Cisco VPN :: Configure VPN To ASA 5505 Behind ASA 5510?
Aug 14, 2011
Attached is a diagram of my network. My company has leased some office space to an outside company that handed me a 5505 and said "We want to VPN to our HQ through your Internet". I have two issues: I need this to work and I need to be able to access the 5505 from the management network. I don't care about the VPN aspect as much as making sure that I have basic communication down. I have everything configured per the diagram, but I can't ping the 5505 outside (Vlan 2) interface. I want to be able to configure and test the VPN setup on the 5505 from Putty on my PC.
The default route on the 5520 sends traffic to 10.10.1.1 and the default route on the 5510 sends traffic to the WAN interface. I added this route on the 5510:
outside 10.94.4.0 255.255.255.0 10.10.8.1
I still can't ping the default gateway on the 5505. There is a switch between my PC and the 5520 but the default route passes the traffic to the 5520. However on my tracert I don't even get to the 5520. Do I have to add a route to the switch just to manage the ASA 5505?
View 1 Replies
ADVERTISEMENT
Mar 18, 2012
I am absolutely new in the enterprise firewall world but I would like to start learning how to configure ASA 5505 and 5510. I did some research myself and I found that the material or the topic itself is a huge adventure (lots to read and understand). My company uses IOS versions until 8.2 due to the differences in the NAT-ting rules with 8.3 and 8.4.
View 1 Replies
View Related
Jan 6, 2013
We have a MPLS T1 installed at the main office. I just purchased ASA 5505 to configure site to site VPN connection. The ISP have VIP mapped with 1 block of public ip addresses.configure the asa 5505.
View 0 Replies
View Related
Sep 11, 2011
I'm having a problem configuring an ASA 5510. A previous employee started the config and left abruptly. He established a VPN Tunnel between two of our sites and that's working without an issue. The problem is, the network behind the 5510 at the remote location cannot access the internet.Â
ASA Version 8.2(1)
!
hostname PH-Firewall
domain-name pleasehelpme.com
enable password HXrQty4kqW8s8yeE encrypted
passwd ucA.qrYJWD9UyIFz encrypted
names
[code]....
View 12 Replies
View Related
Mar 3, 2013
I am confiuging a DMZ on my ASA 5510 but I have run out of physical ports, since I have dual Wan ports configured. I plan to implement a DMZ using subinterfaces. I have 2 questions:
Â
1) Do I need to configure a Vlan to complete this task?
2) Do I need to re-configure the other interfaces for subinterfaces and/or vlans as well?
View 4 Replies
View Related
Jul 25, 2011
I'm trying to configure an asa 5510 8.2(1)?I have a range of pub ips 3*.108.234.145-150
Â
>>> E0/0 3*.108.234.146 outside public    Â
>>> E0/1 192.168.1.1 inside      Â
>>> E0/2 192.168.3.1 dmz         Â
Â
would like to map dmz host 192.168.3.107 to external 3*.108.234.147 on port 5000 and 50001 LOCAL LAN should also be able to get to dmz host ports.i've tried a few configs and also following this example:
Â
[URL]
Â
without any luck, here is my config, also posted the out put of show arp which is able to see and ping the host on dmz, also the output of show access-list which shows hits to it.
 Â
prophase-pix(config-if)# show running-config
: Saved
:
ASA Version 8.2(1)
!
hostname prophase-pix
enable password encrypted
[code]....
View 2 Replies
View Related
Apr 4, 2012
I'm trying to get a tunnel to come up between a 5510 and a 5505. I currently have a vpn tunnel up and running from the 5510 to another remote site. [code]
View 2 Replies
View Related
Feb 28, 2012
I need to allow connection from IPHONE (in Internet) to connect Exchange on private network, synchronising with activesync (https) We have a microsoft TMG on frontal (inside network)
Â
What is the method to parameter CISCO ASA using clientless access: Port forwardind? smarttunnel, web proxy? Nat?
Â
i want the activesync request to cross ASA to go directly on TMG without asking password and user
View 2 Replies
View Related
Dec 5, 2011
I have a Cisco ASA 5510 and a Cisco ASA 5505. I want to configure the ASA 5510 as Easy VPN Server and 5505 as Easy VPN hardware client.Using either CLI or ASDM.
View 1 Replies
View Related
Aug 21, 2012
I recently bought an all brand new ASA 5510 and it is here by my side. I'm trying to configure it but when entering https://192.168.1.1/admin I get Page Not Found error on IE. I'm able to ping 192.168.1.1 and have success telnet 443 port.
View 13 Replies
View Related
Aug 16, 2011
how to configure public ip on router 1841 and ASA 5510. let me show you my issue that: i have router 1841 ( for F0/0 use pubic ip add 10.10.10.1 /30, and F0/1 use other rang public ip add 20.20.20.1 /24) and on ASA 5510 i use public ip add E0/0 20.20.20.2 /24 ) all this for public ip add and my lan ip is 192.168.0.1/24.
Â
could you let me know how to configure on router 1841 and ASA 5510. for router 1841 if you use private ip we can use nat but for all public ip add how can we do it?
View 9 Replies
View Related
May 2, 2011
Have a new ASA 5510 connected to the laptop via console. I need to load the IOS and the configure from another ASA. I have tftp client on the laptop. Do I just need to set the inside IP to the same subnet as my laptop? Will I need a crossover cable?
View 1 Replies
View Related
Jun 15, 2011
I have an ASA 5510 and I can not configure fine.
My problem is that I have 10 public address connected to ASA and each public address is redirectioned to an internal IP address.
An of these public address is the ip address of mi ASA.
Â
how to configure and access-list and an NAT, the others I will configure.
Â
interface Ethernet0/0
description Interface_WAN_World-Ttrends
speed 100
duplex full
nameif outside(code)
View 59 Replies
View Related
Jun 8, 2013
I have 2 ASA5510-SSL50-K9, can I configure HA Failover ?
View 7 Replies
View Related
Mar 27, 2013
I am attempting to set up failover dual ISP on a 5505 running 8.4(4) with the Sec Plus license. Everything i have been able to reference so far, points to old commands not available or relevant in 8.4
Â
For instance:
Â
global (backup) 1 interface
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 20.20.20.1 1
route backup 0.0.0.0 0.0.0.0 30.30.30.1 10
Â
What is the new syntax that should be used to mimic these commands? I have the sla and trach reachability configuration already set up.
View 1 Replies
View Related
Mar 19, 2013
I am trying to configure an IPSEC vpn on an ASA5505 I setup an SSL vpn and it works fine, I can browse to the https: address log in and connnect to servers However when I try to setup the ipsec client access vpn it will not connect and I am getting the errors below I used the wizard for the initial configuration Looks like the inital IKE is being blocked or dropped?
Â
%ASA-7-710005: UDP request discarded from my external IP/35781 to external:ASA-external/500
%ASA-7-710005: UDP request discarded from my external IP/35781 to external:ASA-external/137
View 10 Replies
View Related
Sep 14, 2011
I have a firewall Cisco ASA 5505, and currently it is a command line firewall. I want to configure ASDM so that i can use it as a GUI Web Base interface.I really don't know what to do. How can I configure ASDM on my firewall.
View 7 Replies
View Related
Nov 15, 2011
I want to configure my Cisco asa 5505 as a dns server, so that when i configure any of my network systems ip address and use my firewall as a default gateway and dns ip, the system should be able to browse internet.
View 5 Replies
View Related
May 17, 2011
is it possible to configure an ASA 5505 with two internet connections? One dedicated for VPN and the other one for Internet access only.
View 9 Replies
View Related
Mar 20, 2012
Got new ASA5550, code 8.2.2 in flash, can't configure "nameif" or "ip address" on the interfaces: [code] These are all the options that I get! Another weird thing I noticed is "<system>" string in "show ver" top line: [code]
View 2 Replies
View Related
Mar 25, 2013
I have a test ASA 5505 at home. The DHCP IP address in my real home firewall is 192.168.1.x and as you are aware the default ip address in ASA is the same. how to configure the ASA.
In the link below there is an instruction, it seems it is working for everybody except me. I followed the instruction up and the only change was assigning the IP address, which I chose something other than 192.168.1.x But after the step of creating NAT, I do not have access to the internet. [URL] Also I followed the link below, but the revision of the ASDM in the instruction does not match with mine, so I was not lucky to figure the device.[URL]
1- How can I configure the ASA 5505 with an IP address different than 192.168.1.x (at home = no incoming static IP address = DHCP on subnet 192.168.1.x for the incoming internet) I have installed ASDM 6.3 on my laptop (From work) but when I connect to the ASA it wants to install ASDM 5.7.I tried to connect to the device through ASDM 6.3 and input the IP address 192.168.1.1It takes for ever and it does not connect to the device
2- How can I connect to the device by ASDM 6.3 or any ASDM with higher version than the original of the device?
View 17 Replies
View Related
Dec 10, 2011
i want to connect to asa 5505 (office 1) using vpn from ASA 5510(office 2)...The network guy in office 1 has asked me to setup ASA 5510 has hardware client mode.
i have the following details from office 1
host peer address of office 1 :Â A.B.C.D,
phase 1 encryption : DES
phase 1 Authen : SHA
Diffie helman : group 2
Groupname : MNC
IP Schema remote site network : 170.31.0.0 255.255.0.0
password : Cisco$123
Â
 In asa 5510 ,
Â
ASA Version 8.2(5)!hostname CISCOASAenable password 5EpARJwwtf4VFC9S encryptedpasswd 5EpARJwwtf4VFC9S encryptednames!interface Ethernet0/0nameif outsidesecurity-level 0pppoe client vpdn group DADAip address pppoe setroute!interface Ethernet0/1nameif insidesecurity-level 100ip address 192.168.10.1 255.255.255.0!interface Ethernet0/2shutdownno nameifno security-levelno ip address!interface Ethernet0/3shutdownno nameifno security-levelno ip address!interface Management0/0nameif managementsecurity-level 100ip address 192.168.1.1 255.255.255.0management-only!ftp mode passiveaccess-list 124 extended permit esp any anypager lines 24logging asdm informationalmtu outside 1500mtu inside 1500mtu management 1500icmp unreachable rate-limit 1 burst-size 1no asdm history enablearp timeout 14400global (outside) 1 interfacenat (inside) 1 0.0.0.0 0.0.0.0timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp
[code]......
Â
What more i need to add to get the vpn connected with ASA 5510?
View 1 Replies
View Related
May 7, 2013
for testing purposues i wanted to exchange a running ASA 5510 with a ASA 5505. I included the running configs from both the ASA 5510 and the new configured ASA 5505.
 Â
On the running ASA 5510 there is:
Â
one interface for WEB
static IP xx.xxx.xxx.178
route 0.0.0.0 xx.xxx.xxx.177
[Code].....
View 1 Replies
View Related
Jun 29, 2011
i have a small asa 5505 trying to connect to a asa 5510
Â
cisco-26834# sh crypto isakmp sa
  Active SA: 1   Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)Total IKE SA: 1
1  IKE Peer: 216.**.**.146   Type   : user           Role   : initiator    Rekey  : no             State  : AM_CTCP_WAIT_REPLY
 Â
here's the full debug for the 5505 :
Â
cisco-26834# Jun 30 03:35:26 [IKEv1 DEBUG]: IP = 216.**.**.146, IKE AM Initiator FSM error history (struct &0xc66a55b8)Â <state>, <event>:Â AM_DONE, EV_ERROR-->AM_CTCP_WAIT_REPLY, EV_CTCP_LINK_FAIL-->AM_CTCP_WAIT_REPLY, NullEvent-->AM_CTCP_INIT, EV_REQ_CTCP_LINK-->AM_START, EV_START_AM-->AM_START, EV_START_AM-->AM_START, EV_START_AM-->AM_START, EV_START_AM
Jun 30 03:35:26 [IKEv1 DEBUG]: IP = 216.**.**.146, IKE SA AM:c045cc52 terminating:Â flags 0x01000021, refcnt 0, tuncnt 0
Jun 30 03:35:26 [IKEv1 DEBUG]: IP = 216.**.**.146, sending delete/delete with reason message
Jun 30 03:35:26 [IKEv1]: IP = 216.**.**.146, Error: Unable to remove IPSec/TCP entry
[code].....
Â
what should i check on my 5510 ?
View 1 Replies
View Related
Jun 27, 2012
my company has the asa 5505 working as the remote access vpn server. my company needs more licenses for vpn than the asa 5505 give it. because of my company purchased the asa 5510. i must migrate configuration from the asa 5505 to the asa 5510. i exported configuration file from asa 5505. i made the changes on them and imported them in the asa 5510. my asa5510 doesn't work. i putted configuration files from asa 5505 and 5510.
View 10 Replies
View Related
Aug 14, 2011
My company has leased some office space to an outside company that handed me a 5505 and said "We want to VPN to our HQ through your Internet". I have two issues: I need this to work and I need to be able to access the 5505 from the management network. I don't care about the VPN aspect as much as making sure that I have basic communication down. I have everything configured per the diagram, but I can't ping the 5505 outside (Vlan 2) interface. I want to be able to configure and test the VPN setup on the 5505 from Putty on my PC.
Â
The default route on the 5520 sends traffic to 10.10.1.1 and the default route on the 5510 sends traffic to the WAN interface. I added this route on the 5510:
Â
outside 10.94.4.0 255.255.255.0 10.10.8.1
Â
I still can't ping the default gateway on the 5505. There is a switch between my PC and the 5520 but the default route passes the traffic to the 5520. However on my tracert I don't even get to the 5520. What's going on here? Do I have to add a route to the switch just to manage the ASA 5505?
View 30 Replies
View Related
Sep 23, 2011
I am trying to configure remote access VPN to my network, i have a Cisco ASA 5510 IOS 7.0(7).
I configured the VPN using ASDM 5.0.9 and below is the configuration received:
access-list 90 extended permit ip 192.xxx.xxx.0 255.255.255.0 192.xxx.xxx.248 255.255.255.248
access-list ClientVPN_splitTunnelAcl standard permit 192.xxx.xxx.0 255.255.255.0
ip local pool VPNIpPool 192.xxx.xxx.250-192.xxx.xxx.252 mask 255.255.255.0[code].....
View 5 Replies
View Related
Jan 11, 2012
Can i configure proxy on ASA 5510? i.e for internet use my user should be authenticate by ASA5510 and after successful authentication user should be allowed to access internet and futher is it possible to do bandwidth managment with ASA5510?
View 1 Replies
View Related
Apr 13, 2013
I have a few devices that the manufacturer told us we have to set with a public IP (No Natting) We have Internet ->ASA5510-> Switch 3550 with 3 vlans. Up to now we have always use Natting to configure internet access to specific devices. I heard setting up a witch with one VLAN connected to the internet and all other internals is a bad idea. that was the only Idea we had.
View 3 Replies
View Related
Dec 13, 2011
how to configure ASA 5510 anti X edition ? Can I have a link explaining the configuration step by step ?
View 2 Replies
View Related
May 22, 2012
i have a cisco asa 5510 and would like to add a NAT rule for a range of ports like 50000-59999
View 15 Replies
View Related
Dec 9, 2012
I have to configure a default-factory firewall (ASA 5510) in a simple scenário like this image represents:At this moment i have configured the interfaces as represented above and at this moment what i want is grant access from a LAN computer (10.10.0.0/24) to the internet.
Â
Should i configure some acl? I read that all traffic from an interface with a superior security level to other interface is allowed, so since my inside interface has a security level of 100 and the outside 0, it should be possible access to internet from an inside computer?!
Â
From all configurations and examples i have seen around, they all contemplate a fixed IP address from the ISP, but in my scenário i have a dynamic one. This fact matter for the configuration i want to do?
My firewall is running the software version 8.2(5).
View 7 Replies
View Related
Jan 30, 2012
Is there a way to send an SNMP trap form the ASA when port 80 is trying to be accessed??
We use the ASA5510 and also use ScanSafe Web Security. Web Security is great but we find ourselves worrying if user has edited their Browser connection settings to remove the proxy settings that we push down using Group Policy. We also cut off the users ability to make changes to those settings but it interferes when I need to troubleshoot a special program that cant use a proxy server. It just makes it harder for me. The other thing is that Group Policy only works for IE. Google Chrome will inherit the system settings in IE. So we have Safari and Firefox as well as a lot of others to worry about not getting the configuration. There is also debate about limitting the use of anything but IE and FireFox.
Â
Without laying down the law and getting all sorts of hate mail and death threats I would like to run ScanSafe in such a way as to make sure each user receives the Group Policy settings and that is all.
Â
I would now like to just set up an SNMP trap on the ASA for ANY traffic that is trying to get to port 80. Either get in in my syslog server or have the asa email me directly. Scansafe sends the Internet traffic out on 8080 to the Proxy towers.
Â
I could block port 80 outbound but again, I limit my ability to troubleshoot on the fly. I would have to break this every time I need to troubleshoot.
View 1 Replies
View Related
