Cisco Firewall :: Setup ASA 5505 Access Or NAT Rules To Inside Server / IP Cam

Oct 25, 2012

I'm having trouble setting up the correct rules on an ASA 5505 I'm using in my home office.  I have a couple of IP Cams I need to access remotely.
 
I've tried setting up simple NAT(PAT) and/or Access Rules, but it hasn't worked.  I have a single dynamic IP for the Outside interface.  Call it 77.76.88.10 and I am using PAT.  The CAM is setup to connect on port 80, but could be configured if necessary.  I've tried setting up NAT Rules using ASDM as follows:
 
Match Criteria: Original Packet
Source Intf = outside
Dest Intf = inside

[Code]....

I'm afraid to use CLI only because I am not confident I'll know how to remove changes if I make a mistake.

View 9 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5505 NAT Rules Blocking Inside Traffic

Jan 7, 2012

Previous attempts to set up these NAT rules has been met with minimal success. We have been able to get the NAT rules created, and able to ping our inside servers and receivers from a  different outside network, but every time we get that far our internal network crashes.  Running the Packet Trace utility via the ASDM shows that internal traffic from the servers to  the workstations is being blocked by the default implicit rule under the access rule heading  that states "any to any, service being ip, action= deny". Reverse traffic from the workstations to  the servers is being allowed though. In an effort to start over again, the Cisco ASA has been  Factory Defaulted via the CLI, and has had it's Inside network, and Outside IP address set back up. DHCP pool has been setup for a minimal amount of addresses on the   inside network, since  most of our equipment will always be assigned statics. We reset our static NAT policies, and  seem to be having the same problem. My partner and I have been working on this for some time now, and have ourselves so frustrated that I know we are missing something simple. [code]

View 10 Replies View Related

Cisco Firewall :: Failover ASA 5505 - Setup Second Inside Interface On Firewall?

Feb 19, 2012

I have a Cisco ASA 5505 in our office. We are currently using Interface 0 for outside and 1 for inside. We only have 1 Vlan in our environment. We have two three switches behind the firewall. Today the uplink to Interface 1, to the firewall, on the switch went bad. I want to setup a second inside interface on the firewall and configure it as failover incase this happens again. I want to attach it to the other switch. Can I do this? If so, what do I need to do? would it only be a passive/standby interface?

View 1 Replies View Related

Cisco Firewall :: Configure DHCP Server On Inside Interface ASA 5505

May 9, 2012

We've just started with the ASA 5505. We do run a DHCP server on the inside interface, so it is in the same VLAN 1 as all of the clients. However, we cannot get it to work.We can't use DHCP Relay, as the ASA 5505 only allows to relay to DHCP servers in a different subnet.Or do we have to move the DHCP server to a different subnet. If so, how would we configure that scenario?

View 13 Replies View Related

Firewall Rules To Block All Inbound Internet Access To Web Server Except Port 443

Dec 1, 2012

Setup firewall rules that will block all inbound Internet access to the web server except port 443, Setup firewall rules that will block all communication between the two internal networks, except ports 7000 and 1702

View 1 Replies View Related

Cisco Firewall :: HTTPs Access From DMZ To Inside On ASA 5505

Jan 5, 2012

We have an ASA5505 UL bundel, updated with this license "L-ASA5505-SEC-PL=" to enable traffic from DMZ to Inside. No NAT or rules deployed for that yet.

On the Inside we have Exchange 2007 in a single server installation. The public url for smtp, ActiveSync, OWA and Outlook Anywhere is mail.company.se. There is a static NAT for outside traffic to access above mentioned services on inside. Now, on DMZ there is the WLAN for guests to access the Internet. How ever, our Smart Phones with WLAN turned on, cannot sync to the Exchange Server on the Inside! The DMZ gets IP-addressen from ASA on DMZ Interface with external DNS configured. How can I configure the ASA to achieve the function of ActiveSync from DMZ to Inside with the public URL from the phones?

