Since we upgraded our ASA from 8.3 to 8.4(4), VPN users cannot access resources. This worked fine until the appliances were upgraded. We get the message:
[code]....
I have recently deployed a Cisco ASA 5510 Security plus firewall on my companies network, but there is a problem that I am finding hard to get by and I think it is ASA related.
From (inside we are not able to hit any of our sites that are on the (outside). I have nat policies in place to translate the public to private, but I think I that I need some thing more. This seems to be occuring mainly with our external web sites as well as another animoly with regards to FTP (but it may be fixed if the http issue is resolved.)
I was hoping some with a lot more knowledge on ASA firewalls than my self can spot the error in my run-cfgs.
[code]....
I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
[Code]......
I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.
When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.
The ASA5505 configuration is shown below.
hostname Firewall
interface Ethernet0/0
description Connected To Internet Router
switchport access vlan 10
[Code].....
I just configure an ASA 5520, here is the config (the ip address of outside network if going to change from private direccion by reason security).
The problem that I have is the users can access to the web site through the public´s ip address but they do not can access through by name. We review all the config on the server DNS and with the command NSLOOKUP we can see that work fine. The client think that the asa is blocked the connnection.
[code]....
I configured one ASA 5510 firewall with CSC-SSM-10 in one of my customer location.
Here i want configure my firewall to send email alerts to particular mail ID, if anybody any access my network from outside( Like VPN users).
Pix 515e 6.3.4..A web server on our DMZ is exposed for external access.There is an "A" record (webserver.yyy) on a public DNS for this public IP.This works fine for external users. url..Now I have been asked to allowed our LAN user to access the same link and I CANNOT CREATE AN INTERNAL DNS RECORD TO TAKE CARE OF THIS, which means when our internal users access that link, the request goes out of OUTSIDE interface with a NAT overloaded address(111.111.111.2) that is in the same subnet as the URL is trying to resolve. Once it knows the IP address thru DNS resolution tries to comes back in thru the same Interface(OUTSIDE) to hit the web server in the DMZ and is not able to.
1- Where does the request from an internal user to hit url is dropped?
2- what can be done to allow this type of connectivity in the PIX 515e device?
How to designate access-list for the remote access vpn users in order to let them access specific subnet or host,asa 5510 and acs is in the picture
View 9 Replies View RelatedI have an auditor wanting a screenshot of all users that have acces to configure our firewall, I am unfamiliar with 5.1. Is there a way of running such a report on a paticular device?
View 1 Replies View RelatedI have a issue that i am at a loss as how to solve it. I have an ASA 5505 as my firewall. I have users from other companies who visit from time to time and are unable to use their outlook email to send messages. They can however receive messages without a problem. I also have a situation where users who use windows live to access gmail are unable to send messages.
I have narrowed it down to the fact that these uses are using ssl/tls to send the mails. I did some research and found out about the inspect esmtp setting in the ASA. I have disabled it and i still have to problem. I have also removed all outbound deny statements and still no luck.
Of note is that i can send emails without attachments. They take a long time to go out ( from minutes to hours) but eventually they do. Emails with attachments of even 10k do not go at all.
I was running image 8.2.3 and i downgraded to 8.0.5...still did not work...i upgraded to 8.4.3...still did not work. I am now back at 8.2.3.
My Firewall config is attached. I am at my wits end as to what else to try. The company has not renewed support for the device so i am on my own here!
I have a Cisco 881 and I want to use Easy VPN.
-VLAN 1: 192.168.4.0
-WAN: 10.0.0.0
-VPN: 192.168.8.0
VPN connects and I get an IP of 192.168.8.100 from my pool. I can ping my cisco at VLAN1 (192.168.4.1), but I cannot access my local resources. I guess I miss a NAT configuration.
The Linksys is connected to a cable modem and a Dell Vostro system, the Netgear is connected via Cat 5 to the Linksys and the Linksys is the DHCP provider to the Netgear.The Vostro shares hard drives, folders and printers to the networkBoth have wireless and wired users.They are each DHCP providers to their users.How must I configure each to provide users on both routers access to all network resources
View 2 Replies View RelatedI've set up a VPN using a fortigate 50b wifi and forticlient ipsec VPN. when I log into my office from home, I cant see anything on my network at all. I can however remote desktop into other PC's and can access stuff that way. I was under the assumption that ... one a VPN connection is made in the LAN you should be able to see other pcs and servers in the workgroup. Is this not the case or do i need to configure something?
View 2 Replies View RelatedI have an RV042 with the PPTP server configured, which is working because I can connect with my iPad and droid phones, however, I'm unable to access resources on the RV042 side (192.168.1.X) when my local network is the same ip scheme (192.168.1.x). It works fine when I'm on a different network like 3G or someone else's Wifi network (192.168.11.X).
View 1 Replies View RelatedI have 3 networks coming from the DMZ (VPN) and only one works:10.132.24.0/24 Not working10.132.25.0/24 Not working10.132.26.0/24 Working The thing is, the one that works is on the same network as the DMZ(VPN) interface. The other two do authenticate and they get an IP from the VPN Pool. but they just cant access anything.
View 11 Replies View RelatedI am connected with qvpn, I can log in to the router bios remotely, but when I try to map the network drive from my remote location it does not work.I can detect the machine on the network, but it will not go further and tells me that "said IP was found but could not locate G". Does this mean it is behind a firewall on server side and that I need to create a rule to allow the incoming traffic? Or could it be something else.
View 1 Replies View RelatedI'm working on setting up a couple of new WAN sites with 256K frame relay circuits back to our main building. Each new site has a new PVC, and both are pointing back to a PVC on a T1 at the main building. The main site has a 2801 with a single CSU/DSU WIC, and each new site has a 1841 with a 3560 connected to fa0/1. At both sites, I'm able to get the circuit up, and the serial interfaces at both new sites show up/up, and the subinterfaces at the main site also show up/up for both sites. Routing is being done by EIGRP, and both sites are able to establish the 2801 as an EIGRP neighbor, and I'm able to ping/tracert anywhere on our network by name or IP, so routing and DNS appear to be working. I can also ping both new routers from the main site. However, that's about all I can do. I'm not able to access any resources on our network (email/shares/internet/intranet/etc) from the two new sites. I can ping the new routers/switches from the main site, but can't ssh to them. I can ssh to them locally. There are no firewalls in the equation, and I don't think there are any ACL's in the picture either.
Can ping and tracert just fine anywhere on our network (from both the 1841, a PC plugged into the 3560, or a PC plugged directly into the fa0/1 port on the 1841), including out to the internet, by name or ip.Can ssh to local router, but not to anything that isn't localDNS is workingDHCP not working using ip helper pointing to DHCP scope on server at main site, have to use static IPCan't rdp to anythingCan't get emailCan't browse windows sharesCan't get to any websites, external or intranet. IE says "Website found, waiting for reply..." but eventually times out.
I did some testing for communication over certain port numbers using telnet and nmap, and found the following:
Can telnet to url.. and local intranet webserver on port 80 (http)Can telnet to two of our Exchange Servers on port 25 (SMTP)If I run an nmap scan on url...com, or our intranet webserver, it confirms that 80 and 443 are open, but the pages will not load. I am able to telnet (port 23) to a state mainframe via the internet that some of our employees use, and I do get the expected login screen. I tried erasing the config one of the new routers, and just added back the bare minimum config to get the circuits up (serial/ethernet interface configs, eigrp), but saw the same symptoms.
One other thing to note: the 2801 at the main site has three other frame relay sites connected to it on the same WIC as the new sites, all of which are working fine.
I just don't understand why I can ping everywhere I need to be able to ping, and port scans show that communication is open over needed ports, but the applications don't work.
I am having an issue with my Cisco VPN Client. I am new to VPN setup, so this is probably something easy I am missing. I have a 2611XM router acting as my internet gateway for my local lan, and my VPN Server. I am doing all my testing from a company laptop with a mobile broadband card. The VPN will connect, but anytime I ping anything within the inside network, it comes back with the public IP of the outside interface. I have NAT overload configured so everything on the inside network can access the internet, which it looks like might be causing my problem.
When i remove the nat overload on my fa0/1 interface, the vpn will connect to any resource on the inside.
I am getting to many teardown tcp connection for outside interface.
i want to block this ip using CISCO IPS or using A access-list in ASA 5520 .
I have two places that I work out of. One is in Romania and one in Bulgaria. In Romania, I have a small office/home network set up. It has at least 8 computers (including the three that I have with me currently - some wireless and some towers) and a couple of android phones and Ipods. I have no trouble accessing any of the computers shared folders or them accessing mine. There are a varity of operating systems used there from XP, Windows 7 and Mac.Everything works great. All the computers can access each other shared resources. All the computers are set to get IP automatically from my DLink DIR - 600 router. I have brought my three computers to Bulgaria (tower and two laptops). They are all set the same- no changes in settings. However, in Bulgaria, All three computers CAN access the internet but NOT each other.
[code]...
I know this *should* be simple but having a devil of a time getting it to work.
I have 2 routers. Both have a static ip. Each is setup for a different private subnet. At the moment they are not connected to each other. Consider this setup (made up numbers obviously):
RV016
has 13 lan ports, 2 internet ports, 1 dmz port
Internet port: 10.10.10.10
[Code].....
I'd like clients on the rv082 lan to be able to access the printer on the rv016 lan, and use the rv016 as an alternate internet connection (optional). I would prefer the rv016 client not be able to access the rv082.
2504 contrller with 1042N ap's. NPS and group policy (for computers) is setup. Certificates are setup.Logging on as a domain user I can connect to the wireless network but am only getting Internet access. I can not access any domain resources.DHCP is handled by a domain controller. I can ping servers and printers, but cannot access them. Can't map a drive, add a printer or access services on the network.
View 1 Replies View RelatedI want to use Cisco VPN Client to VPN to my SA520 to manage a UC320W. I can establish a VPN connection to the SA and ping both the SA and a switch that I have on the network, but I cannot ping my UC. I've set up firewall rules to allow ANY-ANY access from LAN-WAN, and a WAN-LAN rule to allow a certain range of IP addresses (the IP addresses assigned from the VPN DHCP pool, in this case, 192.168.12.x) access to the UC.
My SA IP address is 192.168.75.1 and my UC is 192.168.75.2 (I can ping both when I am directly connected to a LAN port on either equipment).
I managed to set up an ipsec vpn between the RV 120W (responder) and Shrewsoft vpn client.The virtual ip and dns for the client pc are manually set. The tunnel is enabled, but I see no traffic between the local and the remote LAN.I can't ping or reach any pc behind the router.Using the command ipconfig /all on the client pc, I see that no gateway is assigned to the virtual vpn interface.So it seems that the RV 102W is unable to pass to the client the address of the default gateway for the lan, and I think this is why I can't access any resource.
View 4 Replies View RelatedI have an RV042 with the PPTP server configured, which is working because I can connect with my iPad and droid phones, however, I'm unable to access resources on the RV042 side (192.168.1.X) when my local network is the same ip scheme (192.168.1.x). It works fine when I'm on a different network like 3G or someone else's Wifi network (192.168.11.X).
View 1 Replies View RelatedI was wondering if i can create (a) bookmark(s) of resources which are located behind a particular Site-to-Site VPN?We are using a Cisco ASA 5510 (9.0.2) with SSL VPN configured. The tunnel is up but when i try the bookmark, i get the error "server unavailable".
View 2 Replies View RelatedI have setup a VPN connection on a 891 router. I can connect to the VP both but am unable to ping or access any resources on the remote network.
Here is my running configuration:
[code]...
I have easy vpn on my PIX 515e and working normally everywhere, except when my users go FRANCE, the vpn client connect, but, can't ping or access any inside network resources. when same user try any where here in EGYPT, it works normally.
View 2 Replies View RelatedI have a couple of users who randomly can't get access to any resources. The port they connect to doesn't have port security, the have an IP phone and PC. IP phone is fine since it's always on the same port. There PC get's an IP from DHCP (DHCP is on a windows server) but they can't ping any devices nor can I ping the PC from the switch. I checked if there were any mac access filters applied on the switch (and there aren't any). The log doesn't show any events on the ports in question so I don't know if the switch is going or there is a config issue some. Doesn't happen to all users, just 1 or 2.v
View 11 Replies View RelatedI have VPDN running on our Cisco 1921 router running 15.2(1)T. Previously I was using Cisco 2801 router running 12.4(24)T4. I copied the config from the 2801 to the new 1921 router before replacing the router but now the VPDN isn't working.
Basically the users can connect and authenticate to the VPDN, but once they get the IP 192.168.12.10-20 IP, they can't access the internal servers (i.e. 192.168.12.120).
Is there any bug in the 15.2(1)T relating to VPDN?
Here's the VPDN section of the config:
vpdn-group TESTVPDN
! Default PPTP VPDN group
accept-dialin
[Code].....
So here is my issue. I have two sites, each with a Linksys RV042 on thier site.
Site 1:
External: 142.142.142.142
Internal: 192.168.25.0/24
Site 2:
External: 143.143.143.143
Internal: 192.168.26.0/24
We have setup a site-to-site VPN between these sites, and all traffic is running back and forth without isse.
At Site 1 we have configured the Client VPN for use with the QuickVPN software. Again, for site 1, this is not an issue. We are able to access all internal resources at Site 1 without issue (expect for some DNS related problems).
The problem that we have is attempting to access Site 2 resources via the QuickVPN connection at Site 1. Even though they are not suppose to exist, we are able to ping 192.168.26.1-6 (which are ghost addresses likely created by the RV042's) but no actual systems on at Site 2.
I have added the Client VPN connection at Site 2, but it has the same problem accessing resources at Site 1.
We have a two separate businesses in the same building who will both need access to shared resources and the same internet connection. They will need to remain on separate subnets and cannot communicate directly to each other. The current switch is a Cisco ESW-520-48P and we are looking at purchasing an SG-300-20P for the new business moving in. Heres how we envisage setting it up:
ESW-520 will host Company A's network. Workstations, servers etcSG-300 will have two VLANS. VLAN1 will host all Company B's network. Workstations, servers etc. VLAN2 will host the shared resources such as printers. The internet gateway is a UNIX based system with 3 NICS. 2 NICS are taken up by ADSL connections while the other NIC is the LAN, which would connect to VLAN2 on the SG-300. We would like to define which ADSL connection to route through depending on which subnet traffic is originating. The ESW-520 will need access to the shared resources and internet gateway on VLAN2 on the SG-300.
I have a Cisco 881 setup with the following VPN config.
[code]...
The client is able to connect just fine to the network via VPN, but I am unable to gain access to any of the local resources. I know 192.168.1.1 has SSH running and 192.168.1.50 has telnet running but if I try to connect to either using the correct program they just timeout. I am really at a loss on why the vpn connection connects but I can not gain access to any of the resources on the VPN network.
