Cisco Switching/Routing :: 5520 To Redirect An External Address To An Inside Server

Mar 21, 2012

I am desperate to make some kind of translation which convert an outside IP Address of our web server to its inside ip address so that requests can be routed internally to the server.
This is what we have:  A wireless network with an SSID to serve visitors.  We also have an in-house web server which can be accessed internally and externally.  We have a ASA 5520 that protects the internal network, including the Web server, and also routes all traffic from the all visitors connected to the public SSID to the outside.  The DHCP server for the wireless network for visitors is configured to give the as dns server.  The problem with that is that the is resolved by Google's dns server to the public IP Address of our web server!  The traffic then is sent to the outside interface of the ASA 5520.  The visitor who wants to access our web server cannot connect!
How can I configure the ASA to route that traffic to our web server with the public ip address to the inside ip address of the web server?

View 2 Replies


Cisco 887VAW - Redirect Port 90 To Another IP Address External To Our Own?

Oct 28, 2012

Our company uses a commercial copier monitoring package called FMAudit to obtain meter readings from our clients' copiers, and it uses a feed to send the readings back to us. We have used port 90 for this purpose.Due to a recent server crash and emergency reconfiguration of our network, we have moved our FMAudit central server from in-house to a hosted service, with of course a different external IP address.

Without interfering with our other systems, is there a way to redirect JUST PORT 90 to another IP address external to our own? I don't care if it has to happen at the router or server level. We are using Server 2003 and a Cisco 887VAW.

View 2 Replies View Related

Cisco :: LMS 4.1 Redirect Syslog To External Server

May 16, 2012

I would like to know whether LMS 4.1 (local server mode) has the ability to relay syslog messages received from devices to an external syslog server?  If so, how do I configure such?
From reading the document and going through the LMS 4.1 GUI, it appears that it could receive and forward messages but only between LMS system (ie. multi server mode) as SSL is required.

View 1 Replies View Related

Cisco Application :: CSS11503 / Make NAT From Inside Addresses And Translate Into One External IP Address?

Dec 8, 2011

I know the CSS is too old but I have one in production environment and I was asked if it is possible to CSS to make NAT from inside addresses and translate them into one external IP address to diferent kind of communications, for example: and (inside addresses) should start connection to external IP addresses destinations / / and so on, the default gateway to those Servers is the CSS and I would like to know if it is possible that all connection to external world to be translate into one IP address
My CSS is 11503
Version: sg0810106

View 2 Replies View Related

Cisco VPN :: 5520 - How To Translate One Inside Address To Another

Oct 23, 2011

I guess I'll start with the easy stuff, Cisco ASA 5520 ver 8.2, ASDM ver 6.2, IPSec L2L tunnel with overlapping private IPs.
I have about a dozen L2L connections on our 5520 but never had to do one with overlapping IPs. I have two that I have to build and one definitely overlaps our inside locals, and the other is requesting that we NAT our inside locals to a 10.x.x.x.
I've searched the board and found several good posts including document 112049, but I just don't seem to be able to get my head around how to translate one inside address to another. It would seem like is would be as easy as doing an (inside,inside) static NAT, but most everything has the solution as a policy NAT or doing an (inside, outside) but in the less secure address space place the name of an ACL. I have ordered that brick of a book on ASAs from Cisco Press, but need to get something going and I'm not having much luck getting this thing up and running.
Perhaps my basic understanding of NAT rules is wrong. I thought that when using NAT the command speaks to the interfaces and the direction of travel, (inside,outside). I also thought that the IP adresses used must be valid on the interface refferenced, so any refference to "inside" would have to be an address on the "inside interface of the FW and likewise for the "outside" interface. Finally, to be sure I'm not calling a duck a goose my understanding is that the following are correct; "inside local" = my private, "inside global= my peer, "outside local"= their private, "outside global"= their peer.
So if I'm translating say a 192.x.x.x on my inside local and wanted to present them a 10.x.x.x, wouldn't I need an (inside,outside)? And even though I'm translating my private IP into a different private IP, the translated IP must be on the "outside" interface because that is the interface that I want to present the new private IP on?
So for the scenario I suggested at the top where I need to translate my private 192.x.x.x into a 10.x.x.x and present that 10.x.x.x to the other side, I need something like NAT Static (inside,outside) 10.x.x.x  192.x.x.x?

View 8 Replies View Related

Cisco Switching/Routing :: Add Another External IP Address To Out 881

Nov 18, 2012

We have a Router with one External IP and a couple of VLANs. We have got a Teleconferencing Unit that needs almost every port known to man to work, so decided to get the unit its own External IP.
We have the IP now and how to get it in the router and then also to use it only for the Video unit (From outside straight through to Video).
Im comfortable adding lines to the router but just don't know what the lines should be.
The new IP's purchased are (Only need to use one address, lets say No idea what the subnet mask should be...
The router config below stripped of irrelevant stuff:
interface FastEthernet0
no ip address
interface FastEthernet1


View 11 Replies View Related

Cisco Firewall :: ASA 5520 - Permit Traffic To Inside Via MAC - Address?

Apr 6, 2011

I have a handheld device that will be used for inventory outside of our office. It has 3g capabilities. Is there anyway I can permit traffic from this device from the outside world coming into my network?  I need to open a couple of ports so it can hit the server. But I have no intention to open these ports up to the entire world.  I use an ASA 5520 with a managed router from our provider. I looked around on the Cisco site and the only information I found was for permitting and denying traffic from devices that are within the network.

View 2 Replies View Related

Cisco Switching/Routing :: Translate Inside Network Of To Outside ISP Address On ASA 5505

Oct 2, 2012

I'm trying to translate my inside network of to my outside ISP address on ASA 5505. The ping from all hosts to works, but it still only let's one address out to translate.My configuration is:
global (outside) 1 interface
nat (inside) 1
still doesn't work.

View 2 Replies View Related

Cisco Switching/Routing :: Translate Inside Network Of To Outside ISP Address On ASA 5505?

Oct 2, 2012

I'm trying to translate my inside network of to my outside ISP address on ASA 5505. The ping from all hosts to works, but it still only let's one address out to translate.My configuration is:
global (outside) 1 interface
nat (inside) 1
still doesn't work.

View 3 Replies View Related

Cisco Switching/Routing :: 5520 Configure Traffic Flow Between Computers Inside VLANs And Routed Port

Jul 7, 2012

How to configure traffic flow between  computers inside VLANs and a routed port? Here is the setup details:
1. Switch 3750-X
2. VLAN 100 - ( SVI IP address /24)
3. VLAN 200 - ( SVI IP address /24)
4. routed port gi1/0/48 (IP address /24). Note: this port is directly connected to a firewall ASA 5520 port IP /24
Ip routing is enabled on the switch and inter vlan traffic is flowing ok. I can ping the routed port gi1/0/48 from  any computer connected in the VLAN 100 or 200. For example computer with IP can ping the routed port Switch can ping firewall port and the 'sh ip route' command shows the network /24 as directly connected network.
any computer in the two VLANs CANNOT ping firewall ASA port   Is it because inter VLAN routing does not work with a routed port on L3 switch? I looked up fallback bridging, but it is meant for non IP traffic.The goal is I am trying to set the ASA port as an internet gateway for VLANs. 

View 4 Replies View Related

Cisco :: Configure NAT For Inside SMTP Server In ASA 5520

Sep 20, 2012

I need to configure my ASA 5520 version 7.3 firewall to translate our SMTP server residing in local LAN to use different IP address from the outside interface which is used by all other computers to access Internet.

Under NAT section, i have NATted this internal SMTP server with different IP address(eg x.x.x.1) and also translated the remaining IP addresses in the LAN to the outside interface(eg x.x.x.2)

my problem is, Whenever i check the header for message coming from the smtp server it shows that, the SMTP server is also translated by using the same outside interface public ip address(i.e x.x.x.2) which is used by other client machine to access internet instead of the x.x.x.1.

how i can get my SMTP server to use separate IP and avoid to be blacklisted by some domain.

View 3 Replies View Related

Cisco Firewall :: 5520 - Inside Server To See Actual Outside Host Source IP In Udp Packet

Mar 3, 2013

I have a 5520 in production at a customer's site between an outside 802.11 network and an inside server.   The server can get to outside hosts OK, and the traffic is being NATed  properly, and sockets initiated by the server on the inside can pass data both ways, but I need to allow outside hosts the ability to send  'announcement' UDP packets to the inside server.  I thought this might be an  outside-NAT-required issue to get the traffic routed, but I need the inside server to see the  actual outside host source IP in the UDP packet, so I basically set the  outside host up similar to the inside host, just without the NAT table on the firewall -- it's subnet is outside the  destination (inside server) subnet, and its gateway is the outside  interface of the ASA, the same way the inside server is able to get to  hosts outside.  The firewall should just route the packet with a destination of the inside subnet once it sees that it hits a 'permit' ACL.
I have the appropriate ACL's set up, and when I do 'show access-list' I  see policy hits for the 'permit' statements where the outside host is  generating the announcement and it's hitting the ACL.  I even duplicated  the ACL into list 101 and 102, and applied 101 for inbound traffic on  the outside int, and applied 102 for outbound traffic on the inside int,  and I'm seeing policy hits on both permit statements outside and  inside, so it looks like the traffic is being passed on to the inside  interface and permitted, but the server isn't seeing the packets.
I can ping the outside interface from the outside, but cannot ping the  inside interface or any inside hosts from the outside, even though I  have 'permit icmp any any' enabled on the ACL on both ints. When I  remove the firewall and put the outside clients on the same subnet, the server sees the packets just fine.
I set up the same scenario in my lab with an ASA 5505, with the same results.  Below is the running config from the 5505 in the lab.  The production firewall is running a slightly older version of ASA, so I made the configuration as basic as possible on the 5505 to match the config in the field:
: Saved
ASA Version 8.3(1)
hostname ciscoasa
enable password Guh9Xxhb9mcC8lV1 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
interface Vlan2
description Outside WAN Interface
nameif outside
security-level 0
ip address
interface Vlan3
description Inside LAN Interface
nameif inside(code)

View 6 Replies View Related

Cisco Firewall :: ASA 5520 - Access Current Server Using External SNAT IP

Dec 8, 2012

I have an ASA 5520 with a DMZ with private addresses that I SNAT to my outside network. From inside the DMZ I can reach servers by both the internal private IP and the public IP, except if the IP is from the server trying to connect. So, say I have server1 and server2. I can connect from server1 to server 2 with both public and private, but can't connect from server1 to server1' using the public IP. ASA logs show that packets are being denied due to land attack. DNS doctoring is not an option for me.

View 1 Replies View Related

Difference Between DNS Server And External IP Address?

Oct 11, 2011

Whats the difference between DNS Server and External IP Address? When I dump Ipconfig /all into a .txt file I see that it shows three seperate values for the DNS Server. My question is, since ipconfig /all does not give an external IP address, are they the same? Why are theyre three?

View 2 Replies View Related

Assigning External IP Address To Server

Oct 12, 2011

We once had a virtual server with two network adapters, one was internal and the other was external, and people could access it directly from the internet.

That server recently, died (someone put the .VHD file on a massive RAID 0 array, and that went boom), and I need to set it back up again. All the DNS entries appear to still be there, but how to assign the external IP to the network adapter. I tried Google, but my Google-fu must be weak today as I can't find anything useful.

It's a Server 2008 R2 machine running inside Hyper-V. Nothing's changed except for the new Windows install, it's running with the exact same VM settings, which I didn't touch except to add a new VHD.

View 5 Replies View Related

Cisco Firewall :: ASA (8.4) / Redirect Outside IP Request To Inside Host

Mar 27, 2012

Wondering if on the ASA (8.4) its possible to do something like what DNS rewrite does, but with IP requests.  Scenario.  Mobile phone accesses a web app inside our network fine over cellular.  Once it comes inside on to wifi it still has the public IP address cached so the ASA doesn't allow its request to loop around and the app appears broken.  We're considering lowering the TTL on the DNS host entry but I think we are battling phones/mobile OS's that don't have a strict adherence to name resolution standards.  A lot just seem  to refresh their caches every 10-15 minutes.

View 4 Replies View Related

Cisco :: 2504 Web-Auth Passthrough With External Redirect

Feb 6, 2012

I have a cisco 2504 running I am trying to configure Web Auth for External Redirect, Passthrough. I have a page created on an external web server that was taken from the Web Auth Bundle and modified. It is a simple "accept" or "reject" on a Terms and Conditions page. I have a Pre-Auth ACL configured to only allow communication to the server the T&C page resides on.
When I connect to the SSID, the page redirects to the external URL and the the URL shows up in the browser window with all the variable data as a GET on the URL line, but the page never loads. It just hangs. I can copy the the URL data, paste that in once I am on-net, and the page loads just fine.
So, something is happening when the WLC is attempting to proxy-redirect the page back to the client.

View 7 Replies View Related

Cisco WAN :: 2600 - Redirect Web Traffic To External Proxy In Specific Port?

Jan 18, 2010

I want to redirect internal web traffic (browsing) to an external web server for Web, Virus and Spyware filtering. Those externals proxies are running in 8080 port. I have one ASA firewall and a Cisco 2600 router. I was thinking in doing PBR in the router but in the next hop I can only set one IP, not an IP and a port. So how can I redirect web traffic to an external proxy listening in 8080 port?

View 11 Replies View Related

Cisco Switching/Routing :: 1841 - Access To Web Server On Outside Address From LAN

Jan 22, 2012

I have a 1841 deployed as my NAT device towards internet. NAT is setup so that internal addresses can access WWW. I also have some NAT translations opening speciic ports from outside to inside in the form: ip nat inside source static tcp A.B.C.D 443 A.B.C.D 443 extendable.
Now have an outside address/port setup with a public DNS reference and using NAT from outside to get access to the corresponding inside address. It works when being outside the LAN.
Now to the problem: From the LAN side of the router - i cannot access the public name. I can ping it - but my browser dont find the webserver behind the name. Someone told me it should be setup as "local firewall domain" - and i should set this up as "source NAT".

View 12 Replies View Related

Cisco VPN :: RVS4000 - Routing From A LAN IP Address To Another One Inside VPN?

Mar 17, 2011

I am using 2 vpn-routers RVS4000, to interconnect 2 hybrid telephone  IP-PBX. After configuring the VPN the head offices are not seen in network. The VPN is active in windows.

IP-PBX works correctly in te same LAN. I understand that the problem is that I do not find how to indicate the router to send de UDP packets to the correct IP thought the VPN.

View 1 Replies View Related

Cisco Switching/Routing :: 3750 / Access A Target Server With IP Address

Oct 16, 2012

Today when we run one applcation to access a target server with IP address, the application cannot run through and appearing error message related networking.The target server has two network ports whereby another one with IP is running OK with the same application. All these two connections are connected to the same Cisco switch 3750, after the switch then go to Cisco ASA firewall which has no access control rule for this and its subnet, and then the firewall connect directly to the application server.We can ping, remote desktop access and telent port for the application to the target server by using swapped the cable connection of the ports from one another and try the application again, the IP with is still fail and IP with is OK.We then change the IP from to or, all are OK. We changed back to, it is failed again.The switch is in running real time production and so we cannot power cycle or reload the switch.

View 9 Replies View Related

Cisco Switching/Routing :: SW2960G - Server Is Not In Mac Address Table But Can Ping Its IP

Oct 28, 2012

I have the switch ============>>>>>        
sw2960g============server linux
As u see above , the inetrface Gi0/6  , Gi0/7  are  connected directly to linux server  by two redundent links .
I mean that Gi0/6 is connected to interface0 in linux server
and Gi0/7 is connect to interface interface1 in linux server
Gi0/6===>vlan 1
Gi0/7===>vlan 2
each interface of linux server has a different ip and different gateway .
Now  from switch, I  make ping to interface 0 of linux server and i have a reply , every thing is ok but when i type the command :
#sh mac address-table  | i Gi0/6
There is no Mac addresses and seems no Mac address relative to Gi0/6, I mean that doesn't it mandatorty to learn the mac address of linux server and write in mac table  relative beside  interface Gi0/6 ? How I could ping the server but no mac beside Gi0/6 ?

View 11 Replies View Related

Cisco Switching/Routing :: 6500 Single IP Bound To 2 Server Mac Address

Jun 11, 2013

I have 2 servers, one active, the other standby, both will be using the same IP. If the active fails then a re-patch for the standby to make this the active. I understand that i will need to clear the arp & maybe mac address table on the 6500 for the new active server to work, as the failed server will have its mac address on the 6500,.
is there a way around this so i dont have to clear the arp cache & clear the mac table? [code]

View 6 Replies View Related

Cisco Switching/Routing :: 3750 - DHCP Server Doesn't Provide IP Address

Dec 11, 2012

a new LAN installation, two VSS pair 6509 core, 15 closets, with 3750 stacks. Floor 15 only, devices/hosts can ping teh DHCP server but cannot aquire IP addresses. no such problem on other floors?
portfast an dother parameters are intact.

View 2 Replies View Related

Cisco Switching/Routing :: 3911 Router DHCP Server Not Giving IP Address

Jan 30, 2011

I have a 3911 router with a 1242 AP. The problem that I have is that when the user is trying to connect, the user get the OS Ip address and I see that when I do the "show dot11 association" command, but when I do sh ip dhcp binding on the  router I see        0100.18de.74db.14       Jan 31 2011 11:14 AM    Automatic
The router is seeing as if the router gave the ip address to the user, but the reality the user was assigne the OS ip address 169. I did "debug ip dhcp server events" and I got the following:
Jan 31 11:09:06.752 EST: DHCPD: Seeing if there is an internally specified pool class:Jan 31 11:09:06.756 EST:   DHCPD: htype 1 chaddr 0100.18de.74db.14
Jan 31 11:09:06.756 EST:   DHCPD: remote id 020a00000a58218400000000Jan 31


View 10 Replies View Related

Cisco Switching/Routing :: Nexus 7010 New Users Were Not Getting Ip Address From Dhcp Server

Jun 8, 2013

We  have 2 nexus 7010 switches configured with HSRP in the network. For all  the vlans core1 is Master and Core2 is standby. In the current setup we  have external dhcp server and dhcp relay is configured for all the  vlans on Master and standby switch. The setup is running the IOS 5.2
Activity Done: During  the Maintainacne activity, we isolated core1 switch in the network by  disabling the vpc/keepalive and all the uplinks from access switch. The  core2 switch was master for all the vlans.
Issue observed: It  has been observed that new users were not getting ip address from the  dhcp server. The ethereal capture showed that dhcp server was not  getting the dhcp requests from the core2 switch. We disabled the dhcp  feature in core2 and enabled again with dhcp relay again configured on  vlan interfaces .even after doing this no change was observed in  behaviour. Finally we got core1 back in network by enabling all the  links.
Observation: The  moment VPC link came up between the core switches, users started  getting ip's from dhcp. Then we started enabling all the uplinks on  core1.Core1 again become master for all the vlans and users continued  getting ip’s. Network running fine.
Further Testing

1. For  one of the vlan, core 2 switch has been made primary and for new users  checked the dhcp functionality and it was working fine. The aim was to  identify if anything wrong on core 2 related to dhcp relay

2.Again  we changed the priority for this vlan and made core1 master for the  same. This time we disabled this vlan on core1 and tried new user with  core 2 became master and dhcp functionality worked fine for new user.  Actually in this case we have simulated the same behaviour when we  observed the issue with only difference of VPC was not available during  the issue time as core 1 was isolated form network 
Inputs needed.

Is  there any known behaviour for dhcp functionality when VPC is  unavailable? If we see the test scenario2 (wherein core1 was master for  the vlan and we disable this vlan on core 1 and core 2 was able to relay  dhcp requests for new users in this vlan.) it was actually same as  scenario we observed during issue time..

View 7 Replies View Related

Cisco Switching/Routing :: 6509 Use Policy Based Routing To Redirect Http Traffic

May 29, 2012

We have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?

View 11 Replies View Related

Cisco VPN :: Redirect On ASA 5520 For SSL VPN Clients

Dec 26, 2011

You have a Cisco ASA 5520 where clients connect using Cisco Anyconnect SSL VPN, say the URL is You would like for when a user enters either [URL] or just into their web browser that it automatically puts the required url...

View 1 Replies View Related

Cisco Switching/Routing :: Can Layer 2 2950 Switch Be Used As DHCP Server With Its Own Address Pool

Mar 18, 2009

Can a layer 2 cisco 2950 switch be used as a dhcp server with it's own address pool.

View 3 Replies View Related

Cisco Switching/Routing :: 2960 - DHCP Server Port-Based Address Allocation

Nov 15, 2012

Does the 2960 switches with LAN-Lite support DHCP Server Port-Based Address Allocation?

View 1 Replies View Related

Protocols / Routing :: Change Assigned External Ip Address?

Mar 30, 2011

How can I change my external IP address which is assigned

View 1 Replies View Related

Using External DNS Inside LAN?

Apr 19, 2012

I think the subject gives a good first impression of what I'd like to achieve.Anyway i'll give a little more context.I'm running a Windows Home Server in my LAN and I would like to use it's functionalities (especially the streaming) features from "anywhere" using the same URL.My is a Linksys WRT160Nv3 running on the DD-WRT v24-sp2 firmware.I've already setup the necessary port forwardings, as most of the WHS sites run on ports 80 (http) and/or 443 (https) and my isp is blocking all ports < 1024 (I know it suck, but nothing to do about)Anyway, outside my network (friends home, work, ...) I can access my home server browsing to :// or I want is that this (external) DNS also works when i'm inside my network (so when I'm at home).

Is this possible?I want this because on the home page of the WHS web interface, I have some links (for example to sabnzb, or the webpage of my raid controller, etc etc, but they all point to url's (with the external dns) are not working when i'm inside my lan.I'm not an export but i'm quite sure it's a DNS issue.Some more info:When i do an nslookup I see the (external) static IP that has been assigned to my router.When I do a ping to I also get a reply from the (external) static ip that has been assigned to my router.

View 3 Replies View Related

Cisco Switching/Routing :: Can 7600 Redirect Layer 4 Traffic

Dec 6, 2012

i want to to ask about redirecting in MLS 7600 .assume the user a has an ip x.x.x.xand that user requested url...i want to to redirect his request to url...the users that have to pay the monthly bills , i want to give thim an ips  and redirect all the http requests from this to a special local webpage .is is applicable to to it on router cisco 7600 ??or is it applicable on router 7206 npeg2 ? also i have siwtch 2960g.i dont want to do it by proxy server.

View 4 Replies View Related

Copyrights 2005-15, All rights reserved