Cisco VPN :: ASA 5505 - SSL VPN To Lan Subnet
Oct 21, 2012
I'm not sure if this is a possible config, but I have an ASA that I need to be able to SSL VPN to, and get an IP Address that is on the same subnet as my internal interface. The reason is, the person connecting in has a utility that does a broadcast on the internal network to discover the devices he is trying to connect to. Therefore, connecting over VPN and getting put on a different subnet wont work. In this case, I am going to start the ASA configuration from scratch. If its possible to do the above, what are the correct commands to configure it? I was planning to use 10.50.0.1/24 for the internal interface, and then hand out IP Addresses on that subnet to both the lan, and the vpn, This is an ASA 5505. Its on IOS 8.4.
View 1 Replies
ADVERTISEMENT
Jul 7, 2012
I've setup a SSL VPN to a ASA 5505 and can connect.
VPN network 192.168.2.0 /24
Inside Network 192.168.1.0 /24
Outside is connected to Router.
I am trying to RDP to a win server on the inside network but I cant get to it. Can not even ping 192.168.1.1 or (not sure if I could anyways) 192.168.2.1...
I added a ACL on the outside interface and then inside interface permit ip any any but still no ping or RDP...
New at VPN and have survived so far on cisco docs but this problem is evading me.
: Saved
:
ASA Version 8.2(5)
!
hostname ciscoasa
[Code]....
View 1 Replies
View Related
Sep 7, 2011
We want to use an ASA as a pure routing device. Our network has several internal subnets (10.1.x.0/24), and we want to be able to reach them from outside and to allow access between them.
We have a defined a VLAN for each subnet range with the same security-level, added it to an Ethernet port and made the Ethernet that acts as outside as a trunk, and defined it as the global routing.
We cannot ping any of the subnet IPs defined in the ASA from outside nor we can ping it from the internal IP addresses.
Configuration:
: Saved
:
ASA Version 8.2(1)
[Code].....
View 3 Replies
View Related
Jul 6, 2012
I've setup a SSL VPN to a ASA 5505 and can connect.
VPN network 192.168.2.0 /24
Inside Network 192.168.1.0 /24
Outside is connected to Router.
I am trying to RDP to a win server on the inside network but I cant get to it. Can not even ping 192.168.1.1 or (not sure if I could anyways) 192.168.2.1...I can ping from the 192.168.1.0 net to 10.0.0.0 and 192.168.2.0 without issue but not the other way around....I added a ACL on the outside interface and then inside interface permit ip any any but still no ping or RDP...
: Saved
:
ASA Version 8.2(5)
!
hostname ciscoasa
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
[code]....
View 1 Replies
View Related
Aug 4, 2012
I have been tasked with replacing our company eSoft router with a Cisco ASA 5505 with the upgraded security license. I have been working on the configuration for a couple of weeks now, after reading hundreds of forum posts, watching youtube videos, and endless google searching, and despite my best efforts I am still having an issue I can’t figure out.
I have a couple of subnets, that when the ASA is connected, I cannot ping, nor can they get to the internet or our Exchange server. At this point I’m not sure if it’s an access rule issue, NAT issue, or DNS issue.
Here is the network layout:
ASA: 192.168.0.2 (Primary Gateway)
192.168.0.0 (Primary facility, ASA is the gateway)
192.168.2.0 (Second facility, connected via Verizon point-to-point)
192.168.3.0 (Third facility, connected via Verizon point-to-point)
[Code].....
View 7 Replies
View Related
Dec 7, 2011
I am working on a site that has recently added a new subnet and I am unable to ping any of the stations on this new network. I have configured an Exempt NAT rule just the same as the rules allowing access to other networks. I have a feeling the problem is in the Site-to-Site VPN configuration since the new subnet is at the primary location over the VPN.
In the site-to-site configuration I added the new subnet to the list of "Remote Networks" and I still can't communicate with any of the devices on the network. If I go to the main site I have no problems so it appears to be related to the VPN or a configuration in the ASA on that site.
A port scan shows that all the traffic is "filtered" so somewhere either the site ASA or the main ASA is blocking the traffic.
View 7 Replies
View Related
Feb 9, 2012
We have to make disaster recovery site EasyVPN tunnels on Cisco 5505 ASA firewalls. Now there is only one main site and 3 remote sites.For DR we have to use the same subnet as it is on the main site because the Vmware virtual machines will be replicated to DR.For DR we are using Double Take software.What is the best solution for this? I think that we could use Destination NAT on ASAs. The other sites (HQ and remote) will se only the NAT address of theDR and not the real one which is the same as on the main site.We are using IPSec VPN? In packet-tracer on ASA I see that the packet is first NATed and then encrypted, so it should work, yes?
View 2 Replies
View Related
Mar 23, 2011
I want to give access to remote subnet on firewall 5505.
Remote subnet is 16x.15X.56.0
Here is my access list
access-list outside_5_cryptomap extended permit ip 192.168.12.0 255.255.254.0 16x.15X.56.0 255.255.254.0
View 7 Replies
View Related
Jan 31, 2012
We recently upgraded a ASA 5505 with the security plus license to allow us to add a second subnet, but are having a few problems configuring the second subnet. The original subnet we have configured 10.1.1.0 is able to access the internet without any problems. However the new subnet 10.1.5.0 is unable to access the internet and when we ran a trace packet the nat config nat (inside) 1 0.0.0.0 0.0.0.0 is showing as the rule that drops the packet.
Additionally we have not been able to get the 2 subnets to talk to each other even though same-security-traffic permit inter-interface is configured. How to configure the subnet 10.1.5.0 to access the internet or to get the subnets to communicate. Below is a streamlined version of our current config.
!interface Vlan1nameif insidesecurity-level 100ip address 10.1.1.1 255.255.255.0 ospf cost 10!interface Vlan2nameif outsidesecurity-level 0ip address 66.66.66.66 255.255.255.240 ospf cost 10!interface Vlan13nameif corporatesecurity-level 100ip
[Code].....
View 15 Replies
View Related
May 4, 2011
I'm new to Cisco equipment much more familiar w/ Sonicwall w/ that said......I have a 5505 w/ Security Plus licensing
I have set up multiple VLANs as follows
VLAN 1 inside - still setup as 192.168.1.1 (will not be using this for our lan)
VLAN2 - outside
VLAN100 - LAN 10.1.1.1/24
[Code]....
If I do add all the VLANs above I understand I will probably have to make a trunk port since I only have 5 usable interfaces
View 12 Replies
View Related
Oct 7, 2012
I have a customer who has an ASA 5505 that is handling the routing for their internal network. They are running out of available IP addresses on their subnet 192.168.1.0/24. They have dumb switches that don't suppport multiple vlans or trunking & they are only able to connect to one switchport on the ASA. He doesn't not want to purchase any new equipment or rearrange their existing equipment at this time. The customer would like to statically assign IP addesses for 192.168.1.x & 192.168.2.x and have the ASA hand out DHCP addresses for 192.168.3.x addresses. The customer suggested configuring a super subnet. A 192.168.0.0/22 address scheme would provide an ip range 192.168.0.0 - 192.168.3.255 on a single VLAN. I know this is an unconventional way to setup an internal network & I will definitely advise the customer that this should only be considered as a temporary solution until they get more appropriate network equipment.
View 3 Replies
View Related
Feb 4, 2013
I have ran into this problem in the past but clearly I usually change one of the remote host sub net ranges to something other than main site. Now I am in a situation that I just have to configure it this way. I just need some insight before implementation.
Inside (10.10.10.x/24) ASA5505 outside (97.65.x.x) ßà (97.664.x.x) outside ASA5505 (10.10.10.x/24)
Trying to create a site to site tunnel between each location with same sub net. I have found a lot of information about setting up this configuration with 8.3 and later but nothing for the image 8.4 and image 9.1(1) as everyone knows the ACL's and NAT statements are written differently now.
View 5 Replies
View Related
Nov 23, 2011
I have a 5505 connected to 5510 via a site to site VPN, the vpn has 5 subnets on the acl list at both ends, but 2 of the subnets are assigned for remote access on the main 5510, which means the flow of traffic on these 2 subnets are main to remote, but the VPN only works if the traffic starts from remote to main.
both sides are set to bidirectional and I'm not sure if this is the case for all 5 subnets has remote site always sends data to the other 3 subnets first.
View 7 Replies
View Related
Aug 3, 2012
What I am trying to do is I have one switch with say a 10.1.9.1 sub-net I need to have one of the ports to be trucked with two vlans one for DSL and the other for a local connection with the sub-net of 10.1.5.1 both of the sub-nets are configured in the core as 9 and 5 so I have port 0 set up as a trunk and it is set up as ge-0/0/0.0 vlan_5, vlan_192 on the 10.1.9.1 subnet switch. The DSL is working but the local is not pulling a 10.1.5.1 IP and has no connectivity. Everything looks as if it is configured correctly but still the DSl is working but not the Local connection.
View 2 Replies
View Related
May 11, 2011
i'm doing a project for my networking class and i need to know how to do subnetting within a subnet. it's a network with three routers, each of them being on their own subnet, but there are multiple departments for a store that each will have their own subnet (sales, management, warehouse, etc.) within the network subnet
View 5 Replies
View Related
Oct 8, 2012
Why do we need them? Could we leave the LAN with a subnet broadcast packet (for instance with an address of 192.168.1.255 /24). Are those addresses used for something?
View 4 Replies
View Related
Oct 27, 2012
I have a cisco 877w and ive setup two ssids on it each with different vlans (I intend to use the zone based firewall to lock down the guest zone later)
Ive made a quick diagram of my network its a single server with 2 NIC's one for the internal lan and another for the external network (direct connection to the router) The server hosts 3 virtualized servers with the ecternal nic only shared with the tmg 2010 server.
So my problem is that when I connect to the 10.0.1.1 network as 10.0.1.2 I can only ping the internal network however the internal network is incapable of responding (pinging back) giving destination host unreachable. I know I need some kind of routing but im not sure where to apply it on the TMG server with the next hop as 10.0.0.10 or on the router.
The guest wifi is intended to bypass the network firewall and not allow access to the internal network. I've enabled ip routing on the cisco router and attached the config below.
View 2 Replies
View Related
Nov 7, 2012
I am doing Activity 6-1: Basic VLSM Calculation and Addressing Design (6.4.1) in the ccna book.the lab can be seen here: (mellowd - link removed) I've done the topology and assigned the addresses appropriately as shown in the first table. My question is on Task 2 Step 2."Assign the first available subnet to HQ LAN1."
View 4 Replies
View Related
Nov 11, 2011
LAN subnet conflicts with WAN subnet. My router is d-link 825 and my cable modem is Cisco EPC-3825. Op system is W7. Everything worked great with an older cable modem (Cisco 3000).
View 4 Replies
View Related
Jul 6, 2011
Is it possible to have the same subnet on all of the endpoints of a hub and spoke VPN tunnel? I have to create 18 ASA5505 tunnels back to one ASA5510. Instead of having 18 subnets out there it sounds more efficient for my application just to have one. Sort of a CLOUD (there's that word) arraignment.
View 10 Replies
View Related
Apr 30, 2012
I'm trying to set up 2 subnet with two RV042 routers. One router will act as a gateway and both WAN ports will be used by two different isp connection. The first router (gateway) LAN IP will be 192.168.0.1/24. I would also like to set up another router behind the gateway with with separate subnet 192.168.1.X/24. And I would like clients on the 192.168.1.x subnet to use the internet through the gateway router and clients on the 192.168.0.x subnet to access resources on the 192.168.1.x subnet. Am I able to do this with two RV042?
View 6 Replies
View Related
Jun 30, 2011
Best subnet for wireless lan
View 1 Replies
View Related
Apr 4, 2013
The network topology is like this. Router with DHCP_Server on it.
VLAN 10
VLAN 20
VLAN 30
My question is how to configure the router so that all devices on all 3 VLANS can obtain IP from the router. I've tried to enable proxy arp on all interfaces and create sub interfaces and trunk them to their appropriate vlans, but I can't specify the gateway on all trunked sub interfaces because I get a warning that addresses overlap. Then I tried to set access-group on all sub-interfaces and still doesn't work.
View 5 Replies
View Related
Jul 13, 2012
I want to calculate Subnet Mask for 3 Router Each one in separate building the First building need 60 host and the second building 25 host and the last one 25 host .
Knowing that the company currently reserved public class C network address 210.2.1.0/24 for internal address and subnet 210.15.10.0/30 for the connection to the Internet router.
View 19 Replies
View Related
Apr 6, 2012
We want to deploy a NMS (Network Monitoring System), in this case SolarWinds, to monitor devices we have deployed at the customer site. We will make an IP VPN connection (ASA5510 with Cisco 800's) to the customer site. We have one primary NMS installation running in our datacenter. This NMS has to have a connection to all customer sites. We run into a problem when two customers use the same subnet. We want to use VRF-Lite to solve this problem but I am stuck in my design.
I have attached "VRF.jpg" to show the (basic) design I have made. The connection from customer to the router in the datacenter is not a problem. We can put the fa0.1 and vpn interface in the same VRF group. Via one physical cable we will go from router to NMS in which the NMS has multiple virtual interfaces. The datacenter router will route between the 192.168.x.x (NMS) and 10.1.1.x (Customer).What I can't seem to comprehend is how the NMS can decide how to get to Customer 1 or Customer 2. The customer can reach the NMS one-way but the NMS has no way to reply back because if it replies to 10.1.1.1 it can either use interface fa0.1 or interface fa0.2.
View 3 Replies
View Related
Nov 12, 2012
I would like to set the subnet mask off the lan to 255.255.240.0 but the selection menu do not allow to do it.
View 8 Replies
View Related
Feb 6, 2013
I'm trying to configure a SG300 to be reachable beyond its own subnet. Its IP address is configured by DHCP to 192.168.2.2/255.255.255.0. It is possible to ping the switch from the same subnet but not from outside. The switch is set to layer 2 mode. All routing should be done by the gateway.
Here's what I have checked so far: The default gateway and netmask are set correctlyThe gateway can ping the switchHosts in the 192.168.2.0/24 subnet have connectivity to other networks through the gateway (i.e. gateway configured correctly)Administrative interface > IPv4 interface shows the correct ip address, netmask, and gateway (greyed out because it is assigned by DHCP)the switch can ping other hosts within the same network
Is there some kind of firewall setting that prohibits the switch to respond to ip packets from outside the subnet?
View 5 Replies
View Related
Aug 19, 2011
I have an RV042 with the PPTP server configured, which is working because I can connect with my iPad and droid phones, however, I'm unable to access resources on the RV042 side (192.168.1.X) when my local network is the same ip scheme (192.168.1.x). It works fine when I'm on a different network like 3G or someone else's Wifi network (192.168.11.X).
View 1 Replies
View Related
Nov 8, 2012
I'm trying to setup this router with my IP range 192.168.100.1 to 192.168.101.254 but if I try to enter a subnet mask other than 255.255.255.0 I get the error - Invalid subnet mask. It should be 255 for given class of IP address at 255.255.xxx.0.
Every other device on my network allows that subnet mask, why not this router, it's stopping access from my 192.168.101.x devices.
View 5 Replies
View Related
Feb 2, 2012
How do I change the subnet of a PPTP VPN network on an RV220w?
View 1 Replies
View Related
Jul 10, 2012
I have RV042 Router, I'm using only one Internet conection, I'm using IP group like this 192.168.95.x, my DHCP setting use 192.168.95.120 to 192.168.95.240, but in this time I have 245 workstations (may be I will have 25 additionals workstations) and some times I see IP conflict message in my current work stations.
I had read about SUBNET like response about my problem, but I'm not sure about that and how to make subnet with my RV042.
View 7 Replies
View Related
Mar 23, 2012
I've got an 1811 router running 15.4 IOS and a cable modem with 5 static IP's attached to Fa0. I would like to dedicate one of those IP's to a dedicated internal subnet (10.0.30.0/24) but I am not sure how to accomplish this?
What would be the best method to accomplish this? Unsure of where to begin..
View 3 Replies
View Related
Jul 23, 2012
I've got a remote site which is connected to the headquarters via VPN site to site IP Sec tunnel. When I am in my office I have no problem to reach the remote network, but, when I try to connect to the remote network via VPN client, I can't reach it.in the remote office I've hot a Router 3800 (Cisco IOS Software, 3800 Software (C3845-DVENTERPRISEK9-M), Version 12.4(13c), RELEASE SOFTWARE (fc2)) in the headquarters I've got an ASA 5520 Version 8.0(3) I've chequed access-list, and network objects and it seems everythink ok.
local network: 10.30.0.0 0.0.0.0
remote network 10.31.0.0 0.0.0.0
ASA
object-group network remote-network
network-object 172.16.27.0 255.255.255.0
[code]....
View 3 Replies
View Related
