I have easy vpn on my PIX 515e and working normally everywhere, except when my users go FRANCE, the vpn client connect, but, can't ping or access any inside network resources. when same user try any where here in EGYPT, it works normally.
View 2 RepliesI have setup a VPN connection on a 891 router. I can connect to the VP both but am unable to ping or access any resources on the remote network.
Here is my running configuration:
[code]...
I' d like to have some support for a very-basic PIX firewall configuration. I 'm dealing with PIX 515E. Inside hosts can ping inside interface , outside hosts outside interface and so on. Simply i cannot ping outside interface from inside hosts, Inside host-192.168.1.0
Outside - any host like google.com, or to check my isp link's dns ip. I have attached the pix configuration text file to test.
I have a PIX 515E that I want to use to as a border between my internet connection and my Cisco AIR1131AG. I have configured the PIX to have the outside interface as a dhcp client which gets its dynamic IP address from the cable modem. the AP is connected to the E1 inside interface. Now I could see the E1 interface from the arp table from the AP but I cannot ping it. From the firewall I don't see the ARP table from the firewall. and i cannot ping the AP. what is wrong with the configuration? side note, i am able to connect to the AIR1131AG from my laptop I was not able to retrieve an IP address.
FW1 - CONFIGURATION
interface Ethernet0 description uplink towards the techsavvy modem speed 100 nameif outside security-level 0 ip address dhcp setroute !interface Ethernet1 description >>> WIFI LAN ACCESS <<< nameif inside security-level 100 ip address 10.0.0.1 255.255.255.0
[Code].....
I have recently deployed a Cisco ASA 5510 Security plus firewall on my companies network, but there is a problem that I am finding hard to get by and I think it is ASA related.
From (inside we are not able to hit any of our sites that are on the (outside). I have nat policies in place to translate the public to private, but I think I that I need some thing more. This seems to be occuring mainly with our external web sites as well as another animoly with regards to FTP (but it may be fixed if the http issue is resolved.)
I was hoping some with a lot more knowledge on ASA firewalls than my self can spot the error in my run-cfgs.
[code]....
I am trying to access and ping the inside interface of a ASA5505 from a remote network. From the remote network, I am able to access anything on the local network, but the ASA5505 inside interface.The 2 networks linked by a fiber link which have a transport network on another interface. From the remote network, I am able to ping the transport network interface IP, but I would like to be able to ping the inside interface IP. When I do a packet tracer, I get a deny from an implicit rule.How can I achieve that?
Here are the subnets involved and the ASA5505 config.
Remote network : 10.10.2.0/24
Local network : 10.10.1.0/24
Transport network : 10.10.99.0/24
[code]....
I have 2 questions.Om my cisco 2811 (IOS 12.4(15) T9 IPBASE W/O Crypto) i am using 3 interfaces.And i have a pool of Global addresses: 200.x.z.97-200.x.z.126 255.255.255.0
FastEthernet 0/1 description WAN interfaceip nat outsideip address 200.x.y.253 255.255.255.0
GigabitInterface 0/2/0description DMZ interfaceip nat insideip address 10.0.0.1 255.255.255.0
GigabitInterface 0/3/0description LAN interfaceip nat insideip address 192.168.0.251 255.255.255.0
[Code]....
I have a PIX 515E V7.0.4 and I'm having trouble with http access between the inside interface and a DMZ zone I have. I have a web server setup in the DMZ with an web interface to upload/download files. I can connect to this interface from a workstation in the inside network but when I try to download a file it is incredibly slow. If I upload a file there are no speed issues. If I connect using an https connection then both upload and downloads are at speeds I would expect.
I have disabled http inspect but this didn't improve the speed connection.
Other http communications from inside to outside do not have any speed issues in either direction.
I’m configuring a L2TP IPSEC VPN on a 5505 asa so that windows 7 clients can natively connect. It connects correctly during Phase 1 and 2, but I can’t ping anything or access resources on the internal network. This is my first time working with an ASA.
Master# sh run
: Saved
:
ASA Version 8.2(2)
!
hostname Master
domain-name service.local
[code]....
The Linksys is connected to a cable modem and a Dell Vostro system, the Netgear is connected via Cat 5 to the Linksys and the Linksys is the DHCP provider to the Netgear.The Vostro shares hard drives, folders and printers to the networkBoth have wireless and wired users.They are each DHCP providers to their users.How must I configure each to provide users on both routers access to all network resources
View 2 Replies View RelatedI have two places that I work out of. One is in Romania and one in Bulgaria. In Romania, I have a small office/home network set up. It has at least 8 computers (including the three that I have with me currently - some wireless and some towers) and a couple of android phones and Ipods. I have no trouble accessing any of the computers shared folders or them accessing mine. There are a varity of operating systems used there from XP, Windows 7 and Mac.Everything works great. All the computers can access each other shared resources. All the computers are set to get IP automatically from my DLink DIR - 600 router. I have brought my three computers to Bulgaria (tower and two laptops). They are all set the same- no changes in settings. However, in Bulgaria, All three computers CAN access the internet but NOT each other.
[code]...
I'm working on setting up a couple of new WAN sites with 256K frame relay circuits back to our main building. Each new site has a new PVC, and both are pointing back to a PVC on a T1 at the main building. The main site has a 2801 with a single CSU/DSU WIC, and each new site has a 1841 with a 3560 connected to fa0/1. At both sites, I'm able to get the circuit up, and the serial interfaces at both new sites show up/up, and the subinterfaces at the main site also show up/up for both sites. Routing is being done by EIGRP, and both sites are able to establish the 2801 as an EIGRP neighbor, and I'm able to ping/tracert anywhere on our network by name or IP, so routing and DNS appear to be working. I can also ping both new routers from the main site. However, that's about all I can do. I'm not able to access any resources on our network (email/shares/internet/intranet/etc) from the two new sites. I can ping the new routers/switches from the main site, but can't ssh to them. I can ssh to them locally. There are no firewalls in the equation, and I don't think there are any ACL's in the picture either.
Can ping and tracert just fine anywhere on our network (from both the 1841, a PC plugged into the 3560, or a PC plugged directly into the fa0/1 port on the 1841), including out to the internet, by name or ip.Can ssh to local router, but not to anything that isn't localDNS is workingDHCP not working using ip helper pointing to DHCP scope on server at main site, have to use static IPCan't rdp to anythingCan't get emailCan't browse windows sharesCan't get to any websites, external or intranet. IE says "Website found, waiting for reply..." but eventually times out.
I did some testing for communication over certain port numbers using telnet and nmap, and found the following:
Can telnet to url.. and local intranet webserver on port 80 (http)Can telnet to two of our Exchange Servers on port 25 (SMTP)If I run an nmap scan on url...com, or our intranet webserver, it confirms that 80 and 443 are open, but the pages will not load. I am able to telnet (port 23) to a state mainframe via the internet that some of our employees use, and I do get the expected login screen. I tried erasing the config one of the new routers, and just added back the bare minimum config to get the circuits up (serial/ethernet interface configs, eigrp), but saw the same symptoms.
One other thing to note: the 2801 at the main site has three other frame relay sites connected to it on the same WIC as the new sites, all of which are working fine.
I just don't understand why I can ping everywhere I need to be able to ping, and port scans show that communication is open over needed ports, but the applications don't work.
I am having a problem configuring my ASA 5505 for NAT.
View 3 Replies View RelatedAfter I change my router, I recently found out that I cannot access remote network resources after VPN tunnel is established. I use CISCO System VPN client. I can see the connection is successful. I cannot ping server on the remote network
View 2 Replies View RelatedI have a Cisco 881 setup with the following VPN config.
[code]...
The client is able to connect just fine to the network via VPN, but I am unable to gain access to any of the local resources. I know 192.168.1.1 has SSH running and 192.168.1.50 has telnet running but if I try to connect to either using the correct program they just timeout. I am really at a loss on why the vpn connection connects but I can not gain access to any of the resources on the VPN network.
A pix 515E with software 8.0(4)28 connects the inside and outside networks. There are some servers in "outside" that have addresses overlapping with the internal subnets (192.168.10.25 and 192.168.10.26), and those servers have a reverse route only to a specific subnet (172.16.5.0/24). [code) Now to the problem. 192.168.10.26 is an HTTP server. On the pages it has hyperlinks pointing to http://192.168.10.25, the browser tries to access that server and, surely, fails, as the target server is only available by sending requests to 172.19.100.1, with the packets being DNAT'ed.Is it possible to rewrite the packet's body, replacing all occurances of url... I know it's a kludge, but other options are even worse.ASA eith 8.4 software? IOS router?
View 2 Replies View RelatedI have a PIX 515e running version 7.2(4).I have 2 interfaces - DMZ3 (sec lvl 50) and LAB (sec lvl 100) behind the pix. There is also the OUTSIDE interface (sec lvl 0) which connects to the internet.In DMZ3 I have a webserver - x.x.124.217/24 (host is NATed via static command to public IP)In LAB I have a server - x.x.1.203/24 (entire range is NATed via NAT/Global statements to public IP)The server in LAB needs to access a webserver in DMZ3. From the internet both of these hosts have public addresses that are NATed into the inside addresses. I can reach the webserver from the internet, but not from the LAB interface.I think I have to add a static command so that the LAB host can access the DMZ3 host without accessing the internet.
View 3 Replies View RelatedI have been having this problem for about a month now. We are using a PIX 515E as our VPN device. This has been in place for years but last month something must have changed that won't allow me to access the network from a VPN connection.I can login to the VPN from a remote location, however I cannot ping anything on the local network or access any devices. Our local network IP scheme is 10.6.x.x. The IP address given from the PIX for a VPN session is the in the 10.6.5.x range. Our subnet is 255.255.0.0. I haven't worked with a VPN or PIX before.
View 8 Replies View RelatedI have setup a few Vpn clients but no ones able to access the inside network.The clients all get a Ip address from the pool and DNS servers Ip's. But cannot ping or connect to there pc's. I'm thining its somewhere in the ACL.
View 2 Replies View RelatedI have an ASA 5510 which works great except I'm unable to connect to the remote access VPN from inside the network (behind the ASA). Is there a special NAT exemption required? [code]
View 6 Replies View RelatedI'm just new with ASA. I'm just self-studying on it. I was tasked to have an ACL that will allow inside hosts to access a specific network. Is there a way on how to know all the inside hosts on the behind ASA so that I can do a "object-group network" on those inside hosts which I think it will look neat.
View 1 Replies View RelatedI am working on pix 525, when connected through console I can access the whole internet but when i connect the pc to the inside interface i have no access to the internet. the pc can ping the pix inside interface and from pix i can ping the pc. My configuration is shown below.
PIX Version 7.2(2)
!
hostname pix
domain-name xyz.edu.pk
enable password xxxxxxxx encrypted
[code]....
I'm using a Cisco 1941 router with two WAN interfaces. One is directry connected to our ISP and one is connected to another router wich is then connected to another ISP. Hosts on the LAN cannot access the Internet at all but the router has Internet access, im guessing its something simple but i cant seem to spot the error, i have removed the ZBF configuration from the interfaces. [code]
View 3 Replies View RelatedI have an issue accessing the inside network of my church from VPN. This only happens when I connect from my home network. I have no problem accessing inside network of my church if I'm connected from else where (my Clear Hotspot or someone else's house). Here is the hardware detail:
At the church, we are using Cisco ASA 5510 and we have so many VPN tunnels to different churches. At home, I 'm using Cisco ASA 5505. See that attached configuration for my home ASA5505.
I'm trying to make a very plain and simple network with the ASA 5505, I've strated from scratch over a dozen times triyng to find where I'm going wrong. My main goal is to simply create an IPSec VPN connection to my ASA 5505 and simply ping and connect to devices with the "inside network", so far I can easily create and establish a IPSec VPN Connection, but up to this point, I cannot successfully ping or access a single device on the ASA 5505 inside network.I've taken, create the IPSec profile with the ASDM wizard, add exemption for the VPN IP Pool, add access-list from this Cisco link, url...All this and I can't make a single connection to the inside network. [code]
View 7 Replies View RelatedI am facing a problem with Cisco ASA remote access VPN, the remote client is connected to VPN and receiving IP address but the client is not able to ping or telnet any internal network.I have attached running configuration for your reference.
-FW : ASA5510
-Version : 8.0
Site to Site VPN is working without any issues
configure my Cisco ASA5510 (asa version 8.3.1) so that one of the host (e.g.192.168.8.20) behind management interface can ping to the other host (e.g. 192.168.2.246) behind OUTSIDEinterface. I tried modifying the ACLs, NATs and ICMP statement, but still failed[CODE]
View 19 Replies View RelatedWe have ASA 5550, I have a portal server in the dmz which is natted statically to a public ip address for port 443. The application works fine from outside world. The server is also nated with a dynamic nat from inside to dmz and when I hit on the dmz ip from my inside it works fine.
The requirement for us is that the users sitting behind the inside (i.e. LAN) should access the server on the public ip address and not thru the dmz.
I have a Cisco 881 and I want to use Easy VPN.
-VLAN 1: 192.168.4.0
-WAN: 10.0.0.0
-VPN: 192.168.8.0
VPN connects and I get an IP of 192.168.8.100 from my pool. I can ping my cisco at VLAN1 (192.168.4.1), but I cannot access my local resources. I guess I miss a NAT configuration.
I've set up a VPN using a fortigate 50b wifi and forticlient ipsec VPN. when I log into my office from home, I cant see anything on my network at all. I can however remote desktop into other PC's and can access stuff that way. I was under the assumption that ... one a VPN connection is made in the LAN you should be able to see other pcs and servers in the workgroup. Is this not the case or do i need to configure something?
View 2 Replies View RelatedI have two inside interfaces (both security level 100) inside and inside110. Inside is 192.168.105.3/24 and inside110 is 192.168.110.3/24. I have a PC on the 192.168.105.0/24 network. I cannot ping the 192.168.110.3 IP of interface inside110.
View 2 Replies View RelatedI am struggling to get successfull pings beween asa and inside hosts but couldn't succeed. Done packet tracer result is acl-drop
Here is the running config
Prem-ASA(config)# sh run
: Saved
:
[Code].....
I cannot seem to determine exacly why I am not able to ping from the inside to outside using the standard 100/0 security levels respectively. I am dynamic natting the inside to the outside interface, something I don't usually do but cannot see why ICMP's are not passing through.
The Packet trace tool says there is something in the ACL but there really isn't.
Is there simply an issue of Natting to the WAN interface on a 5510?