Cisco Firewall :: ASA 5505 - Setting Up 2 LAN Networks And 2 WAN Connections?

May 16, 2013

I have an ASA 5505 with Security Bundle license.
I am able to create 2 LAN networks ( and Vlan1 and Vlan12 respectively. I also setup 2 outside interfaces (outside1 and outside2).
Network 1 ( - VLAN1) has no issues going out via Outside1, however I can't get Network 2 ( - VLAN 12) to go thru outside2.
I put in a static route (route outside x.x.x.x), the x.x.x.x is the default gateway of my ISP.                  

View 7 Replies


Cisco Firewall :: ASA 5505 With Dual ISP And 2 Networks

May 7, 2013

I would like to configure a Cisco ASA 5505 with Dual ISP (ISP 1 and  ISP2) and two networks (network 1 and network 2). My customer need that  clients in the network 1 connect to Internet with ISP1 and clients in  the network 2 connect with ISP2. If a failure occurs in ISP1 (just an  example) the network 1 clients connect with ISP2.

View 10 Replies View Related

Cisco Firewall :: Keep 2 Networks Separate On ASA 5505

May 7, 2012

1. I currently have a Comcast Business Class Gateway, Cisco 2100 Series WLAN Controller and a Cisco ASA 5505 all connected together to supply LAN and WLAN internet connections on my network.
2.  I also have a Card Access Security System on it owns network.  It currently does not have internet access.
I would like to put my security system on the internet so that I can support it remotely.  To do this, it has to be on a firewalled internet connection.Can  I put the two networks on my ASA 5505 and keep them seperate?  I don't want to provide a path into the Security System through my current LAN & WLAN.  But I do need a frewalled internet connection on my Security System.  I am trying to avoid purchasing a seperate firewall.

View 1 Replies View Related

Cisco Firewall :: 5505 PAT Between 2 Networks On Same Interface

Nov 6, 2011

I'm using asa 5505 with 8.4(2) and have the following problem.I have 2 Networks. each Network has it's own externel Internet-Ip and also Mail-Server.

Now I want a communication between the two Mailservers with their external Ip-Address.I did a static NAT from ipnt any to int any or also from int routed to int routed, but nothing worked.Packet tracer showed at NAT-Lookup where the externel adress of the second Mailserver is passed: Info Static translate Network1 to Network1
But it should show a translation from network1 to network1-external.Due to Security reasons, I cannot paste the whole config.Under 8.0 I did the same configuration with Policy-Nat and it worked.

View 1 Replies View Related

Cisco Firewall :: Setting Up ASA 5505 To Be Used As Firewall Between BT Internet And 3560 LAN Switch?

Aug 23, 2011

setting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:

Network Address   Network Mask  BTnet NTE Router LAN Address
There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.

View 21 Replies View Related

Cisco Firewall :: 5505 - Setting Transparent Firewall Ip Address?

Dec 22, 2011

Trying to set up a asa 5505 in transparent firewall mode. I cannot set the management ip address:
ciscoasa> enable
ciscoasa# config term


View 7 Replies View Related

Cisco Firewall :: Allow PPP Connections Through ASA 5505?

Mar 1, 2012

We have a user who needs to access a vpn from his MAC through an ASA 5505.  The user is getting an IP via DHCP and the outside interface of the ASA gets it's address via DHCP as well.  The user states that when he is home or anywhere else but behind the ASA it connects fine, but once the ASA is added it times out.  He is able to get to the internet from the machine without any issues.  Looking over the config on the firewall it isn't set to deny any traffic and there is a global set on the interface and it is nat the inside interface.  There is no global policy in place so I was considering implementing the following:

policy-map global_policyclass inspection_default  inspect pptp

View 2 Replies View Related

Cisco Firewall :: ASA 5505 - Allowing Multiple Networks On DMZ?

May 22, 2011

I have 3 networks coming on DMZ (VPN) interface. Only one network is able to ping the DMZ interface. See below networks coming i on the DMZ. Only the netork works as it is in the same range as the DMZ interface.
allowing the other two networks to communicate. I've attched the diagram and configs for your perusal.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Routing Between Internal Networks

Feb 18, 2013

I am new to Cisco ASA and have been configuring my new firewall but one thing have been bothering. I cannot get internal networks and routing between them to work as I would like to. Goal is to set four networks and control access with ACL:s between those.
1. Outside
2. DMZ
3. ServerNet1
4. Inside
ASA version is 9.1 and i have been reading on two different ways on handling IP routing with this. NAT Exempt and not configuring NAT at all and letting normal IP routing to handle internal networks. No matter how I configure, with or without NAT I cannot get access from inside network to DMZ or from ServerNet1 to DMZ. Strange thing is that I can access services from DMZ to Inside and ServerNet1 if access list allows it. For instance DNS server is on Inside network and DMZ works great using it. [code]

View 13 Replies View Related

Cisco Firewall :: ASA 5505 Connecting 2 Internal Networks?

Nov 7, 2012

We recently changed locations and acquired a new circuit from our provider. They also connected our remote branch office to our main office through MPLS. Now, as I understand it, the branch office basically connects back to the main office through our providers network (MPLS). We have a new router at the branch office which has a gateway of The clients in that office have IP's of - 100, using the gateway of
The main office network is (Gateway of
At this end (Main office), I also have a new Cisco 2900 provided by the ISP, with port 0/0 for the outside connection (connected to the 0 port on my ASA 5505). The ASA's port 1 obviously running into my network hub. The provider tells me that port 0/1 on the 2900 is or should be used to connect the branch office back to here and has an IP of, as that's how the provider provisioned it. So, I plug that into the ASA's Ethernet port 0/2. And I'm assuming they have a route setup either on the 2900 or the router in the branch office so that can reach me here at
There is already a static route setup on the ASA: ( 1). As soon as I plug in the cable, the IP phones at the branch office work, but they can't access the internet or any resources in the main office. My questions are:
1. Shouldn't I be able to just go straight from the 0/1 port on the Cisco 2900 to my hub. At first I was plugging right into the ASA, but I don't think I need to do that, why go from the branch office through my ASA to access resources and then back out the ASA for internet. If they're already coming from, through the MPLS network, then they should go right to my network and then back out the ASA.
2. They have to route through the ASA first, in which case, do I need to setup another VLAN for that branch network in conjunction with a static route? I can ping the router and hosts in the branch office through the ASA only!
Below is the running sanitized config:
Result of the command: "show running-config"
: Saved:ASA Version 8.2(2) !hostname ciscoasadomain-name audiology.orgenable password ulzaQiFnKVzDwUmW encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Vlan1nameif insidesecurity-level 100ip address ospf cost 10!interface Vlan2nameif outsidesecurity-level 0ip address ospf cost 10!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!boot system disk0:/asa822-k8.binftp mode passiveclock timezone EST -5clock summer-time EDT recurringdns server-group DefaultDNSdomain-name audiology.orgsame-security-traffic permit inter-interfacesame-security-traffic permit intra-interfaceaccess-list


View 16 Replies View Related

Cisco Firewall :: ASA 5505 Blocks New Connections To IP

May 22, 2012

I am trying to get up to speed on this topic as quickly as possible. 
Here is my issue:                  
1)     We are able to access the webiste

2)     We are able to upload data packets

3)     We allow the website to time out while we are uploading data packets

4)     When we attempt to re-access the website the ip is blocked a)     this includes pinging and trace

5)     After an undertermined period of time the ip is unblocked and we are allowed to access it again.
The ASA 5505 router is the last forward facing stop before entering the VPN tunnel.  We have tested by circumventing the ASA and we are unable to duplicate the disconnect.  We have reviewed the config file and have not been able to identify what rule/settings could be affecting this.
when tracing port usage, the actions use 2 tcp ports and 1 udp port,  the 2 tcp ports open and close by each transaction, when the ip block occures the 2 tcp ports are "dead"  the udp port remains open (appearhently sending the remainder of the data packets)

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Supports 10k Connections

Oct 21, 2012

When we say that ASA 5505 supports 10k  connections does it mean that we can have 10k connections to the different websites?

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Allowing Traffic Between Two Internal Networks

Aug 30, 2011

I'm usually not working with this product, but this is what I'm trying to do.I have 2 internal networks setup on our Cisco ASA 5505 firewall. (not done by me, I'm a new to this product)I'm trying to access a server on one network from a PC located on the other internal network. (preferable through the web gui)When I try "Packet Tracer" from interface "Trust4" it fails on the NAT phase.(Source ip:, Destination ip:
When I check the NAT rule, it says:
Type            Source     Interface    AddressDynamic         any          outside      outside.

View 3 Replies View Related

Cisco Firewall :: 5505 - ASA Install Inside Networks Can't Browse Each Other

May 19, 2011

I just installed a new ASA 5505 for an office with three internal subnets.  The three networks can each get online fine and ping eachother, but cannot browse to shares on the two internal networks other than their own.  How do I configure the ASA to allow all traffic between these three inside networks?

View 21 Replies View Related

Cisco Firewall :: Setting Up DMZ On ASA 5505?

Nov 14, 2011

I am trying to set up a DMZ on my Cisco ASA 5505, so that the wireless clients are connected behind the DMZ, the LAN clients are connected behind the inside interface and both groups of clients can get to the Internet.  I have been able to configure the ASA for both wireless and LAN, but the wireless clients still cannot get to the Internet.  The LAN clients can get to the Internet.  I do not want the wireless clients and the LAN clients to be able to be able to communicate with each other. What commands do I need to run in order to allow the wireless clients to access the Internet? 

View 11 Replies View Related

Cisco Firewall :: Monitor Connections To DMZ Port On ASA 5505?

Mar 22, 2012

How do I monitor connections to the DMZ port on our ASA 5505 (via ASDM 5.2)? We have a WAP connected to it and it's intermittently dropping connections.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Stops Accepting Connections

Nov 21, 2012

A client has an ASA 5505 with a base license.  The version information and configuration is attached.  In 8 hours, sometimes less and infrequently more, it becomes inaccessible.  All connections are dropped and the only way to access the device is through a console connection.  The WAN interface (VLAN 3) is connected to Verizon FIOS.  The interface was set to 100 MBps and full duplex, but I just changed it to auto on both the speed and duplex to see what would happen.  The LAN interface (VLAN 1) is also set to 100 MBps and full duplex  It has not been changed.
The last time it happened logging was running, but nothing in the log indicated a problem.  In fact, the last log entry was a couple of hours before the lockup (there's little or no traffic on the ASA while the problem is being diagnosed).

View 3 Replies View Related

Cisco Firewall :: ASA 5505 - Dropping TCP Connections On Inside Interface

Feb 12, 2013

Trying to add inside routes on an ASA 5505 to point traffic to another gateway for other connected networks is resulting in the following error 6Sep 16200 819:13:5810601510.184.236.1265003810.170.54.1823389Deny TCP (no connection) from to flags RST on interface insideI believe the problem is due to the Asymetric tcp connection and the ASA is dropping the connection because it only see one half of the traffic.Is there a way we can stop the firewall dropping the TCP connections on the inside interface? i've tried removing the threat managment which didnt work.Annoying thing is were putting the ASA 5505's in to replace old Watchguard soho firewalls only the watchguards forwarded the traffic no problem at all.

View 1 Replies View Related

Cisco Firewall :: 5505 High Availability Over Dual WAN Connections

Mar 20, 2011

One of my remote sites acquires Internet connectivity via a cable  modem service.  This goes down intermittently, of course.  I would like  to purchase DSL service from the local telco and configure the edge ASA  (currently a 5505) to use the cable modem path normally ... and fall  back to the DSL path if necessary.
These seems hard to  do.  The edge box would need to evaluate the viability of a WAN path  using some set of tests ... perhaps pings to a handful of major Internet  sites.  If all those pings start failing, it would stall for a minute,  to give the WAN service provider time to recover ... then cut over to  the second path.  Cutting to the second path might mean pushing new DNS  server addresses to clients (or perhaps the edge box would hand out both  sets of DNS servers all the time and rely on the clients to try them  all.)  Once the cable modem provider restored service, the edge box  would stall for a while (ten minutes?  an hour?) and then cut back.
I'm willing to replace the edge box with something  fancier (a bigger ASA or something sold as a router or whatever),  although I'd like to stay under 10K (list) for such a replacement.

View 3 Replies View Related

Cisco Firewall :: Setting Up Port Forwarding ASA 5505

Mar 15, 2012

We are trying to setup our ASA 5505 to do port forwarding to multiple internal servers and have run into some issues. A little background on what we are trying to do.
We have 1 static external IP. Internally we have one exsisting server ( that has port 80 forwarded to it and another exsisting server ( that has port 443 forwarded to it. Both of these servers are serving seperate web apps to our employees who of course use them offsite. We have now added an additional server ( that needs to use both ports 80 and 443. Is there any way to set it up so that these ports can be forwarded to all the servers that need them? Also, how would this work as far knowing what traffic will need to go to which server even though it is using the same port?
The equipment is: ASA 5505ASA Version 7.2(4)ASDM Version 5.2(4)   I appologize in advance if what I'm trying to do is difficult/impossible. I inherted the ASA 5505 at this location and I was not here when it was initially installed. In fact no one on staff was here when it was initially installed. I did manage to find the passwords to it though. I'm not at all familiar with the ASA 5505 or Cisco secuirty appliances in general.

View 19 Replies View Related

Cisco Firewall :: Setting Up New ASA 5505 Into Existing Network?

Mar 21, 2013

I am having a problem trying to figure out how to add a new ASA 5505 to an existing network.  My current network is:Cable Modem  >  Linksys  >  48 port switch With multiple hosts residing on the 192.168.0.x network.Now i know that the ASA comes default with on the inside interface and i want to change that to  I have tried to do this thru ASDM using the wizard and manually.  Once i hit ok for it to write the config, it gives me an error that it didnt take.  I then lose connection to the ASA and have to hard boot it to get it back.I am trying to do this without my external connection connected and i have a laptop connected to the ASA on port 0/2 with an IP address of i need to connect my internet connection to it first and then run the wizard?  I was hoping to get it configured for my existing network before i plugged in the internet connection to limit my downtime.This ASA came with 6.4.1 ASDM and 8.2 OS installed.  i was able to upgrade the ASDM to 7.X but when i go to update the OS to 9.1, i get an error that i am not registered to use cryptographic software.   Dont know where i need to register to get it?

View 4 Replies View Related

Cisco Firewall :: Setting A Boot Image On ASA 5505?

May 1, 2011

I have an ASA 5505 that I was updating from frimware 8.04 to 8.41. Anyway, I went through the update procedure half-asleep and accidentally deleted the boot image right after I installed it (I used the CLI and put in the command del asa8*.bin then just hit enter a bunch of times, which of course means I deleted the old firmware too).
So now whenever I power up the ASA, I get the "Could not find boot file" error. Is there a guide somewhere that tells me how can upload another boot image to the ASA and set the ASA to boot it from teh ROMMON prompt?

View 1 Replies View Related

Wifi Networks - No Connections Are Available?

Nov 28, 2011

When I check available Wi-Fi networks it says "No connections are available. All of our other computers work so I dont know what the problem is. When I check device manager for the adapter it says my adapter is enabled so I dont know what the problem is. How can I get it to recognize my wi-fi?

View 1 Replies View Related

Cisco VPN :: Can The ASA5505 Support Ssl Vpn Connections From Different Networks

Jul 24, 2012

I have and office that the cable modem tends to go down on the weekend. Can i setup my asa to support a second provider so that if the one connection is slow for some reason, my users could connect to the second provider instead? they would both be used at the same time most the time.

View 3 Replies View Related

Wireless NIC Not Picking Up Available Networks Or Connections?

Aug 27, 2011

My laptop has suddenly stopped connecting wirelessly. Just fine with ethernet though. My Wireless adapter is enabled and showing fine in Device Manager and has the latest driver. Wireless Zero Configuration is enabled in services. I tried simply disabling and then re-enabling the wireless adapter but still no luck. I tried selecting the repair option for the wireless adapter and I get the exclamation in yellow triangle deal. I checked to see if I was having issues with firewall and that's not it either. When I click "View Available Wireless Networks" the dozen or so networks that use to appear are gone. I power cycled and reset my modem with no luck. I've also did an ipconfig /release and ipconfig /renew in CMD but nothing changed. I have not changed any wireless settings for my NIC or modem/router and don't understand what else I can do.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:Documents and SettingsJohn>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : john-433101c601
Primary Dns Suffix . . . . . . . :


View 5 Replies View Related

Setting Up Two Separate Networks With One Isp?

Feb 5, 2012

I would like to set up two separate networks from one internet connection(modem), with the goal being to have a public network(Network A) that would have a small server on it, and then having a second secured network(Network B) that would have my personal computers on it. And both networks having connection to the internet. (The idea being that if the server somehow became compromised that my personal computers and their data would be safe)I have done some research and found that many people claim this can be done with just two or three routers, but none of them go into any detail about how to configure the routers. Below are the physical setups of the two options that I have come up with in my research, which if either would you recommend? And how would I configure each of the routers?

Modem/router 1 (Network A public)
--Internet-in WAN port
--port 1 to WAN of router 2-------------l
--port 2 server


View 2 Replies View Related

Setting Up 2 Networks On 1 Switch

Apr 18, 2011

I'm asked to think of a solution to make in an existing LAN connected by switches (connected to each other) to make another network availible.atm we have a network with and we are short on IP adresses because of a large DHCP pool from wireless clients and a growing network with static IP addresses.So basicly what i want to accomplish is an extra network in the existing LAN and all computers have to be able to communicate to each other and all computers have to be able to connect to the internet using gateway (direct or trough route tables). For future growth an extra LAN with not perse internet access for only VOIP, but that is on the side and is not a priority, because I can set up that network on the same switches easy without having them to be able to connect to the computers and servers in the network. (correct me if I am wrong)

What I found out browsing the internet is that a layer 3 switch may provide the solution, but I can't make out of the technical specs if thats going to work when both LAN's computers will be connected on the same switches.Also I found a lot of solutions with setting up a server with 2 NIC's and setting up routes on that server. But since we have a very large amount of network traffic with large graphical files, having 2 nics to route all that trafic doesn't seem like a desirable solution for my purpose.

View 4 Replies View Related

Setting Up Separate Networks With VLAN

Oct 3, 2012

I'm new at this stuff and very stumped. I have one WAP with multiple SSIDs that support VLAN ID (for a private and guest wireless network) and a managed switch that supports tag or port based VLAN ID. How do I set up the switch so that the networks are separate, but can still reach their own routers to get on the Internet? In case details are necessary, the WAP is a Cisco Aironet 1130AG and the switch is a Netgear FS750T2

View 14 Replies View Related

Setting Up Two Wifi Networks With One Router?

Jan 4, 2012

I want to setup two WIFI network with one Router at home.

View 2 Replies View Related

Linksys WRT54G / Setting Up 2 Networks On One WAN Address?

Apr 2, 2011

In my home, I have broadband internet connection, which is Time Warner Cable. I also have an Apple Airport Extreme that shares my internet throughout all of my computers. My current set up runs perfectly but the problem is, I have other devices in my home that require a WEP security key. My Airport Extreme is running on WPA but I don't want to lower it's security to WEP just for those devices. What I'm trying to do is create another separate network which has a WEP security key (Linksys WRT54G). So ultimately, I would like to set up two networks, one is the Airport Extreme and the other Linksys, which both run under the same WAN address provided by Time Warner Cable.

View 11 Replies View Related

Cisco Switches :: ESW-520 / Setting Up Two Separate Networks With Access To Shared Resources?

Jan 19, 2013

We have a two separate businesses in the same building who will both need access to shared resources and the same internet connection. They will need to remain on separate subnets and cannot communicate directly to each other. The current switch is a Cisco ESW-520-48P and we are looking at purchasing an SG-300-20P for the new business moving in. Heres how we envisage setting it up:
ESW-520 will host Company A's network. Workstations, servers etcSG-300 will have two VLANS. VLAN1 will host all Company B's network. Workstations, servers etc. VLAN2 will host the shared resources such as printers. The internet gateway is a UNIX based system with 3 NICS. 2 NICS are taken up by ADSL connections while the other NIC is the LAN, which would connect to VLAN2 on the SG-300. We would like to define which ADSL connection to route through depending on which subnet traffic is originating. The ESW-520 will need access to the shared resources and internet gateway on VLAN2 on the SG-300. 

View 4 Replies View Related

Home Network :: Setting Up Networks With Multiple Locations / Wireless Points?

Feb 11, 2011

setting up networks with multiple locations and multiple wireless points.For example: My sisters' home has here modem in her main computer room, it has a Belkin router hooked to the modem. Then a line goes from there to my nephew's room where I tried to expand their network by adding another router. I really just wanted an access point, but they don't seem to sell these as much as they used to. Anyway, I had it working, but it was two different networks, NETWORK1 and NETWORK2. So they had to swap networks when moving around the house. what would be the best hardware setup to provide both sides of the house with some Hardwired access as well as wifi access? Right now, we have two routers, a DIR615 (or something like that) and a Cisco E1000, and again hardwire going from the main computer room to my nephew's room.Also, in my house, I have lots of stuff... I have an Actiontec Router from FIOS, feeding a small hub as well as a switch in my main room. Which then feeds a Ps3, Wii, laptop, Denon reciever, and Access Point... and also feeds my Apple TimeCapsule, which also feeds my printer. My wireless devices range from cameras, iphones/ipads, and a wifi unit (I forget what it's called, but it connects my DVR wirelessly to my network, and the DVR itself doesn't have wifi).

my question about my setup is, should everything be on one network... as in let the ActionTec handle most of the duties and use switchers and accesspoints to extend the network. Should everything be on the same wireless network and channels? Like if I used my access point to extend, do I want the same settings as my main wireless router, and would that be the same for the Apple Airport Extreme?Also, does having all these wireless networks going create any kind of hinderance on my performance. For example, the PS3 has some sort of wifi in it... it produces a SSID, but I never connect to it. Should I make sure that's off? And in my main room, should I go with just the AirPort extreme over using it and the Wireless Access point.

View 1 Replies View Related

Home Network :: Setting Up Two Wireless Connections In The Same House?

Aug 3, 2011

I currently have one wireless router in my house. Of course its hooked up the the modem, but i also have it hooked up directly to my desktop considering the router is on the desk where my computer is.I recently moved to a new house.One of the rooms has a huge brick wall in it, unfortunately the computer is in that room.AND, its on the far left side of the house, so the other side of the wall barely gets any signal (Enough to work, but it bounces and only gets about 2 Megabytes Per Second, which is awful, because the router sends out 20 megabytes per second due to our internet plan.) Now, my room is all the way on the far right side of the house, in my room, i get barely any connection at all, 20% is normal in my room. I have my Playstation 3 in my room, so I had to wire an ethernet cable from the wireless router, up through the attic, to my PS3. I can now get 20 MBPS while playing video games. While that is great, i still don't have a wireless connection back there.

What i want to know is, can i plug in another wireless router to the ethernet cable in my room, sending out another signal. So basically, im plugging up a wireless router to another wireless router, and want them to both send out internet.I plan on getting a gaming laptop in December and will be playing it most of the time in my room. I need to know if this is possible, and if it is, how do i do it?First off, let me state that moving the computer or router in front of the brick wall is completely out of question.Also, know a lot of stuff about computers, but know almost nothing about networking.

View 7 Replies View Related

Copyrights 2005-15, All rights reserved