Cisco VPN :: Unable To Use ASA 5505 With VPN And SMTP?
Jul 25, 2011
This is my first post in CSC. I have two issues with ASA 5505. I have configured ASA to use Easy vpn (ASA as RA server). Users are able to connect to vpn with out any issue and there is no diconnections with VPN. But when the users are trying to RDP to server it connects and disconnect as soon as login. some time it connect for 2 mins then it fades out for some time then it reconnects again. I guess I have give correct access-lists. Please find the Running configuration in the below.
2). we have a Email server in DMZ zone and it users are able to connect to the email server and they can see the emails. But when they try to send any emails it just stuck in the email server queue and does not deliver to the destination.
ASA Version 7.2(3)
!
!
interface Vlan1
nameif inside
security-level 100
ip address intinside 255.255.255.0
i cannot send emails to outside, i have an access rule on interface inside permit source: inside destination: any servic: tcp/smtp and when i make paket tracer it shows me that the packet is dropped but i cant see through which rule!!
We are using several Cisco ASA 5505 with the 8.05 OS on it. The problem is that the SMTP traffic of my ISP(Telenet) isn't passtrough the ASA, I'm using outlook 2010. Before there was also a problem with our local exchange server but I solved this by disabling ESMTP checking in the policies, but it didn't worked for my local ISP.
Just doing some basic testing before we replace our ancient PIX 515E with a new 5512. I have a mini lab set up following the diagram below, although I am unable to telnet through to the mail server's netcat listener on port 25 TCP. I can ping all the way outbound from 192.168.101.1 to 10.0.0.2, and the 10.0.0.2 machine shows it is translated properly to 200.225.117.1.
NAT and access rules are as follows:
object network mail host 192.168.101.1 description Mail relay access-list inbound extended permit ip any host 200.225.117.1
[code]....
EDIT: Somehow the new global access rule is involved. When adding a permit any any in there I can get to the mail server no problem. When I remove it but leave in my permit ip any any on the outside interface, I am denied?
Does anyone has had a problem with connection an asa 5505 with att? I can't connect the vpn, the tunnel sometimes open but still cant ping anything. Only public ip's even im able to ping to my firewall ip.i tried pppoe and bridge on the modem. The same configuration works on cable DSL but cant get it work on att.
I already have an acl that allow any any inside and outside. To get the pings works and a lot of stuff on the internet i search. Seem to be that there's a lot of problems between asa 5505 and att.
I've been called upon to fix the SSL VPN issues in our ASA5505. The issue I am having is that I am able to log into the vpn, access the internet, but I'm unable to access anything on the LAN. I can't use ping or use DNS.
I'm using ASDM v. 6.2(1) and ASA verison 8.2(1). I'm not comfortable using the CLI and prefer the GUI.
I'm trying to get IPSec VPN working onto a new Cisco ASA5505. Pretty standard configuration.Setup:
* Cisco VPN client on Windows 7 (v5.0.07.0290 x64 on Laptop1 and v5.0.07.0440 x64 on Laptop2) * PPPoE/NAT and internal DHCP on the ASA were configured with the Startup Wizard in ASDM
NATting is working fine - internal PCs get an IP address in the 192.168.2.0/24 range and can all access the Internet.I wanted to be able to connect from anywhere to the ASA in order to reach one of the internal servers. Should be pretty basic.First I tried with the built-in ASDM IPSec Wizard, instructions found here.VPN clients can connect to the ASA, are connected (until they're manually disconnected), but cannot reach the internal network nor the Internet. Note VPN client can connect fine to a different VPN site (not administered by myself). [code]
Unfortunately I'm getting the same "AddRoute failed to add a route with metric of 0: code 160" error message.I'm very confused as this should be a pretty standard setup. I tried to follow the instructions on the Cisco site to the letter...The only "differences" in my setup are an internal network of 192.168.2.0 (with ASA IP address 192.168.2.254) and PPPoE with DHCP instead of no PPPoE at all.
I have an ASA 5505 which is unable to acces the internet, even when reloading just the basic config.If i setup my laptop with the outside ip or another ip in the subnet, it does work.
User A --- router A (122, fortigate 80c) --- (Site to Site VPN between fortigate & cisco asa) --- router B (93, cisco Asa 5505{in front asa got cisco800[81] before to internet} ) --- User B
After using wizard to configure the site to site VPN, the site-to-site tunnel is up.
Ping is unsuccessful from user A to user B
Ping is successful from user B to user A, data is accessable
After done the packet tracer from user A to user B,
Result : Flow-lookup Action : allow Info: Found no matching flow, creating a new flow Route-lookup Action : allow Info : 192.168.5.203 255.255.255.255 identity
I have a ASA 5505 that I have been using to test run the IPSec VPN connection after studying the different configs and running through the ASDM I keep getting the same issue that I can't receive any traffic.
The company LAN is on a 10.8.0.0 255.255.0.0 network, I have placed the VPN clients in 192.168.10.0 255.255.255.0 network, the 192 clients can't talk to the 10.8 network.
On the Cisco VPN client I can see lots of sent packets but none received.
I think it could be to do with the NAT but from the examples I have seen I believe it should work.
I have attached the complete running-config, as I could well have missed something.
FWBKH(config)# show running-config : Saved : ASA Version 8.2(2)
I have ASA 5505 and I save the configuration in the ASA 5505 using write memory or using copy run start but whe i unplug the power cord and plug it back in the ASA gets its factory default configuration.
I have config ASA 5505 and it is conencted to layer 3 switch that connects to cable Modem.
ASA is config with DHCP option and PC is able to get the IP from ASA. But from PC i am unable to access the internet. From ASA itself i am able to ping the Websites fine.
ASA has config with DHCP for inside and also it is doing NAT.
When i connect the ASA directly to Cable modem then pc is able to access the internet.
I have setup 5505 ASA for Testing purposes. It has static route to layer 3 switch on outside interface that goes to the internet.
ciscoasa# sh route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
I am trying to “build up” a small home-network and using some of following Cisco equipment’s
ASA 5505 v8.4.3 witch base licenseCisco Catalyst 3750G with ipservices version 15.0.xand 1 qty of AP1142N I am not able to get internet access from any VRF’s.
From "MILAN (LAN) VRF, I am able to ping my gw: 10.45.45.1 but I am not able to ping for example: “linknett VRF”.
It seems that i am missing some NAT rules on ASA or ?
If i connect my laptop directly to the ASA, i am able to get internet access!
I am not feeling comfortable with a new ASA 8.4 code yet, so im not so sure which exact code's i am missing on ASA ...
attached digram including configuration files from ASA and 3750 sw.
We have a cisco asa 5505 on which we have setup a group VPN. The VPN connections from all cisco vpn clients works fine except one. The keep getting the below error
"Secure VPN Connection terminated locally by the client. Reason 412: The remote peer is no longer responding. Connection Terminated".
Not sure why only one client won't be able to connect. The version we are using is 5.0.02 for VPN client.
I am unable to Telnet/SSH/RDP from my inside network to my DMZ. I am not sure where the problem lies, I am able to use VNC from the inside to the DMZ (ports 5800, 5900), and also establish connection on Ports (26700-26899). I have a computer connected directly to the DMZ and those services work to all networks on the DMZ.I have attached Logs of successful VNC connections, unsuccessful RDP and Telnet sessions, and the running config.
We have a VPN setup and here's the configuration on the Cisco ASA 5505: [code] The problem is that i'm able to ping the otherside of the tunnel i.e. 192.168.23.14 from the dmz IP 172.16.1.2 but i'm unable to ping from the hosts behind the ASA.Also the other side is able to ping 172.16.1.2 IP but no IP's behind the ASA.
I configured a new Asa 5505 with Ios 8.44-1-k8.bin and when I installed the Asa the client's after about 1 hour were unable to ping or map drives to the Asa. I got the following error,%ASA-2-106007: Deny inbound UDP from XXXX to XXXX due to DNS Query. I added the command same-security-traffic permit intra-interface they were then able to ping the server and connect to the Internet, but still unable to map drives i could see the connections from the Pc's to the server in a show conn with was tcp port 445 with Saa? I reverted back to Ios 8.25 and everything works.
When I have a computer directly connected to the Cable Modem I get 9.84MB Down and 1MB Up. When I put it behind the ASA 5505 with policing on the interface, I only get 4MB Down and 660Kb Down.What I'm wanting to do is setup this up to enable my VoIP to have a higher priority and shave 128kon both the Up/Down for the VoIP traffic. I also want to make sure I don't exceed the inbound and outbound thresholds.I''m using a 5505 Security Plus?
I have 2 subnets bought from my provider 194.102.98.128/27 and 194.102.98.160/27.
From my provider a have the following setup: IP Address: 86.120.151.66 Netmask: 255.255.255.128 Gateway: 86.120.151.1 DNS (1): 213.154.124.1 DNS (2): 193.231.252.1 My IPs are static routed by my provider thought 86.120.151.66 .
Everything works perfectly except when I try to sent an email. The email gets sent (eventually), but afert a long waiting time, 45-60 sec. The connection is opened instally to the server but then just hangs there for 40-50 sec. The problem is that a have an aplication on a server that has to send confirmation emails, and that aplication is limited to a 30 sec timeout for conecting to the mail server, much less then the 45-60 sec that I have now. The mail server is hosted by a data center, it is not in my networks (location).
I have tried deleting the ESMTP inspection, that doesn't work. Pinging my mail server rezults in a average time of 20 ms. And when a do a tracert the hight value in a hop doesn't usually pass 80 ms, the average is 20-25 ms.
The problem is ONLY when sending emails. Everything else works perfect, including receiving emails from the same server.
Remote LAN pool is configured as inside. Route is proper. I am able to open 443 port from the remote LAN pool on the ASA. That means, the port is open from the remote pool. No response if I try https on the browser.
I am working on a site that has recently added a new subnet and I am unable to ping any of the stations on this new network. I have configured an Exempt NAT rule just the same as the rules allowing access to other networks. I have a feeling the problem is in the Site-to-Site VPN configuration since the new subnet is at the primary location over the VPN.
In the site-to-site configuration I added the new subnet to the list of "Remote Networks" and I still can't communicate with any of the devices on the network. If I go to the main site I have no problems so it appears to be related to the VPN or a configuration in the ASA on that site.
A port scan shows that all the traffic is "filtered" so somewhere either the site ASA or the main ASA is blocking the traffic.
I found a tricky task for our ASA 5505 firewall. I am not able to go internet when using DHCP but I can access by using fixed IP address in client PC.Same IP, Same Mask, Same DNS, Same Gateway. All the same but no hope. Any configuration i missed in firewall?
I'm unable to have any internet connection for my new setup.
here's the overview.
Current setup is
Internet -> Router -> PIX 501 -> Switch -> clients
Internet -> static ip given is 210.193.34.1 - 210.193.34.6 Router -> Static ip assigned for NAT/External is 210.193.34.1, Local ip is 192.168.1.246 PIX 501 setting -> IP to Router, According to router screen is 210.193.34.2, but not sure what settings are done in the PIX itself as I'm unable to access it.
local ip is 192.168.1.1 Clients - > 192.168.1.0
Old setup is working fine and connected to internet. for the new setup, as i do not want any downtime for the old setup. As you can see, there are two firewalls connected concurrently to the router. I've configured it this way.
Internet -> Router -> ASA 5505 -> Switch -> clients
ASA 5505 setting -> IP to Router NAT/External/ Outside Interface, 210.193.34.6 (Or do i set as 192.168.1.0?), local ip/ Inside Interface is 192.168.2.1 Clients - > 192.168.2.0
some setup details. security policy, NAT, set to default. routing is route outside 0.0.0.0 0.0.0.0 210193.34.6
I'm unable to access after a week of troubleshooting.
I have a Cisco ASA 5505, with basic 50 license, that is connected directly to the Cable Modem with a public IP. I have VPN configured and active on the Outside interface. When we connect, we connect just fine with no errors, but we are not able to access any resources on the remote network.
ASA IOS version 8.2(5) Remote Network IP: 10.0.0.0/24 VPN IP Pool: 192.168.102.10 - 25
I have ASA 5505 with base license. I created 3rd vlan on it.it was created. but i am unable to assign IP to it. i assign ip address it takes it. But when i do sh int ip brief it does not show any ip.
i can't get it working to expose on internal server to an outside interface.I used the public server function in ASDM.Internet access works if i nat my private adress to one of the available ipadresses provided by our isp.
Internal Server : owncloud 172.10.0.4 External Server : ext181 46.245.171.181