Cisco Firewall :: How To Configure 4GE SSM Or ASA 5510 Internal Data Ports

Feb 4, 2013

I have inherited an asa 5510 whit 4GE SSM module installed. The asa runs fine, but i can not use the 4GE SSM ports. Using  ASDM or console i can get and configure the gigabitethernet1/x ports but i can not get traffic on it. The ping from the console to the ip address of the Gigabitethernet1/0 is successful. On switches or hubs connected to those ports i can not see the port's mac address. The two Internal-data0/0 and Internal-data1/0 are down and i can get they up. How to configure 4GE SSM or ASA internal-data ports.

View 8 Replies


ADVERTISEMENT

Cisco Switching/Routing :: CR3845 Internal Switch Trying To Configure 2 Ports On Same Subnet

Sep 6, 2012

Have our public IP address space masked on /24 at our Internet Router.  The router portion of 3845 connects to Internet, while the internal switch connects to my internal network and seeds it with the public address space.  The switch had a port configured no switchport (L3) with an ip address with /24  (ie 67.63.145.1 /24)  this connects to internal IPS/IDS then to Firewall which NATs to internal, then packet shaper, web filter etc etc etc.  I need to test my ISP speed so I need to "break in" to the link between the switch and the IPS/IDS.  I figured I could configure another port on the switch on the 3845 but my problem is the port to my network is routed and is masked on entire /24.  I tried to configure a port on VLAN 1 and give myself an available address in the L3 address space and this did not work (figured it would not but gave it a try) 
 
Any way to get two ports configured to use the same subnet while one is a L3 routed port and the other is just part of that layer 3 routed network?

View 1 Replies View Related

Cisco Routers :: RVS4000 Firewall Is Blocking Incoming Data To Ephemeral Ports

Apr 23, 2012

If I have the IP ACL firewall enabled in my RVS4000 I have trouble connecting to specific websites and also connecting to Apple's update servers.  The problem appears to be that the firewall is blocking incoming data to the ephemeral ports even when they are allowed in the firewall rules.  I've also tried port forwarding rules but the only thing that resolves the problem is to disable the firewall entirely, which is not the desired resolution.  The firmware version is 2.0.27. 

View 11 Replies View Related

Cisco Firewall :: ASA 5510 / PAT Different WAN IP Tp Internal Host?

Dec 14, 2012

We just changed ISPs and now have a /29 routed subnet to be used on our ASA 5510 (8.4) instead of the one public ip we had before.There are a couple of PAT translations that were previously setup on the "interface" address which i now want to assign to a different ip address further in my subnet.

So i just changed this:

object network BMMM
nat (inside,outside) static interface service tcp smtp smtp
 to:
object network BMMM
nat (inside,outside) static other.external.ip.in.subnet service tcp smtp smtp
 
And assumed that this would work,y it does not, and this leaves me unable to contact that machine from the outside.And shoud i also change my access-list?The relevant access-list rule is:access-list outside_in extended permit tcp any object BMMM eq smtp

View 5 Replies View Related

Cisco Firewall :: ASA 5510 And Having Two Outside Interfaces For Voice And Data

Feb 13, 2012

I have a question regarding firewall configurations. Is it possible to have two interfaces ( for two internet service providers) one for voice and one for data. Can I have two Outside Interfaces that one will apply to a pppoe client group and the other will apply to a static IP? Is this possible and if so What would be the steps on applying this connection? Also to note I have a point to point connection already established for the pppoe. I also have another point to point connection for data, but however I do not know how to apply this to the firewall.

View 3 Replies View Related

Cisco Firewall :: ASA 5510 Communication Between Two Internal Interfaces

Jun 11, 2013

I've been following most of the comments in regarding how to allow communication between two internal networks on a ASA5510 8.2.5 But I am still a little confused about to how to set my firewall. I made chages to it and still do not have the desired results.
 
I need to allow comunication between Interface 0/1 and Interface 0/2. See configuration file with fake or dummy ip address below.
 
ASA Version 8.2(5)
!
hostname ciscoasa
domain-name lxx.com

[Code].....

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - How PAT With One Public IP To Two Internal Servers

Sep 18, 2012

I've tried a bunch things but it didn't work, I'm about to gave up! :-/
 
I have the following scenario:
 
ASA5510 - v8.3(2)
 
Interfaces
ETH0/0 = outside  = 189.xxx.xxx.129
ETH0/1 = inside = 10.xx.1.15

[Code]....

What should I do to get the SIP and 8080 port working on my Public IP, likewise just as access from my browse the http://189.xxx.xxx.129:8080 and get through directly to my internal server 10.xx.xx.61 ?

View 5 Replies View Related

Cisco Firewall :: Routing To Internal Subnets From ASA 5510

May 17, 2012

Having trouble with a couple items.  First of all, should I be able to ping the inside interface of the ASA from all internal subnets assuming all of these subnets/vlans are directly connected to the same L3 switch?  I can ping the ASA inside interface from our L3 switch, but I cannot ping the inside interface from a host on a different internal subnet.  I have setup static routing on the ASA [

route inside 10.10.96.0 255.255.248.0 10.30.1.1 1]and verified that I can ping the host [10.10.96.212] from the ASA inside interface [10.30.1.5].  The inside interface is on the 10.30.1.x/24 subnet.  My host is on the 10.10.96.x/21 subnet.  From the ASA I can ping 10.10.96.212, but I cannot ping 10.30.1.5 from 10.10.96.212.  I can however ping 10.30.1.1 from 10.10.96.212.
 
This leads to my next issue, which is trying to setup the ASA to work concurrently with our current firewall.  I'm doing this in order to transition to the ASA.  I'd much prefer to cutover inbound NAT a little at a time vs. doing it all at once.  Our current firewall is setup at 10.30.1.2 and this is the default route on our L3 switch (0.0.0.0 0.0.0.0 10.30.1.2).  So my question is, if I setup an inbound NAT to one of our web servers on the 10.10.96.x subnet, will I be able to get it to route back to the ASA as opposed to ending up in asymmetric routing **** since the default route points back to our other firewall? 

View 2 Replies View Related

Cisco Firewall :: ASA 5510 - NAT And Internal Network Routing

Apr 16, 2013

I am having a problem getting my ASA to work properly.  I attached a diagram for reference and most of the config is below. When I finally got it to route properly between 2 sub nets on the internal network, the NO NAT statement broke routing for the VPN Clients who rely on a NAT statement for the same sub net that is listed in NO NAT access list.  I can get one of the 2 to work by replacing NAT statements but can't figure out a combination to allow routing for both the internal sub nets and the VPN clients to work. 

It's been about 5 days of tweaking this thing just to get the internal routing to work correctly and when I finally did I broke VPN client access.  To note, the VPN clients can still log in and get a session going, they just can't get anywhere once they are in.  I also think there's a lot of stuff in this config that is not needed like a lot of the object groups, etc. but I am being very careful about removing anything.  I took over support of this ASA after someone else put it in place and over this past weekend we moved it to a new building and new ISP and that is when I had to get it to route between sub nets.  The main point of this move was to remove building 1's reliance on building 2 for Internet and outside email access in the event that building 2 is not available (it is close to water and this has happened more than once over the past year). 

So that is why I can't go with the smartest option of just keeping the routes on the router in the other building.  I also know the 1600s are ancient but they're all we have for now.  I can provide those router configs also but they are VERY basic, all static routing. The IP for the Cisco router on the same sub net as the ASA is 192.168.42.254.

This is the statement that allows the routing to work between the 2 internal sub nets but breaks VPN clients: nat (INSIDE) 0 access-list NO NAT

This is the statement that allows the VPN clients to work but breaks the internal routing: nat (INSIDE) 0 access-list INSIDE_nat0_outbound 

The rest of the config is below the diagram.
ASA Version 8.2(2)
host name Cisco asa
domain-name default.domain.invalid
enable password - encrypted
password - encrypted
names
dns-guard
[code]...

View 7 Replies View Related

Cisco Firewall :: ASA 5510 Tunnel - Replicate Data Between Two Locations

Oct 3, 2012

I am not a ASA expert but I have configured them few times. I have a vision of a task I have to complete but not sure if it is practical or how to go about doing it.
 
We two locations, Location A and Location B. Both locations have a 100MB internet conection. Location A has a ASA 5510. Location B has a 5505. Users at both locations access the internet via their respective ASA. Location A is the headquarters and Location B is a disaster recovery site. We want to setup a tunnel between both ASAs. This tunnel will be used to replicate data between the two locations for DR purposes. We need the users to still use the same pipe to get to the internet but want to allocate 10MB for internet use and the remaining 90MB for the DR tunnel.

View 30 Replies View Related

Cisco Firewall :: ASA 5510 Address Translation Through Internal Network

Jan 19, 2013

Is it possible to perform static Nat's through an internal network?I have a ASA 5510 with a public outside interface (let’s call it 68.68.68.1), and I have an inside private IP address (192.168.1.2/24). The inside IP address leads to a 4900m with that interface being configured with a 192.168.1.1 (no switching). On the 4900 M I have several VLANs one of them is an internal DMZ of sorts. (192.168.2.0/24). Within this DMZ network are several Web servers which need to be associated a public IP address (68.68.68.x).

Every time I configure a static Nat to associating a public IP address with an internal IP address within the DMZ, packet Tracer on the ASA informs me that the packet gets dropped at the static Nat and I cannot figure out why this is so.Safe it to say my question still stands is it possible to Nat (68.68.68.222 to and 92.168.2.60) given the configuration above, and how would I go about configuring in such the manner above so that I acn apply static nat through the 192.168.1.0 network to reach the 192.168.2.0 network.

View 11 Replies View Related

Cisco Firewall :: ASA 5510 / Unable To Get Internal Networks Talking To Each Other

Apr 22, 2012

I am tasked with transferring all clients from one subnet to the other. I figure the nicest way to do this is to temporarily have the subnets talk to each other in an endeavour to avoid as much downtime as possible. The two internal subnets are:

192.168.0.0/24
192.168.43.0/24 (the intended migration network)
 
I am beating my head against the desk here as I dont seem to be getting anywhere after the changes I have made. The current configuration is as such:
 
ASA Version 8.2(5)
!
hostname ciscoasa
domain-name *****
enable password ***** encrypted
passwd ***** encrypted
names

[code]......
 
Upgrading the firmware is not really an option?

View 3 Replies View Related

Cisco Firewall :: ASA 5510 - Connecting To External IP Of Internal Server

Sep 25, 2012

I was just wondering if it's possible with an ASA 5510 to connect to the external IP address of an internal server from inside the network.  I have already set up dns doctoring for dns lookups, and everything is working fine there.  We have an application inside the network that tries to connect straight to the external Ip of another internal server.  where to look in the ASDM 6.4?

View 2 Replies View Related

Cisco Firewall :: ASA 5510 Internal Network Cannot Connect To Internet

May 12, 2012

I have an ASA 5510 configured 3 interface Internet_AAPT, Internal_Network and Server_Network. The server network works fine as is able to connect to the internet and services like port 80 work from the internet in. But from the Internal_Network can only get to the server network but not internet (6May 13 201214:17:4030201310.153.111.21253663199.47.216.14880Built outbound TCP connection 42508 for Internet_AAPT:199.47.216.148/80 (199.47.216.148/80) to Server_Network:10.153.111.212/53663 (10.153.111.212/53663). The weird thing in logs i see a connection being made but for some reason its referring to the Server_Network interface? below is my current config...
 
ASA Version 8.2(5)
!
hostname ASA01
domain-name names
name 10.153.11.184 QNAP
name 10.153.11.192 exc2010
name 10.153.11.133 zeacom

[code]....

View 10 Replies View Related

Cisco Firewall :: 5505 Configure Internal Router And DNS Server - No Internet

Dec 23, 2011

Currently I have an ASA setup as a Firewall with 1 outside interface and 2 inside interfaces. Initially, the Guest interface was setup to receive DHCP from the ASA and everything was working. I'm adding router and a server for the guest interface and what I'm trying to accomplish now is the following: ASA 5505 > Airport Extreme with a public static IP (69.xx.xx.6), handling DHCP and NAT  > Mac Server as DNS Server.Right now, when I connect to my Airport Extreme with any computer, I don't have internet. I don't understand what's wrong. My DNS Server has a reserved IP address: 192.168.226.2 and it's pointing to itself and forwarding the ISP DNS servers, the Airport Extreme is handling the DNS Server IP and the ISP DNS Server IP but I can't connect to the internet from the server.  [code]

View 31 Replies View Related

Cisco Firewall :: ASA 5510 - Data Center Move / IP Address Change

Nov 4, 2012

We will be moving to a new data center in the very near future and with them our WAN IP addresses will be changing. Any best course of action for changing the IP addresses throughout the firewall configuration? Would it be possible/suggested to export the running-config, make the neccessary changes, then import the config? I am familiar with the ASA 5510 only so far as changes are required. It is not something I work with on a regular basis.

View 5 Replies View Related

Cisco Firewall :: ASA 5510 - VPN Is Up But Network Traffic / Data Transfer Is Not Happening

May 2, 2013

we have ASA 5510 Configured. this is regarding site-to-site VPN.

View 1 Replies View Related

Cisco Firewall :: 5510 - Connections Routing Between Two Internal ASAs Fail

May 19, 2012

We have a site with two inbound circuits, one for internet and one for our MPLS.  Each circuit is being terminated by a 2921 Router and matching ASA 5510 Firewall.  For the internal network, the Internet ASA's inside interface (172.16.0.1) is the default gateway for all hosts.  OSPF is the routing protocol between all the routers and ASA's and routing is working.  In fact, ICMP is working as well.  From an inside host (172.16.0.81), we can ping anything on the MPLS network.  But when I try to use telnet (for example), the connection fails.  If I add a route to 10.10.10.0 to the host, or re-configure the host to point to the MPLS ASA (172.16.0.254) as it's default gateway, connections will establish.
  
Both ASAs are running 8.4(3), and have the following commands:
 
same-security-traffic permit intra-interface
interface Ethernet0/0
nameif outside

[Code]....

And from the MPLS nodes, I can see a tcp request is made. 

View 6 Replies View Related

Cisco Firewall :: ASA 5510 - Guest Network Access To Internal Webserver

Dec 18, 2012

I have the syntax correct and thought process down right on a solution to allowing guest wireless users access to an internal webserver.  (DMZ discussion aside)
 
We have an ASA5510 with interfaces setup as:
outside - 65.x.x.x address
inside - 172.20.1.2
guest_inet - 10.2.1.1
 
Internally clients resolve our website to 192.168.40.40 and that part works as it should.  Clients outside of our network resolve our website to the correct external address (lets just call it 1.1.1.1). We have a NAT statement static (inside, outside) 1.1.1.1 192.168.40.40 netmask 255.255.255.255 and an ACL to permit tcp any host 1.1.1.1 eq www
 
Clients on our guest_int use an external DNS server and hence resolve our website to 1.1.1.1.  However it seems traffic goes out and back in our outside interface and this connection never occurs.
 
What I'm wondering is the correct NAT statement / ACL to add that would allow our internal clients on the 10.2.1.x network to access our internal website.  Would that be: static (inside,guest_inet) 1.1.1.1 192.168.40.40 netmask 255.255.255.255 ?  Since there is already an ACL permitting port 80 traffic to 1.1.1.1 we should be taken care of on the ACL side of things, right?

View 3 Replies View Related

Cisco Firewall :: ASA5505 Configure Port Forwarding To Multiple Internal IP Addresses

Jun 21, 2012

ASA 5505 Firmware 8.3(4), ADSM 6.4(2).I have a public IP address of 168.87.3.4.I need to forward ports (5060, 5080, etc.) to one internal address. (192168.1.1).I need to foward different ports (10020-10080) to a different internal address (192.168.1.2) Everything I read tells me how to do this in a 1 to 1 static NAT.

View 1 Replies View Related

Cisco Firewall :: Open Ports On Firewall ASA 5510

Apr 18, 2012

We have setup new ip camera system and as per our vendor to access the camera from outside we need to open,TCP ports and in firewall and forward to our camera server.
 
Let say our public ip address is 207.114.111.22 and our local ip address for the camera is 11.11.1.30. We have cisco asa 5510.

View 2 Replies View Related

Cisco Firewall :: Statically PAT Multiple Internal Hosts To One External Host 5510

Feb 20, 2012

I am working on replacing our Checkpoint Firewalls with ASA's, and am running into the following NAT problem. On some of our Checkpoints, there are external NAT's that are mapped to multiple internal hosts based on ports.Is there any way to translate that to the ASA? I'm not sure the ASA will let you have multiple internal hosts mapped to one external IP using static NATs. The main issue, is these are alarm panels that receive data from external hosts (the traffic is initiated externally on the Internet) so I can't use dynamic PAT with this.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 Stops Forwarding Incoming Traffic To Internal Servers?

Dec 5, 2012

Since the power failure two days ago, my -ASA stops forwarding traffic to internal servers, for no apparent reason. Packet trace shows all OK, packet capture buffer stays empty when I try to http into the mail server. The only way to get it working is to change the Outside Ip to the one used for mail, then to change it back. It will work OK for a few hours, then stop, with nothing obvious in the logs.

View 2 Replies View Related

Cisco Firewall :: Asa 5510 - Sometimes Boots And LED On Ports Comes On

May 9, 2011

Our cisco asa 5510 getting sometimes boot and sometimes not. sometimes LED on port comes back if boot and sometimes not. what are the parameter should be check to rectify problem.

View 3 Replies View Related

Cisco Firewall :: Open Ports On ASA 5510

Dec 1, 2011

I just finished implementing a VOIP install and I am trying to setup some softphones and in order to allow the softphones to work I need to open some specific ports for outbound.  I am not a Cisco guy, I am a Windows Administrator that also has to maintain my Cisco infrastructure. 

View 3 Replies View Related

Cisco Firewall :: Configure ASA 5515 Switch Ports

Nov 25, 2012

I am moving from ASA 5505 to ASA 5515 because we are maxing out the number of connections that the 5505 can handle. The 5515 runs version ASA 8.6(1)2 and ASDM 6.6(1) and the 5505 version is ASA 8.2(5) ASDM 6.4(5). On the 5505 I used e0/0, 0/2, 0/4 and 0/5 as outside port with teh switch ports feature but there is no switch port feature on the 5515. I have tried to set the ports individually to numerous public IP addresses that I have but I get an error that they subnet is already associated with another interface. How do I replicate the same setup on the 5515?

View 3 Replies View Related

Cisco Firewall :: Trying Configure ASA5505 (8.4) To Allow HTTPS On Two WAN Ports

Sep 14, 2012

I have an ASA 5505 running 8.4.4.1. I've configured three WAN interfaces and have assigned failover on one of them (we have two ISP's, and a total of 3 static IP's in 3 different subnets).  I've noticed that all the traffic is flowing through only one of the three interfaces, but I need to allow incoming https traffic on the second WAN port so I can access our Exchange server (we already use https on the first WAN port to access another server).
 
[code] WAN1 is the default outgoing route and we've configured several incoming services on it (smtp and https for example) and appears to be working properly as mail is coming and going and users can access the RDS gateway.I need to configure WAN2 to accept https traffic and send it to our Exchange server to enable OWA (webmail) access.I've configured the same Access and NAT rules on all three WAN interfaces  for smtp (but I suspect only the first one is currently functioning at  this point, I'll test it next chance I get). I thought all I'd have to do is configure an access and NAT entry on WAN2 (same as on WAN1), but direct the traffic to the OWA server instead of the rds gateway server, but it is not working.
 
In the realtime log I can see that it appears to be receiving the traffic on the WAN2 IP, but seems to be passing this through to the inside via the WAN1 interface.

View 5 Replies View Related

Cisco Firewall :: Forwarding Ports On ASA 5510 With ADSM 6.4

Dec 16, 2012

Trying to get port forwarding going using ASDM 6.4 on a Cisco 5510
 
I want to forward port 25/Smtp to 192.168.1.10
 
I have added all the rules as outlined in the link below. [URL]
  
But when running an open port checker on [URL]
 
It says the port is closed, I have noticed that under Access Rules under the Hits columns it says 52 ?

View 7 Replies View Related

Cisco Firewall :: ASA 5510 - Add A NAT Rule For Range Of Ports?

May 22, 2012

i have a cisco asa 5510 and would like to add a NAT rule for a range of ports like 50000-59999

View 1 Replies View Related

Cisco Firewall :: ASA 5510 8.3 - Unable To Open Ports?

Feb 19, 2012

I got a situation here for Nat-ed IPs i configured. I expected to open some ports on the interface to allow certain traffics to pass through, yet there are some of them are failed. Down is my current config.
 
object-group service DM_INLINE_SERVICE_1
service-object icmp
service-object tcp destination eq https

[Code]....

The only ports opened are 443, www, 3389 while ports domain, 5061,3478,3389. how to open domain, 5061, 3478, and 3389 ports on my ASA .

View 6 Replies View Related

Cisco Firewall :: Enabling Traffic On E0/2 And E0/3 Ethernet Ports - ASA 5510

Aug 10, 2011

enabling traffic between interfaces on the ASA 5510. Of course I have an outside interface E0/0 and an inside interface (E0/1) for normal operation. The idea was to enable one of the remaining interfaces on the 5510 to attach an internal network resource to for management in case we lost our switch. I am using E0/0 as the outside interface and the inside interface is E0/1. I am wanting to attached a management device on the same inside network IP address range for simplicity. I have E0/2 configured for the same security level (100) as the other inside interface and I also have enabled same-security-traffic permit inter-interface as well but I still cannot access the device on that port. Is there something else I am missing? I guess the best way to explain this is that I want ports E0/2 and E0/3 to act like a "switch" so to say...... The ASA 5505 lets you do this pretty easy but having trouble on the 5510. 

View 4 Replies View Related

Cisco Firewall :: 5510 - Opening Ports For Video Conferencing?

Nov 7, 2011

We have just acquired a cisco profile 42 video conferencing equipment and am required to open ports for SIP and H232, any pointers on hw that can be acquired i have a cisco ASA 5510, Some one told me to open port 16384 but i need pointers on how to do it becuase I already set an access list to any.
 
the config
 
Internet -> ASA 5510 -> Switch -> Profile 42 and other devices

View 5 Replies View Related

Cisco Firewall :: How To Configure Firewall Access For ASA 5510

Nov 4, 2012

This is my first time to use the Cisco ASA 5500 family. I have a request from a user to create an access rule, to allow all LAN traffic to Destination IP address 165.241.29.17, 165.241.31.254 with Destination TCP port 5060,5061,5070 and UDP port 50000-52399.

View 9 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved