Cisco WAN :: ASA 5505 - VPN Set Up For New Router
Jul 24, 2012
We were just informed by an ISP that they are not providing a router for an installation on Friday. We have a ASA 5505 currently and the current ISP has an Adtran router in place. Our ASA has VPNs setup to our 2 other locations. About 30-40 people connect to this location over terminal services via the VPN, they also print and conduct minimal file transfers. We are switching ISP's to go fro 3Meg to a 10meg circuit.
I have a very low budget and have been told all I need to get is a 800 series router with 2 interfaces to accomplish the task. I have included a diagram that the ISP gave me. What is the proper router i need to do what is described in the picture? The an other thing that i need to add is that we may want to hang a small switch off the router to put a seperate firewall in the future. if this prevents me from getting a 800 because this is really my price range we are willing to give this up.
I have put a "X" for the first two octets in the picture as to not post my ip's. These 2 octets are the same through out.
View 4 Replies
ADVERTISEMENT
Nov 1, 2011
I have an ASA 5505 with a dynamic IP address from the ISP.What I need to accomplish is the following:
- Either setup that ASA (Dynamic IP)VPN with an IOS router (Static IP)
- Or setup that ASA (Dynamic IP) with another ASA (Static IP)
View 8 Replies
View Related
Mar 19, 2013
I am trying to troubleshoot an ASA5505 connectivity issue. My initial tests are to ping the Internet router from the ASA This is failing and also a sh arp only shows internal addresses.
I have to go to site to check this out to confirm the following.
1: Should I be able to ping the Internet router from the ASA?
2: Do I need to permit any icmp to do this?
3: Should a sh arp show the address of the internet router?
I tried entering the command permit icmp any outside
However I got the error route already exists 0.0.0.0/0.0.0.0
View 2 Replies
View Related
Sep 26, 2012
I have a RV042 VPN Router inside an ASA 5505 running version 7.2. I am attempting to connect from the outside to the RV042. I have read for 2 days now and tried everything I have found and had no success. I can connect from inside the network to the RV042 so I know that is setup correctly. I have found links on several posts to the official Cisco support documents but they make no sense to me. This is my first experience with a Cisco Firewall.
We also have a security camera network that we access externally and I have successfully set up the port forwarding for this. Here is my current running configuration. The inside ip address of the RV042 is 192.168.168.25. I had port 1723 forwarded, opened GRE, and have setup PPTP inspection. I have deleted the port forwarding at this point.
Result of the command: "show running-config"
: Saved
ASA Version 7.2(3)
hostname suite
domain-name hivermont.com
enable password vwiH3D2KQdqR57As encrypted names
interface Vlan1 name if inside
security-level 100
ip address 192.168.168.1 255.255.255.0
ospf cost 10
[code].....
View 4 Replies
View Related
Jul 19, 2011
I have an ASA 5505 with the typical inside/outside interfaces. I also have a DMZ that I've named remote for all of my ISP VLAN'd remote offices to connect. I've set the security levels on both the inside and remote interfaces to 100. From remote 192.168.71.0 network I can ping to the remote interface on my ASA, 12.230.129.66/8, but can't ping anything on the inside network, 192.168.1.0, or the web. From my ASA I can ping the router directly attached to the remote interface, 12.233.136.162/8. From my inside 192.168.1.0 network I can hit the web fine, but cant ping the remote router 12.233.136.162 or the remote network..
I dont' know if I missing something with routing, or with the two interfaces w/ same security...or what?
Here's my config. I've also attached an awesomely bad network map.
Result of the command: "wr t"
: Saved:ASA Version 8.2(5) !hostname ciscoasadomain-name wec.wnetenable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2switchport access vlan 3!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip [Code]...
View 6 Replies
View Related
Dec 15, 2011
Im new to the ASA and is trying to setup at test net. The ASA is connected to my router on port zero using DHPC. (Or i guess its not as the router use the same ip range as ASA does inside).
I tried to set a static IP in the same range (eg. 192.168.1.20) but then get the message "cannot overlap with the subnet of interface inside". So I belive that is why it dont get a IP from my router - it does show up in the router DHPC table as 192.168.1.5 but ASDM home says outside "no IP address".
I tried to change the inside range of the ASA but if I change the inside IP i loose connection. (Had to restore factory-default useing the console).
I guess I could setup another range using the console, but how?
View 9 Replies
View Related
Oct 21, 2012
My client is asking can the Cisco ASA 5505 implement MAC ACL in Cisco ASA 5505 which is now running in Router Mode.I have tried to search the document and also tried the ASDM in the Cisco ASA 5505 but could not see any way to do the ACL by MAC address.At the same time how to find out that by using command line the ASA 5505 able to run MAC ACL in router mode?
View 2 Replies
View Related
Jul 5, 2011
I have a site to site vpn set up. I want to be able to manage the Cisco ASA router from a computer that connects to this site to site vpn. The problem is when I enter the ip address of the asa into adsm I get this error: Unable to launch device manager from 192.168.14.1:444. I am also unable to ping 192.168.14.1 from any computer that connects to the VPN, but I can ping other devices on the 192.168.14.x network. Also devices on the 192.168.14.x network can access the asa no problems. Here is my config:
ASA Version 8.2(1)
!
hostname Hostname
enable password POgOWyKyb0jgJ1Hm encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
[code]....
View 1 Replies
View Related
Jun 18, 2012
i have ASA 5505 and have a ADSL modem (hwich has DHCP enabled) 192.168.1.X/24....i have static ip as well which is 34.X.X.X. i want to use ASA as a firewall and want to make site to site VPN..i tried to google it but i cant find any config.i have 4 swicth port in the ADSL modem so shd i connect my ASA with building switch but then it will have DHCP enabled if i disable DHCP on ADSL router then how will my ASA communicate.
View 1 Replies
View Related
Mar 20, 2013
I am trying to setup a cisco 2600 router that will be used to connect to a Qwest internet T1. I will have a Cisco ASA firewall behind the router so that I can build a site to site VPN tunnel. Qwest requires PPP encapsulation. The Lan side network is 10.2.0.0/16. Qwest gave me their serial IP address and my serial ip address which was I used to configure the route. The ethernet interface was configured for the local Lan side subnet and i natted both the inside and outside interface of the router. I am not sure if this is correct. How do I configure the router so that I can use one of the available public IP Addresses as the outside interface of the ASA?
Here is the config of the router:
version 12.2no parser cacheno service single-slot-reload-enableservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname cedar!logging rate-limit console 10 except errorsenable secret 5 xxxxxxxxxxenable password xxxxxx!ip subnet-zeroip audit notify logip audit po max-events 100no ip dhcp-client network-discoverycall rsvp-syncinterface FastEthernet0/0description Lan Interfaceip address 10.2.1.1 255.255.255.0ip nat insideno ip route-cacheno ip mroute-cachespeed autofull-duplexno mop enabled!interface Serial0/0ip address 65.121.x.x 255.255.255.252ip nat outsideencapsulation pppfair-queueservice-module t1 clock source internalservice-module t1 timeslots 1-24!ip nat inside source list 1 interface Serial0/0 overloadip classlessip route 0.0.0.0 0.0.0.0 65.121.x.x (qwest serial IP address)ip http serverip http authentication local!access-list 1 permit 0.0.0.0 255.255.0.0
View 7 Replies
View Related
May 29, 2011
I have an ASA 5505 at each of three locations. We have VPN tunnels set up between the three sites. I am currently using a single ISP to control the traffic between the sites. I am adding a new ISP to the mix. The goal is to have any internet traffic routed to ISP 2 and all internal traffic routed to ISP 1.The ASA does not do policy based routing (mostly because it is a firewall, not a router). I need to configure a router that will accept the output of the ASA and route it according to the above rule. All incoming routing will be done through ISP 1. Any suggestion on the device and the methodology to set it up? I am planning on doing this in each location.
View 3 Replies
View Related
Oct 21, 2011
I am in search of a new routers. I don't have any special task to do. Just the flow of maximum 2mb/sec data and some times video conference. However I need the Voip solution as well. I just got excited on the cisco ASA 5505 product. Can this fulfill my requirements. Can this work as the router 1841. Does this support DMVPN, SSL VPN and dynamic routing. Can I upgrade the IOS for dynamic routing purpose. Do you recommend to purchase this produe act or not instead of router ? What are the limitations of this product. If I purchase this I can use this as an router as well as strong security solution. How many ports are available for traffic flow in ASA 5505. Are all routed mode or some of them switch port.
View 1 Replies
View Related
Mar 15, 2011
Have a customer who has two ISPs right now and only using one through a basic SOHO router. Looking to upgrade to something that supports dual WAN and allows connections from outside in on both WAN ports. There are 25-30 inside hosts.Requirements: Allow incoming connections on BOTH WAN ports to a single inside host
-This is a web app that needs as close to 100% uptime as possible
-Round robin DNS is set up
-Failover for internal people should one of the ISPs go down
Looking at either an ASA 5505 with Security Plus or an 891 Integrated Service Router.
View 1 Replies
View Related
Nov 14, 2011
I have a wireless Airport Extreme on Vlan3. My problem is that I can't get internet access from a wireless client which connects to the Airport which is on the DMZ. From my laptop which is connected to the Airport, I can ping the 5505. That's as far as I get.
asa5505(config)# sh running-config
: Saved
:
ASA Version 8.4(2)
!
hostname asa5505
enable password ArKd0aXL.wihdyE3 encrypted
passwd ArKd0aXL.wihdyE3 encrypted
names
[code]....
View 6 Replies
View Related
Feb 27, 2013
I have not been able to figure out the resolution. The basic premise is to have 3 inside vlan networks controlled by a 1900 series router. Then have that primary LAN router connect to the inside of my ASA5505 Basic, then go out to my ISP Gateway. I have tried hundreds of different static route configurations on my router and asa. I have tried equally as many NAT and PAT configurations, but nothing seems to work. I have even tried using all the commands (specific to my topography of course) on this weblink from cisco: url...
View 12 Replies
View Related
Dec 23, 2011
Currently I have an ASA setup as a Firewall with 1 outside interface and 2 inside interfaces. Initially, the Guest interface was setup to receive DHCP from the ASA and everything was working. I'm adding router and a server for the guest interface and what I'm trying to accomplish now is the following: ASA 5505 > Airport Extreme with a public static IP (69.xx.xx.6), handling DHCP and NAT > Mac Server as DNS Server.Right now, when I connect to my Airport Extreme with any computer, I don't have internet. I don't understand what's wrong. My DNS Server has a reserved IP address: 192.168.226.2 and it's pointing to itself and forwarding the ISP DNS servers, the Airport Extreme is handling the DNS Server IP and the ISP DNS Server IP but I can't connect to the internet from the server. [code]
View 31 Replies
View Related
Apr 21, 2013
I need to open port 4001 on my router for someone to have access. I need to do this thru GUI. Cisco ASA 5505
View 5 Replies
View Related
Feb 7, 2012
I'm looking for a device which will allow me to forward all internet bound traffic through a L2L IPSec tunnel from branches to a central hub and internet connection.
I've recently purchased a RV120W(as a test branch device) which i've tried to get working with the ASA5505 at the central site. I can get the VPN to come up but can't manage to get the internet bound traffic through it. Reading up on the issue, it looks like full tunneling or IPsec wildcard forwarding isn't supported on the RV120W and RV220W devices [URL] The source mentions that the RV0xx series supports this feature, however one of my requirements is wireless on the device.
Any device which supports this rather than just the standard split tunneling, alternatively a workaround which will allow me to use RV120Ws at branch sites? Would an SRP521 support what i'm trying to achieve?
View 1 Replies
View Related
Oct 25, 2012
Shopping for a new home router/firewall. Trying to decide between a Cisco ASA 5505 or a juniper equivalent. What are everyone's thoughts?
View 16 Replies
View Related
Nov 10, 2011
I have a cable modem internet connection and my cable modem is connected to an ASA 5505. The inside interface of the ASA has an IP address of 192.168.2.2 and is connected to a Linksys router's internet port which has an IP address of 192.168.2.1. The Linksys router then has a local area network of 192.168.1.0 and all my clients are on that network. Everything is working fine except in my ASA logs all the traffic shows up as the router's external address which is 192.168.2.1. I would like to see the 192.168.1.x address of the clients in the ASA firewall. I've tried making some changes to the Linksys router but that hasn't resolved it. Is there any changes I can make on the ASA to get this to work?
View 6 Replies
View Related
May 30, 2013
I would like to know both Cisco 2901 or 2921 router and Cisco 5505 ASA can build site to site VPN.
1) what is the different to build site to site VPN between router and firewall ?
2) which is the best choice if using in site to site VPN connection ?
View 9 Replies
View Related
Jun 18, 2012
I have a ASA5505 and it has a vpn set up. The VPN user connects using the Cisco VPN client. They can connect fine (the get an ip address from the ASA), but they can't ping the asa or any clients on the network. Here is the running config:
Result of the command: "show running-config"
: Saved
:
ASA Version 7.2(4)
!
hostname ASA
domain-name default.domain.invalid
[code].....
what I need to add to get the vpn client to be able to ping the router and clients?
View 3 Replies
View Related
Mar 31, 2011
Just now my boss asked me to prepare to set up site-to-site VPN on Cisco 881 Integrated Services router to ASA 5505 router which is now running at the HQ side. I am now learning pdf file from Cisco which mention how to setup site-to-site VPN between Cisco 1812 IOS router and ASA 5505 router by using ASDM V6.1 and SDM V2.5. Can't find the paper for that Cisco 881 device.
View 4 Replies
View Related
Feb 20, 2013
I have two Cisco ASA routers and I have a site to site vpn set up between the two. The VPN link works but Site A can't ping anything on Site B. Site B can ping Site A. Site B can ping other pcs on it's own network. Site A has been in place for a while and has other site to site VPNs that work fine, so I think the problem is with Site B. Here is the config for Site B:
Result of the command: "show running-config"
: Saved
:
ASA Version 8.4(4)1
!
hostname SaskASA
enable password POgOWyKyb0jgJ1Hm encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
[code]....
View 6 Replies
View Related
Nov 25, 2012
I have an offsite employee at an apartment complex where she uses the leasing offices internet connection. I have an ASA 5505 but I don't know how to make this work behind the leasing offices router and other network equipment. Is there any way to have her connect back to our corporate network using site to site vpn without touching the leasing office devices? She needs VoIP and corporate server access.
View 3 Replies
View Related
Nov 21, 2011
Hoping that someboy can see the error of my ways. It seems very like the problem that i read here: URL
We have a cisco 800 in a remote site which we wanted to use for a site to site vpn. Went through the steps on the ASA 5505 and the 800 and have got to the stage were the tunnel is up and connected. Getting traffic through it is another matter. Remote network is 172.20.224.0/20 and the server network behind the ASA is 192.168.168.0/24. The tunnel does intiate when you send traffic from 172 ......to 192....... Both the ASA and 800 report the tunnel is up. If i look at the stats using ccp on the 800 i can see the encapsulation packets graph shooting up but nothing cominbg back. I did packet captures on the 5505 and could not see anything coming from the tunnel so i dont belive its making it to the ASA. Here is the config from the 800:
Building configuration...
Current configuration : 6488 bytes
!
version 12.4
no service pad
service timestamps debug uptime
service timestamps log uptime
[Code]....
View 9 Replies
View Related
May 28, 2013
i have configured vpn on asa 5505 and 881 router, as per below design,i am seeing the tunnel is built from cisco 881 router for few seconds and the its got delted. but nothing showing in asa.
View 1 Replies
View Related
May 24, 2012
I've been tasked with setting up an ASA 5505 on our ADSL modem & am very lost. I've put the PPPoE details into the ASA 5505 to authenticate with our ISP, but can't get out through it. I've looked at guides, videos, compared configs
This is the current config...
: Saved:ASA Version 8.2(5) !hostname asaenable password GuuH2OTIRWlZP8z3 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface
[Code]....
View 2 Replies
View Related
May 2, 2012
I am attempting to configure an ASA 5505 with SSL VPN. The users request is from anywhere, be able to web into the Cisco ASA. [URL]. At that point, we will require them to authenticate through Active Directory via ACS 5.2. The Cisco ASA 5505 is a 50 user ASA. We have also purchased the mobile license as well as a 10 user premium license. That was a bear in itself.
1. How do I configure the SSL setup to use a 3rd party certificate, such as a Comodo certificate?
2. How do I determine which version of AnyConnect I should use for this? We will support windows, macs, linux and smart phones as well as Tablets.
3. if you do a show version, you get all the capabilites of the ASA of which some are disabled or deactivated. Any chart that will show us, what needs to be purchased to activated each line entry on the ASA? Is there an all encompassing PAK?
View 1 Replies
View Related
Mar 13, 2011
we have a customer with three sites address ranges are 192.168.215.0/24 head office, 192.168.216.0/24 contract and 192.168.217.0/24 branch office.
The head office has a Cisco ASA 5505 device and the two remote sites have Zyxel P-661 devices. The end result I want here would be for a VPN from both remote sites to the head office this was working before but now the branch office is not now all the users are able to access resources in the head office without any problems but the users in the head office can not connect to resources in the branch office.
The Contract office has exactly the same set up and is working okay.I have spoken to Zyxel and they have told me they think the Zyxel set up is okay and that the problem is at the head office.Some of the testing we have done which is causing confusion has produced the following results:
-From the server in the head office we can ping the internal interface of the Cisco.
-From the server in the head office we cannot ping the external interface of the Cisco
-From the server in the head office we cannot ping the router beyond the firewall.
-From the server at head office I cannot tracert to any external resources.
I have just tried doing a Packet trace from the internal address to the address of the router and it has failed witht he following message: [code]
View 17 Replies
View Related
Feb 28, 2012
The current scenario is as follows:
ASA 5505 Site A connects to ASA 5505 Site B S2S VPN, both has static IP address.
Now I need to change from ISP so that I can get more internet bandwidth, but the new ISP only has dynamic IP address.
Now I need to change Site B's config to use dynamic IP and still connect to Site A and establish a S2S VPN.
How can I do this?I want the ASA 5505 to change its IP daily so that the VPN connection is still up even if the ISP at site B changes its IP. Or a way to do this automatically as I don't have anybody at site B that can do this manually for me.
View 8 Replies
View Related
Jan 6, 2013
We have a MPLS T1 installed at the main office. I just purchased ASA 5505 to configure site to site VPN connection. The ISP have VIP mapped with 1 block of public ip addresses.configure the asa 5505.
View 0 Replies
View Related
Jan 15, 2012
I am having trouble getting 1142 LAP to find the controller. We are running an ASA 5505 at our main campus where the 5508 is located. Each Of our distribution centers have a PIX501 and from there about 3-5 AP's each. The AP's that were primmed before instalation work great, however we need the ability to get the other ones that were already installed and not finding controller to work with out cycling them through main campus. I have opened up UDP ports 12222-12223 and 5246-5246 with no luck.
View 1 Replies
View Related
