Cisco Firewall :: Subinterface On ASA 5520 - Extend Network Sources
Apr 23, 2013
I am having an issue where I can't get to external network sources via my sub interface which is attached to a 192.168.10.X VLAN I created to for Guest wireless traffic. The internal interface is a 10.5.X.X network. I can get out the external interface, but anything that we have A records for such as our mobile iron server that we can hit from the outside via https and an external IP can't be hit from the subinterface at all. Would this be a DNS rewrite issue or inspection problem?
View 3 Replies
ADVERTISEMENT
Jan 31, 2013
I am in a non-admin context mode in ASA 5520 8.0 (5) and i m trying to add a new interface
GigabitEthernet1/2.4 172.19.4.1 255.255.254.0 manualGigabitEthernet1/2.6 172.19.6.1 255.255.255.0 CONFIGGigabitEthernet1/2.180 172.19.180.1 255.255.252.0 manualGigabitEthernet1/2.190 172.19.190.1 255.255.254.0 manualgvadc-fw/tgf# conf tgvadc-fw/tgf(config)# int ggvadc-fw/tgf(config)# int gigabitEthernet 1/2?
configure mode commands/options:1/2.180 1/2.190 1/2.4 1/2.6gvadc-fw/tgf(config)# int gigabitEthernet 1/2.168 ?ERROR: % Unrecognized commandgvadc-fw/tgf(config)#
what do i do?
View 2 Replies
View Related
Apr 5, 2012
I'm trying to set up an 802.1 q trunk between my layer 3 switch and ASA5520. I understand I need to create a subinterface to accomplish this and have done so. However, the subinterface does not respond to pings, and when I attempt to run the packet tracer on the firewall itself, I get a message saying Flow is denied by configured rule. But the strange thing is it shows the output interface as "np identity ifc":
(The VLAN in question is VLAN2 192.168.2.3 is the VLAN2 address on the switch). The ASA config is as follows:
ASA Version 8.2(5) <context>
hostname context2
names
!
interface GigabitEthernet0/0.2
nameif Inside0/0.2
[Code] ....
View 3 Replies
View Related
Mar 17, 2011
I´m trying to configure a subinterface named Inside with vlan 1 but the interface stops work with this vlan.My switch is a Cisco and use the lan with vlan 1 too.If I change de vlan for other i.e vlan13 works fine. And all others vlans works fine too.Is there a problem to use the vlan 1?
My configuration is:
Cisco ASA:
interface gig0/3
no ip address
no security
no nameif
Interface gig0/3.1
vlan 1
nameif Inside
Securirity-level 100
ip address 10.x.y.x 255.255.224.0
The giga port of the swtich is configure to trunk model.
View 2 Replies
View Related
Aug 18, 2011
Is there any documentation on how to extend a VLAN over WAN using a ASA 5520 appliance?I will be inheriting the network appliance and need to make the configuration change.
View 2 Replies
View Related
Jul 11, 2012
I have a Cisco 5505 with a security plus license and but I can’t seem to create sub interfaces on it.
ASA1(config)# sh ver
Cisco Adaptive Security Appliance Software Version 8.2(2)4Device Manager Version 6.0(3)
Compiled on Wed 03-Feb-10 14:17 by buildersSystem image file is “disk0:/asa822-4-k8.bin”Config file at boot was “startup-config”
ASA1 up 1 day 18 hours
Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHzInternal ATA Compact Flash, 128MBBIOS Flash Firmware Hub @ 0xffe00000, 1024KB
[code]....
View 3 Replies
View Related
Oct 31, 2012
I have a circuit that will be delivered to a client next week and we are installing an ASA 5585x for them. They will have a circuit coming in with a few VLANs configured on it. One VLAN for the Internet and one for connectivity to another client.
So does the ASA allow you to create the "outside" interface on a subinterface?
View 2 Replies
View Related
Oct 23, 2011
On our ASA5520 we have three subinterfaces configured on our Gi0/1. Is it possible to configure a DHCP Server on one of these subinterfaces?
