I have a customer who is going to host a VOICE services like providing SIP services to its customers. What specific ports required to be opened up for this on ASA 5515X. I would rate it ASAP.
View 3 RepliesI have a Cisco ASA 5505 in my home office which has a few PCs behind it with a linux web server running some websites. I can access the websites from outside no problem (i.e. on my iPhone using a 3G connection). However, I struggle to access the websites from within the network. The ASA gives me this error: [code]
View 3 Replies View RelatedBasically, I have a LAMP server for a small landing page for myself.It was all working fine until I got my new router.Now, I can only access my sites on a LAN.All the ports (3306, 80, 22) are opened and multiple port checkers online says so.I followed some of the basic steps mentioned in this forum such as firewall settings such as:
"Port and Address Restriced"
disabled QoS
Enabled Multicast Stream
enabled DNS Relay
set DHCP range to avoid any IP conflicts
Ive even temporarily removed all firewalls completely to make sure that is not the problem.
Is there a way to associate spare firewall ports with another port that is being used..For example...int gi 0/2 is being used currently for my web dmz. Its ip is 192.168.10.1..Is there a way for me to associate gi 0/3 with the same layer 2 as gi 0/2 ?
In my webdmz I use 2 ACE 4710 proxys in FT mode. I used a layer 2 switch to connect firewall and proxys together.
I would like to eliminate this switch if possible..and connect both 4710's (layer 2) direct to firewall.If I could make gi0/2 - 4 part of the same vlan, then I would be good to go.
I will be implementing a new firewall (cisco asa 5515x) on my existing 3750x (server switches) and my 2960s (user switches). What should I need to apply on my firewall and swtiches to make the implementation successfull. I will put my 3750x as my DMZ and my 2960s as my inside. The 3750x have multiple subnet and also the 2960s.which features and technologies i need to know on those 3 products. my 3750x and 2960s don't have any ACL defined and most common features are vlan, switchport, trunking, spanning-tree, stacking, vtp.how my asa knows that my 3750x/2960s have multiple vlans. my current connection right now on 3750x and 2960s is just through 6 ports i assigned as one trunk, below is my config [code]
my 2960s vlans are almost the same with my 3750x except vlan 160, 170, 192. but of course when i put this in asa, i have to segragate vlan for 3750x (192, 100, 110,160, 170) and 2960s (130, 150). for my 2960s connection to the asa and since this will have big bandwidth, i will use 3 ports on my asa (and trunk it) connecting to my 2960s and i will use 2 ports on my asa (and trunk it) connecting to my 3750x. the one internet ports and my one management ports on my asa will stay like that.
I have a strange issue which happened to me last weekend with two ASA 5515X on version 8.6(1)2. There was a planned power shutdown which only affected the primary firewall. Failover was configured and running successfully. The configuration was also saved after every change made. After power was shut and primary firewall went off the secondary took over like it should but unfortunately all configuration was gone. We immediately powered on the primary again but also this one lost the configuration.
While reconfiguring the firewall we ran into another problem. The devices won't pair although it was the correct configuration. After three times removing and adding the same failover configuration the devices accepted the failover and worked together again.
I went through the bug toolkit and white papers regarding ASA 5515x and this particular version but were not able to find anything.
My customer has a rather complex configuration on an ASA 5510 running version 8.2.
They are migrating to new ASA 5515X models which of course only version support 8.6
How can i convert the configuration from 8.2 to 8.6 since the new ASA's do not support the earlier versions?
The X series seems to be a great option for new deployments but what about replacements of existing older models?
I am in a process of replacing the Cisco ASA 5510 with 7.3 OS with a new Cisco ASA 5515X with 8.6OS. In the existing Cisco ASA 5510, we have configured 'no nat-control' for which the traffic from all sub-interfaces were flowing to the lower security interfaces without any NAT command. Just access-lists were configured. Now how do i acheive the same in the Cisco ASA 5515X with 8.6? I do not find any 'no nat-control' command available for it.
View 3 Replies View RelatedWhat is the maximum number of contexts a pair of 5515Xs in HA mode can support?
I know each 5515X can have a max of 5 contexts, but does that mean in HA mode a pair can support 10 with license pooling?
I'm using ASA 5515X my concern is I was not able to block the traffic of P2P such as BitTorrent etc. I was also view some technotes on how to use webfilter without using Websense or Smartfilter tools and lucky I'm able to block certain websites. how to block the traffic of P2P?
View 2 Replies View RelatedI need to upgrade to firewall which supports Active/Standby configuration.I am currently using a ASA-5510,SSM-20 8.2(5).Will the configuration file from the ASA-5510 work on the 5515X?
View 1 Replies View RelatedI have ASA 5515x and it has already Internet Connection since my firewall is not "production". So right now I'm trying to configure a Remote Session just for a test and eventually I was not able to connect from it. I followed the instructions from technotes but still Remote Connection dropped. Here's my sample configuration on my firewall, btw I also configured a service policy rule and ACL just to make sure if I can able to access the Server inside my network but Session also dropped.
nat (inside,outside) source static 1.1.1.1 2.2.2.1
access-list 110 extended permit tcp host 3.3.3.1 host 2.2.2.1 eq 3389
CiscoASA(config)#class-map rdpmss
[Code].....
I have a misanderstand about management interface configuration in cluster. So I have a cluster asa 5515X with management interface. i Would like to be able to connect to any of the member of my cluster on management interface, so i would like to fix a different ip on management interface on each of my node ip 92 and 91. I think it is the only way to make asa firmware update to access local flash on each node.
my config
interface GigabitEthernet0/1
channel-group 1 mode active
no nameif
[Code].....
Why aren't the fa ports that i assign to a voice vlan showing up when i issue show vlan?
View 2 Replies View Relatedim new to cisco asa and the model is 5515x with license plus. below is my config at home,
ciscoasa#
ciscoasa# sh run
: Saved
[Code]......
I need to know if the cisco ASA next generation specially ASA 5515X support PBR or no ?how to implement it? Also if i have many internet connections and i need to dedicate 2 ISP’s ADSL internet lines to certain service (such as mail) if the 1st fail, so the 2nd line come up to make redundancy with it ----------- Is this available on cisco ASA next generation.
View 1 Replies View RelatedI have a FWSM cluster that I exceeded the maximum number of static nat entries on. i migrated the connectivity off to a pair of PIX 535's that seem to be handling the adderess translation needs. however the number of NAT entries being required is increasing and being the PIX series wal EOL'd several years back..I need to replace them.. The static 1-1 nat entries cannot be summarized into network as the hosts that are being nat'd are scattered all over various micro subnets in the all 3 rfc1918 ipv4 address ranges and they are being manged directly by snmp and SNMP-trap and other services that prohibit the use of many-to-one nat. Is there a mknown maximum number of static 1-1 nat entries that can be defined on the ASA 5515-x, 5525=x and higher ASA firewalls? Say I wanted to be able to grow to 2500 or more static 1-1 nat entries. I am currently running 2010 1-1 static host nats currently.
View 1 Replies View RelatedI have a Cisco 6509 with IOS "s222-ipservicesk9_wan-mz.122-18.SXF16.bin"I need to enable dot1x on user's ports on the switch. each user is connected to the switch through the IP phone.
I just found out that I can not enabled dot1x on trunk port. I have tried to use "switchport voice vlan " but I got:
Switch(config-if)#switchport voice vlan 123
Command rejected: Gi7/20 is Dot1x enabled port.
let me know what should I do to get dot1x working?
Note: I have connected a laptop directly to the port and dot1x is working fine.
We have Cisco ASA 5505 with ASDM 5.2 We have one Proxy server in our Local Lab and pointed to Hosted service(Simple Signal)issue is, When our proxy server send register to hosted server, ASA change private IP and post with outside IP and src port as 1063 every time.
Here is debug log on real time monitoring.
Aug 24 2011 05:21:19 302015 203.xxx.xxx.226 192.168.1.51 Built outbound UDP connection 3774 for outside:203.xxx.xxx.226/5060 (203.xxx.xxx.226/5060) to inside:192.168.1.51/27014 (99.119.161.107/1142)
Aug 24 2011 05:21:19 607001 203.xxx.xxx.226 Pre- allocate SIP Via UDP secondary channel for inside:192.168.1.51/27014 to outside:203.xxx.xxx.226 from REGISTER message
Aug 24 2011 05:21:19 710005 203.xxx.xxx.226 99.xxx.xxx.107 UDP request discarded from 203.xxx.xxx.226/5060 to outside:99.xxx.xxx.107/1063
Here 99.xxx.xxx.107 is Our ASA Outside IP address 203.xxx.xxx.226 is Hosted server IP address. My ASA config is attached.
can some one suggest me will it be recommended to use PIX firewall 525 on Voice ( sip ) network for 5000 CC to 1000 CC calls in signaling mode since our server are using public IP so will i be able to use it without NAT / PAT also will there be any issue of QOS.
View 1 Replies View RelatedI have a Cisco RV042 Wired Router. I've got a static IP and a MS Small Business Server in my Router Network. I have forwarded the essential ports to use the IIS and the Exchange Server of my SBS2011 (HTTPS, HTTP, smtp, rpc). I have also created some access rules for these ports, but I don't have any access on my server services, if the firewall is activated.
Here are my Firewall Access Rules from the RV042 Web Interface:
We have an ASA 5505. 5505 comes with two default vlans 1&2 with each of them marked as inside & outside respectively.My query is , if i do not want to use vlans on 5505 and only want to use the Ethernet ports as pure physical layer 3 ports, is it possible?i.e. i want to assign a layer 3 ip address on eth0/0 and eth0/1 and make them as the inside & outside interfaces rather than vlans. is it possible to do away with vlans in 5505 & will it work otherwise?
View 3 Replies View RelatedOne of techs accidentally connected two access ports from different switches together. Since then, LMS is alerting them as being Link ports down. I tried to default the config and set them to access ports without any success. what I should do in LMS to recognize them as access ports?
View 2 Replies View Relatedhow do I access voice mail
View 1 Replies View RelatedI am currently working on our Cisco voice platform at work.
Our Cisco firewall engineer has left and I have been given the task of looking after the firewalls as our Chief Exec seems to think that Cisco Voice is similar to Cisco ASA firewalls,
Are there any books/videos out that you can recommend to learn the about firewalls quickly.
I have a question regarding firewall configurations. Is it possible to have two interfaces ( for two internet service providers) one for voice and one for data. Can I have two Outside Interfaces that one will apply to a pppoe client group and the other will apply to a static IP? Is this possible and if so What would be the steps on applying this connection? Also to note I have a point to point connection already established for the pppoe. I also have another point to point connection for data, but however I do not know how to apply this to the firewall.
View 3 Replies View RelatedI need to prioritize voice traffic through the ASA
priority-queue outside
tx-ring-limit 200
queue-limit 2000
Do the above values look correct? and why is the priority queue applied to the outside interface and not the inside? (or both). Also is this the part that ensures that the regular traffic does not choke the voice traffic?
class-map voip-class
match dscp ef
policy-map outsidemap
class voip-class
priority
service-policy outsidemap interface outside
Will the global policy remain which this interface policy taking priority?
I bought a WRT54GP2 independently of my ISP/VOIP provider so I could have an all-in-one router. As my provider would not provision the VOIP side I disabled provisioning and set up the voice settings myself and it works perfectly.I was reviewing the VOICE settings side and under the SYSTEM tab there were settings for Administrator Password and User Password. Researching on the Net it seems these should be set to strong passwords which I did but then found trouble moving from the main part of the router configuration to the VOICE tab as I would get a message about a non-admin account not being able to administer the voice side. Via clearing the cache on my browser and restarting the router/browser I managed to get back into the VOICE config tab and immediately removed those two passwords. Seeing the settings under the SYSTEM tab it looked to me that the router was open on the WAN side on port 1880 so I disabled the web server and web server admin options thinking these were only related to the WAN side not the LAN side.
I now find out that I can no longer access the VOICE tab as the router immediately disconnects from the browser.I've tried contacting my ISP/VOIP provider but they seem to be unable to assist and have had no luck with Linksys support either as all they want to do is pass it back to my ISP/VOIP provider saying they are the one to reconfigure it but I'm the person who did the config (and also shot myself in the foot incidentally). If I could only reset the voice side of the router back to factory defaults I would be fine but, unlike the WAG310G, there is no option to do this, just the option to reset the WAN/LAN/Wireless side to factory defaults. I've tried pressing the reset button for 30s and reset via the menu option but neither reset the voice side. Surely there must be some way to do this even if it involves opening the box up and connecting a jumper or something.
We have a client that has a Cisco 1801W Firewall that is setup as a site to site VPN terminating to a Cisco ASA 5505. The tunnel is up and established, I can ping from both sides of the tunnel.
The problem is the clients behind the Cisco ASA (192.168.2.x) cannot reach certain ports behind the Router (192.168.1.x). The main thing we're trying to do is browse via UNC path (ex: \192.168.1.120 from a 192.168.2.x machine).
I got 3389 working after I changed the - ip nat inside source static tcp 192.168.1.120 3389 y.y.x.x 3389 route-map DM_RMAP_1 extendable Modified the command to include the public IP instead of interface FastEthernet0
I believe it has something to do with the way NAT and route-maps are setup currently but I'm not familar enough with them to make the changes. I worked with Cisco to ensure the VPN tunnel was fine and it's something security related on the Router.
Here is the configuration (removed a few lines not necessary. y.y.x.x = WAN IP of Router x.x.y.y = WAN IP of ASA).
Building configuration...
Current configuration : 23648 bytes
!
version 12.4
no service pad
[Code].....
i am using asa5540 with 7.0(8). firewall was configured in transparent mode.
now i am looking for block ip phone communication from site to site and head office. i am using cucm 7.1.2b.
all site was connected through ofc. no nat was using.
I got two offices about 150KM from each other,i need to backup 10 to 20GB / machine,the data ranges from accounts package to doc files etc.i suggested a vpn, then backup from one side to the other and vice versa as this ensures backups are swapped over and are off site.Would you recommend this, or am i better off using a hosted backup service i pay for / GB?
View 8 Replies View RelatedThe SRP547W supports creating both Wifi Voice and Data vlans.Can I configure a Wifi IP Phone to connect to the SRP547W Voice Wifi Vlan and have the SRP associate it with Line 1 (in lieu of a standard phone connected to the Line 1 FXO port - without additional hardware)?
View 1 Replies View RelatedTrying to set-up a priority queue for Voice and Video traffic, below is the current ASA config. The WAN link is 6mb, trying to limit the Internet traffic to 4mb and save 2mb for the PQ, config belowTraffic just isn't hitting the PQ
priority-queue outside
queue-limit 512
tx-ring-limit 200
!
class-map Video
description Video
match dscp af31
[code]....