Cisco Firewall :: Getting Any Traffic Out Of ASA 5505

Jul 24, 2011

We have a BT Infinity broadband circuit which terminates at a vdsl modem, I've plugged an ASA 5505 into the back of this modem and gone through the ADSM quick setup wizard (yes I'm that much of a beginner!) The config that's been generated is pasted below, the symptomns I'm seeing are;
 
The ASA is setup with PPPOE on the internet connection, I assume this is correct as if I do a show IP on the ASA I'm getting an IP address that has been assigned, if I change the password to the wrong one then I get no IP (as expected).
 
If I ping from the ASA to an internet connection I'm getting "no route" error messages, if I try a "ping outside x.x.x.x" then I get no repsonses.
 
The ASA can ping it's external IP, the client machines can ping it's internal, however nothing appears to be able to get out.
 
ASA Version 8.4(1)
!
hostname xxxxxx
enable password xxxxxx encrypted

[Code].....

View 15 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5505 Ftp Traffic From Dmz To Outside

Dec 5, 2012

I am able to ftp from my Head Office to my test machine at the remote location but I can't get the other way around to work. Error message from the Syslog deny tcp src 192.168.50.5/1825 dst 208.124.202.44/21 by access-group "dmz_access_in".I try a couple of ways to fix it but no luck.A partial config of my ASA 5505. [code]

View 4 Replies View Related

Cisco Firewall :: ASA 5505 Throttling Traffic?

Apr 11, 2012

We have 110mbps internet service.  When we have the 5505 behind the cable modem, our speed drops to 55mbps or so.  If we remove the 5505, we see the full 100mbps.  I assume the 5505 can handle the speed; if so, what other things should I be looking at?As an aside, we used to have 50mbps wich worked fine, then the ISP upgraded to 60mbps and the through put dropped to 30mbps  (It always seems to be half)

View 2 Replies View Related

Cisco Firewall :: Traffic With 5505 Goes To High To Low

Jun 25, 2012

My understanding is for insight to outside we need global and NAT, and for outside to inside we need static and ACL? Traffic goes to high to low, I'm just start working with 5505 recently.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 - VPN Up And Running But No Traffic

Oct 27, 2011

I have VPN up and running between two sites. Both sites have Cisco ASA 5505. I can ping across the devices from both networks. But I cannot remote into the servers on the other network.

View 8 Replies View Related

Cisco Firewall :: VLAN Traffic On ASA 5505?

Aug 15, 2011

I have a Cisco ASA 5505 that I have configured.  The outside interface is vlan 2 and the inside interface is vlan 1.  Port 0 of the ASA is configured to be in vlan 2 and is connected to the ISP provided subnet.  Port 1 is connected to my private LAN subnet.  I have an additional router connected to Port 2 for guest connectivity.  Port 2 is configured to be a member of VLAN 2 so that it can access the ISP provided subnet.  From the device connected to port 2 I can ping the vlan 2 interface address of the ASA and from the ASA I can ping the Default gateway of the ISP provided subnet.  For some reason the router on port 2 cannot ping the default gateway of the ISP provided subnet.  If the vlan were working the same as a vlan in a switch, I would expect to be able to do this. why it is not working or what I can do to get it working?

View 4 Replies View Related

Cisco Firewall :: 5505 Allow SSH Traffic From Internet To DMZ

May 24, 2011

I'm trying to allow SSH traffic from the Internet to my DMZ. I gave my remote guy my ip and he can see the ASA 5505 but not get into the DMZ. The outside is 70.165.19.137. The DMZ server is 192.168.60.2. I have the inside talking to the DMZ fine. [code]

View 9 Replies View Related

Cisco Firewall :: ASA 5505 Traffic Flow Between Interfaces

Jun 13, 2012

I am fairly new to configuring ASA's. I have an ASA 5505 with one outside interface and three inside interfaces (inside1, inside2, and management). I need inside1 and inside2 to be able to talk to eachother but cannot work out how to make this happen. They are both configured to the same security level and the 'Enable traffic between interfaces with same security level' box is ticked. I have also tried adding appropriate NAT and Access rules. The packet tracer suggests the rules are correct for allowing traffic flow between interfaces but obviosly this may not be the case.

View 14 Replies View Related

Cisco Firewall :: Bandwidth Reservation For VC Traffic In ASA 5505?

Jun 4, 2013

We have 10MB dedicated Internet BW and want to run VC device and due to heavy traffic and BW high utilization at peak hours, VC performance is not sufficient. We would like to reserve 2MB for VC device. How much possible to fix up this configuration in ASA5505 version disk0:/asa724-k8.bin [URL]

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Reserve 2Mbps For RTP Traffic

Jul 31, 2012

I have a Cisco 5505 with a 12Mbps feed.  I want to reserve 2Mbps for RTP traffic.  I followed the QoS guide here: url... The goal would be that any traffic destined for port 5000 through 5100 UDP or TCP from any IP to any IP on any interface.should always have 2Mbps available to it. 

View 5 Replies View Related

Cisco Firewall :: Traffic Shaping ASA 5510 Vs 5505?

Oct 19, 2011

Is there any difference with traffic shaping capability on the 5510 as opposed to the 5505? is there anything the 5510 can do that the 5505 cant? with regards to TShaping?

View 4 Replies View Related

Cisco Firewall :: ASA 5505 Not Allowing Incoming Traffic

Mar 15, 2012

I am trying to switch out a cisco pix 501 firewall with a cisco ASA 5505 firewall.  I am not very familiar with all of the commands for the firewalls and have always relied on a standard command line script that I use when building a new one.  Unfortunately, my script is not working with the 5505.  What I am doing wrong with the following script?  I've masked public IP info with xxx.xxx.xxx and I run it right after restoring the firewall to the factory defaults.  I am able to get out to the internet if I browse directly from one of the servers, but cannot access a web page when trying to browse to it from an outside network. [code]

View 7 Replies View Related

Cisco Firewall :: ASA 5505 In Transparent Mode Traffic?

Oct 23, 2011

I've  setup my Cisco ASA 5505 in transparent mode. I have a Cisco 1841  connecting to the ISP (DHCP client) and F0/0 for inside. The 1841 is the  DHCP server.  I have my ASA 5505 behind the 1841 in transparent mode  (Vlan 1 for Outside and Vlan 1 for inside). The router config is  good as when you connect a computer straight to the inside interface I  get DHCP and can go to internet, no problems what so ever. But When  you're trying to go through ASA isn't not working.  if I add a ip any any statement to the access list it will work but  having an "ip any any" in a access list is like having no firewall at  all.

ciscoasa(config)# sh run
: Saved
:
ASA Version 8.2(4)
!
firewall transparent
hostname ciscoasa
enable password zmQ6OnxvsOOEDNAy encrypted

[code]....

View 4 Replies View Related

Cisco Firewall :: Can't Get Traffic Flowing Between VLANs On ASA 5505

Aug 20, 2012

I've got an ASA 5505 with the Security Plus license that I'm trying to configure.

So far I have setup NATing on two VLANs, one called 16jda (VLAN 16 - 10.16.2.0/24) and one called 16jdc (VLAN 11 - 10.105.11.0/24).

From each subnet I am able to connect to the internet, but I need these subnets to also be able to talk to each other.

I have each VLAN interface at security level 100 and enabled "same-security-traffic permit inter-interface", and I have setup static NAT mappings between the two subnets, but they still can't communicate.

When I try to ping there is no reply and the only log message is: 6     Aug 21 2012     09:00:54     302020     10.16.2.10     23336     10.105.11.6     0     Built inbound ICMP connection for faddr 10.16.2.10/23336 gaddr 10.105.11.6/0 laddr 10.105.11.6/0

View 11 Replies View Related

Cisco Firewall :: ASA 5505 - Allow Traffic Between Inside Interfaces

Nov 9, 2011

I trying to allow traffic between 2 inside interfaces with the same security level.  VLAN1 and VLAN15.  The are on different physical ports on the ASA.  I tried to configure this through the GUI Web interface and checked ' enable traffic between two or more interfaces with the same security levels'.  With this ASA version, I do not need NAT to allow this, correct?
  
ASA Version 8.2(1)
!
hostname ciscoasa

[Code].....

View 1 Replies View Related

Cisco Firewall :: Redirecting Traffic To Proxy From ASA 5505

May 20, 2011

I have ASA 5505 with base license. I like to install proxy server in my network.I configured below commands to forward my traffic to proxy server from my ASA.

If there is any configuration that i need to configure.And if possible send me the configuration guide to setup SQUID server. ( Actually it was set up by the 3rd party vendor)

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Enable Live Traffic?

Mar 14, 2012

I am currently troubleshooting a firewall policy on a ASA 5505. What command can enter in the CLI to enable live view of traffic been block and which traffic is been allow?In my experiences with other firewall vendors, other firewalls allow me to narrow down the source and destination, too. is there such thing on the ASA 5505?

View 6 Replies View Related

Cisco Firewall :: 5505 - Route Traffic Between Two VLANs Through ASA

May 30, 2011

I have ASA 5505 Firewall with security plus license, I configured two V LAN 1 and V LAN 5 as my inside V LAN for different sub net, i need to route the traffic between this two V LAN's through ASA. I configured
 
int vlan 1
nameif inside
Security level 100
Ip address 172.16.100.1 255.255.255.0
[Code] .........

The problem is i am not able to ping other sub net, for ex my PC is in V LAN 1 not able to ping 192.168.22.1 ... For troubleshoot i type debug icmp trace while pinging other subnet
 
ICMP echo request from 192.168.22.2 to 172.16.100.101 ID=512 seq=4608 len=32ICMP echo request from 192.168.22.2 to 172.16.100.101 ID=512 seq=4864 len=32ICMP echo request from 192.168.22.2 to 172.16.100.101 ID=512 seq=5120 len=32ICMP echo request from 192.168.22.2 to 172.16.100.101 ID=512 seq=5376 len=32

I turn off the firewall on my local machine.

View 10 Replies View Related

Cisco Firewall :: QoS On ASA 5505 - Prioritize Voice Traffic?

Jul 18, 2011

I need to prioritize voice traffic through the ASA
 
priority-queue outside
tx-ring-limit 200
queue-limit 2000
 
Do the above values look correct? and why is the priority queue applied to the outside interface and not the inside? (or both).  Also is this the part that ensures that the regular traffic does not choke the voice traffic?
 
class-map voip-class
match dscp ef
policy-map outsidemap
class voip-class
priority
 
service-policy outsidemap interface outside
 
Will the global policy remain which this interface policy taking priority?

View 10 Replies View Related

Cisco Firewall :: ASA 5505 Ports Available For Traffic Flow In Router

Oct 21, 2011

I am in search of a new routers. I don't have any special task to do. Just the flow of maximum 2mb/sec data and some times video conference. However I need the Voip solution as well. I just got excited on the cisco ASA 5505 product. Can this fulfill my requirements. Can this work as the router 1841. Does this support DMVPN, SSL VPN and dynamic routing. Can I upgrade the IOS for dynamic routing purpose. Do you recommend to purchase this produe act or not instead of router ? What are the limitations of this product. If I purchase this I can use this as an router as well as strong security solution. How many ports are available for traffic flow in ASA 5505. Are all routed mode or some of them switch port.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Dropping UDP / 53 Traffic On Inside Interface?

Jul 21, 2012

We have a Cisco ASA 5505 (v7.2(3)) with a "fairly" normal configuration yet we have a problem where it appears UDP/53 traffic is denied on our inside network.
 
here is output from our sys log:

SyslogID   Source IP      Dest IP    Description
305006      172.18.22.3                   portmap translation creation failed for udp src inside:172.18.22.156/42013 dst inside:172.18.22.3/53
 
To give some clarification:

172.18.22.3      is one of our DNS servers
172.18.22.156  is a device we're experimenting with.
 
We've bypassed the Cisco by using a 4G wireless router with this same device - and it works flawlessly.Here is a [scrubbed] copy of our config. It is what I inherited from the previous admin - I'm not sure of all its finer points (I'm not Cisco certified -- perhaps I'm just certifiable.)
 
: Saved 
:
 ASA Version 7.2(3)
 !
 hostname [redacted]

[code].....

View 5 Replies View Related

Cisco Firewall :: ASA 5505 - Capture AOL Instant Messenger Traffic?

Feb 11, 2013

I have an ASA 5505 and I setup a port with a PC connected to monitor the LAN interface. I see all the traffic from the LAN  going out and traffic coming back in no problem. What I do not see the the AOL Instant Messenger traffic at all. I have WireShark on the PC and I filter for AIM traffic and I see nothing.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Split Traffic On Dual ISPs

Jul 31, 2012

I have an ASA 5505 current f/w & the security plus license (to get the 3 nameif interfaces). Can I split traffic between two ISPs, (VPN traffic to one destination on a T-1 on one VLAN, and all other traffic using DSL to another VLAN) and using a different nat policy on both? I know load balacing isn't supported, only failover. I was just wondering if there was a way to make this work.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 Allowing Traffic Between Two Internal Networks

Aug 30, 2011

I'm usually not working with this product, but this is what I'm trying to do.I have 2 internal networks setup on our Cisco ASA 5505 firewall. (not done by me, I'm a new to this product)I'm trying to access a server on one network from a PC located on the other internal network. (preferable through the web gui)When I try "Packet Tracer" from interface "Trust4" it fails on the NAT phase.(Source ip: 10.0.4.99, Destination ip: 10.0.6.99)
When I check the NAT rule, it says:
Type            Source     Interface    AddressDynamic         any          outside      outside.

View 3 Replies View Related

Cisco Firewall :: Redirecting Traffic To Squid Server From ASA 5505?

May 12, 2011

I have ASA 5505 firewall with base license.I am using 10.91.40.0/24 IP series.Below are the requirements that i need to configure

1. First 30 IP's need to have direct internet access.

2. All remaining IP traffic i need to send proxy server( Squid server).
 
Note that my ASA 5505 is in base license and also tell whether my ASA is support for this feature.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 / ACL To Allow Email Traffic Only To DHCP Clients?

Nov 14, 2011

So here's what I think I should do to give email access only to a segment of addresses of my inside network.
 
1) Create a network object for 62 machines that will represent my dhcp clients.I plan to use 192.168.0.65-192.168.0.126. So I will use address 192.168.0.64 with netmask 255.255.255.192. Then set DHCP server to service this address range.
 
2) Create an ACL which will Permit Any to use tcp port 110 (pop3) to get to the outside. Which leads me to question #1:
 
How do I permit the source "Any" to communicate with "Any Less Secure Networks" like the implicit rule that gets zapped once I create new ACL? Is "Any Less Secure Network" implied by the "Any" destination?
 
3) Create an ACL which will Deny my DHCP range to talk to the outside.
 
4) Create an ACL which will Permit Any to talk to Any Less Secure Network(essentially recreating the implicit Permit ACL that got zapped).

View 1 Replies View Related

Cisco Firewall :: ASA 5505 NAT Rules Blocking Inside Traffic

Jan 7, 2012

Previous attempts to set up these NAT rules has been met with minimal success. We have been able to get the NAT rules created, and able to ping our inside servers and receivers from a  different outside network, but every time we get that far our internal network crashes.  Running the Packet Trace utility via the ASDM shows that internal traffic from the servers to  the workstations is being blocked by the default implicit rule under the access rule heading  that states "any to any, service being ip, action= deny". Reverse traffic from the workstations to  the servers is being allowed though. In an effort to start over again, the Cisco ASA has been  Factory Defaulted via the CLI, and has had it's Inside network, and Outside IP address set back up. DHCP pool has been setup for a minimal amount of addresses on the   inside network, since  most of our equipment will always be assigned statics. We reset our static NAT policies, and  seem to be having the same problem. My partner and I have been working on this for some time now, and have ourselves so frustrated that I know we are missing something simple. [code]

View 10 Replies View Related

Cisco Firewall :: ASA 5505 - All Traffic From Guest VLans To Always Go To Outside Interface

Mar 15, 2013

I have a ASA 5505 with the security plus license. I have 7 vlans, 2 are guest vlans for wireless and wired connections.  I am allowing traffic from the guest vlans to any with the http & https protocols I have ACL's in place before the allow all rule that do not allowed traffic from the guest vlans to the other vlans. Is there any way to have all traffic from the guest vlans to always go to the outside interface for the http & https traffic in stead of trying to go to the other vlans first, I know I have the ACL's in place to prevent the traffic but if I would feel better if I had this in place as well.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 - Cannot Ping Local Traffic And Hosts

Jul 24, 2012

I have, what I believe to be, a simple issue - I must be missing something. Site to Site VPN with Cisco ASA's. VPN is up, and remote hosts can ping the inside int of ASA (10.51.253.209). There is a PC (10.51.253.210) plugged into e0/1.

I know the PC is configured correctly with Windows firewall tuned off. The PC cannot get to the ouside world, and the ASA cannot ping 10.51.253.210.

I have seen this before, and I deleted VLAN 1, recreated it, and I could ping the local host without issue. Basically, the VPN is up and running but PC 10.51.253.210 cannot get out

ASA Version 7.2(4)
!
hostname *****
domain-name *****
enable password N7FecZuSHJlVZC2P encrypted
[Code]...

View 2 Replies View Related

Cisco Firewall :: ASA 5505 PPPOE Traffic Statistic Doubled Between Inside And Outside

Mar 12, 2013

I've an ASA 5505  connecting to a vdsl modem. The ASA is doing the PPPoE encapsulation. I've noticed the traffic amount on the outside interface is always twice the bandwidth it receives on its inside interface. I can't believe the PPP encapsulation is taking that much. Only two interfaces (inside and outside)

View 4 Replies View Related

Cisco Firewall :: 5505 Transparent Mode Doesn't Pass Traffic

Dec 4, 2012

  asa 5505 do not pass traffic as a patch cord, how to make it pass traffic? [code]

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Doesn't Allow Local Provider SMTP Traffic

Aug 7, 2011

We are using several Cisco ASA 5505 with the 8.05 OS on it. The problem is that the SMTP traffic of my ISP(Telenet) isn't passtrough the ASA, I'm using outlook 2010. Before there was also a problem with our local exchange server but I solved this by disabling ESMTP checking in the policies, but it didn't worked for my local ISP.

View 4 Replies View Related

Cisco Firewall :: ASA 5505 / Allow External Traffic To Access Internal Computers

Mar 22, 2012

We have an ASA 5505 running version 8.4. We are having problems allowing external traffic to access computers behind the firewall. Our current config is:
 
ASA Version 8.4(3)!hostname ciscoasadomain-name default.domain.invalidnames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address 10.2.1.1 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address 152.18.75.132 255.255.255.240!boot system disk0:/asa843-k8.binftp mode passivedns server-group DefaultDNSdomain-name default.domain.invalidobject network a-152.18.75.133host 152.18.75.133object network a-10.2.1.2host 10.2.1.2object-group network ext-serversnetwork-object host 142.21.53.249network-object host 142.21.53.251network-object host 142.21.53.195object-group network ecomm_serversnetwork-object

[code]....

View 10 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved