Cisco VPN :: 5510 / 5505 - Connect 2 Networks Via ASA Software Version 8.41
Feb 22, 2011
I use a ASA 5510 and a ASA 5505 and want to connect 2 networks via VPN ASA software version is 8.41. Network 1 has address 192.168.90.0 Network 2 has the address 192.168.5.0 I use site to site VPN wizard on both asa and create the VPN connection. do I need to create acl after that?the PCs on network 1 must have access to a resource in the network 2 how do I create static routing to connect the both Network.
View 1 Replies
ADVERTISEMENT
May 10, 2011
i am using Cisco ASA 5510 with ASA Version 8.0(4) and memory 256MB. me to Upgrade it to 8.3
View 6 Replies
View Related
Mar 23, 2013
A bit of a straight forward question, is it possible to connect a 5505 to a 5510 direct via a crossover or do you need a switch inbetween capable of trunking?
View 1 Replies
View Related
Jan 23, 2013
I have been using ASDM on a "Cisco Adaptive Security Appliance Software Version 8.2(5)" for a long time and in order to route packets among the interfaces without NATting the packets, I have always been using the function "Add NAT Exempt Rule" under "Configuration -> Firewall -> NAT Rules". Everything has always been working fine.
Now I am trying to use ASDM on a "Cisco Adaptive Security Appliance Software Version 9.1(1)" and I cannot find how to do the same operation: the "Add NAT Exempt Rule" option is no longer available and the only way to make the traffic passing through seems to be NATting it on the OUTSIDE interface.
where I am mistaking? My goal is to let the traffic passing through from the inside interface to the outside interface without being translated.
View 10 Replies
View Related
Mar 14, 2011
I need to fullfill the below configuration which is working fine on my actual D-Link Netdefend firewall.
We have a range of IP assign by our ISP : 194.250.47.128/29
194.250.47.129 is the firewall IP and 134 the isp gateway.
We have 4 interfaces
- The local user interface: lan =192.168.170.1/24
- The servers interface : dmz =192.168.171.1/24
- The database interface : oracle=192.168.169.1/24
[Code]...
View 7 Replies
View Related
Sep 20, 2011
I currently have a hub-and-spoke VPN configuration with 6 ASA 5505's at remote sites all connected to an ASA 5510 at HQ via IPSEC lan-to-lan tunnels. My current configuration allows hosts on the remote site networks to talk to hosts on the HQ network, but not to hosts on the other remote sites.I have receieved a request to allow comminucation between the remote sites as well, with traffic all routed through the 5510 at HQ.
View 1 Replies
View Related
Aug 10, 2008
I am facing problem while configuring SSL Web VPN on my ASA 5510 which is on version 7.2.I need to configure RDP access to the internal servers for the users using SSL Web VPN for which i dont see an option while configuring it though I have uploaded the plugin to my ASA.
View 6 Replies
View Related
Mar 8, 2011
Will give configuration of NAT for my internal users with 192.168.1.0/24 with single public IP.
I new to configure IOS version 8.3.
View 5 Replies
View Related
Dec 22, 2012
i have asa901-k8.bin" in my asa firewall and downlaod liecnce from cisco,now i dont know how to allow internet to my user.?
View 1 Replies
View Related
Feb 19, 2012
have a question. I have a ASA5510 with IOS version 8.2 . I have my firewall and behind it also have a mail server eg 192.168.1.x. When i send email from inside network it doesn't show as if it's coming grom the out side nated public IP of my server but IP of firewall. What am i missing my example nat statements are . Nat-control is disabled.
static (inside,outside) 196.68.99.x 192.168.1.x netmask 255.255.255.255
access-list inbound extended permit tcp any host 196.68.99.x eq 225
accesslist outbound extended permit host 192.168.1.x host 196.68.99.x
View 9 Replies
View Related
Sep 23, 2012
What anyconnect version do I need on a 5505 so i can have people connect via iOS devices? Right now I have "anyconnect-macosx-i386-2.5.1025-k9.pkg" on there, will that work for iOS devices?
View 7 Replies
View Related
Mar 1, 2013
ASA 5505 Version 8.2 or older nat (inside) 1 10.0.0.0 255.255.255.0nat (INTF4) 1 10.0.4.0 255.255.255.0nat (INTF5) 1 10.0.5.0 255.255.255.0nat (INTF6) 1 10.0.6.0 255.255.255.0nat (INTF7) 1 10.0.7.0 255.255.255.0global (outside) 1 209.165.200.235-209.165.200.254 netmask 255.255.255.224global (outside) 1 interface
I believe this setup does the following. The inside interface and interfaces 4,5,6,and 7 will translate using this line....
global (outside) 1 209.165.200.235-209.165.200.254 netmask 255.255.255.224
and if the addresses run out is will start using the ouside interface IP address to translate, so traffic is not disrupted and is based on the line of configuration.....
global (outside) 1 interface
My question, does it do this because of the order of the configuration..
global (outside) 1 209.165.200.235-209.165.200.254 netmask 255.255.255.224global (outside) 1 interface
or would it do it that way even if it was like this?
global (outside) 1 interfaceglobal (outside) 1 209.165.200.235-209.165.200.254 netmask 255.255.255.224
and if so why?Now let's convert the above configuration to ASA 5505 Version 8.3 or newer.
object network OUTSIDE-NAT-POOLrange 209.165.200.235 209.165.200.254object network INTERNAL-SEGMENTSsubnet 10.0.0.0 255.255.248.0nat (any,outside) dynamic OUTSIDE-NAT-POOL interface
My question is how does it know to use the outside interface as a backup when the OUTSIDE-NAT-POOL is depleted?Also why do I need to define the INTERNAL-SEGMENTS ? Doesn't the "any" in the (any,outside) take care of that?Also wouldn't the "any" in (any,outside) cover interface 3 or DMZ which could be an issue?
View 7 Replies
View Related
Jun 20, 2012
I have a ASA5505 and currently running Version 7.2(4). I was wondering what the latest version of the software would available to me would be.
Here's a show ver
Cisco Adaptive Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)
Compiled on Sun 06-Apr-08 13:39 by builders
System image file is "disk0:/asa724-k8.bin"
Config file at boot was "startup-config"
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
View 1 Replies
View Related
Feb 14, 2012
I'm trying to connect two operlapping networks via IPsec.
Details:Site_A use ASA 5510 with software version 8.0(4)32. Site_A use 10.100.0.0/24, 10.100.1.0/24 and 10.100.2.0/24 inside networks. 10.100.0.0/24 is directly connected to ASA (as vlan10), 10.100.1.0/24 and 10.100.2.0/24 are routed.Site_B use Linux box and networks 10.100.1.0/24, 10.100.2.0/24, 10.100.3.0/24 and so on (basically 10.100.x.0/24). I didn't set up this ASA, we took over this infrastructure without any documentation whatsoever.
According to link posted above I should use dual NAT. Site_B will see networks in Site_A as 10.26.0.0/22, and Site_A will see networks in Site_B as 10.25.0.0/24. Site_A is allowed to access only 10.100.1.0/24 in Site_B, and Site_B is allowed to access all 10.100.x.0/24 networks in Site_A - hence /22 mask in 10.26.0.0/22. I'd like to, for example, ssh from host in Site_B to host in Site_A using 10.26.1.222 as destination ip address (and it should be translated to 10.100.1.222 on the Site_A side). I'm looking for something like ip nat type match-host in Cisco routers - I want to translate only network part of the address an leave the host part intact. Anyway, following the steps from the link posted above everything is ok till the command:
static (companyname,outside) 10.26.0.0 access-list fake_nat_outbound
which results in:
WARNING: real-address conflict with existing static
TCP companyname:10.100.0.6/443 to outside:x.x.x.178/443 netmask 255.255.255.255
WARNING: real-address conflict with existing static
TCP companyname:10.100.0.20/25 to outside:x.x.x.178/25 netmask 255.255.255.255
WARNING: real-address conflict with existing static
[code]...
View 2 Replies
View Related
May 7, 2013
I would like to configure a Cisco ASA 5505 with Dual ISP (ISP 1 and ISP2) and two networks (network 1 and network 2). My customer need that clients in the network 1 connect to Internet with ISP1 and clients in the network 2 connect with ISP2. If a failure occurs in ISP1 (just an example) the network 1 clients connect with ISP2.
View 10 Replies
View Related
May 7, 2012
1. I currently have a Comcast Business Class Gateway, Cisco 2100 Series WLAN Controller and a Cisco ASA 5505 all connected together to supply LAN and WLAN internet connections on my network.
2. I also have a Card Access Security System on it owns network. It currently does not have internet access.
I would like to put my security system on the internet so that I can support it remotely. To do this, it has to be on a firewalled internet connection.Can I put the two networks on my ASA 5505 and keep them seperate? I don't want to provide a path into the Security System through my current LAN & WLAN. But I do need a frewalled internet connection on my Security System. I am trying to avoid purchasing a seperate firewall.
View 1 Replies
View Related
Jan 7, 2012
I'm fairly new to cisco and the ASA 5505 I have the asa connected to the internet on 0/0 I have a computer connected to port 1 and on port 2 I have a netgear router. the asa is 192.168.1.1 and the netgear router is 10.1.5.1 I cannot get the computer connected to the asa to communicate with the devices on the netgear router and visa versa. Here is the show version.
ASA Version 8.0(4)!hostname ciscoasaenable password Yn8Esq3NcXIHL35v encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.1 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address dhcp setroute!interface Ethernet0/0switchport access vlan 2!interface (code)
View 1 Replies
View Related
Dec 4, 2011
i have Cisco 5505 and i configured a remote VPN clients. here is my scenario
Cisco switch 2950 === holds two private network 192.168.8.x and 192.168.4.x
vlan 2 outside interface - Eth 0/0 155.155.155.x
Vlan 1 inside interface -- Eth 0/1 192.168.8.180
VPN pool ip address = 192.168.8.100 --110
I drag i cable from my Cisco switch and put in to Eth0/1. and i want to access this two private networks 192.168.4.x and 192.168.8.x . Now i can access to 192.168.8.x . But i can't access 192.168.4.x ..
View 3 Replies
View Related
Nov 6, 2011
I'm using asa 5505 with 8.4(2) and have the following problem.I have 2 Networks. each Network has it's own externel Internet-Ip and also Mail-Server.
[code]
Now I want a communication between the two Mailservers with their external Ip-Address.I did a static NAT from ipnt any to int any or also from int routed to int routed, but nothing worked.Packet tracer showed at NAT-Lookup where the externel adress of the second Mailserver is passed: Info Static translate Network1 to Network1
But it should show a translation from network1 to network1-external.Due to Security reasons, I cannot paste the whole config.Under 8.0 I did the same configuration with Policy-Nat and it worked.
View 1 Replies
View Related
Feb 3, 2013
I am looking to upgrade a 5510 that is currently on code version 8.0(4) to code version 9.1. I know I will have to upgrade to 1gb ram, but can i just upgrade straight to version 9.1 or do I need to follow an upgrade path? This is a standalone device so I am planning on downtime.
View 8 Replies
View Related
Jan 20, 2013
I've have an ASA 5505 with a inside network vlan1 (192.168.0.0/24) - i've configured an IPsec VPN profile and a VPN network of 192.168.0.50/24. I can through my VPN tunnel access inside hosts on vlan1 - but not ASDM on the ASA (192.168.0.1). Under management i've added the VPN network of 192.168.50.0/24 to have access to ASDM, but still does not work.
View 1 Replies
View Related
Feb 8, 2012
I want to configurate cisco ipsec vpn client at asa 5505. At my asa the software version is 8.4. Any link or some material to config ipsec vpn client at asa 5505 version 8.4.
View 1 Replies
View Related
Jan 24, 2012
I'm trying to configure UC-Proxy using an ASA 5505 with software version 8.0.4.I was following the instructions in DOC-5704 and ASA 8.0 CLI.I don't have USB security tokens in UC solution, instead I'm using IP phones Cisco 7961 with MIC.I configure all the items as the documentation says but when I restart the phone outside the Firewall, the 7961 don't registrate with the Call Manager.Checking the troubleshooting I found that it's possible certificates problems but I don't know if I need to do something in phones.
I would like to know if there is any consideration when the UC proxy works just with MIC.The outside phone is a Cisco 7961 configured with static IP address and TFTP address of Call Manager (static NAT in ASA).
View 6 Replies
View Related
Apr 23, 2013
On the downloads page there's a 9.0.2.ED listed as the 'latest' but then if I expand the '9' below it I get to 9.1.1.ED. Which one is the actual latest? is there any way to tell the one that is not an 'interim' version I think 9.1.1 is also listed under interim?
View 4 Replies
View Related
Jun 6, 2012
I have a new customer that needs to send data to us occasionally, we normally install the Cisco VPN Client on their PC, but this customer has the same private network we do.
I know this could be done with NAT Policy on my ASA 5510 with a site-to-site VPN, but the customer does not want to change the network hardware or addressing. They have cable router with no VPN capability, and they don't want to spend any more money on this project.
Can this work if their are no duplication of IP addresses?
View 25 Replies
View Related
May 22, 2011
I have 3 networks coming on DMZ (VPN) interface. Only one network is able to ping the DMZ interface. See below networks coming i on the DMZ.
10.132.24.0/2410.132.25.0/2410.132.26.0/24 Only the 10.132.26.0/24 netork works as it is in the same range as the DMZ interface.
allowing the other two networks to communicate. I've attched the diagram and configs for your perusal.
View 1 Replies
View Related
May 16, 2013
I have an ASA 5505 with Security Bundle license.
I am able to create 2 LAN networks (192.168.9.0 and 172.16.9.0) Vlan1 and Vlan12 respectively. I also setup 2 outside interfaces (outside1 and outside2).
Network 1 (192.168.9.0 - VLAN1) has no issues going out via Outside1, however I can't get Network 2 (172.16.9.0 - VLAN 12) to go thru outside2.
I put in a static route (route outside 172.16.9.0 255.255.255.0 x.x.x.x), the x.x.x.x is the default gateway of my ISP.
View 7 Replies
View Related
Feb 18, 2013
I am new to Cisco ASA and have been configuring my new firewall but one thing have been bothering. I cannot get internal networks and routing between them to work as I would like to. Goal is to set four networks and control access with ACL:s between those.
1. Outside
2. DMZ
3. ServerNet1
4. Inside
ASA version is 9.1 and i have been reading on two different ways on handling IP routing with this. NAT Exempt and not configuring NAT at all and letting normal IP routing to handle internal networks. No matter how I configure, with or without NAT I cannot get access from inside network to DMZ or from ServerNet1 to DMZ. Strange thing is that I can access services from DMZ to Inside and ServerNet1 if access list allows it. For instance DNS server is on Inside network and DMZ works great using it. [code]
View 13 Replies
View Related
Nov 7, 2012
We recently changed locations and acquired a new circuit from our provider. They also connected our remote branch office to our main office through MPLS. Now, as I understand it, the branch office basically connects back to the main office through our providers network (MPLS). We have a new router at the branch office which has a gateway of 192.168.1.225. The clients in that office have IP's of 192.168.1.96 - 100, using the gateway of 192.168.1.225.
The main office network is 192.168.0.0 (Gateway of 192.168.0.1)
At this end (Main office), I also have a new Cisco 2900 provided by the ISP, with port 0/0 for the outside connection (connected to the 0 port on my ASA 5505). The ASA's port 1 obviously running into my network hub. The provider tells me that port 0/1 on the 2900 is or should be used to connect the branch office back to here and has an IP of 192.168.0.225, as that's how the provider provisioned it. So, I plug that into the ASA's Ethernet port 0/2. And I'm assuming they have a route setup either on the 2900 or the router in the branch office so that 192.168.1.225 can reach me here at 192.168.0.0.
There is already a static route setup on the ASA: (192.168.1.0 255.255.255.255 192.168.0.225 1). As soon as I plug in the cable, the IP phones at the branch office work, but they can't access the internet or any resources in the main office. My questions are:
1. Shouldn't I be able to just go straight from the 0/1 port on the Cisco 2900 to my hub. At first I was plugging right into the ASA, but I don't think I need to do that, why go from the branch office through my ASA to access resources and then back out the ASA for internet. If they're already coming from 192.168.1.225, through the MPLS network, then they should go right to my network and then back out the ASA.
2. They have to route through the ASA first, in which case, do I need to setup another VLAN for that branch network in conjunction with a static route? I can ping the router and hosts in the branch office through the ASA only!
Below is the running sanitized config:
Result of the command: "show running-config"
: Saved:ASA Version 8.2(2) !hostname ciscoasadomain-name audiology.orgenable password ulzaQiFnKVzDwUmW encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.0.1 255.255.255.0 ospf cost 10!interface Vlan2nameif outsidesecurity-level 0ip address 1.2.3.4 255.255.255.240 ospf cost 10!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!boot system disk0:/asa822-k8.binftp mode passiveclock timezone EST -5clock summer-time EDT recurringdns server-group DefaultDNSdomain-name audiology.orgsame-security-traffic permit inter-interfacesame-security-traffic permit intra-interfaceaccess-list
[code]....
View 16 Replies
View Related
Jan 17, 2013
A customer has a ASA 5505 with a remote access vpn. They are moving their internal network to a new scheme and would like users who come in on the vpn to access both the exisiting and new networks. Currently the can only access the exisiting. WHen users connect to the remote access vpn, the asa gives them an address of 192.168.199.x. The current internal network is 200.190.1.x and they would like to reach their new network of 10.120.110.x.
Below is the config:
:
ASA Version 8.2(5)
!
hostname ciscoasa
[Code].....
View 2 Replies
View Related
Feb 13, 2012
I have an access-list that was named "extended" (without quotation marks) and the ASA will not let me remove it.
I have tried everything I know to try and get it out, but I cannot remove a single line.
ASA(config)# no access-list extended line 1 extended permit ip host 10.1.1.1 host 192.168.1.1ERROR:<1> not a valid permission
ASA(config)# no access-list extended line 1 permit ip host 10.1.1.1 host 192.168.1.1ERROR:<1> not a valid permission
View 1 Replies
View Related
Mar 20, 2012
I just upgraded my firewall to ASA 5505. Now, my original static ip address cofiguration is gone. Apperantly, Cisco went away from static ip address to something like nat (inside,outside) dynamic interface. how to create a static ip address under version 8.4? By the way, I am sharing what my configuration used to look before upgrading.
!
hostname cisco-asa
domain-name default.domain.invalid
names
!
interface Vlan1
nameif inside
security-level 100
[code].....
View 7 Replies
View Related
Feb 15, 2010
Showing Your firewall has a version number null which is not supported by ASDM 6.2(5). I received this error when trying to run asdm on my asa 5505. I upgraded image and asdm trying different versions. I used many different versions of java all to no avail.
View 4 Replies
View Related
