I'm intending to purchase a switch for work,and I need to limit the bandwidth of one of the ports to 25 Mbit upload and 25 Mbit download (we have 100/100 Mbit connection and the customer is only paying for 25). I been trying to find information on how this could be "properly" done and what kind of switch I need to buy. As far as I have understood, most L2+ switches support outbound rate limiting, but not inbound, and as I only want the customer to have 25 mbit up and down, I need both.
I been looking at a Cisco Catalyst 3560 switch, and I'm first and foremost wondering if I can limit the inbound AND outbound bandwidth on this switch? Perhaps it can even be done on a simpler, cheaper, switch - as I rather not spend more money then necessary?
Lastly, how to do it, limit the inbound and outbound bandwidth on a single port (perhaps on the above mentioned switch, if possible), to 25 Mbit?
I know I can use the RTR statement to determine when the primary ISP circuit goes down via this technote: url...My question can I assign static Nats on the backup ISP connection to the same inside servers in the dmz.?Example 10.1.1.11 is mapped to ISP1 ExternaIP of 18.104.22.168. Can it 10.1.1.11 also be mapped to ISP2's 22.214.171.124?This way I can get my DNS changed and my inbound traffic to servers in my DMZ on the asa 5510 running 8.0.3 code can continue to receive Inbound traffic.
I’m trying to configure my ASA 5505, in order to allow my inbound and outbound mail communications. Here with this mail I’ve attached a diagram which illustrates my exact network setup along with ip addresses.
In this setup I’ve enabled port forwarding on my ADSL router (port 25 and 110) and configured the ASA accordingly, and my mail server is located inside my network.
My problem is currently I can send mails from my inside network to outside but my not receiving any mails which originate from outside. I’ve attached my current ASA configuration as well,
RV220W - I'm trying to create a one-to-one NAT connection to a PC on my network. I have 5 static IP's assigned by my ISP. I've gone through the step of 'registering' each IP in turn on the WAN port, and pinging that IP from an external device until it starts to respond, then I set the WAN IP back to the one I want to use to manage the device.
I think what I want to do is simple. I simply want to NAT ALL traffic hitting my 2nd IP address, let's call it 126.96.36.199 (not the real value) to 192.168.1.10 internally. I want ALL ports both UDP and TCP to be forwarded. This Server is then going to be one end of a VPN tunnel going to another site, but I don't want to complicate things with that for now. So I can't even seem to get one-to-one NAT working! I created the one-to-one NAT on the Advanced tab of the firewall and created rules for all ports for UDP and TCP, but I can still never 'see' the internal server from the Internet. Also, the server will not get out to the Internet (can't hit Google, etc).
I want to configure accesslists on my Catalyst 3750X-switches to protect different VLANs/networks. Any best-practices about inbound versus outbound accesslists? In my head it is more readable and easier to understand the config when accesslists are assigned outbound on the VLAN to protect instead of assigning them inbound on all possible source-VLANs. But of course, from a performance point-of-view it is better to use inbound access-lists to avoid un-necessary routing etc.
I am trying to block outbound and inbound traffic on TCP 5222 and 5223 on E2500 but cannot figure out how. The reason is I have kids in my house using KiK (texting app) on iPads, iPods etc. My goal is to eliminate this applications ability to function for ANY wireless device connected to my WLAN.
I've had a Cisco ASA 5505 firewall connected to a cable modem (Virgin Media, UK) for the past 3 years. In the last 6 months or so I have noticed that the ASA would drop the outside (internet) connection intermittently, usually at least once every 1-2 weeks - the interface still shows as being up but no traffic crosses it, and computers on the inside network abruptly lose internet connectivity. Rebooting the ASA or administratively shutting down the interface and bringing it back up again would cure the problem straight away until the next time it happens.
In the last couple of days however despite nothing having been changed in the configuration the frequency of this connection drop has increased to the point where I would lose access to the internet within an hour of rebooting the ASA. It does not seem to matter whether or not there is traffic currently going out or not, inside computers just appear to suddenly lose internet connectivity.
I have tried the following without success:
1) I completely wiped the configuration (configure factory-default)
2) I changed the port the cable modem was connected to (eth0/0 -> eth0/7, changing switchport vlan accordingly)
I thought perhaps 2) had fixed it but it lasted a whole 2 hours before I woke up this morning to find that none of the internal equipment had internet access despite the fact eth0/7 was showing as up/up in ASA CLI.
This morning I manually set the eth0/7 port to "speed 10" (10Mbps, full duplex). It was previously set to be auto-negotiation (default) on both speed and duplex. As of this post it has managed to keep the outside connection up for 3 hours - but I'm not optimistic that it is fixed.
Interface counters have never shown any collisions, errors, etc - only packets input and output as expected.
Since the problem persisted across ports (eth0/0 -> eth0/7) I'm wondering whether or not the problem could either be faulty memory, or some kind of speed/duplex incompatibility between the cable modem and ASA.
Setup firewall rules that will block all inbound Internet access to the web server except port 443, Setup firewall rules that will block all communication between the two internal networks, except ports 7000 and 1702
I would just like to to open UDP port 123 in the ASA 5510 Firewall so that our Primary Domain Controller could use this port to sync time with an external time source. We have already added an access rule for this port under the firewall configuration in ASDM 6.4 and this port was also allowed in the inbound and outbound rule of the PDC's Firewall but it seems that it was still blocked.
I am a total Cisco novice who has just had a ASA5505 installed to replace a linux freeware firewall (smoothwall).I'm told that the 5505 can't port forward traffic (e.g. ssh) from two external IP addresses to two internal destination machines via the same port # (22 in this example).
i just ran a NMAP scan on the outside interface of a ASA 5520. It seems that the TCP Ports 7070 and 554 are open on all NAT interfaces and the outside interface of the firewall. I tried telnet on port 554 and 7070 and got connected.
This is problably a stupid question but how do I open a prot on a cisco 1811? I have a cisco 1811 and a computer that has VNC installed on it. I want to be able to access that computer from out side the network using the external ip address and port 5950. People outside the network will be able to open vnc viewer and type in *external ip address*:5950 and it will be directed to the computer with a static internal ip address of 10.11.101.10. What commands do I use to do this?
We have an ASA5510 that we need to open port 25 to allow mail traffic to our internal Exchange server.We have 2 interfaces defined... one named Internal on eth0/3 ip 10.1.x.x and one named Internet on eth 0/0 ip 96.56.x.x.We followed the instructions in ASDM for allowing access to a public server but confusion over definitions have stopped us.ASDM asks for the internal interface and the internal server IP... no problem there because the internal interface and server have two different IP addresses. The Internal interface is eth 0/3 (10.1.1.1) and the server is 10.1.1.2.
However, when we get to the External interface (eth 0/1) there is only a single IP address 96.56.x.x but the ASDM asks for an Interface IP and the IP people would use to get to the mail server from the outside. Inasmuch as we have only 1 external IP address (which connects to our upstream Cisco router which in turn connects to the ISP modem) we used the same IP for both but the ASDM returns an error indicating they must be different.
Apparently we do not have a clear understanding of what the ASDM is actually asking for. When the ASDM asks for the external interface we assumed it was asking for the named value we gave the interface (which is Internet). The named value "Internet" has an ip associated with it 96.56.x.x. But when the ASDM asks for the ip people on the outside would use to get to the mail server (we created a named value called "mail server" and gave it the same ip address as the external named value. This duplication of ip address causes the ASDM to return the error stating that external Interface to be used and the external ip to be used cannot be the same.Have we made an error when we assumed that when the ASDM asked for the external interface it meant the ip of the external interface or was it asking for the eth number (as in eth 0/0) for the interface?
I have a static IP address over 100Mbit fiber. I've installed a Mac Mini as a webserver and opened the ports 80, 443 and 5900 and a few others for minor services. Everything works fine: the http server (and https as well) is up and pepole can reach it from wan.Yesterday I tried to setup the FTP service with less success. Into the ACCESS RULES I enabled the FTP service and, as a result the port 21 opened up.
But if I connect via Cyberduck to the server I can navigate through the folders but I can't download anything. So I tryed to open up the port 20 for data transfer with no result. Same issue when I tryed to setup the AFP service to mount remotely server volumes: port 548 opened up but no success with port 549.
I travel a lot and use wifi in a lot of different places (hotels, airports, etc.)My apps don't always work and I suspect that in some instances the broadband provider is blocking some of the ports I need.I don't need a port scanner like NMAP since that scans a target IP for listening ports.What I need is a way to figure out whether some firewall between my PC and the Internet is blocking specific UDP or TCP port ranges.
ASA 5505 Firmware 8.3(4), ADSM 6.4(2).I have a public IP address of 188.8.131.52.I need to forward ports (5060, 5080, etc.) to one internal address. (192168.1.1).I need to foward different ports (10020-10080) to a different internal address (192.168.1.2) Everything I read tells me how to do this in a 1 to 1 static NAT.
I have purchased a subnet of 8 private IP addresses from my ISP. 109.x.x.128/29.The ISP has placed a juniper router within our data centre which is routing purely from 109.x.x.206/30 to 109.x.x.128/29 with the ip of fa0/1 set to .129.
I have linked a cisco 5505 to fa0/1 of the juniper from fa0/0 and configured its IP to .130. I have configured NAT to translate our client pool 192.168.16.x /24 address' to the internet.
Is it possible for the 5505 to route / map my remaing private IP addresses through its external port? I have tried creating a seperate VLAN for a DMZ for our servers to sit within but am returned with a subnetting error as VLAN for my external port is all ready configured within the same subnet.
I configured ASA to open port 21, 3389, 5900 (outside access in) but when i check port just success : 21 and 3389, Error: 5900 If i configured with only one port 5900 or 3389, is't ok, i don't understand what 's the problem?
ASA5510> ASA5510> ena Password: *********************** ASA5510# show run : Saved
I have done any and everything just to even open a specific port on my pc and try PortForward's port checker and web based checkers, and I can't get the port or any port to show as open.I am trying to make an IP webcam on my network viewable from the internet.My setup is like this"gigaset 204a" / DSL modem (Ethernet cable goes into internet port on LINKSYS WRTGS wireless router) [code] Disabled I went to LINKSYS port forwarding, the address I am forwarding to is the ip webcam server. I know if the IP changes it won't work, but before thinking of setting up a static ip for the webcam on my network, I need to get it to actually work.Nothing I do will open any ports on my pc. I've tried enabling DMZ. I've even set rules for windows firewall to allow incoming/outgoing connections on the port I want, i've disabled windows firewall. am running on windows 7 ultimate. The problem for my really is as far as I can tell, I can't even open a port to allow connections to my computer from the outside. Of course all my internet games etc work fine and have never had a problem, but I can't seem to manually open a port I want.
I've tried a few different ways unsuccessfully so thought I'd ask here.I'm trying to forward an outgoing port on a Cisco 800 series router. ie. When a user inside the network connects to the router on port 1234, it opens up the same port on a server on the Internet.