Cisco WAN :: Microsoft Outlook Though ASA5505 Firewall

Nov 16, 2011

I have some users from another company who are visiting my company. The use outlook to access their mail. I think it is via RPC over https (ssl). When there are on my network they are unable to send messages but when the connect to an ISP directly they are able to send. I have a cisco 2821 as my internet router and an ASA5505 (8.0.5...i downgraded it from 8.2.3) as my firewall. I have not blocked anything from going out. Of note is that when other users use window live configured for gmail....which uses tls they are unable to send emails with atachements. Regular emails go though no problem. Hotmail can send atachments without a problem (there is no encrytion there). I have narrowed the issue down to how the firewall treats esmtp or tls traffic passing though it. I have already diabled inspect esmtp on the firewall.

View 2 Replies


ADVERTISEMENT

Cisco Firewall :: ASA5505 - Outlook Access For Inside Hosts

Apr 25, 2011

I am using ASA 5505 firewall with base-license. I connected my firewall to one cisco 3750 switch where i created 5 vlans. I done NATing for all vlans and they able to get internet and working fine. They able to  browse all internet sites like gmail and yahoo mail.
 
All internal users are configured to use Outlook for their webmail. Here the problem is with outlook they are unable to send and receive the mails.
 
If they directly connected their system using public ip( Directly from ISP) they able to send and receive mails from outlook.

View 2 Replies View Related

Cisco Firewall :: ASA5505 - Microsoft SQL Server And Anyconnect Remote Client VPN

Oct 29, 2012

I ve configures an asa 5505 for remote vpn with anyconnect. it works just fíne - from remote i can ping the Clients and Server inside, i can do RDP or Connect via SSH to any machine, map some volumes local and so on but: I can not connect microsoft sql server. It uses port 1433 for the first connect and establishes then a dynamic connection. So i am a Newbie  - what rules or configs do i miss?   

View 3 Replies View Related

Microsoft Office Outlook 2003 / Can't Access Email From School Computer

Aug 29, 2011

I'm an intern in an elementary school. We have here two administration computers in which I and all the teachers have access to. One of the teachers has told me that she cannot access her email (Microsoft Office Outlook 2003) from one of the computers.

View 5 Replies View Related

Cisco Firewall :: Gmail Outlook Not Working Behind ASA5520

May 17, 2013

internet is working with the client except for gmail account using outlook 2010.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 With 8.0.2 - Exchange 2007 Outlook Anywhere / OWA Users

Aug 15, 2011

We have a ASA 5510 which was running 8.0.2, we recently upgraded it to 8.2.5 and since the upgrade remote users for exchange 2007 are not able to download any large email attachments(over or close to 1MB). This is only happening to Outlook anywhere users or OWA users who are connecting to the exchange server using https(443) externally. If the same users connects internally they do not face any issue. When i check the logs on ASA i am gettings lots of RESET-O and RESET-I entries. Looks like the connection between the client and the server gets reset.

View 14 Replies View Related

Cisco Firewall :: ASA5510 - Outlook Clients Disconnect From Public Exchange?

Apr 4, 2011

We have a setup where clients on the internal network send/receive their emails through Microsoft Outlook client, while the Exchange server is hosted on the internet, outside the organization.The clients are connected to a Cisco switch, behind an ASA5510 Firewall. The Firewall is connected to an internet router, with double NAT (On the ASA and Router).

the outlook clients disconnect from the Exchange server, sometimes for hours, and then reconnect again. During these disconnections, the same client PCs are able to browse the internet normally. There are no restrictions for the traffic going from the inside to the outside. During the disconnections, if we try to connect using a public IP bypassing the ASA & router,.

View 1 Replies View Related

Cisco Firewall :: 5510 - Outlook Port Only Permit (POP3 995 / SMTP 587) With TLS Encryption

Jun 3, 2012

In Cisco ASA 5510 , outlook port only permit ( pop3 995/smtp :587) with TLS encryption. How we can do it thru ASDM .

View 1 Replies View Related

Cisco Firewall :: ASA 5510 Cannot Connect To Microsoft IAS

Apr 24, 2012

I am transitioning from a Microsoft ISA server to a Cisco ASA 5510. So far so good, until it comes to getting AAA functioning properly. I have a Microsoft IAS server that is functioning properly, however when I try to test it through the ASA's ASDM it errors out. When I run a packet trace it shows it's being blocked by the dreaded implicit ACL. The funny thing is that I can ping and traceroute to the IAS server from the ASA. I found numerous config examples for AAA using IAS, but still not working.
 
Could it possibly be behaving this way because my ASA and my IAS server are on two different internal netowrks? (172.31.1.x-ASA, 10.1.1.x-IAS)

View 1 Replies View Related

Cisco VPN :: Microsoft VPN Client To ASA 5510 Firewall?

Aug 5, 2012

We just set up the AnyConnect SSL vpn on our ASA.  I am able to establish a connection fine using the Cisco AnyConnect client.  I would like to use the native Windows VPN client though if possible. What configuration changes on either the firewall or the client I would need to make for this to happen?

View 1 Replies View Related

Cisco Firewall :: Microsoft Exchange With NLB And PAT On Asa 5510

Nov 7, 2012

i have exchange with NLB cluster.
 
i want to PAT the cluster ip to access email from outside. i know i can add the static arp entry for multicast cluster ip.
 
my question is i can add static nat command to that same cluster ip for port 25 and 443 like normal way like we do for normal PAT?

View 2 Replies View Related

Cisco Firewall :: ASA Version 8.2 (2) / Authenticate With Microsoft LDAP?

Jul 25, 2012

I am running ASA ver. 8.2(2)  and all users are configured in the ASA. This ASA is uses as a VPN ASA and we are using it for remote access for external users. When a user is logged in, he gets all parameters that are need to continue working from outside, such as, IP, assigned to special group with special permissions and so on. All the parameters that are needed are configured under  user attribute. See example below: 
  
username username1 password xxxxxx == nt-encrypted
username username1 attributes
vpn-group-policy Basic
vpn-access-hours none
vpn-simultaneous-logins 1
vpn-idle-timeout 30

[code]....            

Is it possible to live the user attributes as is and to force the users to authenticate via LDAP servers only?

View 4 Replies View Related

Cisco Firewall :: Enabling Microsoft LDAP With ASA 5520

Oct 27, 2012

I am trying to implement Microsoft LDAP server with our ASA 5520. The client is using Cisco VPN client and when I am trying to connect I am receiving the following error message:
 
"Secure VPN connection terminated locally by the client. Reason 413:User authentication failed"
 
I triggered the debug on the ASA 5520 and everything looks fine .The LDAP server is sending the right information without any error message.
  
Googled this error message and I found that I need to enable the simultaneous logins to enable. I enabled it but I got the same error message. This configuration is under remote access vpn>group-policies>General>more options.

View 64 Replies View Related

Cisco Firewall :: 5505 Rule For Allowing Computer Access Microsoft

Apr 24, 2012

I have a computer behind the ASA 5505 firewall. The computer needs to access Microsoft Activation Server. Reading some website information, I need to allow a huge list of servers that basically points to www and https traffic. Therefore, looking at this heavy requirements, I prefer to allow this computer to navigate to any https or http (www) server outside of the firewall.I have included my current asa 5505 configuration. [code]

View 3 Replies View Related

Cisco Firewall :: 65535 Make Video Conference Call Through Microsoft Office Communicator

Oct 19, 2010

my client wants to make videoconference call thorugh Microsoft Office Communicator, this should be operating between host from one site to another one, but we already configured some rules in the firewalls, and making some test I see that the videoconference use dynamic ports (1024 to 65535) and if we let to operate the videoconference we should remove all the rules in the firewall and that's not the point.

View 6 Replies View Related

Cisco Firewall :: 5060 Microsoft Office Communicator 2007 TCP UDP Ports Remote Users

Mar 11, 2012

We have a Cisco secure VPN site to site tunnel between the 2 locations.Which ports are need to open on tunnel so that users can successfully use OCS over the site to site VPN tunnel.All the users are havning the main brach AD account.Using Wireshark captured the packets, found only port TCP 5060, after allowing this port over tunnel I can see the authentication window.The user authentication fails. Already port 3389, 80, 443 are allowed.The main requirement is to only have the Chat, Group Chat and file transfer. Not require AV traffic.OCS is using TCP. no TLS is configured.

View 1 Replies View Related

Cisco Firewall :: Users Behind ASA5505 Firewall Are Unable To Access Internet

Feb 24, 2011

I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.

When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.

The ASA5505 configuration is shown below.

hostname Firewall

interface Ethernet0/0
description Connected To Internet Router
switchport access vlan 10

[Code].....

View 2 Replies View Related

Cisco Firewall :: ASA5505 Lose Configuration If Upgrade Firewall

May 17, 2011

i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.

View 2 Replies View Related

Cisco Firewall :: ASA5505 Can't Ping New Firewall On Inside Interface

Jul 14, 2011

I've recently upgraded my old firewall from a PIX to an ASA5505 and have been trying to match up the configuration settings to no avail. I have is that I can't ping the new firewall on it's inside interface, despite having "icmp permit any inside" in the running config. Secondly, the server I have on there ("Sar") can't connect out to the internet.I've included the ASA's running config incase anybody can see if something stands out. I have a feeling it's either not letting anything onto the inside interface, or there is no nat going on. Lastly (and possibly relevant), the firewall is actually going at the end of a vlan, which is different to the firewall's inside vlan number. I don't know if this is actually the problem because the server can't connect out even if connected directly into the firewall.

View 32 Replies View Related

Cisco Firewall :: Unable To Ping Internet IPs From ASA5505 Firewall

Jan 9, 2013

Internet ISP -> Juniper SRX 210 Ge-0/0/0
Juniper fe0/0/2  -> Cisco ASA 5505
Cisco ASA 5505 - >Inernal LAN switch.
 
1.  Internet  is connected to Juniper Ge0/0/0  via /30 IP.
 
2. Juniper fe0/0/2 port is configured as inet port and configured the Internal public LAN pool provided by the ISP. And this port is directly connected to  Cisco ASA 5505 E0/0. Its a /28 pool IP address. This interface is configured as outside and security level set to 0.

From Juniper SRX, am able to ping public Internet IPs (8.8.8.8).
 
Issue:

1. From ASA am unable to ping public ip configured on Juniper G0/0/0 port.(/30)
2. From ASA no other Public internet IP is pinging.
 
Troubleshooting Done so far.
 
1, Configured icmp inspection on ASA.
2. Used the packet tracer in ASA, it shows the packet is flowing outside without a drop.
3.  Allowed all services in untrust zone in bound traffic in Juniper SRX.
4. Viewed the logs when I was trying the ping 8.8.8.8 in ASA. It says "Tear down ICMP connection for faddrr **** gaddr **

View 2 Replies View Related

Cisco Firewall :: ASA5505 Firewall Rule Not Blocking

Apr 1, 2013

I'm trying to troubleshoot an ASA5505.
 
The original goal was to block "Mumble/Murmur" (a voip app) traffic, which runs on TCP/UDP 64738, both inbound and outbound, except to a certain host (63.223.117.170).
 
However, when nothing I tried seemed to make a difference, just to troubleshoot, I decided to try blocking all inbound traffic.  I first disconnected ethernet port 0/0 to ensure that it was cabled correctly and the outside interface went down when I did.  That worked as expected, so I confirmed I had the right interface and it was cabled correctly.
 
I then applied a "any any deny ip" rule as the first element in the outside interface access_list, as you can see below.  However, it appears to have had no real effect and the hit count is very low (it should be astronomical).
  
show ver 
Cisco Adaptive Security Appliance Software Version 9.0(2)
Device Manager Version 7.1(2) 
Compiled on Thu 21-Feb-13 13:10 by builders
System image file is "disk0:/asa902-k8.bin"

[Code].....

View 4 Replies View Related

Cisco Firewall :: Using IP Aliases On ASA5505

Nov 29, 2011

Is it possible to use IP "aliases" on an ASA5505 to use as static NAT public IPs to private IPs?  For example, I have int e0/0 connected to my ISP using a /30 subnet and I have my private LAN connected to e0/1 with a /24 subnet.  At the moment I can use the one usable IP from the /30 to NAT to the private LAN.  The ISP is also routing a /28 subnet to the one public IP of the ASA. I would like to use some of the /28 IPs for NAT also.  Can it be as easy as just adding the NAT commands? I figure I would have to add that subnet to the ASA somehow, no?  In other devices (including the SA520) they use a concept called IP aliases whereby you define what additional IPs the device can use in its NAT config.  Does the ASA support aliases?  Maybe I have to do something with VLANs?

View 2 Replies View Related

Cisco Firewall :: Use 1 / 2 Gb Memory With ASA5505 Only 512 Mb

Jun 15, 2011

it is possible use 1 or 2 Gb memory with ASA 5505 or only 512 Mb ?

View 3 Replies View Related

Cisco Firewall :: Routing Using ASA5505 And Pix 501?

Jun 16, 2011

I have 1 network that I'm trying to make secure, and it needs to access 2 seperate networks.   I tried using an ASA5505 that I had on the shelf to accomplish this but discovered that I had the basic license and that was prohibiting me from getting my connection to my 3rd network.  I scrapped that idea and grabbed an old pix 501 off the shelf to bring my connectivity to my 3rd network online since the 3rd network is only passing ip traffic to a small group of servers on the outside I figure the 501 should be just fine.
 
So, here's the problem I am running into:My internal network is 10.10.16.0/16, I have a new domain controller with DHCP on it handing out addresses in the 10.10.16.0/24 range.External Network 1 is 192.168.16.0/24.  The services I need from that network are primarily in 192.168.0.0 range, however there is a comcast router 75.123.123.123 (Changed of course) that provides high speed internet I need for my www traffic.External Network 2 is 10.1.1.0/16  I have about 4 servers I need to access on this network and that's it.   This network has it's own domain and DHCP controller and I've been given a range of ip's to use on this network of 10.1.3.180-10.1.3.189 My switch is just a plane jane 3com switch with minimal management so I am attempting to use my ASA5505 to handle my layer 3 routing. 
 
So here's my issue:ASA5505 (IN:10.10.16.1, OUT: 192.168.16.6):  Passes traffic to External Network 1 and to the comcast router, no problem.   All my computers on my 10.10.16.0/16 network have access to everything on 192.168.0.0/24 as well as getting full name resolution and www traffic across the comcast router.  Can NOT access 10.1.1.0/16 no matter what.  From inside the ASA or from on the inside LAN ports.  It CAN ping the PIX 501  PIX 501 (IN:10.10.16.3, OUT: 10.1.3.180)  Can ping EVERYTHING.  Can ping 192.168.0.0/24, can ping 10.10.16.0/16 and can ping 10.1.1.0/16.    Set to globally assign the other IP's in my range as addresses for outgoing traffic.Workstations (IN: 10.10.16.XXX DHCP, using 10.10.16.1 as gateway)  Can only access everything on External Network 1.  ZERO access to External Network 2. ATM I have both INSIDE and OUTSIDE ACL's wide open for both firewalls just to get connectivity going.  I will be tightening it up after it is operational.Attached find a log file (Sensetive data removed of course) that contains the sh run and sh ver for both the ASA5505 and the PIX 501.

View 1 Replies View Related

Cisco Firewall :: Asa5505 Do We Need Ios Update

Mar 14, 2013

I just got an ASA 5505 with Cisco Adaptive Security Appliance Software Version 8.0(4) alredy loaded on it.  Should I update/upgrade it to the newest IOS release, or is the 8.0(4) good and stable?

View 3 Replies View Related

Cisco Firewall :: Setup DMZ Using ASA5505?

May 3, 2012

I'd like to setup a DMZ network with the ASA5505. Do I need the "Security Plus Bundle"?

View 1 Replies View Related

Cisco Firewall :: ASA5505 With WRVS4400N On COX?

Apr 25, 2012

I've been trying to get my WRVS4400N connected to my ASA5505 on the internet through a Cox connection, but it isn't working. I cannot get the ASA to be the DHCP server for the wireless router. I've configured the wireless router as a gateway and pointed the DHCP server to the ASA but no addresses are being passed through to the wireless router. I've included a copy of my config.

ciscoasa# sh run
: Saved
:
ASA Version 8.4(2)

[Code].....

View 3 Replies View Related

Cisco Firewall :: ASA5505 With Multiple WAN IPs?

Jul 24, 2012

We are trying to utilize a 5 ip block of addresses provided by our ISP. What we have assigned from them is like this: 10.10.10.46 - 10.10.10.50 is our ip range. 10.10.10.45 is the gateway. Subnet is 255.255.255.248. If we assign 10.10.10.46 to the outside interface how do we accept inbound traffic from the other addresses?

View 6 Replies View Related

Cisco Firewall :: Can't Ping Or RDP ASA5505

Sep 4, 2012

I have Vlan 100 (inside) and Vlan 65 (Outside)I'm trying to configure RDP and ping traffic from Vlan 100 to Vlan 65 One way.If I connect 2 PCs on E0/0 and E0/1 they can happily ping the their own VLAN ip add 192.168.100.3 and 172.16.65.1I've copied my config,

ASA Version 8.4(4)1
!
names
!
object-group network A_Network
network-object 172.16.65.0 255.255.255.0

[code]....

View 9 Replies View Related

Cisco Firewall :: Configure Dmz On ASA5505

Dec 20, 2011

I have a asa 5505 Sec plus with 3vlan, inside, outside and dmz.
 
On the outside i have 5 ip's for my use, and in the dmz i have a webserver that need to communicate with one sql server on the inside.
 
The "sql" also needs to be accessible from outside and thus has a static nat with a dynamic nat so it replies from same ip as on nat ie 72.72.72.5 webserver is natted with 72.72.72.6
 
sql inside ip is 192.168.1.2, gw 192.168.1.1
webserver ip is 192.168.2.100 gw 192.168.2.1 
sec lvl on inside is 100 and on dmz 50
 
with a dynamic policy  running inside-net/24 to dmz-network/24 translagt to dmz 192.168.2.2 i can get it to ping 1 way from inside to dmz, but not the other way around...
 
All i need is to open 1 port  ie 6677 both ways for this communication to work.
 
I'm not very familiar with the CLI and do most stuf in GUI  (know i should learn CLI, but time doesnt let me)...

on access rules i have just added everything from any to any using , ip, icmp, tcp and udp just to be sure...  :-)

View 47 Replies View Related

Cisco Firewall :: DNS Redirect On ASA5505?

Feb 29, 2012

I want to make it so if a user tries to use a different DNS server the request will be redirected to the one they should be using.I thought this might work but the ASA doesn't do PB routing
 
ip access-list extended transparent_dns
permit udp any any eq 53
route-map redirect_dns permit 10
match ip address transparent_dns
set ip next-hop ip.of.your.server
route-map redirect_dns permit 20

[code]....
 
The DNS server is windows 2003?Would policy based NAT or WCCP work for this? If so how would I go about it?

View 1 Replies View Related

Cisco Firewall :: ASA5505 As LAN Router?

Nov 22, 2011

I would like to use an ASA5505 as a simple LAN-to-LAN ethernet router.  My plan is to configure two interfaces with the same security level and then use the command that allows interfaces with the same security level to communicate with each other.  I can get this to work without having to setup and ACLs or NAT stuff.

View 5 Replies View Related

Cisco Firewall :: Use Dual ISP's With ASA5505?

Oct 1, 2010

for the purpose of a redundency, incase the primary ISP goes down the backup kicks in.Can this be done with the basic license (max 3 vlans) or you need to have the security plus license. (20 vlans) Currently not using the 3rd vlan (dmz)

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved