Cisco VPN :: ASA 5505 First Configuration - No Connection With External VPN

Jan 28, 2010

I'm on my first configuration of a Cisco firewall. I'm trying ASA 5505 using Cisco ASDM 5.2 (not GUI). I configured Vlan1 (inside) and Vlan2(outside) and all seems to work correctly. Network clients can use Internet and ping internal LAN. But I've some problems with vpn and other services: 1. when I try to connect to external VPN server the connection procedure stopped in username/password validation (if I try directly, without firewall ASA, there's no problem) 2.I've problems also to see external security cam working trough a web server. I open port 1723 - 500 and GRE. What can I do more?

View 4 Replies


ADVERTISEMENT

Cisco VPN :: 5505 Authentication Using External MS AD Server

Dec 29, 2012

We have a business case where we have a group of ASA 5505's in 3 locations with anyconnect user licensing on all 3 for redundancy.The problem we are facing is that when we need to authenticate our anyconnect clients we use active directory servers located at site 1 and the other 2 sites need to contact these MS AD Servers over an already connected VPN tunnel to site 1 (IPSec l2l) but cannot.So the layout is as follows:Site 1 (houses AD servers) has l2l tunnels to site 2 and 3Site 2 (any connect essentials enabled) has l2l tunnel to site 1 and 3Site 3 (any connect essentials enabled) has l2l tunnel to site 2 and 3AD servers are ip'd as 10.1.1.11 and 10.1.1.4If I use anyconnect to site 1 it authenticates fine - as expected.Site 2 and site 3 fails to contact AD serverAny thoughts on how we can accomplish this(or is it even possible to do?) without exposing the AD server in a DMZ or via external ip?

View 1 Replies View Related

Cisco Firewall :: How To Add External Server To ASA 5505

Feb 24, 2013

I have a Cisco ASA5505 and windows DHCP server, how do I add this external server to ASA so my PC clients can get DHCP from this server?

View 3 Replies View Related

Cisco Firewall :: Multiple External IPs On ASA 5505?

Dec 26, 2011

We have a working config with 1 external IP, we need to a second webserver (https) and it should be routed via a second public IP address. I already tried some suggestions from the community but haven't been able to find the solutions.
 
xxx.xxx.xxx.194 is going to the internal IP of 192.168.60.1 for OWA (https)
xxx.xxx.xxx.195 should go to a new webserver on 192.168.60.3
 
both server should be connected using SSL This is the current configuration :
 
ASA Version 8.3(1) !hostname fwdomain-name domain.localnames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.60.250 255.255.255.0 !interface Vlan2nameif outsidesecurity-level 0ip address xxx.xxx.xxx.xxx 255.255.255.0 !interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveclock timezone CEST 1clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00dns server-group DefaultDNSdomain-name domain.localobject network obj_any subnet 0.0.0.0 0.0.0.0object network NETWORK_OBJ_192.168.70.0_26 subnet 192.168.70.0 255.255.255.192

[code].....

View 3 Replies View Related

Cisco Firewall :: ASA 5505 8.2 - Clients Can't Ping External IP

Nov 4, 2011

I've configured a 5505 but internal clients can't ping external ip. To test I've connect a pc with the ip of the default router on the Outside int the ASA can ping the PC and the PC can ping the ASA, but internal clients can't ping the PC
 
PC config 195.12.23.241/28
 
Here's the ASA config, so far I've wiped the ASA and started with a blank sonfig and built it up but still not working.
 
 
ASA Version 8.2(5)
!
 
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
[Code] .....

View 2 Replies View Related

Cisco Firewall :: Can ASA 5505 Support Two External Links

Oct 3, 2012

Does the ASA 5505 will allow the addition of a 2nd external link to its configuration? I know the device is capable of Redundant or Backup ISP Links, but that’s not what I need. I will have two different links for two different purposes. Currently we are using the ASA 5505 just for Internet access, so only the ISP link is connected, very basic configuration. We are planning a connection to a client’s global (MPLS) network and we need to be protected against any traffic coming from that network, ergo we need to use a firewall for connection to that external link.Now with the final configuration the Internet traffic must keep being routed to the ISP link, and some other traffic must be routed to the new external link. Can the ASA 5505 be configured for this scenario?

View 7 Replies View Related

Cisco WAN :: ASA 5505 - Assign External IP To Internal Server?

Mar 2, 2012

I have 3 external ips from my isp:

222.222.222.221
222.222.222.222
222.222.222.223

The first one I use to provide internet access to my office. The other two I'm going to use for the following: I'm going to deploy a server in internal network which must have 2 external ips on his network interface (& one internal ip on the second,but that's ok: I cannot put an extra network switch before asa & plug this server there: this server is virtual & is on esxi host in internal network. External ips must be assigned to servers' interfacw,bot just forwarded there (ms direct access requirement).

My current config:
 
!
ASA Version 8.4(3)
!
hostname msk-office

[Code]....

View 20 Replies View Related

Cisco Wireless :: AP 1240AG And External Antenna Configuration

Mar 19, 2012

I am setting and configure the Cisco AP 1240AG with 5GHz External Antenna extension. The whole product is called iWap. The problem now is that the wireless signal amplitude only can reach 3 bars instaed of ful 5 bars.

Few questions I have for this setup and configuration :
 
1. What is the default or original frequency of antenna of Cisco AP1240AG? Can a 5GHz antenna work with the AP 1240AG whereby it is run with 802.11a and 802.11g?
 
2. If 5GHz antenna can work with 802.11a or 802.11g, what is the setting or configuration needed to be done at the Cisco 1240AG? Or, no setting or configuration needed because it will automatically work by default?

View 6 Replies View Related

Cisco VPN :: ASA 5505 - AnyConnect Clients Can't Access External Sites?

Jun 9, 2010

I'm looking to setup AnyConnect VPN with no split tunneling. ASA 5505 v8.2. It seems this should be really easy. I must be missing something.
 
I can get the AnyConnect users to connect fine and they can access sites internal and at other IPSec-tunneled sites. But no access to the internet.
 
Internal is 10.1.1.x, VPN pool is 10.1.1.251-253 (Temp list for testing). I issued the following tracer: packet-tracer input outside tcp 10.1.1.253 12345 69.147.125.65 80 detailed
 
The last reported point (where it fails) is:
  
Phase: 7
Type: WEBVPN-SVC
Subtype: in

[Code].....

View 10 Replies View Related

Cisco Firewall :: Accessing Internal Sites Via External IP 5505

Jun 4, 2012

I have a Cisco 5505, 2 sites that are internal, 1 external IP (dhcp from cable modem).   While on my laptop, ipad, iphone, I cannot access the server via it's external IP address.  I MUST use the internal IP in order to access this site. I have heard of hairpinning, internal dns server(don't really want this).

View 8 Replies View Related

Cisco Firewall :: Using ASDM To Change External IP Address Of 5505?

Mar 13, 2013

We have an ASA 5505 and are changing ISPs so we'll be getting a new static IP address. How do I change the external IP address using ASDM? (I haven't done it in 5 years so I'm rusty and just want ot make sure.) The ASA and ASDM are up to date.Am i correct in that I only need to change the external address in the configuration under Interfaces, then under Routing - Static Routes - Gateway IP I just need to enter the new WAN gateway address?

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Internal Address To Forward From External One

May 30, 2013

I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to 192.168.1.244:92 (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at 192.168.1.244:92. The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 / Allow External Traffic To Access Internal Computers

Mar 22, 2012

We have an ASA 5505 running version 8.4. We are having problems allowing external traffic to access computers behind the firewall. Our current config is:
 
ASA Version 8.4(3)!hostname ciscoasadomain-name default.domain.invalidnames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address 10.2.1.1 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address 152.18.75.132 255.255.255.240!boot system disk0:/asa843-k8.binftp mode passivedns server-group DefaultDNSdomain-name default.domain.invalidobject network a-152.18.75.133host 152.18.75.133object network a-10.2.1.2host 10.2.1.2object-group network ext-serversnetwork-object host 142.21.53.249network-object host 142.21.53.251network-object host 142.21.53.195object-group network ecomm_serversnetwork-object

[code]....

View 10 Replies View Related

Cisco ASA 5505 Simple PAT - Packet-tracer Can't Look At Any External Devices While Running

Sep 16, 2012

here, am used to the RouterSwitch CLI but been asked to set up an ASA 5505 8.4.Quite simply I am trying to at least test out a static PAT from an external source to an internal server in a test environment and no matter whether I set it up as an auto-nat or a twice-nat whenever I run a packet tracer I end up with the same error. This is the packet-tracer I am running-packet-trace input outside tcp 80.80.80.80 3389 10.240.0.10 3389
 
Phase: 5
Type: NAT
Subtype: rpf-check
Result: DROP
Config:nat (inside,outside) source static server publicIP service RDP RDP
Additional Information:
 
[code]....
 
Now I have a couple of questions initially. I have made the presumption that packet-tracer does not look at any external devices while running - as in as long as the ports are up it doesn't matter what is on the end of them for testing purposes? Is there anything I am missing?I have this morning wiped the config and have simply set up the adapters, a default route and twice nat and am not sure why I keep getting the error. I am sure it is something very simple and I'm being a massive donut!

[code]...

View 3 Replies View Related

Cisco Firewall :: 5505 Port Forward External Clients To 1 Address

May 4, 2011

I have a couple of ASA 5505's which work fine for what they are doing VPN and all that - we have 1 DLINK DFR-700 Firewall left and I need to get a new ASA to replace this since it is old.
 
All this box really does is port forward external clients to 1 address on the internal lan for client software updates. Any example configs?
 
So lets say we have client a with IP 1.1.1.1 and client b has 2.2.2.2 - at the moment this is what happens client a and b come in through http and get mapped to the internal http server 10.10.1.2
 
So I need to setup about 100 clients which can come in through http only - get mapped to the internal IP and also keeping the internal server to be able to access anything outside.

View 1 Replies View Related

Cisco Firewall :: Upgrade ASA 5505 IPBase 8.2.1 To 8.2.5 Broke External Printer

May 16, 2013

I have a printer sitting on an outside interface e0/7 that external vendors were able to print to prior to an ISP IP address change and IOS upgrade.
 
We upgraded our IOS from 8.2.1 to 8.2.5. The printer wasn't changed so the MAC address mapping is still correct on the ISP translation list. The ISP issues DHCP MAC reservations for static IP address assignment. My printer doesn't seem to be getting the DHCP assignment now.           
 
Here is the before and after config. I'm just wondering since this worked prior to changeing the IP and IOS changes if there is another command I need since upgrading from 8.2.1 to 8.2.5. The DHCP IP address is assigned and is working on my e0/0 vlan2 outside interface.
   
Config that worked prior to the IP and IOS change. hostname hrhdomain-name hrh.comenable password passwd multicast-routingnamesname 10.200.200.0 TestNet!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.8 255.255.255.0ospf cost 10ospf network point-to-point non-broadcastospf

[Code]....

View 3 Replies View Related

Cisco Firewall :: 5505 - Users Unable To Access External Email Servers ASA?

Nov 28, 2011

I have a issue that i am at a loss as how to solve it. I have an ASA 5505 as my firewall. I have users from other companies who visit from time to time and are unable to use their outlook email to send messages. They can however receive messages without a problem. I also have a situation where users who use windows live to access gmail are unable to send messages.
 
I have narrowed it down to the fact that these uses are using  ssl/tls to send the mails. I did some research and found out about the inspect esmtp setting in the ASA.  I have disabled it and i still have to problem. I have also removed all outbound deny statements and still no luck.
 
Of note is that i can send emails without attachments. They take a long time to go out ( from minutes to hours) but eventually they do. Emails with attachments of even 10k do not go at all.
 
I was running image 8.2.3 and i downgraded to 8.0.5...still did not work...i upgraded to 8.4.3...still did not work. I am now back at 8.2.3.
 
My Firewall config is attached. I am at my wits end as to what else to try. The company has not renewed support for the device so i am on my own here!

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Logs All Traffic Shows Up As Router External Address

Nov 10, 2011

I have a cable modem internet connection and my cable modem is connected to an ASA 5505.  The inside interface of the ASA has an IP address of 192.168.2.2 and is connected to a Linksys router's internet port which has an IP address of 192.168.2.1.  The Linksys router then has a local area network of 192.168.1.0 and all my clients are on that network.  Everything is working fine except in my ASA logs all the traffic shows up as the router's external address which is 192.168.2.1.  I would like to see the 192.168.1.x address of the clients in the ASA firewall.  I've tried making some changes to the Linksys router but that hasn't resolved it.  Is there any changes I can make on the ASA to get this to work?  

View 6 Replies View Related

Cisco Firewall :: Possible For 5505 To Route / Map Renaming Private IP Addresses Through Its External Port

Jul 25, 2011

I have purchased a subnet of 8 private IP addresses from my ISP. 109.x.x.128/29.The ISP has placed a juniper router within our data centre which is routing purely from 109.x.x.206/30 to 109.x.x.128/29 with the ip of fa0/1 set to .129.
 
I have linked a cisco 5505 to fa0/1 of the juniper from fa0/0 and configured its IP to .130. I have configured NAT to translate our client pool 192.168.16.x /24 address' to the internet.
 
Is it possible for the 5505 to route / map my remaing private IP addresses through its external port? I have tried creating a seperate VLAN for a DMZ for our servers to sit within but am returned with a subnetting error as VLAN for my external port is all ready configured within the same subnet.

View 2 Replies View Related

Cisco Firewall :: 5505 - Construct An Access List For Outside Interface Using External Address?

Sep 10, 2012

I'm configuring a 5505 for a remote office.  Until they are assigned a static ip by the provider I will have to use the providers dhcp address. How do I construct an access list for the outside interface using the external address if I don't know it yet? is there a commnd that will insert the ip address in to the access list once one is assigned?

View 5 Replies View Related

Cisco Firewall :: ASA 5505 To Have Internal Address That Wish To Forward From External Address

Jul 8, 2012

I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to 192.168.1.244:92 (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at 192.168.1.244:92. The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did.

View 7 Replies View Related

Testing Websites From An External Connection?

Feb 28, 2013

At our small business I would like to be able to test connecting to some of our websites as an external IP address user outside of our network although still being physically connected to the internal network. Any thoughts on the simplest way to set this up? I have the capability to setup vlans on our switch, could I make one of the vlans/ports have an external connection instead of an internal?

View 1 Replies View Related

Connection To Wireless External Drive?

Dec 12, 2011

I have an Asus laptop that is about 6 months old. My husband has a MAC. Both computers are located in the living room and the wireless external drive is located in the office along with our wireless router and printer. I have no issues connecting to the router or printer, however it is extremely slow when I connect to the external drive if I can even get it to connect. My husband has no issues connecting to the external drive. I don't understand.

View 2 Replies View Related

Cisco :: Unable To Access LAN Drives After External VPN Connection

Apr 25, 2011

I have several drives that are accessed through a LAN but as soon as I connet to another drive through VPN all the drives get disconnected. According to the IT people this is a feature of VPN for security reasons and there is no way to access those drives.Anyone knows if there is a way to connect to the VPN drive and the local LAN drives without getting the LAN drives disconnected?

View 8 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 - Connection To External ID Store - Encrypted?

Mar 14, 2012

are the connections between the ACS and external identity stores encrypted?I know that when setting up LDAP identity store there is the option to specify SSL conection.  Are the other connections encrypted by default, or is the data sent between the ACS and AD, for example, sent in the clear?

View 3 Replies View Related

Wireless Router With External Antenna Connection?

May 10, 2012

I'm looking for a router with an external antenna connection so I can attach an outside antenna to extend my wi-fi signal signal around my farm.Right now I have Hughes net internet service running to a Belkin 750 router, which is descent around the house, but has no connection for an external intenna.

View 3 Replies View Related

Dell :: D820 Unreliable External LAN Connection

May 28, 2012

We have a user using a Latitude D820 running Windows XP. It's a slow machine, but it's been working generally fine up until yesterday, when it started having connection issues.

When connected via an ethernet cable, the laptop can connect to everything on our internal network (fileserver, Exchange, internal websites), but anything outside (Google, other websites) is inaccessible (Internet Explorer cannot display this webpage). External sites will then be accessible after a few minutes, then connectivity will be lost in about another 5 - 15 minutes. This process repeats seemingly endlessly. We've replicated this in separate offices, so it's not the wiring. And everything works fine running off of the wireless.

Things we've tried:

Disabling the 1394 Connection
Disabling the wireless connection
Disabling all non-LAN adapters
Restarting the computer
Disabling/re-enabling the LAN connection
Updating the network card drivers
Resetting IE's settings
Cleaning out the user's temporary internet files
Logging into the machine as a different user (local administrator)

Things we know aren't causing the problem:

Firewall
Antivirus
Our network
Proxies

View 1 Replies View Related

Cisco Wireless :: AIR-CAP-3502e Extending External Antenna Connection

Apr 11, 2013

I am in the process of installing a new wireless network in our offices and I was wondering if I can add an extension to the cable that connects my AIR-ANT-1728 to my AIR-CAP-3502e AP to get better coverage in our offices?

View 4 Replies View Related

Cisco Firewall :: ASA 5505 - SIP Configuration Without NAT

Oct 15, 2012

I am new to using the ASA 5505 appliance.  I have successfully configured it so far, but the one piece that eludes me and I can't find an example of configuring SIP with internal (DMZ security level 50)) VoIP phones to an external call manager (external, security level 0) without using NAT.  I have an internal V LAN to an internal B2 router (and management) on eth0/7, an external V LAN (/30 to an external B1 border router) and five different DMZ V LAN on ports eth0/1-eth0/5.
 
On the external router, the internal interface going to ASA5505 are separate sub-interfaces for each V LAN in the DMZ and one /30 V LAN to connect between the router and ASA.  I am using vrf forwarding on the DMZ sub interfaces with IPSEC/GRE tunnels to keep the routing tables separate.  I cannot have the different DMZ V LAN's communicate with each other (that's why I am using vrf).
 
Everything works, all my tunnels are up, I  can ping to the external sites from the DMZ V LAN's and pass data, but I am stymied by setting up VoIP.  When I used the wizard (big mistake) it setup up all sorts of certificates and NAT (since I really didn't know what I was doing at this point).
 
Any hints on configuring VoIP from phones in the DMZ V LAN's to an external call manager?
 
I would include the current config, but I have to hand transcribe it since we don't allow usb connectivity.  I might be able to provide it a little later.  i am using ASDM 6.4 and ASA IOS 8..4

View 7 Replies View Related

Cisco Firewall :: ASA 5505 - Set Up DSL Configuration?

Nov 11, 2012

I am setting up an ASA 5505 for a customer. I am not sure how to config the firewall when it is connected to a dsl modem. I tried to do a ordinary config just like the ones thats connected to a ordinary router.
 
The topology is:

[code]...

View 2 Replies View Related

Cisco Firewall :: ASA 5505 DMZ Configuration

Jan 9, 2012

I am attempting to configure an ASA 5505 which is connected to 3 networks for access to an inside email server.  Don't pay attention to the names on this config as they are not intuitive.
 
The 3 vlans are:
vlan 1 which has an IP of 192.168.x.1 - Connected to inside (which is really the dmz)
nameif inside
e0/1 is assigned to this

[Code].....

View 5 Replies View Related

How To Setup Connection Via Adapter Card And External Antenna

May 22, 2012

I got a different tower to use ,and added my wireless card and external antenna to it , but need setting up the new PC tower to use the wireless card and antenna. How to set up the available connections so that I can use this in my garage too.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Backup ISP Configuration

Jun 13, 2011

I'm having problems configuring an asa 8.2(1) with a backup isp.  I followed the asdm instructions in this document: [URL]
 
I have my backup interface configured as DHCP and the static routes set. Pinging the gateway and other external IP address from the backup interfaces works normally. I have also tried configuring the backup interface as a static address but got the same results.
 
When removing the primary wan link, all traffic stops. When I ping a external DNS, I get these errors in the log: portmap translation creation failed for udp src inside: 192.168.13.23 dst backup:208.67.222.222_type 8, code0)
 
I though this type of error is related to a NAT problem, not sure where to look though.

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved