Cisco Firewall :: Pass Internet With ASA 5505?
Apr 1, 2013
I have not been having much success configuring my 5505 for Internet access, and I'm sure there are a few small things I'm missing. At times I believe I got it to the point where I could ping, but still not pass through the Internet traffic. At this point, I reset the 5505 and only changed a couple of settings. I have an external range with these characteristics: Network Address 67.139.113.16 (.17 is Gateway), SM: 255.255.255.248, available IP: 67.139.113.218 The external connection is through a T1 modem, and when I put those settings in my laptop, I can access just fine. When I went through the startup wizard in the ADSM, I maded the internal interface 10.209.0.3, subnet mask: 255.255.255.0 I selected PAT in the Wizard, but don't know if I should have, or if the NAT rules I tried to put in are fine. Eventually I want to add a Site to Site VPN to the rest of the 10.0.0.0 network, but I can't even pass the Internet through to the inside. Also, this will eventually be behind another hosted firewall, so I'm not worried about restricting access, even currently. However, I suspect the problem is that traffic is being blocked with the NAT rules or Access rules.I wish I could just disable those inherent deny rules Outside of pings to 10.209.0.3, all pings come back as request timed out.
Config:
: Saved
:
ASA Version 8.2(5)
!
[Code].....
View 16 Replies
ADVERTISEMENT
Dec 4, 2012
asa 5505 do not pass traffic as a patch cord, how to make it pass traffic? [code]
View 2 Replies
View Related
Nov 9, 2011
how to configure Fortigate 200B firewall in web base using pass internet through Cisco 800 router.
View 1 Replies
View Related
Aug 23, 2011
setting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:
Network Address Network Mask BTnet NTE Router LAN Address
There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.
View 21 Replies
View Related
Jan 25, 2013
I used the GUI configuration tool for this ASA 5505. When I install it no traffic passes. I am wondering to verify my config. I have masked the usernames for VPN with xxxxxx and yyyyyy. [code]
View 6 Replies
View Related
Mar 1, 2011
I have a trouble with Cisco ASA 5510. I configured an SSL VPN with bookmarks to some application. When the users make access to the Web Portal they have to login twice: one for enter in the SSL and one for enter in the application.
How to bypass double authentication?
View 1 Replies
View Related
Nov 15, 2011
I am trying to setup my very first ASA5505 and I cannot get it to pass traffic from the inside to the outside. I am not using NAT/PAT. Here is what I have done so far.
ASA5505(config)# interface Vlan 1ASA5505(config-if)# nameif insideASA5505(config-if)# security-level 100ASA5505(config-if)# ip address 33.46.132.34 255.255.255.248ASA5505(config-if)# no shut
[Code]....
Then from the asdm I permited everything from inside to go out but I cannot get any traffic through. I can ping the outside if I source the outside interface but not if I source the inside. The logs would not show me anything.
I did a packet tracer and it indicates the implicit deny rule at the end of the access-list is stopping my traffic eventhough I have allow rules above it?
I also checked the box in the asdm to allow traffic to pass without NAT
View 5 Replies
View Related
Nov 15, 2011
We're trying to get a remote access setup for someone who needs to have access from offsite. To make things easy we set it up with a virtual machine running Windows 7 and RDP. Because the "other end" isn't our computer and we've had some difficulties with people using the Cisco VPN client successfully, we were just going to set up a machine as a RDP Gateway and forward the port through the firewall (WebVPN might be nice, but the plugins only do RDP through v5.x). I've tried this on 8.4-1 and after reinstalling the latest 8.2, and supposedly the NAT works and there is a firewall rule allowing access from the outside to the RD-GW server on HTTPS, but the ASA is still blocking those packets. I've looked at 4 howtos and followed them, trying from the console and from ADSM (and one trashed the whole setup, probably related to the reinstall of 8.2) - [code]
View 4 Replies
View Related
May 6, 2008
i read cisco document:[URL] pptp client is in inside,pptp server is in outside.when i donot use firewall, the pptp connection can establish successfully.but use pix 525 7.0(7) i config:
inspect pptp.
pptp connection cannot setup.
show connection in pix:
pptp tcp 1723 is ok.
gre connection only one "E" flag, E means 'outside back connection'.i try second method:delete 'inspect pptp',permit tcp 1723 and gre traffic from outside to inside, and i have config static nat,but the pptp connection cannot work too.so i think there is a pptp bug exist in pix 7.0(7).
