Cisco Switching/Routing :: RV042 - Firewall Blocks Ports Though Access Rule
Dec 10, 2011
I have a Cisco RV042 Wired Router. I've got a static IP and a MS Small Business Server in my Router Network. I have forwarded the essential ports to use the IIS and the Exchange Server of my SBS2011 (HTTPS, HTTP, smtp, rpc). I have also created some access rules for these ports, but I don't have any access on my server services, if the firewall is activated.
Here are my Firewall Access Rules from the RV042 Web Interface:
View 16 Replies
ADVERTISEMENT
Jun 3, 2013
I have a server behind an rv042 that i would like to block access to on one port from outside in. I have configured the rule as follows:
priority = 1. policy name<name>. enable<checked>. action = deny. service <service to block>. source interface = wan1. sources = any. destination = <public ip address of server>. day <nothing>.
This does not block the intended port from outside. I also changed the destination to be the private ip address and i changed the source interface to LAN and to *. What is the correct syntax to do this?. Port forwarding is enabled. I noticed that there is one entry in the forwarding table for the public ip but it is going to a dead private ip address. Would this have an effect?
View 5 Replies
View Related
Nov 16, 2011
Does the 3750G divide blocks of memory between adjacent ports? We have 6 high use devices on ports 1 through 6 and I was told that splitting them up allocates memory better. Is this correct?
View 1 Replies
View Related
Dec 10, 2011
I have a Cisco RV042 Wired Router. I've got a static IP and a MS Small Business Server in my Router Network. I have forwarded the essential ports to use the IIS and the Exchange Server of my SBS2011 (https, http, smtp, rpc).
I can use the IIS, if the firewall is activated, but the exchange Server can not receive any emails. I have also created some firewall access rules for the mentioned services but without success.
View 1 Replies
View Related
Nov 1, 2011
We have a setup where our e-mail server is hosted in-house.Our network is connected through a RV042 gateway. Port 25 is forwarded to our internal e-mail server.Our smtp service should be limited to receiving incomming connections only from 4 specific ip ranges which I set up in the firewall rules.The reason is that all smtp is managed and protected by an external anti-spam/vires provider.
However it looks like any computer is able to connect to our port 25 and be forwarded to our e-mail server.Does portforwarding overrule firewall rules - ie. you can not limit access with the firewall if you decide to port forward?Is this a "fixable" situation - or is the RV042 not built for handling this setup?
View 5 Replies
View Related
May 22, 2012
i have a cisco asa 5510 and would like to add a NAT rule for a range of ports like 50000-59999
View 1 Replies
View Related
Jan 18, 2011
what is the purpose of the "Permint all traffic to less secure networks".
Well I know the purpose and the technique to handle some sercurity level is nice. when I cannot add add a rule without deleting this implicit rule?
The technique of security level is then obsolete?
View 8 Replies
View Related
Apr 17, 2011
I am creating access rule on a ASA5520 running ASA 8.2 (1) and ASDM 6.2(1) and found that the GUI has less option then when creating access rule on a ASA5505 running ASA 7.2 (3) and ASDM 5.2(3) (see attachment). Is there an option that enables me to get the same configuration options on the ASA5520 running ASA 8.2 (1) and ASDM 6.2(1) as I have on the ASA5505 running ASA 7.2 (3) and ASDM 5.2(3).
View 4 Replies
View Related
Oct 13, 2011
I have a PIX with 600 active access rules but many rules arent't in use. A lot of the rules aren't necessary anymore but I don't know what they are. How to know what rules are working?
View 4 Replies
View Related
May 3, 2012
I have the rv042 vpn router which is the main gateway for our internet, connected to the vpn is one server for a software and then another computer is connected for a web server software, well i need to get these setup like so
Setup firewall rules that will block all inbound Internet access to the web server except port 443Setup firewall rules that will block all communication between the two internal networks, except ports 7000 and 1702These must be on two different internal networks
View 2 Replies
View Related
Jan 20, 2013
I have installed a new ASA5510 with CSC, and everything is working properly except the access to websites using https. All sites/access to them seem to be blocked by the ASA. I have read that this access is by default enabled and I have tried to add configuration to allow https access to the firewall but without success. [code]
View 6 Replies
View Related
Nov 15, 2011
I recently installed an RV042 v1.1 vpn router (older hardware revision but using the latest available firmware 1.3.12.19-tm) and set up VPN access with the QuickVPN client. QuickVPN requires that the HTTPS setting be enabled under the Firewall options, so I did. I then scanned our static IP with grc.com's ShieldsUP! to check for open or non-stealthed ports and discovered that ports 80 and 443 show as wide open, while port 113 is closed but not stealthed. If I disable the HTTPS setting under Firewall, then ports 80 and 443 become stealthed. Is there any way to use QuickVPN and keep these ports stealthed?
View 1 Replies
View Related
Jul 3, 2011
After upgrading to 8.4(2) and ASDM 6.4(5) I seem to have an extra access rule duplicating an existing rule, this is only visable through the ASDM. When using the CLI you can't see this duplicate rule.
I therfore get the following warning everytime I make a config change using the ASDM [code] If I delete this rule it returns everytime I launch the ASDM!
I also have extra config under Firewall>Configuration>Public Servers that I didn't have before. If I delete it, again it returns.
View 8 Replies
View Related
Dec 19, 2011
We have a VOIP system from AT&T with T1 internet access. I have a RV042 setup as the default gateway for the network and the router randomly (usually over the weekend loses the internet). I have updated to the latest firmware and have check all logs on the server. When the internet access goes down we can still access the internal network. I have been power-cycling the router and then everything works fine. Is there a known issue with this router radomly blocking internet access in or out? This device should remain working at all times so that our remote users can access the company network.
View 0 Replies
View Related
Apr 24, 2012
I have a computer behind the ASA 5505 firewall. The computer needs to access Microsoft Activation Server. Reading some website information, I need to allow a huge list of servers that basically points to www and https traffic. Therefore, looking at this heavy requirements, I prefer to allow this computer to navigate to any https or http (www) server outside of the firewall.I have included my current asa 5505 configuration. [code]
View 3 Replies
View Related
Mar 6, 2012
Just started using our ASA 5505 v8.2 (1) Trying to configure the ASA appliance to allow access into an internal resource (i.e want to be able to RDP into a system behind the ASA from the internet).I have used a static NAT:
static (inside,outside) 100.100.100.2 192.168.1.28 netmask 255.255.255.255
access-list OUTSIDE extended permit tcp any host 100.100.100.2 eq 3389
When I view the logs it is reporting the following:Inbound TCP connection denied from 206.100.100.1 (external IP) to 100.100.100.2 /3389 flags SYN on interface outside.Been pulling my hair out with this one as I believe I have everything configured correctly.
View 5 Replies
View Related
Sep 1, 2011
I have a RV042 Dual WAN router. What I would like to be able to do is to direct a computer on my network to access one particular WAN. For example, WAN1 is a DSL line and WAN2 is a cable line. I would like to direct a computer on our LAN to access the cable line always, even though I have Smart Link Backup set to WAN1. Is this possible?
View 6 Replies
View Related
May 14, 2013
Is there a way to associate spare firewall ports with another port that is being used..For example...int gi 0/2 is being used currently for my web dmz. Its ip is 192.168.10.1..Is there a way for me to associate gi 0/3 with the same layer 2 as gi 0/2 ?
In my webdmz I use 2 ACE 4710 proxys in FT mode. I used a layer 2 switch to connect firewall and proxys together.
I would like to eliminate this switch if possible..and connect both 4710's (layer 2) direct to firewall.If I could make gi0/2 - 4 part of the same vlan, then I would be good to go.
View 2 Replies
View Related
Jan 28, 2013
how can I change the telnet port and ssh port for a different ones?? for example I´d like to change de default telnet port (23) for a 3333 it is possible??
View 9 Replies
View Related
Jan 21, 2012
I try to insert a picture, to make the situation easily understandable.
The problem: After I have connected one more PC to the unmanaged switch, it cannot connect to network neither by DHCP IP, nor Static IP. (Physical Link is Ok, but no communication)
Tests made:
- PC1 turned off, to test connection, but PC2 cannot connect
- portfast has been turned off on the port of Cisco (which connects to Mediaconverter), but PC2 cannot connect
- PC2 has been reinstalled, replaced, other network adapter has been inserted, but cannot connect.
- the unmanaged switch has been replaced to a new one, but no success.
PC2 can connect to Cisco only if connected directly to RJ45 port of D-link Mediaconverter. But this is not a solution, because in that office, I would need for both of the PCs.
running config of the switch:
System image file is "flash:c2900XL-c3h2s-mz-120.5.2-XU.bin"
cisco WS-C2924C-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K byt
es of memory.
Model number: WS-C2924C-XL-EN
#sh run
Building configuration...
Current configuration:
[code]....
View 13 Replies
View Related
Nov 23, 2011
I have a ASA5508 running in 8.3(2) and without enable NAT. If I do a static network address translation for a inside address. any Implict rule in xlate?In another words, what is the forwarding rule ASA choose while there is routing exist and NAT? Do I need to setup bypassing NAT?
View 3 Replies
View Related
Nov 9, 2011
I work for a small pharmacy that uses a Cisco RV120W router to separate hospital VPN traffic from general internet traffic. The VPN traffic is redirected to a dedicated T1 line (Or T-something, I wasn't involved in the actual setup of the VPN) connecting our store directly to the local hospital, and general internet traffic gets redirected to a ZyXel PK5000Z DSL modem (We have Qwest/CenturyLink 7m/768k). The DSL modem is running the latest version of our ISP's custom firmware.
Prior to installing the VPN and RV120W, LAN traffic was handled with a basic D-Link DI-604 wired router. The router itself was configured with an IP of 10.100.100.254 (With all LAN clients assigned DHCP IPs in the 10.100.100.XXX range) and "WAN" IP of 192.168.0.4, and the modem configured with a LAN IP of 192.168.0.1. The router was connected from it's WAN port to one of the LAN ports on the modem.
The modem has it's own built-in router, but the store owner wished to have an "extra layer of protection", so to speak, and had the D-Link router installed to serve that purpose. Prior to connecting the VPN, a second router was admittedly redundant and unnecessary. However, now that we have the hospital VPN, a second router is REQUIRED to properly separate the VPN traffic from other internet traffic, since the router built into the DSL modem doesn't have the capabilities to perform this task (We had already attempted to operate the VPN over DSL...it failed miserably and spectacularly. A dedicated T1 was the only reliable option).Anyway, when installing the RV120W, we duplicated every possible setting from the old router, including configuring it with a LAN IP of 10.100.100.254 and a "WAN" IP of 192.168.0.4 and connecting it in exactly the same fashion as the old router (Modem LAN to Router WAN). Essentially, the RV120W was set up exactly the same as the old D-Link router, just with the added VPN functionality.
The problem is this: ever since installing the RV120W, we are no longer able to access the DSL modem's administration page (http://192.168.0.1). We were able to do this without any trouble whatsoever with the old D-Link router, but the RV120W seems to be blocking it somehow. Any attempt to load the modem administration page just forever sits at "Waiting for 192.168.0.1...". It never times out, it never shows any error messages. It just sits there, forever trying to load the page, showing nothing but "Waiting for 192.168.0.1..." at the bottom of the screen.
Now, we know for a fact that it is NOT a problem with the modem, because if we connect a computer directly to it via ethernet (Completely bypassing the RV120W), the administration page loads perfectly fine. And, admittedly, we could configure the modem in this manner whenever required. HOWEVER, the modem is located in a rather inconvenient location (In the ceiling, sitting on top of a ceiling tile), and having the ability to remotely manage it like we could before would definitely be something we want to be able to do again...especially since there are plans in motion to install new pharmacy equipment that will require us to do a ton of "trial and error" configuration to the modem.The RV120W has been updated with the latest firmware, yet the problem still persists.
View 2 Replies
View Related
Jan 14, 2012
I want to understand - if 10G ports of 4948E (4 x 10Gb) they are block or non-blocks? I want to connect this switches with 20 GB (lag) to my BB switches and i need to prepare my infrastructure to 17.5GB troughput of video traffic.
View 9 Replies
View Related
Sep 4, 2012
I have a fresh SR520 that I only did two things to it using CCA 3.2(1):
1. Assign the address of FA4 to be 1.23.456.90 with a mask of 255.255.255.252
2. Declared a static nat of 1.23.456.90 port 80 to 192.168.75.12 port 80
I connected laptops to two ports:
1. FA0 (DHCP assigned laptop the address 192.168.75.12)
2. FA4 with the address on the laptop set to 1.23.456.90 and mask of 255.255.255.252
This is an exercise to simulate a cable internet configuration I will install the SR520 into.I can ping and point my browser to 1.23.456.89 and access the web server running there on port 80 via the inside laptop.I CANNOT point my browser to 1.23.456.90 from the outside laptop and make a connection.
What I am doing wrong with NAT? (I believe the problem lies therein as I did even try telling CCA to delete the firewall and I still could not connect to the inside web server).I have a network monitor (Wireshark) on the inside and see nothing coming across. I THINK I see successful NAT translations in the NAT logging (also in the attachment).
View 2 Replies
View Related
Feb 14, 2013
Can i configure access ports into port channel on Nexus 7K switch.If possible then provide the complete configuration.....
View 2 Replies
View Related
Nov 29, 2012
I've configured an ASA 5510 FW with asa901-k8 ios. on it's "inside" port there is 10.90.0.0 network. there is another network (10.190.0.0) in my system that can be reached via another router which has 10.90.0.253 ip address. when a client in the 10.90 network wants to reach the 10.190 network the fw redirects the request to the router (10.90.0.253) because the fw is my gateway. there is no problem so far... but... while i can ping and traceroute a 10.190... user from 10.90... network, i can't use any non-icmp appliactions. for example i can't use rdp programs, http web interfaces of some devices on remote network (10.190.0.0). what can cause that? is there any rule in asa that blocks these protocols?
View 4 Replies
View Related
Jul 13, 2012
Router 1
Cisco EPC2420
192.168.1.1Connects to ISP via F-connectorConnects to Router 2
Router 2
Asus DSL_N55U
192.168.1.2Connects to 192.168.1.12(Linux Server)
So I bought router 2 but since it doesn't have an F-connector input I need to keep router 1 in the infrastructure so I can connect to the internet.The port forwarding on router 1 is a limited list so I can only add so many rules and would rather have my router 2 do this as it alot better but i cannot seem to get it to work.So I set a rule in router 1 to forward all ports to router 2 and then setup the port forwarding in router 2 to send port 22 to my linux box but it didnt work.
View 1 Replies
View Related
Apr 8, 2012
I am a novice with networks but do have a fair understanding of networks. I have a small business network, utilizing a RVS4000 router (Firmware V2.0.27)I am attempting to set up firewall rules to block certain web sites at certain times.I have successfully set up rules using source and destination ranges, to deny service 24 hours a day everyday.
However and here is the problem when I attempt to edit any of the rules (I want to change the time to certain hours of the day) it allows me to edit the rule but when I attempt to save I get an error message up saying there are invalid characters and it will not save the changes?create the whole thing with the changes I want it works fine, is this a known bug?
View 1 Replies
View Related
Apr 8, 2012
I wanna block the Lan IP address(eg:192.168.2.106) to visit wan web, and allow it to lan.How can i set it in access rules?
View 2 Replies
View Related
Apr 1, 2013
I'm trying to troubleshoot an ASA5505.
The original goal was to block "Mumble/Murmur" (a voip app) traffic, which runs on TCP/UDP 64738, both inbound and outbound, except to a certain host (63.223.117.170).
However, when nothing I tried seemed to make a difference, just to troubleshoot, I decided to try blocking all inbound traffic. I first disconnected ethernet port 0/0 to ensure that it was cabled correctly and the outside interface went down when I did. That worked as expected, so I confirmed I had the right interface and it was cabled correctly.
I then applied a "any any deny ip" rule as the first element in the outside interface access_list, as you can see below. However, it appears to have had no real effect and the hit count is very low (it should be astronomical).
show ver
Cisco Adaptive Security Appliance Software Version 9.0(2)
Device Manager Version 7.1(2)
Compiled on Thu 21-Feb-13 13:10 by builders
System image file is "disk0:/asa902-k8.bin"
[Code].....
View 4 Replies
View Related
May 22, 2012
I am trying to configure my ASA 5505 security plus through ASDM to receive two blocks of outside IPs (each of which is on a different subnet and a different gateway ip) to translate to my internal server giving it public access.I have searched for days (and maybe incorrectly) but I am finally asking for the configuration of the ASA to support this.
View 1 Replies
View Related
Jan 16, 2013
We have 2 IP blocks from my ISP. We have been using just one a /30 block with one IP address used on the outside interface of the device. The new block is a /29 range and I would need to use just two of those IP addresses. Here is the situation I am facing.A company we partnered with wants to set up a VPN, they will send us 2 Cisco 861s to put behind our ASA. Is it possible to assign these 861's with public IPs from the block that we are not currently using? (the /29 range)? I know that it might require an upgrade to the Security Plus.
View 7 Replies
View Related
Oct 3, 2011
I have an ASA that is logging the message %ASA-3-321007: system is low on free memory blocks of size 2048. I ran the "show blocks" command and the "Cnt" value for the 2048 blocks is 0. How do I reclaim these blocks and what are they used for?
View 1 Replies
View Related