View 4 Replies
View Related
Feb 27, 2013
I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
View 5 Replies
View Related
Nov 3, 2011
I'm working with ASA 5520s. how to add network objects via CLI. I know I could easily do it using ASDM, but I like to learn the hardway first. How do I add the subnet mask for a network object when creating via CLI? [code] That sets up the hosts with IP addresses, but how do I add the subnet mask?
View 2 Replies
View Related
Jan 27, 2013
I am trying to configure a server(192.168.5.50) in DMZ(192.168.5.0/24) to be able to communicate with a domain controller(10.5.44.220) in the inside network(10.5.44.0/24). I made some configuration using ASDM(not familiar with the CLI) but not working and it caused existing NAT not to work, for example RDP(TCP 3389) connection to 38.96.179.220
The things I am trying to achieve are
1. two way commucation between 192.168.5.50 in DMZ and 10.5.44.220 in Inside for SecureAuthPorts and SecureAuthOutbound service groups
2. NAT for 192.168.5.50 mapping 38.96.179.50 for the service groups mentioned above
3. NAT for other hosts already existing
View 2 Replies
View Related
Apr 11, 2013
I'm trying to achieve a site-to-site ipsec tunnel to a Cisco ASA 5520. Most examples feature the ASA with a public interface that terminates the tuennel and a private network on another interface that the tunnel interacts with. Where my scenario differs is that the interface that accepts the tunnel is part of a public /29 network where I want the remaining hosts on that subnet to be able to route thrugh to the other end of the tunnel. My tunnel gets established, but any attempts to route via the IP assigned to that one interface result in the ASA rejecting traffic. If so, what configuration options should I consider?
View 5 Replies
View Related
Aug 23, 2011
I am using ASA 5520 with 8.2.4 IOS. I'm new to ASA/Firewall. I need to do access webserver from outside network.From Laptop (192.168.2.51), If I connect to url... it should open page from 10.10.10.50.I also need to ssh to webserver from laptop. If I ssh to 192.168.2.50 from laptop, it should connect to 10. 10. 10.50. [code]I can't get to webserver from outside network, so now, I connected laptop to directly ASA 5520 outside port with crossover cable.ASA Inside port connects to L3 switch. Webserver also connects to L3 switch. But still doesn't work.
View 9 Replies
View Related
Oct 9, 2011
We are looking to deploy an ASA 5520, but I need to know if it is possible for it to work in this environment.
We have colo space, with two IP ranges. They provide two network drops, one from each switch connected to different routers. One in which has 4 usable IP's for management purposes. This address range will be used only for remote access to the ASA and VPN into the management VLAN. The management VLAN will have all internal devices such as the switches, etc. The second range is for the servers, of which will be assigned directly to the hosts and the ASA will need to act as just a firewall. I can do this on IOS, but not sure about the ASA.
I need to answer the following questions:
Does the ASA support dual network drops, and would this be a failover port configuration in order for it to work?A management VLAN with outbound internet access only, and VPN/RA capability. NAT will need to be used I'm guessing. Can we have a DMZ VLAN which has defined ports, say 80, 443 and 25 inbound and outbound. I need the hosts to have the public IP assigned to them with no NAT configuration.
I know there are some advantaged to using NAT, but I really can't use it because the applications behind prefer public IP's being assigned to them.
View 23 Replies
View Related
Oct 25, 2011
I'm migrating our network objects from our current firewall to a new ASA 5520 configuration. I'm using ASDM 6.4 for configuration.
We have a range of IP addresses for hosts that we need to add to a firewall rule/ACL. In the previous FW software I could create an object that was a range of IP address. For example there is an object called emailservers that is defined as 192.168.2.25-192.168.2.50.
Is there a way to do a similar thing on the ASA 5520?
I can see how to create subnets, but in this case I only have a range of IP addresses, no subnet mask.
View 1 Replies
View Related
Feb 21, 2012
Have cisco ASA5520 on place and i want to configure it to access my webserver outside of my network throught sftp/ftp with filezila what command to add so as port/service associate to it should be able to run?
View 1 Replies
View Related
Mar 1, 2012
In the Firewall Dashboard of my ASA 5580, I get data on every pane, except for the Top 10 Sources and Top 10 Destinations. Why is that, and what do I need to do to get data there?
View 1 Replies
View Related
Jan 23, 2012
We have a Cisco wireless infrastructure in place that includes a guest network with its own subnet that is a sub interface of the inside interface on our ASA 5520. There are no routes for it to be allowed access to the internal subnets. So it can only access the internet. This is primarily used by the public, but we have several non employee personnel that we only want to give internet access and force them to access the internal network through our clientless SSL vpn portal or through other internet facing internal resources such as webmail.I have done packet traces from within the ASA and the break appears to be there is no ACL allowing the traffic back into the network once the web resource replies to the request and the traffic is attempting to come back into the network from the web resource. Is that as clear as mud?
I know that this has to be a common problem and a way around this is to allow the guest wireless network access to the internal network but only for the select resources that they require. And that this can be done seemlessly by network specific routes and or alternate DNS entries, but I would like to keep this simple and just allow them to access the web resource, webmail and VPN, from the guest wireless using internet DNS servers without route trickery.
View 8 Replies
View Related
Jan 13, 2012
My b/g/n router is at one end of the house and on the second floor needs to be. I currently have a b/g/n wireless bridge hooked to a LAN port of an b/g/n router that I am using as an access point almost in the center of the house, about thirty feet away with one wall between them. I get good connection speed on an Internet TV that's about 7 feet below the access point with one floor/ceiling between. I get a reliable but slow connection to an Internet TV that is about 20 feet from the access point with two walls between. I get intermittent, slow connections with portable devices near the opposite end of the house on the first floor. Measured horizontally, they are within 15 feet of the upstairs TV that has a slow connection and about 9 feet below it.
The ceiling of my unfinished basement stairwell is a few feet below my router. I am thinking of putting a wireless bridge in the stairwell and connecting it with ethernet cable to an access point located in the crawl space, which is very dry, under the house directly below the upstairs Internet TV. It would be about 12 feet below the TV with a floor and a ceiling/floor between. That location would put it within 15 feet of the wireless devices on the far end of the house that now have a poor connection, with only a floor between. My primary goal is to get a better connection for them, but I'm hoping for a better one to the upstairs TV. My house is of frame construction with mostly plaster interior walls.
I want to use a POE access point under the house because I think it would be easier and safer than running a long extension cord. Looking at POE devices in catalogs, it is often not clear to me whether the device in question expects to be powered over ethernet or expects to power other devices over ethernet.
I have the following questions:
Does my plan sound feasible, and would it be expected to accomplish what I want?
How can I be sure that, when I order a POE access point, it expects to receive power over ethernet, not provide it?
Can POE devices be cascaded? If I do this and find that I did not get the coverage I hoped and, therefore, want to add another POE AP, can I add a POE hub or switch and run cable from it to the additional POE AP? If so, is there any particular monclature for devices that expect to both receive and provide POE? Can such devices receive and provide over any port, or do they have to receive power on a designated one and provide it to the others?
View 3 Replies
View Related
Jan 12, 2011
can i merge two sources of bandwidth into one router ?
View 1 Replies
View Related
Feb 15, 2012
i have following requirement.Wired part of the network is already done.
CiSCO 2800 or 800 router connected to ethernet switch and pcs connected.i want another 5 pcs connect to this LAN through wireless connection distance between wired part and this new location is approximateley 200meters. how can i do this using access points and repeters or any other methods?
View 7 Replies
View Related
Feb 4, 2012
I'm trying to make a redundantish office/datacentre connection on the cheap. At the datacentre, we've got a 7301 (12.2(24)T5) and at the office we've got a Mikrotik RB1200 (5.12).The office router has two ADSL connections to two different ISPs, the datacentre router a single GigE to a colo provider. I'm trying to build an IPSec encrypted IPIP tunnel over each ADSL service to a separate loopback interface on the datacentre router, so I can run OSPF over the top for route exchange. I need to use two different loopbacks on the datacentre router so the office router can have a static route for each out each ISP ADSL. But I'm running into issues making encryption work on two different source addresses.Using the 'crypto map xxx local-address Loopback12' command, I can specify the outbound interface for one of the tunnels just fine, traffic moves as expected - while the other tunnel fails to encrypt. But is there a way of having two peers use two different local addresses, or applying two crypto maps to a single physical interface?
View 1 Replies
View Related
Jan 20, 2012
I'm trying to extend the range of my wireless network from my house to my workshop, which is about 600 feet away. There are no trees or other objects in between the two buildings. how I could boost my wireless signal to reach that far?
View 1 Replies
View Related
Oct 8, 2011
I have a e4200 Linksys upstairs and the range in parts of house is weak weak. I need more access points. Can I add another router downstairs on another cat5 and make it act as access point? What other options?
View 4 Replies
View Related
Feb 24, 2011
The bootloader used by the device is U-Boot, which is also licensed under the terms of the GPL. Sadly these parts are missing from the source code package provided by D-Link. Therefore I am asking you to add the U-Boot sources to the provided archive or post them here in the forum.
View 12 Replies
View Related
Jun 9, 2012
I have an 802.11n/g wireless network throughout my house. I also have several ethernet ports. I want to use the ethernet port to connect to the network and extended the existing wireless network (same SSID). I know AirPort devices from Apple can do this but I wanted to know if anything else could as well. It is too slow when I try to wirelessly extend it (not using ethernet at all).
View 4 Replies
View Related
Feb 27, 2013
I'm trying to configure a WAP321 so that I have the same SSID and WPA2 password on both the RV220W and the WAP321 so that i can reach all areas of my clients location.
View 1 Replies
View Related
Feb 23, 2012
For the command "monitor session 1 source" in Cat4900 (e.g. 4948), how many source interfaces can be supported per monitor session?
View 1 Replies
View Related
Oct 20, 2011
I have a new Siemens router and have set up my old LinkSys router as a switch (set DNS outside the IP range of the primary router, disabled DHCP server, connect LAN to LAN port).The SSIDs are still different. As a result each device now sees 2 networks and although internet GW is available from either connection, not al resources are shared across the network. There is one driveshare (with wired connection to the secondary switch) which cannot be seen by some of the wireless resources on the same secondary network.Questions:1. How can I set up the NW config such that it is seen and behaves like one physical network, anbd roaming devices pick up the signal from the strongest access point?
View 3 Replies
View Related
Nov 10, 2011
How can i use a router to extend the ip addresses of a separate network? I have been given a subnet mask of 255.255.255.248 which has given me 6 ip addresses to access the internet. How can i use a router to allocate extra ip addresses and route them to the internet ?
View 1 Replies
View Related
Aug 11, 2012
I have a network of one router which servers both LAN and wifi, my laptop can only use wifi to connect but the range of the router doesn't reach the third floor. I need a way to either extend or create a second hot spot but I'm not sure whether to use a repeater, a hub or a switch? this is my first time dealing with a network
View 3 Replies
View Related
Aug 10, 2010
set up the wireless network at a friend's house, which is a large solid-brick house that winds from one end to the other. The current location of where the cable comes into the house is unfortunately on the far-left end of the house, which means that the right end of the house receives no signal from their DIR-825 wireless N router.
What I've been looking into is the best way to wirelessly extend the wireless signal to the other end of the house. It seems straightforward enough to use an ethernet cable and access point to extend a wireless network, but that is not really a good option for this house. After reading many forum posts (and not being an expert myself) it seems like it may be possible to wirelessly extend the wireless network with another router, although it appeared that this is much less common (if at all possible) with wireless N routers.
what device I need to accomplish what I've described above? Another router, or some kind of access point/bridge? I saw at least one rather expensive wireless N repeater online (a Hawking brand, I believe) but was hoping to avoid that option initially, but if that is the only way to go then so be it :-)
View 12 Replies
View Related
Dec 24, 2012
I am a very basic user on the Cisco Switch programming. I was given a Cisco 3750G-48 to tinker with in my home office. I was wondering if someone could lead me to some good sources of information to program and configure this switch? I am wanting to create a GB network in the house with the computers that I have and the storage arrays.
View 8 Replies
View Related
