Cisco WAN :: 520 Basic Firewall Configuration With DMZ Required
Apr 19, 2011
I am trying to set up my Cisco 520 router with a firewall that will: Allow port 80 traffic to the vlan 20,Block all other incomming ports to vlan 20 (unless initalised from inside),Allow all outgoing ports on vlan 20,Block all access from vlan 20 to vlan 10 (unless initalised from vlan 10)
View 35 Replies
ADVERTISEMENT
Apr 22, 2012
I am replacing a cisco linksys router with a 1941w.
I have the 0/0 accepting a DHCP from the ISP then I have 0/1 going to a switch and hosting a dhcp server.
Where I have an issue is:
A) Finding a way to turn on the wireless and make it use the same DHCP as wired and setting up a user name/wep password
B) Turning on the GUI that is supposed to be embedded on this.
C) Finding a way to make the DNS point to the default gateway so that I don't have to set the address everytime we move the box.
Here is my current configuration, and with it I can get onto the wired network and get to the internet.
Current configuration : 4712 bytes
!
! No configuration change since last restart
version 15.1
[Code]...
View 6 Replies
View Related
May 8, 2011
creating a DMZ with my current configuration. Most of my configuration has been through the ASDM as I am still learning. I'm looking for a good tutorial through the ASDM to get me on my way. What I need to accomplish is this:
I have an internal GIS server which needs to have a constant database connection to an remote GIS Server which is already configured. I've got a separate VLAN setup on my 3750 switch which connects to the DMZ configured port on my ASA with a security level of 50. My GIS server has been placed in the DMZ VLAN which is accessible from my internal clients. I have a /30 Internet block which is being used for Internet and VPN. I have a separate /28 block that I'm assuming I'll need for the DMZ to work properly.
View 1 Replies
View Related
Oct 12, 2011
I dint have any experience in Using cisco pix firewall. i got this for home lab practice.the pix can be accessed and configured by web based and CLI mode right. basic configuariton tto configure pix 515e in cli mode.
as of now im using console( hyper terminal) to access the pix. in cli based commands i need the following
1. how to assign ip address to inside ethernet and outside ethernet
2. how to enable telnet and after enabling it , can i connect my pc directly to the pix inside ethernet and do telnetting or if at all possible with (https enabled)web based config. any of these are ohk.
went at browsing to find these all i could find is web based configs. i need cli commands.
View 9 Replies
View Related
May 21, 2012
This is my 1st time trying to configure an ASA.
I'm trying to establish a very basic connection (ping) between 2 laptops, one sat on the outside interface, and one on the inside as per the diagram below:
I can ping back and forth from the ASA to 192.168.1.4, and to 10.1.1.1. However, what I'm trying to achieve is to be able to ping from 10.1.1.1 to 192.168.1.4 and vice versa.
I have attached the configuration file with this post as well.
View 4 Replies
View Related
Jan 3, 2013
I have an 871 and all I need to do is some basic rules. Here is the config I am having the issue with.
View 1 Replies
View Related
Oct 18, 2011
I am very confused on how I setup a Pix 515 that I just got to route traffic out a cable modem. First, let me give you a little details on my current network setup and what I am trying to accomplish with this Pix 515. Currently all my users go out the proxy for any internet access, however I have certain users that need to go out the cable modem instead of the proxy server. Below is an example of the current IP setup of a user A:The cable modem that we currently have has DHCP so I would need the external PIX address to accept a DHCP address. I also don't really understand what else I need to setup so if I have say four users hitting the cable modem through the pix how do I direct their web traffic to the correct computer (NAT ?),I will be plugging the PIX into a cisco switch that all ports are in VLAN 48 so hopefully a static internal address on the pix of 10.24.48.254 will keep me from having to do any routes since all traffic will be originating from the 10.24.48.0 network.
View 1 Replies
View Related
Mar 31, 2013
I have one firewall need to be configured in transparent mode. I have inside and outside router. What is the configuration of transparent firewall ASA8.2. I didn't find the configuration on Cisco site.
View 17 Replies
View Related
Jun 6, 2012
We have purchased a new Websense 10000 Appliance and I'm not a hundred percent how to set this up. I see that URL Filtering is a possibility and WCCP, which way to move forward on implementing this?
View 4 Replies
View Related
Apr 29, 2013
I have a problem with the configuration of the ACL of my ASA 5505 router.However, the syntax seems okay,access-list 121 extended deny icmp 192.168.0.0 255.255.255.0 .
View 3 Replies
View Related
Jul 13, 2011
I have existing Sonic FW in my company we are moving from sonic FW to ASA 5510 Security plus lice. I have two ISP currently connected to sonic Firewall I am planning to implement Dual ISP configuration on ASA5510.
View 12 Replies
View Related
Oct 16, 2012
I've gotten to the point where I can test against active directory and get in, also I can get AD groups from my server on the ASA. My problem, I can't connect in via my AnyConnect client on my Android. I immediately get a "log in failed" and I know I'm using the right username/pass. Doing a little troubleshooting, I have attached my AnyConnect debug log and the results of the "debug ldap 255" command on the ASA. Also, I've used ldp.exe to determine I can connect in with the username/password combo I'm using.Combing through the AnyConnect logs I see a few instances of "global error unexpected" but no Google searches have brought up anything useful.
View 7 Replies
View Related
Oct 21, 2011
step by step ACS 5.1's basic configuration through CLI?
View 2 Replies
View Related
Jan 3, 2013
I am struggling to get this working after spending many hours looking at it I am now completely stuck. We are upgrading from a 857W to this 887 VA-M I have some experience of IOS and the 800 series. Our 857W works perfectly using almost the same config. Our situation is that the router will sit in front of our firewall and act essentially as a simple router passing everything through to our Firewall. Nat is done at the Firewall.
We currently have the following configuration that seems to connect the the ISP fine but I cannot connect to the vlan2 port on the switch the firewall cannot connect to he internet or route anything via the Vlan2 port no pings etc.. I am using Fast Ethernet 0 as the Vlan2 port and the rest are V LAN 1 with a local network address to allow me to connect a laptop.
We have a block of static IP addresses, the base of which is assigned to the V LAN 2 interface and used by Dialer 0 as IP Unnumbered. Config below.
4590 out of 262136 bytes
! Last configuration change at 17:42:06 UTC Thu Jan 3 2013
! NVRAM config last updated at 17:43:00 UTC Thu Jan 3 2013
! NVRAM config last updated at 17:43:00 UTC Thu Jan 3 2013
[ code].....
View 2 Replies
View Related
Sep 30, 2011
I have an ASA running 8.2(2).I am trying to get the network on the inside interface to be able to communicate through the outside interface and on to the internet.
View 18 Replies
View Related
Sep 4, 2012
I have just bought my first non-domestic router, a CISCO 887VA-K9 which needs basic configuration to get it working. I have a copy of the configuration guide (334 pages) and CP Express user's guide (94 pages) and have spent an hour reading but either they are missing something or my brain is too small to figure out step 1. How to get started. Perhaps from where to download a CP Express installation kit for Windows.
Is the only way via a terminal emulator connected via a serial port ? Is there a graphical interface I can use ? Are there any basic tutorials for beginners ? This is probably the only non-domestic routrer I shall work on so I don't want to invest in a full training course. I just need enough to plug in the ISP credentials and set up DHCP.
View 27 Replies
View Related
Dec 13, 2012
in lab trying to run a test upgrade of an Ace30,can seem to get it right ace30 is in slot 1 of the 6500, management vlan 10
View 4 Replies
View Related
Aug 12, 2012
I set up a basic Linksys E2500 with the following information and connected to the internet straight away without a problem: I have spent several hours simply trying to get this basic information into the Cisco 819 using CP Express without success, i.e. I get no internet. Rather than show my inputs, What is the correct setup. I am a novice so I'd rather solve this issue using CP Express just to get connected in the first instance. I have a static IP address, I connected the ethernet cable carrying the internet to the internet port of the E2500 and an ethernet cable from one of the ethernet ports of the E2500 to my PC. For the 819, I connected the internet cable to the GE WAN 0 port and the PC to one of the FE ports.
View 18 Replies
View Related
Jul 19, 2012
We currently have 7 Cisco 3524-XL switches (10-12+ yrs old) which are 10/100. We purchased a handful of Cisco 3750X switches to replace them going with the whole stackwise and redundant power supplies. Our current configuration on the old 3524 switches is that they have hardset all the ports on them to 100MB/FULL since devices would auto-neg to 100/Half. Since we're going from 10/100 to 10/100/1000 switches, I want things to auto-neg as I have heard in the past and experienced that things work better when it auto-neg to gigabit. My upper management is afraid since the old switches wouldn't auto-neg correctly that we should hard set all the ports on the new switches, which would be a nightmare since some ports would be hard set to 100/FULL others to 1000/FULL, etc.. We've tested just about all of our devices at auto with the switches and they've all auto-neg to the correct speed. In short, is Auto-Negotiation the way to go with the newer switches or is it still better practice to hard set your ports?
View 3 Replies
View Related
Apr 8, 2012
I teach in a High School and we've got about a 300 node MS Windows Network. Two MS2003 File Servers act as my DNS/WINS/DHCP servers. We have been using a WATCHGUARD FIREBOX III to act as the router/gateway between the outside external address and my internal (10.0.0.1) gateway address. All p.c's inside the network are routed to one of the Servers (10.0.0.2 or 10.0.0.4) for DNS/WINS/DHCP addressing. The servers point to 10.0.0.1 for gateway.
We are trying to replace the Watchguard Firebox with a CISCO ASA 5505 (eventually we'd like to implement VPN). When I connect the CISCO ASA, I get no internet passthrough at all.
View 1 Replies
View Related
Dec 16, 2011
I have a Cisco 2600 with IOS 12.3. I need a very basic configuration to allow traffic between two LANs. To test this I cleared the router config to the factory default state and configured my network addresses on the interfaces.
When I connected a PC to each interface I found they could ping each other, I was expecting to have to write ACLs to permit the traffic into the interfaces, thinking that the default behaviour of the router would be to deny access. default bahaviour without any ACLs or other routing configurations?
My config, such as it is, is as follows:
Current configuration : 770 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
[code]....
View 5 Replies
View Related
Aug 5, 2012
I am trying to configure a Cisco 1841 to allow the users to access the internet. This is my first step with ppp. All the rest of the configuration is ok but I don't know how to setup the interfaces Dialer0 and ATM0/0/0.
Need very basic configuration that I can analyze and use on my device?
View 10 Replies
View Related
Jan 1, 2013
First time user of cisco hardware and we just purchased the 4900m catalyst switch. My question is very general. I am simply hoping to network 3 servers together and I do not wish to do any fancy or advanced configuration. Can I simply use the web management interface for network administration and setup? I just downloaded the Catalyst 4500 Series Switch Cisco IOS software configuration guide and they talk about Cisco View network management system, is this my answer or is this what most people use for basic configuration and administration?
View 3 Replies
View Related
Nov 29, 2011
In comparing the 891 (IOS 15.1) firewalling/security features to that of the small business routers, how does one go about setting up the same basic firewall attributes? with the small business line, you have simple "enable/disable: SPI, DOS, Block WAN request, etc..."how do you go about enabling those same simple things in this router, in particular the "Block WAN request"?
View 3 Replies
View Related
Feb 9, 2012
How can I have access to the cisco "AP#" prompt? When I try to acees the AP through hyperterminal, it gives me the attached messages. The message keeps looping and not letting me access the AP# command prompt to assign an IP address so that I can control it in mode HTTP.
View 2 Replies
View Related
Nov 27, 2012
basic configuration for setting up cisco ASA 5510 for NAT and DMZ.
View 9 Replies
View Related
Jan 14, 2013
I have a Cisco 2921 Router,with 3 giga interfacesi have a leased line for the internet with a public ip address and i want to configure this router as NAT /PAT gateway, so that users in my network can ue the internet by the router,my wan interface is g0/0 - ip 122.xx.xx.xx lan is g 0/1 -- 192.168.1.1 /24 . i have tried doing nat once but i was not able to make the wan port up.using cisco CP when i test the interface it givves error and i dont get internet to my users.
View 10 Replies
View Related
Sep 5, 2012
I have a /25 block of public ips from my ISP which I'd like to subnet into two /26 blocks. I have a Cisco 2600 with 2 ethernet ports in it. What are the commands I'd need to take my 200.180.200.0 255.255.255.128, gateway 200.180.200.1 and turn it into 200.180.200.0 255.255.255.192, gateway 200.180.200.1 and 200.180.200.64 255.255.255.192, gateway 200.180.200.65? One of the interfaces will be connected to the ISP & the other to a switch, and then we could access the two subnets through the switch.
View 6 Replies
View Related
Apr 6, 2013
Who can give me a SNMPv3 configuration template.I tried many times has been a problem
View 5 Replies
View Related
Jun 12, 2012
RV082 configured for Dual WAN [Code]....
(2) identical DSL connections, configured as Static IP (not PPPoE) with modems in bridged mode. Static IP's are /25 subnet and same gateway ** this may be a problem? Dual WAN set for Load Balance, network service detection is OFF
We have a 2003 terminal server running and successfully receiving connections through both WAN connections. Depending on location, half the users are connecting to WAN1 IP and the other half to WAN2 IP. We are getting sporadic disconnects of the remote users when they are idle for a couple minutes and automatic reconnection of the session takes over a minute. If they close the (locked up) session and reconnect manually it will let them in right away.
Could the handling of the Dual-WAN be the culprit? Could the same gateway for both WAN's create this issue upstream (out of my control)?I am going to move everyone to connecting through WAN1 and then change to Smart Link Backup and see if the issues persist.
Another thought is to use a secondary IP on the terminal server and use Protocol Binding to match "All traffic" for IP1 to WAN1 and IP2 to WAN2, which theoretically would stabilize the situation?
View 36 Replies
View Related
Jan 17, 2013
I've got what is probably a very basic question - but i can't figure it out.I have: Internet (ADSL) -> 2851 (ADSL wic) -> 5520 -> internal LAN (192.168.1.x/24)
The asa has just replaced a Checkpoint firewall.I've set up the ASA to the point where all hosts on the internal LAN have internet access (using a dynamic PAT on that network). This all works well.
The problem i have is i am trying to allow access from the internet to an internal host on a specifc TCP port (as i had done on the Checkpoint) but i'm getting:
Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src outside:111.111.111.11/52135 dst inside:192.168.1.252/5555 denied due to NAT reverse path failure
From what i have read i need to add a NAT exemption for this particular use case - to avoid the dynamic NAT i have setup, but im not sure how to do so.I'm running 9.1 on the ASA, no VPNs yet. Just this basic setup.
View 8 Replies
View Related
Jan 3, 2012
I want to start implementing a small outdoor mesh network of 3 APs Aironet 1550 in order to grow afterward with more APs. Is there any way to configure those 3 APs in an outdoor mesh configuration (for example, only one RAP and two MAPs) without a Wireless LAN Controller or I have to have at least, one WLC? My idea is to have a WLC 5508, but at the very beginning I don't know if my budget is gonna allow me to cost the WLC.
View 7 Replies
View Related
Dec 14, 2012
We have implemented VSS on Cisco 6504-E switches using the 10GE links on the Sup-720-10GE. Two Cisco WLC 5508 controllers are planned to be connected in a LAG configuration, (consisting of eight links per LAG bundle) to each of the 6504-E chassis( Total of four WLC, two for primary and two for secondary). WLC HA feature may be implemented on the primary and secondary WLC controllers using the 7.3 latest code release.
View 9 Replies
View Related