMs eq 3389
View 8 Replies
View Related
Apr 19, 2012
I m trying to set my friewall in my network. The network is very simple. I have my router in 192.168.16.1 255.255.255.0 (mac-address 58-98-35-2a-4c-39) I have my switch in 192.168.16.26 255.255.255.0 (mac-address 00-19-99-5d-1f-43) and i have my firewall ASA between the router and the switch in 192.168.16.250 255.255.255.0 (mac-address 64-9e-f3-ba-28-c9)
So i need to configure 3 interface in my ASA.
- OUTSIE e0/0(I call it INTERNET)
- INSIDE e0/1(I call it LAN)
- MANGEMENT m0/0(I call it MANAGEMENT)
[Code]....
But with this config when I plug the firewall, i dont have access to internet anymore.
View 7 Replies
View Related
Nov 24, 2012
configuring the ASA particulary after the change to how NAT is implemented. What I am trying to accomplish logically seems fairly simple, yet I cannot get it to work. I have a Synology NAS at home that I am trying to reach via the internet. Prior to using my ASA, I had Verizon's FIOS router as my gateway and everything forwarded with no issues. The ports I need forwarded or reachable via the internet are TCP port 80 and 5000.I can also configure it via command line if that's the easier/preferred method.
View 11 Replies
View Related
Mar 16, 2012
I cannot get this to work properly and I've even had a Cisco engineer from TAC set-this up... and it literally broke my inside network. I have a VPN range of addresses..x.x.x.x on the Outside that needs access to a server on the Inside at y.y.y.y. HTTPS/443 connectivity. I need to NAT my VPN subnet/pool in order to talk to the inside host, as that host will not accept traffic from my VPN subnet, but obviously, will accept traffic from Inside my private network.
The Cisco tech entered the following static NAT statement to "fix" the problem - nat (outside,inside) source static VPN Inside-Network destination static Host-y.y.y.y Host-y.y.y.y For whatever reason, whenever this is configured on my ASA 5550 v8.3(2)25 the Inside interface starts proxy arping and assigns all IP addresses on my private network with the MAC address of the Inside interface.
The y.y.y.y is on a remote, routed network within my private, corporate MPLS network. My Inside private network (Inside-network shown in the static NAT above) is x.x.x.x. Not sure why this happens, but it kills my entire network and I have to jump through hoops to quiesce the network and get everything back to normal.I've tried to Dynamic-PAT/hide the VPN range behind the Inside interface through ASDM and that seems to do nothing.The NAT statement above will break my network. How to NAT this connection without killing my Inside network? Or, on how to properly hide my VPN subnet/pool behind my Inside interface and back to the VPN subnet/pool.
View 1 Replies
View Related
May 20, 2013
I have Pix firewall 515e on inside interface its has configured with IP 192.168.0.254.And Global Nating is configured.
global (outside) 1 interface
nat (inside) 1 192.168.0.0 255.255.255.0 0 0
I want i configured Global nating only for only specific IP address E.g 192.168.0.0-192.168.0.30 and 192.168.0.200-192.168.0.254?How i do this?
View 13 Replies
View Related
Oct 6, 2012
I have the following network.2 WAN links termination on my PIX 515e and all internal users connected to third interface.
Problem I am facing is that I have assign manual IP to users with some have full access to Internet while others have limited.
The users are changing their IP address while others are offline and I want to restrict them.
The only way I can think off is by binding IP to MAC as e.g ( Active wall software). But can it be done on PIX 515e and if so how?
View 11 Replies
View Related
May 13, 2012
I have erased the Cisco image from my PIX 515E, and while i tried to load a new image its asking for activation key. I tried its old key. but no use.
View 1 Replies
View Related
