Cisco Firewall :: Route To Same Interface On ASA 5510?

Sep 14, 2011

I would like to route traffic that are coming in and going out to the same interface on ASA. I am using inside interface with security-level 100.  In this URL, [URL], ASA is able to do that.

View 5 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5510 - Static Route By Interface Or Destination

Sep 21, 2011

Is it possible to assign a static route to an interface and not globally on a ASA 5510 ver 8.3.
  
I have two links between my offices one for Data via a VPN and one for video traffic which is a secure connection with QOS end to end.
  
All interfaces are on the same security level of 100 except Outside which is 0.
  
Office 1 Interfaces ASA 5510
 
 
VLAN  1               vOffice1Data       10.40.1.0/24
VLAN  3               vOffice1Video     10.40.2.0/24
VLAN 5                vInterOffice       10.40.5.0/24     (QOS  connection Between Offices)

[Code]....

At the moment if I try and access data from VLAN 1 to VLAN 4 it gets to the destination ok going through the static route and over the vInterOffice connection but the problem is VLAN 4 returning the traffic. This fails because there is no static route back to VLAN 1. If I create a static route from Office 2 to VLAN 1 then it will route all my data traffic over it as well.

View 2 Replies View Related

Cisco Firewall :: 5510 Trace-route / Antispoofing On Not Default Route

Jun 24, 2011

I've enabled antispoof on all interfaces on asa 5510.If you start a traceroute to a network on the default route, everything works, since replies comes to an interface with route 0.0.0.0/0 defined.If you start a tracer route to a network that is NOT on the default route (let's assume coporate MPLS), you only get response from first carrier router, the other are discarded because of anti spoof violation.
 
I have ICMP inspection and icmp-error inspection enabled.

View 1 Replies View Related

Cisco Firewall :: NAT Route For Remote VPN On ASA 5510

Nov 15, 2011

I have configured a remote access VPN on my Firewall ASA5510. Everything worked fine and I can successfully connect through the VPN. The problem is I cannot ping or connect to any of my internal network resources. I tried to add a new NAT route from outside to my internal servers using the defined pool but due to a new ASA version there are many changed I see in the NAT routes

View 37 Replies View Related

Cisco Firewall :: ASA 5520 - Static Route To Inside Interface

Mar 29, 2011

I have inherited an ASA 5520.  In doing some auditing of the setup, I have noticed a Static Route that has the inside interface of the ASA as the Gateway IP.  I am trying to understand the purpose of this route or why a route would be setup this way.

Example Static Route:
Inside 10.xx.31.0 255.255.255.0 10.xx.xx.10 (10.xx.xx.10 is the inside interface of ASA)

View 2 Replies View Related

Cisco Firewall :: Trace Route Between Two ASA 5505 And 5510

Oct 15, 2012

We have a ASA 5505 and a 5510, that we are using site to site.I need to traceroute from the 5505-5510.. From the outside interfaces.. Don't want to do this through the site-to-site.I have temporarily added a few acl on the outside interfaces.when i traceroute it only goes one hop.. Maybe thats the way it suppose to be? I need to know all the hops between the outside interfaces on the 5505 to the outside interface on the 5510.

View 12 Replies View Related

Cisco Firewall :: Slow Intervlan Routing On Asa 5510 Route

Jul 21, 2011

In the restructuration of my company network we install due ASA 5510 in failover for the management of internal network and DMZ. We configure the ASA in routed mode, we create the sub interface for server, client and dmz subnet and we connect the firewall ti the network. Everything works very good except the intervlan routin. If i try to send or receive a file in every protocol, ftp, http, smb o if i try to conne with rdp or vns to an host in a different vlan the connection goes very very slow. I particular a ftp connection between two host goes ti 15kb/s. I check all cable and port for some error on duplex ro speed, end all the uplink are 1gb and the single client connection 100Mb. I know that the main purpose of the ASA is not doing routing stuff but this behavior is very strange.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Multiple Static Route Tracking

May 15, 2013

I am trying to set up my ASA5510 the fail over of ISP when it can't ping three different IP. I create three different tracking to three different IP using sla monitor & track rtr. But when I do

   route isp2  0 0  yy.yy.yy.yy  50
   route isp1  0 0  xx.xx.xx.xx  31  track 1
   route isp1  0 0  xx.xx.xx.xx  32  track 2
   route isp1  0 0  xx.xx.xx.xx  33  track 3

the last route will replace the previous two and only the last route command takes effect.Is there anyway I can set up the fail over to ISP2 only when it can't ping three different IP from ISP1?

View 1 Replies View Related

Cisco Firewall :: 2800 Routers / ASA 5510 Cannot Ping Via Route Inside?

Mar 3, 2013

I recently added a business cable modem to relieve some of the congestion I was getting on my T1 for our MPLS network.  There was an ASA 5510 collecting dust in a closet here and I thought it would be the perfect device for firewalling the traffic coming in from the Cable modem, and handling the routing of our internal MPLS traffic as well.  Internet setup was cake.  The test laptop I have using the ASA as it's gateway has great internet service but it cannot ping across either of our MPLS networks.  I have one MPLS with AT&T and one MPLS with EarthLink.  My hope was to use the cable modem as the Default route for all unspecified internet traffic and route our internal MPLS traffic to the cisco 2800 routers that are currently in place for the MPLS.  I can ping across the MPLS when I telnet to the ASA, but I cannot ping across the MPLS from the client that is connected to the ASA.
 
Here's the topology I'm working with
 
Internet
|
Cable Modem
|
ASA 5510 10.52.120.23

[Code].....

View 8 Replies View Related

Cisco Firewall :: ASA 5510 Static To Indirect Subnet / Return Traffic Without Default Route NAT?

Aug 12, 2012

I am having touble with a NAT concept. What I have is a 3rd party software VPN product that basically tunnels encapsulated traffic to/from a server sitting inside the network. Right now this traffic utiluizes a physical interface on the ASA5510, but I need the interface for another project.
 
 What I have is this:  
 
Internet<----->ASA<-->router<-->4507(layer3)
|                           |
|                           |-Vlan1

[Code]......

View 1 Replies View Related

Cisco Firewall :: Unable To See Interface On ASA 5510 Firewall?

Jul 29, 2012

I am unable to see 4th interface on my firewall i.e fastether0/3 on my firewall ASA 5510.
 
Below is the output.
ciscoasa# sh int ip br Interface                  IP-Address      OK? Method Status                Protocol Ethernet0/0                x.x.x.x           YES CONFIG up                    up Ethernet0/1                x.x.x.x           YES CONFIG up                    up Ethernet0/2                unassigned      YES unset  administratively down down Internal-Control0/0        127.0.1.1       YES unset  up                    up Internal-Data0/0           unassigned      YES unset  up                    up Management0/0              192.168.1.1     YES CONFIG up                    up

View 8 Replies View Related

Cisco Firewall :: ASA 5510 - VPN From DMZ To Outside Interface

Mar 20, 2011

Have an ASA 5510. Setting up a new DMZ zone for wireless and it will only have Internet access. What are the steps so that users on this new DMZ subnet can VPN into the Outside interface on the same ASA?

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Web Interface And SSL VPN Pass Through?

Mar 1, 2011

I have a trouble with Cisco ASA 5510. I configured an SSL VPN with bookmarks to some application. When the users make access to the Web Portal they have to login twice: one for enter in the SSL and one for enter in the application.
 
How to bypass double authentication?

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Routing Between Interface

Mar 26, 2013

I attached the complete config. The earlier discussion, I cannot select reply. Looks like ACL is denying it. But I am not sure which one or how to permit it.
 
sh run
: Saved
:
ASA Version 8.0(4)

[Code].....

View 7 Replies View Related

Cisco Firewall :: SSH Access On Outside Interface On ASA 5510?

Oct 5, 2012

I need the ssh access on my ASA outside interface and have added
 
ssh ipremoved 255.255.255.255 outside access-list acl_outside extended permit tcp host ipremoved any eq 22 but this is the log i get from ASA
 
Oct 06 2012 16:10:04: %ASA-3-710003: TCP access denied by ACL from ipremoved/39884 to outside:ipremoved/22
 
Cisco Adaptive Security Appliance Software Version 8.2(5) Device Manager Version 6.4(5)

View 7 Replies View Related

Cisco Firewall :: ASA 5510 - Routing Between Interface

Mar 26, 2013

I have a WAN interface and 2 LAN interface. I need both the LAN be able to access a server outside the network via the WAN (outside) interface. I am using a ASA 5510 firewall instead of a router, because I don't have a router. It looks simple enough but it does not work. I ping from the a PC (172.16.22.8) connected to LAN (inside) Network to 10.10.10.1 which is the WAN local interface also did not work. But from the ASA Firewall, I could ping my LAN (inside) PC. I followed a config i get from this forum. However, it did not work. Below my config.

interface Ethernet0/0
nameif outside
security-level 0

[Code]....

View 5 Replies View Related

Cisco Firewall :: ASA 5510 Interface Throughput?

Feb 4, 2013

I'm not clear about the capabilities of the ASA 5510 GigE interfaces (eth0/0 and eth0/1) with an without IPSEC tunnels enabled.
 
This page [URL] shows a figure of 170Mbps 'Maximum 3DES/AES VPN Throughput'. Does that mean per IPSEC tunnel or for the whole interface if it is IPSEC-enabled?

View 3 Replies View Related

Cisco Firewall :: ASA 5510 - Management Interface

Feb 13, 2012

I am having issues with the ASA 5510 management interface. I can't communicate with this interface. It is showing DOWN/DWON even if I type NO SHUT several times.
 
My existing config is as follows 
our-asa-01# sh run
Saved
ASA Version 7.2(5)
hostname our-asa-01
names
dns-guard
interface Ethernet0/0
[code]....

View 5 Replies View Related

Cisco Firewall :: ASA 5510 - Terminate Second ISP Link On One Of DMZ Interface?

Jun 20, 2011

On our ASA 5510 we already have one ISP link terminated on outside interface. There is correspoinding nat and global configured for outbound access to internet.
 
Now we need to terminate second ISP link on one of the DMZ interface to have redundancy for the primary ISP. 
 
When primary ISP link or router is down we need to send all the traffic to secondary ISP router.  How do we configure NAT and global for this condition that only when primary is down then only this NAT -Global should be used.  Do we have anything like object tracking associated with the NAT-global.
 
So that as long as Primary  RTR - object is up ASA will use the first NAT-Global pair. When primary ISP is down RTR-Object is not reachable then ASA will perform the second NAT-Global operation.
 
Also can we have default route pointing to Outside interface (primary ISP router) and in case of primary router failure it will point to secondary ISP. Do we have "track"  in the static route commands on ASA.

View 2 Replies View Related

Cisco Firewall :: ASA 5510 Cannot Create A Interface VLAN

Mar 23, 2013

May I know the reason why we cannot create interface vlan on Cisco ASA 5510?

View 2 Replies View Related

Cisco Firewall :: ASA 5510 Ftp Traffic Passing On 1 Interface But Not Another?

Dec 20, 2011

FTP traffic routed from outside to the inside interface works fine.  I have another interface with multiple sub-interfaces and vlans configured.  FTP traffic routed from the outside to vlan2_servers is not making it through the firewall.  I must be missing something.  I have attached my config.

View 4 Replies View Related

Cisco Firewall :: ASA 5510 Same Vlan On Multiple Interface

Jan 13, 2013

Whether it is possible to have same vlan on multiple interface on ASA 5510 and higher models ?

View 2 Replies View Related

Cisco Firewall :: 5510 Http Connection On LAN Interface

May 26, 2011

I am replacing an old Fw with a New ASA 5510 and I have a problem with a TCP Connection on My LAN InterfaceI joined a picture of what I want to do. [code] From the PC,I can Ping the Video Camera But I can't connect to it with HTTP.I don't understand, Packet Tracert allow the Http packet too. [code]

View 7 Replies View Related

Cisco Firewall :: ASA 5510 High Traffic On Outside Interface

Jul 31, 2012

I have little experience with firewalls, what I've learned has been by dealing with issues like this that arise from time to time.I know, I need to upgrade the version. It's in the works now. Anyways, my question/problem is: Today I've received reports of slow internet access/activity and have noticed myself that it seems a bit slow today.  On the dashboard of our asa 5510 the "outside interface" traffic usage is running contstantly high. It's at the top of the graph. How can I tell what is causing the spike in utilization. It usually runs at about 1500-2000 Kbps, and now it's up over 10,000.

View 2 Replies View Related

Cisco Firewall :: Can No Longer Use ASDM Or SSH To Interface With 5510

Oct 25, 2012

I copied a Cisco 5510 startup-config to an identical Cisco 5510.After copying through tftp, I executed a reload.  Everything looks good. Line by line  compare results are the same.The problem is I can no longer use ASDM or ssh to interface with Cisco 5510.

View 25 Replies View Related

Cisco Firewall :: Can't Ping ASA 5510 Inside Interface

Apr 13, 2013

I  ran into a very strange icmp ping issue. The network has been working fine other than the issue listed below, L2L VPN works fine and all three data centers can access each other via L2L VPN.I have three ASA5510. [code]

View 5 Replies View Related

Cisco Firewall :: ASA 5510 - Two External Subnets On The Same Interface

Oct 21, 2012

I have two ASA 5510 in an active-standby cluster, not that I think that the fact that they are clustered will be of any importance here so feel free to think of it as a single 5510. The internet connection is delivered in a single RJ45 connection. To be able to use it with the cluster there is a simple unmanaged switch connected between the ISP and the ASA's. I have two subnets with public addresses, for simplicity lets call them 1.1.1.0/24 and 2.2.2.0/24. Default routers are 1.1.1.1 and 2.2.2.1 respectively.
 
Can I somehow use both these subnets in the ASA's? Im currently using the first subnet and use PAT to direct traffic to internal servers. But if I want to use adresses from the second subnet wont that mess up the routing, since there is no way I can specify the default router for the second subnet? I have as of yet not tried anything, Im just trying to plan ahead and I cant seem to wrap my head around how this could possibly be done.

View 5 Replies View Related

Cisco Firewall :: ASA 5510 - Can't Move Traffic From DMZ To Outside Interface

Jan 16, 2012

I can't move traffic (isakmp udp_port: 500 & ipsec nat traverse udp_port: 4500) from my dmz to the  outside interface

View 1 Replies View Related

Cisco Firewall :: ASA 5510 / How To Verify That RPF Disabled On Particular Interface

Feb 24, 2011

I have disabled Unicast RPF on a Cisco ASA 5510 for one specific interface. However, how do I verify that RPF indeed has been disabled on that particular interface? It doesn't show up in the config, neither does it up when I issue the command "sh int interface'.
 
To disable the RPF feature, I issued the following command: no ip verify reverse-path interface interface_name

View 1 Replies View Related

Cisco Firewall :: ASA 5510 With Inside Interface And DMZ Not Working

Feb 5, 2012

i have here a ASA 5510 sec k9.
 
I build a Config with a DMZ,INSIDE and OUTSIDE Interface. My Plan is to use the IP-Address of the OUTSIDE Interface with PORT to setup a HTTP Server In the DMZ
 
But my Config doesn't work. And I have no Plan why .....
 
The Inside Interface have to work normal. The Traffic to the Internet is TRiggert from Inside with Dynamic PAT
 
ciscoasa(config)# exit 
ciscoasa# show run
: Saved
:
ASA Version 8.4(1)

[Code].....

View 2 Replies View Related

Cisco Firewall :: IPSec Tunnel On Sub-interface On ASA 5510?

Jun 11, 2012

I working on a security solution using ASA firewall. Is it possible to setup a IPSec tunnels  on each subinterface of a physical interface on ASA 5510?

View 3 Replies View Related

Cisco Firewall :: ASA 5510 Redundant Interface Configuration

Aug 14, 2012

I have configured redundant interface on ASA 5510
 
interface Redundant1
description *** INSIDES NETWORK ***
member-interface Ethernet0/1 (This is a 1000Mbps Port)
member-interface Ethernet0/2 (This one is 100Mbps)
no nameif
no security-level
no ip address
[code].... 

Then... i issue following command and its OK!
 
ASA5510# show interface redundant 1 detail
Interface Redundant1 "", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
[code]...
 
It's transfer correctly then i no shut and back to normal Primary core switch Gi0/30 Interface again, BUT  redundant interface no revert back. I issued this command again BW remain 100Mbps.

ASA5510# show interface redundant 1 detail
Interface Redundant1 "", is up, line protocol is up
Hardware is i82546GB rev03, BW 100 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
[ code]....
 
I did manually shut down and no shut the secondary core switch interface Gi0/30 Its changed correctly to 1000Mbps .

View 1 Replies View Related

Cisco Firewall :: Cannot Ssh Or Ping ASA 5510 From Inside Interface

Apr 4, 2012

The ASA is configured in very simple transparent mode. As desired, traffic can flow in each direction between inside and outside. I can manage the ASA via console and direct connection to the management interface. The problem is that I cannot ping or ssh to the ASA via the inside interface. I need to be able to manage the ASA from any PC on the inside LAN. I suspect I am missing some easy aspect of the configuration but after a lot of hours I'm about at the end of my patience with it. Here is what I believe to be the relevant parts of the config. 
 
ASA Version 8.2(1)
!
firewall transparent
hostname issr1
enable password 2alej83t5cqT0FWd encrypted
passwd 4kleUY438I93.4ljdh encrypted
names

[code]....

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved