Cisco VPN :: ASA5505 Users Connect But Can't Access LAN Servers
Feb 16, 2012I have a ASA5505 and setup SSL VPN. My users can connect to the VPN but can't get access to any of the internal servers.
View 3 Replies
ADVERTISEMENT
Cisco :: ASA5505 - AnyConnect VPN Users Lose Internet Access
May 16, 2012I am able to successfully connect to my ASA5505 via AnyConnect via a mobile device. Upon doing so, I lose internet connectivity. My access list appear to be correct to I'm sort of at a loss.
[code]....
Cisco Firewall :: 5505 - Users Unable To Access External Email Servers ASA?
Nov 28, 2011I have a issue that i am at a loss as how to solve it. I have an ASA 5505 as my firewall. I have users from other companies who visit from time to time and are unable to use their outlook email to send messages. They can however receive messages without a problem. I also have a situation where users who use windows live to access gmail are unable to send messages.
I have narrowed it down to the fact that these uses are using ssl/tls to send the mails. I did some research and found out about the inspect esmtp setting in the ASA. I have disabled it and i still have to problem. I have also removed all outbound deny statements and still no luck.
Of note is that i can send emails without attachments. They take a long time to go out ( from minutes to hours) but eventually they do. Emails with attachments of even 10k do not go at all.
I was running image 8.2.3 and i downgraded to 8.0.5...still did not work...i upgraded to 8.4.3...still did not work. I am now back at 8.2.3.
My Firewall config is attached. I am at my wits end as to what else to try. The company has not renewed support for the device so i am on my own here!
Cisco Firewall :: Users Behind ASA5505 Firewall Are Unable To Access Internet
Feb 24, 2011I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.
When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.
The ASA5505 configuration is shown below.
hostname Firewall
interface Ethernet0/0
description Connected To Internet Router
switchport access vlan 10
[Code].....
Cisco Firewall :: ASA5505 - Can NAT May Be Used For More Than 10 Users With License
Apr 20, 2012I have 10 user license for Cisco ASA, i have to use this ASA for client connectivity. Can i do NAT of more than 10 users with this license? What i understand is NO.
But as per Below explaination looks like, i can if i am not doing default routing? Actually i just need to add a specific Route towards client DMZ interface on my ASA, no default route, so can i use more than 10 concurrent sessions with this license?
Cisco Firewall :: ASA5505 - Possible To Add Rules To Users
Aug 2, 2011How can I filter my local lan's URL requests? Is it possible to have some sort of list like...
Default_User_Group
*.microsoft.com/*
*.mydomain.com
*.google.com
Then only allow certain ip's access to the entire internet like this...
Internet_User_Group
It would be nice to possibly be able to add the rules to users in my domain, then associate the domain account with an IP OR have them login to view webpages.
Cisco Firewall :: ASA5505-BUN-K9 - Number Of Users
Jan 21, 2013I say the answer is ten. That means ten hosts can be behind the firewall and hit the internet. The eleventh doesn't get to go out. I'm being told by a coworker that the "10" in the part number refers to the number of IPsec VPN peers.
Who's right?
I say if you want an unlimited number of users on the inside to be able to get to the internet, you need the ASA5505-SEC-BUN-K9
Mfg. Part: ASA5505-SEC-BUN-K9
Mfg. Part: ASA5505-50-BUN-K9
Mfg. Part: ASA5505-BUN-K9
Cisco ASA 5505 10-User Bundle includes 8-port Fast Ethernet switch, 10 IPsec VPN peers, 2 Premium VPN peers, Triple Data Encryption Standard/Advanced Encryption Standard (3DES/AES) license ASA5505-BUN-K9
Cisco Firewall :: ASA5505 VPN Users Can't Use IPV6
Aug 5, 2012My VPN users are able to access IPV4 resources, but not IPV6, all of my other user who are not VPN users are able to access everything V4 and V6. So my network goes:
IPV4 flow = FIOS > ASA5505(IPV4 Router) > Switch > ipv4 Clients
IPV6 flow = FIOS > ASA5505(IPV4 Router) > switch > win2k8 (IPV6 Router / Tunnel) > ipv6 clients
Cisco LAN :: Failed To Upgrade ASA5505 License From 10 To Unlimited Users
Sep 4, 2011I´m trying to upgrade a Customer's ASA 5505 base license from 10 to 50 users (ASA5505-SW-10-50=). But the reseller sent a ASA5505-SW-50-UL= license instead. I tried to register that license and the following messaged appeared.
Wrong Sku(s) 'ASA5505-SW-50-UL=' for 'ASA5505-K8' : Device contains following licenses 'ASA5505-SW-10,ASA5500-ENCR-K9'
Serial Number = JMX1235Z0TZ
same platform type as the failed serial number. An upgrade request is not allowed. open a Service Request using the TAC Service Request Tool at [URL].As an alternative you may also call our main Technical Assistance Center at 800-553-2447.Sincerely,Cisco Systems Licensing.
I tried to contact TAC for assistance but It's not possible because that kind of service is outside the parameters of the service contracts associated with my cisco.com profile.
Cisco Firewall :: Putting Servers Behind ASA5505?
Jan 25, 2012I am in the process of adding a lot of servers to sit behind our new ASA 5505 (8.4) firewall. At the moment I have added 2 servers and they are both NAT'ed to 2 different public IPs.
Server 1 192.168.10.1 -> 80.*.*.1
Server 2 192.168.10.111 -> 80.*.*.6
The first server can only be RDP'ed in to using its public IP which is what I want it to do. The second one has most of the service ports open like 443, 80, 110, 25 and etc. However when I try and browse externally to [URL]. I get an " Error 107(net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error." in Google Chrome or any other browser. and the ASA reports:11:27:30192.168.10.111262680.*.*.6443Inbound TCP connection denied from 192.168.10.111/2626 to 80.*.*.6/443 flags SYN on interface inside and I also get a Land to Land attack detected from 80.*.*.6 to 80.*.*.6
Is it worth setting up a DMZ or can I get away with the setup I have?
Cisco Firewall :: Mapping Servers Behind An ASA5505?
Nov 12, 2012I have the following configuration: An ASA5505 with Security bundle license sits at the perimeter with a single public IP address assigned to VLAN2 (outside) out of a /29 block. I have two servers with static IP addresses of 10.70.21.6 and 10.70.21.7 connected to the inside ports with default gateway of 10.70.21.1 (which is the IP address for the VLAN1 inside). I have already configured a default static route and NATing (PAT) so we have internet connection for the PCs. Now I need to configure the ASA to allow remote desktop connection to the servers (with static IP addresses above). Can I use a spare public IP address for each server and if so, whats the syntax? or is there another method? I have used this before but I had a Cisco 2811 router on the perimeter so the syntax was at then: ip nat inside source static 10.30.1.248 81.85.199.44
View 6 Replies View RelatedServers :: Creating Users For 2 Sites From One Place?
Mar 1, 2011HAVE 3 SITES.BUT I WANT TO MANAGE MY NETWORK FROM ONE SITE.I WANT TO CREATE USERS FROM MY MAIN SITE FOR ALL SITES.
View 1 Replies View RelatedServers :: Users Disconnected From Domain Alternatively
Jan 24, 2011In my domain users disconnected alternate days the only solution is to rejoin the domain.
View 1 Replies View RelatedCisco Routers :: RV042 VPN Client Access Not Able To Connect Two Users At Same Time
Mar 14, 2012I have a RV042 and have set it up for VPN Client access using the QuickVPN client to connect my remote users. I discovered today that I cannot have two users connect in at the same time. Both users are in the same remote office. They can connect individually with no problem but if one is connected and the other tries connect also the second user gets a message the gateway is not responding. They are both running Win XP PRo SP3.
View 1 Replies View RelatedCisco Routers :: RV042 VPN Client Access Not Able To Connect Two Users At Same Time
Mar 15, 2012I have a RV042 and have set it up for VPN Client access using the QuickVPN client to connect my remote users. I discovered today that I cannot have two users connect in at the same time. Both users are in the same remote office. They can connect individually with no problem but if one is connected and the other tries connect also the second user gets a message the gateway is not responding. They are both running WinXPPRo SP3.
View 4 Replies View RelatedCisco Firewall :: ASA5505 - Blocking Internal Traffic Between 2 Servers
Oct 25, 2012I have a cisco ASA5505, it runs a wide site to site VPN network and has 4 servers connected to it
10.50.15.4 > fileserver
10.50.15.5 > domain controller (exchange)
10.50.15.6 > terminal server
10.50.15.7 > terminal server
Now yesterday i removed 10.50.15.6 and replaced it with a new terminal server with the same ip address, ever since the ASA is blocking traffic between it and the domain controller (example)
2Oct 27 201214:51:0510600710.50.15.655978DNSDeny inbound UDP from 10.50.15.6/55978 to 10.50.15.5/53 due to DNS Query What has me baffled is the only thing different between today and yesterday is the new server is windows server 2008 and the old one was windows server 2003. The new server has the same LAN ip address as the old one to make the changeover seamless for the users.
why all the sudden my ASA has decided to block the traffic between those machines? all the other machines can talk to it fine just not the domain controller, and seeing that this is a terminal server naturally you can see the problem i face!
this router has worked flawlessly for 2 years now without any config changes and i cant work out why its blocking traffic between those 2 machines.
Servers :: Trace Users Activities And Block Internet Connection?
Aug 26, 2012We've got Workgroup LAN at our office and the Server is configured by the OS “Windows Server 2008 R2”. Most of the users use OS Windows XP-Service Pack-2. Now, I want to see the Internet surfing status/activities done by any particular user/users at any time from the Server. You know that, some people enter into restricted sites which impose severe negative impact on the network. If I could trace from the Server any user of doing this, I shall block his Internet connection from the Server.
View 1 Replies View RelatedServers :: Small Office Networking With File Sharing For Certain Users?
Feb 4, 2012Right now every computer is connected through a workgroup and some computers are sharing files to everyone and some need a login to share other files. I want to run a main server where all the files are on that computer and have it share all the files to everyone else on the network. I'm not too familiar with Windows workgroup networking and file sharing.I want to have certain files accessible to certain computers and certain files accessible to everyone on the network. I'm under the impression that I have to have the main server with all the business documents. Then create separate accounts on the server and hand them out to each individual computer. After, go to each document and specify who can access what with read/write. Can I share some files to everyone and have certain files limited to other computers at the same time? How would someone access the shared files when you need a login and will this login conflict with files shared to everyone and files shared to certain people. I remember on my small business network I need a login for certain computers because it is shared to only certain people then how would I access the files shared to everyone when I have to login to see the server files to begin with?
View 1 Replies View RelatedCisco Switching/Routing :: To Manage LAN Users And Database Servers Traffic On Single 2960
Sep 6, 2012For my Lan, I have created two Vlan; Vlan 10 = for Users and Vlan 20 = For Database Servers,There are 15 Lan computer/laptop and 5 SQL database server (Dell Server) connected through same 24 port cisco 2960 switch. Means, 15 + 5 port occupied.
I have applied access list on cisco switch to restrict communication between vlan 10 and vlan 20.But My main purpose to create two Vlan is not for any kind of communication or restriction. My main Purpose is that Users traffic do not distrub or choke or affect the Database servers. then what will i need to do for that is VLAN Concept is sufficient for my concern OR I will need to buy seperate Cisco Switch to connect 5 database servers OR Else ?
Servers :: Connect 5 Servers Together To Create A Private Network?
Apr 16, 2011i'm trying to connect 5 servers together to create a private network.Each server has a network of it's own and i'm trying to make all 5 servers communicate with each other to share and search data simultaneously..
View 16 Replies View RelatedCisco :: Users From Remote Access VPN Can't Access Other Subnet
Nov 1, 2011Based on my diagram, my computer A (192.168.100.11) can ping and access my computer B (192.168.10.14). But, when i'm home and i use remote access vpn (192.168.200.x) in cisco asa 5520 to connect to my computer A is okay. But, when i try to ping my computer B is not okay. I already do the exemption for 192.168.100.x and 192.168.10.x in nat rules for inside interface (192.168.100.2) ...
Should i put routing from outside 1.1.1.2 to 192.168.10.x by using 192.168.100.1 as a gateway?
Servers :: Switch / Hub Sufficient To Connect All PC's To Modem To Connect To Internet?
Apr 12, 2011I am in the process of opening an internet cafe. I dont know exactly what a pc server does on the network... or do I really need one? Is the switch/hub sufficent to connect all pcs to the moderm to connect to the internet?
View 1 Replies View RelatedServers :: Access Backend In Ms Access Over Internet?
Jun 30, 2011How do i access an MS Access backend with a front end without using SQL or share point
View 3 Replies View RelatedCisco VPN :: ASA5505 DMZ To LAN Access?
Jun 26, 2012We have multiple servers on the DMZ (192.168.2.0/24) but they cannot access any resources in the Inside, by default. We would like to open up a Syslog server from the Inside (10.1.1.5) to the DMZ servers, so we can collect system log from the servers.
View 2 Replies View RelatedCisco :: Way To Grant SSL VPN Users Different Levels Of Access?
Mar 18, 2011I have a customer with an ASA5510. We have an SSL VPN (tunnel-based, or "SVC") that we use for remote access. That works great.They want to be able to use this same functionality, but add users who will not have the full access that the current SSL VPN users have. So in other words we currently have a small group of users who get full access to the LAN. Then they want to have a second group of users who will only have access to certain nodes.I'm wondering if there's some way to do this using LDAP between the firewall and the Radius server? The user gets put in a different tunnel group depending on what the FW learns from the server?We only have the Anyconnect Essentials license, so unfortunately we can't do a clientless SSL VPN, which otherwise might work well here.
View 3 Replies View RelatedCisco VPN :: 5505 Allow VPN Users To Access A Different VLAN
Jan 17, 2012I have an ASA 5505. I have configured Remote Access VPN so that users can connect to VPN and access my main VLAN (Inside). I would like to secure it so that when a user VPN's in, they are only allowed access to the HVAC vlan (Vlan 2) as seen in my configuration. Please note there is also a LAN- 2- LAN VPN which has been configured as well.
View 17 Replies View RelatedCisco :: 5510 - VPN Users Needs Access To All L2L Segments
May 17, 2013Client has a Cisco ASA 5510 with 4 L2L VPN's all using 5505's
The L2L connect to the "outside" interface as do the VPN Users (I'm leary of this
The VPN Users need access to the "inside" networks and all L2L subnets.
The VPN User has its own subnet (192.168.168.0/24( seperate from the Local LANs (172.16.0.0/16)
When the Users VPN in they can get to all the subnets connected to the inside interface but none of the L2L subnets
I have verified that the UserVPN Subnet is in the crypto acls and in the route statements of all L2L 5505s
Cisco Firewall :: ASA 5520 - Users Can't Access Through By Name
Mar 13, 2011I just configure an ASA 5520, here is the config (the ip address of outside network if going to change from private direccion by reason security).
The problem that I have is the users can access to the web site through the public´s ip address but they do not can access through by name. We review all the config on the server DNS and with the command NSLOOKUP we can see that work fine. The client think that the asa is blocked the connnection.
[code]....
Cisco VPN :: 5520 - Restrict Certain AD Users From Access?
Dec 13, 2012Is it possible to deny VPN access to specific AD accounts?
Currently setup with 5520, LDAP authentication for VPN users.
Cisco VPN :: Client Cannot Access Anything Through ASA5505
Nov 17, 2011Completly new to Cisco ASA and need to get this working ASAP.ASA 5505 8.4(1) is the secondary FW and I need for it to allow everything going out and block everything coming in but for the VPN clients. Since a Cisco moron, I used the ASDM and it's wizards to make this work, which might explain my situation.
[code]....
My Cisco VPN Client connects to the ASA and receives 10.10.101.1 IP address, but I get no connectivity to the ASA or any other 192.168.101.x server or service (tried telnet, RDP, ping, etc.)
Iomega STORCENTER IX2-200 Can't Access Users
Oct 19, 2011I have a STORCENTER IX2-200 CLOUD EDITION in my office with 3 machines hooked up via the router. I cant seem to access users when I enable the security. If i disable security i can get in. This is happening on Windows XP and 7. I've tried Iomega support and it all has to be done via email which is annoying.If i enable security I get the following windows error: \iomegakate is not accessible. you miht not have permission to use this network resource. access is denied.all the machines are logged on as administrator. I did fix this problem although only for a few hours after speaking to Iomega. They advised to use the Net Use command and delete all connections. Ive forgotten what it was now as they remote accessed in.
View 1 Replies View RelatedRestrict Internet Access To Particular Users?
May 28, 2011got myself the Netgear internal PCI wifi adapter today & it works just fine on my Windows XP SP3 desktop.
The only problem I have is the question of restricting access to kids @ home. If it was an external USB adapter, I could have just taken it away but the concern is the device being an internal & always available one. The user configuration on the PC is such that there is 1 main administrator (The actual windows "administrator" account) that no one uses. Apart from that,
- 1 user with admin privileges (me)
- 1 limited account for the kid
- 1 admin privilege account for the kid again (for purposes like installation of games which require an admin account as mandatory)
I would like for the wifi PCI card to work only when I login to my account. There must be someway by which I could disable the device or make the internet inaccesible in the other accounts,, (but pls bear that 1 of the account that the kid uses also has admin privilege)
I tried disabling the device from control panel but in vain.. (tried something like the sys admins do in corporates ..) disabling the usb ports on the PC's in my office..!
How To Allow Certain Users / IP Addresses Access To Website
Dec 21, 2012I want to create a website but only allow a certain user or group of users access to that website. Assuming that user or users will be from the same location, and likely the same static IP, can I throw a firewall between my internet connection and web server and only allow that specific IP address access to my web server by a rule?If there is a better way to handle that,
View 3 Replies View Related