Cisco Firewall :: Using Configuration Professional For 891 Router?
Aug 5, 2012
For the moment we have a router Lynksys RV042 , and we want to change it with an Router Cisco 891 .I have configured our new router Cisco 891 using Cisco configuration Professional because I am not an cisco expert:
I have configured : DHCP, DNS, NAT, Firewall (I have selected : Advanced , Low Security) . I have tested the new router and :
- Internet is working
- We can send Emails, Receive Emails from Outlook
- Our Web sites cand be accessed from the outside .
- File Share is working
We have 2 problems
1. Can't Access from inside the network : our public ips configured in the NAT : **.***.**.150 .
When we try : ping **.***.**.150 , we receive : Request Timed Out .When we try ping 192.168.1.2 , everything it's ok.When we try ping from outside of the network , everything it's ok.
PS : I want to mention that : if I put back the old router I can access our public IPs.
2. When I send Emails to yahoo and access View Full Header I receive : dkim=temperror (key retrieval failed)
------------------------------------------------------------------
Received-SPF: pass (domain of ********.com
designates **.***.**.150 as permitted sender)
Authentication-Results: mta1036.mail.ac4.yahoo.com from=********.com; domainkeys=pass (ok); from=********.com; dkim=temperror (key retrieval failed)
Received: from 127.0.0.1 (EHLO mail.********.com ) (**.***.**.150)
[code]....
I think our Email Server (Smarter Email) is using the ip Adress: 127.0.0.1 (Please look in the attachement) and this ip is restricted from the firewall (ccp in zone to out zone : Drop : 127.0.0.0/0.255.255.255) (generated by Advanced firewall > Low Security) .How can I set that to work ? Can I delete that row ?
View 7 Replies
ADVERTISEMENT
Sep 26, 2012
I configured a VPN site to site through an Cisco 891 and Lynksys RV042: Followed this steps: [code]The VPN works only for computers without NAT. [code]
View 4 Replies
View Related
Sep 5, 2012
I am trying to set up the router (881) using Cisco Configuration Professional, to allow ping reply's..I can not for the life of me figure it out.
View 4 Replies
View Related
Aug 20, 2012
Each time I try to add a new route(route add 172.24.0.0 mask 255.255.0.0 172.21.0.4). I get the following error message: The requested operation requires elevation.
View 1 Replies
View Related
Sep 7, 2011
I'm having a wierd issue with the VPN client installed on Windows. Eventhough it connects and receive and IP address, I'm not able to access any of the servers on the remote network.
Is there any special configuration need it for it to work on Windows 7 proffesional?
The client works perfect with windows XP, we have a ASA 5510 Version 8.2(2) is in routed Mode
View 2 Replies
View Related
Nov 13, 2005
Is there a driver available yet for the External Dell Wireless card (model number D1450U) yet on Microsoft Windows XP Professional x64? I guess the better question is if there is a 64bit driver available for the external card yet?
View 5 Replies
View Related
Aug 11, 2011
I have tried installing this device on Windows 7 64bit machine. The install seems to go fine and the device works at 2.4G.
But I purchased this unit to be able to test a clients 5GHz system. There does not seem to be any place to switch from 2.4G to 5.0G.
View 2 Replies
View Related
Jan 3, 2012
This is an older desktop, Been utilizing the net gear to get on the Internet for months and it was working fine,shows it is connected to ssid but ip shows up as 0.0.0.0 I have other home computers hooked up and work g so I located there ip address, can I input it myself ? If so how?
View 2 Replies
View Related
Jun 15, 2011
I was recently given a computer from my workplace. I took this computer home, and put it in the place of my old one. The internet connection on my old computer has always been fine; all cables are connected correctly. However, this computer from work will not connect to the internet. The icon in the bottom right corner of the screen states that I am connected, but the internet browser claims that it is unable to display web pages. May the cause of this be related to any unique computer settings that a workplace may have on a computer in their network? Other computers have no problem connecting to the internet through the same, wired connection. The OS is Windows XP Professional.
View 2 Replies
View Related
May 26, 2009
So I bought the WUSB54GC wireless adapter today. My computer's OS is Windows XP Professional. Whenever I load the disk and click "Start Setup" a window pops up that says "This version of Windows in not supported."
View 9 Replies
View Related
Apr 18, 2011
we are using Cisco VPN client to access our corporate network.I have 5 new notebooks Dell Latitude E6410 OS Windows 7 Professional x64, with identical hardware configuration.I downloaded Cisco VPN Client 5.0.07.440 (64 bit) and installed it on all notebooks. It works fine on 3 notebooks, while on 2 notebooks the VPN connection fails with error:
Secure VPN collection terminated locally by the client.
Reason 403: Unable to contact the security gateway
We use a smartcard for VPN access (etoken from Aladdin)
Here an extract from Cisco log:
Cisco Systems VPN Client Version 5.0.07.0440Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.Client Type(s): Windows, WinNTRunning on: 6.1.7600...Sev=Info/6 CERT/0x63600026 Attempting to find a Certificate using Serial Hash....Sev=Info/6 CERT/0x63600027 Found a Certificate using Serial Hash....Sev=Info/6 CERT/0x63600026 Attempting to find a Certificate using Serial Hash....Sev=Info/6 CERT/0x63600027 Found a Certificate using Serial Hash....Sev=Info/6 CERT/0x63600026 Attempting to find a Certificate using Serial Hash....Sev=Info/6 CERT/0x63600027 Found a Certificate using Serial Hash....Sev=Info/4 CERT/0x63600015 Cert (cn=<omissis>,ou=Remote,ou=Users,ou=<omissis>,dc=it,dc=<omissis>,dc=local) verification succeeded....Sev=Info/4 CM/0x63100002 Begin connection process...Sev=Info/4 CM/0x63100004 Establish secure connection...Sev=Info/4
[code]......
It seems the problem is in the certificate, but I verified and Cisco client says it's ok. It's also the only valid certificate in MMC->Certificates->Personal.Furthermore, also using other smartcard (etokens) of other users it doesn't work.
View 5 Replies
View Related
Mar 1, 2011
I am trying to forward a port so i can connect to my computer because i want to stream a radio station from computer to my phone.I'm trying to forward port 88 on my Linksys WRT54G Version 6.I tried that but Boardwave audio streaming server still says it's not open!Here are some pictures: I'm using Windows XP Professional 32-Bit
Eset AntiVirus
and using Windows firewall
View 7 Replies
View Related
Mar 19, 2011
I cant install drivers for Windovs XP both 32-64 Professional. Original CD tells me for x64 OS is not supported, also, when trying to install only drivers it just can't find it. For x32 same problem - can't install drivers. I've got Intel DP45SG.
View 5 Replies
View Related
Apr 17, 2012
I am trying to configure the firewall of a linksys 4200. I would like to be able to close or open every single port on protocols/incoming/outgoing. There doesn't seem to be a straightforward way in the e4200 web interface, is there any other way to perform this? Google doesn't seem to provide me many alternatives.
View 2 Replies
View Related
May 16, 2011
I have two 1811's connected in a lab using a ipsec vpn tunnel (using a switch to simulate an internet connection between them).I am trying to configure one of the routers as a ZBPF just to allow a remote windows login (DC on the firewalled side, workstations on the other side).I'm trying to verify that the zbpf is working, but it doesn't seem to stop anything. I had match icmp added to the class-map, but took it out to test if icmp would fail. It didn't. Basically, I don't think the firewall is working at all. Any thoughts on how I can configure this so that the policies will work between zone-pairs?
Here's an quick drawing:
Here are the configurations:
Local router:
hostname sdc-1811-LocalLab
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
resource policy
[code]....
View 11 Replies
View Related
May 17, 2011
i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.
View 2 Replies
View Related
Apr 7, 2013
We have an ASA with 8.4(5) version. we had detected that few ip's were getting shunned ,to overcome the problem no shun was used and the traffic normalised.But, the same problem re-occured a few days after that with logs showing traffic being shunned.
is there any fixed way to get rid of this. what commands can i use to verify related configuration on the firewall.
View 3 Replies
View Related
Mar 31, 2013
I have one firewall need to be configured in transparent mode. I have inside and outside router. What is the configuration of transparent firewall ASA8.2. I didn't find the configuration on Cisco site.
View 17 Replies
View Related
Nov 25, 2012
I am trying to set the PIX firewall to transparent mode.After I set it to transparent firewall, I allowed all icmp, tcp, udp traffics.Currently, any devices in the inside network can get the ip automatically from DHCP server in the outside network but cannot ping to any servers in the outside network either access the internet.Do I need additional confiration on the firewall?
Here's the configuration:
PIX Version 7.0(1)
firewall transparent
names
!
interface Ethernet0
[Code]....
View 1 Replies
View Related
Sep 11, 2007
I want to configure an ASA 5505 in transparent mode (7.x). Somehow, I got it to work.. but i need some kind of step by step description. I just want to connect it with outside on a route .. inside in my LAN. Its working now with one ASA. But in the Web Interface the Interfaces inside and outside are down.. but its working.
View 5 Replies
View Related
May 5, 2012
Setup new Cisco 861 and working well for a new BTNet line for the customer. Changed the firewall using CCP from Zone to Classic Firewall. Worked great all day and configured what I needed to do.Now, with CCP (version 2.6) have the following message.Cisco CP has detected that the router is configured with either legacy and Zone Policy Firewall (ZPF) or Legacy firewall. If you want to use Cisco CP to configure an zone-based firewall, you must first delete the Legacy configuration.
View 4 Replies
View Related
Mar 28, 2011
I would like to replace my firewall by using ACL on my Cisco 881 for testing. Could it be possible?
Configuration:
access-list n° permit ip host distant_site_public_IP host my_public_IP
access-list n° permit tcp any host my_public_IP eq port
This configuration works fine for SSH in exemple.
I can't allow "web pages" flow!!!
When i put: access-list n° permit tcp any host my_public_IP eq www
It does'nt work.
With Wireshark, I've seen that random ports are used to set the "http connexion". How could I resolve it keeping the best security configuration? I place my ACL on WAN port, Maybe I have to place it on LAN or create others ACL list to complete the configuration?
View 2 Replies
View Related
Jan 21, 2013
I recently installed an ASA firewall for one of our customer. I am trying to map the web server’s private address to the public address:
The private address is 192.168.207.15
The public address is 71.x.x.51
Here is the NAT configuration. For some reason this configuration is not working. I am not sure what is wrong with this configuration.
object network inside-out
nat (any,outside) static interface
object network new-www
nat (inside,outside) static 71.x.x.51
access-group inside_access_in in interface inside
access-group global_access global
NOTE: Inside network users can access Internet just fine. But I just cannot get natting to work.
View 14 Replies
View Related
Sep 26, 2012
I'm having trouble configuring an ASA into a network solution. We have a 501 with the outside interface on 10.24.10.1, the inside interface as 172.18.10.1, and a DMZ on 192.168.1.1. in the DMZ there is a HTTP/FTP/TFTP server connected to 192.168.1.2 on a virtual machine. When on a machine configured to 172.18.10.10 I can ping to the outside interface but not the DMZ. When I am in the DMZ the PIX does block traffic to the inside, but I can't reach the outside interface. When on the outside I am blocked from the inside, but also blocked from the DMZ.
Group10(config)# sh run
: Saved
:
PIX Version 8.0(4)
[Code]......
View 22 Replies
View Related
Dec 26, 2011
I have a Cisco ASA 5510 connected to 2 private lans (1 for my HQ pc's{inside} and 1 for the worldwide mpls{outside}) It is also connected to the public internet at interface "public" and my dmz at "dmz" interface. I suspect I have a routing issue because packet-trace yields allow, the nat looks ok and the objects look ok at least to me but I'm the one with the non working config so...Basically this is the desired flow:
1. I need all traffic from the inside to be able to flow to the outside unimpeded as they are both trusted networks. (this is ok right now as I allow everything via access-list 101.)
2. I need any host on the public internet to be able to reach a server on the dmz via the pat which I set up from the "public" interface to the "DMZ" interface. The desired flow would be that the person on the internet types in [URL] and this is directed to the public interface ip which forwards to the webserver object on the dmz. (I cannot get this working any which way)
3. I need the dmz to be able to communicate with another server on the mpls via the "outside" interface when it recieves the request from the public it then checks with this other server on the outside via nat(translating the dmz range into the ip of the outside interface on the firewall)I have a default route that points to the mpls or outside interface for 0.0.0.0 0.0.0.0 via 10.x.x.1 - (and although I'm not sure I suspect this could be conflicting with traffic that needs to be sent to the "public" interface .... meaning that the firewall should dump packets bound for 0.0.0.0 0.0.0.0 to the public interface - 184.x.x.194 but I'm very reluctant to change the default route as this is in production and I'm not sure how it will affect traffic).However, I do suspect that if I changed the route from default to static as such:
route 10.0.0.0 255.0.0.0 10.x.x.1 (this would get all lan and mpls traffic to the mpls gateway) route 0.0.0.0 0.0.0.0 184.x.x.193 (this would send everything else from public to the public internet gateway)I think this is accurate but then I would bypassing my corporate internet proxy which is behind the mpls gateway at 10.x.x.1? Is there a way to get http traffic originating from the lan (10.x.x.x) to use the mpls gateway and http traffic for the dmz to use the public internet gateway at 184.x.x.193. I don't want to start causing a flow problem for the internet nor do I want to bypass my corp internet proxy.Either way I cannot get this to work, eventhough the logic checks out, I cannot get even a ping response when I allow icmp any any for testing. Note: I can ping resources on each network from the firewall, not only it's own ports in the associated network but other resources on those networks as well.
Here is the running-config:
ciscoasa# sho run
: Saved
:
ASA Version 8.4(1)
!
hostname ciscoasa
domain-name marcjacobs.lvmh
[code].....
View 16 Replies
View Related
Feb 12, 2013
I have old ASA with 8.0 configuration that includes huge number of ACL, NAT , VPNs , we got a new ASA with 8.6 , and we are planning to move the configuration to the new box , I'm wondering what is the best approach to do this , I'm thinking of one of the following scenarios1- downgrade the new ASA to 8.3 , the apply the config , remove the identity nat commands and names then upgrade to 8.6 and after that reconfigure the NAT rules and object groups .2- convert the old config manually to 8.6 code including NAT , object-group ,ACL and apply it to the new ASA ( this is going to be huge task). What are the commands that I have to look at when I convert to 8.6 and will the VPN configuration be affected ?
View 5 Replies
View Related
Nov 29, 2011
I want to configure Qos for 2 diffrent Vlan 2 , each vlan for 2 mbps bandwidth .(VLAN details VLAN 10 (10.10.x.x /24) and vlan 20(20.20.x.x/24) Is any difference regarding initials configuration B/w ASA 5520 and 5585
View 9 Replies
View Related
Jun 5, 2012
I inherited a PIX 506 with 6.3. I will admit my background is more towards switching/routing. But while I know it is dinosaur, I need to maintain for partner interoperability. I just want to confirm that what I am thinking is correct and inf not how I can correct it.My thought is that since the access-list command doesn't list "eq" at the end, all ports and protocols are allowed?The other thing I am not used to is that the access-list has not id/number included in the command, so I assume that access-group specifies this functionality.
Here is a snippet of the current config:
object-group network Ext_Net network-object 192.168.0.0 255.255.255.255
object-group network Int_Net network-object 10.0.0.0 255.255.240.0
object-group network DNS network-object 192.168.0.254 255.255.255.255 network-object 192.168.0.253 255.255.255.255
object-group network Servers network-object 192.168.0.25 255.255.255.255 network-object 192.168.0.62 255.255.255.255 network-
[code].....
View 2 Replies
View Related
Oct 3, 2012
I would like to know something with more accuration about idle timeout configuration. In particular why is impossible to set "half-closed connections" to a value lower than 5 minutes neither through a policy-map? In my particular scenario, my asa is used to nat mobile phones traffic, it should be advisable to use less than 5 minutes
In my configuration I've set the timers as follows:
.
timeout xlate 0:15:00
timeout pat-xlate 0:00:30
timeout conn 0:14:00 half-closed 0:05:00 udp 0:02:00 icmp 0:00:02
[Code].....
View 4 Replies
View Related
Jun 19, 2012
Is there an script tool to convert the configuration from a Cisco ASA 8.2 to 8.6 ?
View 1 Replies
View Related
Oct 18, 2011
I am very confused on how I setup a Pix 515 that I just got to route traffic out a cable modem. First, let me give you a little details on my current network setup and what I am trying to accomplish with this Pix 515. Currently all my users go out the proxy for any internet access, however I have certain users that need to go out the cable modem instead of the proxy server. Below is an example of the current IP setup of a user A:The cable modem that we currently have has DHCP so I would need the external PIX address to accept a DHCP address. I also don't really understand what else I need to setup so if I have say four users hitting the cable modem through the pix how do I direct their web traffic to the correct computer (NAT ?),I will be plugging the PIX into a cisco switch that all ports are in VLAN 48 so hopefully a static internal address on the pix of 10.24.48.254 will keep me from having to do any routes since all traffic will be originating from the 10.24.48.0 network.
View 1 Replies
View Related
Aug 13, 2012
i have to open ports for vedio conferencing in my Firewall configuration ,
View 1 Replies
View Related
Jan 24, 2013
I am attempting to set up FTP behind this new CISCO ASA 5510 we just bought. I haven't configured a cisco device in 5 years, so I am having issues., i think i am close. If I FTP from outside (fixed) IP it connects and takes the password but hangs on PASV and gives no data connection below is my configuration. It is simple since I seem to have the connection inside correct. and yes you can connect to the FTP server from inside without issue.
Code...
View 4 Replies
View Related
