Cisco :: Want To Setup A ASA5505 To Comcast Home Mode?Feb 5, 2013
New to Cisco but learning some. Needing to know what I should code into CLI on my ASA5505 to make it work with comcast modem which uses DHCP for it's addressing from Comcast proper.
New to Cisco but learning some. Needing to know what I should code into CLI on my ASA5505 to make it work with comcast modem which uses DHCP for it's addressing from Comcast proper.
I sometimes am forced to use my computer at work to set-up wireless networks for employees who move into temporary apartments. Now every time I am at my home, my computer, ipad, and iphone keep redirecting to comcast home activation page. The problem is the home activation page that comes up is for one of the apartments I set-up for my employer. It seems to be stuck on the final steps of this other persons comcast set-up and I cant get it to go away. I have a Linksys router with a secure network. It shows I am connected to my network, but when I try to get on-line it send me right back to Comcast activation page for someone elses account. Countless calls to Comcast have gotten me know where. Since the final steps of the comcast activation involve downloading desk top software, and the ipad will not let you download desktop software even into dropbox. It has made my ipad useless when I'm at home.View 2 Replies View Related
I have been using my Sony Locationfree tv with Direct TV and now have Comcast and it doesn't work. The installer said i have to change the tv setting to channel 3, but i haven't been able to program the remote he gave me. I thought the device was just a wireless monitor, so i don't see how it has a channel to changeView 1 Replies View Related
We have purchased Comcast fiber EDI services. They run a fiber to our office and connect to a Ciena 3930 switch. The speed we have is 30 down and use for Internet. Comcast provide a /30 and /29 address. Do I need an additional router to route /30 to /29? I only have a PIX firewall.View 5 Replies View Related
We have kids in the house and I'd like to limit their internet access to certain times of the day but because of the great amount of devices they use (phones, tablets, laptops, etc.) the only way I could think of doing that easily was to set up two wireless networks: one that the adults could use 24/7 and the other that the kids could access during certain set hours.
Here's the equipment I'm working with:
DLink DIR 615 wireless router
DLink DIR 515 wireless router
Motorola Surfboard cable modem S85101U
I plugged the DLink 615 in, set it up for DHCP client and plugged it into the cable modem. I lef the default 192.168.0.1 IP address for the device. On that router, I also reserved the 192.168.0.199 IP address and assigned it to the DLink 515.I also gave the DLink 515 device the IP 192.168.1.1 so I could administer it.I set the DLink 515 to static IP and made the IP 192.168.0.199 and the default gateway 192.168.0.1.I plugged the DLink 515 into one of the LAN ports in the DLink 615.I set a schedule on the DLink 615 to shut down internet access to the DLink 515 at a certain hour and turn it back on at another time.Everything seems to work ok, but at least once a day we have to unplug and plug the routers to reset them.
Is it possible to configure bridge mode in asa 5505 if it is can u provide me a config.View 1 Replies View Related
I've ended up in rommon mode on my new"old" RMA'ed ASA5505, and I'm stuck there, I'v tried to erase Disk0 and all that, and tftp'ed a new image into the box, but when booting I get the message :
INFO: Unable to read firewall mode from flash
WARNING: Unable to write firewall mode to flash, this is normal if flash is not formatted
Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
This activattion key is invalid, use default settings only
i2c_write_byte_w_suspend() error, slot = 0x0, device = 0x40, address = 26 byte count =1. Reason: I2C_UNPOPULATED_ERROR
I have a cisco ASA5505 configured in transparent mode. This evening we attempted to plug a couple of new servers in but they simply didnt work, despite our test server working absolutely fine. The server IP's are all in a network object group (the same as the test server) and they're all using the same ACLs etc. I'm relatively new to configuring cisco equipment.
the only thing I can think of is a static route I had to add to get the managemet IP to work might be causing problems.route outside 0.0.0.0 0.0.0.0 XX.XXX.132.1 1(IP addresses obfuscated- servers are all in the same range so assume XX.XXX is the same across all IP's).
Currently, I have in a number of remote sites (with dynamic public address) a C800.On this Cisco, I have a config for initiating an agressive-mode tunnel to a central ASA.relevant part of the config:
crypto isakmp policy 10
crypto isakmp peer address 18.104.22.168
Now I need to replace these C800 by ASA5505. But I don't know how to replace the "crypto isakmp peer address" command in ASA.The C800 transmits both the password (abcdefg in my example) and the fqdn (remotesite1 in the example). how to configure the ASA to build the tunnel the way the C800 did?
I have a cisco asa 5505 firewall, and I have a normal home ADSL broadband router, the router currently connects via wireless to my pc.What I would like to do is basically connect the asa to my pc, then my router to my firewall.what the best thing to do here, run the aa in transparent mode, OR routed mode and do NAT on the firewall to the private ip address range of my router.
OR, would it be possible to get the outside interface of my asa to get DHCP from my broadband router so it will use a 192.168.1.x address on the outside, and then turn NAT off?
I'd like to setup a DMZ network with the ASA5505. Do I need the "Security Plus Bundle"?View 1 Replies View Related
I have a Any Connect setup and able to VPN into my office.i bought a ASA5505-SW-UL that is unlimited user (UL) software license but now the vendor tells me that: From the ASA you can saw the unlimited license is for inside hosts, instead VPN client's, by default, ASA 5505 included only 2 VPN client's and can supported up to 25 VPN client's, your license look only default 2 VPN client's. If need more VPN client's connect, you have to purchase the additional VPN client's license. I am just wondering his statement TRUE/FALSE, because i thought ASA5505-SW-UL means unlimited licenseView 4 Replies View Related
I want to set up our ASA5505 firewall to allow access from the Cisco VPN Client software.I have nstalled the client software then tried using the VPN wizard to set up the connection without success, I am running Windows 7 32 bit and Cisco client 5.0.03.0530. [code]View 22 Replies View Related
I have just purchased and setup a vpn on my ASA5505 and now I wish to setup a Windows VPN client to use it. Does CISCO have any free vpn clients for Windows?I tried to download a client from the CISCO downloads area, but it's for some kind of purchase agreement. I would have thought that the vpn client was free to download given my ASA comes with two free vpn licenses.View 5 Replies View Related
I'm trying to setup a VPN connection for the two PC's in the graphic below. I have the link between the two locations setup and secured, now I just working with the routing elements.what I need to add to the firewall config in order to get this to work? Here is what I have:
SITE A------access-list mpls_vpn_sitea extended permit ip host 22.214.171.124 host 126.96.36.199 access-list mpls_vpn_sitea extended permit ip TEST-LOCAL 255.255.255.0 TEST-REMOTE 255.255.255.0crypto map mpls_vpn 1 match address mpls_vpn_siteacrypto map mpls_vpn 1 set peer 188.8.131.52 crypto map mpls_vpn 1 set transform-set ESP-3DES-SHAcrypto map mpls_vpn interface MPLScrypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
SITE B------access-list mpls_vpn_siteb extended permit ip host 184.108.40.206 host 220.127.116.11 access-list mpls_vpn_siteb extended permit ip TEST-LOCAL 255.255.255.0 TEST-REMOTE 255.255.255.0crypto map mpls_vpn 1 match address mpls_vpn_sitebcrypto map mpls_vpn 1 set peer 18.104.22.168 crypto map mpls_vpn 1 set transform-set ESP-3DES-SHAcrypto map mpls_vpn interface MPLScrypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
do I need to specify a route between the two networks? What do I need to have for NAT statements?
I have an ASA 5505 with Base license and a vpn client. The scenario is like this: LAN -- ASA 5505 -- ISP DSL Router---( Internet ) -- Home DSL Router --- LAN -- VPN CLient, The ISP DSL Router gets a public IP address and the ASA gets a private IP address (ISP DSL router doing NAT) and I cant reach the internet with no problem from the LAN´s ASA side but I cant make the vpn tunnel connection from the LAN´s Home side so I told the provider to bridge the ISP DSL Router, to the ASA so the ASA could get the public IP but in order to do that the provider told me to do MAC clonning on the ASA 5505 which I did putting the ISP DSL Router MAC on the ASA. Now the ASA gets the public IP on the outside vlan by DHCP but when I try to make the VPN tunnel I just cannt. I can reach the public IP by ping on the ASA and I can see the pings coming in using debug but I just cant make the vpn client work.View 2 Replies View Related
I have been asked to install a ASA5505 on a home network. The home network has a home broadband connection which the ISP provider supplies with an IP address. This is only for 6 weeks until the new line comes in. I know this is going to cause problems but we have no choice but to impletment this.
My questions are below.
1, We have a home hub supplied by the ISP which is configured by an IP address which is NOT static. Can we not use the ASA 5505 instead. I know that if our ISP change the IP address we have to change the IP address on the 5505.
2, Will we be able to use the home network broadband to create a secure connection?
I've tried to get my head around this but beeing used to Juniper and Watchguard devices I just can't get my home webserver published to the outside interface.I have a ASA5505 with ASA version 8.4 and ASDM version 6.4 and the basic license.
Outside interface is X.X.X.32/255.255.255.248 so I have 5 static IP:s on my external interface, .34 is in use for the outside interface.
I have a webserver in DMZ located at 10.0.0.253 and would like to publish it to the external IP X.X.X.35.I've tried to make the static NAT but every time I do either nothing goes in or out of the DMZ zone or you can't access the webserver from the outside interface.Right now I deleted all trials since none of them work so only the basic config is applied. Everything get's NAT:ed to the external interface .34 IP.
I am connecting to a ASA5505 at from home to the head-office using L2TP VPN.
Head-office then has a connection to other-office via a site-to-site IPSEC tunnel.
When in the head-office (192.168.100.0/24) I can ping/access remote-office (192.168.200.0/24) OK.
When connected remotely to head-office, I can ping/access head-office OK from the road-warrior laptop.
My problem is that when connected remotely from home to the head-office I cannot ping/access the other-office subnet.
On the home laptop the L2TP VPN connection is set to route all traffic to the VPN connection using the HQ as the internet gateway I can confirm this works.
I cant do traceroute (I get timeouts) as my policy doesnt allow and not sure how to enable this properly on the ASA.
name 192.168.200.0 othersite
I just joined this company and they already ad a VPN to one of their partners that provides them access to some resources. We have now added a 2nd location but the partner wouldnt allow a 2nd VPN tunnel so the decision was made to give the new location a ASA5505 to tunnel thru the main office to access the resources at the partners site.Using ASDM i believe i was able to setup the tunnel to the main office but there is no resource there to use. Now i'm stuck and i do not know what to do to get to the partner siteView 4 Replies View Related
I have setup a Remote access VPN on my ASA5505 firewall through the ASDM wizard.I can successfully connect with the Cisco VPN client. My firewall also shows me the VPN session and shows incoming Rx packets. However, Tx packets remain 0, so no traffic is going out. My ASA5505 is configured as router on a stick with 25 different VLAN's. I want to restrict traffic to one specific VLAN using a crypto map.When I issue a ping -t command on my connected Windows box, the firewall log shows me the following message:
"IKE Initiator unable to find policy: Intf outside, Src: 10.7.11.18, Dst: 172.16.1.1."
"This message indicates that the IPSec fast path processed a packet that triggered IKE, but IKE's policy lookup failed. This error could be timing related. The ACLs that triggered IKE might have been deleted before IKE processed the initiation request. This problem will most likely correct itself." [code] I have really no idea what's going on. I have setup a Remote access VPN countless times but this time it shows me the error as described above.
My first time programming a Cisco ASA - Anyways I''m trying to setup up Ethernet 0/6 to be a DMZ Connection When I add port 0/6 to DMZ it gives me an error saying "The IP Address X.X.X.X /Subnet Mask cannot overlap the subnet of interface outside"So my question is I have an outside connection already configured - How can I make a DMZ connection with the same subnet mask with a different IP?View 1 Replies View Related
I have a Time Warner Cable business class service with no static IP, with a wireless modem which is plugged to a CAT5 distribution panel. On the jacks (2 other rooms on the house) I have a Linksys E3000 and a Linksys Valet router for signal boost and gadgets usage (TV, cameras, etc).The main router (TWC) has it's own external IP which TWC assigns to me and internally distributes via DHCP the range 192.168.0.x. With that said:
- The E3000 has a 192.168.0.6 IP -- this is fixed setup on the TWC router (ubee brand) by MAC address
- The Valet has a 192.168.0.7 IP -- this is fixed setup on the TWC router (ubee brand) by MAC address
- The main router has the 192.168.0.1 as the gateway and web-interface
Whenever I connect something to the E3000, it is distributing the 192.168.1.x range and the valet 192.168.2.x range.That works perfectly for my home based business until I decided to use more stuff on the network such as a IP printer, IP cameras, etc.
- The IP cameras are connected to the E3000 due to signal strength and I have manually assigned them the 192.168.1.15 and 192.168.1.16 IPs and ports 9001 and 9002.
- The printer is connected to the E3000 and I have manually assigned the IP 192.168.1.30.
Issue 1: Port forwarding On the main router (TWC - UBEE) I have tried to setup a port forwarding by informing the Local IP as 192.168.0.6 (E3000 IP), Internal Port 0, Public Interface IP (0.0.0.0), Ext Start Port 9001, Ext End Port 9001, Protocol - Both, Enabled Yes. On the E3000 I did the same config (screen shot attached e3000.png).This is not working properly. I can't get into the camera.
Issue 2: Printer/ The printer is only accessible if I connect to the E3000 (because it is on the 192.168.1.x network)
Issue 3: How to configure all the devices on the same subnet? If I want everyone to be on the 192.168.0.x network, how to configure properly the E3000 and the Valet? I have tried to force them into the same network but it would not work properly. It would not get an IP from the UBEE router (main).
i need to configure a ASA 5505 in transparent mode.learned from Internet, my configuration is :
int e0/0 --- vlan 1---->nameif outside
int e0/4 --- vlan 2------> nameif inside
gloable ip is 172.17.104.10 255.255.255.0
http server enable
http 172.17.104.0 255.255.255.0 inside
when i connect the outside interface to one PC with ip addr 172.17.104.194 my PC connect to inside interface with ip 172.17.104.249 cannot ping each other even when i set rules as permit any any on both direction
I have 3 WAP200 wireless-G access points. I have one set up as an AP the other two are set up as repeaters to the main AP.
My question is Do I need a lan connection to each repeater ?
also, do I need to create SSIDs for all three? & if so, do they need to be the same?
I turned it on for bridging and it did not auto setup wireless so i need to turn off WPS but my wireless option page is now blank. I rebooted, reset the DAP but still no manual config option. I found I could configure it if I switched it to AP mode but still cannot setup from bridge mode. According to manual a reset does not turn off WPS so what is the answer?View 1 Replies View Related
how do I setup an enable password for an ASA 5510? At the moment its setup to authenticate using RADIUS (which I'd like to keep doing) but I need to setup an enable mode password.View 3 Replies View Related
when I try to connect a laptop to the wi fi it won't connect because the connection has changed from home network to public and sometimes unidentified network . I can get it connected by momentarily unplugging the router and rebooting it , then pressing connect button and it will revert to home network and things are ok . It is a netgear DGN1000 and I tried another router same make and model, same problem. I use an ethernet cable on my desktop no problems.there's 3 laptops come in to occasional use and it's happened to them all . My early attempt was microsoft's fix for sticking in public mode . It is windows 7 pro on the laptops , ultimate on desktop?View 4 Replies View Related
I am trying to have a setup where the AP running in autonomous mode also act dhcp server for the wireless clients.The only thing is that the vlan is switched across to the wired network.
So basically i am having 2 vlans, one for mgmt and other for data (for wireless clients) and both vlans are trunked to the switch.
I have two 5504 Controller. Original Liceses 100 per Controller. At the beginning the Controllers were running standalone as a Primary and secondary in a Mobility domain. Now they are running in a HA Pairing mode. One Controller as the Primary an the second as the Standby in the redundancy HA SKU mode. The first step SSO disable is done.
how setup back the HA SKU Standby-Controller to get again the 100 licenses?
I need to setup an ASA 5525 in Active/Standby failover mode. I am setting up the ASA for a company that purchased only one public IP address. The public IP address is assigned to the outside interface. My question is will failover work correctly if I don't use a secondary IP address on the failover configuration on the outside interface?View 4 Replies View Related
How to setup WRT54G in router modeView 9 Replies View Related
I just bought an E2500. Wanted to set it up in bridge mode. I can't seem to find any way of doing this.Cisco Knowledge Base article # 4194 shows what I am attempting to do.View 1 Replies View Related
I can not even get in to management mode. In next program that just keeps trying to auto repair the connection and never displays any radio button option the direction state like "advanced settings".At the very least your PDF should match your user friendly **bleep** ware!The instructions even refer to itself wrong! It states "for manual set up go use browser connection section" then in that section it describes an auto set up and instructs you to follow the set up steps on the CD.View 7 Replies View Related
how to setup a home network with two pc direcView 1 Replies View Related
I host a minecraft server for my friends, but I always have to give them my ip every time because my ip changes everyday, and that is really annoying.View 11 Replies View Related
I'm using Linksys WAG200G Wireless modem and connection mode is "Bridge Mode Only", in this mode I'm not getting the 192.168.1.1 setup console and Wifi facility.View 3 Replies View Related
Is blocking echo request to prevent ping sweep the same as having a firewall in stealth mode? And how could someone ping sweep from outside if you had a firewall at all?View 3 Replies View Related
I have a router supplied by my ISP, Verizon[a g-router] using with 2 desktop and 2 laptop computers. All but 1 laptop are still running XP.So far I have not tried to print over the network. The printer is connected to the desktop that is also wired to the router.how to setup printing across this wireless network. Must I setup another internal home network in order to do wireless printing?View 1 Replies View Related
I have a SMC Rogers router and need to extend the range due to dead spots in house. I have purchased a D-Link N300 dir-615 router . can i just hook it to the eathernet lines I have on the second floor to extend range of the wireless network? How do I set it up IP address for best results? concerned that 2 IP addresses would not work at same time??View 1 Replies View Related
I'm trying to set up my home network with two routers. One as the LAN router and the other as the access point. I have a really nice router and an older router, I'll just leave it at that. One router will be connected to the modem, the other in my game room for the wireless access point. I want to use the nicer, newer router as the LAN router or the wireless access point?View 1 Replies View Related
How would I go about setting up a network at my house. I have two desktops and a netbook all hooked to a switch and the switch to the router.View 2 Replies View Related
is it possible to setup 3 x xbox 360's in a home network, 1 is mine, connected to live, the other 2 are for the kids but i just want to setup local network gaming with the kids but also so they cannot connect to live account as they still young. i'm looking to run game on mine and stream / share a multiplayer game with the kids but restrict their internet access?View 2 Replies View Related
I am trying to set up a wireless network within my home, i have a external hard drive and was wondering can i connect this to my internet router to make it accessible in order to stream music and movies from the hard drive. there is no ethernet port on the hard drive but seen a usb to ethernet adapter is this all that would be needed?View 1 Replies View Related