Cisco Firewall :: Redirect Ip Address For Protocol With ASA 5500

Jan 5, 2012

On the inside interface and network, we have a server at, (as an example) 192.168.87.1, which acts as an email server.
 
The outside ip address of the ASA is, say, 200.0.0.1.
 
The ASA directs any imap requests from the outside interface to 192.168.87.1, which works fine from the outside. Users simply open up email, and collect emails etc.
  
When they come inside the office, their machine of course attempts to contact the ip address 200.0.0.1. the ASA knows it is outside interface, so they are unable to collect emails.
 
that any internal IMAP requests from machines on the inside to 200.0.0.1 are directed to the machine inside on 192.168.87.1?

View 5 Replies


ADVERTISEMENT

Cisco WAN :: 800 Router - Redirect URL To IP Address?

Oct 18, 2011

Is it possible in Cisco 800 Router to redirect a website request coming from a user to an IP address?

View 3 Replies View Related

Cisco 887VAW - Redirect Port 90 To Another IP Address External To Our Own?

Oct 28, 2012

Our company uses a commercial copier monitoring package called FMAudit to obtain meter readings from our clients' copiers, and it uses a feed to send the readings back to us. We have used port 90 for this purpose.Due to a recent server crash and emergency reconfiguration of our network, we have moved our FMAudit central server from in-house to a hosted service, with of course a different external IP address.

Without interfering with our other systems, is there a way to redirect JUST PORT 90 to another IP address external to our own? I don't care if it has to happen at the router or server level. We are using Server 2003 and a Cisco 887VAW.

View 2 Replies View Related

Cisco VPN :: ASA5520 - Redirect Single IP Address Through User

Sep 11, 2012

I am having an issue with the user VPNs. For users connected via the AnyConnect VPN client, all of their Internet traffic goes out their local Internet connection, since I am using split tunneling. However, I need a specific public IP address to go through the VPN tunnel and out the DIA at the main office, rather than the user's local internet connection. I managed to have this IP address go through the tunnel to the ASA at the main office, but it appears that it gets blocked somewhere there, or maybe the return traffic gets blocked. I am using an ASA 5520 at the main office, with software version 8.3.

View 3 Replies View Related

Cisco Switching/Routing :: 5520 To Redirect An External Address To An Inside Server

Mar 21, 2012

I am desperate to make some kind of translation which convert an outside IP Address of our web server to its inside ip address so that requests can be routed internally to the server.
 
This is what we have:  A wireless network with an SSID to serve visitors.  We also have an in-house web server which can be accessed internally and externally.  We have a ASA 5520 that protects the internal network, including the Web server, and also routes all traffic from the all visitors connected to the public SSID to the outside.  The DHCP server for the wireless network for visitors is configured to give the 8.8.8.8 as dns server.  The problem with that is that the www.ourwebserver.com is resolved by Google's dns server to the public IP Address of our web server!  The traffic then is sent to the outside interface of the ASA 5520.  The visitor who wants to access our web server cannot connect!
 
How can I configure the ASA to route that traffic to our web server with the public ip address to the inside ip address of the web server?

View 2 Replies View Related

Cisco Firewall :: IP Redirect With PIX 515?

Jan 3, 2012

I have a PIX 515 that i need to use as an ip redirector.For example if users try to access 80.80.80.80 ,they need to be redirected to 90.90.90.90 show ver, 
 
Hardware:   PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
  0: Ext: Ethernet0           : address is 000b.5fad.0c99, irq 10
1: Ext: Ethernet1           : address is 000b.5fad.0c9a, irq 11

[code]....
 
This platform has an Unrestricted (UR) license.

View 12 Replies View Related

Cisco VPN :: ASA 5500 - IPSEC Tunnel Via Hostname Instead Of IP Address

Mar 1, 2012

Is it possible on an ASA 5500 device to connect an IPSEC tunnel via hostname instead of the IP address?  I have a site without a static IP address that is currently connected via Easy VPN but I want to change one of the sites to a regular IPSEC site to site as one side, the one with the dynamic IP, is being changed to SonicWALL.  I will have DDNS setup on the site with the SonicWALL so I want to know if I can point the ASA device to the hostname instead of the IP.

View 4 Replies View Related

Cisco Firewall :: DNS Redirect On ASA5505?

Feb 29, 2012

I want to make it so if a user tries to use a different DNS server the request will be redirected to the one they should be using.I thought this might work but the ASA doesn't do PB routing
 
ip access-list extended transparent_dns
permit udp any any eq 53
route-map redirect_dns permit 10
match ip address transparent_dns
set ip next-hop ip.of.your.server
route-map redirect_dns permit 20

[code]....
 
The DNS server is windows 2003?Would policy based NAT or WCCP work for this? If so how would I go about it?

View 1 Replies View Related

Cisco WAN :: 5500 - Way To See Expired Guest Users / Assigned IP Address?

Mar 21, 2013

We recently implement WLC 5500 Series, I found out guest user once period of that user expired it will not appear at lobbyadmin page where you can see list of users.

Is there any way to see expired guest users and also IP address which assign to guest user?

View 2 Replies View Related

Cisco VPN :: Configure Static IP Address In Remote Client ASA 5500?

Aug 13, 2011

i am trying to configure static ip on remote client user side , i am using the following doc as an example but i am not getting the ip which i am mentiong in the user .[url]...

View 10 Replies View Related

Protocols / Routing :: SR 5500 - Finding IP Address Of A Device?

Nov 15, 2011

Okay so currently in my possession is a SR 5500 wireless channel receiver with a problem.. We need to find its current ip address it also is not a standard ip address such as 192.168.xxx.xxx it has a standard ethernet port and of course GPIB ports

I'm looking to know if there is a way I can find its ip address by maybe with a crossover cable, or by bridging its connection to my computer and somehow seeing what ip it's requesting.

View 1 Replies View Related

Cisco Firewall :: ASA5540 Port 80 Redirect To Https

Dec 21, 2011

Windows IIS server configured behind a Cisco ASA 5540 listening on port 443 currently. Access-list and static translation configured. I have been ask to redirect all port 80 calls to port 443 for this web site only at the firewall. I have suggested moving it behind our content switch with negative results. Can we do this at the firewall level? how to accomplish the redirect for a single site. 8.2.4 is current code

View 4 Replies View Related

Cisco Firewall :: Redirect HTTP / Ftp Traffic (ASA 5510)

Apr 25, 2011

i have the following scenario :
  
ISP1-------ASA 5510----------ISP2
                    |
                    |
                    |
                  LAN
 
i would like to use ISP2 for all http/https/ftp traffic.how could I force my ASA to set a different gateway for http/https/ftp traffic ?i have tried several solutions such as nat/pat rules, nothing seems to work.

View 7 Replies View Related

Cisco Firewall :: ASA (8.4) / Redirect Outside IP Request To Inside Host

Mar 27, 2012

Wondering if on the ASA (8.4) its possible to do something like what DNS rewrite does, but with IP requests.  Scenario.  Mobile phone accesses a web app inside our network fine over cellular.  Once it comes inside on to wifi it still has the public IP address cached so the ASA doesn't allow its request to loop around and the app appears broken.  We're considering lowering the TTL on the DNS host entry but I think we are battling phones/mobile OS's that don't have a strict adherence to name resolution standards.  A lot just seem  to refresh their caches every 10-15 minutes.

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Reverse Or Outbound NAT Redirect?

Jan 24, 2012

I have the need to do an outbound NAT redirection.  So what I mean is this.  I have a custom program that uses SSH to port 22 from a server inside the ASA firewall.  This goes out to a server on the Internet over port 22.    The ISP of the SSH server told me that they changed their SSH port from 22 to 2102.  So instead of changing the custom code on the developed application on the server... I thought it would be easier to do a OUTBOUND NAT redirection for the ASA to see port 22 from the server and redirect it OUTBOUND to port 2102. 
 
so for example:

The server is at 192.168.0.2 and it uses a program to initiate SSH traffic to 205.246.1.1. The server sends to port 22 but I need it automatically changed on the firewall to port 2201 at 205.246.1.1. 
 
It is a Cisco ASA 5510.   The server at 192.168.0.2 does have a fixed IP address on the outside with INBOUND NAT for things like port 25 (mail) traffic etc.  Lets pretend that was at 64.18.23.60.

View 1 Replies View Related

Cisco Firewall :: Support Of Jumbo Frames On ASA 5500 Firewall Appliance?

Feb 28, 2010

Can any ASA 5500 in particular the ASA5510 firewall support jumbo frames (i.e. greater than the default standard 1500 Bytes frames)?. I plan to use the ASAs to setup a point-to-point IPSec tunnel and need an Application frame of 4Kbytes intact and not segment it.I have done little checking on the Cisco Website and see it mention of Jumbo frames on the 5580 on 10Gig interface but didn't see mention 5510. 5580s are way over-kill and expensive for what I need is to run a mission critical one IPSec point-to-point with maximum of no more than 100Kbps so 5510 is perfect for me but not sure if it can carry the jumbo frame?
 
On the routers and switches it's the MTU settings and they are configurable per interface and I am OK and the circuit is T1 which the Telcos said it's OK since it's physical layer so the only unkown is the firewall.

View 2 Replies View Related

Cisco Firewall :: ASA5505 - Redirect ASA Traffic To Proxy Server?

May 20, 2011

I have ASA5505 with bese-license. I like to install proxy sever in my network and i want redirect traffic to the proxy server.
 
Below  i added configuration in my firewall.
 
ASA(config)#access-list wccp-servers permit ip host 192.168.6.10 any ASA(config)#access-list wccp-traffic permit ip 192.168.6.0 255.255.255.0 any ASA(config)#wccp web-cache group-list wccp-servers redirect-list wccp-traffic ASA(config)#wccp interface inside web-cache redirect in
 
furher configuration and if this configuration is enough, then how to check whther its working or not in my firewall.

View 1 Replies View Related

Cisco Firewall :: Redirect Http / Https To Port 8080 PIX 6.3?

Feb 27, 2013

I need to redirect all http and https traffic from one source in a dmz network, to port tcp/8080 on a proxy server on the inside network.
 
The source device doesn't handle proxying very well, so i've been advised to redirect the tcp/80 and tcp/443 ports to tcp/8080 as it passes through the firewall.
 
Scenario is thus:
PIX 515E 6.3 (5)
DMZ server: 172.31.255.250 (Real IP), 10.44.181.236 (NAT IP)
Inside Proxy server: 10.44.132.28 (Real IP), 172.31.255.110 (NAT IP)
 
I've configured a static NAT redirect using the following command: static (inside,dmz) tcp 172.31.255.110 www 10.44.132.28 8080 netmask 255.255.255.255 0 0
 
When I try to add the next command of: static (inside,dmz) tcp 172.31.255.110 443 10.44.132.28 8080 netmask 255.255.255.255 0 0
 
I get the following error: ERROR: duplicate of existing static
 
Is there a work around for this at all or am I stuck with the limitations of the software?

View 2 Replies View Related

Cisco Wireless :: WLC 5500 Clients Get DHCP Address / Page Is Not Redirecting To Guest Portal

Oct 30, 2012

with our WLC 5500 controller, once the clients get the DHCP address the page is not redirecting them to the guest portal.What is the best way to check as to why the redirection is failing.

View 8 Replies View Related

Cisco Firewall :: QOS By Protocol On ASA 5512-X

Apr 18, 2013

I'm looking to make a possible configuration for a customer. They need a device to provide :- firewalling- bandwidth limiting based on protocols, IP, users- web content filtering- good reporting to see which device/users are consuming most of the bandwidth.I used to use cisco ASA as firewall but it's a while I last installed on and I'm nt uptodate which current state.So I thought of using an ASA 5512-X but I'd like to know if it comply with all the requirements .Most important being the reporting and bandwidth limiting capability. It would be great to have some configuration example regarding bandwidth management.

View 1 Replies View Related

Cisco Firewall :: NFS Protocol Across Pix 515E

Dec 30, 2011

I have a Pix 515E running PixOS version 8.0.4 with two interfaces, inside and outside.On the inside interface, I have a Redhat Enterprise Linux 5.4 64 bits machine as an NFS server version 4 (NFSv4).On the outside interface, I have three (3) Redhat Enterprise Linux 5.4 64 bits as NFS clients.I am looking for the exact UDP and TCP ports to be added to the ACL in order to accomplish

View 1 Replies View Related

Cisco Firewall :: How To Allow Protocol 97 In PIX 515E

Oct 22, 2012

What would be the access-list entry to allow protocol 97? I am setting up foreign-anchor controller and need to allow protocol 97.

View 1 Replies View Related

Cisco Firewall :: Redirect Http And Https Traffic From ASA 5520 Via Squid?

Dec 20, 2010

Right now, in my network there is no proxy server and all users go straight through the ASA to access internet. I would like to put a squid with dansguardian (for web filtering). Steps in getting all http and https traffic from ASA go via my squid?

View 18 Replies View Related

Cisco Firewall :: ASA5510 - Redirect HTTP Traffic To Internal Proxy?

Feb 13, 2011

I am using ASA5510 and i want to know if it is possible to redirect http traffic to an internal proxy software. I explain : PC from the LAN use a internal proxy in their IE browser but some other PC doesn't use it.They are directy connected to the Internet using the Public IP from the WAN interface ( via NAT). Can we redirected this HTTP Traffic from the WAN interface to the Proxy in the LAN ?
 
Http Traffic will be routed like that : PC ->  WAN interface -> Proxy -> WAN interface -> Internet In fact,can we create a rule saying : All http traffic which doesn"t come from the IP Proxy must be redirected toward proxy.

View 6 Replies View Related

Cisco Firewall :: ASA 5500 - Get Firewall License To 500 Users?

Jan 25, 2012

I purchased the license P/N: ASA-CSC20-250U-1Y with Description: ASA 5500 CSC-SSM-20 250-User License Only Renewal (1-year)
 
But I had a mistake because I need support to 500 users. Now, to solve my mistake I want to know Do I can purchase another ASA-CSC20-250U-1Y to provide the 500 users suppor?
 
I mean, ¿are two (2) ASA-CSC20-250U-1Y equivalent to the 500 user license listed below?P/N, ASA-CSC20-500U-1Y  with Description: ASA 5500 CSC-SSM-20 500-User License Only Renewal (1-year)

View 1 Replies View Related

Cisco Firewall :: ASA5510 - Separate Traffic By Protocol

Apr 9, 2012

I would like to connect a second ISP link to our ASA 5510 to solely serve http traffic from our organization's employees (ie. web surfing). We currently have all employee traffic and two site-to-site VPN tunnels connecting to the internet from this firewall. I want to keep the tunnels as currently configured on the existing connection and split out http/https traffic from our staff onto a less costly link.

View 1 Replies View Related

Cisco Firewall :: Protocol Used For ASA 5510 Configuration Replication

Sep 5, 2011

What protocol the firewall configuration replicate and monitor the interfaces?

View 1 Replies View Related

Cisco Firewall :: PIX-4-500004 / Invalid Transport Field For Protocol TCP

Apr 28, 2011

Geting this message, having low performance and overrun errors Apr 29 13:45:59 pix-servidores %PIX-4-500004: Invalid transport field  for protocol=TCP, from 188.120.243.238/80 to 174.56.110.0/0

View 3 Replies View Related

Cisco Firewall :: 3745 - PIX 515E Configuration Is Fine But Protocol Is Down

May 5, 2012

I just got my PIX515e configured and thought I had it working correctly, but on my 3745 router, the line protocol is down, I've looked through the configs for bot the PIX and the 3745 and can't seem to figure out why I don't have access.

Pix515E config:
pixfirewall# show run
: Saved
:
PIX Version 8.0(4)32
!
hostname pixfirewall
domain-name home.jkkcc.com
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names

View 10 Replies View Related

Cisco Firewall :: Can ASDM-5505 Allow Apple Bonjour Protocol Through VPN

Oct 26, 2011

I am trying to use the apple finder/application to view all my apple mac-mini computers.  I do have two asdm-5505 connected via a vpn tunnel.
 
At this point I can view only the computers on the local subnets. I called AppleCare and they gave some possible ports that can be opened in the firewall to allow the Bonjour protocol to pass through the ASDM:ports 5297/tcp, 5298/tcp-udp, 5353/udp, and 5354/tcp

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - Regular Translation Creation Failed For Protocol 47 SRC

Oct 10, 2011

We have a PIX with 3 interfaces. Inside, Outside,DMZ.
 
On my DMZ we have some clients that come in and remotely connect back to there office via MSPPTP. I setup the ASA with this to get rid of the error message: regular translation creation failed for protocol 47 src
   
policy-map global-policy
inspection_default
inspect pptp
 
Now when the dmz client tries to connect back to there PPTP server I get the following error.
 
172.31.10.204 0 24.172.85.162 37624 Teardown dynamic GRE translation from dmz:172.31.10.204/0 to outside:24.172.85.162/37624 duration 0:01:30
172.31.10.204 1069 173.188.74.155 1723 Deny TCP (no connection) from 172.31.10.204/1069 to 173.188.74.155/1723 flags PSH ACK  on interface dmz
172.31.10.204  173.188.74.155 63767 Teardown GRE connection 8393958 from dmz:172.31.10.204 to outside:173.188.74.155/63767 duration 0:01:08 bytes [ code]...

View 7 Replies View Related

Cisco Firewall :: ASA 5500 Configuration For VC?

Aug 13, 2012

i have to open ports for vedio conferencing in my Firewall configuration ,

View 1 Replies View Related

Cisco Firewall :: ASA 5500 Ssl Vpn Required

Jun 14, 2011

I have two ASA 5510 with Security Plus license and Shared SSL VPN licensing enabled.

The problem is that the client get “Session could not be established: session limit of 25 reached” but ther is only 6 ssl vpn user connected with AnyConnect.The software on the firewall’s is 8.2(1)Is there any BUG in this software related to this problem?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved