You have a Cisco ASA 5520 where clients connect using Cisco Anyconnect SSL VPN, say the URL is connect.whatever.org. You would like for when a user enters either [URL] or just connect.whatever.org into their web browser that it automatically puts the required url...
View 1 RepliesWe currently have an ASA 5520 communicating with 10 ASA 5510's, all on static outside addresses. I was asked to add 5 additional 5510's on dynamic address. All worked well in testing until it was decided that some of the dynamic clients needed to talk to each other.
My testing shows packets just dying in the 5520.
Right now, in my network there is no proxy server and all users go straight through the ASA to access internet. I would like to put a squid with dansguardian (for web filtering). Steps in getting all http and https traffic from ASA go via my squid?
View 18 Replies View RelatedI am desperate to make some kind of translation which convert an outside IP Address of our web server to its inside ip address so that requests can be routed internally to the server.
This is what we have: A wireless network with an SSID to serve visitors. We also have an in-house web server which can be accessed internally and externally. We have a ASA 5520 that protects the internal network, including the Web server, and also routes all traffic from the all visitors connected to the public SSID to the outside. The DHCP server for the wireless network for visitors is configured to give the 8.8.8.8 as dns server. The problem with that is that the www.ourwebserver.com is resolved by Google's dns server to the public IP Address of our web server! The traffic then is sent to the outside interface of the ASA 5520. The visitor who wants to access our web server cannot connect!
How can I configure the ASA to route that traffic to our web server with the public ip address to the inside ip address of the web server?
We are trying to manage our Cisco ASA 5520 (8.2.5) SSL clients through Active Directory(ldap).
Currently the SSL VPN tunnel is up and all users are able to connect being authenticated by AD. but Group-policy to AD groups are not working. all the domain users are able to go to all the group policies .
I need to give access only to their respective Group policy in ASA. Following are the available groups and GP.
Code...
I have setup an AnyConnect Connection Profile on my ASA 5520.
We have some remote support software which the helpdesk use to connect to PC's remotley and torubleshoot.
I cannot connect to this software using the assigned IP address of the client even though it works fine with our old Nortel VPN.
If I hit the IP address the packet gets all the way to the ASA and seems to disappear.
I have setup an IP v4 access list on the connection profile which allows any/any access b ut still no joy.
I am currently having some problems on our 5520 ASAs. The problem is the IPSec VPN clients not being able to connect. We have had an issue twice this week where this happened. Earlier in the week we had folks not able to sign in, but some folks who were connected already stayed connected. The ASAs had been up for 200+ days and no changes have been made to it recently. At that point I had to reload the ASAs so users could start signing back in to it. Today we had a similar issue, but I didn’t have to reload the ASAs. The issue‘resolved’ itself. The VPN clients are getting Error code: 433 and the ASAs are getting Reason: Peer Address Changed when this occurs.
ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz version 8.3.2.
I have an ASA 5520 8.2(3) and allowing my remote client-to-site-vpn clients to access resources directly connected to my ASA on separate lower security interfaces (not the outside) besides just clients on my internal networks. Someone mentioned to me configuring 'VPN on a stick' however from what I've read this seems to be only applicable when it comes to split-tunneling back out the outside interface (could be off on that). Is this possible on other lower security interfaces as well, and if so what would a mock config that accomplishes that look like (acl's, nat, etc)? Also, if I want internal users to be able to connect to these remote clients once they are active, are there any nat statements necessary (such as nonatting them) or are the vpn clients just seen as internal clients from the rest of the internal network's standpoint by default?
View 5 Replies View RelatedWe have asa 5520 with 8.4(2) release and asdm 6.4(5). When we create new ipsec connection profiles (by ipsec wizard for example), ASA reset all vpnclients sessions active. Now we need to create new profiles, but we have 170 vpnclients sessions active, so we cant'.
View 3 Replies View RelatedI have set up a remote access ipsec vpn on an asa 5520. I can connect, and ping internal ip addresses, however I cannot ping back out to the internet, nor can the internal network ping the vpn clients and dns resolution internal or external does not work. I am seeing nothing blocked in the logs on the asa.
View 3 Replies View Relatedafter upgrading an ASA 5520 to 8.4.2-8 VPN clients traffic is not passing destinations other then destinations behind the inside interface. the log shows routing failure for the vpn client on the inside interface.it was working fine with 8.4.1 but the traffic is originated from the outside interface. confirm the the interface for VPN clients changed from outside to the inside interface.
View 5 Replies View Relatedit is possible to create a Windows Active Directory group of users which I can use to permit access through the ASA (5520) firewall? I only can find vpn authentication with Radius but nog specific information about granting AD groups internet access via the ASA.
View 1 Replies View Relatedit is possible to create a Windows Active Directory group of users which I can use to permit access through the ASA (5520) firewall? I only can find vpn authentication with Radius but nog specific information about granting AD groups internet access via the ASA.
View 1 Replies View RelatedI'm working with AnyConnect for the first time (my prior experience is with IPSec client) and I have multiple remote users who connect to a 5520 via AnyConnect client; they need to print to each others' shared printers but currently have no connectivity between each other.
Can I configure the 'intra-interface' command to enable connectivity between remote clients, or is there more that needs to be done to enable this, presuming that it can be done at all?
I have a ASA5505 and it has a vpn set up. The VPN user connects using the Cisco VPN client. They can connect fine (the get an ip address from the ASA), but they can't ping the asa or any clients on the network. Here is the running config:
Result of the command: "show running-config"
: Saved
:
ASA Version 7.2(4)
!
hostname ASA
domain-name default.domain.invalid
[code].....
what I need to add to get the vpn client to be able to ping the router and clients?
I have 4 desktops cat5 to Dlink DIR 615 router. All work fine. Any wireless clients, laptop or netbooks, see the desktop computers for a while then disconnect somehow. All machines can see the Internet through the router at all times. The desktops disappear from the laptop/netbooks but the wireless machines can be seen from the desktop computers but clicking on them gets 'Access Denied' message after a wait.3 desktops = XP, 1 98SE. All laptop/netbooks = XP
View 2 Replies View RelatedI have a Netgear WNDR4500 running the stock firmware, acting as a router for my home. I also have 2 routers that are flashed with DD-WRT (Linksys WRT54G and Asus WL-520GU) running as client bridges. The Netgear is 192.168.1.1 and the other 2 client bridges are 192.168.1.2 and 192.168.10.3. The Netgear router is performing DHCP giving addresses from 192.168.10.100 to 192.168.10.254. I have numerous machines connected to the Netgear, wirelessly and wired, and numerous machines wired to each client bridge. All machines have IP addresses that are 192.168.10.100, 192.168.10.101, 192.168.10.102, etc... Everything is working fine, but I have one question: When I access the Netgear router, it shows the client bridges as clients, machines that are wired and wireless to the Netgear router are listed as clients, but the client list does not show any clients that are connected to the client bridges. I assumed that since the router is performing DHCP that all clients would show up.
View 2 Replies View Related I have a PIX 515 that i need to use as an ip redirector.For example if users try to access 80.80.80.80 ,they need to be redirected to 90.90.90.90 show ver,
Hardware: PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0: Ext: Ethernet0 : address is 000b.5fad.0c99, irq 10
1: Ext: Ethernet1 : address is 000b.5fad.0c9a, irq 11
[code]....
This platform has an Unrestricted (UR) license.
ip redirect or forwarding. I have a web server with public IP as B.B.B.B, and I have another server with public IP as A.A.A.A.. My web site contents are with B.B.B.B, but I do not want to expose IP B.B.B.B. Users can visit my web site using A.A.A.A, and when they visit A.A.A.A, I would like to have A.A.A.A redirected to B.B.B.B behind scene. Both IP's are public, and stay different locations remotely.How to redirect IP A to B, so I can hide B?The machine with IP A.A.A.A is windows 2003 server standard.
View 5 Replies View RelatedIs it possible in Cisco 800 Router to redirect a website request coming from a user to an IP address?
View 3 Replies View RelatedI want to make it so if a user tries to use a different DNS server the request will be redirected to the one they should be using.I thought this might work but the ASA doesn't do PB routing
ip access-list extended transparent_dns
permit udp any any eq 53
route-map redirect_dns permit 10
match ip address transparent_dns
set ip next-hop ip.of.your.server
route-map redirect_dns permit 20
[code]....
The DNS server is windows 2003?Would policy based NAT or WCCP work for this? If so how would I go about it?
How do I redirect the visits to a specific homepage (web site) to access a "sub" page in the same domain? Is it possible to use the Hosts file to do this? I want redirect visits to [URL]
View 5 Replies View RelatedWhat the most cost and time effective way to have an ip request return with another ip address from outside the WAN of the router.Specifically want to have an application request for example 192.168.1.121 and have 173.194.43.41 respond and communicate with the application instead. To make it a bit more interesting I'd like actually to set a table or config file to point to a domain name (url) which gets resolved as an ip address. (Port independent)To get a better understanding:one example might be typing in 192.168.1.121 in a browser and googles search engine comes up on the browser.another example might be typing in 192.168.1.121 in an ftp client and it hooks to an ftp server on the other side of the world which resolves to [URL]. I was looking at openwrt and tomato a little but I don't think I have such a complete grasp on how to do it in general. Being that it seems they are 2 different layers of the network model, I was told it can't be done but I don't know if I can believe that yet. Either by third party software or reprogramming the router or adding another device to the network.
View 3 Replies View RelatedI currently have CenturyLink (Qwest) DSL (12Mbps/896Kbps) and Comcast Cable (12Mbps/2Mbps) going into a Cisco RV08. I redirected all DNS traffic to the DSL line as an experiment with no decrease in web browsing speed. e are rural and speeds fluctuate considerably during the day. It seems like it's more of a response issue than a bandwidth issue. I would like to order a 2Mbps dedicated line from Comcast to use for DNS and VOIP traffic only, the DNS resolution times should be faster on that connection. There would be several tenants in this building using it for that purpose. The secondary purpose of this line would be for backup internet connectivity
View 1 Replies View RelatedI wonder if is posible to have (again) the usual redirect after log in. On DIR-635, DIR-855 after log in you get redirect to the STATUS if WAN connection si functional, else you get SETUP. Now, on DIR-825 even if WAN is active/functional the redirect is to SETUP page.
View 7 Replies View RelatedIt's been awhile since work has thrown me a curve ball so I was about due. We've got a client that wants us to log into their secure portal, this is normally not a issue. The link they sent us to their 'portal' apparently takes us to the wrong page. Their solution to this is for us to create a DNS entry to resolve that URL to a specific IP address. We don't currently have a DNS server setup in house so I assumed this would be something done on the Sonicwall.
I asked them why I couldn't just go to the IP address instead of the URL anyway and they said it wouldn't work. Is this something that I can maybe create a NAT Policy for and have it redirect traffic to there? I know the SonicWall has a DNS tab but I've never touched it and I'm not sure what I would need to put in there anyway.
Is it possible to redirect all web traffic to a Symantec web filtering address on a particular listening port. I had a look at the Srp527w Router and can't find where this could be done.
View 1 Replies View RelatedI have a problem configuring URL redirect on ACE 30 (Version A4(1.0)).When a user enters IP address or a name of a service [URL], the ACE module should redirect him to the page [URL]. Here is my non-working config:
access-list OUTSIDE line 8 extended permit tcp any any eq https access-list OUTSIDE line 16 extended permit tcp any any eq www access-list OUTSIDE line 24 extended permit icmp any any
probe http Test_HTTP_1 port 80 interval 60 passdetect interval 30 passdetect count 2 request method head url /index.html expect status 200 200 open 1
rserver redirect URL_Redirect_01 webhost-redirection [URL] 302 inservicerserver host S1 ip address 10.0.0.2
inservicerserver host S2 ip address 10.0.0.3
[code]....
it works, ACE load balances to rservers. Of course, user must enter full url.With redirection configured, user recieves HTTP url redirect message with correct address [URL], but his browser does not display the page. Even directly entered full url does not display it while redirection is configured.Alternatively, does ACE30 already support url rewrite?
We have a WLC 2504, since a few months, it was working fine, we have a guest Wlan configure with web authentication and the DHCP scope for this in the WLC. The problem today is that its no redirecting the web browser to 1.1.1.1, we try it with 3 laptops and they recieve a correct IP from the DHCP but still can not get redirect to the web authentication portal. Have the default configuration Internal (Default).
In laptops we check the firewall, dont have a proxy activate and have google DNS.. 4.2.2.2 8.8.8.8. In fact this laptops connected to this ssid before.
I have a application where I have to redirect a specific URL to another. The point is that the primary URL, have some information that I want to preserv after redirection, for example: url...
The default CSS11501 behavior is to redirect the primary URL to http://xyz.com. Just that.
i have ACE 4710 appliance that terminate SSL and the connection to the servers is http.
The ACE (one Armed) is load balancing between two web servers and i am using stickness in order to take the connection on the same server based on cookie.I can access the website either by http or https., where on the web page there is a login credential to access using username and password.
When i access the website using https everything works fine and i can login to my account in https mode.When i access the website through http and login to my account the URL is redirected to https...normal because i am using action-list to rewrite the http into https. But when i exit the browser and access the website again using http it is not redirected to https(although i see that i am still login into my account i can see all the inforamtion in my account).
The customer wants the connection to be https even when i exit the browser and access the website again (within short time before the cookie exipres)
I upgraded the firmware on my wap121 and the URL redirect option is now gone. The docs all talk about using Captive portal but that is only on a wap321. How can I get the redirect back so customers who connect to my network see the site for our bar before they go on the internet?
I upgraded from the 1.0.0.3 to the latest (1.0.2.3)
We have W2K3 domain with Catalyst 4507 routers.Client (laptop, tablet etc) needs to redirect web traffic (port 80) to a proxy server that listens on port 8080.
Before you ask, this cannot be done using a PAC file distributed via Group Policy or the like because these devices are not controlled by us. These devices are client owned and could be non-Microsoft OS and/or non-IE browser. The theory is to have a WiFi network where clients can bring whatever they like - iPad, Android, Windows, whatever it may be but we do not control them and therefore cannot send a PAC file to it. In the case on Android it does not have a proxy setting even if we could force something.
I've looked at Policy Based Routing which appears to do half the job. I can route a web request that is on port 80 to a new location ie our proxy server. But the problem is that it arrives on the same port 80 when the proxy server only listens on port 8080.