Cisco Firewall :: Unable To Use Public Server Function ASA 5505 9.1
May 23, 2013
i can't get it working to expose on internal server to an outside interface.I used the public server function in ASDM.Internet access works if i nat my private adress to one of the available ipadresses provided by our isp.
Internal Server : owncloud 172.10.0.4
External Server : ext181 46.245.171.181
I can't see the error in the configuration,
: Saved
:
ASA Version 9.1(1)
!
hostname rhedetest
domain-name xxxxx.de
enable password 59t92OvRofWL9yf3 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
[code]....
View 10 Replies
ADVERTISEMENT
Apr 19, 2012
I'm trying via the ASDM to port forward http connections to a DVR for the purpose of viewing IP cams.I've tried via ASDM to create a public server but I'm not allowed to use my public IP address for the public Interface.I have only one public IP address available.Is there any way round this ? I would also like to know how I can enable NAT with PAT.I've tried setting the outside Interface for use with PAT but It keeps reverting to the setting for a range of external addresses.I'm not really used to the ASA cli yet , I'm getting there.If there's a workaround via the CLI , I'll take that route.
View 4 Replies
View Related
Sep 9, 2012
I have assigned a task to configure a vpn between windows 2008 server and cisco asa 5505, what kind of vpn should i go with as the windows 2008 server r2 is on cloud and is it possible to configure site-to-site vpn for this network senario or not.. i have try ikev1/ipsec remote access vpn with l2tp with (CHAP, MS-CHAP v2) and couldn't find any document which will allow me to configure windows 2008 server to behave a client and connect it to asa, well what i did is that i configured a dail-up connnect with l2tp and found the following debug message
Sep 09 20:04:02 [IKEv1 DEBUG]IP = 172.16.32.5, Oakley proposal is acceptable
Sep 09 20:04:02 [IKEv1 DEBUG]IP = 172.16.32.5, IKE SA Proposal # 1, Transform # 1 acceptable Matches global IKE entry # 1
[Code].....
View 1 Replies
View Related
Nov 21, 2012
New to the ASA 5505 8.4 software version, but here is what I'm trying to do:
-Single static public IP: 16.2.3.4
-Need to PAT several ports to three separate servers behind firewall
-One server houses email, pptp server, ftp server and web services: 10.1.20.91
-One server houses drac management (port 445): 10.1.20.92
-One server is the IP phone server using a range of ports: 10.1.20.156
Basically, need to PAT the ports associated with each server to the respective servers behind the ASA 5505. Is anything missing from this config? Do I need to include a global policy for PPTP and SMTP? [code]
View 11 Replies
View Related
Jan 16, 2013
We have 2 IP blocks from my ISP. We have been using just one a /30 block with one IP address used on the outside interface of the device. The new block is a /29 range and I would need to use just two of those IP addresses. Here is the situation I am facing.A company we partnered with wants to set up a VPN, they will send us 2 Cisco 861s to put behind our ASA. Is it possible to assign these 861's with public IPs from the block that we are not currently using? (the /29 range)? I know that it might require an upgrade to the Security Plus.
View 7 Replies
View Related
May 2, 2013
The client I am doing work for as ASA 5505 at a remote location that is using Cox Communications for the ISP. The ISP assigned 5 static IP addresses, but we only need 1 for this location. However, that is the minimum you get no matter what. The issue is that the subnet mask is a /25 and what they are telling me is that the ASA is grabbing all the IP addresses in that range. They asked if there is anyway to keep the ASA from grabbing those IP addresses. Now, I have never run into this issue before with a provider. The gateway is in the /25 subnet, so going to a /30 isn't an option.
View 5 Replies
View Related
Sep 10, 2011
Attached is my updated ASA 5505 (8.4[2]) config. With this config, basically the "laptop" group works fine, but the leo and orion groups don't ever receive packets inbound. No DNS, nothing.
The laptop is windows, the other two are servers with two NICs. The interface cards are Intel Pro/1000s. I've been through everything including Vlan protocol conflicts and actually enabled the servers for 802.1(Q).
View 19 Replies
View Related
Feb 18, 2013
How to get DynDNS or some other public dynamic DNS services on the Internet working on ASA 5505?
View 2 Replies
View Related
Sep 8, 2011
Is it possible to two or more public IP Addresses bound to a Cisco ASA 5505 running 8.4(2).
View 9 Replies
View Related
Feb 3, 2013
I have ASA 5505 with basic licence, v9.1, ASDM 7.1. I want to create the DMZ for a web server.
The interface 0 is for the outside network The interface 6 is for the DMZ All other interfaces are for the inside network
My ISP provided me with one public static IP address, one gateway address and a subnet mask 255.255.255.252
1/ I would like to ask which interface I should assign the public static IP address to. Should it be assigned to the outside interface 0, or should it be assigned to the DMZ interface 6, while outside interface would be configured to use DHCP?
I tried to assign the static IP address to the outside interface first, but then when I used ASDM the “Public Servers” feature to configure NAT, I get error message that the outside interface and the public address cannot have the same IP address.
2/ For the sake of peace of mind, I am thinking about using the second firewall, which would be used only for the inside network. Can I connect this second firewall to one of the inside interfaces of the 1st firewall,
View 4 Replies
View Related
May 26, 2012
We have 2 TS (Terminal Servers) and have configured the 1st RDP using my public address (say 8.8.8.8) on port 3389. it is working very well of course. However I need setup my 2nd TS but will use port 7777 on the same public address which is not working.I am using ASDM 6.3 and firmware 8.3.1.Is this a limitation for this IOS?
View 6 Replies
View Related
Dec 15, 2011
We've a Cisco ASA 5505 connected directly to Verizon FiOS Circuit (ONT) box using Ethernet cable. As per the existing documention that I have, the previous configured this as a dedicated router to establish a seperate VPN connection our software provider. They assigned both Public Static and Local Static IP address. When I try to ping the public IP address, it says request time out; so the public IP address is no longer working.
When I ping the local IP address of 192.168.100.11, it responds. The SolarWind tool also shows Always UP signal. How can I login into this router either from remotely or locally to check the configuration, backup and do the fimrware upgrade?
I also tried to connect my laptop directly to the ASA 5505 router LAN port. After 3 minutes, I'm able to connect to Internet without any issues. However I don't know the IP address to use to login.
View 3 Replies
View Related
Jun 22, 2011
I'm stuck at asa 5505 nat, port forwarding configuration Here is what i need:
host1: 192.168.1.1 service tcp/100 >>>>> public ip 1.1.1.1 service tcp/100
host2: 192.168.1.2 service tcp/200 >>>>> public ip 1.1.1.1 service tcp/200
host3: 192.168.1.3 service tcp/300 >>>>> public ip 1.1.1.1 service tcp/300
So people from remote just need to use 1.1.1.1 public ip to access all the ports on three different inside server.I can do this on my old ASA 5505 with 8.0(4). Looks like there're lots of change from 8.0 to 8.4.
View 7 Replies
View Related
May 15, 2013
Could I get a validation that this config is correct in that it allows inbound access to the web server and that I should be able to ping it from my inside interface.
I tried to use the example code from Cisco DocID: 115904 for DMZ WebServer, but I found the object NAT parts did not work with my 8.6 IOS so I modified them as shown in my config.Example from 115904 doc.
!!!!
object network WebServerPublic
host 24.25.26.80
object network WebServerPrivate
host 192.168.1.80
nat(dmz,outside) static WebServerPublic service tcp www www ---> this does not code
!!!!
With the below code I do not get a ping reply sourcing from a 10.1.0.X host to 192.168.1.80 web server.And I cannot browse in from the outside to it either.I do see the MAC for 192.168.1.80 in the ASA's arp cache for the dmz interface.The web server is on a VMware ESX environment and I'm not sure it is set up correctly.
!
ASA Version 8.6(1)2
!
hostname A5515
!
interface GigabitEthernet0/0
[code]....
View 4 Replies
View Related
Sep 11, 2012
I hava ASA5510. INSIDE,DMZ and OUTSIDE interfaces are configured. I hava web server on DMZ ip:10.0.0.1 and it is static natted to 1.1.1.1. From internet i can reach to web server with IP:1.1.1.1 and from INSIDE connect to web server with IP:10.0.0.1. Now i want to connect from INSIDE to WEB server via public IP(1.1.1.1).how can configure it?
View 2 Replies
View Related
Oct 8, 2012
Setup:
LAN (192.168.1.X, with .3 as gateway)
DMZ (192.168.2.X with .1 as gateway)
WAN (X.X.X.146 as primary public IP, .145 as gateway and .147-150 as additional public IPs)
I want to set it up so that X.146 is where all my outbound traffic appears to originate.I want tcp HTTPS and SMTP to be allowed from the WAN (via the X.147 IP) to a specific server (192.168.1.11) on the LAN.Also, HTTP traffic to X.148, X.149 and X.150 should go to DMZ and 192.168.2.8, 192.168.2.15 and 192.168.2.18 respectively, but I haven't added that to my config yet. Looking to get the HTTPS and SMTP ones working first, then I'll fix the others (one step at a time)I've got contact with the outside world when I've configured it using the ASDMs "Public Server" interface, but it refuses to properly establish the connection, I get a "SYN timeout".
My config:
: Saved
:
ASA Version 8.2(5)
!
hostname kcisco
enable password X encrypted
passwd X encrypted
names
[code]....
View 7 Replies
View Related
Jul 30, 2012
I have an ASA 5510, one public IP address on my outside interface, an internal email server and a private network.I would like...
1: Users on my private network to be able to access the internet (PAT them to external outside address)
2: Email to be delivered to my MX (my single public IP address translated back to my internal email server.
i.e. can I share my single public IP address to serve translation in both directions (private users surfing the Internet (in-to-out) and an outside to inside NAT for email) ?
Email (MX) = 1.2.3.4
Public (outside) address = 1.2.3.4
Email server internal = 10.1.2.3
Internal private subnet for users = 10.0.0.0/8
View 1 Replies
View Related
Aug 23, 2011
We have Cisco ASA 5505 with ASDM 5.2 We have one Proxy server in our Local Lab and pointed to Hosted service(Simple Signal)issue is, When our proxy server send register to hosted server, ASA change private IP and post with outside IP and src port as 1063 every time.
Here is debug log on real time monitoring.
Aug 24 2011 05:21:19 302015 203.xxx.xxx.226 192.168.1.51 Built outbound UDP connection 3774 for outside:203.xxx.xxx.226/5060 (203.xxx.xxx.226/5060) to inside:192.168.1.51/27014 (99.119.161.107/1142)
Aug 24 2011 05:21:19 607001 203.xxx.xxx.226 Pre- allocate SIP Via UDP secondary channel for inside:192.168.1.51/27014 to outside:203.xxx.xxx.226 from REGISTER message
Aug 24 2011 05:21:19 710005 203.xxx.xxx.226 99.xxx.xxx.107 UDP request discarded from 203.xxx.xxx.226/5060 to outside:99.xxx.xxx.107/1063
Here 99.xxx.xxx.107 is Our ASA Outside IP address 203.xxx.xxx.226 is Hosted server IP address. My ASA config is attached.
View 2 Replies
View Related
Jul 28, 2011
I have a request to establish a site to site VPN with a customer. While collecting the information I give them our local network subnet which is a private subnet (192.168.5.0). They asked me if I could give them a public address instead. They can not work with the 192.168.5 subnet. Is this possible?
My side of the VPN is an ASA 5505 running 8.2(2). The other side i believe is a Checkpoint.
View 5 Replies
View Related
Aug 3, 2012
Minecraft 1.3 LAN server function fails because host IP bad. The host (a laptop) connects to the LAN with a proper 10.0.1.X type address, but this particular laptop uses a 169.* address when it establishes/reports the game (instead of it's 10.0.1.X) and no other computer can connect to it. Other computers DO establish/report the 10.0.1.X address they receive from the wireless router, and they can host just fine- but I really need to get the one laptop to serve as host since it has more horsepower.
View 10 Replies
View Related
Sep 9, 2011
I just tried to configure my ASA but unable to ping. My setup is as follows:
Cable Modem (DHCP from IPS)---> ASA (192.168.1.1)--->Belking Router (192.168.5.1)--->Switch (192.168.5.14)--->
ASA Version 8.2(3)
!
hostname WoodHomeASA-1
[Code].....
View 30 Replies
View Related
Dec 27, 2011
First time attempting to set up a 5505. Trying to replace a snapgear firewall and replicate the settings to the 5505.
View 12 Replies
View Related
Sep 20, 2011
I have a command line from ASA 5505 like below :
nat (inside) 0 access-list NO_NAT
The problem is I cannot see any matching ID of 0 at the (outside) like :
nat (outside) 0 xxxxxxxxxxxxx
Another problem is there is also no any access list with the name of NO_NAT.
View 2 Replies
View Related
Dec 11, 2012
I am using ASA 5505.Below are my sh run.I am not able to ping my gatway i.e 182.73.131.89
interface Ethernet0/0
description Internet Interface
switchport access vlan 61
!
interface Ethernet0/1
description office Internet
switchport access vlan 50
[code]....
View 3 Replies
View Related
Jul 10, 2011
i have an ASA 5520 8.4(1) setup as follows
public wan
|
|
ASA-- public dmz
|
|
private lan
i need to allow https traffic to a server in the DMZ that will have a routable IP address will just an ACL suffice ?which interface do i apply it to ? wan or dmz ?i dont need a NAT since the DMZ is a routable space?
View 6 Replies
View Related
Feb 6, 2013
I have a Cisco ASA configured for Any Connect clients. I also want to pass 443 traffic back to an internal web server, but not sure if I can do this since the Any Connect clients are already connecting over 443 to the ASA, right?
View 8 Replies
View Related
Jul 9, 2012
We have a Cisco ASA 5505. As of yesterday we could no longer access our web server (the web server is hosted off-site). Pinging the DNS address and direct IP (from the firewall and a PC) both return no response. Pinging the IP from the T1 router responds properly, meaning the router can access the web server, but the firewall cannot. Accessing the web server has never been a problem, and no configuration changes have been made to the network/firewall. Other locations can access the web server just fine.
View 1 Replies
View Related
Feb 24, 2013
I have a Cisco ASA5505 and windows DHCP server, how do I add this external server to ASA so my PC clients can get DHCP from this server?
View 3 Replies
View Related
Feb 11, 2013
I'm configuring a Cisco ASA 5505 ASA Version 8.3.1 I want to publish my web server is in the DMZ (10.30.30.1) and server address is 10.30.30.30 but it still fails.I have only one public IP, and hope that when they call the Public IP, my web server appears, another problem I have is that when I assign the public IP to my interface OUTSIDE my LAN loses internet connection.I have to do to publish my web server and the LAN computers have internet access?
View 16 Replies
View Related
Nov 15, 2011
I want to configure my Cisco asa 5505 as a dns server, so that when i configure any of my network systems ip address and use my firewall as a default gateway and dns ip, the system should be able to browse internet.
View 5 Replies
View Related
Sep 26, 2012
I have ASA 5505 and I save the configuration in the ASA 5505 using write memory or using copy run start but whe i unplug the power cord and plug it back in the ASA gets its factory default configuration.
View 8 Replies
View Related
Sep 27, 2012
I have config ASA 5505 and it is conencted to layer 3 switch that connects to cable Modem.
ASA is config with DHCP option and PC is able to get the IP from ASA. But from PC i am unable to access the internet. From ASA itself i am able to ping the Websites fine.
ASA has config with DHCP for inside and also it is doing NAT.
When i connect the ASA directly to Cable modem then pc is able to access the internet.
View 4 Replies
View Related
Apr 5, 2013
I have setup 5505 ASA for Testing purposes. It has static route to layer 3 switch on outside interface that goes to the internet.
ciscoasa# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
[Code].....
View 20 Replies
View Related
