Cisco WAN :: 800 Network Objects To Allow Management User IP
Aug 27, 2012
I'm trying to add an extended ACL (120) to an 800 series router (887) using Network Objects to allow the management user IP range full access to IP services and restricted access to email only for standard user IP range. However as soon as I apply the ACL to the outbound of my Vlan no matter what is in the ACL my PC looses internet connectivity. I've tried adding an explict allow for my IP address and still no access so I'm thinking possible a NAT issue, please have a look at my attached config and let me know what you think. Would I be better trying to control data flow with ZBF? I want to restrict standard users to email access only during the work day with web access and IM access after hours along with blocking all P2P programs for standard users at any time. Management group will have unrestricted access to all IP protocols. My original plan was to use time based ACL's!
View 9 Replies
ADVERTISEMENT
Nov 3, 2011
I'm working with ASA 5520s. how to add network objects via CLI. I know I could easily do it using ASDM, but I like to learn the hardway first. How do I add the subnet mask for a network object when creating via CLI? [code] That sets up the hosts with IP addresses, but how do I add the subnet mask?
View 2 Replies
View Related
May 17, 2011
I have a customer an exisiting 5505 which connects to multiple sites for a site-to-site VPN. This firewall was not installed by myself originally I have just been asked to take a look now.The situation is that we now need to edit one of the existing site-to-site VPNs to include the remote sites expanded network. I have tried doing this through the ASDM and have found that I cannot add new network objects. I have tried creating a new network object group and then added the new networks from there but I am completely unable to add the new objects.I believe a picture tells a thousand words in this case so I have attached some images which show the problem. I have also tried going through the VPN wizard, this also does not allow me to add new network objects.
View 2 Replies
View Related
Oct 4, 2010
Can any VPN user change their user account password through tunnel which configured on local database of ASA 5510?
View 3 Replies
View Related
Sep 20, 2012
I just bought a new Cisco SRP527w and I'm just new on this kind of equipment. I can't locate the user management tab as I'm trying to change the default password.Also, I can't access the internet. My dsl modem rj45 is connected to the WAN/LAN port with IP Static settings.
View 14 Replies
View Related
Mar 20, 2011
We have just bought 4 WAP4410N. These units will be handling wireless network at the edge of our network, only allowing for Internet access.We will be creating two SSID's, one for employees and another for guests, with different wireless password rotation policies, intended to be changed automatically by an application using SSH.Is it possible in any way to create another SSH user just for this purpose? I do feel unconfortable using the management user for this (call it paranoia!). The same with having SSH accessible from the wireless end. Any way I can tweak sshd and having it persist between reboots? Also, another issue is that we have the AP's configured for e-mailing the log however we don't receive it. Connectivity and sending has been tested with snmpc on console and everything seems to be OK.
View 8 Replies
View Related
Oct 3, 2012
I'm a bit new to Cisco and i find this AAA a bit confusing..I've turend on AAA by:aaa new-model
Can I use this "default" list for WebVPN ? And what would be a different if i create new "sslvpn" list..Also when I'll be creating user for VPN remote access.. that user will also exist in local database and have access to router via SSH?Because the research I've done it doesn't seem you can group users in different "aaa groups" e.g. user admin belongs under "admin" aaa group which can do ssh to router, users for VPN can only do remote VPN access and not SSH and login into router.i saw ASA has some attribute for users called remote-user
•admin, in which users are allowed access to the configuration mode. This option also allows a user to connect via remote access.
•nas-prompt, in which users are allowed access to the EXEC mode.
•remote-access, in which users are allowed access to the network.
But i can't find this option in IOS on my 1900 Series ISR router.
View 1 Replies
View Related
Jun 7, 2011
We have quite a few 3560 & 2960 on our edge network - what I have been looking at was to access switches via web-interface i.e. web-browser. Only problem with this is it always gives you access on privilige level 15 which is not ideal as not all who we decide to give access to these switches will be admin and allowed to configure these swicthes - In the 3560/2960 data-sheet states:
"Alternatively, a local username and password database can be configured on the switch itself. Fifteen levels of authorization on the switch console and two levels on the Web-based management interface provide the ability to give different levels of configuration capabilities to different administrators"
Where as there is no mention of how to configure these two levels of Web-based management in the configuration guide.
View 8 Replies
View Related
Jun 9, 2009
i need the MIB object names for monitoring the processor and Memory Utilization of CSS 11503 with software version 7.50 Where can I find it?
View 5 Replies
View Related
Jun 22, 2011
We are currently running 8.3(2) and I'm just wondering how many network/host objects the device can support? and how big can an access-l get?
View 1 Replies
View Related
Mar 24, 2013
I use tracking objects aroung the organization where I work to monitor WAN and VPN connections and add/remove routes based on the state of the object. I'm having 2 locations that are constanty going up and down and I've been troubleshooting and monitoring for the last few weeks without finding anything. I've been incrementing the timeout for the SLA and it seems like this is working a little (less overall drops) but the drops still occur. Our ISP reports no issues and we see no issues internally on the circuits. Just out of curiosity could this be some kind of IOS bug or hardware malfunction? The router logs are full of these:
Mar 21 16:18:33: %TRACKING-5-STATE: 2 ip sla 2 reachability Up->Down
Mar 21 16:18:38: %TRACKING-5-STATE: 2 ip sla 2 reachability Down->Up
Mar 21 17:24:14: %TRACKING-5-STATE: 2 ip sla 2 reachability Up->Down
Mar 21 17:24:19: %TRACKING-5-STATE: 2 ip sla 2 reachability Down->Up
[code]....
The IOS version of the router I took these from is 151-4.M6 advanced IP services and it's a 2821 router.
View 5 Replies
View Related
Sep 24, 2012
I'm testing upgrading an ASA from 8.2.5 to 8.4.4. During the the upgrade, it change all of my ACL host entries to objects. But I noticed that the keyword "host" is still a valid option when creating an ACL.
I'm trying to understand why this change is made during the migration.
View 3 Replies
View Related
Oct 4, 2010
My ASA5505 has an external address of x.x.x.13. We have got another 2 spare ip addresses: x.x.x.10 and x.x.x.11.We also have 2 internal hosts, which we need to provide with internet access using NAT. y.y.y.146 and y.y.y.70.
We recently updated our ASA to software version 8.3(1). I was thinking that I could do it using network objects and groups, but didn't understand quite good how this should be done.
The goal is to set up ASA in the way, that if either of the abovementioned 2 hosts will connect to the internet, it needs take one of 2 external addresses. All other hosts should use PAT through x.x.x.13.
View 21 Replies
View Related
Mar 5, 2012
Any way of doing named objects or object groups for ACLs on the ASRs? (1000 series in this case.) I'm setting up an ASR with a zone-based firewall and writing out all the addresses, ports and protocols for the ACLs associated with the various zones is creating huge, unwieldy ACLs in the config.
View 11 Replies
View Related
Nov 3, 2011
I am trying to create host objects that I'll then add to network-object groups for use in ACL/ACEs.When I try to create a host I am having trouble adding the IP address.I then get an error saying the host name must start and end with letters or numbers and only contain letters or numbers. What do I need to do to create hosts from CLI?
View 2 Replies
View Related
Feb 22, 2012
when I migrated the ASA config from 8.2 to 8.3, in all groups the group members has been replaced by the IP address object. However, the "name" for this object has been migrated, but there is the "object network name" configuration missing.
What I can do now is that I can open the new created object in the ASDM, search for the object with this IP address and then enter the object name I had before. When I apply the config, ASDM then creates the object and replaces all affected objects in all groups, by replacing the object group memeber "network-object host hostname" with "network-object object hostname".
Do you know if there exists an automated way, which checks all the groups for members "network-object host", creates the "object network" and replaces the "network-object hosts" with "network-object object" within the group? As long we have a lot of groups which contains partially > 50 members?
View 2 Replies
View Related
Feb 14, 2012
how to export objects (net and security) from an ASA 5500 firewall to a .csv file?
View 1 Replies
View Related
Mar 23, 2011
Any detailed knowledge about Cisco ACS 5.1 and Windows AD interaction? I wonder why does Cisco ACS domain account must have permission to create/delete domain objects. This fact does really surprided me, because to my mind Cisco ACS only reads domain structure, and does not make any changes.
View 3 Replies
View Related
Jul 14, 2011
I have recently installed several of the new WS-500 series switches into my networks and much to my surprise they are not supported by the CNA tool as the older 500 series were. I tried using the CCA tool, but my routers and legacy switches are not supported under it. One of the reasons I bought the Cisco switches in the first place is because I wanted to use one tool to manage all components in my network. I feel rather irked about what seems to be a purposeful hampering of functionality of the SMB line of equipment. Is there a management application that will allow me to manage all of my Cisco devices from the same console?
View 3 Replies
View Related
Apr 7, 2011
Deploying monitoring systems, typically in NOCs and maintaining them and creating modles of customer networks working with SNMP polling systems. Tools include applications like HP NNM, Netcool, Ciscoworks etc. How far would a career take you if specialising in this area? It seems like a diversion from the typical Routing/Switching side of networking. Not nessacarly from a technical perspective, how about networking? Ie; being exposed to migration/project teams who wanting to 'migrate' more hardware and sites to the care of the NOC, after the design teams have implemented them? This seems like a step towards the design side which in the long term I am wishing to get to.
View 1 Replies
View Related
Apr 15, 2013
Any quick breakdown on the differences between some Network Management software titles. I dont know when you would use each one or what the limitations are of each. [code] I have been looking over the release notes for each product trying to draw some conclusion on which titles support or dont support certain products.
When you would use each and if there are any gotchas or limits to watch out for? It looks like Prime is a paid for product but will any of the free solutions (CNA, CCP, CCA) work with all enterprise level products (2950, 2960, 3560, 3750, 4948, 4900 4500 switches and 1800, 1900, 2800, 2900, 3800, 3900 routers) or do you have to use Prime to get a product that will mange these devices?
View 6 Replies
View Related
Jun 2, 2013
What tools are you using to manage multiple SG300 in a single network ? I can't find any good solutions on the cisco website.
View 1 Replies
View Related
Aug 22, 2011
I would like to push route for admin services (Vlan20) to bypass the firewall via an other connection (CSI to CSE). So my first choice was to create a route-map in (CSI) but I don't know how to do it. On my Firewall ASA, I don't have any Context License, that is why I would like to do it like this.
I have included some part of my initial configuration CSI and CSE and diagram.
CSI configuration (Switch L3 3750) {
interface GigabitEthernet1/0/1
description To ASA
no switchport
[Code]....
View 1 Replies
View Related
Nov 11, 2011
i was able to network my window xp pcs with easy. I control my cyber cafe with handy cafe and it wporks on my xp pc using a switch.(Dlink) My challenge is now how to network window 7 OS pcs that are directly connected to a wireless router for internet. All the systems browse wirelessly via the router but i can't share filesMy major problem is our to use handy cafe to control the systems(15pcs)
View 3 Replies
View Related
May 2, 2012
I am working as a Network Administrator. Here I have to manage Cisco Switches 2960 and 4500 Series, Active Directory, Database Server, Exchange Server, File Servers, IP Telophony, Fortigate Firewall, 2960 Router, Wifi availability within Company. Although, in case of any disaster we will contact to vendor for solution, but the management told me to deploy any Software/Network Monitor which will facilitate to manage all this, i.e, overall network Health check, Performance Measurement, Fault Tolerance.
View 2 Replies
View Related
Sep 22, 2011
We are running ACS 5.2 patch 6 and want to restrict access for users to be able to add devices to the system.For example, admin person in site A can only add devices into the site A group and cannot see/access other sites groups.
View 1 Replies
View Related
Apr 20, 2009
We are using an ASA 5510 and remote access (SSL VPN) using the AnyConnect client.
Is it possible to display a user message when a user connects using the AnyConnect client, matching a specific dynamic access policy? Can the message be displayed when the action is "Continue" rather than "Terminate"? I can't seem to get this to work and wondered if there was a LUA function to do this.
We have a DAP which gives a restricted ACL when the user's anti-virus is out of date, and I wanted to notify the user to update their anti-virus and reconnect.
View 4 Replies
View Related
Oct 10, 2011
I want to create a local user in my Cisco ASA 5520 to allow the user to use the ASDM in Read-Only mode. I want the user to view the Dashboard only.
View 1 Replies
View Related
Nov 21, 2012
Is it configurable to allow wifi user to user traffic on WLC 5508?
View 4 Replies
View Related
Oct 30, 2012
I am having an issue with connecting to the internet on my laptop. I have never had this problem before and after google-ing it, it appears that a lot of other people have the same issue. I had a message pop up that said something along the lines of 'another user on your network has the same ip address as your computer.' I lsot my connection, but was then able to re-connect. However, now I am permanently disconnected from the internet. I have reset my wireless adapter and that hasn't worked. I'm currently using my mum's computer and her internet is working fine.
View 17 Replies
View Related
Apr 28, 2013
I have recently installed prime lms 1.3 and added several switches to be managed. Is there at this moment a possibility to display port statistics and network statistics for the wired part of the network? I am used working with LMS, but features like the topology view, with bandwidth usage is not yet integrated in Prime Infra it seems. Is there anything to monitor the wired network in Prime Infra 1.3.
View 2 Replies
View Related
Jan 19, 2012
I can no longer add user permissions to a network C: drive - I get an access denied message. What could have happened?
View 6 Replies
View Related
Mar 5, 2011
I run a home private server on Centos 5.5 I believe. A while ago, a surge destroyed a different computer with pictures on it that my parents would like to access. The hard drive itself is just fine, and I've backed up those files on an external hard drive. What I would like to do is allow my parents to access them through Samba. Samba has already been in long time use, but it is configured to only allow access in a jail inside each user's home folder on the root hard drive. I have a suitable hard drive already formatted and mounted that can fit all the pictures that they wish to have access too. What I'd like to do, is change the path that one of my users use to the mounted hard drive.
View 3 Replies
View Related
