I have setup a few Vpn clients but no ones able to access the inside network.The clients all get a Ip address from the pool and DNS servers Ip's. But cannot ping or connect to there pc's. I'm thining its somewhere in the ACL.
View 2 Replies
I have recently deployed a Cisco ASA 5510 Security plus firewall on my companies network, but there is a problem that I am finding hard to get by and I think it is ASA related.
From (inside we are not able to hit any of our sites that are on the (outside). I have nat policies in place to translate the public to private, but I think I that I need some thing more. This seems to be occuring mainly with our external web sites as well as another animoly with regards to FTP (but it may be fixed if the http issue is resolved.)
I was hoping some with a lot more knowledge on ASA firewalls than my self can spot the error in my run-cfgs.
[code]....
I have an ASA 5510 which works great except I'm unable to connect to the remote access VPN from inside the network (behind the ASA). Is there a special NAT exemption required? [code]
View 6 Replies View RelatedI'm just new with ASA. I'm just self-studying on it. I was tasked to have an ACL that will allow inside hosts to access a specific network. Is there a way on how to know all the inside hosts on the behind ASA so that I can do a "object-group network" on those inside hosts which I think it will look neat.
View 1 Replies View RelatedI am working on pix 525, when connected through console I can access the whole internet but when i connect the pc to the inside interface i have no access to the internet. the pc can ping the pix inside interface and from pix i can ping the pc. My configuration is shown below.
PIX Version 7.2(2)
!
hostname pix
domain-name xyz.edu.pk
enable password xxxxxxxx encrypted
[code]....
I'm using a Cisco 1941 router with two WAN interfaces. One is directry connected to our ISP and one is connected to another router wich is then connected to another ISP. Hosts on the LAN cannot access the Internet at all but the router has Internet access, im guessing its something simple but i cant seem to spot the error, i have removed the ZBF configuration from the interfaces. [code]
View 3 Replies View RelatedI have an issue accessing the inside network of my church from VPN. This only happens when I connect from my home network. I have no problem accessing inside network of my church if I'm connected from else where (my Clear Hotspot or someone else's house). Here is the hardware detail:
At the church, we are using Cisco ASA 5510 and we have so many VPN tunnels to different churches. At home, I 'm using Cisco ASA 5505. See that attached configuration for my home ASA5505.
I have 2 questions.Om my cisco 2811 (IOS 12.4(15) T9 IPBASE W/O Crypto) i am using 3 interfaces.And i have a pool of Global addresses: 200.x.z.97-200.x.z.126 255.255.255.0
FastEthernet 0/1 description WAN interfaceip nat outsideip address 200.x.y.253 255.255.255.0
GigabitInterface 0/2/0description DMZ interfaceip nat insideip address 10.0.0.1 255.255.255.0
GigabitInterface 0/3/0description LAN interfaceip nat insideip address 192.168.0.251 255.255.255.0
[Code]....
I'm trying to make a very plain and simple network with the ASA 5505, I've strated from scratch over a dozen times triyng to find where I'm going wrong. My main goal is to simply create an IPSec VPN connection to my ASA 5505 and simply ping and connect to devices with the "inside network", so far I can easily create and establish a IPSec VPN Connection, but up to this point, I cannot successfully ping or access a single device on the ASA 5505 inside network.I've taken, create the IPSec profile with the ASDM wizard, add exemption for the VPN IP Pool, add access-list from this Cisco link, url...All this and I can't make a single connection to the inside network. [code]
View 7 Replies View RelatedI am facing a problem with Cisco ASA remote access VPN, the remote client is connected to VPN and receiving IP address but the client is not able to ping or telnet any internal network.I have attached running configuration for your reference.
-FW : ASA5510
-Version : 8.0
Site to Site VPN is working without any issues
I have easy vpn on my PIX 515e and working normally everywhere, except when my users go FRANCE, the vpn client connect, but, can't ping or access any inside network resources. when same user try any where here in EGYPT, it works normally.
View 2 Replies View RelatedI am trying to access and ping the inside interface of a ASA5505 from a remote network. From the remote network, I am able to access anything on the local network, but the ASA5505 inside interface.The 2 networks linked by a fiber link which have a transport network on another interface. From the remote network, I am able to ping the transport network interface IP, but I would like to be able to ping the inside interface IP. When I do a packet tracer, I get a deny from an implicit rule.How can I achieve that?
Here are the subnets involved and the ASA5505 config.
Remote network : 10.10.2.0/24
Local network : 10.10.1.0/24
Transport network : 10.10.99.0/24
[code]....
We have ASA 5550, I have a portal server in the dmz which is natted statically to a public ip address for port 443. The application works fine from outside world. The server is also nated with a dynamic nat from inside to dmz and when I hit on the dmz ip from my inside it works fine.
The requirement for us is that the users sitting behind the inside (i.e. LAN) should access the server on the public ip address and not thru the dmz.
I have created remote access vpn in my ASA 5505. The tunnel is established but i am not able to access the internal network.
View 3 Replies View RelatedI am able to connect to my Cisco ISR 891 via VPN with the Cisco VPN Client 5.0.07.0440, but once connected I cannot access hosts on the inside. If I ping a host on the inside by name, nothing resolves. If I ping by IP, I get a reply from the public IP of the router. [code]
View 2 Replies View RelatedI am unable to Telnet/SSH/RDP from my inside network to my DMZ. I am not sure where the problem lies, I am able to use VNC from the inside to the DMZ (ports 5800, 5900), and also establish connection on Ports (26700-26899). I have a computer connected directly to the DMZ and those services work to all networks on the DMZ.I have attached Logs of successful VNC connections, unsuccessful RDP and Telnet sessions, and the running config.
View 23 Replies View RelatedI' d like to have some support for a very-basic PIX firewall configuration. I 'm dealing with PIX 515E. Inside hosts can ping inside interface , outside hosts outside interface and so on. Simply i cannot ping outside interface from inside hosts, Inside host-192.168.1.0
Outside - any host like google.com, or to check my isp link's dns ip. I have attached the pix configuration text file to test.
I have setup two different subnet 192.168.1.0 and 192.168.2.0 on the same 'inside' interface. They are unable talking to each other. I can ping from firewall to both subnet. Both side unable talking to each other unless I add route on the both side systems.I have added the followings in ASA5510. [code]
View 8 Replies View RelatedI am unable to ping inside interface (Rin) to outside interface (Rout) of my Cisco ASA 5520 runing on ASA Version 8.4(1).
ASA Version 8.4(1)
!
hostname FW5520
[Code].....
When I tried to upgrading PIX525 6.3 to 7.0 , Not able to Ping the host from the PIX 525 Inside interface which is on the same subnet, Also from the host to Inside Interface , Tried with Directly connected laptop with Cross cable and using Straight cable via switch, But the results end with fail.
View 2 Replies View RelatedPlatform:
cisco6509-E with FWSM
Supervisor Engine 32 PISA 8GE
sup-bootdisk:s32p3-adventerprisek9_wan-mz.122-18.ZY2.bin
command:
(config)#ip nat inside source static tcp 10.10.8.147 14029 interface g7/8 14029
(config)#no ip nat inside source static tcp 10.10.8.147 14029 interface g7/8 14029
#clear ip nat tran *
(config)#ip nat inside source static tcp 10.10.8.147 14029 interface g7/8 14029
%Port 14029 is being used by system
Or %Static entry in use, cannot change
But when I perform "sh ip nat tran" command,There is nothing
ethernet link light is green(blinking), but i am unable to access the network
View 2 Replies View RelatedI have an issue where my vpn clients are unable to access certain vlans in my network.I have configured an ASA 5520 with VPN access using the wizard and using the ASA as a dhcp server for VPN clients. I find that this allows the clients to access server resources such as the Exchange and Domain Controller but I find that these vpn clients are unable to ping each other as well as certain vlans that I have.Is there a way to configure the ASA to use a particular vlan that is already configured on the core switches?If I create a vlan interface and set the IP of it to 10.50.x.x then the vpn clients are suddenly unable to connect to any network resources...
View 1 Replies View RelatedI have a base config of AnyConnect VPN below, however the ASA 8.3.1 code has deprecated some commands and the VPN/NAT/FW rule syntax is quite different. Can som point out what's missing from the pertinent config below that prevents the VPN Pool from accessing the internal LAN?
The Core LAN router is 1.2.3.1.
!
ASA Version 8.3(1)
!
interface Ethernet0/0
nameif inside
security-level 100
ip address 1.2.3.2 255.255.255.0
I have a Cisco ASA 5505, with basic 50 license, that is connected directly to the Cable Modem with a public IP. I have VPN configured and active on the Outside interface. When we connect, we connect just fine with no errors, but we are not able to access any resources on the remote network.
ASA IOS version 8.2(5)
Remote Network IP: 10.0.0.0/24
VPN IP Pool: 192.168.102.10 - 25
I just bought an LG Bluray DVD player (BD390) which is unable to find the access point in my home network.My router is a WRT54G, ver. 2.2, running firmware: Ver.4.21.1. My home network uses high speed cable with two computers on the wireless network, all working with no problems.The router is on the second floor but the two computers and the new BD390 are on the first floor - about 35 feet away. I have the wirelss security set to none and use only the specific computer MAC addresses to allow connection to this network.
I found directions in the forum for a setup using the LG BD390 but with a different Linksys router. I changed the security to WPA (AES); the Beacon interval from 100 to 75; the Fragmentation Threshold from 2346 to 2304; and the RTS Threshold from 2347 to 2307. The DVD wireless connection still failed to find my network. There is a "Push button" connection feature on the BD390 setup which I tried, but the only "button" on the router I could find was in the basic wireless setting, a green icon for the wireless SSID setup. No connection was made there either.
The recommendation connection from the LG manual is for a network cable, but that would be over 50 feet and a real pain to connect, so I would prefer WiFi.
I have been using this wireless internet connection for a long time, but the other day I went to go online, it didn't work. Ive tried lots of things but nothing seems to work.I'm able to acess the same wifi from my phone and it works fine, so i know its not the actual network, its something on my side.pics of xirrus screenshot & intel proset config attached[CODE]
View 11 Replies View RelatedI have no admin privileges or access to the router, I have contacted support and they've tried various fixes on their end and just told me it must be a problem on my side. the network registers a mac address under your account name and then assigns an ip.My problem is that my comouter connects to the network fine, and tells me I have internet access, but I can't actually access the internet when I try. I'm definitely connected to the network as i can access the ask4 page that allows me to register a new device, which i access with an ip address of 10.142.0.1 so I'm guessing that's stored locally somewhere on the network. I have tried internet explorer, FireFox and chrome, as well as connecting through game portals and none of them are able to access the internet.
IE gives an error that it says can't be fixed as its an error with the server and Chrome gives error 101 (net::ERR_CONNECTION_RESET). I've tried various fixes, some of which have worked temporarily. After trying most of them I've had internet access that has lasted between 5 minutes and a few hours, but the problem has always returned and the same fix that worked first time hasn't always worked again. I have an xbox that I connect to the same network port in the wall and that accesses the internet perfectly. My computer has 2 Ethernet ports and both have the same problem.
My network adapters are 2 NVIDIA nforce networking controllers (drivers are up to date)When the problem started I was on Windows vista, but I've upgraded to Windows 7 64 bit as an attempt to fix it.I've tried different Ethernet cables, connecting both ports, uninstalling my network adapter drivers, disabling and re-enabling them, resetting my IE settings, disabling and uninstalling my AntiVirus,connecting through an Ethernet switch and disconnecting and reconnecting the cable.
every once in awhile we have a machine that seems to just lose the ability to access network shares and networked printers. The way I have been "fixing" the issue is to join a workgroup temporarily and restart computer and rejoin the domain.
I understand this is probably not the best fix available, but I am not sure what is causing the problem and/or what a better solution to this problem is.
why this happens and how best to solve this without just rejoining the domain?
I am able to ping and remote dial into my Main PC from laptop, but I am not able to access its folders from my laptop. I can access the network folders on my laptop from my Main PC, so I am confused. I have performed the ipconfig release and renew and flush the DNS and still no success.
View 3 Replies View RelatedI am having trouble with routing in PIX501.I have one Pix 501 and one Cisco router.Cisco Router is configured for IPSEC VPN ( LAN interface 172.19.194.1) and PIX is configured for access the internet.Default gateway of Pcs in LAN are PIX inside interface ( 172.19.194.2) but people are unable to access to corporate network but can access the internet.If i set default gateway to Cisco router LAN interface ( 172.19.194.1)then i can access to corporate network.Purpose is to pass the internet traffic using PIX 501 and corporate network traffic using Cisco router.
View 6 Replies View RelatedI can not connect to my home wireless network (we did change routers back in Dec and did at that time have problems as well getting it to connect) the router is a Linksys E2000.when I checked further I saw that the IP address was different than the ones on my other laptops so I changed those settings by adding the new IP address..
[code]...
Just to set the stage, we used to have a network which ran in the following order:
For wired workstations: bridged DSL modem->wireless Linksys E900 router->Dell PowerConnect 2824 switch->2 modular 4-port jacks->individual workstations For wireless: bridged DSL modem->wireless Linksys E900 router->workstations The workstations were set up to pick up IP addresses automatically.After an infrastructure upgrade where we added some Cat6 cables and swapped the modular jacks for a patch panel, we lost all connectivity. I restored the connectivity to the wired workstations by assigning IP addresses. But we have no wireless and I cannot access the router GUI at its IP address (even when plugged directly into the router). All the workstations show the default gateway as 192.168.10.1, so I don't know what's going on.
