Cisco Firewall :: Two Private Networks On ASA5510 With Default ISP Gateway?

Mar 11, 2013

Currently a network consists of two subnets, one subnet is behind a ASA and the other behind a PIX, both connecting to the ISP's routers. If the PIX is retired, is it possible to create/consolidate the two networks protected by the ASA5510 with the default gateway being the ISP?
 
How can two private networks be protected by the ASA5510? One conceptual way is to create the VLANS on a layer 3 switch, on the "inside" interface of the ASA. In this senario what would the "inside" network's IP address?  If the above is possible, how would natting occur?
 
Is there an efficient configuration to protect two networks protected by the 5510, other than creating a DMZ?
 
Is it possible to create two private networks with same level of security, 100 on a three network interface connections?

View 12 Replies


ADVERTISEMENT

Cisco Firewall :: Wrong Default Gateway VPN IPSEC ASA5510

Nov 24, 2011

I've configured a VPN IPSEC on my ASA5510. It Assigned IP/NETMASK/Gateway via a DHCP Server on the LAN.The problem is that when a client is connected to the VPN , it takes the right IP and NETMASK. ( 192.168.1.109 / 255.255.255.0) but the Default Gateway is wrong ( 192.168.1.1). It should be the default Gateway of my LAN router ( 192.168.1.229).

View 7 Replies View Related

Cisco Firewall :: ASA5510 SIP Invite Showing Private IP

Mar 3, 2011

I'm having an issue with out going sip traffic showing my private IP in the header instead of the public IP. I have a cisco asa 5510 and everyone seems to think the issue resides on the firewall.

View 4 Replies View Related

Cisco Firewall :: ASA5510 - Connect Two 10.10.10.x Networks Using NAT

Dec 26, 2012

I've got an ASA5510 with an IPS/IDS module.  Because of a merger, I've got two 10.10.10.x networks (West and Central).   I'd like all West traffic to be IPS checked before going into Central.  Once it goes into Central, it's out of my hands.   Can I set up NAT to accomplish this?
 
Again, the traffic flow would be from West (10.10.10.1) through the ASA/IPS, and then to Central (10.10.10.1).  
 
Is this possible?  If not, do I need another router?

View 6 Replies View Related

Cisco Firewall :: ASA5510 / Default Route With Different AD Value?

Nov 14, 2011

Will ASA5510 support default route failover mechanism by giving two different AD value in the route outside command?

View 1 Replies View Related

Cisco Firewall :: ASA5510 - Connect 2 Internal Networks

Apr 26, 2011

We recently got a Cisco ASA 5510 Security Appliance and I have some general question.

We have 1 T1 internet connection, and we have 2 internal networks.  These 2 internal networks currently hav access to the internet.  I am having issues with the 2 internal networks being able to communicate with each other.

View 2 Replies View Related

Cisco Firewall :: ASA5510 / How To Document The Networks Bandwidth Utilization

Mar 20, 2013

I have been assigned to find out the nature of the network's bandwidth utilazation. Is there a way to analyze traffic and breakdown the traffic on the ASA5510?

View 9 Replies View Related

Cisco Firewall :: ASA5510 Delete Default Service Policy Rules?

Jan 7, 2013

We have a problem with some websites being blocked every now and then. Everyone inside can access this external website for weeks, and then suddenly it's not available for a few hours, and then it comes back. All without me making any changes to the firewall, ASA5510. The external website that has nothing to do with us can be accessed from anywhere outside our network, example on my iphone through Verizon.
 
We have not set up any rules about blocking websites, all I found was the Default Service Policy. After backing up and then deleting the rule we are able to access all sites.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Portforwarding To Device With Different Default Gateway

Feb 27, 2012

A customer got a new VoIP PBX, and now I have to forward port 443 on the ASA to the PBX for remote administration purposes. The LAN-interface of the PBX is in the same subnet as the ASA but has an external VoIP-router as default gateway and not our ASA. Is it even possible to forward the port to the PBX when there is no route of any sort to our ASA on it?

View 2 Replies View Related

Cisco Firewall :: Unable To Ping Default Gateway On ASA 5510

Mar 31, 2011

We have two ASA5510s, each with outside interfaces to the same two ISPs (different IP addresses within the same subnet, of course). Both ASAs allow ICMP on all (inside and outside) interfaces. One ASA's default route is to ISP-1 and the other is to ISP-2. We can ping the default gateways for both ISPs from only one ASA. From the other ASA, we can only ping the default gateway for the default route but not the other. The pings originate from an inside client, first configured with the default gateway for ASA-1, then for ASA-2. Why does this happen, how do I troubleshoot something like this and how do I fix it?

View 1 Replies View Related

Cisco Firewall :: 5510 Switch Does Not Have Default Gateway Configured

Nov 1, 2012

We have a 3560 switch behind a ASA 5510 at a site that we are trying to access via telnet over the internet, we find out the switch does not have a default gateway configured.  So I configure the following rule on the 5510: [code] Try accessing the switch, and all is good.  One of our change control steps is to identify any others are connected to the device via: [code] I see the connection and show users command return 172.16.30.15, as expected. How is it possible that address can connect to that switch. 

View 7 Replies View Related

Cisco Firewall :: ASA 8.3(2) 5505 / Remote Access Vpn Default Gateway?

Jun 28, 2011

ASA 8.3(2) 5505
 
I've configured a number of remote access vpns on ASAs, but I don't recall having a default gateway setting assigned after logging in.
 
Is there a way to disable the assignment of a default gateway upon login?
 
The value assigned is meaningless. It's just the next available address in the local pool. 

View 2 Replies View Related

Cisco WAN :: How Many Private Networks 2800 Supports

Oct 29, 2011

i have two cisco 2800 routers ,  and i have three different networks , so can cisco routers supports more than one private network example,My First location i have one public connection of 200.100.100. 1 and private network of 192.168.1.x network and the second router i have one public connection of 200.100.100.10 and two private networks of 192.168.50.x  and 192.168.60.x ,  So can i route my first location to this two different networks , because my router have only two FastEthernet connection , so how it's possible or not.

View 3 Replies View Related

Cisco VPN :: ASA 5505 - Access Two Private Networks

Dec 4, 2011

i have Cisco 5505 and i configured a remote VPN clients.  here is my scenario
 
Cisco switch 2950   ===  holds two private network 192.168.8.x  and 192.168.4.x
  
vlan 2  outside interface -    Eth 0/0       155.155.155.x
 
Vlan 1 inside interface --       Eth 0/1    192.168.8.180
 
 VPN pool ip address  =  192.168.8.100 --110
 
I drag i cable from my Cisco switch and put in to Eth0/1. and i want to access this two private networks 192.168.4.x and 192.168.8.x . Now i can access to 192.168.8.x . But i can't access 192.168.4.x ..

View 3 Replies View Related

Cisco Routers :: RV042 Route Between Two Private Networks And One ISP

Nov 2, 2011

I have two private networks and want/need to route traffic between them.  I also have an ISP connection and want/need to provide internet to at least one of the private networks.  Providing internet access to both is not required or desired.
 
Can this be accomplished with an RV042?  If so, how?
 
P.s.  The problem space, once again, in a non-narrative form with some addresses thrown in:
 
Private Network A: 192.168.200.0/24
Private Network B: 10.50.3.96/27
ISP Network C: 192.168.0.0/24 192.168.0.1GW   192.168.0.2 is WAN1 address on RV042
 
Required Traffic Flow
A <--> B
A  ---> C

View 3 Replies View Related

Cisco VPN :: ASA 5510 / VPN Client With Overlapping Private Networks?

Jun 6, 2012

I have a new customer that needs to send data to us occasionally, we normally install the Cisco VPN Client on their PC, but this customer has the same private network we do.
 
I know this could be done with NAT Policy on my ASA 5510 with a site-to-site VPN, but the customer does not want to change the network hardware or addressing. They have cable router with no VPN capability, and they don't want to spend any more money on this project.
 
Can this work if their are no duplication of IP addresses?

View 25 Replies View Related

Cisco WAN :: 3750G - Dynamic Routing Between Private Networks

Mar 13, 2011

how to redistribute routes between three independently managed private networks.

Currently: See attachment The two buildings managed by Company 1 are connected by 4x1GB fibre channel ports on Cisco 3750G Standard Image switches. Static routing is used between the two building and static routes are used to direct traffic to Company 2 and Company 3 via routers managed by their respective companies. No NAT is required as all three companies use separate private address schemes.

Network Improvements: See attachment To increase network resilience Companies 2 and Company 3 are planning on installing new routers in building 2. Companies 2 and 3 use Dynamic routing protocols on their internal network.  Incoming and outgoing resilience is required in all three companies.  There is no direct connectivity between Company 2 and 3.

I would like the following questions answered:

1. Is dynamic routing needed in Company 1?

2. Given that only 4 devices are managed by Company 1 will RIPv2 work? NB. Company 2 and 3 have very large networks (3000+ sites).

3. Would route redistribution be best performed on Company 2 and 3’s CE routers?

4. How can route redistribution be controlled by Company 1?

View 4 Replies View Related

Cisco :: Dealing With Security When Merging Private And Public Networks?

Jul 18, 2011

We have a private network, multiple vlans etc. for our domain users/employees across several amenities. We also have a Public network, that we have managed by a 3rd party for guests/conference rooms/attendees.Private network is all static ips, mac restricted port security, as strict as possible from a security and PCI Compliance standpoint. The public network is all DHCP with hundreds of users. Having them physically separate has always been the best option. Separate switches, server, and I even have the uplinks separated on a 3825 router. However, unfortunately it seems as though that luxury is coming to an end.One of the meetings that is taking place is going to be at one of our outer amenities so I've got to push that "public" network through my network, over my backhaul to the other side.

My suggestion was to create a new vlan on the switches with the shortest path possible to get where it needs to go. This way the traffic never goes through our ASA, and it has a small footprint on our network, it plugs into the switch access port with the dedicated vlan at the entry point into our network, and leaves from an access port on the other end. To me that seems to be the best/most secure way to handle it. We're also in the process of rolling out Public Wifi through the entire property and since we'll want to push both Public and Private vlans over it....merging the two networks to a point is only inevitable. Especially since it will be going through a controller and the property covers a good 7000 acres.

A good IDS/IPS...other than already having port security on every port, I'd definitely like to know if somebody inadvertently cross connects the two networks and it starts flooding whatever vlan access port it's plugged in to with dhcp...especially since a lot of the laptop users on the domain are set to DHCP first with a static in the alternate for working at the office and remote.

View 2 Replies View Related

Multiple Private Networks Allowing Access To Printer?

Apr 10, 2013

I am looking to create an office network with each person having internet access but on a private network. however everyone will need to be able to access a communal printer. would they be able to see it if they were all on a different subnet or would i need to set up vlans?

View 4 Replies View Related

Routers / Switches :: Office VOIP With Multiple Private Networks?

Jan 23, 2011

I'm going to move offices into a shared situation with 3 companies. Each company will want its own private network so there's no snooping between companies. I am planning on using VOIP for the phone system (Nextiva cloud based). Is it possible to set up the system so that each company has access to the VOIP system but yet remains sequestered in the their own network for everything else. I was hoping to do this with one data port at each workstation using Cisco SPA-303 phones. The way I understand this, is that the phone plugs in to the data port and you daisy chain the workstation off from each phone. Is this possible to do this while having the system I described? Another wrinkle is that I'd also like all the networks to be access shared printers.

View 7 Replies View Related

Cisco Switching/Routing :: 3750V - Mixing Public And Private Networks On Same Switch

Oct 23, 2012

We have many remote offices that we want to add public wifi and a couple of other services that would be completely outside of our internal network.  Each office has a 3750 with plenty of open ports.  How can I safely create a vlan for public access on these switches which currently have our internal network on.  I have read that people are doing this to save on the cost of purchasing a dedicated switch.  Some people are using access lists and one person mentioned creating a private vlan for the public network.  I looked up private vlan and it seemed bit confusing.

View 3 Replies View Related

The Default Gateway Is Not Available?

Feb 21, 2013

i joined because i keep on having the same problem. i read around the forum a bit before joining and i saw that mcafee was causing the problem for a lot of people. i dont have mcafee so that cant be it several crashes per day. like, literally close to 100 of them.

View 3 Replies View Related

Default Gateway Not Available

May 3, 2012

Periodically, I drop internet everywhere around my college's campus. I'm literally four feet from a router, but it doesn't seem to matter. I'll disconnect, run troubleshooter, and I'll get the error message saying that the default gateway is not available. My college is designed for Macs, but I'm running Windows 7. My Mac colleagues do not experience problems. The computer works at home and at nearly every other wireless network I've brought it in range of. Specifically, either IBM or Dell.

Dell XPS 15
i7-2720QM
8gb Ram
Windows 7 Home Premium SP 1
540? Something around 500 Nvidia graphics card

Ipconfig results:

Windows IP Configuration
Host Name . . . . . . . . . . . . : George-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No

[code].....

View 14 Replies View Related

Default Gateway Is Not Available?

Nov 30, 2011

I recently got a new laptop and ever since, the internet goes in and out. Most of the time it is not out long enough to display the no connectivity icon or stop music from streaming but it is noticeable. When I run the troubleshooter it says that the default gateway is unavailable. I tried manually setting the connection information but the same thing keeps happening except the troubleshooter then says that DHCP is not enabled. I've disabled every firewall I can find and updated all the drivers available. Here is my info:[CODE]

View 3 Replies View Related

Cisco VPN :: ASA5510 WebVPN Access And Browse Networks

May 4, 2012

I'm configuring an asa device for web access: SSL VPN service. I can have a user authenticate for web session with their active directory domain credentials (username and password). Once their web session has started, moving to the "browse networks" feature for a share viewing requires them to authenticate once again - "authenitcation required". I'd like to configure the device so that authenticating to the windows file share will be attempted using the previously entered credentials.

View 2 Replies View Related

Cisco :: ASA 5505 As Default-Gateway?

Mar 28, 2012

I am trying to get rid of 2 old 2651xm's and 2 2950's from my CCNA days and want to get into the ASA realm. Can I be able to use the ASA, not only as a security appliance / firewall, but also be able to write the access lists, etc, to be able to use this as my router to push packets to and from my internal LAN to the outside world? I guess I should have stated as this being the front end device to my network, just after my DSL Cable modem, that is..and being the only device. I am trying to have this as my main router /firewall solution and then I have an old Linksys router I will pipe off one of the L2 ports to have an AP for my wireless devices? Is this a real solution an ASA can provide?

View 2 Replies View Related

Cisco :: Cannot Ping Default Gateway From R2 To R

Feb 13, 2013

i'm having problem to ping succesfully default gateway on Router1 from Router2. Basically i can: - ping from R1 the serial interface on R2 and default gateway on R2 - telnet from R1 to R2 - ping from R2 to serial link on R1, BUT I CANNOT ping default gateway from R2 to R1 Below is the photo showing topology and running configuration on both routers

View 2 Replies View Related

Cisco WAN :: Can't Use ASA5505 As Default Gateway For LAN

Mar 16, 2011

We have a network consisting of a central site and a few remote offices. The sites are all connected via MPLS and also have VPNs over ADSL / internet connections as a backup. The remote offices have Cisco 837 routers for the ADSL connections which we can manage but the MPLS routers are managed by the service provider providing the MPLS connections. At the central site we have a Cisco 891 for the the MPLS connection (which we manage) and a Cisco ASA5505 for the backup VPNs.
 
In order to implement failover from MPLS to VPN in the event of any MPLS line going down I have tried to use ip sla monitors and tracked objects on the 891 as per Cisco's documentation. The problem that I am finding is that I can't set the number of ICMP echo failures required before the tracked route is dropped. Whenever the ip sla monitor fails to get a response the tracked route is dropped immediately. This is too sensitive as packets are occasionally dropped which results in the routes bouncing back and forth between MPLS and VPN too frequently (disconnecting users in the process).
 
I have tried different threshold types and values, tried configuring ip sla monitor reaction-triggers (although I don't understand what little documentation that I can find on this) and have even looked at event manager. I have been working on this for a few weeks now and am getting nowhere.
 
The Cisco ASA5505's implementation of ip sla monitor is much better in that it is possible to specify the number of packets but unfortunately we can't use the ASA as the default gateway for the LAN as the asymmetrical routing that occurs does not work with the firewall function of the ASA.
 
Any issue with ip sla monitor on IOS and managed to get it working?

View 2 Replies View Related

No Default Gateway When Hardwired?

Jan 3, 2011

When I plug my laptop up to our modem, all i get is local access. IPconfig gives me to default gateway or dns suffix. Naturally there is no wireless. My roomates laptop runs fine wired or not and we have the same set up.Not sure what to do.

View 12 Replies View Related

Default Gateway Came Up Empty

Feb 8, 2013

I am having issues playing certain games on my ps3. So I've been searching for solutions and I came across a video that wanted me to go to run/cmd/ipconfig. I have little knowledge of computers but I'm not sure that what my ipconfig is showing is supposed to be there. At first I googled and learned about ipv6 addresses because i found that weird but i think that checks out fine. I then googled about the weird numbers and letters in my default gateway and came up empty. Is there a reason thats there?

View 3 Replies View Related

Possible To Use Ubuntu Box As Default Gateway

Jan 2, 2011

I have Squid proxy installed on a ubuntu box here. Currently all my PC's use my ADSL modem as their default gateway but what i wanted to do was see if it was possible to use the ubuntu box as the default gateway, and have it route through Squid to my ADSL modem.

View 3 Replies View Related

Cannot Connect To Default Gateway

May 20, 2011

I am trying to change the password on my D-Link router. So i typed ipconfig into cmd and the default gateway i get is 169.234.95.I have tried what used to work at home such as 192.168.0.1 and all of those.

View 9 Replies View Related

Not Able To Ping Default Gateway

Sep 10, 2012

I have a VM server, whose IP is in customer VLAN600 ( 172.60.60.10/24 ) and Peer end is switch then Firewall.Switch is configured with same VLAN600 and learning mac-address of Server on VLAN 600, Firewall is also having VLAN600 and IP is 172.60.60.1/24.Server is not able to Ping/reach Firewall and vice versa.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved