Cisco WAN :: Can't Find Way To Change Ip Nat Rule And Use Same 110 ACL
Nov 19, 2012
so I have my router that's connected to outside world (internet) and it's also connected to my company.I want to create a nat rule that basically says when I go to my company don't nat but when I go on the internet nat.now I do this with this statement [code] I want to do the same thing but this time with this rule. ip nat inside source static tcp 10.181.20.84 22 interface FastEthernet4 2222 this rule doen't work from the company to my router but it works from the internet to my router...
I just can't find the way to change this ip nat rule and use my same 110 ACL.basically with this last rule when I try to connect to my router from the company it tries to nat it back to the ip of the router interface ... it should not nat when I go from the company but nat when I connect from the outside internet.
Regarding our international subsidiaries there are many names that contain the character "-" (i.e. Pierre-Pascal)When trying to create an new Guest Account the ISE refuses it because of an invalid character in the "First Name" field.In other formular fields i.e. Email Address - the character "-" is allowed.Is it possible to change the rule which checks the fields for illegal characters? (Is it a Bug?)
I accidentally setup two schedule rules both with the name of "Log". When I highlight either rule, and try to delete either, I get error "The rule is being used by another rule and cannot be deleted" How do I delete?
How do i find the network or security key? how do i work this thing? ive tried for 2 days on my own just not quite sure how it all goes.ive heard others say that sometimes the key codes are printed on the backs of the routers? is this true? if so, would it be under another name?
Le Pan 2 tablet keeps trying to "obtain IP address." I have a dlink 655 router. I've removed the password from the router. Rarely will the tablet connect.
This is for a E1000 model router.I recently downloaded Cisco Connect. It wants my router name and password. I don't know the password. How can I find the password or change it? The password might still be the default, but "admin" does not work.
Here is the setup : site 2 site ipsec pix 515 as the server (static ip) Cisco 1841 (dhcp client)
ezvpn client works fine for normal users that want to just authenticate with the Cisco vpn client. i have a site 2 site setup from the pix to my house, the connection is "up" on both ends, i see phase2 initiate under the pix logs . try to ping nothing happens, even drop down the byte size and the DF bit (aka ping xxx.xxx.xxx.xxx -l 100 -f ) ping to the next routed interface hop and i get "no translation group found for icmp src outside: xxx.xxx.xxx.xxx <--- my internal network dst inside xxx.xxx.xxx.xxx <---- pix internal network .
we have a RV082 and have the DMZ option enable for a range of IPs within the same subnet of WAN IP and this works great. I have another range of Public IPs from our ISP that is not in the same subnet of the WAN IP and do not see a way on the RV082 to include this 2nd bank of Public IPs in the DMZ. Our ISP internet feed plugs into the RV082 WAN port and we have a switch pulgged into the DMZ port of the RV082 that is used to connect the public devices in the current DMZ. Both banks of Public IPs from our ISP come over via the ISP internet feed plugged into the WAN Port. My question is, if I cannot configure a DMZ rule to allow this 2nd range of Public IPs to "travel" to the RV082 DMZ port.
Is it possible to have email notification when a rule is hit on the ACS(5.1)?
Ive had a look around and cannot see any options, the server team seem to think its not possible to have this triggered from AD either on a side note, where are the SMTP settings on the ACS?
ASA 5510 running without issues for a while but we needed extra port so added a 4GE SSM.
Having installed the 4GE SSM we had some issues with the card not liking a connection to our switches and only working by plugging directly from the server into the firewall, not great as we wanted extra servers on the line in the future. So we upgraded the firmware and no are at an impasse.
We have upgraded to 8.0(4)3 and now we cannot get any traffic through the port, we can't even connect to an external DNS server. Running a packet trace I get an immediate error on the first step '(l2_acl) FP L2 rule drop', and it appears as though the outside connection is down.
I have some experience on setting up basic port forwarding and NAT for internet access, webservers, mail but this has thrown me.
Our external security department needs to scan, every three months, a computer behind the firewall. I need to create a simple NAT rule that will allow an ip address or subnet to the computers behind the ASA 5505. At the moment, we have a simple NAT rule which allow all network traffic to exit from inside to outside.
Let's say I want to NAT 2.2.2.2 & 2.2.2.3 on wan interface to 192.168.1.1 on DMZ. I tried to add the static NAT with ASDM but got the following error:"The modified Static NAT Rule cannot be configured, as it overlaps with following existing rules"
I just installed a new ACS 5.1 to authenticate wireless PEAP users, so I created an Access policy "WirelessUsers" with identity store being Windows Active directory and all domain users are selected, and create a service rule that dictates that if the authentication protocol is radius, network device belongs to WLC device group, the result service will be "WirelessUsers", so this part worked perfectely, all domain users are able to gain wireless access via their DOMAIN/usernames and domain passwords. Now I want ACS local indentity store users (those local usernames can be the same or different from their AD usernames) to be able to manage those controllers, so I created another access policy "DeviceAdminUsers" with identity store being local users, another service rule which says that if the authentication protocol is radius, network device belongs to WLC device group, the result service will be "DeviceAdminUsers". The problem is that with the setup, whenenve when I try to SSH to WLC, ACS always put me in "WirelessUsers" access policy, even the login name does not have DOMAIN pre-pended or the login name simly does not exist in AD. if I put the second rule in front of first rule, I am able to authenticate with ACS local username/password and gain access to WLC, but wireless users will fail to authenticate, because ACS is trying to put regular wiress users in "DeviceAdminUsers" access policy. I would expect if username does not exist in AD, ACS should proceed with next rule. Similar requirement was easily achieved in ACS 3.3.
I have an asa 5505 and I would like to adding a new rule for a network, however it was added, it seems it would be inactive. I have two inside network,192.168.12.0/24 (name: lanA) and 192.168.99.0/24. (name: lanB) I have the following in the running-config:
access-list lanB_acl line 1 extended permit ip 192.168.99.0 255.255.255.0 any access-group lanB_acl in interface lanB_interface
But when I tried to reach a host in the lanA, the packets are dropped. I configure the asdm, which shows this on the LanB interface:
1 lanB_network | any | ip | permit (hits 344) 2 any | any | ip | deny
and I checked the packet tracer with: tcp, source: 192.168.99.57:10460 dest: 192.168.12.2:443 and it shows that the packet has been dropped by the last 2. 'implicit any any ip deny' rule, in spite of my access-list rule (access-list lanB_acl line 1 extended permit ip 192.168.99.0 255.255.255.0 any) preceded it, and active.
The lanB and lanA interfaces are the same security level 100, and I can reach the outside/internet from 192.168.99.57 Is it possible that I have to reload the rules or something like in order to apply? Or I missconfigured something?
I am creating access rule on a ASA5520 running ASA 8.2 (1) and ASDM 6.2(1) and found that the GUI has less option then when creating access rule on a ASA5505 running ASA 7.2 (3) and ASDM 5.2(3) (see attachment). Is there an option that enables me to get the same configuration options on the ASA5520 running ASA 8.2 (1) and ASDM 6.2(1) as I have on the ASA5505 running ASA 7.2 (3) and ASDM 5.2(3).
i have a Cisco Rv082 with Firmware v4.0.4.02-tm (Jul 4 2011 13:30:56)I have configure WAN1 with a public IP and netmask 255.255.255.252. (Only one public IP in use) Internally the LAN is a 192.168.169.0/255.255.255.0.I need to add some rules like
Service: HTTP Interface: WAN1 From: ANY To: 192.168.169.2
But after rule configured the connection still not working, it only works when I add a port forwarding.For HTTP maybe port forwarding is OK, but other services I need to grant access to a specific public IP address, not to everyone. So I need the Firewall rule, but is not working, it always block the request. [code]
i am trying to find out if it is possible to have a translation rule fail over to a second server if the primary is down on my cisco pix515e.so for instance having an external ip address of 82.x.x.x mapped to an internal ip of 10.x.x.1
If 10.x.x.1 is down then 82.x.x.x should be mapped to 10.x.x.2.The reason i am asking this is i also have 2 css11501 load balancers and would like to have our staging servers primarily sat on one with secondary connectioin to second, production on the other failing over to each other if one is down. The load balancers will be connected to different ports on the same firewall.
I picked up an RVS4000 V2 and configured a rule to forward a Magic Packet to an internal system to wake it from a sleep state. Everything was working fine until I update the firmware to v2.0.3.2. I know it's not the the computer as I can wake it from Sleep internally without any problems. One thing I noticed is that the static IP for the computer in Sleep state gets lost in the ARP/RARP Table though the NIC is configured to respond to ARP requests in Sleep.
Has anything changed in v2.0.3.2 that requires a different configuration to get Wake on Lan working externally?
My Setup is
Computer P8Z68 Deluxe/Gen3 onboard Intel 82579V NIC Wake on Magic Packet: ON Respond to ARP/NS requests without waking system: ON RVS4000 V2 (v2.0.3.2) Mode: Gateway
I have a PIX with 600 active access rules but many rules arent't in use. A lot of the rules aren't necessary anymore but I don't know what they are. How to know what rules are working?