View 15 Replies View Related

Cisco Firewall :: 5505 Remote VPN Clients Cannot Access Inside LAN

Apr 15, 2012

I have been asked to set up remote access VPN on an ASA 5505 that I previously had no invlovement with.  I have set it up the VPN using the wizard, they way I normally do, but the clients have no access to anything in the inside subnet, not even the inside interface IP address of the ASA.  Thay can ping each other.  The remote access policy below that I am working on is labeled VPNPHONE, address pool 172.16.20.1-10.  I do not need split tunneling to be enabled.  The active WAN interface is the one labeled outside_cable. [code]

View 1 Replies View Related

Cisco Firewall :: ASA 5505 / Cannot Access Internet Or Ping From Inside Interface?

Jul 26, 2011

I am having a problem configuring my ASA 5505 for NAT.

View 3 Replies View Related

Cisco Firewall :: Inside Access Using FQDN To Web Server On DMZ 571

Aug 21, 2011

What I have is 3 interfaces on my PIX.- Outside: 216.116.87.0/24 (security level 0)

- 469: 172.16.6.0 /24 (security level 10)
- 571: 192.168.255.0 /24 (security level 1)
 
My users on 571 need to access a web server on the 469 interface. However, the requirements are that the 571 users can only access the Website using the public FQDN which there is a static NAT from outside to 469. [code] Here is also the Packet-Tracer and it shows what I expect that the traffic is source from 571 and exits 469. However, the users are not able to access the website.[code]

View 4 Replies View Related

Cisco Firewall :: ASA5505 (8.4.2) How To Access Inside SBS-Server On SMTP / RDP

Oct 25, 2011

Using an ASA5505, have 1 static outside address, want to access an inside SBS-Server on SMTP, RDP (3389), HTTPS and port 987
 
Have configured network object nat rules using the asdm, SMTP works (I can telnet to the server on port 25 from outside), however for some reason I can not telnet inside and out on port 25, so outgoing mail does not work. RDP does not seem to work from outside, 987 I havent tested from outside. When I try to create a network object nat rule for https I get this message from the ASA:
 
[OK] object network SBS-HTTPS
 object network SBS-HTTPS
[ERROR] nat (inside,outside) static interface service tcp https https
 NAT unable to reserve ports.

View 5 Replies View Related

Cisco Firewall :: ASA 8.42 Need To Access Https Server On Inside Via Outside Interface

Nov 24, 2011

Configuring an asa 5505 with 8.42 software.I need to access an https server on the inside via the outside interface. have moved the http server enable to port 10443.Tried to make a "network object nat rule"

object network Vejrstation nat (any,outside) static interface service tcp https https object network Vejrstationnat (any,outside) static interface service tcp https https.

View 21 Replies View Related

Cisco Firewall :: 3750 / ASA 5510 - Allow Access To Server On Inside Interface From DMZ?

Feb 28, 2013

My internal network consists of Catalyst 3750 switches segmented into different VLANs.  There is a default route on the layer 3 Catalyst switch sending all unknown traffice to the inside Internet of the ASA 5510.  However, I'd like to have a separate VLAN for wifi guest access and send all of that traffic through one of the DMZ interfaces on the ASA 5510.  I don't think you can have separate default routes based on VLANs on the 3750 switches so my only option is to make the ip address of the DMZ port the default gateway for all hosts on the wifi guest VLAN. 
 
The problem I have is that I have a couple servers behind the inside interface that have services available to the public Internet via a NAT address on the outside interface.  I want the guests on the wifi VLAN to have the ability to access the servers on the inside interface using the public address as well, but have not been able to come up with a solution yet. 
 
Here is my config that pertains to this setup:
 
interface Ethernet0/0description Outside Interfacenameif Outsidesecurity-level 0ip address 76.47.10.x 255.255.255.224 rip send version 1rip receive version 1!interface Ethernet0/1description Inside Interfacenameif Insidesecurity-level 100ip address 192.168.17.1 255.255.255.0 rip send version 1rip receive version 1!interface Ethernet0/3description Wifi Guest Accessnameif DMZ2security-level 50ip address 192.168.60.1 255.255.255.0
 
global (Outside) 1 interface
nat (Inside) 0 access-list nonat
nat (Inside) 1 0.0.0.0 0.0.0.0
nat (DMZ2) 1 0.0.0.0 0.0.0.0
static (Inside,Outside) 76.47.10.x 192.168.17.88 netmask 255.255.255.255
 
I've tried the following commands below but no dice. 

same-security-traffic permit intra-interface
static (inside, inside) 76.47.10.x 192.168.17.88 netmask 255.255.255.255

View 3 Replies View Related

Cisco Firewall :: Unable To Setup VPN Between Windows 2008 Server R2 And ASA 5505?

Sep 9, 2012

I have assigned a task to configure a vpn between windows 2008 server and cisco asa 5505, what kind of vpn should i go with as the windows 2008 server r2 is on cloud and is it possible to configure site-to-site vpn for this network senario or not.. i have try ikev1/ipsec remote access vpn with l2tp with (CHAP, MS-CHAP v2) and couldn't find any document which will allow me to configure windows 2008 server to behave a client and connect it to asa, well what i did is that i configured a dail-up connnect with l2tp and found the following debug message
 
Sep 09 20:04:02 [IKEv1 DEBUG]IP = 172.16.32.5, Oakley proposal is acceptable
Sep 09 20:04:02 [IKEv1 DEBUG]IP = 172.16.32.5, IKE SA Proposal # 1, Transform # 1 acceptable  Matches global IKE entry # 1

[Code].....

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - No Internet Using Static NAT Rules?

Feb 5, 2012

I'm trying to configure a second server on my network but whenever I add the static NAT rule, the internet stops working on that computer.
 
Here's my Cisco ASA configuration:
 
ASA Version 7.2(3)
!
hostname domain

[Code].....

View 16 Replies View Related

Cisco Firewall :: ASA 5505 - Rules And PAT Weird Behavior

Jun 21, 2012

In the last 8 month I have been upgrated at least 6 Cisco ASA 5505 from 8.2(1) to 8.4(3) without problems, I did a minor changes and all related to rules due a problem with the migration.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - NAT Rules Set Up For Simple Port Forwarding

Jan 15, 2013

Here is my environment: DSL Modem - ASA 5505 - switch ,Inside network (192.168.2.0/24)
 
What I have successfully done: 
- Modem online and passing on DHCP requests from the ASA to my ISP (ASA does get an internet address on the outside interface)
- ASA assigning DHCP to internal network
- All internal clients can access the internet.
 
What I am getting stuck on is getting NAT rules set up for simple port forwarding. What I would like: ANY internet address be able to access a server on the inside network address (192.168.2.x) over tcp/22 . I set up what I believe to be the correct NAT rule and Access Rule, but the packet tracer fails. Here is my config.  
 
ASA Version 9.1(1)
hostname xxxxxx
domain-name ugh
enable password xxxxx encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
[code]......

View 6 Replies View Related

Cisco Firewall :: ASA 5505 / Can't Access Web Server

Jul 9, 2012

We have a Cisco ASA 5505. As of yesterday we could no longer access our web server (the web server is hosted off-site). Pinging the DNS address and direct IP (from the firewall and a PC) both return no response. Pinging the IP from the T1 router responds properly, meaning the router can access the web server, but the firewall cannot. Accessing the web server has never been a problem, and no configuration changes have been made to the network/firewall. Other locations can access the web server just fine.

View 1 Replies View Related

Cisco Firewall :: SQL Server Access From DMZ Interface ASA 5505

May 25, 2011

I would like to allow users from network 10.132.23.0/24, 10.132.33.0/24, 10.132.24.0/24 access to our SQL server(192.168.1.7) located on the inside interface(192.168.1.0/24 network) Those networks (10.132.0.0/16) come from the DMZ interface.

View 12 Replies View Related

Cisco Firewall :: 5505 / Asymmetric NAT Rules Matched For Forward And Reverse Flows?

May 6, 2013

I am new to ASA's and have just configured my 5505 out the box with an outside (10.10.1.7) + inside (192.168.1.1) IP & NAT. The ASA has got a default route to another router (default geteway) thats connected to the internet. I have it connected this way so I can play and **** around with the ASA. My problem is when I try and ping a host on the ASA inside network (192.168.1.0/24) from the outside (10.10.1.0/24) I'm getting the following error:  5May 07 201316:38:36305013192.168.1.6Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src outside:10.10.1.22 dst inside:192.168.1.6 (type 8, code 0) denied due to NAT reverse path failure The recommendation from the syslog details is:"When not on the same interface as the host using NAT, use the mapped address instead of the actual address to connect to the host. In addition, enable the inspect command if the application embeds the IP address". Beliw is my config:
 
 interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.1 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address 10.10.1.7 255.255.255.0!boot system disk0:/asa842-k8.binftp mode passiveclock timezone EST -5clock summer-time EDT recurringdns domain-lookup insidedns domain-lookup outsidedns server-group DefaultDNSname-server 10.10.1.1object network obj_anysubnet 0.0.0.0 0.0.0.0object network obj_net_Insidesubnet 192.168.1.0 255.255.255.0object network Outside_globalhost 10.10.1.6access-list outside_access_in extended permit icmp any any echo-replyaccess-list outside_access_in extended permit icmp any any source-quenchaccess-list outside_access_in extended permit icmp any any unreachableaccess-list outside_access_in extended permit icmp any any time-exceededaccess-list

[code]....

View 8 Replies View Related

Cisco Firewall :: 5505 Asymmetric NAT Rules Matched For Forward And Reverse Flows

Nov 11, 2012

Having a problem with a VPN site trying to communicate to a subnet off my ASA 5505. The network is simple, VPN IPSEC remote site is 192.168.6.0/24 and I can ping and access hosts on 192.168.10.0/24 (called InfraNet).  I am now trying to allow communications between 192.168.6.0/24 (called FD_net) to 192.168.9.0/24 (called Inside) [code]

View 2 Replies View Related

Cisco Firewall :: ASA 5505 8.4(2) Allow User To Access Internal Www Server?

Aug 2, 2011

I tried the solution posted at [URL] however it did not work on my ASA5505 8.4(2). I thought that it may be because I only have a single public address so the web server is responding to port forwarding through the one public IP already. looking in ASDM it appears to indicate that a configured access list is blocking the server from responding to the internal hosts.
 
object network Private_IP
host 192.168.1.15
object network Public_IP
host 1.1.1.1
object-group network internal_net

[code]....
 
Can I fix an access list (or something) to make this work or am I wishing for too much with only one public IP? This worked by default on my Netgear firewall.

View 4 Replies View Related

Cisco Firewall :: 5505 Configuring RDP Access To Local Server

Jun 10, 2012

I need configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.I have attempted to configure rdp access but it does not seem to be working for me. How to modify my current configuration to allow this? I need to allow the following IP addresses to have RDP access to my server: [code] The other server shows up as 99.89.69.334 but is working fine.
 
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. My configuration file and what are the commands i need in order to put this through. Also, if there are any bad/conflicting entries. Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course.Also the bolded lines are the modifications I made but that arent working. [code]

View 8 Replies View Related

Cisco VPN :: Allow Remote Access To Windows Server Through ASA (5505) Firewall

Jul 13, 2011

I would like to allow remote access to a windows server through a ASA  (5505) firewall. Users will use the vpn connection in order to connect to a private network. Is there any link  that describes the steps for ASDM?

View 3 Replies View Related

Cisco Firewall :: Access Windows Server From Outside Address With ASA 5505

Oct 6, 2011

I just purchased a domain name, that I have forwarding to my WAN address.  I want to be able to access my home websie via this route.  I have an ASA 5505, how do I get the ASA to point to the home server when the WAN IP address is entered?

View 16 Replies View Related

Cisco Firewall :: 5505 Server Looses Network Access When Vpn Is Active

Sep 27, 2012

When I start a VPN-session my server looses internet access. The server is host for a few virtual machines and they have internet access.using 5505 and asa is version 8.4(2). [code]

View 6 Replies View Related

Cisco Firewall :: 5505 Access Websites Hosted On Local Web Server

May 4, 2013

I have a Cisco ASA 5505 in my home office which has a few PCs behind it with a linux web server running some websites. I can access the websites from outside no problem (i.e. on my iPhone using a 3G connection). However, I struggle to access the websites from within the network. The ASA gives me this error: [code]

View 3 Replies View Related

Cisco Firewall :: ASA 5505 - Can't Reach FTP Site While Inside Firewall?

Feb 26, 2011

I am trying to configure our ASA 5505 so that our users can access our ftp site using [URL] while inside the firewall. Our ftp site is setup so that you can reach it by either browsing to the above url or by browsing to ftp://99.23.119.78 but we are unable to access our ftp site from either route while inside the firewall. We can access our ftp site using the internal ip address of 192.168.1.3.
 
Here is our current confguration:
 
Result of the command: "show running-config"
: Saved:ASA Version 8.2(1) !hostname ciscoasaenable password qVQaNBP31RadYDLM encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.1 255.255.255.0 !interface Vlan2nameif ATTsecurity-level 0pppoe client vpdn group ATTip address pppoe setroute !interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveobject-group service DM_INLINE_TCP_1 tcpport-object eq ftpport-object eq ftp-dataport-object eq wwwaccess-list ATT_access_in extended permit tcp any host 99.23.119.78 object-group DM_INLINE_TCP_1 access-list ATT_access_in extended permit tcp any interface ATT eq ftp access-list ATT_access_in extended permit tcp any interface ATT eq ftp-data access-list ATT_access_in extended permit tcp any interface ATT eq www access-list 100 extended permit tcp any interface ATT eq ftp

[code]....

View 6 Replies View Related

Cisco VPN :: 5505 - AnyConnect Access To Inside IPs

Sep 13, 2011

I'm having problems getting AnyConnect clients to reach a server (192.168.139.3) on the Inside interface of my ASA 5505.  Ideally, this would be accessible from the DfltAccessPolicy or another dedicated policy, but right now I'm happy with any access.  Everything else seems to be working as expected.  I've rebuilt this config a number of times without success.  I can ping the IP from the ASA itself.

View 2 Replies View Related

Cisco Firewall :: 5505 DNS Does Not Resolve Inside DMZ

May 14, 2012

I have a 5505 that currently has inside/outside interfaces and everything is working just fine. I am trying to create a DMZ that will essentially be just for vendors/guests. the DMZ will have full access to the outside (Internet) but no access to the inside. I am using the FW for DHCP, and 8.8.8.8 and 4.2.2.2 for DNS. I currently have 1 laptop in the DMZ vlan, and it is getting a correct IP, and it is showing 8.8.8.8 and 4.2.2.2 in ipconfig. I can ping/tracert 8.8.8.8/ 4.2. 2.2/74.125.137.147(what url... resolved to on a laptop connected to the inside vlan), but I cannot ping nor browse to url.... [code]

View 1 Replies View Related

Cisco Firewall :: Enable SIP From Outside To Inside (ASA 5505)

May 14, 2012

We recently purchases the Cisco ASA 5505 to get familiar with it, possibly buying more appliances for our branch offices. However, since the appliance is installed, our SIP telephones no longer register with our SIP service provider.
 
The SIP phones are all on 10.0.1.0/24 while the SIP provider is external via the outside network. I copied our configuration below. how to enable SIP for all 10.0.1.0/24 hosts and ports 5060, 5160, 5260, 5360?
 
gcxfw# show running-config
: Saved
:
ASA Version 8.4(3)

[Code].....

View 2 Replies View Related

Cisco Firewall :: 5505 DMZ To Inside ASA 8.4 / ASDM 6.4

May 21, 2012

I have a standard ASA 5505 with inside, dmz and outside with the default security levels, 100/50/0. we have an email server inside which has been NATed and is working fine. However users accessing the wireless on the dmz are unable to access their emails on https (443). How do I allow SSL access ONLY to users on the dmz using ASA 8.4 commands or ADSM 6.4?

View 10 Replies View Related

Cisco Firewall :: ASA 5505 Ping Inside To Outside Don't Go

Sep 29, 2012

I have 2 ASA and would like to build a Side-to-Side VPN between these ASA. So I can learn something about configure a ASA for different thinks. But now I don`t can Ping from a Client to the Internet-Router.My Configuration is:
 
Client IP 192.168.1.100 <===> ASA Inside 192.168.1.1 /Outside 192.168.178.254 <===> Router 192.168.178.1
 
Is there something wrong at my config? or do I need inside private Adresses and at the Outside Global IP`s.
 
At the Router I have a Static Route that the 192.168.1.0 / 24 ist to find over Gateway 192.168.178.254

View 2 Replies View Related

Cisco Firewall :: ASA 5505 - Allow (outside) Host To (inside)

May 20, 2011

I have a ASA 5505 Sec Plus. I would like to allow outside hosts to our mail server and also our FTP server. So i would like to allow only SMTP, HTTP (for Outlook Web Access) and FTP.

View 10 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved