Cisco WAN :: Configuring WAN And LAN IP In ASA 5505?
Apr 8, 2012configuring the Cisco ASA 5505 device to access my both WAN and LAN ip. LAN ip i need to configure it for web servers to face the internet.
View 11 Replies
ADVERTISEMENT
Cisco Firewall :: ASA 5505 Loss On Configuring Twice NAT
Mar 30, 2012There seems to be a large number of the subject queries in one form or another. Having acquired an asa 5505 and using 8.43 firmware and the ADSM gui for router configuration it has not been an easy transition from other products. I have come to understand embedded NAT objects for basic port forwarding but am at a loss on configuring twice nat or manual nat, not really ever dealing with it before, or in this manner.
What I would like to suggest to the experts, is to include far more ADSM web gui examples and discussion for manual nat. The tools are all there - in the nat rules editing page, the display of the rules pictorially and the packet flow at the bottom of the page (and finally thru packet tracing). What is needed is more on the actual entries on the nat editing pages and the logic and explanation of those entries. In this forum what I would like to see is when there are responses that they include both the CLI recommended entries b AND the associated adsm web gui pics. With good documents for reading and examples in the forum, I think there should be much less confusion allowing more attention to some very complex scenarios. At the very least I and others like me will get better edumecated. I am looking to understand CIsco packet routing through explanations of the web gui entries. In fact, I am learning far more by trying to understand the web gui vice simply copying and entering CLI commands. In terms of documents, for example, there should be a very thorough explanation of the relationship between "Translated Addr:" in the first NAT editing page with "Destination Inteface" in the second Advanced page .I have added the packet tracing jpegs for further context. There is an UNNAT lookup entry (first trace block, out of view on the pic) a concept which is missing in the documentation I've read that needs to be added but it is illuminating in how the router handles traffic. What is also interesting is the fourth jpeg which also shows the flow designation of a packet and its handling internally (new packet or one that is associated with an existing packet (previously identified and put in an appropriate table xlate etc)).
Cisco VPN :: Configuring ASA 5505 As Local CA Server
Feb 19, 2013Im trying to configure remote access VPN on ASA5505. I configured it as local CA server, installed digital certificate on remote station and everything looks fine as far as i can see. I'm using cisco VPN client 5.0 on remote station. when i initiate VPN session it fails while trying to connect. Looks like im missing some configuration but i cannot figure out what it is. Currently i have firewall configured to use group authentication and everything works fine. I want to switch it to use certificate authentication, and if possible, confiure firewall to use main mode instead of aggressive mode for better security.
View 4 Replies View RelatedCisco Firewall :: Best Practice For Configuring ASA 5505
Jun 6, 2011I am planning on building the configuration on my ASA 5505, and then distribute that same configuration to several places on ASA5505's.
What is the best way to do this? Screen dumps of the ASDM. Copy the running-configuration from a text file into the ASA5505. TFTP the running-config.
Cisco Firewall :: Configuring VLANs In ASA 5505 Switch
Apr 19, 2011I have 2 ASA 5505 firewalls and 1 cisco 3560 switch.
One ASA 5505 firewall and cisco 3560 switch located at SITE-A. Another ASA 5505 firewall located at SITE-B.
Below is the my connectivity:
Site-A IPSec VPN Site-B
cisco 3560 <----------------------------> ASA 5505<------------------------------------------------------------------------------------> ASA 5505
I planned to create 5 vlans in my cisco 3560 switch. these 5 vlans needs to have internet and needs to access Site-B.
I will write on dafault route to firewall in my cisco 3560 switch. Is ASA 5505 supports this scenario??? If it is then how to configure ASA 5505 firewall.
Cisco Firewall :: Configuring ASA 5505 With Base License
May 11, 2011I have ASA 5505 with base licence. I configured NATing and VPN(site to site). All are working fine.My ASA is base license so i created 2 VLANS, one is inside and outside.Inside i am using 10.91.40.0/24 serie IP addresses.Below are the new requirements that i need to configre:
1. First 30 IP addresses only needs internet directly.( Servers and Management)
2. If remaining IPs likes to use web then traffic needs to forward one proxy server( where he gives user authentiation)
Cisco Firewall :: Configuring UC-Proxy On ASA 5505 Version 8.0?
Jan 24, 2012 I'm trying to configure UC-Proxy using an ASA 5505 with software version 8.0.4.I was following the instructions in DOC-5704 and ASA 8.0 CLI.I don't have USB security tokens in UC solution, instead I'm using IP phones Cisco 7961 with MIC.I configure all the items as the documentation says but when I restart the phone outside the Firewall, the 7961 don't registrate with the Call Manager.Checking the troubleshooting I found that it's possible certificates problems but I don't know if I need to do something in phones.
I would like to know if there is any consideration when the UC proxy works just with MIC.The outside phone is a Cisco 7961 configured with static IP address and TFTP address of Call Manager (static NAT in ASA).
Cisco Security :: Configuring ASA 5505 Port Forwarding?
Apr 19, 2013I have a Cisco home rack lab which is behind my ASA 5505. I use my ASA to connect to the internet. My situation is I travel a lot for work, and I am unable to do my labbing practice. I am pretty new to ASA and would like to do a port forwarding to access my access server which is connected to my Cisco routers and switches.My network topology is this: (internet)-------(ASA 5505)----------(3550)-------(CM32 Access Server)----------(Cisco Rack) This is how I setup my remote access:
Code:
ssh 0.0.0.0 0.0.0.0 outside
Cisco Firewall :: 5505 Configuring RDP Access To Local Server
Jun 10, 2012I need configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.I have attempted to configure rdp access but it does not seem to be working for me. How to modify my current configuration to allow this? I need to allow the following IP addresses to have RDP access to my server: [code] The other server shows up as 99.89.69.334 but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. My configuration file and what are the commands i need in order to put this through. Also, if there are any bad/conflicting entries. Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course.Also the bolded lines are the modifications I made but that arent working. [code]
Cisco VPN :: Configuring L2TP IPSEC VPN On ASA 5505 / Can’t Ping Or Access Resources
May 2, 2011I’m configuring a L2TP IPSEC VPN on a 5505 asa so that windows 7 clients can natively connect. It connects correctly during Phase 1 and 2, but I can’t ping anything or access resources on the internal network. This is my first time working with an ASA.
Master# sh run
: Saved
:
ASA Version 8.2(2)
!
hostname Master
domain-name service.local
[code]....
Cisco VPN :: Configuring VPN Site To Site ASA 5505 With Contivity Nortel
Oct 17, 2012ASA is configured with the VPN site to site using the wizard, created the Public IP of contivity, local and remote LAN . I attached the configuration. In contivity have the following settings: Not able to communicate both subnets.Do I need to configure IP subnets and published in the contivity as was done in the ASA?
View 3 Replies View RelatedCisco VPN :: 5505 Configuring VPN Client To Site-to-site
Jun 3, 2013We have a Cisco ASA 5505 at our CORP location, which I have configured the Site2Site VPN to our COLO with a Juniper SRX220h, the site to site works fine, but when users access the Cisco VPN client from home, they cant ping or SSH through the Site2Site. Contacted JTAC and they said its not on their end, so I tried to contact Cisco TAC, no support. So here I am today, after for the 3 days (including Friday last week) of searching the Internet for over 6hrs a day, and trying different examples of other users. The VPN client show the secured route to 10.1.0.0. [code]
View 19 Replies View RelatedCisco VPN :: ASA 5505 / Configuring Site-to-Site VPN?
Aug 19, 2012I need to configure Site-to-Site VPN (PSK) between two offices. Both offices have ASA 5505 firewall. Office 2 ASA is going to be behind NAT router (ISP) and it's not possible to turn NAT off. There is still a static IP address. Office 1 has a static public IP address and this IP is directly configured to ASA. I'm very unfamiliar with ASA. From my understanding the NAT won't be a problem when the VPN connection is started from the device that sits behind the NAT router?
View 3 Replies View RelatedCisco Firewall :: Configuring ASA 5505 Firewall
Sep 21, 2012I am configuring a Cisco ASA 5505 firewall.In the office there is 1 x SBS 2008 server and 5 x PCs, all sat behind a Netgear DGN1000 ADSL router.We want to implement a ASA 5505 for added security.I have configured the internal interface of the Cisco ASA 5505 to be 192.168.0.1 - this is connected to local switch. The client PCs use 192.168.0.1 as their default gateway.I have configured the external ASA 5505 interface to be x.x.x.217. [code]Change the current router status from Router/Firewall/Modem to Modem only (Bridge mode). The ASA 5505 has its outside interface connected into one of the LAN ports of the netgear. The lan port has an IP of 192.168.0.254.
View 3 Replies View RelatedCisco VPN :: Configuring Two ASA 5505 For Site To Site?
Aug 21, 2011I am having some issues configuring two ASA's for Site to Site. When I do a L2Lsite2# show crypto isakmp sa
There are no isakmp sas L2Lsite2# show crypto ipsec sa
There are no ipsec sas
If I am on side L2Lsite1 I cannot ping 192.168.3.1 Will repost configs later.
Cisco VPN :: Configuring VPN On A 870?
May 30, 2011if I can configure a VPN on a Cisco 870 - CISCO877 V06.I either want to confiugure this as a VPN server or for it to forward PPTP traffic to a server based with the network.
View 1 Replies View RelatedCisco :: Configuring Dynamic NAT?
Feb 23, 2011having some trouble with configuring dynamic NAT
View 15 Replies View RelatedCisco :: Pbl With GNS3 In Configuring RIP
Feb 19, 2013I'm using GNS3 in order to revise CCNA, the RIP part But I don't know why, i'v got a pbl with the routage table, especially with the metric which is wrong I don't understand wy the metric is always 1, because it should be 2 or 3 according to the network.
View 5 Replies View RelatedCisco WAN :: Configuring WRVS4400N For AT&T DSL?
Sep 13, 2011configure my Cisco WRVS4400N wireless router for AT&T dsl.
View 0 Replies View RelatedCisco Firewall :: Configuring NAT In 8.3 Using DMZ 2
Sep 26, 2011We have a requirement where we need to enable a dynamic NAT from DMZ-1 to Inside, I gave the command below, but for some reason it does not work.nat (DMZ-2,Inside) source dynamic any interface,NOTE: The access-list is permitting all the traffic from DMZ-1 and Inside (for test)
View 1 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.3 Configuring 802.1x
Jan 17, 2012Trying to configure 802.1x with ACS 5.3, have some general doubts about how to make it, this is what I got for the moment:
ACS 5.3 = 192.168.240.28
AD = 192.168.251.97
Switch = 192.168.240.171
IOS device config Already configured and running Device Administration using Tacacs, mising with Radius aaa commands:
aaa group server tacacs+ TACACS_PLUS
server 192.168.240.28
!
aaa group server radius RADIUS_1x
[Code]......
Cisco 5508 WLC - Configuring DNS
Aug 22, 2011Does anyone know if it is possible to use an 5508 WLC running version 7.0.116.0 as a DNS box? Was not able to find anything in the config guide.
View 2 Replies View RelatedCisco WAN :: Configuring BGP With 2811
Nov 2, 2011I have BGP router 2811. Want to configure BGP on it with two ISPs. How can i configure it?
View 1 Replies View RelatedCisco :: Configuring GLBP On Router?
Mar 30, 2012We have 7200 router on which two links from different ISPs are terminated. Right now one link is primary and the second one is redundant.Now we have procured our own IPs and plan to run BGP with both the service provider. Can we configure GLBP on the router so that both the links can be simultaneously used and when one goes down the other takes the full load.
View 2 Replies View RelatedCisco :: Configuring 2960 For VoIP?
Mar 26, 2012We just purchased cisco 2960 for our VoIP needs and we are using polycom phones, and Phone and Computer will use same port. Since Polycom phones are capable working with CDP protocol and we are hoping to get another switch to expand VoIP network. I found easiest way of setting up each port is as following (from the cisco tutorial)
Switch#configure terminal
Switch(config)#mls qos
Switch(config)#interface fastethernet 0/1
Switch(config-if)#mls qos trust cos
Switch(config-if)#switchport voice vlan dot1p
Switch(config-if)#switchport voice vlan 10
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#exit
My first question,when we are using switchport voice vlan dot1p ,I thought we instruct the switch port to use 802.1P priority tagging for voice traffic and to use the default native VLAN (VLAN 0) to carry all traffic.Do I still need to create a Vlan 20 for data and Vlan 10 for voice ?
Secondly,same tutorial adds these commands as well,Do you think for our set up, using those commands are feasible ?
Switch(config-if)#switchport priority extend trust
Switch(config-if)#priority-queue out
Switch(config-if)#spanning-tree portfast
Switch(config-if)#spanning-tree bpduguard enable
Switch(config-if)#exit
Thirdly,when we get another switch and do the same configuration for the second switch, can I use any port on Switch 1 as uplink without doing any configuration ?
Cisco :: Configuring Static Routing
Jul 30, 2012Configuring static routing, how can i get a ping to go through a diff. route depending which host pinged? I want to ping host B from host A. Host A is connected to router1, which is connected to 2 other routers, router2 and router3. On the other end, routers 2 & 3 meet router4. Like a diamond topology. So basically routers 2 & 3 lead to the same place, router4, which is connected to host B. I need to configure static routing so that when I ping host B from A, both ping request and ping reply go through router1, 2, 4, host B, and back. THEN the part I dont understand, doing it the other way around: When I ping host A from host B, how can I get both ping request and ping reply to go through router4, THEN THROUGH ROUTER 3, then router1, then A, and back again to host B?
View 3 Replies View RelatedCisco :: Configuring RADIUS Server For It?
Jan 25, 2012Does anyone have or know of a tried and true method of configuring a Windows Server 2008 box to provide authentication/accounting services for Cisco devices. I've read a few websites already and a lot of them seem to be geared toward VPN and some of the settings each site goes through are different.I've got NPS installed and a RADIUS client configured with the shared key. Right now I'm in the process of creating the Network Policy which only allows a Windows "admin" group to log in. Curious about the "Constraints" section where the NAS Port Type is selected and the "Settings" section where the service-type and vendor specific options are configured.
View 18 Replies View RelatedCisco :: Configuring All MEC Links On 6500 VSS
Jul 13, 2012I will be configuring all the MEC links on my 6500 VSS chassis tomorrow morning and one thing I am a bit confused about.According to the best practices guide they suggest you configure all etherchannels trunks to be in desirable mode. All the trunks are using LACP active - active right now but that's only to one chassis.Should I change all my MEC etherchannel trunks to desirable mode or just leave them active-active?
View 6 Replies View RelatedCisco :: Configuring ACLs For HSRP
Feb 13, 2013I'm screwing around with HSRP running between two L3 interfaces of routers. I placed an inbound and outbound ACL on the same interface on both of these routers specifying to "permit ip any host 224.0.0.2" Why am I only seeing counters ticking for the inbound ACL of both of these routers? Is it an order of operations thing?
View 3 Replies View RelatedConfiguring Cisco Aironet 3500?
Jan 5, 2013We are planning to implement Aironet 3500, Do we need to have controller to install it or can we install as standlone AP.
View 1 Replies View RelatedCisco WAN :: Configuring 861 NAT With Multiple Public IPs
Jan 20, 2012I've replaced my dead ASA5505 with a 861-K9.Our ISP provides a subnet of public address /29 (wan side) by example: 200.200.200.xxx /29,we have 3 servers (lan side) in the example 10.1.1.xxx /24 is the same case than Johnatan, the only difference are the public addresses. [URL], everything is ok when NAT via the FE4 public address, but when do the same with other public IPs doesn't work.
View 7 Replies View RelatedCisco Application :: Configuring IP SLA On 2900?
Jan 9, 2013I am having two sites, at one site the ISP is terminated on 2900 Router and at one site ISP is terminated on 3500 L3 Switch. Now need to configure the IP SLA on this. In the current setup I am having two 2900 routers at one location and 3500 L3 switches which by point to point link.
View 1 Replies View RelatedCisco VPN :: Configuring In 1721 Router?
Nov 19, 2012configuring VPN in my cisco 1721 router to connect in vpn client
I have the public IPs.