Cisco Firewall :: Setting Up ASA 5505 To Be Used As Firewall Between BT Internet And 3560 LAN Switch?
Aug 23, 2011
setting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:
Network Address Network Mask BTnet NTE Router LAN Address
There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.
View 21 Replies
ADVERTISEMENT
Dec 22, 2011
Trying to set up a asa 5505 in transparent firewall mode. I cannot set the management ip address:
ciscoasa> enable
Password:
ciscoasa# config term
[Code].....
View 7 Replies
View Related
Nov 14, 2011
I am trying to set up a DMZ on my Cisco ASA 5505, so that the wireless clients are connected behind the DMZ, the LAN clients are connected behind the inside interface and both groups of clients can get to the Internet. I have been able to configure the ASA for both wireless and LAN, but the wireless clients still cannot get to the Internet. The LAN clients can get to the Internet. I do not want the wireless clients and the LAN clients to be able to be able to communicate with each other. What commands do I need to run in order to allow the wireless clients to access the Internet?
View 11 Replies
View Related
Mar 15, 2012
We are trying to setup our ASA 5505 to do port forwarding to multiple internal servers and have run into some issues. A little background on what we are trying to do.
We have 1 static external IP. Internally we have one exsisting server (10.1.1.184) that has port 80 forwarded to it and another exsisting server (10.1.1.185) that has port 443 forwarded to it. Both of these servers are serving seperate web apps to our employees who of course use them offsite. We have now added an additional server (10.1.1.186) that needs to use both ports 80 and 443. Is there any way to set it up so that these ports can be forwarded to all the servers that need them? Also, how would this work as far knowing what traffic will need to go to which server even though it is using the same port?
The equipment is: ASA 5505ASA Version 7.2(4)ASDM Version 5.2(4) I appologize in advance if what I'm trying to do is difficult/impossible. I inherted the ASA 5505 at this location and I was not here when it was initially installed. In fact no one on staff was here when it was initially installed. I did manage to find the passwords to it though. I'm not at all familiar with the ASA 5505 or Cisco secuirty appliances in general.
View 19 Replies
View Related
May 16, 2013
I have an ASA 5505 with Security Bundle license.
I am able to create 2 LAN networks (192.168.9.0 and 172.16.9.0) Vlan1 and Vlan12 respectively. I also setup 2 outside interfaces (outside1 and outside2).
Network 1 (192.168.9.0 - VLAN1) has no issues going out via Outside1, however I can't get Network 2 (172.16.9.0 - VLAN 12) to go thru outside2.
I put in a static route (route outside 172.16.9.0 255.255.255.0 x.x.x.x), the x.x.x.x is the default gateway of my ISP.
View 7 Replies
View Related
Mar 21, 2013
I am having a problem trying to figure out how to add a new ASA 5505 to an existing network. My current network is:Cable Modem > Linksys > 48 port switch With multiple hosts residing on the 192.168.0.x network.Now i know that the ASA comes default with 192.168.1.1 on the inside interface and i want to change that to 192.168.0.1. I have tried to do this thru ASDM using the wizard and manually. Once i hit ok for it to write the config, it gives me an error that it didnt take. I then lose connection to the ASA and have to hard boot it to get it back.I am trying to do this without my external connection connected and i have a laptop connected to the ASA on port 0/2 with an IP address of 192.168.1.75.Do i need to connect my internet connection to it first and then run the wizard? I was hoping to get it configured for my existing network before i plugged in the internet connection to limit my downtime.This ASA came with 6.4.1 ASDM and 8.2 OS installed. i was able to upgrade the ASDM to 7.X but when i go to update the OS to 9.1, i get an error that i am not registered to use cryptographic software. Dont know where i need to register to get it?
View 4 Replies
View Related
May 1, 2011
I have an ASA 5505 that I was updating from frimware 8.04 to 8.41. Anyway, I went through the update procedure half-asleep and accidentally deleted the boot image right after I installed it (I used the CLI and put in the command del asa8*.bin then just hit enter a bunch of times, which of course means I deleted the old firmware too).
So now whenever I power up the ASA, I get the "Could not find boot file" error. Is there a guide somewhere that tells me how can upload another boot image to the ASA and set the ASA to boot it from teh ROMMON prompt?
View 1 Replies
View Related
Nov 29, 2012
RACK 1 is the old rack and NEW RACK is the rack which is going to be procurred for some new Servers. All the Servers in the RACK 1 has a default gateway as PIX Inside IP. As of now the 3560 Switches acts as Layer 2 and does not have L3 IP routing enabled. How can I enable conenctivity between 192.168.36.0 range and 192.168.57.0 range wihtout making any change to current PIX inside IP address 192.168.57.1?Is it possible that I can enable IP routing on the 3560 Switches , create interface VLAN 36 and since already Switch 2 has it 's default gateway as 192.168.57.1 , Would the traffic from 192.168.36.0 be routed to 192.168.57.1 ? Or do I need to create static route for that ?Since L3 Routing is not enabled and since the 3560 Switches are just acting as L2 , the VLAN 2 - 192.168.57.0 range does not have any interface VLAN configured. When it is changed I would need to create interface VLAN 2 on 3560 Switches?
View 18 Replies
View Related
Jan 29, 2012
this company uses Vyatta firewalls, which are dedicated boxes. So I was sent home with a Dell PowerConnect 5448 (a 48 port switch) with the project of getting a similar setup going with the computers i have at home. I have the switch set up, everything's on VLAN1, management IP is 192.168.2. 255.255.255.0, Default Gateway is 192.18.2.254, and the switch is properly sharing the my internet connection between three computers. That part was easy. So now, one of them is going to be either reformatted and set up with Vyatta, or I'm going to virtualize it. Either way, I need to route all the traffic through that firewall box before it goes to anything else on the switch so I can have a functional firewall.
View 9 Replies
View Related
Nov 27, 2011
I have a cisco 3560 switch set up as my edge router. It is working as my external demarc switch and edge router. It is sitting between the ISP's switch and my ASA firewall. It's a very basic configuration with port 1 set up with a fixed ip and switchport turned off which is connected to the ISP switch. VLAN2 is configured with an IP address and 3 ports, two of which go to different firewalls.
I found that I cannot ping a specific address from the inside interface (VLAN2), but I can from the outside interface Gig0/1. I have a few deny commands in an access list, but they don't apply to the network i'm trying to access, and I haven't had any other inaccessible networks otherwise.
Here's my config minus passwords and full IP ranges. There are two ranges, one with xxx and one with xx. The xxx is set as secondary, but is the one we really use.
Current configuration : 4808 bytes!version 12.2no service padservice timestamps debug uptimeservice timestamps log uptimeservice password-encryption!hostname my-rtr-ext!boot-start-markerboot-end-marker!enable secret 5 !
!!no aaa new-modelsystem mtu routing 1500ip routing!
[Code] ............
View 4 Replies
View Related
Apr 23, 2012
I am connecting the inside interface to an upstream switch and therefore will need to assign a static IP address to the inside address as I did below:
#sho int ip brief
Vlan1 123.123.123.123 YES manual up up
I will also use this to manage the ASA. I am having a problem with the network configuration of the inside interface as I can't ping the gateway and/or the in IP of the inside interface.Do I need to add any routes?
View 3 Replies
View Related
Mar 23, 2011
I have downloaded the 90 day ISE evaluation to a vmware platform I have it successfully authenticating local user(s) onto a Cisco 2940 device (12.1) IOS I am trying to follow a TrustSEC design guide [URL] but my LAB 2940 does not support many of the commands shown in this document What I want to try to do is be able to familiarise and demonstrate in the lab the use of ISE to control access to the network using 802.1X and or VPN access from remote vpn clients?
View 2 Replies
View Related
Apr 19, 2011
I have 2 ASA 5505 firewalls and 1 cisco 3560 switch.
One ASA 5505 firewall and cisco 3560 switch located at SITE-A. Another ASA 5505 firewall located at SITE-B.
Below is the my connectivity:
Site-A IPSec VPN Site-B
cisco 3560 <----------------------------> ASA 5505<------------------------------------------------------------------------------------> ASA 5505
I planned to create 5 vlans in my cisco 3560 switch. these 5 vlans needs to have internet and needs to access Site-B.
I will write on dafault route to firewall in my cisco 3560 switch. Is ASA 5505 supports this scenario??? If it is then how to configure ASA 5505 firewall.
View 4 Replies
View Related
Apr 6, 2011
I have a pair of 5505's in transparent mode and connected them to C2960S. The inside interface (which is VLAN5 on the switchport) keeps dropping, going in to error state. There is no log reference in the switch and the interface shows as UP. The standby ASA has no problem, both interfaces on the switch is up. As soon as I failover the units over, the active node inside interfaces drops.
View 2 Replies
View Related
Jan 20, 2013
Can I configure the Port at the ASA 5050 from Mode: access Port to trunk during the FW is running in a production area without console access ?As I know at the 5505 ist should work?
View 3 Replies
View Related
May 22, 2013
I have ASA 5520 installed. I want to use ntp server for firewall clock setting. I found one open-access ntp server (stratum 2) in Los Angeles:
[URL] 209.151.225.100
Can I use the following command to set ntp server?
ntp server 209.151.225.100 source outside.
View 3 Replies
View Related
Nov 29, 2011
In comparing the 891 (IOS 15.1) firewalling/security features to that of the small business routers, how does one go about setting up the same basic firewall attributes? with the small business line, you have simple "enable/disable: SPI, DOS, Block WAN request, etc..."how do you go about enabling those same simple things in this router, in particular the "Block WAN request"?
View 3 Replies
View Related
Apr 1, 2013
I am trying to configure DMZ on ASA 5505, basic license. After changes I have made I cannot access Internet from DMZ. I think I am missing an access list for DMZ, but I am not sure.
interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1 !interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5switchport access vlan 3!interface Ethernet0/6!interface
[Code].....
View 4 Replies
View Related
Jun 2, 2011
I have basically started fresh, from a clean image. We bought these with the expectation that we would be able to configure them using the GUI for what we need, which up till this point doesn’t seem to be the case.I will tell you how I have this setup, I have our ADSL going to a modem acting as a bridge with a static IP supplied by the ISP. If i connect a laptop to that modem and set the static ip on the laptop, I get internet access fine.So I then connect the modem to ethernet0/0 and the laptop to ethernet 0/1 I connect to the ASDM and run the startup wizard with the following:
· Outside ip : 87.87.87.87 255.255.252.0 (this works on the lappy straight to the modem)
· Inside ip : 192.168.10.1 255.255.255.0
· No dmz
[code]......
View 2 Replies
View Related
Dec 27, 2011
First time attempting to set up a 5505. Trying to replace a snapgear firewall and replicate the settings to the 5505.
View 12 Replies
View Related
Sep 6, 2011
I have a 5505 ver 8.2 connected to a router with a T1 internet connection. There was a problem with the internet service and when it was resolved the ASA did not pass traffic to the internet until it was power-cycled. Unfortunately that's all the info I have, as I was not onsite and couldn't access the ASA.
View 3 Replies
View Related
Dec 11, 2012
I am using ASA 5505.Below are my sh run.I am not able to ping my gatway i.e 182.73.131.89
interface Ethernet0/0
description Internet Interface
switchport access vlan 61
!
interface Ethernet0/1
description office Internet
switchport access vlan 50
[code]....
View 3 Replies
View Related
Apr 1, 2013
I have not been having much success configuring my 5505 for Internet access, and I'm sure there are a few small things I'm missing. At times I believe I got it to the point where I could ping, but still not pass through the Internet traffic. At this point, I reset the 5505 and only changed a couple of settings. I have an external range with these characteristics: Network Address 67.139.113.16 (.17 is Gateway), SM: 255.255.255.248, available IP: 67.139.113.218 The external connection is through a T1 modem, and when I put those settings in my laptop, I can access just fine. When I went through the startup wizard in the ADSM, I maded the internal interface 10.209.0.3, subnet mask: 255.255.255.0 I selected PAT in the Wizard, but don't know if I should have, or if the NAT rules I tried to put in are fine. Eventually I want to add a Site to Site VPN to the rest of the 10.0.0.0 network, but I can't even pass the Internet through to the inside. Also, this will eventually be behind another hosted firewall, so I'm not worried about restricting access, even currently. However, I suspect the problem is that traffic is being blocked with the NAT rules or Access rules.I wish I could just disable those inherent deny rules Outside of pings to 10.209.0.3, all pings come back as request timed out.
Config:
: Saved
:
ASA Version 8.2(5)
!
[Code].....
View 16 Replies
View Related
Jun 17, 2012
I am trying to configure Nat on a clean ASA 5505, but can't get it to work. I ran the commands below. On the ASA I can ping the internet and inside vlan ip. On my laptop I can ping the ASA inside vlan ip, but I can't ping the outside vlan ip. From another network I can ping the ASA outside public ip. Is there an access-list that denies inside from accessing outside?
I am running version 8.4(3) and I erased the existing configuration.
ASA(config)# interface vlan 1
ASA(config-if)# ip address 10.0.0.1 255.255.255.0
ASA(config-if)# nameif inside
[Code].....
View 8 Replies
View Related
Dec 4, 2012
I want to access my ASA 5505 from internet.how I can achieve it.
View 1 Replies
View Related
Aug 31, 2012
I have an ASA 5505 behind my internet router. i have got only one public ip configured on the router outside interface.192.168.20.0/24 subnet is configured between ASA and router and inside network is 192.168.10.0/24 (Refer the attached diagram).
I have exposed my mail server and ftp server to public through static PAT in router and ASA with the same public on router outside interface. Iam facing issue some of the machines inside my network internet is not working(actually DNS is not resolving) some of the PC's internet is working fine some of the PC's randomly working. i have attached the diagram and ASA config , after this issue is sorted out i need to configure a L2L VPN to my head office.
View 8 Replies
View Related
Aug 11, 2012
I have a Cisco ASA 5505 that has been configured to act as a router as well. I have configured 3 VLANS that have access to the internet. For some reason the "InsideWifi" and the "Guest" VLANS have very slow internet speeds and sometime web pages wont finish loading properly. The "Inside" VLAN gets the speeds that are expected. The DNS server does reside on the "Inside" VLAN. Is there anything wrong with my configuration that would cause the internet speeds on the other VLANS to be slow? My config is attached.
View 6 Replies
View Related
Jun 18, 2012
We currently use a linux software based firewall called IPCop that sits between our network and router (This is in bridged mode) IPCop conects over PPPoE and everything works fine.
However the system is not reliable and I fear not that secure so have purchased an ASA5505 now I have added the PPPoE info to the device using the ADSM software however although it picks up my external static IP I'm unable to access the internet. On IPCop I only had to enter the broadband credentials and it worked however I feel like I may have to add more to the Cisco, for example do I have to specify DNS servers and do I have to set a static route?
Here is my config file so far (Note I think I have turned on the ability to ping from internal to external). My config I have done through the ADSM as opposed to the CLI
: Saved:ASA Version 8.4(3) !hostname ciscoasaenable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface
[Code].....
View 17 Replies
View Related
May 24, 2011
I'm trying to allow SSH traffic from the Internet to my DMZ. I gave my remote guy my ip and he can see the ASA 5505 but not get into the DMZ. The outside is 70.165.19.137. The DMZ server is 192.168.60.2. I have the inside talking to the DMZ fine. [code]
View 9 Replies
View Related
Aug 9, 2012
I recently bought an ASA on eBay the plan was to try and learn how to configure them and get more familar with Cisco's ASA hardware etc.
I want it to do the routing for my home network. The way things are setup at the moment is pretty standard. I have an ADSL modem which is also a router which was provided by my ISP (Orange).
The first thing I did was change the router to be in "modem only" mode which seems to have worked. I then got the ASA to use PPPOE by following this guide [URL] I assume that worked as it is authenticating with the ISP and I'm getting a puplic IP address assigned to the outside interface. The default gateway is being set by the "ip address pppoe set route" command which I have verified with the "show route" command. The problem I'm having is that even though I'm getting a public IP I can't ping any thing from the ASA I've pinged 8.8.8.8 and 4.4.4.2 using the outside interface as the source but I'm not getting any responce. I have tried changing the MTU a few times to different amounts on the outside interface with no luck.
View 10 Replies
View Related
Feb 27, 2011
I set up an ASA 5505 at home through PPPOE connection. The ASA seems to obtain an IP address correctly.and I can ping a public ip address using the outside nic, but not the inside nic. I saw the error message when I ping: No route to ff0213 from fe801bc2b1288cd5bc1. As a result, I cannot connect to the Internet.
View 11 Replies
View Related
Sep 7, 2011
How I can actively monitor the interfaces and overall status of 2 x ASA 5500s in an Active/Standby configuration?
I can setup monitoring of the interfaces on the Active member but I'm not sure how to manage the Standby member?
View 1 Replies
View Related
Apr 24, 2012
We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510. One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover. I have configured a number of isr's for this and i know it works good.
View 1 Replies
View Related