View 5 Replies
View Related
Sep 13, 2011
We have an issue where by we connect to various customers and the Cisco IPSEC remote access works fine from our LAN through an ASA5505 to a customer site.We have 1 customer that we have some issues with. We can connect from the LAN through to the customers VPN, authenticate and establish a tunnel but in we cannot pass traffic. When we try from outside of the office on a public internet connection the VPN works fine. What could cause this issue?
View 3 Replies
View Related
Jun 21, 2012
I have a problem with VPN Passthrough with a NCP Client and Cisco ASA 5520 Version 8.4(3)A VPN IPSec Connection with a Cisco VPN Client through the Cisco ASA works fine.The NCP Client establish a connection with Source and Destination UDP 4500 to the remote VPN Gateway and the connection setup is aborted.If I establish a connection with a NCP Client on a Virtual Machine with NAT , the connection setup works fine.A connection setup under VM in Bridge mode is also aborted.The VPN Passthrough problem with the NCP Client started with the Update to version 8.4(3)The connection worked very well until version 8.2(5).
View 6 Replies
View Related
Mar 20, 2013
How can I see the quantity of traffic that is passing through into an IPSec VPN in a ASA 5520.
View 3 Replies
View Related
Mar 1, 2011
I ' m not able to configure the asa 5510 to allow the multicast traffic to pass through ASA.The multicast traffic have to pass from inside interface to outside interface.Can I configure the multicast traffic to pass through asa with a static nat ?
View 1 Replies
View Related
Jun 20, 2011
I have installed asa 5520 , software ver is 8.4,I have SSM-20 installed in asa 5520. How to pass traffic through this ssm-20 ,how to create sensors,how to update signatures of this IPS module ,is there any procedure to automatically update the signatures .
View 1 Replies
View Related
Oct 2, 2012
We have a Cisco ASA 5520
We are attempting to setup RRAS on Windows 2008R2 using L2TP. Server is on the inside of the network at 10.10.10.20 our ASA is 10.10.10.1 its outside interface is 68.0.0.0.3/28.
I set a static NAT rule to allow all traffic pointed at 68.0.0.4 to be directed to 10.10.10.20 and have ACLs allowing the following.
esp, ah, udp/500, udp/4500, udp/1701
Mac Clients have no issues with but windows clients seem to hang and never connect. I know the ASA configuration is somehow to blame, if I attempt to connect to LAN IP (10.10.10.20) from withn the same network every thing works fine (making sure all the Windows Issues are covered).We have 2 other IPSEC tunnels established to teh ASA from our COLO and a Satalite office, not sure if this makes it any harder.
View 2 Replies
View Related
Feb 19, 2012
WAN1 <-> LAN traffic
WAN2 <-> LAN traffic
WAN1 <-> WAN2 traffic?
Say, it is set DISABLED, what is / isn't blocked?
It reads: Multicast Pass Through IP Multicasting occurs when a single data transmission is sent to multiple recipients at the same time. Using this feature, the Router allows IP multicast packets to be forwarded to the appropriate computers.
View 1 Replies
View Related
Dec 8, 2011
I just bought a DIR-601. It comes with an installation process on CD.The process fails at the point where I make the connection from my DSL modem to the DIR-601. The installation program reports that there is no internet connection. (Note that to get this far in the installation process the installation program has already tested for a valid internet connection before the DIR-601 is inserted into the chain)Although the LED on the front of the DIR-601 indicates it is getting an internet connection from the DSL modem, it does not pass it on to my PC (already connected to the DIR-601). My PC reports "no internet access".
View 8 Replies
View Related
Mar 10, 2013
We have a small cisco 1800 series workgroup router that seperates our network from the outside world. The data coming into our network goes into the router on interface fa0/1 and comes out on interface fa0/0. fa0/0 is split into 2 sub-interfaces (fa0/0.2 and 0/0.3). These sub-interfaces correspond to a desktop and server vlan on our network. The workgroup router is connected to a 3560G trunk port (we'll call it switch 1) and switch 1 connects to another 3560G (we'll call it switch 2). Recently I was asked to add another layer of security to our network by installing an ASA 5510 firewall and forcing certain types of traffic to authenticate using their domain credentials for our network. The firewall was set up between the router and switch 1 in transparent, multi-context mode. There are 2 security contexts, 1 for the desktop vlan and 1 for the server. Both have the same security settings applied to them since we want the same behavior regardless of whether they are trying to access the servers or the workstations.
View 2 Replies
View Related
Sep 12, 2011
I am migrating over from and old PIX to an ASA 5510. After configuring the new device everything else is functional (Internet) but users are unable to pass traffic when connected through the vpn, they are able to authenticate and I see their session connected on the ASDM but no data is passed..[code]
View 4 Replies
View Related
Jul 13, 2011
I cannot connect via VPN PPTP (normal setup in windows xp), I have managed to connect over VPN direct connected to internet, through the router (WRVS4400n) if I turn off the firewall. But I cannot connect with the firewall enabled,One more thing, the device is on and I have enabled the passthrough (and 'Multicast Passthrough' in firewall basic settings) for all available options where one of the options is PPTP.
View 1 Replies
View Related
Apr 1, 2013
I am trying to configure DMZ on ASA 5505, basic license. After changes I have made I cannot access Internet from DMZ. I think I am missing an access list for DMZ, but I am not sure.
interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1 !interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5switchport access vlan 3!interface Ethernet0/6!interface
[Code].....
View 4 Replies
View Related
Apr 8, 2012
I teach in a High School and we've got about a 300 node MS Windows Network. Two MS2003 File Servers act as my DNS/WINS/DHCP servers. We have been using a WATCHGUARD FIREBOX III to act as the router/gateway between the outside external address and my internal (10.0.0.1) gateway address. All p.c's inside the network are routed to one of the Servers (10.0.0.2 or 10.0.0.4) for DNS/WINS/DHCP addressing. The servers point to 10.0.0.1 for gateway.
We are trying to replace the Watchguard Firebox with a CISCO ASA 5505 (eventually we'd like to implement VPN). When I connect the CISCO ASA, I get no internet passthrough at all.
View 1 Replies
View Related
Jan 17, 2013
[OK] Site to Site IPSec + GRE = success, no problems.
[OK] IPSec remote access = success, no problems.
[NO] SSL VPN = remote users can successfully connect to all internal systems. Cannot pass traffic to the Internet.
Hardware:
Cisco 2811, Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(22)T5, RELEASE SOFTWARE (fc3) . Software: Cisco Any Connect Secure Mobility Version 3.1.01065
Single hub router terminating IPSec+GRE site to site, IPSec remote access, and SSLVPN remote access VPN services. All services currently configured and running successfully with the exception of the SSLVPN service. Remote users can initiate and successfully establish SSL VPN sessions. While established, connectivity to all internal systems/resources are successful. Only when the remote access client tries to connect to "Outside" Internet resources does traffic not pass successfully. Troubleshooting has pointed to a NAT related issue (I believe).
When connecting from a remote access workstation, utilizing IPSec remote access client (built-in Cisco IPSec client from Mac OS), the session establishes and the client works flawlessly. Examining the Cisco 2811 router, you see the /32 host route from the remote access session get installed, and you see the corresponding NAT translation entries created when the client accesses outside (Internet) resources. Appropriate configuration to implement "hair pinning" have been included to handle the in and right back out (with NAT translation) needed for remote clients to access the Internet.
Configured the 2811 for SSL VPN, and remote access clients can successfully connect and access all internal network resources. Examining the Cisco 2811, the /32 host route for the remote access client is installed, pointing to SSLVPN-VIF0 interface with a next hop of 0.0.0.0 When checking the NAT translation table, there are NO entries for the remote access client address created which leads me to believe the hair pinning/NAT function is not being invoked for SSLVPN clients.
Originally, the IPSec remote access VPN local pool was 10.0.100.0 /24. To keep from having to adjust the existing NAT translation, PBR Route-MAP for the hair pinning function - I took the 10.0.100./24 and broke it into a pair of /25 networks. Bottom half for the IPSec remote access VPN pool (10.0.100.0 /25); upper half for the SSL VPN pool (10.0.100.128 /25). By utilizing SSL VPN, is the traffic somehow bypassing the DIALER1 interface where both the crypto map (and more importantly: IP NAT OUTSIDE, and PBR configuration for the hair pinning function)? I cant explain why NAT translation entries are not being created for SSLVPN client sessions.
Cisco 2811 Configuration has been included. IPSec & SSL VPN Remote Access Sessions Captures (performed from same remote client) have been included.
View 2 Replies
View Related
Sep 22, 2011
Recently i had suffering with wireless connection problem, currently my wireless router connected to WAN directly, after that go into firewall and then go thru switch to end user PC, for LAN user there is no issue, but for wireless connected PC it is prompted with limited connectivity problem(DHCP is disable on router), after check with ipconfig /all. it seem likely due to wireless PC cannot get the IP from DHCP server. i am using DLink615 router. i had checked firewall setting there is firewall policy that connected all router ip into company LAN, but i don't think there is DHCP VPN setting up. is there anyway i can go thru firewall and get IP from DHCP server because if i set up DHCP on router, it cannot pass thru and access to LAN.
View 9 Replies
View Related
Jun 2, 2011
I have basically started fresh, from a clean image. We bought these with the expectation that we would be able to configure them using the GUI for what we need, which up till this point doesn’t seem to be the case.I will tell you how I have this setup, I have our ADSL going to a modem acting as a bridge with a static IP supplied by the ISP. If i connect a laptop to that modem and set the static ip on the laptop, I get internet access fine.So I then connect the modem to ethernet0/0 and the laptop to ethernet 0/1 I connect to the ASDM and run the startup wizard with the following:
· Outside ip : 87.87.87.87 255.255.252.0 (this works on the lappy straight to the modem)
· Inside ip : 192.168.10.1 255.255.255.0
· No dmz
[code]......
View 2 Replies
View Related
Dec 27, 2011
First time attempting to set up a 5505. Trying to replace a snapgear firewall and replicate the settings to the 5505.
View 12 Replies
View Related
Sep 6, 2011
I have a 5505 ver 8.2 connected to a router with a T1 internet connection. There was a problem with the internet service and when it was resolved the ASA did not pass traffic to the internet until it was power-cycled. Unfortunately that's all the info I have, as I was not onsite and couldn't access the ASA.
View 3 Replies
View Related
Dec 11, 2012
I am using ASA 5505.Below are my sh run.I am not able to ping my gatway i.e 182.73.131.89
interface Ethernet0/0
description Internet Interface
switchport access vlan 61
!
interface Ethernet0/1
description office Internet
switchport access vlan 50
[code]....
View 3 Replies
View Related
Jun 17, 2012
I am trying to configure Nat on a clean ASA 5505, but can't get it to work. I ran the commands below. On the ASA I can ping the internet and inside vlan ip. On my laptop I can ping the ASA inside vlan ip, but I can't ping the outside vlan ip. From another network I can ping the ASA outside public ip. Is there an access-list that denies inside from accessing outside?
I am running version 8.4(3) and I erased the existing configuration.
ASA(config)# interface vlan 1
ASA(config-if)# ip address 10.0.0.1 255.255.255.0
ASA(config-if)# nameif inside
[Code].....
View 8 Replies
View Related
Dec 4, 2012
I want to access my ASA 5505 from internet.how I can achieve it.
View 1 Replies
View Related
Aug 31, 2012
I have an ASA 5505 behind my internet router. i have got only one public ip configured on the router outside interface.192.168.20.0/24 subnet is configured between ASA and router and inside network is 192.168.10.0/24 (Refer the attached diagram).
I have exposed my mail server and ftp server to public through static PAT in router and ASA with the same public on router outside interface. Iam facing issue some of the machines inside my network internet is not working(actually DNS is not resolving) some of the PC's internet is working fine some of the PC's randomly working. i have attached the diagram and ASA config , after this issue is sorted out i need to configure a L2L VPN to my head office.
View 8 Replies
View Related
Aug 11, 2012
I have a Cisco ASA 5505 that has been configured to act as a router as well. I have configured 3 VLANS that have access to the internet. For some reason the "InsideWifi" and the "Guest" VLANS have very slow internet speeds and sometime web pages wont finish loading properly. The "Inside" VLAN gets the speeds that are expected. The DNS server does reside on the "Inside" VLAN. Is there anything wrong with my configuration that would cause the internet speeds on the other VLANS to be slow? My config is attached.
View 6 Replies
View Related
Jun 18, 2012
We currently use a linux software based firewall called IPCop that sits between our network and router (This is in bridged mode) IPCop conects over PPPoE and everything works fine.
However the system is not reliable and I fear not that secure so have purchased an ASA5505 now I have added the PPPoE info to the device using the ADSM software however although it picks up my external static IP I'm unable to access the internet. On IPCop I only had to enter the broadband credentials and it worked however I feel like I may have to add more to the Cisco, for example do I have to specify DNS servers and do I have to set a static route?
Here is my config file so far (Note I think I have turned on the ability to ping from internal to external). My config I have done through the ADSM as opposed to the CLI
: Saved:ASA Version 8.4(3) !hostname ciscoasaenable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface
[Code].....
View 17 Replies
View Related
