Cisco Firewall :: Pix Firewall 515 Didn't Work
Sep 21, 2012I restarted my pix firewall cisco pix 515 and when i start it again the Act lamp and the firewall didn't work .
View 1 Replies
ADVERTISEMENT
Cisco WAN :: Sr520 Some Website Didn't Work
Jan 12, 2012I have cisco sr520 adsl router i have everything set up and it is ok. Internet work but i can not open some web pages In DNS is not problem NAT work fine. When i try some simple adsl gateway the problem websites work correctly. I think the problem is on sr520 router.
View 5 Replies View RelatedWPN824v2 Fireware Grade Didn't Work
May 7, 2011I upgraded my fireware and now the router don't do anything, I can't even login into it using [URL] which a hard wired connection. How do I get logged into the router to try and put the old version of firmware back on it?
View 4 Replies View RelatedCisco Routers :: SRP526W Didn't Work With A Huawei E372
Aug 17, 2012My SRP526W (running the actual firmware 1.01.27) didn't recognize my new Huawei E372 USB dongle (it's a T-Mobile web'n'walk Stick Business II, already installed the newest firmware 11.203.03.10.55).Using a Huawei E172 or a Huawei E353, both USB dongles works well. But they are slow compared to the E372. I'd really like to use the E372 stick because it's super fast with up to 42Mbps download speed.As I could read in the release notes of the SRP526W, the Huawei E372 should be supported since firmware version 1.01.26.Inside the Huawei E372 you can find the printing "Model: E372u-5", maybe this is a different model which is currently not supported by the SRP526W.
View 0 Replies View RelatedCisco Routers :: Why Didn't Content Filter Still Work In RV042
Jul 25, 2012I want to make a question about RV042. I used RV042 router in my office. I used content filter feature in router.Althought this have not been apply the rules. I think I made wrong rules.I enabled the block enable forbbiden domain .And then added the websites that I want block.However, these websites are still browsing in local computer.
View 4 Replies View RelatedCisco Firewall :: 5520 Identity Based Firewall Doesn't Work Using Citric Published
Jul 26, 2012We are using the newest release of AD Agent (1.0.0.32.1, built 598). The ASA Firewalls 5520 are having the software release 8.4(3)8 installed.When somebody tries to connect thru the Identity based firewalls from a citrix published desktop environment (PDI) the connection is not possible. Checking the ip-of-user mapping on the firewalls (show user-identity ip-of-user USERNAME) mostly doesn't show the mapping of the USERNAME and the PDI the user is logged in. The user-of-ip mapping of the PDIs IP-address shows mostly other users, which then are used to authenticate the acces thru the firewalls.
What is interesting, that on the AD Agent using "adacfg.exe cache list | find /i "USERNAME"" i can't see the PDIs IP-address neither because it is mapped to another user.Is Citrix Published Desktop environment supported to connect thru Identity based Firewalls? How AD Agent, Domain Controllers and Firewalls are working together? On the firewalls with "show user-identity ad-agent we see, the following:
-Authentication Port: udp/1645
-Accounting Port: udp/1646
-ASA Listening Port: udp/3799
Why Cisco does use 1645 and 1646 and not 1812 and 1813?The Listening Port is used for what purpose? we tried the AD Agent modes full- download and on-demand with the same effect.
Cisco :: How To Enable Ftp Traffic Through Firewall At Work
Jun 11, 2012I am trying to enable Ftp traffic through our firewall at work. We have a Cisco 5505 ASA and we cannot access any Ftp servers outside our network. We are running 8.3(2). Any have commands I can run to allow us to connect to ftp sites?
View 6 Replies View RelatedCisco Firewall :: Outside To Inside Not Work ASA5505
May 8, 2013I am very new to Cisco ASA and I am trying many days to implement the design below but still cannot get it done. The situation I am facing is
- a host (e.g. 192.168.5.10) under Inside interface can contact to outside without any problem.
- however a host outside (e.g. in VLAN1 or outside this network) cannot contact host under Inside interface. I am using PING test and always get Request Time Out. [code]
Cisco Firewall :: ASA 5520 With CSC SSM Filter Won't Work
Sep 30, 2012We have Cisco ASA 5520 with csc ssm 10 (product ver. Trend Micro InterScan for Cisco CSC SSM 6.6.1125.0)in Web>Global settings> URL filtering > Rules > Communications and Search> Social Networking category is set to block during work time and allow during leisure time(see the attachement), but rule for this category won't work. I mean social networking sites are always remain allowed.
View 2 Replies View RelatedCisco Firewall :: 5520 - Active FTP Does Not Work
Oct 9, 2011I have an asa 5520 that works fine if you are using passive ftp and ftp inspection is on globally. It is not working for an active ftp session. I tried allowing all ports back to the external ip address of the internal client as a test and this did not work either.
Cisco Adaptive Security Appliance Software Version 8.0(3)
Device Manager Version 6.2(3)
policy-map Global_Policy
[Code].....
I read another article saying that this command needs to be on the asa "fixup protocol ftp 21"
If this is enabled will it show on the firewall? How do I enable it?
Cisco Firewall :: ASA 5510 Telnet To Outside Mx 587 Not Work
Oct 28, 2012I can't telnet from a host(Ubuntu 12.10) in our DMZ to an outside MX on port TCP 587. Inspection for ESMTP not enabled. Port 587 enabled for host in DMZ to any.
View 12 Replies View RelatedCisco Firewall :: ASA 5520 Failover Did Not Work?
Apr 17, 2011I am having ASA 5520 with active/standby configured. Around 2 days ago, the ASA stopped responding & all of my websites stopped working. when i checked the failover status it said that failover is off. I had to manually turn the failover to start my traffic flow.During this time my secondary ASA was not responding. After some time, the primary stopped responding & secondary became active......to solve this i had to make the secondary unit as failover unit primary & the primary unit as failover unit secondary. i did get a log on ASA :-
“(Primary) Disabling Failover” with error message no.105001 which states the below:-
Error Message %PIX|ASA-1-105001: (Primary) Disabling failover.
Explanation In version 7.x and later, this message may indicate the following: failover has been automatically disabled because of a mode mismatch (single or multiple), a license mismatch (encryption or context), or a hardware difference (one unit has an IPS SSM installed, and its peer has a CSC SSM installed).(Primary) can also be listed as (Secondary) for the secondary unit.
Cisco Firewall :: 3750 - How NAT Exempts Will Work
Feb 14, 2012I've been use to managing our ASA's on firmware 8.2, however we have got a couple of ASA's on firmware 8.4 for a new project and the NAT area especially in the ASDM is very different now, I feel like I know nothing. On these new ASA's on 8.4 that will be in active/standy mode I will be creating a sub interfaces off these by attaching a 3750 and I wondered how the NAT exempts will work.
I will have to use exempts as I don't want the source IP to change when going from one interface to another in certain situations and this setup described works well on 8.2, but how can I do this on 8.4 as I don't even see the option for creating NAT exempts, looks like a different world?
Cisco Firewall :: Way To Be Able To Get / Port The Translation From 7080 To Work
Mar 6, 2013I have a server on the inside of my network (with a internet Routable IP). It has been requested to me that people from the internet access port 80, and that is translated at the firewall to port 7080. I have set up a temp Access rule to allow access to 7080 from the outside and it is accessable. I am not sure what I am doing wrong, but I am tion from 80 not able to get the translato 7080 to work.
View 1 Replies View RelatedCisco Firewall :: PIX515 URL Filtering Doesn't Work
Nov 14, 2011I have one outside interface with global IP address 1.1.1.1 and two inside.Both inside interfaces restrict and non_restrict have private IP addresses.I tried to filter some URLs on PIX515 IOS 7.2, only on restrict interface but my filter does not work.I can access prohibited URL from restrict interface. What's wrong in my URL filtering?
Here is my config:
PIX Version 7.2(2)
!
hostname pixfirewall
enable password 8Ry2YjIyt7RRXU24 encrypted
names
[code]....
Cisco Firewall :: Restored ASA 5505 Now VPN Doesn't Work
Jun 3, 2013A couple of weeks ago, one of our ASA 5505s failed, and Cisco TAC shipped out a replacement. I was on vacation, and my assistant worked with TAC to get our backed-up configuration restored to the new hardware. This backup was just a copy & paste of the "show start," rather than an export done from ASDM. Anyway, since I got back on vacation I was able to iron out all the wrinkles from the configuration restore, except one. The remote access VPN isn't quite working. This VPN is only used in emergencies, when I can't access that branch office's network via our WAN.
What's happening is that clients are getting "authentication failed" messages when connecting. On Windows, it's an error 691. The VPN is set to authentication against RADIUS (Microsoft IAS server). The IAS server reports that the connection and authentication is successful. AAA RADIUS authentication tests on the ASA succeed, as do authentication & authorization LDAP tests. Basically, everything was working fine before we swapped in the new hardware, and I've gone over the configuration with a fine-toothed comb to ensure nothing's changed -- but clearly, I'm missing something. The new ASA is otherwise operating perfectly.
Cisco Firewall :: SA520W LAN Port Don't Work Correctly
Nov 20, 2012I have a problems with one SA520W.The LAN port don't work correctly. If i connect PC directly via ethernet cable (i try 2 different cable and 2 different PC) the DHCP don't assign an IP. If i reset to factory default and manual insert IP (192.168.75.1) don't work.
View 2 Replies View RelatedCisco Firewall :: ASA5510 Setup Layout - Does This Work
Apr 9, 2012I am planing to implement an ASA55100 in our network.I've never worked with an ASA5510 device, so i am not quiet sure how to place it correctly.The idea is the following:Current SituationNetwork with wireless access, everybody who's connected to the Wifi can access the resources.SSID = JUFCorp Desired Situation Network with only internet access, separate SSID -> JUFGuest Is this possible with this layout?PS: when i configure the ASA, i couldn't find an option where i can enter a default gateway. Is this supposed to be like this?So right now i can only access the management port when i'm in the same subnet.
View 3 Replies View RelatedCisco Firewall :: Telnet Not Work After Enabling AAA On FWSM 3.2
Oct 7, 2011After enabling AAA FWSM lost opportunity telnet session. FWSM version 3.2(5). In the logs show that resets itself FWSM telnet session.
Conf.,aaa-server TACACS+ (management) host 192.2.151.111
key aaa authentication ssh console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
aaa authentication telnet console TACACS+ LOCAL
[Code] .....
Cisco Firewall :: Making SNMP To Work On ASA5505?
Sep 1, 2011I have a customer with an ASA5505 where it will not reply to SNMP polls from any source, i have followed the configuration guide [URL].at and tested another ASA in our internal network and i have that working fine on our LAN, here is the snmp and logging sections of the show-run on the ASA, it there anything obvious im missing to make the SNMP work on this device?
snmp-server host outside 203.XX.75.122 community XXXX
snmp-server host outside 203.XX.84.196 community XXXX
snmp-server host outside 203.XX.86.82 community XXXX
snmp-server host outside 82.XX.244.3 community XXX
[Code] .....
Cisco Firewall :: ASA 5515 Failover Does Not Work Anymore
Aug 12, 2012I have two ASA 5515 configured as active / standby. I configured the failover and I checked for proper operation. But when I configured access rules and NAT, I realized that the failover does not work anymore: two interfaces, inside and outside, are "Unknow (Waiting)". The other LAN interface and management are "Normal (Monitored)." [code] It is possible that some access rule deny the communication between the two asa?
View 9 Replies View RelatedCisco Firewall :: Does ASA5520 Work With Newest Version Of H.323
Mar 7, 2012Does the ASA5520 work with the newest version of h.323?
View 1 Replies View RelatedCisco Firewall :: Policy NAT Setting Doesn't Work On PIX 6.3(3)
Nov 30, 2012I have a server in a network DMZ (IP 192.168.40.43) need to do discovery of other IP address to update the IPAM tool. It should not be done source NAT so I´m trying to use the configuration below with Policy NAT but isn´t working:
nameif ethernet1 inside security100
nameif ethernet5 dmz8 security55
!
ip address inside 10.56.12.93 255.255.252.0
[Code]....
It´s following message appears "% PIX-3-305005: No translation group found for icmp dmz8 srv: 192.168.40.43 dst inside: 10.38.36.50 (type 13, code 0)".
Cisco Firewall :: ASA 5510 - Can Transparent Mode Use / 30 And Still Work
Oct 9, 2012I have a ASA 5510 that is connected to my ISP and the inside interface that is connected to my router. I have a /30 and need to determine if the configuration of x.x.x.121/30 which is my ISP and also the BVI address on the ASA. The inside router address is x.x.x.122/30 same subnet as my ISP will allow me to pass traffic. Management interface works using a different ip address but not able to get the traffic to pass traffic out to the internet thru the ASA
ISP-------->ASA-------->Router
Bottom Line is that I only have one usable address that is being used by the router and the ISP and ASA are using the other. Will this work?
D-Link DIR-655 :: DHCP / Firewall And Wireless Does Not Work
May 27, 2012My DIR 655 is refusing to act like a router and more like a normal switch. Anything involving the router side of things(DHCP,firewall,wireless, etc) does not work.
Basically when it powers up the blue power light comes on and that's it. If I plug my cable modem into the wan port then this light comes on with nothing else. If I then proceed to plug a cable into Lan 1 I get the address of my cable modem assigned to my computer and all internet access is fine. As opposed to being assigned an address from the router's DHCP. If I plug a cable from another router into any of the lan ports on the DIR 655 then I get assigned addresses from that router's DHCP and all internet access is routed through.
Cisco Firewall :: ASA5525 Can Work Under ASDM7.0 (1) If ASA8.6 (1)2 Installed?
Feb 17, 2013If ASA5525 with ASA8.6(1)2 can be browsed using ASDM7.0(1), as currently i'm running ASDM6.6(1) if it will work, any document how to do the upgrade using GUI screen?
View 8 Replies View RelatedCisco Firewall :: Internet Doesn't Work On ASA 5510 For Backup ISP
Feb 15, 2012I have a ASA 5510. I setup basic configuration to test internet with 2 ISPs. My first line works with out any problem. But my second line doesn't work. Even when i wipe the configuration, and setup only my second isp. Internet doesn't work. Can you tell me if there is anything wrong with this config?
CaaaA01# sh run
: Saved
:
ASA Version 8.3(1)
!
hostname CaaaA01
domain-name example.com
[code].....
Cisco Firewall :: Would A 1GB 5510 Memory Stick Work In A 5520
Sep 19, 2012Are the ASA memory DIMMs created for specific models? Would a 1GB 5510 Memory stick work in a 5520?
View 1 Replies View RelatedCisco Firewall :: L2TP IPsec Doesn't Work On ASA 5510
Dec 21, 2010I'm trying to setup a L2TP VPN Connection on my ASA 5510 to connect with Android/Windows (Native Clients).I'm using the newest Releases:Cisco Adaptive Security Appliance Software Version 8.3(2) Device Manager Version 6.3(5)
My asa config just the interesting part:
crypto ipsec transform-set trans esp-3des esp-sha-hmac crypto ipsec transform-set trans mode transportcrypto ipsec security-association lifetime seconds 28800crypto ipsec security-association lifetime kilobytes 4608000crypto dynamic-map dyno 10 set transform-set transcrypto map vpn 20 ipsec-isakmp dynamic dynocrypto map vpn interface outsidecrypto isakmp enable outsidecrypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400no crypto isakmp nat-traversal
[code]....
If i try to connect with a Windows 7 Client (NOT behind NAT) I get the Error 691.
I see that Phase 1/2 are working with debug:
Dec 22 16:32:16 [IKEv1]: Group = DefaultRAGroup, IP = XXXXXX, PHASE 1 COMPLETED
Dec 22 16:51:25 [IKEv1]: Group = DefaultRAGroup, IP = XXXXXX, PHASE 2 COMPLETED (msgid=00000001)
Then I see this "Error":
Dec 22 16:51:26 [IKEv1]: Group = DefaultRAGroup, IP = XXXXX, Session is being torn down. Reason: L2TP initiated
I don't understand why it doens't work....I tried many templates from the net but nothings works.
Cisco Firewall :: Source Routing Work Around Needed With ASA5515
Jun 10, 2013I am setting up an ASA5515 to replace an existing Linux based firewall. Unfortunately the ASA5515 does not support source based routing.I have two internet connections currently used for specific connections - the second connection is NOT a failover connection.I have the default route to Internet connection 1.I want to route smtp out the second Internet connection.The routers connecting to the internet are a 877 and an 878The options I am considering is a layer 3 switch between the firewall and the routers to enable source based routing or replacing the 2 routers with a single router and the appropriate wic interfaces.
View 2 Replies View RelatedCisco Firewall :: 8.2 (ASA5510) / 8.4(2) (ASA5505) - Why Doesn't Route Map / Set IP Next-hop Work
Jan 2, 2012I need to be able to redirect some HTTP traffic to an Ironport WSA (for now) on a DMZ interface, the initial config I'm trying to test is along the lines of the following (don't have access to the ASA at the moment to cut-and-paste):
access-list 101 deny any any neq www
access-list 101 deny tcp host 10.0.2.2 any
access-list 101 permit tcp any any
route-map proxy-redirect permit 101
match ip address 101
set ip next-hop 10.0.2.2
Unfortunately the ASA does not take the "set ip next-hop" command, I get an invalid input error message and if I at the route map config prompt type "?" only the "metric" and "metric-type" commands are listed as available.
This happens both on 8.2 (ASA5510) and 8.4(2) (ASA5505). Since others are able to make this work, I assume there's something else on the ASA that I have to set to enable this command?
Cisco Firewall :: ASA 5520 / Finding A VPN Client That Could Work With Honeywell PDA?
Aug 30, 2012I got a question a about is there a Cisco VPN client that can be used with Honeywell PDA and Cisco ASA?
* Firewall
Cisco ASA 5520
IOS: asa832-k8.bin
* PDA
Brand: Honeywell
Model: Dolphin 7800
O.S. Windows Embedded Handheld 6.5 Professional
2222 - How To Browse Work Machines (behind Firewall) From Home
Feb 1, 2013From home I would like to browse my intranet at work where I have a Linux box, which I will call "W", i.e. url...My router at home closes port 22 but maps port 2222 to port 22 on my server "S" which resolves to mydomain.org.
My main machine at home, "M", is where I do my work from home. I thought this might work: [code] On M I tell firefox that S:6666 is the proxy for all sites like url...
So far my browser on M cannot find the intranet web sites with this scheme.How do I make this work? What can I use to debug this