Cisco Switching/Routing :: ASA5505 - Setup Ethernet 0 / 6 To DMZ Connection?
Jun 12, 2012
My first time programming a Cisco ASA - Anyways I''m trying to setup up Ethernet 0/6 to be a DMZ Connection When I add port 0/6 to DMZ it gives me an error saying "The IP Address X.X.X.X /Subnet Mask cannot overlap the subnet of interface outside"So my question is I have an outside connection already configured - How can I make a DMZ connection with the same subnet mask with a different IP?
View 1 Replies
ADVERTISEMENT
Jul 10, 2012
I have the possibility of upgrading a DS3 to Metro Ethernet, Gigabit connection. My dilemma is I have two VTP domains in my network. How can I get two VTP domains over one trunk to a remote site ?
View 0 Replies
View Related
Feb 24, 2011
I'm trying to set up a wired ethernet connection to a wireless Belkin router. The wireless router works fine - I have several devices that will connect wireless with no problem. The hp desktop I'm trying with the wired connection is showing that the ethernet connection is working, but it's not asking for the wireless network name or security code, and the internet will not work?I made sure the desktop was set up to automatically obtain IP addresses, then I did the "ipconfig /flushdns / ipconfig /release and ipconfig /renew commands, but it still won't work.
View 5 Replies
View Related
Sep 18, 2012
I recently purchased a Mac and wanted to reset my wireless router and set it up using my mac. However, when I downoaded the software to set it up again, it said it was not compatable with my Mac OS (X Lion 10.7.4). I am sure there is a way to manually set it up via an ethernet connection, but I am at a loss as to how to do that. The wireless router is working just fine, I am able to connect to the internet wirelessly and there's nothing wrong with my internet service, however the wireless router is not secured.I have my Mac connected to the wireles router via an ethernet cord.
View 1 Replies
View Related
Feb 15, 2012
I have 2 data centers miles apart. They are on a Paetec MPLS. I have a Lightower point to point Ethernet link between the two data centers as well. At data center A, I have a Paetec managed router (192.168.2.1). The subnets behind that router are 192.168.2.0, 192.168.100.0 and 192.168.101.0. I also have a Cisco 1841 that is configured with fa0 addressed as 192.168.2.250 and fa1 as 10.5.5.1. Fa1 is the one end of the point to point Ethernet link to data center B.At data center B, I have a Paetec managed router (10.0.2.1). The subnets behind that router are 10.0.2.0, 10.0.100.0 and 10.0.101.0. I also have a Cisco 1841 that is configured with fa0 addressed as 10.0.2.250 and fa1 as 10.5.5.2.What I want to happen is any traffic headed from data center A destined for 10.0.100.0 or 10.0.101.0 to be routed through the point to point Ethernet link. I had Paetec add routes in their managed router to route any traffic headed for 10.0.100.0 and 10.0.101.0 to my Cisco 1841 (192.168.2.250).I wanted to do the same for traffic destined for 192.168.100.0 and 192.168.101.0 from data center B. Paetec added the appropriate routes to the router at data center B.Now, if I trace from data center A to 10.0.100.45, I see this:
1 <1 ms <1 ms <1 ms 192.168.2.1
2 <1 ms <1 ms <1 ms 192.168.2.250
3 4 ms 4 ms 4 ms 10.5.5.2
4 3 ms 3 ms 3 ms 10.0.2.1
So the routing seems to be ok. However after it hits 10.0.2.1, it gets lost after that.Am I missing something? Is this a misconfiguration on Paetec’s routers?
View 1 Replies
View Related
Feb 20, 2012
I curently have 2 Data centers connected with a Metro Ethernet Connection. Each Data Center has 6500 with Sup720s. The Metro Ethernet connection is currently conected by a L3 routed interface. I now need to enable VRFs between the locations and want to determine the best way to adjust the Mero. I was considering adjusting the routed interface to use Ethernet sub-interfaces. Each VRF would be given a different subinterface over the Metro Ethernet connection. I have done this on internal LAN connections but am concerned about exteding across data centers over Metro E.
View 1 Replies
View Related
Sep 25, 2012
I have an internal server that is running DNS. I have that server configured to foward out to OpenDNS. I am using OpenDNS to do web filtering for my internal network. It looks as if the relay is not working in the router and that it is not fowarding those dns requests from my internal DNS server and out to openDNS. I have went back and added the name-server option for 208.67.220.220 and 208.67.222.222 (OpenDNS), but that has not fixed my problem.
Here's my running config:
eep-asa(config)# sh run
: Saved
:
ASA Version 8.2(5)
!
hostname eep-asa
domain-name expertep.com
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
[code]....
View 7 Replies
View Related
Mar 17, 2012
i have the asa5505. the configuration of asa 5505 is:
: Saved
Code...
i analyzed this traffic i see problem with the nat- Asymmetric NAT rules matched for forward and reverse flows. where i made error?
View 0 Replies
View Related
Jul 3, 2012
An ASA 5505. Device boots to rommon #0> and stays there. The complete boot record follows:
CISCO SYSTEMS
Embedded BIOS Version 1.0(12)13 08/28/08 15:50:37.45
Low Memory: 632 KB
High Memory: 507 MB
[Code]....
View 15 Replies
View Related
Dec 26, 2011
How can i create an top 10 list of the most popular website that users connect to through the ASA Firewall.
i have enabled HTTP inspect, and setup an Syslog server (S plunk), that collects all HTTP entries in the log, but i don't know how, to create an top list in s plunk.(don't if it is possible)
is there a better way to do this ? e.g. URL filter with web scene or IPS
View 1 Replies
View Related
Mar 20, 2013
I have an internal DVR system that I am trying to share to the outside world. We recently put in an ASA5505 and I am having trouble getting the settings correct.I want to use an external IP to access the DVR system from anywhere and have my ASA5505 redirect the traffic to the internal IP address. I assume I need to use a NAT and a route policy however can not figure out how it would be.
View 11 Replies
View Related
Feb 2, 2012
I'm having an issue routing between vlans. I have vlan 1, and 2. I want to ping something on vlan 2, from vlan 1. I cannot ping from a computer on vlan 1 to a computer on vlan 2. I can ping each computer from the ASA 5505. I get an error on the ASA when I try to ping from the computers. The error is Failed to locate egress interface for UDP from voice:192.168.0.199/137 to 192.168.1.200/137. I can't understand why it even mentions IP 192.168. 1.200/ 137... I reset the unit configuring it from scratch and still no go. I have no given a static route to the out yet.. I need to get inter-vlan routing working first. [code]
View 13 Replies
View Related
Sep 1, 2012
We are finding the price for ASA 5505 to high and our clients are having problem securing budgets for these devices. We don't want to move to different vendors and we have a team of people we already know Cisco well.I have seen Cisco router 877 which have the ipadvance ios, is this the same as the ASA5505.We would like to offer our clients an alternative to ASA5505, but something which can do the same as a edge device but also protect the client from malicious attacks and has CLI.
View 1 Replies
View Related
May 23, 2012
I'm building the below network configuration:
WAN -------- ASA5505 ------<802.1q trunk>----- L3 switch -----<802.1q trunk>----- L2 switch w/ VLAN support
The following VLANs exist on the ASA and both switches: VLAN 10 (10.10.10.0/24), VLAN 11 (10.10.11.0/24), and VLAN 99 (10.10.99.0/24).
The ASA5505 performs the following functions: routing to/from the WAN, firewall, NAT, and DHCP for each VLAN. It has an interface on each VLAN (10.10.x.2) for a DHCP server.
The L3 switch provides inter-VLAN routing and layer 2 switching. The L2 switch provides layer 2 switching, with VLAN support.
What should the default gateway on the L3 switch be? Should I set the IP of the physical interface connected the L3 switch to the ASA5505.
View 8 Replies
View Related
May 20, 2012
I'm trying to configure an 1142N AP + 2960-S + ASA5505 with wireless, vlans and trunking with no success. DHCP is provided from my DHCP-server on the inside.
View 4 Replies
View Related
Apr 11, 2013
remote location on MPLS circuit terminated on a Cisco router that has Internet connectivity through Central Site router. We are installing a cable modem at the remote location that is to be used as the Primary Internet Connection but still be able to use Internet through MPLS if the cable Internet goes down. We want the failover/fallback to be handled automatically.
We have an ASA5505 for the cable Internet which then feeds into the ISPs modem.
At first I was thinking about getting a module for the remote router so the cable Internet could be terminated on the remote router as well but that introduces a single point of failure. I would also like to firewall both the MPLS and the cable Internet but if I do so on the ASA there is another single point of failure.
View 2 Replies
View Related
Jul 24, 2011
It is understood that sub-50 ms ERPS convergence can be achieved with certain HW/SW combinations.
1) What are the platforms supported (and with what FW/SW) has this been tested ?any results that can be shared?
2) Link failure detection in GigE on Copper is slower compared to GigE over "pure" Fibre; so no sub-50ms would be possible with Copper ring ports.is sub-50ms convergence achievable with "combo SFP ports" ?
View 1 Replies
View Related
May 3, 2012
I'd like to setup a DMZ network with the ASA5505. Do I need the "Security Plus Bundle"?
View 1 Replies
View Related
May 9, 2013
I have a Any Connect setup and able to VPN into my office.i bought a ASA5505-SW-UL that is unlimited user (UL) software license but now the vendor tells me that: From the ASA you can saw the unlimited license is for inside hosts, instead VPN client's, by default, ASA 5505 included only 2 VPN client's and can supported up to 25 VPN client's, your license look only default 2 VPN client's. If need more VPN client's connect, you have to purchase the additional VPN client's license. I am just wondering his statement TRUE/FALSE, because i thought ASA5505-SW-UL means unlimited license
View 4 Replies
View Related
Apr 12, 2011
I want to set up our ASA5505 firewall to allow access from the Cisco VPN Client software.I have nstalled the client software then tried using the VPN wizard to set up the connection without success, I am running Windows 7 32 bit and Cisco client 5.0.03.0530. [code]
View 22 Replies
View Related
Sep 18, 2011
I have just purchased and setup a vpn on my ASA5505 and now I wish to setup a Windows VPN client to use it. Does CISCO have any free vpn clients for Windows?I tried to download a client from the CISCO downloads area, but it's for some kind of purchase agreement. I would have thought that the vpn client was free to download given my ASA comes with two free vpn licenses.
View 5 Replies
View Related
Jun 17, 2012
I'm trying to setup a VPN connection for the two PC's in the graphic below. I have the link between the two locations setup and secured, now I just working with the routing elements.what I need to add to the firewall config in order to get this to work? Here is what I have:
SITE A------access-list mpls_vpn_sitea extended permit ip host 172.168.199.1 host 172.168.199.2 access-list mpls_vpn_sitea extended permit ip TEST-LOCAL 255.255.255.0 TEST-REMOTE 255.255.255.0crypto map mpls_vpn 1 match address mpls_vpn_siteacrypto map mpls_vpn 1 set peer 172.168.199.2 crypto map mpls_vpn 1 set transform-set ESP-3DES-SHAcrypto map mpls_vpn interface MPLScrypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
SITE B------access-list mpls_vpn_siteb extended permit ip host 172.168.199.2 host 172.168.199.1 access-list mpls_vpn_siteb extended permit ip TEST-LOCAL 255.255.255.0 TEST-REMOTE 255.255.255.0crypto map mpls_vpn 1 match address mpls_vpn_sitebcrypto map mpls_vpn 1 set peer 172.168.199.1 crypto map mpls_vpn 1 set transform-set ESP-3DES-SHAcrypto map mpls_vpn interface MPLScrypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
do I need to specify a route between the two networks? What do I need to have for NAT statements?
View 10 Replies
View Related
Feb 5, 2013
New to Cisco but learning some. Needing to know what I should code into CLI on my ASA5505 to make it work with comcast modem which uses DHCP for it's addressing from Comcast proper.
View 2 Replies
View Related
Jan 21, 2013
I just joined this company and they already ad a VPN to one of their partners that provides them access to some resources. We have now added a 2nd location but the partner wouldnt allow a 2nd VPN tunnel so the decision was made to give the new location a ASA5505 to tunnel thru the main office to access the resources at the partners site.Using ASDM i believe i was able to setup the tunnel to the main office but there is no resource there to use. Now i'm stuck and i do not know what to do to get to the partner site
View 4 Replies
View Related
Jun 2, 2013
I have setup a Remote access VPN on my ASA5505 firewall through the ASDM wizard.I can successfully connect with the Cisco VPN client. My firewall also shows me the VPN session and shows incoming Rx packets. However, Tx packets remain 0, so no traffic is going out. My ASA5505 is configured as router on a stick with 25 different VLAN's. I want to restrict traffic to one specific VLAN using a crypto map.When I issue a ping -t command on my connected Windows box, the firewall log shows me the following message:
"IKE Initiator unable to find policy: Intf outside, Src: 10.7.11.18, Dst: 172.16.1.1."
"This message indicates that the IPSec fast path processed a packet that triggered IKE, but IKE's policy lookup failed. This error could be timing related. The ACLs that triggered IKE might have been deleted before IKE processed the initiation request. This problem will most likely correct itself." [code] I have really no idea what's going on. I have setup a Remote access VPN countless times but this time it shows me the error as described above.
View 5 Replies
View Related
May 21, 2013
I have a Cisco SG 300-20 as the core switch, layer 3. It is 192.168.4.6 on VLAN1 and 192.168.5.1 for VLAN2 (VOIP). All the ports are set in trunk mode. DHCP relay is setup on this switch.
The phones connected into a layer 2, Catalyst 2960-S switch. All ports are set in trunk mode. Default gateway on it is set to 192.168.5.1.
DHCP for both VLANs is provided by a Windows Server 2008 R2 server (the relay IP 192.168.4.15).
There is also an ASA 5510 in the mix which is 192.168.4.1. It has a route added to it for the 192.168.5.0 network to go to the SG 300 (192.168.5.1).
Just the two switches can ping each other on the 192.168.5.x network when I "add vlan 2" to the trunk port that is connected between the SG 300 and the 2960. The phones don't get DHCP on the 2960 switch. And I cannot ping 192.168.5.x from the ASA or anything else on the 192.168.4.x network.
After a bit of reading on intra-vlan routing for the SG 300 switch, I am thinking the SG 300 has to be the "center" of things so I need to make it 192.168.4.1 to be the gateway for both VLANs and change the ASA to 192.168.4.2 for VLAN1, etc. And I really can't do asymmetric routing with this switch.
View 1 Replies
View Related
Jan 19, 2013
I have a power conncet 6224 with routing enabled with several VLANs setup.VLAN Database: 6,8,10,90-254VLAN 6 is our management vlan10 is for our core network services (DNS, Domain, Exchange etc)90-254 are isolated vlans.What I need to accomplish is to prevent vlans 90-254 from communicating with each other and only allow communication to VLAN 10 and the internet. All internet firewall work will be handled by our Sonicwall. [code]
View 1 Replies
View Related
May 14, 2013
I'm trying to set up per vlan routing on a 3560G switch but it's not performing as I would expect. I've got a server on the 109 vlan with a 10.1.9.100 address and a default gateway of 10.1.9.1 this address is an HSRP gateway and currently resides on 10.1.9.7. When I traceroute through to my user PC on the internal network it receives a response from 10.1.9.7 However, it is then denied by an ACL on the internal firewall which has been applied to interface Eth0/0. It should arrive at the firewall on Eth0/2.109 as it has the 10.1.9.4 address.
My goal here is to route traffic on the 101 vlan to a seperate interface on the internal firewall from 109 vlan traffic. I'm either doing something wrong or these routing commands aren't designed to work in the way I'm expecting (I couldn't find any documentation on the ip route command where it is followed by different gateways for different vlans)
interface GigabitEthernet0/12
description Internal-FW Eth0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 109
switchport mode trunk(Code )
View 1 Replies
View Related
Jan 18, 2012
There is some way to increase the speed of changing the interface state from DOWN to UP when the cable is connected. I need to configure a port of Cisco 4503 in a way that when a cable is connected the port goes immediatly UP.
A solution can be to keep Cisco interface always UP and I remember that with "no keepalive" command to the interface configuration it was possible. But I tried and nothing happens.
View 12 Replies
View Related
Aug 11, 2008
I am having a heck of a time finding information on this. I have a 2620xm router that only has one Ethernet port on it. Is there an expansion I can get that allows me another Ethernet port. I have thus far assumed that all of the WIC cards won't allow me to attach to an Ethernet LAN.
View 7 Replies
View Related
Apr 28, 2013
I'm using 3640 router running on c3640-js-mz.124-25d.bin IOS. I'm using NM-1A-OC3SML= (ATM OC3, long reach single mode) interface card. Now my pc is connected an fast ethernet interface of the router. Need to know the ATM configuration on this cisco 3640 router in order to achieve the ATM over ethernet traffic get success. As of now i've confugred as below but it's not working it seems.
interface ATM2/0
bandwidth 120000
ip address 10.2.2.1 255.255.255.0
no atm ilmi-keepalive
pvc 0/36
protocol ip 10.2.2.10 broadcast
cbr 70000
encapsulation aal5mux ip
let me know the correct encapsulation type for the connectivity.
View 2 Replies
View Related
Feb 14, 2012
I own a Cisco 892W router. The router has 2 WAN ports and 8 switch ports. Now I know -
-WAN ports can create sub interfaces, assigne IPs, cannot be assigned to a VLAN - sounds very much like a routing port. (sh interface gives - Hardware is PQII_PRO_UEC)
-Switch ports are for VLAN assignment, trunking, IP assigment etc,. (sh interface gives Hardware is Fast Ethernet)
I know they are different but at the same time confuced what the difference are? I also know on some 3xxx series switchs you could say "no switchport" and translate a switch port to a layer 3 port. But on 892W you can't do this? Struggeling to understand the difference.
View 4 Replies
View Related
Jan 11, 2012
I am looking a 16 or 24 Port Ethernet (NON POE) card for my 2800 Cisco Router NM-16ESW is EOL/EOS and the replacement is shown as SM-ES2-24 However SM-ES2-24 is not supported on Cisco 2800 Series.
View 2 Replies
View Related