Cisco VPN :: VPN Configuration On ASA5505

Aug 22, 2012

Our client has a vendor who needs to establish a VPN tunnel to their own router which sits behind our Firewall.
 
VPN Concentrator (Vendor) <------> ASA5505 Client (7.2) <-------> 3750 Switch <-------> VPN ASA outside Interface - 208.64.1x.x4 DG - 208.64.1x.x3
ASA Inside Interface - 172.20.58.13/30
3750 Switch Interface Connected to ASA - 172.20.58.14/30 and DG - 172.20.58.13
3750 Switch Interface connected to VPN router - 172.20.58.21
VPN Router Interface connected to the 3750 - 172.20.58.22/30 DG - 172.20.58.21

I have also attached a Visio for this and the running configuration from the ASA and 3750. We don't have access to the TNS VPN router. Our responsibility is to just to make sure the tunnel comes up.
 
1) Create a static NAT on the ASA for Public to Private IP of the VPN router
 
Public - 208.64.1x.x5 / 28
Private - 172.20.58.21 / 30
 
Will the ASA automatically ARP for this address or do i have to configure another interface on the ASA with this public IP?
 
2) What would the access list look like on the ASA?
 
3) The client gave us some config to copy the stuff on the ASA so that they can create the tunnel but i couldn't put those commands in the ASA. How would this be applied and on what interface?
 
Firewall Access: The following information pertains to access between the VPN router and the
VPN concentrator. If a firewall/router is present in front of the VPN the following services need to be
allowed:
 
permit esp host 208.224.x.x any
permit gre host 208.224.x.x any
permit udp host 208.224.x.x any eq isakmp
permit udp host 208.224.x.x any eq non500-isakmp(code )

View 2 Replies


ADVERTISEMENT

Cisco :: How To Set Configuration On Asa5505

Jul 20, 2012

i have the asa5505 with asa8.4.5 and asdm 6.4.2. my asa work like site to site vpn with the other asa5505. i would be love that monitoring status of VPN. i enabled on asa logging, i puted address of smtp server, receipent email, source email, the problem is because my smtp server require authentication, TLS. how set configuration on asa5505?
configuration of logging for send notification on email.

View 3 Replies View Related

Cisco VPN :: ASA5505 Configuration Not Working

Mar 8, 2011

I would like to configure a cisco ASA5505 IPSEC VPN. I used the wizard and tried to connect to the outside .. does not work .. The network is configured in this manner: - ADSL router with public address and internal address 192.168.2.1 -> firewall interface inside and outside 192.168.2.2 192.168.3.1 (my network is 192.168.3.0). I used a VPN to the pools ranging from 192.168.4.1 to 192.168.4.100.
 
INTERNET ----- ROUTER ------ ASA5505 -------LAN
What should I change? there could be problems between the router and firewall?

View 6 Replies View Related

Cisco Switching/Routing :: No Configuration On Asa5505

Mar 17, 2012

i have the asa5505. the configuration of asa 5505 is:
 
: Saved

Code...

i analyzed this traffic i see problem with the nat- Asymmetric NAT rules matched for forward and reverse flows. where i made error?

View 0 Replies View Related

Cisco Security :: Changing ASA5505 Configuration To Use Different ISP

Mar 22, 2012

We have had an ASA5505 for close to two years. About a year ago, we added a second ISP ("BOB") which became our primary and our old one (SBC) became our backup. I successfully modified the config for this and it's been working well.
 
Now we're changing our primary ISP to Comcast and getting rid of BOB, so right now we actually have 3 ISPs coming into our building.
 
I removed the BOB interface and routes, then added an interface for Comcast using an IP address from the range they provided as well as a static route to the gateway they provided - everything is analagous to the previous interfaces and routes, but it doesn't work. If I physically disconnect the Ethernet cable going to the Comcast cable modem, then the ASA does fail back to the SBC interface as expected. If I put the BOB interface & route back in there, it works again through BOB.
 
If I connect a PC to the Comcast cable modem and use an IP/Gateway they provided, the Internet connection *does* work. Using this same exact IP info in the ASA doesn't work.
 
Is there some other configuration item besides interfaces and static routes that I should be modifying? Is there some way I can dig deeper into the ASA to see exactly what is failing?

View 2 Replies View Related

Cisco Firewall :: Object To Twice NAT Configuration ASA5505 8.4?

Dec 18, 2011

We have an ASA5505 that we need to enable hairpinning on.... In the old firmware versions, we used to be able to configure a public to private static mapping along with hairpinning by using
 
static (inside,outside) outside_ip inside_ip netmask 255.255.255.255
static (inside,inside) outside_ip inside_ip netmask 255.255.255.255
 
In 8.4, if I use object nat, the hairpin functionality works perfectly,
 
object network obj-insideip
  nat (inside,inside) static publicip
 
however, since object nat only allows a single nat statement, I was attempting to use a twice nat to enable the hairpin functionality, but have been unsuccessful in coming up with the right combination of parameters for the functionality.
 
nat (inside,inside) source static private_object public_object destination static public_object private_object
 
allows hairpinning to successully work from the same machine.  Meaning on any given host, I can ping itself using the private or public ip, but I can't get the right combination for hairpinning from any private host to another private host via the public ip.  Other combinations have yielded icmp responses, however, they specify the private IP as the source of the reply instead of the public ip.

View 1 Replies View Related

Cisco WAN :: ASA5505 Basic Configuration / No Internet Pass-through At All

Apr 8, 2012

I teach in a High School and we've got about a 300 node MS Windows Network.  Two MS2003 File Servers act as my DNS/WINS/DHCP servers. We have been using a WATCHGUARD FIREBOX III to act as the router/gateway between the outside external address and my internal (10.0.0.1) gateway address. All p.c's inside the network are routed to one of the Servers (10.0.0.2 or 10.0.0.4) for DNS/WINS/DHCP addressing.  The servers point to 10.0.0.1 for gateway.

We are trying to replace the Watchguard Firebox with a CISCO ASA 5505 (eventually we'd like to implement VPN).   When I connect the  CISCO ASA, I get no internet passthrough at all. 

View 1 Replies View Related

Cisco Firewall :: Best Practice For Log Configuration And Backup In ASA5505

Feb 20, 2011

I like to take log backup in ASA.. and i like to check whether any attack pattern is there?? how could i do this...?Also how could i do a best practise for this?

View 12 Replies View Related

Cisco VPN :: ASA5505 - Bad Cryptochecksum Ignored And Setting Default Startup Configuration

Jan 9, 2012

There are two issues which are testing my resolve.
 
1) Bad Cryptochecksum Ignored error
2) Unable to boot to a save startup-config file.
 
I want to take the configuration from one ASA 5505 and move it to another ASA 5505. I copied the startup-config file from an ASA 5505 running asa821-k8.bin to an ASA running 8.222-k8 to flash using tftp. I set the boot config parameter on the new asa to flash:/startup-config which is the location of the startup file. If I use copy run start command, I over write the startup file. When I copy the startup configuration to the running configuration I get a Bad Cryptochecksum Ignored error and the startup file does not copy over to the running file. How can I resolve this issue?

View 1 Replies View Related

Cisco Firewall :: ASA5505 DMZ Configuration Versus Linksys E4200 DMZ

May 11, 2013

I am using a Cisco E4200 router today but I am moving to a ASA5505.   I have a device that sets up a VPN tunnel that I want to put in my DMZ.   It's called the ATT Gateway.  I have attached the diagram.   When I use a Cisco E4200 all I do is put the outside private ip address of 192.168.0.99 of the ATT Gateway into the DMZ of the E4200 and the VPN tunnel of the ATT Gateway comes right up. I cannot configure the DMZ to do the same with the ASA.   I also need to have the laptop behind the gateway access the printers in the inside network. 

View 15 Replies View Related

Cisco Firewall :: Trunk Configuration Between ASA5505 And 3750 Switch

Sep 28, 2011

I am trying to configure a trunk between the above two devices. I like to have vlan11 on ASA. Then I like to connect a host to my switch, and have it communicate with other devices in VLAN 11 or other vlans that reside on the ASA. Below is the config that I currently have.

ASA:
ciscoasa# show run interface Ethernet0/1
!
interface Ethernet0/1

[Code].....

View 5 Replies View Related

Cisco WAN :: ASA5505 - Seeking Failover To WWAN Configuration Specifics?

Oct 17, 2011

Client has an ASA5505 anchoring an MPLS network. One of their branch offices is experiencing frequent circuit outages due to theft of copper lines. I am looking at an 881G with wireless aircard as a backup solution and creating a VPN tunnel to the ASA but am unsure about how to handle routing on the ASA. There will already be a route for the branch subnet for the MPLS network.

View 2 Replies View Related

Cisco Firewall :: Restore Configuration To New ASA5505 On Different ASDM Version

May 27, 2013

so we have been using our current ASA5505 for a long time. Since it only support up to 10 VPN licenses, so we buy a new ASA5505-SEC-BUN-K9(support up to 25 users).
 
the old ASA are running: 8.0.3 and ASDM 6.0.3
the new ASA are running: 8.2.5 and ASDM 6.4.5
 
I thought it would be simple as export and import the config file, but when i tried to restore, the new one is looking for a zip file but the old one doesn;t backup file in ZIP. It  looks like i need to update the ASA version or/and ASDM?
 
I am pretty new to this and never upgrade any of these versions since I am aware of the upgrade may mess things up. So do I need to upgrade both the ASA version and the ASDM in order to restore my config?  any effect if i do the upgrade? I also read some articles, we need to upgrade on the version one by one, like 8.0 to 8.1 then 8.2?

View 4 Replies View Related

Cisco Firewall :: Possible To Convert Pix 501 Configuration Running Version 6.3(5) To New ASA5505

Jan 9, 2012

I am wondering if it's possible to convert a Pix 501 configuration running version 6.3(5) to a new ASA5505 which we just purchased? We have site to site VPN on this device and i am just trying to save some time. I believe Cisco TAC might have a tool to do this but i am not sure.

View 4 Replies View Related

Cisco Firewall :: ASA5505 - Configuration To Allow Inbound / Outbound Mail Communications

Dec 26, 2011

I’m trying to configure my ASA 5505, in order to allow my inbound and outbound mail communications. Here with this mail I’ve attached a diagram which illustrates my exact network setup along with ip addresses.

In this setup I’ve enabled port forwarding on my ADSL router (port 25 and 110) and configured the ASA accordingly, and my mail server is located inside my network.

My problem is currently I can send mails from my inside network to outside but my not receiving any mails which originate from outside. I’ve attached my current ASA configuration as well,

C:UsersSuthakarDocumentsOffice_DocsThakralABC Computers

Final config on ASA5505

host name Cisco
enable password 8Ry2YjIyt7RRXU24 encrypted
password 2KFQnbNIdI.2KYOU encrypted
names
!interface Vlan1
nameif inside
security-level 100
ip address 192.168.155.201 255.255.255.0
[Code] ......

View 3 Replies View Related

Cisco VPN :: ASA5505 Add Site-to-site Tunnel On Top Of Existing Configuration

May 3, 2011

i have one asa 5505 that have classic remote access vpn set-up and now i need to add site-to-site tunnel on top of the existing configuration. Is that possible with asa 5505 and do i need some special IOS bundle for that? May i use vpn wizard for that or do i need to go through cli since remote access vpn is setup using wizard.

View 2 Replies View Related

Cisco Firewall :: ASA5505 Lose Configuration If Upgrade Firewall

May 17, 2011

i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.

View 2 Replies View Related

Cisco Switching/Routing :: 6509 Convert CatOS Configuration To Native IOS Configuration

Jul 17, 2012

I am position to migrate from CatOS 6509 switch to native IOS 6509 switch. long time ago, there was some site to convert automatically based on copy and paste onto the tool, but i can not find.
 
Does anybody know how to convert CatOS configuration to Native IOS configuration ? It is not IOS change, but it is configuration convert.

View 1 Replies View Related

D-Link DIR-655 :: Does Auto Configuration Overrides Manual Configuration

Dec 14, 2012

I have webcams that need port 8081 opened and I did that, everything worked fine until my DIR655 jammed up and power cycling it and the modem 3-4 times DID not make it work: no internet access and it was definitely a DIR655 problem.  So, out with the paperclip to do the big reset, causing me to lose my configuration.  When "most" of it came back up with my new config (I had screen prints), all was okay EXCEPT the webcams.  Addresses and ports were all configured properly, address was fixed too on the client computer rather than use DHCP.  I had a DNS relocation service running (DYNDNS) for the WAN side, but that address (My IP) didn't change either.  I tried EVERYTHING.  Finally, I realized in all my screwing around that I had enabled UPnP in my application, something I hadn't done before, but did this time as a desperation move.  UPnP had always been checked off in the router.  So.....I REMOVED my port forwarding and virtual server settings (either one worked before), and voila, everything working, Is this a normal occurrence, that if you have UPnP running, that this auto configuration overrides any manual configuration?

View 2 Replies View Related

Cisco WAN :: Migrating From A PIX 501 To ASA5505

Jan 22, 2011

We are pulled the plug on our PIX 501 as its not letting us use all 100Mbit that our cable provider is now piping to us. I read the conversion guide but it made no mention of the 501's. Only the 515's or newer.The ASA5505 is putting up a little bit of a fight (This what I get for failing my CCNA??)After refusing to configure the LAN ip address to something other than what it was shipped with, I broke down and connected to the management console and forced an IP address on the LAN side. Now I reset my default config and everyone can get on the internet.Until the ISP cuts you off because you forgot to set your static IP. Oh, and by the way, they dont support Cisco gear.
 
When I attempt to assign the IP to the outside interface, it accepts without a hitch, but everything grinds to a halt. I cannot have this, as I have off-site users that operate with dedicated ports using Remote Desktop.  I've attempted to set the IP via both ASDM and management console. I've tried setting a static route, but that doesnt give me any love either. Im running ASA Version 8.2(1) and ASDM Version 6.2(1)Once I get the static IP set and working properly, I can tackle moving the port configs.

View 10 Replies View Related

Cisco VPN :: Two IPSec VPN On ASA5505?

Jun 17, 2012

Can I have two IPSec tunnels over two different Internet links to two different destination?

View 1 Replies View Related

Cisco VPN :: ASA5505 Can Ping From Asa But Not From VPN

Jan 19, 2012

am not sure if it is different on the 8.2 or if I am missing something. I can connect to the vpn but cannot get to the inside computers. I can ping them from the ASA but not from the vpn client.

View 17 Replies View Related

Cisco WAN :: ASA5505 - SSL VPN Not Working

Jun 16, 2011

I have ASA 5505 with outside interface IP 206.206.206.5 I configured the SSL vpn on this but still i am getting page can not be displaed when opening https://206.206.206.5 from broadband.

Below is the related configuration in ASA. What needs to be done in order to able to connect SSL vpn.
 
group-policy GroupPolicy1 internalgroup-policy GroupPolicy1 attributesvpn-tunnel-protocol IPSec l2tp-ipsecwebvpn  functions url-entry file-access file-entry file-browsing
tunnel-group DefaultWEBVPNGroup general-attributesdefault-group-policy GroupPolicy1tunnel-group DefaultWEBVPNGroup webvpn-attributesnbns-server 10.10.10.11 timeout 2 retry 2
policy-map type inspect http Http_inspect_policyparameters  protocol-violation action drop-connectionclass BlockDomainClass  resetpolicy-map global-policyclass global-class  inspect dns  inspect esmtp  inspect ftp  inspect netbios  inspect rsh  inspect rtsp  inspect snmp  inspect sqlnet  inspect tftp  inspect xdmcp  inspect icmppolicy-map inside-policyclass HTTPTrafic  inspect http Http_inspect_policy!service-policy global-policy global
webvpnenable outsideurl-list nuk001 "abc002" cifs://10.10.10.1 1

View 2 Replies View Related

Cisco VPN :: ASA5505 DMZ To LAN Access?

Jun 26, 2012

We have multiple servers on the DMZ (192.168.2.0/24) but they cannot access any resources in the Inside, by default. We would like to open up a Syslog server from the Inside (10.1.1.5) to the DMZ servers, so we can collect system log from the servers.

View 2 Replies View Related

Cisco VPN :: ASA5505 - Dual ISP And VPN

Nov 17, 2011

I have an ASA 5505 with the Security License running 8.4 and 6.4.5 software, I have a fully working VPN solution on there using a ISP IP - works fine. My boss wants to split the lines/bandwidth to another ISP we have coming into the office. So what I want to acheieve if possible is this Say my current isp is 5.5.5.5, my internal network is 192.168.2.x and my other ISP is 6.6.6.6 - is it possible to use the ASA to accept VPN clients from both ISP's and use the internal network?

View 2 Replies View Related

Cisco VPN :: VOIP QoS Over L2L VPN On ASA5505

Jan 17, 2012

I have 4 remote sites that are using a ASA as thir firewall / router. I'm setting up a full mesh VPN between all the sites. One of the sites have a UC500 and the other sites access that UC over the VPN tunnels. I would like to set up some basic QoS for the VOIP traffic
 
The site that has the UC will have multiple vpn tunnles coming in from the remote sites. How will I do QoS with voice traffic on that site?

View 11 Replies View Related

Cisco VPN :: 800 VPN Config To New ASA5505

Jul 8, 2012

I have 2 office buildings using Cisco 800 series routers with a L2L VPN between both.  I'm upgrading the router to an ASA5505 at one of the offices but can't figure out the L2L VPN on the ASA.  Specifically, can't figure out how to set the pre-shared key.  On the Cisco 800 it's:That doesn't seem to work on the ASA.  Here is my current config on the Cisco 800. [code]

View 9 Replies View Related

Cisco VPN :: Create Another S2S VPN In Same ASA5505?

Jun 17, 2011

I need to create second VPN in same ASA5505, it has already a VPN to one of our clients. So it alredy have a transformset,cryptomap,policy.Now i need to create new one. i like to create a seperate transformset and crypto map for this 2nd VPN with a new name to identfy very easily.But i have doubt like may it will affect the current VPN? because it has another VPN with another  tranformset and cryptomap.......
 
1) will it affect the current VPN?
 
2) do i need to create a seperate tranformset and cryptomap? or with same tranformset and cryptomap with different number.....if it possible to create multiple cryptomap then i would like that to create.....

View 2 Replies View Related

Cisco Infrastructure :: ASA5505-SEC-PL PAK Available To Be Used

Sep 25, 2012

My company purchased a PAK for ASA5505-SEC-PL a while back. I found it unopened and need to know if it can be used, without activating it on an ASA. I opened up a case with the Cisco TAC, provided them the PAK serial number and got the following responses from 2 different individuals:
 
1.Since the product was covered under warranty and then expired this means that the activation key was used before.
 
2. This PAK number is expired since (Warranty End Date 21-Feb-2009).
 
I responded that I am not interested in warranty information but I just want to know if the PAK can be used. Just because the warranty expired, does that REALLY mean the PAK can no longer be used? That doesnt make sense to me. Isn't there a tool on Cisco's website to put in the PAK S/N to see if it is available, has been used, and if so, when?

View 2 Replies View Related

Cisco VPN :: Two ASA5505 VPN Over Intenet

Aug 6, 2012

I have 2 x ASA 5505's , I would like one to sit at my office behind an ADSL router with a static IP address, and be configured as a Server. I would like the other to connect to an ADSL router with a dynamic IP address, and be configured as a Client.
 
This must be a plug & play setup, so that when the 5505 client is plugged into ANY broadband router, it automatically creates a VPN tunnel to the 5505 server. Incase it's relevant... the purpose of this link will be to stream video data back to my office from remote locations. We have "played" around with the ASDM, EasyVPN and wizzards and still cannot get this to work!

View 3 Replies View Related

Cisco :: Migration From Asa5505 To Asa5510?

Jul 3, 2012

i exported config file from asa5505. i changed this file and i imported in my asa5510. can you tell me that config file allright

View 1 Replies View Related

Cisco VPN :: ASA5505 QoS Policy On VPN Tunnels

Dec 14, 2011

I set up a full mesh LAN-to-LAN VPN for a client with 4 sites.  Each site has an ASA 5505 running 8.2(5).   Site-to-site VoIP traffic runs in the VPN tunnels, as well as traffic to/from a file-server located at the main site.  There are two back-up servers, one at the main site and one at a remote site.  The main site has 2 bonded T1s and the other three sites have a single T1. How should I go about setting up my QoS? 
 
My top requirement is that VoIP traffic will never be pushed out of the way for data traffic.  My secondary consideration is to give more preference to file-server traffic than to web traffic and to make back-up traffic the least important.  I'm currently researching to see if the VoIP provider is DSCP marking EF on the VoIP traffic, but I am going to assume they are for now.  I know the IP of the file-server and back-up servers.

View 3 Replies View Related

Cisco VPN :: ASA5505 - Lan-to-LAN Tunnel As A Bridge?

Nov 10, 2011

I have two ASA 5505 on two different locations(main office and remote office) and I need the remote office to be in the same subnet as the main office since they move computers betweend the offices and they have fixed IP addresses on those computers and they have no right to cahnge to dhcp mode when they move to remore office. Is it possible to create like a bridge over the VPN tunnel so it extens the LAN ?

View 18 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved