Setting Up ASA 5505 - Dual WAN

Oct 18, 2011

I have a ASA 5500 with Sec+ ?Is it possible to have Dual WAN, one WAN is used for default traffic and WAN2 would be strictly for VPN tunnels?

View 4 Replies


ADVERTISEMENT

Setting Up A Dual Router Network?

Feb 16, 2011

i have verizon DSL. Their newest router, the westell 7500, and their older one, the westell 327w. I want to setup a home network. I have heard there is a way to have these 2 routers connect wirelessly (one threw the other) so that i can hook up direct tv dvr to the internet w/out running a long cable.

View 3 Replies View Related

Cisco WAN :: Setting Up Dual WANs In RV016?

May 4, 2010

I have a multi-wan connections to RV016.  WAN1 is T1 and WAN2 is DSL.  There are some websites that I am having a problem logging in and staying logged in.  It seems like the connection from my computer is going out through two different WANs.
 
How should I set my RV016 properly so that I won't have the above issues anymore?

View 1 Replies View Related

Cisco WAN :: ASA5505 / Setting Access Policies Dual Internet Connections

Jun 7, 2011

I'm trying to set up a S2S VPN between two ASA5505 SP units running ASA Version 8.2(1). I've ordered additional ADSL2 lines to handle this traffic and I'm having troubles with the configuration for the additional PPPoE connection. Here is are extracts from my current config; First the interface vlans
 
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
 
[code]....

The result being that I can ping the OUTSIDE interface, but get no reply from the VPN interface. I've checked ADSL lines, they are up. The two PPPoE sessions are logged in and active. I can even see the ICMP packets hit the VPN interface, but there is no reply.

View 1 Replies View Related

TP-Link Dual-Band Wireless :: WR2543ND / WDR4300 Not Setting Network Shares?

Feb 20, 2013

Region : Canada
Model : TL-WDR4300
Hardware Version : V1
Firmware Version :
ISP :

I have a client that has a WR2543ND (House) and WDR4300 (Office/Internet) router that are located in two separate buildings about 40ft apart. He has each one hooked up to external antennas connected on the outside of the buildings. Back in December I got WDS working between the two routers and the PC in the house was able to use the Internet in the Office as well as share resources between the office and house computers. Two days ago I was down there working on his network and I was having problems setting up network shares. I discovered I wasn't able to ping from the Office PC to the House PC or vice versa and what's even stranger, I couldn't ping the House PC from the House Router (WR2543ND). I checked WDS status and on the House Router is says "Run" but on the Office Router it says "Int" but the WDS is definitely up because I am able to ping from the Office Router to the House Router, plus I am able to use TeamViewer to connect to the House computer from the Office computer. There are no firewalls enabled on Windows. Lastly the DHCP server is only running on the Office Router.

View 4 Replies View Related

Cisco WAN :: Dual ISP On ASA 5505?

Feb 8, 2012

At the moment I'm running a T1 to a Cisco ASA 5505 device.  I'm in the process of getting a backup ISP.  My question is, is it possible to configure this firewall with two ISPs so that the same  internal webserver can be accessed via backup ISP?

View 6 Replies View Related

Cisco VPN :: ASA 5505 Dual-ISP Backup VPN

Nov 22, 2010

I am trying to create a backup tunnel from an ASA 5505 to a pix 501 in the case of the Main ISP failing.  The Pix external side will stay the same, but not quite sure how I can create a new crypto map and have it use the Backup ISP interface without bringing down the main tunnel.
 
My first thought was to add the following crypto map to the configuration below: [code]

View 5 Replies View Related

Cisco Firewall :: Dual ISP On ASA 5505?

Oct 9, 2012

My client is transitioning to a new ISP and want to migrate there web servers in stages.  therefore they would like to keep some servers running on the old ISP and some servers use the new ISP.
 
I have set this up in a lab and keep running into routning issues (I am using 5510 for the lab as I do not have a 5505 available). I know that ASA's don't support PBR.  Is there any way or trick to get this to work on the ASA?
 
I have a feeling this is not possible and we would need to get another ASA or a Router to get this to work.        

View 1 Replies View Related

Cisco VPN :: Dual ISP Links And SLA On ASA 5505-50?

Nov 3, 2011

I have two Internet links:ISP1: only Site 2 Site VPNsISP2: only HTTP/HTTPS traffic and incoming remote access VPNs With the security plus license I could correctly configure them both as active at the same time on the same ASA device. Also, I've successfully accomplished the following traffic separation:
 
Site to Site VPNs goes out through ISP1HTTP/HTTPS traffic goes out through ISP2 The customer request is that, when ISP1 fails the S2S traffic is relayed through ISP2 -> This is working fine, I've already tested!But when ISP1's service is restored and that link is working fine, I want that the S2S VPN traffic gets relayed through it again automatically, which didn't happen. My question is: using SLA will the S2S traffic be relayed through ISP1 again automatically when it's services are restored? If not, which technology should I use to accomplish this?
 
PS: This is all configured on only 1 ASA 5505 whose license was upgraded.

View 2 Replies View Related

Cisco Firewall :: Dual ISP On ASA 5505

May 28, 2012

I need to configure my asa as follows: Two active ISP´s, one(ISP1) for outbound traffic (normal internet traffic) and the other one for inbound traffic(ISP2), http to a web server in the inside network. I have two default routes, one pointing to ISP 1 with metric 1 and the other to ISP2 with metric 2. I perform dynamic nat to ISP1 interface with hosts in the inside network and static nat to ISP2 interface with web server.

View 1 Replies View Related

Cisco Firewall :: Configure Dual ISP On 5505 8.4

Mar 27, 2013

I am attempting to set up failover dual ISP on a 5505 running 8.4(4) with the Sec Plus  license. Everything i have been able to reference so far, points to old commands not available or relevant in 8.4
 
For instance:
 
global (backup) 1 interface
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 20.20.20.1 1
route backup 0.0.0.0 0.0.0.0 30.30.30.1 10
 
What is the new syntax that should be used to mimic these commands?  I have the sla and trach reachability configuration already set up.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 With Dual ISP And 2 Networks

May 7, 2013

I would like to configure a Cisco ASA 5505 with Dual ISP (ISP 1 and  ISP2) and two networks (network 1 and network 2). My customer need that  clients in the network 1 connect to Internet with ISP1 and clients in  the network 2 connect with ISP2. If a failure occurs in ISP1 (just an  example) the network 1 clients connect with ISP2.

View 10 Replies View Related

Cisco VPN :: 5505 Dual Remote VPN Connection

Mar 30, 2012

I created three different Remote VPN connections with three different networks . i can make them one but for some reasons i don't mix all.and iam using  Cisco asa 5505 with Shrew Soft VPN software , so my problem is,- i connected Shrew soft remote vpn , if i try to connected another remote vpn connection this will not accept the second connection, any remote vpn connection software that accepts more than one connection

View 1 Replies View Related

Cisco VPN :: 5505 IPSEC VPN On Dual WAN Links

Sep 5, 2011

I have two sites with identical asa 5505's and each has the dual wan/ISP links and are set for failover using sla monitor tracking. I would like to create a vpn between these two sites that stays active regardless of which ISP link is online. Do I simply make two crytpo map statements10 and a 20 inside each of the asa's to each of the other ASA's STATIC PUBLIC IP's? [code]

View 6 Replies View Related

Cisco Firewall :: ASA 5505 Security Plus Dual ISP

Apr 5, 2010

I have an ASA5505 with Security Plus license so I can have many interfaces (not 2 + 1 limited DMZ like in base license)
 
I have 2 VLANs.Is it possible to use one ISP for VLAN 1 and other for VLAN 2 ? Is it limited to 2 ISP's or can have more ?

View 14 Replies View Related

Cisco Firewall :: ASA 5505 / Dual WAN For Different Services?

Sep 18, 2012

I have ASA 5505 ver, 8.4(1) I have configured 2 WAN links to

1. Outside1 - distance metric 50
2. Outside2 - distance metric 20
 
Currentry all traffic is passing thru Outside2 and it's correct, also s2s and ra VPN is also running on Outside2 ?My current case is to use Outside1 for webvpn services only. I can't use Outside2 becouse on 443 port other services are running, also I cant change webvpn port to other.
 
How can I match packets incoming to interface Internet1 from Interner side nad route them back thru Internet1 interface.
 
IPSLA is not a good solution becouse I need to have both WAN links used Now in routing table I have only onre record

S*   0.0.0.0 0.0.0.0 [20/0] via x.x.x.x, INTERNET2

for link with lower metric, but after some problems with provider for link Internet2 routing has changed for Internet1 and didn't change it back after resolving problem? how to create it for all traffic incoming for Internet1 interface from outside?

View 1 Replies View Related

Cisco Firewall :: Dual ISPs On ASA 5505

Dec 5, 2011

We have a cisco ASA 5505 with sec bundle plus
 
We have two ISP's:
 
ISP1 (Our IP = 30.100.150.50, gateway 30.100.150.8)
ISP2 (Our IP = dynamic, gateway 20.100.150.9) - ADSL 
Our internal LAN IP range is 10.9.8.0/24
 
We want to configure the ASA 5505 to allow users via ISP2 for http traffic We then want to use ISP1 for strictly VPN and access to internal web resources (eg OWA) as we have public IP's there.
 
Our idea was to configure two gateways on the ASA (e.g. 10.9.8.5 via ISP2 and 10.9.8.6 via ISP1)
 
Then give the users gateway 10.9.8.5 for web browsing etc Is this configuration possible on the ASA 5505?

View 4 Replies View Related

Cisco Firewall :: ASA 5505 Dual WAN Settings Required

Feb 27, 2012

I have a 5505 configured with a active/standby dual wan setup using the sla tracked connection settings. Is there a way to configure the ASA to stay on the backup connection after activating? We had a situation where the main T1 was bouncing, so the backup connection was being activated and deactivated very often. The problem is that there is an app being used that does not allow users to reconnect to dropped connections immediately, so every time the asa switches wan connections it causes a significant disruption.I should note that I already set monitor options frequency to 240 seconds. I could set it higher, but then we have a longer delay when the main connection dies.

View 2 Replies View Related

Cisco WAN :: WAN / Dual ISPs - Can ASA 5505 Do Load Balancing As Well

Jan 24, 2010

I want to link ASA 5505 to two ISP's for backup purpsose. I can see this configuration example here url...
 
Question - does the ASA 5505 do load balancing as well for both connections - is there an example somewhere? (I do not want to buy two ASA 5505's!) which seems the only way I could find configuration details for!

View 6 Replies View Related

Cisco WAN :: Require Dual WAN But Not Necessarily Firewall ASA 5505

Feb 9, 2012

I have a small office with about 20 people.  I currently have a T1 line which feeds a Cisco ASA 5505.  I would like to replace the T1 line with two (2) ADSL lines.  I need a dual WAN switch/load balancer.  I researched a bit and found that Cisco RV042 will probably work for me even though I don't need another VPN and would have to disable it.
 
My question:  Is there anothe device from Cisco or others which will give me the dual WAN and load balancing but not the VPN piece.  My assumption is that it would be a less expensive device if such an animal exists.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Split Traffic On Dual ISPs

Jul 31, 2012

I have an ASA 5505 current f/w & the security plus license (to get the 3 nameif interfaces). Can I split traffic between two ISPs, (VPN traffic to one destination on a T-1 on one VLAN, and all other traffic using DSL to another VLAN) and using a different nat policy on both? I know load balacing isn't supported, only failover. I was just wondering if there was a way to make this work.

View 3 Replies View Related

Cisco Firewall :: 5505 High Availability Over Dual WAN Connections

Mar 20, 2011

One of my remote sites acquires Internet connectivity via a cable  modem service.  This goes down intermittently, of course.  I would like  to purchase DSL service from the local telco and configure the edge ASA  (currently a 5505) to use the cable modem path normally ... and fall  back to the DSL path if necessary.
 
These seems hard to  do.  The edge box would need to evaluate the viability of a WAN path  using some set of tests ... perhaps pings to a handful of major Internet  sites.  If all those pings start failing, it would stall for a minute,  to give the WAN service provider time to recover ... then cut over to  the second path.  Cutting to the second path might mean pushing new DNS  server addresses to clients (or perhaps the edge box would hand out both  sets of DNS servers all the time and rely on the clients to try them  all.)  Once the cable modem provider restored service, the edge box  would stall for a while (ten minutes?  an hour?) and then cut back.
 
I'm willing to replace the edge box with something  fancier (a bigger ASA or something sold as a router or whatever),  although I'd like to stay under 10K (list) for such a replacement.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 With Dual ISP - How To Setup Backup Connection

May 22, 2012

how can I setup that the backup connection will start but after 30s of icmp timeout the default gateway (tracket object - 192.168.1.1)
 
My configuration:
 
sla monitor 123
type echo protocol ipIcmpEcho 192.168.1.1 interface outside
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
 
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1 track 1
route backup 0.0.0.0 0.0.0.0 192.168.2.1 254
 
track 1 rtr 123 reachability

View 2 Replies View Related

Cisco Firewall :: ASA 5505 / 5520 Dual Gateway From 3750 And 2010

May 17, 2011

I need to move the client machines off of the 3750 (and their DHCP dependency on it) to the SGE2010 and absolutely route their internet traffic out through the outside interface on the 5505. They must also be able to communicate back into the internal environment in order to communicate with the production servers.
 
The clients currently use .254 addressing through a dumb dell switch to the 3750 but I am trying to migrate them over slowly to the .253. I know that the 2010 will not do DHCP, so I am putting a DHCP server on that switch right now. The 5505 won't let me add an additional nameif statement onto one of the other eth0/x interfaces and I'm not sure if that has anything to do with it's capabilities to act as a DHCP server (it's not an option in the ASDM) or it's ability to serve as the internet gateway for the 2010 clients. (Side notes: The 5505 has a base license and is currently also connecting 1 site to site VPN. As is the 5520, so all of it's interfaces are used as well).
  
I statically assigned a moved client with a .253 address and plugged it into the 2010. I have tried giving the 2010 both a .4 address and a .253 address but neither will allow me to ping any of the addresses on the 5505. The 2010 shows automatic routes to the two subnets and I set it's default route to 253.1. The link between the 2010 and the 3750 works - clients receive a .254 address from the 3750 and can get out to the internet via the 5505 and reach the production servers as well.
 
Why won't the 2010 see the 5505 as a gateway and allow clients to get to the internet and also traverse the 3750 when they need access to the production network?

The reason why I dont' just connect the two swtiches and call it a day is because I also need the production servers to ALWAYS go out/receive web requests via  the 5520 outbound/outside interface. I'm having such a hard time wrapping my head around why i can't get my clients moved over to the new switch, I haven't even grasped how I'm going to do that yet.

View 1 Replies View Related

Cisco Firewall :: Setting Up DMZ On ASA 5505?

Nov 14, 2011

I am trying to set up a DMZ on my Cisco ASA 5505, so that the wireless clients are connected behind the DMZ, the LAN clients are connected behind the inside interface and both groups of clients can get to the Internet.  I have been able to configure the ASA for both wireless and LAN, but the wireless clients still cannot get to the Internet.  The LAN clients can get to the Internet.  I do not want the wireless clients and the LAN clients to be able to be able to communicate with each other. What commands do I need to run in order to allow the wireless clients to access the Internet? 

View 11 Replies View Related

Cisco :: ASA 5505 - Setting A VPN Connection

Apr 4, 2011

I am wondering if this Cisco ASA 5505 Box is overkill for what I need?I have just become network admin to a small office that host two domains.

[code]...

Some of the clients are requesting a connection to the office from remote locations for file access and what not. So would implementing a Cisco ASA 5505 be overkill? I am a bit nervous of going forward as I have never had to "setup" an ASA box and dont want to kill the network.If I should NOT use this box, what should I use for a VPN connection?

View 6 Replies View Related

Cisco WAN :: Setting Up Routes On ASA 5505?

Dec 12, 2012

I'm trying to set up a Cisco ASA 5505. I'm mainly setting things up through ASDM but I also have console access. Right now while I'm setting it up I have the outside/Vlan2 port attached to my existing network and a laptop connected to the inside/Vlan1 port. More info about that:
 
interface Vlan1
nameif inside
security-level 100

[Code]....

Before I added that last "0.0.0.0" entry, the ASA would not see anything on the internet. Now I can ping any external IP address from the router's console. However, the laptop I have connected to the 'inside' port still cannot reach any IP address outside the 10.10.153.0 network. Every time I try to add a similar route for the 'inside' interface, I get the following error: "You have another route configured for this network any which has same gateway 10.10.152.1 and same metric 1. You cannot add a duplicate route." I know I'm misunderstanding something here. In order to make devices connected to the 'inside' port connect to the internet, I need to set up a new route that will direct these devices to 10.10.152.1, right?

View 9 Replies View Related

Cisco WAN :: Setting Up ASA 5505 Behind 5510?

Aug 14, 2011

My company has leased some office space to an outside company that handed me a 5505 and said "We want to VPN to our HQ through your Internet". I have two issues: I need this to work and I need to be able to access the 5505 from the management network. I don't care about the VPN aspect as much as making sure that I have basic communication down. I have everything configured per the diagram, but I can't ping the 5505 outside (Vlan 2) interface. I want to be able to configure and test the VPN setup on the 5505 from Putty on my PC.
 
The default route on the 5520 sends traffic to 10.10.1.1 and the default route on the 5510 sends traffic to the WAN interface. I added this route on the 5510:
 
outside 10.94.4.0 255.255.255.0 10.10.8.1
 
I still can't ping the default gateway on the 5505. There is a switch between my PC and the 5520 but the default route passes the traffic to the 5520. However on my tracert I don't even get to the 5520. What's going on here? Do I have to add a route to the switch just to manage the ASA 5505?

View 30 Replies View Related

Cisco Firewall :: ASA 5505 - Dual ISP SLA Track With Primary PPOE Secondary DHCP

Aug 25, 2011

Cisco ASA 5505 Security Plus 1 link with PPOE dialup for internet access
 
desirable situation: Primary link with a PPOE dialup Secondary Link with DHCP address Asignment
 
Problem: i want to configure Dual ISP Failover modus, but the problem exist when i configure  the ip sla syntax it looks good in the running config. but after a reload the secondary line becomes primary
 
It looks like the ppoe client authentication is busy when the ip sla tracking mechanism becomes active. can i tweak the settings that the ip sla tracking mechanism starts later?
 
What i the correct config for Dual ISP setup with primary PPOE and secondary DHCP

View 1 Replies View Related

Cisco VPN :: Setting Up 5505 VPN For Windows 7 Client

Feb 16, 2013

I have a client that has a 5505 installed. They want to VPN in with their Win7 laptop, but they don't want to shell out $1000 for the 10-pack Cisco VPN client.I have successfully setup the clientless VPN, and they can, through a browser, get to their files, but they'd like to map network drives so it's just like they're in the office.I tried setting the IP Sec up on the 5505, and then using  the built-in Win7 VPN network connection, but no go.I also do everything through the ASDM, but I realize some things cannot be done. I'd prefer to use the ASDM!Anyone else get this configured? 99% of what I see out here is how to connect the 5505 for site-to-site VPN.

View 4 Replies View Related

Cisco Firewall :: Setting Up Port Forwarding ASA 5505

Mar 15, 2012

We are trying to setup our ASA 5505 to do port forwarding to multiple internal servers and have run into some issues. A little background on what we are trying to do.
 
We have 1 static external IP. Internally we have one exsisting server (10.1.1.184) that has port 80 forwarded to it and another exsisting server (10.1.1.185) that has port 443 forwarded to it. Both of these servers are serving seperate web apps to our employees who of course use them offsite. We have now added an additional server (10.1.1.186) that needs to use both ports 80 and 443. Is there any way to set it up so that these ports can be forwarded to all the servers that need them? Also, how would this work as far knowing what traffic will need to go to which server even though it is using the same port?
 
The equipment is: ASA 5505ASA Version 7.2(4)ASDM Version 5.2(4)   I appologize in advance if what I'm trying to do is difficult/impossible. I inherted the ASA 5505 at this location and I was not here when it was initially installed. In fact no one on staff was here when it was initially installed. I did manage to find the passwords to it though. I'm not at all familiar with the ASA 5505 or Cisco secuirty appliances in general.

View 19 Replies View Related

Cisco Firewall :: ASA 5505 - Setting Up 2 LAN Networks And 2 WAN Connections?

May 16, 2013

I have an ASA 5505 with Security Bundle license.
 
I am able to create 2 LAN networks (192.168.9.0 and 172.16.9.0) Vlan1 and Vlan12 respectively. I also setup 2 outside interfaces (outside1 and outside2).
 
Network 1 (192.168.9.0 - VLAN1) has no issues going out via Outside1, however I can't get Network 2 (172.16.9.0 - VLAN 12) to go thru outside2.
 
I put in a static route (route outside 172.16.9.0 255.255.255.0 x.x.x.x), the x.x.x.x is the default gateway of my ISP.                  

View 7 Replies View Related

Cisco Firewall :: Setting Up New ASA 5505 Into Existing Network?

Mar 21, 2013

I am having a problem trying to figure out how to add a new ASA 5505 to an existing network.  My current network is:Cable Modem  >  Linksys  >  48 port switch With multiple hosts residing on the 192.168.0.x network.Now i know that the ASA comes default with 192.168.1.1 on the inside interface and i want to change that to 192.168.0.1.  I have tried to do this thru ASDM using the wizard and manually.  Once i hit ok for it to write the config, it gives me an error that it didnt take.  I then lose connection to the ASA and have to hard boot it to get it back.I am trying to do this without my external connection connected and i have a laptop connected to the ASA on port 0/2 with an IP address of 192.168.1.75.Do i need to connect my internet connection to it first and then run the wizard?  I was hoping to get it configured for my existing network before i plugged in the internet connection to limit my downtime.This ASA came with 6.4.1 ASDM and 8.2 OS installed.  i was able to upgrade the ASDM to 7.X but when i go to update the OS to 9.1, i get an error that i am not registered to use cryptographic software.   Dont know where i need to register to get it?

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved