Cisco Switching/Routing :: ASA 5505 / How To Enable Access To Local LAN
Jan 19, 2012
i have configuration my network infrastructure with the asa5505 like on image. i want that my users from lan 10.13.10.0/24 can to access to my LAN 192.168.0.0/24. can i use just routing or i must to use site to site VPN. how can i do it? how configure my asa 5505.on my LAN1 there's DHCP. From LAN side of my asa5505 i must disable DHCP.In my LAN1 i have DNS,Domain Controller. The users from my LAN3 need to access to LAN1 because of authentication and access to resources and programs. i attached my picture with configurtion.
My laptop has windows 7 , its connected to the internet wireless , now , i want transfer files from my desktop to the laptop so i cannect them with an ethernet cable.. now how i can make that happen , my desktop has window xp
I am trying to enable access to use RealVNC on our Cisco ASA 5505 without using VPN. RealVNC uses port 5900. Users should be able to vnc to 99.23.119.78 and reach our internal server 192.168.1.4. So far they are receiving connection refused.
i have a problem with my asa 5505 Remote VPN Connection with local network access , the VPn is working fine and connected , but the problem is i can't reach my inside network connection of 192.168.30.x , here is my configuration
I need configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.I have attempted to configure rdp access but it does not seem to be working for me. How to modify my current configuration to allow this? I need to allow the following IP addresses to have RDP access to my server: [code] The other server shows up as 99.89.69.334 but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. My configuration file and what are the commands i need in order to put this through. Also, if there are any bad/conflicting entries. Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course.Also the bolded lines are the modifications I made but that arent working. [code]
I am configuring remote access vpn on ASA5505.Everything is working fine so far, except when the client got connected, it still used the local DNS server provided by the ISP. How do I force the client to use the DNS server configured on ASA?
I have a Cisco ASA 5505 in my home office which has a few PCs behind it with a linux web server running some websites. I can access the websites from outside no problem (i.e. on my iPhone using a 3G connection). However, I struggle to access the websites from within the network. The ASA gives me this error: [code]
I have set up a scenario for a small business and have some questions about how to manage the access between the VLANs. Is there is a better / another way to do it. See the attached picture for the topology / info.
My question is: My switches is set up with x numbers of VLANs and a routed port (no switch port) to the ASA for internet connectivity. How is the best (or only??) way to manage the access between the VLANs? Is it ACL's on the switch?
And by "managing access" I mean VLAN 50 (public WiFi) only have access to the internet, only management servers have access to management VLAN, Client VLAN only have RDP access to server VLAN and so on. Is there any way to do this in the ASA (or add another (gigabit) router to the topology)) or it the only way to have lots of ACL's on the switch itself? I have thought about "router on a stick", but then I imagine there will be a bottleneck between the switch and the ASA?
(Equipment is 2 x 3650G, ASA5505, AP1252 - see attached file).
We have an ASA configured to access the internet, which works fine for clients who have an IP address assigned by DHCP, but not for clients with manually assigned IPs.
For instance, with the DHCP server configured to give IP addresses between 172.16.101.1 and 172.16.101.10, a device may get the IP address 172.16.101.1. This machine will have connectivity to the internet.
If we then configure DHCPd server range as 172.16.101.2 to 172.16.101.10 and statically assign the 172.16.101.1 IP to the client, it will not have internet access. It will, however have inside access and VPN access.
If I try to ping 8.8.8.8, the following is logged:
Where 'servers' is the name of the inside interface the request is made from and 'xxx.xxx.xxx.100' is the external IP. It seems as DNAT is not working when the client IP is static assigned.
My exchange server hosts remote outlook clients and remote web access
no one on the remote side can access my exchange server
internal mail flows in bound and out bound.
My iphone can not access the exchange server either.
When the Cisco 851 was online all the above worked great. Nothing changed on the remote client side just put the ASA 5505 in service.
I am new to the ASSA 5505 family. Had a reseller configure the router but unable to get them at this hour. Called Cisco support but they are closed at this time also.
I have purchased these two switches from ebay as a test lab, I plan to connect them up via a gigastack modulecable and enable ip routing on the c3550 and vlans to talk to each other.
I'm very much a procurve person and really need to get into the cisco switching.I will want to trunklacp between the switches - whats the process is setting that up on cisco switches?
Have a 3750X running at the moment and has about 30 vlans all connected and just use the ip route global config command to enable routing. Plan is to switch out to the 4503E, with IPBase license. When ever I issue the same command, and do a show run its not there. I get no error when I issue the command either. And yes I have rebooted. Do I need to use RIP or OSPF routing? When I do a show ip route the screen looks the same with all the codes, though gateway of last resort isn't set even though I do have ip route 0.0.0.0 0.0.0.0 a.b.c.d in the config. Or is ip routing just enabled by default?
