Cisco Firewall :: Setting Up DMZ On ASA 5505?

Nov 14, 2011

I am trying to set up a DMZ on my Cisco ASA 5505, so that the wireless clients are connected behind the DMZ, the LAN clients are connected behind the inside interface and both groups of clients can get to the Internet.  I have been able to configure the ASA for both wireless and LAN, but the wireless clients still cannot get to the Internet.  The LAN clients can get to the Internet.  I do not want the wireless clients and the LAN clients to be able to be able to communicate with each other. What commands do I need to run in order to allow the wireless clients to access the Internet? 

View 11 Replies


ADVERTISEMENT

Cisco Firewall :: Setting Up ASA 5505 To Be Used As Firewall Between BT Internet And 3560 LAN Switch?

Aug 23, 2011

setting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:

Network Address   Network Mask  BTnet NTE Router LAN Address
      
There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.

View 21 Replies View Related

Cisco Firewall :: 5505 - Setting Transparent Firewall Ip Address?

Dec 22, 2011

Trying to set up a asa 5505 in transparent firewall mode. I cannot set the management ip address:
 
ciscoasa> enable
Password:
ciscoasa# config term

[Code].....

View 7 Replies View Related

Cisco Firewall :: Setting Up Port Forwarding ASA 5505

Mar 15, 2012

We are trying to setup our ASA 5505 to do port forwarding to multiple internal servers and have run into some issues. A little background on what we are trying to do.
 
We have 1 static external IP. Internally we have one exsisting server (10.1.1.184) that has port 80 forwarded to it and another exsisting server (10.1.1.185) that has port 443 forwarded to it. Both of these servers are serving seperate web apps to our employees who of course use them offsite. We have now added an additional server (10.1.1.186) that needs to use both ports 80 and 443. Is there any way to set it up so that these ports can be forwarded to all the servers that need them? Also, how would this work as far knowing what traffic will need to go to which server even though it is using the same port?
 
The equipment is: ASA 5505ASA Version 7.2(4)ASDM Version 5.2(4)   I appologize in advance if what I'm trying to do is difficult/impossible. I inherted the ASA 5505 at this location and I was not here when it was initially installed. In fact no one on staff was here when it was initially installed. I did manage to find the passwords to it though. I'm not at all familiar with the ASA 5505 or Cisco secuirty appliances in general.

View 19 Replies View Related

Cisco Firewall :: ASA 5505 - Setting Up 2 LAN Networks And 2 WAN Connections?

May 16, 2013

I have an ASA 5505 with Security Bundle license.
 
I am able to create 2 LAN networks (192.168.9.0 and 172.16.9.0) Vlan1 and Vlan12 respectively. I also setup 2 outside interfaces (outside1 and outside2).
 
Network 1 (192.168.9.0 - VLAN1) has no issues going out via Outside1, however I can't get Network 2 (172.16.9.0 - VLAN 12) to go thru outside2.
 
I put in a static route (route outside 172.16.9.0 255.255.255.0 x.x.x.x), the x.x.x.x is the default gateway of my ISP.                  

View 7 Replies View Related

Cisco Firewall :: Setting Up New ASA 5505 Into Existing Network?

Mar 21, 2013

I am having a problem trying to figure out how to add a new ASA 5505 to an existing network.  My current network is:Cable Modem  >  Linksys  >  48 port switch With multiple hosts residing on the 192.168.0.x network.Now i know that the ASA comes default with 192.168.1.1 on the inside interface and i want to change that to 192.168.0.1.  I have tried to do this thru ASDM using the wizard and manually.  Once i hit ok for it to write the config, it gives me an error that it didnt take.  I then lose connection to the ASA and have to hard boot it to get it back.I am trying to do this without my external connection connected and i have a laptop connected to the ASA on port 0/2 with an IP address of 192.168.1.75.Do i need to connect my internet connection to it first and then run the wizard?  I was hoping to get it configured for my existing network before i plugged in the internet connection to limit my downtime.This ASA came with 6.4.1 ASDM and 8.2 OS installed.  i was able to upgrade the ASDM to 7.X but when i go to update the OS to 9.1, i get an error that i am not registered to use cryptographic software.   Dont know where i need to register to get it?

View 4 Replies View Related

Cisco Firewall :: Setting A Boot Image On ASA 5505?

May 1, 2011

I have an ASA 5505 that I was updating from frimware 8.04 to 8.41. Anyway, I went through the update procedure half-asleep and accidentally deleted the boot image right after I installed it (I used the CLI and put in the command del asa8*.bin then just hit enter a bunch of times, which of course means I deleted the old firmware too).
 
So now whenever I power up the ASA, I get the "Could not find boot file" error. Is there a guide somewhere that tells me how can upload another boot image to the ASA and set the ASA to boot it from teh ROMMON prompt?

View 1 Replies View Related

Cisco :: ASA 5505 - Setting A VPN Connection

Apr 4, 2011

I am wondering if this Cisco ASA 5505 Box is overkill for what I need?I have just become network admin to a small office that host two domains.

[code]...

Some of the clients are requesting a connection to the office from remote locations for file access and what not. So would implementing a Cisco ASA 5505 be overkill? I am a bit nervous of going forward as I have never had to "setup" an ASA box and dont want to kill the network.If I should NOT use this box, what should I use for a VPN connection?

View 6 Replies View Related

Cisco WAN :: Setting Up Routes On ASA 5505?

Dec 12, 2012

I'm trying to set up a Cisco ASA 5505. I'm mainly setting things up through ASDM but I also have console access. Right now while I'm setting it up I have the outside/Vlan2 port attached to my existing network and a laptop connected to the inside/Vlan1 port. More info about that:
 
interface Vlan1
nameif inside
security-level 100

[Code]....

Before I added that last "0.0.0.0" entry, the ASA would not see anything on the internet. Now I can ping any external IP address from the router's console. However, the laptop I have connected to the 'inside' port still cannot reach any IP address outside the 10.10.153.0 network. Every time I try to add a similar route for the 'inside' interface, I get the following error: "You have another route configured for this network any which has same gateway 10.10.152.1 and same metric 1. You cannot add a duplicate route." I know I'm misunderstanding something here. In order to make devices connected to the 'inside' port connect to the internet, I need to set up a new route that will direct these devices to 10.10.152.1, right?

View 9 Replies View Related

Cisco WAN :: Setting Up ASA 5505 Behind 5510?

Aug 14, 2011

My company has leased some office space to an outside company that handed me a 5505 and said "We want to VPN to our HQ through your Internet". I have two issues: I need this to work and I need to be able to access the 5505 from the management network. I don't care about the VPN aspect as much as making sure that I have basic communication down. I have everything configured per the diagram, but I can't ping the 5505 outside (Vlan 2) interface. I want to be able to configure and test the VPN setup on the 5505 from Putty on my PC.
 
The default route on the 5520 sends traffic to 10.10.1.1 and the default route on the 5510 sends traffic to the WAN interface. I added this route on the 5510:
 
outside 10.94.4.0 255.255.255.0 10.10.8.1
 
I still can't ping the default gateway on the 5505. There is a switch between my PC and the 5520 but the default route passes the traffic to the 5520. However on my tracert I don't even get to the 5520. What's going on here? Do I have to add a route to the switch just to manage the ASA 5505?

View 30 Replies View Related

Setting Up ASA 5505 - Dual WAN

Oct 18, 2011

I have a ASA 5500 with Sec+ ?Is it possible to have Dual WAN, one WAN is used for default traffic and WAN2 would be strictly for VPN tunnels?

View 4 Replies View Related

Cisco VPN :: Setting Up 5505 VPN For Windows 7 Client

Feb 16, 2013

I have a client that has a 5505 installed. They want to VPN in with their Win7 laptop, but they don't want to shell out $1000 for the 10-pack Cisco VPN client.I have successfully setup the clientless VPN, and they can, through a browser, get to their files, but they'd like to map network drives so it's just like they're in the office.I tried setting the IP Sec up on the 5505, and then using  the built-in Win7 VPN network connection, but no go.I also do everything through the ASDM, but I realize some things cannot be done. I'd prefer to use the ASDM!Anyone else get this configured? 99% of what I see out here is how to connect the 5505 for site-to-site VPN.

View 4 Replies View Related

Cisco Wireless :: Manually Assigning Channels And RRM Setting With WLC 5505

Mar 16, 2013

My wireless network consists mainly of approximately 1400 AP's 900 x 3602's, 500 x 3502's,The majority of these AP's especially the new ones have been manually optimised for channel and power settings. We paid an external surveyor to survey and optimise the AP's.   
 
We have a few 5505 WLC's and the channel assignment method is set to "Freeze" ,My question is, if someone invokes a channel update on a WLC, will the WLC override the original manual channel setting if the WLC thinks it should be changed?  And will the original setting be lost forever unless a restore is performed from the WLC Database?

View 5 Replies View Related

Cisco Firewall :: ASA 5520 - NTP Server For Firewall Clock Setting

May 22, 2013

I have ASA 5520 installed. I want to use ntp server for firewall clock setting. I found one open-access ntp server (stratum 2) in Los Angeles:
 
[URL] 209.151.225.100
  
Can I use the following command to set ntp server?
 
ntp server 209.151.225.100 source outside.

View 3 Replies View Related

Cisco Firewall :: 891 Setting Up Same Basic Firewall Attributes

Nov 29, 2011

In comparing the 891 (IOS 15.1) firewalling/security features to that of the small business routers, how does one go about setting up the same basic firewall attributes?  with the small business line, you have simple "enable/disable: SPI, DOS, Block WAN request, etc..."how do you go about enabling those same simple things in this router, in particular the "Block WAN request"?

View 3 Replies View Related

Cisco Firewall :: ACS 4.1 And Firewall AAA Setting?

Oct 25, 2012

I have a cisco ASA5520 and i have configured the following to authentication from tacas server.
 
Code...

so whenever i login to any device it give me username and password option
 
i am able to login with my windows database name and password
 
after login while login i have setup a enable password xyz@123
 
so after login with enable password it is coming in privilege level 15 ..
 
Now i want to add some user with only monitor privilege level 3.

View 1 Replies View Related

Cisco VPN :: 1812 IOS And ASA 5505 Router - Setting Up Site-to-site VPN On 881

Mar 31, 2011

Just now my boss asked me to prepare to set up site-to-site VPN on Cisco 881 Integrated Services router to ASA 5505 router which is now running at the HQ side. I am now learning pdf file from Cisco which mention how to setup site-to-site VPN between Cisco 1812 IOS router and ASA 5505 router by using ASDM V6.1 and SDM V2.5. Can't find the paper for that Cisco 881 device.

View 4 Replies View Related

Cisco Firewall :: Monitoring ASA 5505 Firewall Active / Standby Pair Using SNMP?

Sep 7, 2011

How I can actively monitor the interfaces and overall status of 2 x ASA 5500s in an Active/Standby configuration?
 
I can setup monitoring of the interfaces on the Active member but I'm not sure how to manage the Standby member?

View 1 Replies View Related

Cisco Firewall :: IOS Firewall Versus ASA (5505 / 5510) For Smaller Clients (less Than 50)?

Apr 24, 2012

We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510.  One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover.  I have configured a number of isr's for this and i know it works good. 

View 1 Replies View Related

Cisco Firewall :: Failover ASA 5505 - Setup Second Inside Interface On Firewall?

Feb 19, 2012

I have a Cisco ASA 5505 in our office. We are currently using Interface 0 for outside and 1 for inside. We only have 1 Vlan in our environment. We have two three switches behind the firewall. Today the uplink to Interface 1, to the firewall, on the switch went bad. I want to setup a second inside interface on the firewall and configure it as failover incase this happens again. I want to attach it to the other switch. Can I do this? If so, what do I need to do? would it only be a passive/standby interface?

View 1 Replies View Related

Cisco Firewall :: Upgrade From 5505 To 5520 On Network - ASA Firewall Throughput

Feb 27, 2013

I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
 
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
 
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.

View 5 Replies View Related

Cisco VPN :: 5505 Setting Up Site-to-site IPSec VPN Between Two ASA

Nov 6, 2011

I am setting up a site to site IPSec VPN between two ASAs.I want to NAT an internal host that my VPN peer's network will be connecting to. So I need to make sure the traffic coming from this internal host is NATted before it enters the VPN tunnel as "interesting traffic"
 
So let's say remote network 192.168.20.0 /24 is connecting through IPSec VPN tunnel with peers 65.200.1.1 and 198.14.7.10 to host 10.100.1.7 on my network.I want to NAT host 10.100.1.7 to 192.168.100.5 to the remote network connects to the 192 address, not the 10 (I am using a ASA 5505)

View 9 Replies View Related

Cisco Firewall :: ASA 5505 Creating Interface Vlan In Firewall

May 3, 2011

I have been working with ASA 5510,20,40,80 but not with 5505 this vlan and its interfaces are quite confusing.Just want to know how it works and its connectivity to Cisco Switch.Do i have to put the interface of the switch in the same vlan as i am creating the interface vlan in firewall ?Now the switch port connecting to this Eth1 interface should also be in the same vlan ? i.e vlan3 ?? or it will be in trunk ? The default configuration shows the eth0 with no access vlan and interface eth1 with access vlan 2... does it mean the eth0 is in vlan1 ? (Nativ Vlan ) ???

View 4 Replies View Related

Cisco Firewall :: ASA 5505 Firewall To Filter HTTPS Websites?

May 28, 2012

I have a cisco asa 5505 firewall. Is it possible to block secure websites in it like [URL]? I have already tried regular expression filtering but it filters only http traffic.

View 4 Replies View Related

Cisco Firewall :: ASA 5505 - Can't Reach FTP Site While Inside Firewall?

Feb 26, 2011

I am trying to configure our ASA 5505 so that our users can access our ftp site using [URL] while inside the firewall. Our ftp site is setup so that you can reach it by either browsing to the above url or by browsing to ftp://99.23.119.78 but we are unable to access our ftp site from either route while inside the firewall. We can access our ftp site using the internal ip address of 192.168.1.3.
 
Here is our current confguration:
 
Result of the command: "show running-config"
: Saved:ASA Version 8.2(1) !hostname ciscoasaenable password qVQaNBP31RadYDLM encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.1 255.255.255.0 !interface Vlan2nameif ATTsecurity-level 0pppoe client vpdn group ATTip address pppoe setroute !interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveobject-group service DM_INLINE_TCP_1 tcpport-object eq ftpport-object eq ftp-dataport-object eq wwwaccess-list ATT_access_in extended permit tcp any host 99.23.119.78 object-group DM_INLINE_TCP_1 access-list ATT_access_in extended permit tcp any interface ATT eq ftp access-list ATT_access_in extended permit tcp any interface ATT eq ftp-data access-list ATT_access_in extended permit tcp any interface ATT eq www access-list 100 extended permit tcp any interface ATT eq ftp

[code]....

View 6 Replies View Related

Cisco Firewall :: 5505 PAT With Single Public IP And Several Servers Behind Firewall

Nov 21, 2012

New to the ASA 5505 8.4 software version, but here is what I'm trying to do:
 
-Single static public IP:  16.2.3.4
-Need to PAT several ports to three separate servers behind firewall
-One server houses email, pptp server, ftp server and web services: 10.1.20.91
-One server houses drac management (port 445): 10.1.20.92
-One server is the IP phone server using a range of ports: 10.1.20.156
 
Basically, need to PAT the ports associated with each server to the respective servers behind the ASA 5505.  Is anything missing from this config? Do I need to include a global policy for PPTP and SMTP? [code]

View 11 Replies View Related

Cisco Firewall :: ASA 5505 Transparent Firewall With Web Sense Integration

Apr 27, 2011

I'm integrating a Cisco ASA5505 with a Websense proxy. I have a configuration setup where we have four routers which are used for Internet access. There are two VLAN's - Guest and Private. What I would like to achieve is making the use of available bandwidth by load distribution via GLBP, and filtering users web traffic. Two routers will be used for a GLBP group in one VLAN, and the other two routers will be used for GLBP in another VLAN.The users are connected to a Cisco 2960 switch and are in their respective VLAN's. I'm planning a 802.1q trunk to a Cisco ASA from the 2960 switch, carrying both VLAN's.What I would like to know is if there is a CSC module (or similar) which has Websense installed on it, and if it is possible to setup the ASA5505 in transparent mode to filter the traffic in this way? Hopefully this would allow multiple users to take advantage of the additional bandwidth, and not be restricted by using a traditional proxy setup which where all web traffic would be originating from a single MAC address.

View 1 Replies View Related

Cisco Firewall :: 5505 ASA Trunk Port In Firewall

Apr 30, 2012

I have an issue with my firewall,each time i configured a trunk port in the firewall and connect a sw 2960S with a trunk port also, all the interfaces in the Firewall go down ( virutal intertaces, inside, outside , dmz) , also another switch 3750 that is connected to another port in the firewall( access port only) it start to a new negotiation of spanning tree.What could be causing this problem? the firewall didnt sedn bdpdu i think the IOS of the firewall its a 8.2

View 3 Replies View Related

Cisco Firewall :: 5505 Firewall Between HQ And Remote Site

Jun 12, 2012

we are planning on connecting a new aquired company to ours soon?We will connect the remote site to the HQ via a D3. I've been told we will need to have a firewall between them and us for a time. I was thinking of terminating the D3 connection at the remote site of 80 users. Can I use the asr as a firewall as well, to protect the HQ from the Remote site - or should I use a seperate appliance?I was thinking of a asa5505 but, am concerned with bandwidth limitations of the box?

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Transparent Firewall Configuration?

Sep 11, 2007

I want to configure an ASA 5505 in transparent mode (7.x). Somehow, I got it to work.. but i need some kind of step by step description. I just want to connect it with outside on a route .. inside in my LAN. Its working now with one ASA. But in the Web Interface the Interfaces inside and outside are down.. but its working.

View 5 Replies View Related

Cisco Firewall :: Setting Up A New ASA5512X / 9.0?

Jan 5, 2013

Having an issue setting up a new ASA5512X, 9.0. Outside interface is a /30 to the ISP. Inside is /30 to a Cat4500 switch. Have a few web servers inside that need to be accessible from outside. Attempting to static NAT the servers to public addresses in a /28 pool but keep getting denied by firewall seeing traffic as a spoof attack. Have tried addressing a sub-interface on the outside with a pool address, also the inside.

View 8 Replies View Related

Cisco ASA 5505 Setting Up Site-to-site Vpn

Mar 31, 2011

who's familiar with the asa 5505 could give me a basic walk through on setting up a site to site vpn between two of them. One of the previous guys set it up so that people can vpn in with the cisco client but that's a whole different problem. It disconnects after a while randomly.

View 3 Replies View Related

Firewall Setting For Printer?

Mar 14, 2011

printer sharing problem

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved