Cisco VPN :: Changing The Server IP In A ASA 5505?
Sep 28, 2012
I know know nothing about cisco devices. Just wanted to get that out there. I recently came to a job that has a 5505 setup as the network gateway, and as a vpn for employees to work from home via the Cisco VPN remote client program. We had one main server that was domain controller, dns, and dhcp. It was a old 03 box, and I setup a new 08 r2 box on a different IP, and migrated all the above functions to it. Old server was a xxx.xxx.xxx.31, new server xxx.xxx.xxx.6. I found the java ASDM program(6.1) and connected to the ASA, and I have changed .31 to .6 in as many places as I can find, however, vpn clients on the outside can no longer connect to their desktops, as when i open a command prompt on their computer, the only IP they can ping is xxx.xxx.xxx.31, pinging xxx.xxx.xxx.6, or any other address fails. I'm guessing maybe it's in the firewall of the asa, but have no ideal really. Was there anything else I was suppose to do? Someplace I overlooked?
View 7 Replies
ADVERTISEMENT
Aug 17, 2011
I have an ASA 5505 running 8.2
I used the ASDM wizard (6.3) to set up a remote VPN. After slightly adjusting the wizards configuration the VPN is working well.
Now I need to change the Outside interfaces IP address. When I do that the VPN no longer works. If I change it back to the original value the VPN works again.
What configuration changes do I have to make regaurding the remote VPN after changing the outside interfaces IP address?
View 11 Replies
View Related
Nov 13, 2011
Running lms 3.2.1 CS 3.3.1 on Windows 2003
I need to point the LMS server to a new mail relay, but when I make the change in
CS->SERVER->Admin->System Preferences smtp server
It claims to have made the change successfully but the old IP address remains.
View 3 Replies
View Related
Jan 25, 2012
I am trying to change the DNS server that my VPN gives to VPN clients on a Cisco PIX 515E. What command will change it from 10.6.0.2 to 10.6.0.4? The software version is 7.2(3)
View 3 Replies
View Related
Nov 19, 2012
We are retiring our current radius server. It is windows 2003 IAS server (also a DC) that we use for 802.1X authentication. We are moving to server 2008r2. I have already installed NPS and Network Authentication services on the server.
On the existing IAS server I exported the settings (using iasmig reader.exe) and was able to import the profiles (I see the 5500 as a radius client etc) Our 5500 is still pointing to the old server.
Is it as simple as changing the ip of the RADIUS server to point to the new server? It looks like I actually have to add the new server and create a new pres hared key on the NPS server but only find documents on adding a new 5500 (vs flipping it to a new NPS server).
View 9 Replies
View Related
Nov 16, 2011
I added a new server and created a new static NAT assignment on the ASA 5510 to the server's IP. When I browse to the web to check what public IP it's reporting, it shows the wrong IP. I disabled the network interface on the server, ran "clear xslate", reenabled the network interface, ran "sho xlate" and while the correct translation was in the table, the server still reported the wrong IP address.I even ran a packet trace and it showed the IP address being correctly translated to the proper public IP, but when I browse to the web I get the same erroneous public IP. [code]
View 8 Replies
View Related
Jan 10, 2011
I am using Vista and have only one user accounts.Now I want to prevent changing the DNS server IP. I can prevent changing the DNS server IP or disable the LAN Properties.
View 4 Replies
View Related
Feb 23, 2013
Can I receive an answer to how can I remove the default smtp.cwjamaica.com from my Windows Outlook Account. This is a pop-up server that I wish to disconnect so I can use other facilities. This is the default server and it is no longer relevant to my location our current
View 1 Replies
View Related
Jul 11, 2011
My Network is running Windows Server 2003 and with more than 150 Users. But last week, I notice that a program is changing my DHCP server IP Address scope.
View 2 Replies
View Related
Dec 5, 2012
We have a 5508 controller authenticates with WPA2-enterprise to 3 possible AAA servers. Today I tried migrating our DHCP server from a Windows 2003 machine to Windows 2008 R2. Migration went smoothly and all wired clients could get IP's. Reservations intact, scopes intact, etc.. you name it. I though it was a great success.
Fast forward about an hour when people started coming into work for the day. Calls started coming in about their laptops not able to connect to the network. I double checked with a spare laptop in our IT department and also my iPhone. Same issue. Seems the only thing I changed today was the DHCP server (from 10.1.1.1 to 10.1.1.2).