I am trying to enable policy based routing on a new 3560x switch.The device has the following code c3560e-universalk9-mz.122-55.SE1.bin and the IPSERVICES license
I can create the route map in global config mode but when I try to enable pbr under the required interface the commands are not there.therefore I am typing ip policy route-map "name" the word policy does not show up in the interface config mode. I have also change the sdm profile to routing this has not made a difference.
see the attached diagram to explain the network. I'm trying to do a "port-to-port" layer 2 connection on an ASR that will bi-directionally bridge a physical interface to a sub-interface. I tried using " connect VLAN200 Gig0/1/0 Gig0/0/3.200 interworking ethernet " but I'm not getting traffic through the connection.
I don't think BDI will work because it requires a Layer 3 point. I have to make this Layer 2 switching.
I am trying to configure a 3750 48 port switch and having trouble with getting it to see the sfp. I just want to set up the router with a pretty basic set up since I am using it for a ping test between 2 buildings, via fiber. How I can enable the sfp port?
I have 4506 with below sup, my requirement is to enable netfolw , but as i came to know that it is not supported in this sup, is there any additional option which can be explored to get the netflow working without replacing sup.
Card Type Model -------------------------------------------------------------+----------------------- Sup 6-E 10GE (X2), 1000BaseX (SFP) WS-X45-SUP6-E
i am having 2950 switch. Now i login through telnet but as per the company standard i have to login through ssh. Is there any possible to enable the SSH in 2950. Any IOS supporting this operation.
On my 2650 Router it just has only Telnet password.It has no enable mode password set.After reboot it is goes to prompt mode BB.I am unable to go to enable mode .how can i go back to enable mode on this router?
I have a 2960G that I keep on the bench as a work switch. I assigned an IP address to it. The techs have had trouble imaging workstations using GHOST. Do any config changes need to be made to enable multicast to work? Everything is in VLAN1 at this point and the GHOST server is also the DHCP server.
To enable netflow export on ASR1001, do i need the firewall feaure license or not ?Docs are not really clear, NBAR requires FW license, but i am unsure about Netflow?
How do i enable InterVLAN MultiCasting. I have a WS-C3560G-24TS as my core switch and it does InterVLAN Routing. I have a Server VLAN (70) and Workstation VLAN (71). I have a server that i have set up to deploy images to computers. Up to this point i have only done one computer at a time, so unicasting was ok. I would like to be able to Multicast to multiple computers, but am unsure what i need to do on the switch (if anything) to enable this.
We have 4507 distribution switch in our network.I am trying to enable ssh in those switches but seems that ssh command is not supporting. IOS version - cat4500e-universal.SPA.03.03.00.SG.151-1.SG.bin
I have been trying to get the http server enabled so I can access Cisco Network Assistant. I have my interfaces configured but for some reason the server in not running, port 80 is still closed. [code]
I am planning to enable MAC address filtering (one port on 4510 & another 3560). I want to allow only that MAC address to communicate via that port with the rest of the network and internet.
4510 has PC connected and 3560 had polycom connected. [code]
I have a hub and spoke WAN that conisits of one core location with with a 6500 and nine other buildings using 4006 Catalyst that conenct back to the core via dual gig fiber. We are using EIGRP at each location as well as the core. I was tesing something at one of our buildings decided to hang a 3750 off the 4006 and enable the same eigrp process on the 3750 that is enabled on the 4006 and 6500 (EIGRP 1).
1. All the routes that the 6500 knows about are advertised out to each of the nine locations. 2. The 4006's are all advertising thier directly conencted routes to the 6500.
Onto the location I was testing at:
The 4006 where I was testing at has four vlan interfaces enabled and they are in an UP/UP state. The ip routes from the 4006's directly conencted vlan interfaces propogate to the 6500 at our core location and the 6500 sucsefully propgates these learned routes to all the other 4006's.
This past Friday I configured a 3750x with two /22 vlan interfces and one physical gi port with an IP address and also configured on Ethernet port on the 4006 with an IP address in the same network block as the 3750x gi interface (a /30 netowrk block). I saw both interfaces come up and EIGRP sucesfully established a neighbor adjecency between the 3750x and the 4006.
I noticed that the 3750 advertised out all of it's directly conencted routes to the 4006 and the 4006 advertised it's directly conencted routes to the 3750. However, the 4006 did not advertise any of the routes it had learned from the 3750x to the 6500 and nor did the 4006 advertise any of the routes it had learned from the 6500 to the 4006. My suspicion is that the "eigrp stub connected summary" statement is enabled on both the 4006 and 3750 thus prevenintg them form advertising out any routes other than thier directly conencted routes. Can any of you verify that I'm either correct or inccorect about this?
here are the eigrp statemnets from the 6500 and 4006:
