New to Cisco but learning some. Needing to know what I should code into CLI on my ASA5505 to make it work with comcast modem which uses DHCP for it's addressing from Comcast proper.
View 2 RepliesI sometimes am forced to use my computer at work to set-up wireless networks for employees who move into temporary apartments. Now every time I am at my home, my computer, ipad, and iphone keep redirecting to comcast home activation page. The problem is the home activation page that comes up is for one of the apartments I set-up for my employer. It seems to be stuck on the final steps of this other persons comcast set-up and I cant get it to go away. I have a Linksys router with a secure network. It shows I am connected to my network, but when I try to get on-line it send me right back to Comcast activation page for someone elses account. Countless calls to Comcast have gotten me know where. Since the final steps of the comcast activation involve downloading desk top software, and the ipad will not let you download desktop software even into dropbox. It has made my ipad useless when I'm at home.
View 2 Replies View RelatedI have been using my Sony Locationfree tv with Direct TV and now have Comcast and it doesn't work. The installer said i have to change the tv setting to channel 3, but i haven't been able to program the remote he gave me. I thought the device was just a wireless monitor, so i don't see how it has a channel to change
View 1 Replies View RelatedWe have purchased Comcast fiber EDI services. They run a fiber to our office and connect to a Ciena 3930 switch. The speed we have is 30 down and use for Internet. Comcast provide a /30 and /29 address. Do I need an additional router to route /30 to /29? I only have a PIX firewall.
View 5 Replies View RelatedWe have kids in the house and I'd like to limit their internet access to certain times of the day but because of the great amount of devices they use (phones, tablets, laptops, etc.) the only way I could think of doing that easily was to set up two wireless networks: one that the adults could use 24/7 and the other that the kids could access during certain set hours.
Here's the equipment I'm working with:
DLink DIR 615 wireless router
DLink DIR 515 wireless router
Motorola Surfboard cable modem S85101U
I plugged the DLink 615 in, set it up for DHCP client and plugged it into the cable modem. I lef the default 192.168.0.1 IP address for the device. On that router, I also reserved the 192.168.0.199 IP address and assigned it to the DLink 515.I also gave the DLink 515 device the IP 192.168.1.1 so I could administer it.I set the DLink 515 to static IP and made the IP 192.168.0.199 and the default gateway 192.168.0.1.I plugged the DLink 515 into one of the LAN ports in the DLink 615.I set a schedule on the DLink 615 to shut down internet access to the DLink 515 at a certain hour and turn it back on at another time.Everything seems to work ok, but at least once a day we have to unplug and plug the routers to reset them.
Is it possible to configure bridge mode in asa 5505 if it is can u provide me a config.
View 1 Replies View RelatedI've ended up in rommon mode on my new"old" RMA'ed ASA5505, and I'm stuck there, I'v tried to erase Disk0 and all that, and tftp'ed a new image into the box, but when booting I get the message :
INFO: Unable to read firewall mode from flash
WARNING: Unable to write firewall mode to flash, this is normal if flash is not formatted
Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
This activattion key is invalid, use default settings only
i2c_write_byte_w_suspend() error, slot = 0x0, device = 0x40, address = 26 byte count =1. Reason: I2C_UNPOPULATED_ERROR
I have a cisco ASA5505 configured in transparent mode. This evening we attempted to plug a couple of new servers in but they simply didnt work, despite our test server working absolutely fine. The server IP's are all in a network object group (the same as the test server) and they're all using the same ACLs etc. I'm relatively new to configuring cisco equipment.
the only thing I can think of is a static route I had to add to get the managemet IP to work might be causing problems.route outside 0.0.0.0 0.0.0.0 XX.XXX.132.1 1(IP addresses obfuscated- servers are all in the same range so assume XX.XXX is the same across all IP's).
Currently, I have in a number of remote sites (with dynamic public address) a C800.On this Cisco, I have a config for initiating an agressive-mode tunnel to a central ASA.relevant part of the config:
---
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
!
crypto isakmp peer address 1.2.3.4
[code].....
Now I need to replace these C800 by ASA5505. But I don't know how to replace the "crypto isakmp peer address" command in ASA.The C800 transmits both the password (abcdefg in my example) and the fqdn (remotesite1 in the example). how to configure the ASA to build the tunnel the way the C800 did?
I have a cisco asa 5505 firewall, and I have a normal home ADSL broadband router, the router currently connects via wireless to my pc.What I would like to do is basically connect the asa to my pc, then my router to my firewall.what the best thing to do here, run the aa in transparent mode, OR routed mode and do NAT on the firewall to the private ip address range of my router.
OR, would it be possible to get the outside interface of my asa to get DHCP from my broadband router so it will use a 192.168.1.x address on the outside, and then turn NAT off?
I'd like to setup a DMZ network with the ASA5505. Do I need the "Security Plus Bundle"?
View 1 Replies View RelatedI have a Any Connect setup and able to VPN into my office.i bought a ASA5505-SW-UL that is unlimited user (UL) software license but now the vendor tells me that: From the ASA you can saw the unlimited license is for inside hosts, instead VPN client's, by default, ASA 5505 included only 2 VPN client's and can supported up to 25 VPN client's, your license look only default 2 VPN client's. If need more VPN client's connect, you have to purchase the additional VPN client's license. I am just wondering his statement TRUE/FALSE, because i thought ASA5505-SW-UL means unlimited license
View 4 Replies View RelatedI want to set up our ASA5505 firewall to allow access from the Cisco VPN Client software.I have nstalled the client software then tried using the VPN wizard to set up the connection without success, I am running Windows 7 32 bit and Cisco client 5.0.03.0530. [code]
View 22 Replies View RelatedI have just purchased and setup a vpn on my ASA5505 and now I wish to setup a Windows VPN client to use it. Does CISCO have any free vpn clients for Windows?I tried to download a client from the CISCO downloads area, but it's for some kind of purchase agreement. I would have thought that the vpn client was free to download given my ASA comes with two free vpn licenses.
View 5 Replies View RelatedI'm trying to setup a VPN connection for the two PC's in the graphic below. I have the link between the two locations setup and secured, now I just working with the routing elements.what I need to add to the firewall config in order to get this to work? Here is what I have:
SITE A------access-list mpls_vpn_sitea extended permit ip host 172.168.199.1 host 172.168.199.2 access-list mpls_vpn_sitea extended permit ip TEST-LOCAL 255.255.255.0 TEST-REMOTE 255.255.255.0crypto map mpls_vpn 1 match address mpls_vpn_siteacrypto map mpls_vpn 1 set peer 172.168.199.2 crypto map mpls_vpn 1 set transform-set ESP-3DES-SHAcrypto map mpls_vpn interface MPLScrypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
SITE B------access-list mpls_vpn_siteb extended permit ip host 172.168.199.2 host 172.168.199.1 access-list mpls_vpn_siteb extended permit ip TEST-LOCAL 255.255.255.0 TEST-REMOTE 255.255.255.0crypto map mpls_vpn 1 match address mpls_vpn_sitebcrypto map mpls_vpn 1 set peer 172.168.199.1 crypto map mpls_vpn 1 set transform-set ESP-3DES-SHAcrypto map mpls_vpn interface MPLScrypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
do I need to specify a route between the two networks? What do I need to have for NAT statements?
I have an ASA 5505 with Base license and a vpn client. The scenario is like this: LAN -- ASA 5505 -- ISP DSL Router---( Internet ) -- Home DSL Router --- LAN -- VPN CLient, The ISP DSL Router gets a public IP address and the ASA gets a private IP address (ISP DSL router doing NAT) and I cant reach the internet with no problem from the LAN´s ASA side but I cant make the vpn tunnel connection from the LAN´s Home side so I told the provider to bridge the ISP DSL Router, to the ASA so the ASA could get the public IP but in order to do that the provider told me to do MAC clonning on the ASA 5505 which I did putting the ISP DSL Router MAC on the ASA. Now the ASA gets the public IP on the outside vlan by DHCP but when I try to make the VPN tunnel I just cannt. I can reach the public IP by ping on the ASA and I can see the pings coming in using debug but I just cant make the vpn client work.
View 2 Replies View RelatedI have been asked to install a ASA5505 on a home network. The home network has a home broadband connection which the ISP provider supplies with an IP address. This is only for 6 weeks until the new line comes in. I know this is going to cause problems but we have no choice but to impletment this.
My questions are below.
1, We have a home hub supplied by the ISP which is configured by an IP address which is NOT static. Can we not use the ASA 5505 instead. I know that if our ISP change the IP address we have to change the IP address on the 5505.
2, Will we be able to use the home network broadband to create a secure connection?
I've tried to get my head around this but beeing used to Juniper and Watchguard devices I just can't get my home webserver published to the outside interface.I have a ASA5505 with ASA version 8.4 and ASDM version 6.4 and the basic license.
Outside interface is X.X.X.32/255.255.255.248 so I have 5 static IP:s on my external interface, .34 is in use for the outside interface.
Inside 10.10.10.0/25
DMZ 10.0.0.0/24
I have a webserver in DMZ located at 10.0.0.253 and would like to publish it to the external IP X.X.X.35.I've tried to make the static NAT but every time I do either nothing goes in or out of the DMZ zone or you can't access the webserver from the outside interface.Right now I deleted all trials since none of them work so only the basic config is applied. Everything get's NAT:ed to the external interface .34 IP.
I am connecting to a ASA5505 at from home to the head-office using L2TP VPN.
Head-office then has a connection to other-office via a site-to-site IPSEC tunnel.
When in the head-office (192.168.100.0/24) I can ping/access remote-office (192.168.200.0/24) OK.
When connected remotely to head-office, I can ping/access head-office OK from the road-warrior laptop.
My problem is that when connected remotely from home to the head-office I cannot ping/access the other-office subnet.
On the home laptop the L2TP VPN connection is set to route all traffic to the VPN connection using the HQ as the internet gateway I can confirm this works.
I cant do traceroute (I get timeouts) as my policy doesnt allow and not sure how to enable this properly on the ASA.
names
name 192.168.200.0 othersite
!
interface Vlan1
nameif inside
security-level 100
[code]....
I just joined this company and they already ad a VPN to one of their partners that provides them access to some resources. We have now added a 2nd location but the partner wouldnt allow a 2nd VPN tunnel so the decision was made to give the new location a ASA5505 to tunnel thru the main office to access the resources at the partners site.Using ASDM i believe i was able to setup the tunnel to the main office but there is no resource there to use. Now i'm stuck and i do not know what to do to get to the partner site
View 4 Replies View RelatedI have setup a Remote access VPN on my ASA5505 firewall through the ASDM wizard.I can successfully connect with the Cisco VPN client. My firewall also shows me the VPN session and shows incoming Rx packets. However, Tx packets remain 0, so no traffic is going out. My ASA5505 is configured as router on a stick with 25 different VLAN's. I want to restrict traffic to one specific VLAN using a crypto map.When I issue a ping -t command on my connected Windows box, the firewall log shows me the following message:
"IKE Initiator unable to find policy: Intf outside, Src: 10.7.11.18, Dst: 172.16.1.1."
"This message indicates that the IPSec fast path processed a packet that triggered IKE, but IKE's policy lookup failed. This error could be timing related. The ACLs that triggered IKE might have been deleted before IKE processed the initiation request. This problem will most likely correct itself." [code] I have really no idea what's going on. I have setup a Remote access VPN countless times but this time it shows me the error as described above.
My first time programming a Cisco ASA - Anyways I''m trying to setup up Ethernet 0/6 to be a DMZ Connection When I add port 0/6 to DMZ it gives me an error saying "The IP Address X.X.X.X /Subnet Mask cannot overlap the subnet of interface outside"So my question is I have an outside connection already configured - How can I make a DMZ connection with the same subnet mask with a different IP?
View 1 Replies View RelatedI have a Time Warner Cable business class service with no static IP, with a wireless modem which is plugged to a CAT5 distribution panel. On the jacks (2 other rooms on the house) I have a Linksys E3000 and a Linksys Valet router for signal boost and gadgets usage (TV, cameras, etc).The main router (TWC) has it's own external IP which TWC assigns to me and internally distributes via DHCP the range 192.168.0.x. With that said:
- The E3000 has a 192.168.0.6 IP -- this is fixed setup on the TWC router (ubee brand) by MAC address
- The Valet has a 192.168.0.7 IP -- this is fixed setup on the TWC router (ubee brand) by MAC address
- The main router has the 192.168.0.1 as the gateway and web-interface
Whenever I connect something to the E3000, it is distributing the 192.168.1.x range and the valet 192.168.2.x range.That works perfectly for my home based business until I decided to use more stuff on the network such as a IP printer, IP cameras, etc.
- The IP cameras are connected to the E3000 due to signal strength and I have manually assigned them the 192.168.1.15 and 192.168.1.16 IPs and ports 9001 and 9002.
- The printer is connected to the E3000 and I have manually assigned the IP 192.168.1.30.
Issue 1: Port forwarding On the main router (TWC - UBEE) I have tried to setup a port forwarding by informing the Local IP as 192.168.0.6 (E3000 IP), Internal Port 0, Public Interface IP (0.0.0.0), Ext Start Port 9001, Ext End Port 9001, Protocol - Both, Enabled Yes. On the E3000 I did the same config (screen shot attached e3000.png).This is not working properly. I can't get into the camera.
Issue 2: Printer/ The printer is only accessible if I connect to the E3000 (because it is on the 192.168.1.x network)
Issue 3: How to configure all the devices on the same subnet? If I want everyone to be on the 192.168.0.x network, how to configure properly the E3000 and the Valet? I have tried to force them into the same network but it would not work properly. It would not get an IP from the UBEE router (main).
i need to configure a ASA 5505 in transparent mode.learned from Internet, my configuration is :
int e0/0 --- vlan 1---->nameif outside
int e0/4 --- vlan 2------> nameif inside
gloable ip is 172.17.104.10 255.255.255.0
http server enable
http 172.17.104.0 255.255.255.0 inside
when i connect the outside interface to one PC with ip addr 172.17.104.194 my PC connect to inside interface with ip 172.17.104.249 cannot ping each other even when i set rules as permit any any on both direction
I have 3 WAP200 wireless-G access points. I have one set up as an AP the other two are set up as repeaters to the main AP.
My question is Do I need a lan connection to each repeater ?
also, do I need to create SSIDs for all three? & if so, do they need to be the same?
I turned it on for bridging and it did not auto setup wireless so i need to turn off WPS but my wireless option page is now blank. I rebooted, reset the DAP but still no manual config option. I found I could configure it if I switched it to AP mode but still cannot setup from bridge mode. According to manual a reset does not turn off WPS so what is the answer?
View 1 Replies View Relatedhow do I setup an enable password for an ASA 5510? At the moment its setup to authenticate using RADIUS (which I'd like to keep doing) but I need to setup an enable mode password.
View 3 Replies View Relatedwhen I try to connect a laptop to the wi fi it won't connect because the connection has changed from home network to public and sometimes unidentified network . I can get it connected by momentarily unplugging the router and rebooting it , then pressing connect button and it will revert to home network and things are ok . It is a netgear DGN1000 and I tried another router same make and model, same problem. I use an ethernet cable on my desktop no problems.there's 3 laptops come in to occasional use and it's happened to them all . My early attempt was microsoft's fix for sticking in public mode . It is windows 7 pro on the laptops , ultimate on desktop?
View 4 Replies View RelatedI am trying to have a setup where the AP running in autonomous mode also act dhcp server for the wireless clients.The only thing is that the vlan is switched across to the wired network.
So basically i am having 2 vlans, one for mgmt and other for data (for wireless clients) and both vlans are trunked to the switch.
[CODE]...
I have two 5504 Controller. Original Liceses 100 per Controller. At the beginning the Controllers were running standalone as a Primary and secondary in a Mobility domain. Now they are running in a HA Pairing mode. One Controller as the Primary an the second as the Standby in the redundancy HA SKU mode. The first step SSO disable is done.
how setup back the HA SKU Standby-Controller to get again the 100 licenses?
I need to setup an ASA 5525 in Active/Standby failover mode. I am setting up the ASA for a company that purchased only one public IP address. The public IP address is assigned to the outside interface. My question is will failover work correctly if I don't use a secondary IP address on the failover configuration on the outside interface?
View 4 Replies View RelatedAny setup passthrough mode of the Motorola NVG510 router ATT makes you use with U-Verse to a CISCO 877 or similar, with a block of public addresses they want to use? It is So frustrating that I have to deal with this NVG510. It is NOT a very business class router... I am assuming that I need to put it into "pass through" mode for the Cisco to be able to manage what happens with my assigned public addresses. If there is another way, let me know!
Here's what I plan to do: I've read the "related to" post above, about putting the NVG510 into pass through mode, and I plan to do this as it discusses. I'll assume that works for now. But it will assign the router's WAN IP Address to the router's "outside" interface, not one of my private IP addresses. On the Cisco side, here is what I would do: vlan1 interface is my "inside" private network. Create vlan2 interface using dhcp to get IP/gateway from the nvg510, or set it up manually, whichever works... This interface will be the "outside" NAT interface. But this interface's address will be the router's WAN address, NOT the first of my 5 public assigned usable addresses...
Here is how it will be setup:
interface FastEthernet0
switchport access vlan 2
[code]...
Then - make it my default NAT interface: ip Nat inside source list 110 interface Vlan2 overload
If I stop there... I assume I could then NAT ports from my different private addresses to the various servers in my office. But the router won't have an interface with that first assigned-to-me public address. The reason I ask is that we have a site-to-site crypto- map defined, and the interface it is defined on determines the IP Address it will communicate from. I wanted this to be my own assigned public address, not the WAN address of the router... Not sure how I would do that though... Same with the default NAT assigned to vlan2 - by default machine in access list 110 will get to the internet with the WAN address of the nvg510, not my private address.
Can I create interface vlan3, somehow linked to vlan2, give it the first private address in my block, and then move the cypto-map to this interface, and also change the default Nat to vlan3 now instead of vlan2? ip nat inside source list 110 interface Vlan3 overload
How would I go about doing such a thing? I am not a Cisco expert, I understand just the basics... This is a bit more complicated than I can figure out. Or maybe it is not possible? Will I have to, for any computer that needs unsolicited traffic through the internet to use one of my assigned public addresses, to setup a one-to-one NAT for that address to that internal address? And everyone else is stuck using the WAN address. If this is the case, it is not right... What were they thinking when they designed this router and forced us to use it as a business class U Verse customer? This should NOT be so difficult/complicated.
How to setup WRT54G in router mode
View 9 Replies View Related