After racking my head on it for awhile, I re-enabled the "old" dhcp server (10.1.1.1) and disabled it on the new (10.1.1.2). Instantly wireless clients were able to connect.
Am I missing some configuration step in the 5508 controller when moving DHCP servers? I do plan on running 2 DHCP servers (10.1.1.2 and 10.1.1.10) for redundancy once I get the primary one moved over and working correctly.
I want to decommision the older 2003 server. Its time to raise the domain functional level.
View 6 Replies
View Related
Aug 23, 2011
We have Cisco ASA 5505 with ASDM 5.2 We have one Proxy server in our Local Lab and pointed to Hosted service(Simple Signal)issue is, When our proxy server send register to hosted server, ASA change private IP and post with outside IP and src port as 1063 every time.
Here is debug log on real time monitoring.
Aug 24 2011 05:21:19 302015 203.xxx.xxx.226 192.168.1.51 Built outbound UDP connection 3774 for outside:203.xxx.xxx.226/5060 (203.xxx.xxx.226/5060) to inside:192.168.1.51/27014 (99.119.161.107/1142)
Aug 24 2011 05:21:19 607001 203.xxx.xxx.226 Pre- allocate SIP Via UDP secondary channel for inside:192.168.1.51/27014 to outside:203.xxx.xxx.226 from REGISTER message
Aug 24 2011 05:21:19 710005 203.xxx.xxx.226 99.xxx.xxx.107 UDP request discarded from 203.xxx.xxx.226/5060 to outside:99.xxx.xxx.107/1063
Here 99.xxx.xxx.107 is Our ASA Outside IP address 203.xxx.xxx.226 is Hosted server IP address. My ASA config is attached.
View 2 Replies
View Related
Mar 17, 2013
ASA 5505 Sec plus lic w/OS 9.1
I want to setup a quick and simple VPN server on my ASA. I want to do local authentication and, once authenticated, I want to allow all internal access. I only have 1 WAN IP. I'm finding a ton of conflicting info online. The ASA is already setup and is operational. I just need the correct commands to setup the VPN.
View 6 Replies
View Related
Mar 29, 2011
I have a ASA5505 in a branch connected to the head office via L2L-VPN. The clients at the inside of the ASA can use the DNS servers in the head office through the VPN tunnel. The ASA is configured to use these DNS servers, too.
dns domain-lookup outsidedns domain-lookup ADMdns domain-lookup insidedns server-group DefaultDNS name-server 172.17.6.225 name-server 172.17.6.227 domain-name some.name management-access ADM
The VPN ist connecting the networks behind interfaces inside and ADM to the network at the head office.
When the ASA is resolving a hostname it tires to use these servers. But it does via outside interface.
gw700# ping heise.deMar 30 2011 07:58:49: %ASA-6-302015: Built outbound UDP connection 35360 for outside:172.17.6.225/53 (172.17.6.225/53) to identity:117.135.114.78/2117 (117.135.114.78/2117)DNS: get global group DefaultDNS
[Code].....
View 2 Replies
View Related
Feb 6, 2013
I have a Cisco ASA configured for Any Connect clients. I also want to pass 443 traffic back to an internal web server, but not sure if I can do this since the Any Connect clients are already connecting over 443 to the ASA, right?
View 8 Replies
View Related
Dec 29, 2012
We have a business case where we have a group of ASA 5505's in 3 locations with anyconnect user licensing on all 3 for redundancy.The problem we are facing is that when we need to authenticate our anyconnect clients we use active directory servers located at site 1 and the other 2 sites need to contact these MS AD Servers over an already connected VPN tunnel to site 1 (IPSec l2l) but cannot.So the layout is as follows:Site 1 (houses AD servers) has l2l tunnels to site 2 and 3Site 2 (any connect essentials enabled) has l2l tunnel to site 1 and 3Site 3 (any connect essentials enabled) has l2l tunnel to site 2 and 3AD servers are ip'd as 10.1.1.11 and 10.1.1.4If I use anyconnect to site 1 it authenticates fine - as expected.Site 2 and site 3 fails to contact AD serverAny thoughts on how we can accomplish this(or is it even possible to do?) without exposing the AD server in a DMZ or via external ip?
View 1 Replies
View Related
Jul 9, 2012
We have a Cisco ASA 5505. As of yesterday we could no longer access our web server (the web server is hosted off-site). Pinging the DNS address and direct IP (from the firewall and a PC) both return no response. Pinging the IP from the T1 router responds properly, meaning the router can access the web server, but the firewall cannot. Accessing the web server has never been a problem, and no configuration changes have been made to the network/firewall. Other locations can access the web server just fine.
View 1 Replies
View Related
Feb 24, 2013
I have a Cisco ASA5505 and windows DHCP server, how do I add this external server to ASA so my PC clients can get DHCP from this server?
View 3 Replies
View Related
Feb 11, 2013
I'm configuring a Cisco ASA 5505 ASA Version 8.3.1 I want to publish my web server is in the DMZ (10.30.30.1) and server address is 10.30.30.30 but it still fails.I have only one public IP, and hope that when they call the Public IP, my web server appears, another problem I have is that when I assign the public IP to my interface OUTSIDE my LAN loses internet connection.I have to do to publish my web server and the LAN computers have internet access?
View 16 Replies
View Related
May 2, 2012
I am running ASA 5505 release 8.2(4) using a clientless SSL vpn to connect my assessors to the server via RDP to a Terminal server. Everything was working fine until last week when we had a Internet outage. During the outage some of the assessors claimed to have accepted a Cisco add-on to get into the site. once the internet came backup they could not connect to the terminal servers - what would happen is they would click on the link - say OK to connect the clipboard and the screen would pause for a few seconds then right back to the select options page.
they can get to other servers (non-terminal servers) but not to the ones they need. I can recreate the issue by waiting a REALLY long time before replying to a prompt to install an cisco add-on. I have users that can connect and others than can not. Also this only seems to affect Internet Explorer 8 and 9 does not affect Firefox
View 1 Replies
View Related
Nov 15, 2011
I want to configure my Cisco asa 5505 as a dns server, so that when i configure any of my network systems ip address and use my firewall as a default gateway and dns ip, the system should be able to browse internet.
View 5 Replies
View Related
Feb 19, 2013
Im trying to configure remote access VPN on ASA5505. I configured it as local CA server, installed digital certificate on remote station and everything looks fine as far as i can see. I'm using cisco VPN client 5.0 on remote station. when i initiate VPN session it fails while trying to connect. Looks like im missing some configuration but i cannot figure out what it is. Currently i have firewall configured to use group authentication and everything works fine. I want to switch it to use certificate authentication, and if possible, confiure firewall to use main mode instead of aggressive mode for better security.
View 4 Replies
View Related
Oct 4, 2011
Is there a way to backup the configuration file to a tftp server? I've tried "copy start tftp" and copy run tftp". No luck, I get an error message.
View 1 Replies
View Related
Feb 19, 2013
Do I create an SMTP Network Object and send TCP traffic throught NAT?
Or do I go to the ASDM's Configuration/Firewall, choose Public Servers, and choose Private Interface=inside, Public Interface=outside, set the private/public IPs, and choose SMTP as the service? This seems much simpler, but is it the correct way to do it?
I am using ASDM 6.4(5) and would like to use that versus the CLI.
View 4 Replies
View Related
Jul 8, 2012
Instead of using a IP address I would like to use a host address that points to a NTP pool.An example would be:ntp server 0.north-america.pool.ntp.org Can this be done on the ASA series?
View 1 Replies
View Related
Feb 21, 2013
we have a cisco asa 5505 and it working great .i want to create web server that only selected public ip address can access.
View 3 Replies
View Related
Apr 25, 2011
I have setup an ASA 5505 w/ Security Plus with three subnets. The subnets are as follows:
VLANSubnetWAN 10.0.0.80/29LAN192.168.1.0/24DMZ172.30.200.0/24 ]
The ASA is the gateway router at .1 for the LAN and DMZ networks. On the WAN network, the ASA occupies .85 and uses .86 as it's gateway to the Internet. Clients on the LAN are able to access the Internet without any troubles. I have a static NAT setup to map the DMZ server's 172.30.200.81 address to 10.0.0.81. I also have a general NAT that should allow other servers on that network to access the internet, but no machine at all on that network can route outside of 172.30.200.0/24. I used the packet tracer and had it trace traffic coming from the DMZ network to the Internet, and it did not show me any conflicts with any of the access lists or anything else. However, no matter what I do, I cannot initiate traffic from the DMZ and have it go out to the Internet successfully.I attempted to follow the directions in the article PIX/ASA 7.x and above: Mail (SMTP) Server Access on the DMZ Configuration Example; but I have obviously missed something, done something wrong, or perhaps the example assumes something about my configuration that I have not done. See the attached config file that I have scrubbed. I have removed VPN configuration information and other unnecessary parts of the config file to make it easier to read. I have setup an ASA 5505 w/ Security Plus with three subnets. The subnets are as follows: VLANSubnetWAN 10.0.0.80/29LAN192.168.1.0/24DMZ172.30.200.0/24 ]
View 4 Replies
View Related
Jan 12, 2011
I have a client in a workgroup environment. They are a small company with perhaps twenty systems. Their infrastructure consists of a Dell Switch, a Cisco ASA-5505 which hands out the DHCP and a router. And that's that.They have been using an external IP as their DNS Server to get out to the Web. However, they now want to add an internal Linux-based DNS server.In looking through the ASA-5505 today I noticed a field for DNS enteries. Is this where the IP for this new internal DNS Server (in the secondary DNS field) would go?If so, would it be necessary to reboot the ASA-5505 for this change to take effect?
View 12 Replies
View Related
Nov 1, 2012
I get the following message when appling "DHCPD ENABLE INSIDE"
DHCP: Interface 'INSIDE' is currently configured as CLIENT and cannot be changed to a SERVER by a SERVER feature
This is an ASA 5505 Running 8.2.
View 14 Replies
View Related
Feb 10, 2013
I add a new Cisco ASA 5505 as firewall in of company network. I found the PPTP authentication did not get through to internal Microsoft Server.
ASA Version 8.4(3)!names!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1switchport access vlan 2!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip
[Code]....
View 4 Replies
View Related
Mar 2, 2012
I have 3 external ips from my isp:
222.222.222.221
222.222.222.222
222.222.222.223
The first one I use to provide internet access to my office. The other two I'm going to use for the following: I'm going to deploy a server in internal network which must have 2 external ips on his network interface (& one internal ip on the second,but that's ok: I cannot put an extra network switch before asa & plug this server there: this server is virtual & is on esxi host in internal network. External ips must be assigned to servers' interfacw,bot just forwarded there (ms direct access requirement).
My current config:
!
ASA Version 8.4(3)
!
hostname msk-office
[Code]....
View 20 Replies
View Related
Apr 28, 2011
So I have three ASA 5505 firewall. my firewalls we are in the test environment. I read on the net that when you have a situation like in my company where are headquarter and two offices, i should put in each branch office and headquarter one asa firewall and a firewalls should be configured as easyvpn.
VPN server is in headquarter and easyvpn's are in branch offices. i tried everything, but we could not configure them. maybe it's not a problem that in my test environment at my the external interfaces which have static addresses on these three firewalls, respectively serever 192.168.2.1, 192.168.2.2 and 192.168.2.3 client client. I seted firewalls by following the instructions, but does not work
[URL]...
I solved the problem with the server as a remote access VPN. client workstations that are on the 192.168.2.0/24 network can access a local LAN via VPN. But when you put the ASA 5505 firewall. clients on the LAN side of the firewall can not access the VPN. I use software products Cisco VPN Client 5.0.06, but when I create a connection and try to connect to get an error secure vpn connection terminated locally by the client. reason 412: the remote peer is no longer responding.
View 2 Replies
View Related
Oct 7, 2012
i want to setup a vpn connection between Cisco asa 5505 and centos server.
Here is my senerio:
ASA 5505
Public IP address 155.155.155.2
Local NETWORK : 192.168.6.X
Centos Server
------------------
Public ip address : 155.155.155.6
View 3 Replies
View Related
May 25, 2011
I would like to allow users from network 10.132.23.0/24, 10.132.33.0/24, 10.132.24.0/24 access to our SQL server(192.168.1.7) located on the inside interface(192.168.1.0/24 network) Those networks (10.132.0.0/16) come from the DMZ interface.
View 12 Replies
View Related
