Cisco Security :: Configuring ASA5510 With 2811 ISR
May 26, 2012
I have a 2811 ISR configured to provide the following services to my network:
Internet access to LAN users Cisco Call Manager ExpressSite-to-stie VPN to 3rd party networksVPN server to provide VPN access to remote usersSecurity Zone configurationsStatic NAT configurations Now I recently just got the ASA5510 device and I am not sure how to go about with the setup, whether to put the ASA in between the internet and the ISR (Internet - ASA - ISR - LAN), or put the ISR in between the internet and the ASA (Internet - ISR - ASA - LAN)? While i know I can move most of the config unto the ASA, i know that the CME cannot be moved, hence I would like to do the setup such that users on the network still have access to CME.
View 3 Replies
ADVERTISEMENT
May 26, 2012
I have a 2811 ISR configured to provide the following services to my network: Internet access to LAN usersCisco Call Manager ExpressSite-to-stie VPN to 3rd party networksVPN server to provide VPN access to remote usersSecurity Zone configurationsStatic NAT configurations.Now I recently just got the ASA5510 device and I am not sure how to go about with the setup, whether to put the ASA in between the internet and the ISR (Internet - ASA - ISR - LAN), or put the ISR in between the internet and the ASA (Internet - ISR - ASA - LAN)? While i know I can move most of the config unto the ASA, i know that the CME cannot be moved, hence I would like to do the setup such that users on the network still have access to CME.
View 2 Replies
View Related
Nov 2, 2011
I have BGP router 2811. Want to configure BGP on it with two ISPs. How can i configure it?
View 1 Replies
View Related
May 26, 2012
I have a 2811 ISR configured to provide the following services to my network:
Internet access to LAN users Cisco Call Manager ExpressSite-to-stie VPN to 3rd party networksVPN server to provide VPN access to remote usersSecurity Zone configurationsStatic NAT configurations Now I recently just got the ASA5510 device and I am not sure how to go about with the setup, whether to put the ASA in between the internet and the ISR (Internet - ASA - ISR - LAN), or put the ISR in between the internet and the ASA (Internet - ISR - ASA - LAN)?
While i know I can move most of the config unto the ASA, i know that the CME cannot be moved, hence I would like to do the setup such that users on the network still have access to CME.
View 5 Replies
View Related
Jul 11, 2011
We have a few remote sites that connect back to HQ with T1 & DMVPN (Cable/DSL) for data. Our CM Publisher/Subscriber reside in HQ. We recently installed FXS cards in these routers to provide Fax functionality to our remote sites since we will be removing some POTS lines.
Can we register the 2811 as a voice gateway (I am thinking MGCP as with VG224's we have in production) and have it handle faxes with FXS card as well as route data or will we need a separate device for this?
View 3 Replies
View Related
Jun 13, 2011
I have configured Cisco 2811 and 3825 routers to connect the main and remote sites as per the attached topology. At the main site, the Cisco 3825 router is equipped with SFP ports (HWIC-1GE-SFP with GLC-LH-SM=) for fiber optic connectivity and also has a HWIC-1CE1T1-PRI installed The Cisco 2811 routers at the remote sites are each equipped with a WIC-1SHDSL-V3 module for SHDSL connectivity and with a WIC-1B-S/T-V3 for backup ISDN connectitivty.
In normal time the routers are using the SHDSL to Fiber optic connectitivty for communication. This has already been configured and is working. Now, there is a need to implement a backup connection between these sites such that in case the SHDSL or fiber optic connectivity fails, the routers should automatically dial up the backup ISDN connectivity so as to ensure business continuity.
View 3 Replies
View Related
Dec 22, 2011
I have a small issue with the AnyConnect client. Under Windows XP, I was able to accept and install the certificate from the firewall and get a vpn connection working. But under Windows 7, I have to accept the certificate everytime I conect. Is there a reason for that?
View 3 Replies
View Related
Feb 24, 2011
I have a small issue with the AnyConnect client. Under Windows XP, I was able to accept and install the certificate from the firewall and get a vpn connection working. But under Windows 7, I have to accept the certificate everytime I conect. Is there a reason for that?
View 2 Replies
View Related
Jan 5, 2011
I have configured the "Maximum Connect Time" as unlimited in my group policy but when a connection is established it shows a "Conn Time Out: 120 minutes". The connection does get dropped with this timer. how to actually make it unlimited and why it get sets to 120?I having a problem with SSL phone clients dropping throughout the day and think this may be the cause.
View 14 Replies
View Related
Jan 29, 2012
Here is what I have. Windows Domain Controller running DHCP with configured scopes.I have one ASA5510 And 4 HP Procurve switches with VLANS preconfigure from vender.
Here are my DHCP scopes/VLANS:
VLAN1 -Default 10.2.x.x/17
VLAN201 -DHCP 10.2.201.x/24
VLAN202 - WLAN EMP 10.2.202.x/24
VLAN203 - WLAN Guest 10.2.203.x/24
VLAN 252 - MGMT 10.2.254.x/24
Here is how I configured the DHCP Scopes:
Changes needed to make to the DHCP Server (AUSPDC) in order to get things working with the new switches.
1) Configure 3 new DHCP scopes on your DHCP server.
a) scope for 10.2.201.x/24 to serve LAN employees and give them a gateway address of 10.2.201.254.
b) a scope for 10.2.202.x/24 to serve WLAN employees and give them a gateway address of 10.2.202.254.
c) a scope for 10.2.203.x/24 to serve WLAN Guests and give them a gateway address of 10.2.203.254.
I just upgraded and decided to go with the VLAN configuration. None of my VLANS can get out to the internet or each other due to I think My ignorance in configuring the firewall.The PC's are getting proper IP address but they cannot get out or to the other VLANs. I tried to duplicate what is working for VLAN1 but it is not working.
Here is my config.
Result of the command: "show running-config"
: Saved
:
ASA Version 8.2(3)
!
hostname CiscoASA
domain-name hand.local
enable password 1FVULuGal5s1/ADt encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
[code].....
View 6 Replies
View Related
Mar 7, 2011
I'm trying to setup a SSL VPN on a 2811. I believe I have the SSL VPN portion understood, but I can't tell because I keep getting stuck on the Certificate Server, ca trustpoint and identity trustpoint configuration.
guide that walks you through the CA cert, Cert Server, ca trustpoint and identitiy trustpoint to ios SSL VPN?
View 6 Replies
View Related
Mar 29, 2011
How do you configure port-security on a 2811 router? If not, is there a way to configure some type of security on each port ?
View 3 Replies
View Related
Jul 23, 2011
i have a strange issue on a link between two ASA5510: both ASAs are interconnected by a P2P Fastethernet link, and the traffic between both ASAs is being secured by a L2L IPsec tunnel. The configured MTUs are 1500, however packets bigger than 1020byte are being dropped. IOS is 8.0(5). I didn't find so far any CAVEAT describing it.
View 2 Replies
View Related
Jan 16, 2012
I'm using a couple of ASA5510's since a few years in a few datacenters, and I wonder about the following:
Usually the ASA's are positioned with the connectors facing to the back of the 19" cabinets, so one can easily connect the device to other networking-hardware. In many datacenters nowadays, cold-coridors are used, which results in a forced airflow through the cabinet, which is empowered by the fans in the servers itself. But the ASA's are permanently blowing air in the opposite direction, and are also taking the air from the part of the cabinet where the air is as hot as it gets.
Is it a good practice to open up the ASA and flip the fans 180 degrees to solve this?
View 3 Replies
View Related
Jun 20, 2011
I have a SSL certificate from a third party that is showing under the Identity in ADSM, howerver the audit scan of the firewall shows that the SSL Certificate Signed with an unknown certification Authority. I have installed the Intermediate Primary and Secondary Certificate from the third party under the CA Certificate of the ADSM however when I verify the SSL certificate it still shows as self-signed. What other steps do I miss. I have attached some screenshots.
View 2 Replies
View Related
Dec 29, 2011
I have an ASA 5510 that I want to connect to 2 isp (one of my private network uses the isp1, and all others the isp2). Excluding the 5510 does not accept PBR(policy based routing), i saw that you could put a router, like cisco 2811 in front of the ISP. my questions are : can i put a switch 3750 in place of the 2811 router? , I have vpn connections in isp1, this architecture is compatible?
View 2 Replies
View Related
Aug 14, 2012
We want to have a ASA5510 with both IPS function and Content Security feature, while I checked on Cisco website, looks like ASA5510 or 5520 only have one SSM slot, so I can only use either AIP module or CSC module, does it mean I can not get both features at the same time.
Right now I want to have IPS function and anti-spam, anti-virus, antiphishing, content filtering, URL blocking such feature, so what do I need to buy to have all of these function in one device?
View 2 Replies
View Related
Aug 29, 2011
We have an ASA5510 with two ADSL lines connected and the auto fail-over set up - this is all tested and if the main line fails, the backup line is used in it's place - no problem there.
However, I'd like to increase our connection speed, and one way I've done this in the past is to add a couple of extra ADSL lines to a router that is capable of load balancing.
I'm aware that the ASA5510 does not load balance (seems a waste as we've got the backup line just sitting there doing nothing!), but would it be feasible to add another router in front of the ASA device to perform this load balancing function?
View 2 Replies
View Related
Sep 28, 2011
i have a cisco ASA5510 FW using in my network .The present Flash Mem is 256 mb and want to upgrade to 512mb,
View 3 Replies
View Related
Apr 5, 2013
I am facing a problem when configuring the ipsec vpn on my 7200 router. [code]
View 5 Replies
View Related
Apr 19, 2013
I have a Cisco home rack lab which is behind my ASA 5505. I use my ASA to connect to the internet. My situation is I travel a lot for work, and I am unable to do my labbing practice. I am pretty new to ASA and would like to do a port forwarding to access my access server which is connected to my Cisco routers and switches.My network topology is this: (internet)-------(ASA 5505)----------(3550)-------(CM32 Access Server)----------(Cisco Rack) This is how I setup my remote access:
Code:
ssh 0.0.0.0 0.0.0.0 outside
View 8 Replies
View Related
Dec 21, 2011
Recently upgraded a 5510 to Anyconnect Essentials and Anyconnect Mobile, the device was Security Plus and is now Base. Is it supposed to work this way? I lost my Gigabit interfaces. Is it possible to have Security Plus + Anyconnect Essentials?
View 1 Replies
View Related
Oct 29, 2012
I have a ASA 5510 and planning to implement multiple context in a 2 tier security level and vrf-lite. meaning I have 2xASA facing the internet and below that a 2x3560 switch for our extranet and below that is another 2xASA for intranet. See diagram below. In this kind of network I want to know how it would impact the total throughput and resources of the ASA using multiple context?
INTERNET
| |
| |
2811A 2811B
| |
| | (OUTSIDE)
ASA_A-------ASA_B
| | (INSIDE)
| |
3560A---------3560B
| |
| | (INSIDE)
ASA_C--------ASA_D
| |
| | (OUTSIDE)
3560C----------3560B
| |
INTERNAL NETWORK
View 3 Replies
View Related
Mar 20, 2011
I m getting mention error when try to open subjected web link.
Deny TCP (no connection) from Outside:180.87.10.44/2443 (180.87.10.44/2443) to DMZ-1:a.b.c.d/1594 (w.x.y.z/17964) with follow explanations.
"The adaptive security appliance discarded a TCP packet that has no associated connection in the adaptive security appliance connection table. The adaptive security appliance looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the adaptive security appliance discards the packet."
Where, a.b.c.d = our private ip address (Natted) w.x.y.z = Public Ip address.
View 1 Replies
View Related
Oct 21, 2007
I need to establish PPTP VPN to 877 modem/router from Internet.The VPN client is a Windows XP standard VPN client.I configured the router basing on the document: "Configuring the Cisco Router and VPN Clients Using PPTP and MPPE". url...And... It works quite nice BUT only when I use PAP protocol to authenticate the user.When I try to use 'MS-CHAP' or 'MS-CHAP v2' I get error 691 on the client side("Access was denied because the username an/or password was invalid on the doman.") [code]
View 5 Replies
View Related
Nov 15, 2011
I want to configure a remote VPN for our clients on Cisco ASA 5510 using Dyn DNS as I dont have static IP address.
View 9 Replies
View Related
Mar 13, 2011
i'm about to configure a syslog server to receive syslog messages from a Cisco ASA5510 and being it a one week test I was wondering how much space should I allocate on the machine hosting the tool (kiwi syslog). I see that the ASA fills the internal syslog buffer to 4MB and then it overrides it. How many messages would those 4MB be?
View 2 Replies
View Related
Aug 8, 2007
How I enabled the Virtual Keyboard on the main portal page on our ASDM v6.0(2) ASA v8.0(2). I remember seeing the option once upon a time and now i can't seem to find it.
View 2 Replies
View Related
Jan 10, 2006
Any data sheet or a brochure with the ASA5510 MTBF?
View 3 Replies
View Related
Jun 25, 2011
I'm facing a problem with two vlans. Each vlan has internet access by NAT.
In each vlan there is at least one server, who should be accessible from the other vlan and vice versa.
The function "same-security-traffic permit inter-interface" doesn't work, because NAT control is in place - so an expert.
Some experts told me it's not possible to route back out the same interface, and also not route back out the seperate subinterfaces as well.
View 12 Replies
View Related
Sep 27, 2012
I have an ASA5510-BUN-K9 in this version:
###
Cisco Adaptive Security Appliance Software Version 8.0(3)6
Device Manager Version 6.0(2)
Compiled on Thu 17-Jan-08 17:42 by builders
System image file is "disk0:/asa803-6-k8.bin"
Hardware: ASA5510, 202 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
###
The question is what i need to add the CSC10 SSM with content filtering and url filtering to this version of ASA? Do I need more ram? Do I need more flash? Is this version compatible with the CSCSSM hardware? What licenses i need for 100 users?
View 2 Replies
View Related
Jul 25, 2012
we operate an active/passive cluster with 2 ASA5510 in Routed Mode. Is it possible to add another node, so that we have one active and two standby nodes in the cluster? Unfortunately, I have found no documentation on this .... The data sheet say only up to 10 nodes can be mentioned as a VPN load balancing cluster.
View 1 Replies
View Related
Apr 30, 2012
Is it possivble to have 10 security licenses, license to a Cisco 5510 and have them transfeered to a Cisco5520?
View 1 Replies
View Related
