We are currently running ASA9 at a location with redundant ip connectivity. We’d love to configure ip sla so that internet access survives a single carrier outage. I’m aware of the ip sla commands, however when I’ve tried to prepopulate the required NAT rules, the addition of the second rule will overwrite the first. Here is an example: object network NYHQ_GUESTWIRELESS_10.110.6.0_24 nat (NYHQ-GUESTWIRELESS,NYHQ-OUTSIDE_FIOS) dynamic interface When I attempt to add an additional nat rule, perhaps [...]

Cisco ASA 5510 I currently have a NAT for SMTP on one outside IP to an internal IP. I need to setup 2 external IPs to NAT to the same IP internally. How can I do that? ex: 10.10.10.1 25 –> 192.168.0.200 25 10.10.10.3 25 –> 192.168.0.200 25 Asked by Keith You won’t be able to use static PAT for this as you would break the 1:1 mapping rule. Firewall has to know what mapping [...]

I am using Cisco ASDM for ASA I have my internal network called soa. My outside interface is called outside. Let’s say my outside IP given to me by my ISP isp is y.y.y.y I have a web server inside my network with a static ip of x.x.x.110. I have configured 2 static nat rules (one for http the other for https). Source is x.x.x.110. Interface is outside, service (http or https). Maybe I am [...]

I searched a lot and found some options but none worked. This is for a test lab setup: landing server(192.168.49.26)—(.49.25/29)Cisco6500(.49.1/29)—(49.2)Cisco ASA(x.x.55.81)—External The C6500 is the core of the test lab to which the “landing server” with IP Address 192.168.49.26 is connected. The interface to which this server is connected has the IP 192.168.49.25/29. I have 2 more L2 switches connected to the Cisco 6500 on 2 VLANs, namely VLAN 10 and 11 and some computers [...]

we have two ASA 5510s one in 8.4(4) and one in 8.2(5) in a site-to-site VPN setup. All internal traffic is working smoothly. Site/Subnet A: 192.100.0.0 – local (8.4(4)) Site/Subnet B: 192.200.0.0 – remote (8.2(5)) VPN Users: 192.100.40.0 – assigned by ASA When you VPN into the network, all traffic hits Site A, and everything on subnet A is accessible. Site B however, is completely inaccessible for VPN users. All machines on subnet B, the [...]

I’m trying to open a hole in the firewall (ASA 5505, v8.2) to allow external access to a Web application. Via ASDM (6.3?), I’ve added the server as a Public Server, which creates a static NAT entry [I'm using the public IP that is assigned to 'dynamic NAT--outgoing' for the LAN, after confirming on the Cisco forums that it wouldn't bring everyone's access crashing down] and an incoming rule “any… public_ip… https… allow” but traffic [...]

I have a Cisco ASA router running firmware 8.2(5) which hosts an internal LAN on 192.168.30.0/24. I have used the VPN Wizard to setup L2TP access and I can connect in fine from a Windows box and can ping hosts behind the VPN router. However, when connected to the VPN I can no longer ping out to my internet or browse web pages. I would like to be able to access the VPN, and also [...]

I am trying to configure a Cisco ASA 5510 to assign specific IP-addresses to specific MACs. Firmware on my ASA is 8.2(5). I have used this feature in our previous device (Cisco SA-520W). I have also read that this feature is (not yet) implemented. How do I work around this problem, if not by direct assignment? Do I need to specify fixed IP’s on concerned devices themselves? I also have a SG 300-52 switch for [...]

Whenever I write some command in ASA , it hides the full command and show the bit of command . What is the way to increase the length of Commands I write in ASA, so it doesn’t hide the command written on the Terminal Session? I tried to google it but not able to find the solution (ASA)#sho run object-group id $ Asked by user121080 You’d need to modify the terminal width parameter on the [...]

We have a small business office, but due to PCI compliance we need to segment this into two internet networks (one ‘compliant’ and one for any other devices to use). We currently have a Draytek modem/wan load balancer which also has firewalling but this is very basic and doesn’t support seperate security policies on each vlan. As such, I have just purchased an ASA 5505 and would like some pointers to setting things up: VLANS: [...]