new to cisco asa 5505
Hi everyone. I'm working on a school project and as I'm extremely new
to cisco devices I could use some help. I have the base license.
I've created an inside, outside, and dmz VLAN. I can currently access
a webpage I have hosted on one of the DMZ hosts externally. Now, the
problem is that if I want to access it from an inside host I can only
type in the external address, not the dmz host's address. If i switch
around a single NAT rule I can access it by typing in the DMZ address,
but not the external address. It is accessible the entire time from
How would I...Cisco ASA 5505 Licensing
I'd appreciate it if someone could answer this for me:
Do I need to reboot my ASA 5505 to upgrade from one license to
I believe this is done by using this command:
activation-key [activation-key-four-tuple| activation-key-five-tuple]
Are these licenses tied to the ASA's serial number or can I pre-
purchase a license and use it on a device when I need it?
>I'd appreciate it if someone could answer this for me:
>Do I need to reboot my ASA 5505 t...Cisco 871 or ASA 5505
I have two branch offices, each has only 2 users and 2 printers, which
are going to connect to their main office thru the VPN tunnels so that
each branch office can access the main office and the main office can
also access the branch resources ( printers ) .
I plan to use either the Cisco 871 or ASA 5505 at the branch offices
for this requirement. Is there any reason to select this device over
the other ?
Any advice is greatly appreciated.
<email@example.com> wrote in message
>I have two branch offi...CISCO ASA 5505 Failover
I have followed the procedures in the Cisco documents to setup a
failover pair (active/stand-by) of Cisco ASA 5505 (ASA5505-SEC-BUN-K9)
but the failover does not initiate properly.
I have tried both straight and cross-over cables, have tried different
interfaces (2 and 7) of the firewall and have ensured that the:
1) Software versions are the same
2) Identical Licences
3) # interfaces and types are the same
4) Flash memory and Ram are the same size.
Result of the command: "show version"
Cisco Adaptive Security Appliance Software Version 7.2(2)
Device Manager Version 5.2(2)
Compil...Cisco ASA-5505 and MPLS
Have a Cisco 2431 router with two interfaces e0/0 and e0/1. e0/1 is
providing the internet connection and e0/0 will be used for MPLS. the
e0/0 int will go into the 3rd port on the ASA-5505 I will route MPLS
traffic to that and internet traffis to e0/0 on the ASA. Do I have to
use hairpining intra-site and inter-site?
...ASA 5505 Dual ISP
Want to setup ASA 5505 with dual isp connections. I have found
various articles that describe how to set this up but none so far have
addressed how to handle static nat objects. We have mail, web servers
that use static nat and want to ensure these use new natted ip when
the ASA fails over.
Is this possible? Please advise, and advise will be greatly
"Marlon" <firstname.lastname@example.org> wrote in message
> Want to setup ASA 5505 with dual isp connections. ...Cisco ASA 5505 VPN issue
I just installed an ASA550 on my home network and now I have a problem
with connecting 2 PPtP vpn connections using either of the XP or
Vista VPN connections. These connnections worked fine until I
installed the ASA. Now they both contact the remote VPN locations, but
fails when trying to authenticate. The Vista client gives 'error 806:
The VPN connection between your computer and the VPN server could not
be completed.' From the XP clien, the error states 721:The remote
computer did not respond.
Here is my current ASA config:
ASA Version 7.2(2)33
domain-name defa...Cisco ASA 5505 URL Blocking
I would like to block all URLs on the Outside Network for a specific
inside host. Furthermore I would like to exclude a few outside URLs from
the general " all URLs blocked" which shall be accessible by the
Is it possible with an ASA Box. To make it clear again: a specific
inside Host should only be allowed to access external URLs which are
explicitly allowed in the FW. All other traffic to the outside world
should be disallowed. All other inside hosts on the Network should not
be affected by this policy.
Is this possible with an ASA 5505? H...Cisco ASA 5505 VPN timeout?
A user is reporting that his VPN session times out after
seven hours and thirty-eight minutes (7:38). In the Cisco
ASA 5505 where do I find and change the timeout. This seems
like such an odd value.
Posted via a free Usenet account from http://www.teranews.com
...Cisco ASA 5505 VPN Help
This is my first Cisco product that I've tried using the new (ASDM)
GUI interface to set up. I have to say that I'm surprised at how
difficult the GUI interface is for configuration compared to other
products. But maybe I just need to learn my way around it more.
Can someone help me with the VPN and GUI?
I configured VPN via the GUI, but I do not see any way to check the
status of the VPN or even a place to "connect" and/or
"disconnect" (bring up/down). I'm trying build a tunnel to a LinkSys
WRV54G. Does the GUI provide this level of support or do I need to go
back to the command line? How do I know if the Cisco is trying to
Are there any good books or docs on how to sue the new GUI (ASDM)?
On Dec 7, 2:09 pm, tdenham...@gmail.com wrote:
> This is my first Cisco product that I've tried using the new (ASDM)
> GUI interface to set up. I have to say that I'm surprised at how
> difficult the GUI interface is for configuration compared to other
> products. But maybe I just need to learn my way around it more.
> Can someone help me with the VPN and GUI?
> I configured VPN via the GUI, but I do not see any way to check the
> status of the VPN
go to: monitoring (tab on top of the gui) -> vpn
or even a place to "connect" and/or
> "disconnect" (bring up/down).
monitoring (tab on top of the gui) -> vpn -> vpn statistics ->
sessions -...QoS on Cisco ASA 5505 (DSL)
I have a site with a DSL connection and I'd like to implement outgoing
QoS for VoIP. I am aware that the QoS cannot be guaranteed on the
inbound (unless done from the ISP) but at this time I'm only having
issues when the users on-site are uploading data to an FTP site. I
had a similar site 2-3 years ago where I successfully did this,
however I do not have a copy of the configuration file, and am having
difficulty duplicating what I did back then. Basically as soon as
they start uploading files to the FTP site the call data starts
cutting in and out.
This is my current c...Forwarding Ports through a Cisco ASA 5505
If someone could help me that would be great. I have a Cisco ASA 5505
that I'm trying to configure to allow any Internet IP Address to come
through port 3206 and get to a workstation on the Internal network on
the same port.
I've changed my Outside IP in the following information for security
sake. Also, I've typically been using the Cisco ASDM utility to
perform the configuration as I'm not familiar with many of the command
line commands (but feel free to help me via command line instructions
if that's what you know).
My setup is like this:
Outside IP = 1.2.3....Cisco PIX or ASA DNS Question
Is there any way in either the Cisco PIX 515E or in an ASA to setup
objects as DNS names instead of by IP address? I need to be able to
allow FTP access to a site such as ftp.hp.com instead of the ip
In article <email@example.com>,
jmiddleton <firstname.lastname@example.org> wrote:
>Is there any way in either the Cisco PIX 515E or in an ASA to setup
>objects as DNS names instead of by IP address? I need to be able to
>allow FTP access to a site such as ftp.hp.com instead of the ip
No, there isn'...Cisco ASA 5505
I'm planning big reconstruction on out office network. Regarding our
plan I have few questions and please, if you can help, please do!
Thank you in advance!
Now we have HP Proliant ML350 server (we are using it mainly as file
and print server), 24 switch HP Procurve 2524, 20 pcs Windows XP
desktop PC and notebooks and 3 Linksys AP. Our internet connection is
shared 5/5 Mbps link with most closed ports except for web, e-mail and
other only basic usage. We have static IP address.
Our plan is to allow our employees to connect to server through VPN,
start Exchange e-mail server w...Cisco ASA 5505 causing network down
I have done following config on ASA 5505,
ASA Version 7.2(3)
enable password * encrypted
name 10.6.1.1 GlobalIP
ip address 220.127.116.11 255.255.0.0
ip address GlobalIP 255.255.255.248
switchport access vlan 2
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode pas...Cisco!! Cisco!! Cisco!!
...ASA 5505 and Cisco Client VPN pass-through
With the old PIX v6 multiple Cisco VPN clients on the inside could not reach
a remote host. For example, visitors come to your location where you are
using a PIX firewall with VPN and they cannot use Cisco Client to VPN to
their home office.
Is the ASA 5505 v7.2.3 any better at this?
"just bob" <kilbyfan@aoldotcom> wrote in message
> With the old PIX v6 multiple Cisco VPN clients on the inside could not
> reach a remote host. For example, visitors come to your location where you
> are usin...Ping a untrust interface at cisco asa 5505
what must i set in the ASDM when i will ping a outside interface?
I have set properties->device adminstation->ICMP Rules. I have add the a
rule that any ICMP Typs, any address on the outgoing interface are
permited... But i cant ping the ip address of the outside interface.
What make i wrong? It?s my first time with a Cisco ASA.
Can my help please someone. Thanks.
"Michael Kuhn" <email@example.com> wrote in message
> Hi all,
> what must i set in the ASDM when i will ping a outside interface?
...Cisco ASA 5505 configuration for PPPOE/BellSouth
Hello all, I just purchased a Cisco ASA 5505 and I am having trouble
configuring my device to work with my BellSouth DSL connection. I
tried placing the Netopia 3347NWG in what's called bridge mode but
then configure the 5505 for PPPOE but authentication continued to
Now I am going to try PPPoE with a Routed Subnet, using the
instructions from the Netopia link below (http://www.netopia.com/
I am including my current 5505 conf for your viewing. Any help or
advice would be greatly appreciated.
domain-name jaszlin...New Cisco ASA 5505 Appliance Help?
I'm trying to setup a Cisco 5505 to tunnel to a LinkSys VPN router,
but not having much luck. I'd like to do IPSec 3des/md5, PSK and
I'm new to the Cisco ASA (mostly command line history), but was trying
to find a place in the ADSM launcher to show the status of the VPN?
Is there such a view on the ADSM? Is there a place to stop/start the
Seems I'm not having much luck talking to the LinkSys WRV54.
This linksys WRV54 will not talk to FreeSWAN like the older LinkSys
BEFVP41:( I'm hoping it will talk to the Cisco 5505.
Thanks in advance!
...ASA 5505 as hardware vpn client to PIX 501 or ASA 5505 with network extension mode activated
We have been using a PIX 501 for a couple of years now to access a
local network with Cisco VPN software client. However we now need
access from another site with multiple users so I decided to buy two
ASA 5505 UL bundle to do the job. First i tried to just hook up the
new ASA at the remote site and connect to the PIX 501 with easy vpn.
In went fine. I configured the new ASA right from the box with the old
vpn profile settings and it worked right away. But as we also need the
remote site to be accessed from the main site (PIX side) i tried to
enable "network extension mode" but ...Cofiguring ASA 5505: Static IP, DNS, Gateway
I'm setting up an ASA 5505 for a client and am pretty much done.
However, I have a question. Where in the configuration (ASDM Web
Interface or CLI) do I enter the default gateway for the ISP? The
client is using a DSL modem for access to the internet and they
acquired 1 static IP address and was given the primary and secondary
DNS plus the default gateway of the ISP. I've configured the ASA but
can only see where the IP address and DNS numbers go.
Where does the default gateway of the ISP enter into all of this?
The DSL modem is set up as a Bridge for the ASA to access...Another port forwaring example cisco ASA 5505
Just wanted to add another example of how to set up port forwarding on
a cisco asa 5505.
This is how I managed to get it working.
This is an example where the inside network is 192.168.1.0 with
netmask 255.255.255.0. The cisco asa has an ip address of 192.168.1.1.
I am setting up a rdp and http rule to a server with the IP address of
I am doing this by connecting to the ASA with the console cable using
the terminal emulator ZOC pro 6.14 from emtec software. bitrate is
ciscoasa# conf t
First some NAT rules
ciscoasa(config)# static (inside,outside) t...asa 5505 + l2l vpn + cisco client vpn
I'm trying to replace PIX 506[working ok] with asa 5505. But just
after swaping them some of the vpn links doesn't work. I can't ping
sites. Cisco vpn client access doesn't work too. I was following few
cisco manuals but I can't figure out what is missing in my config.
Could you pls have a look at my config maybe sth obvious - I hope so.
: Written by enable_15 at 01:48:02.989 UTC Tue Jan 13 2009
ASA Version 8.0(4)
enable password zzzzzzzzzzzzzz encrypted
passwd zzzzzzzzzzzz encrypted