Add a second WAN CIDR range to ASA 5505

Similar Messages

• How can I map SSH from an outside network range to an internal host (ASA 5505)

  Cisco Adaptive Security Appliance Software Version 7.2(4)
  Device Manager Version 5.2(4)
  - External network range that needs SSH access: 8.8.8.0/24
  - Outside interface: 10.1.10.2 (NAT'd from 7.7.7.7)
  - Inside Network: 192.168.100.0/24
  - Inside host to redirect external SSH to: 192.168.100.98
  Hi All,
  I have a Cisco ASA 5505 (version above) and I have someone that needs to SSH into a box behind the ASA. I'm having a few issues trying to configure this access-list and NAT. I've tried many combinations and clearly my IOS is not as good as I thought.
  Can anyone help with this? What commands should I enter to accomplish mapping SSH from an outside network range to an internal host?
  Many thanks,
  Tarran

  This may or may not work depending on how your modem handles the natting. On your firewall try this -
  static (inside,outside) tcp interface 22 192.168.100.98 22
  then add this to your acl on the outside interface of your ASA -
  access-list outside_in permit tcp 8.8.8.0 255.255.255.0 host 10.1.10.2 eq 22
  if you don't have an acl applied then add this extra step -
  access-group outside_in in interface outside
  Jon

• ASA 5505 Dual WAN - Ping inactive wan from outside?

  I currently have some small branch offices using ASA 5505 with Security Plus license and dual wan connections. They are configured wil an sla monitor so if the primary WAN goes down the secondary connection becomes active. This works as expected, however...
  I can't ping the non-active interface from an outside source. I beleive this is by design or due to some limitation on the 5505. The problem is that I don't know if the backup WAN connection is functioning normally without forcing the ASA to make it active. We use a flaky wireless connection for the backups. The problem recently bit me because both WAN connections were offline.
  I'm looking for an easy way to monitor the inactive wan interface, preferably by pinging from an outside location. Is this possible?

  Hello,
  This wont work because the ASA receives the ping on the backup link but has the default route pointing to the outside.
  You would have to add a more spefic route for your IP.
  Example:
  If you want to ping coming from IP 1.1.1.1
  route outside 0 0 x.x.1.1 1 track 1
  route backup 0 0 x.x.2.2 250
  route backup 1.1.1.1 255.255.255.255 x.x.2.2
  Regards,
  Felipe.
  Remember to rate useful posts.

• Cisco ASA 5505 - outside can't DHPC as router use same range

  Hi
  Im new to the ASA and is trying to setup at test net. The ASA is connected to my router on port zero using DHPC.
  (Or i guess its not as the router use the same ip range as ASA does inside).
  I tried to set a static IP in the same range (eg. 192.168.1.20) but then get the message "cannot overlap with the subnet of interface inside".
  So I belive that is why it dont get a IP from my router - it does show up in the router DHPC table as 192.168.1.5 but ASDM home says outside "no IP address".
  I tried to change the inside range of the ASA but if I change the inside IP i loose connection.
  (Had to restore factory-default useing the console).
  I guess I could setup another range using the console, but how?
  How can I setup this test net?

  If I need to save I did not. (I have not used the console before).
  Found the: "write memory" and reload command.
  I cant connect to the asa using ADSM-IDM Launcher (from PC connected to the inside lan).
  It seems that the asa DHPC server does not work.
  And: show running-config
  ciscoasa# show running-config
  : Saved
  ASA Version 8.2(5)
  hostname ciscoasa
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.2.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  no ip address
  ftp mode passive
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 1 0.0.0.0 0.0.0.0
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcp-client client-id interface outside
  dhcpd auto_config outside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:5085ad55b43198c7490b2edfee450906
  : end

• How to Add Cisco 861's behind ASA 5505

  I will be setting up a VPN with a client soon.  They are shipping 2 Cisco 861's that are planning to go behind our ASA 5505.  They are set up to be NATed.
  I am trying to understand what the best way to do this would be as I seem to keep running into limitations of the ASA 5505.
  Our ASA has a public IP of 2.1.2.14/30 assigned to it's outside interface.
  The public IPs to be NATed to the 861's are 2.1.2.218 and 2.1.2.219/29.
  1. How can I assign this seperate public IP block to the ASA? Is it even possible?
  2. If not possible, what would other options be?
  3. Would an upgraded license that allows for additional interfaces make this easier? (I would not do the NATing then, just assign the new public IP block to another interface)
  Appreciate any help or suggestions.

  Hi,
  I personally run into these situations too and more than one occasion the users start to run into different kind of problems when they got additional hardware on their LAN that we dont manage.
  If you HAVE to do this as you described I would need some additional information
  What software version is your ASA?
  Do you have a Base License version of the ASA5505?Can confirm this with "show version" command
  In the original post, do you mean that you have a small link network (/30) with the ISP and that the ISP has also provided you with a small subnet for NAT purposes (/29)
  The first thing mentioned above would be needed to confirm what NAT format to use.
  Otherwise if the following 2 are true then there should be no problem using the additional IP address range on your ASA5505 firewall.
  There are 2 ways to go.
  Option 1.
  Make sure that the ISP has routed the additional /29 network towards your ASA5505 "outside" IP address
  Now just configure the needed NAT configurations (can naturally help with the configurations when I know the software level of the ASA)Notice that the additional public subnet doesnt need to be configured on any interface of the ASA. You can just configure NATs using those IP addresses as usual. The critical thing here is that the ISP has routed the network towards your ASA and HAS NOT configured this additional /29 subnet on their gateway as a secondary network.
  Option 2.
  Even if you have the ASA5505 at Base License you can still configure 3 interfaces on the ASA5505. The one thing to notice here is that you need to configure the "no forward interface Vlanx" to the third Vlan interface which will prevent this third Vlan from connecting to networks behind the interface Vlanx. This however doesnt stop Vlanx from connecting to networks behind third Vlan interface.This might provide a possibility to use the WAN side of the VPN routers on the third interface of the ASA since they you can limit their connectivity to the "inside" Vlan and this would mean they could still connect to "outside"
  Hopefully I made any sense. Please ask more if I was unclear about something above (which might be possible )
  - Jouni

• Can I add a second plot to an XY graph without having to re-draw the first?

  Hi,
  I'm trying to figure out a way to add a second plot (a linear fit between 2 cursors) to an XY graph without having to redraw the first plot (the underlying data). The reason this is important is that the first plot is typically hundreds of thousands of data points (or more), and it is slow to redraw. I would like the user to be able to move cursors around and dynamically do a linear fit to the underlying data in the range between the two cursors, with the line being drawn as the second plot.
  My current program just wires both plots to the graph and re-draws both. This ends up being quite slow.
  Ken

  Here's a quick draft how you could draw the regression line (LabVIEW 8.2). Modify as needed.
  Message Edited by altenbach on 10-28-2007 12:51 PM
  LabVIEW Champion . Do more with less code and in less time .
  Attachments:
  DrawRegression.png ‏28 KB
  PlotLine.vi ‏46 KB

• How do i add a second movie to an idvd project when 'sharing' from imovie always opens a new idid window?

  I am creating an idvd project with multiple imovie projects.  I know I need to share my imovie project with Idvd.  WEhen I do that, idvd automatically opens.  Now I want to add a second project.  The problem is that when I share imovie projects a second time, it automatically opens a second idvd project.  I want to add multiple imovie projects on one idvd project.

  One should not share directly to iDVD from iMovie.  The Share ➙ Media Browser option should be used as that results in a better quality movie in iDVD.  Do the same for both movies and you can drag the movies from the Media ➙ Movies pane in iDVD into the DVD menu window at the left.
  Follow this workflow to help ensure the best quality video DVD:
  Once you have the project as you want it save it as a disk image via the File ➙ Save as Disk Image  menu option. This will separate the encoding process from the burn process. 
  To check the encoding mount the disk image, launch DVD Player and play it.  If it plays OK with DVD Player the encoding is good.
  Then burn to disk with Disk Utility or Toast at the slowest speed available (2x-4x) to assure the best burn quality.  Always use top quality media:  Verbatim, Maxell or Taiyo Yuden DVD-R are the most recommended in these forums.
  OT

• Pavilion dv7 - Can I add a second hard drive?

  I have an HP Pavilion dv7 2173cl laptop. I've read that I can add a second internal hard drive. Is that correct? If so, what is the max size that it will take? Any special type that I should buy?
  Thanks!
  This question was solved.
  View Solution.

  Hi,
  This model allows to use 2 HDD's. Max capacity is 500 GB.
  To install second drive you will need Hard Drive Caddy and Cable Connector. You may buy them here.
  Here is service documentation for your model. On page 46 you may check where you may install secondary hard drive.
  ** Say thanks by clicking the "Thumb up" icon which is on the left. **
  ** Make it easier for other people to find solutions, by marking my answer with "Accept as Solution" if it solves your issue. **

• Can I add a second hard drive on Qosmio X500-12Q?

  Hi,
  i'd like to know if its possible to add a second hard drive to the X500-12Q ?
  i suppose the space is available but i'd like to know if the connector is here & everything
  so i could just open the enclosure and plug it in.
  thanks

  Hi jeandujardin,
  I dont have Qosmio X500 but generally speaking its no problem to exchange the internal HDD with a SSD but I dont know if the model has 2 SATA connectors.
  If you are not sure ask the salesman if its possible to install a second HDD or SSD.
  SSDs are no problem because they have the same SATA interface as normal HDDs.

• Can i add a second hard drive to my macbook pro

  can i add a second hard drive to my macbook pro

  stevefromapo wrote:
  I purchased a OWC DataDoubler kit with a 750GB hd and it works fine.  I just need to get a USB CD Drive for mac so if i need to reinstall my OS I can do it.
  You could put your install disc on a USB Flash drive with Disk Utility. Also, here is the USB optical drive enclosure I bought. He raised the price a few bucks. Mine ran $10.00 with the shipping. 
  17" 2.2GHz i7 Quad-Core MacBook Pro  8G RAM  750G HD + OCZ Vertex 3 SSD Boot HD 

• Can I add a second hard drive and if so what cable etc would I need to do so?

  Can I add a second hard drive and if so what cable etc would I need to do so?
  This question was solved.
  View Solution.

  Hi,
  For many 17" (or 17.3") machines such as Envy 17, dv,  Pavilion 17 .... you can add a second HDD (my old loan dv7 has two HDD's and my current loan Envy 17 also has 2 HDD's). You would need the following kit:
      http://www.newmodeus.com/shop/index.php?main_page=product_info&products_id=379
  Regards.
  BH
  **Click the KUDOS thumb up on the left to say 'Thanks'**
  Make it easier for other people to find solutions by marking a Reply 'Accept as Solution' if it solves your problem.

• "One or more field types are not installed properly" when I try to add a second discussion board web part to a page

  I have a SharePoint 2010 site with two discussion boards. I added one additional field to each of the boards: a lookup to another list to link the discussions to individual projects. I need 2 different boards because they have different posting permissions
  (one is open to all for comments, and one is open only to the project team to post but everyone can read).
  When I go to the pages for each of the discussion boards, they work fine.
  But I'm putting together a page for individual projects, and want to have web parts for both discussion boards on the same page, showing the discussions related to the selected project.
  I am able to add one of the discussion boards to a web part in the page, but when I add the second discussion board to the page, the new web part contains:
  One or more field types are not installed properly. Go to the list settings page to delete these fields.
  Correlation ID: blah blah blah
  I've searched for similar postings, but mostly I see this error message related to migration from 2007 to 2010 -- this is not the case here: I created both discussion boards, and the whole site, in SP 2010. I've also found this message related
  to coding errors using SPQuery. I am not doing any coding here, just using the built-in SharePoint 2010 Edit Page -> add a web part -> select the discussion list.  I tried doing it from SPD with the same result. 

  I figured it out. I was using ?FilterField1=fieldname&FilterValue1=value on the URL to the page to pick out one project number. The web part I was trying to add was for a list that did not have that particular fieldname. I didn't realize that would matter
  since I was using the Connections -> Get Filter Values From to get my filter values from the main web part, which does have that fieldname.
  I added a field with that fieldname to the other list and set a workflow to copy the lookup value of the project number lookup field into the new field. Now all is working fine.  Sorry for the wild geese in my original question.

• ASA 5505 LAN-to-WAN site-to-site VPN

  Hi
  I need to set up a site-to-site VPN on ASA 5505 (ASA version 8.4) on a private IP address range to a third party who have are using internet routable IP addresses for the remote LAN.
  E.g. in the Protected Networks settings
  Local Network: 192.168.1.0/24
  Remote Network: 1.1.1.0/24
  Is this possible?
  Thanks
  Julian

  Yes, it is possible, use in the interesting traffic identifier ACL (i.e crypto ACL) the remote destination address is public address instead of a private address and your VPN remote peer's address is naturally public address if it goes over public-cloud. You may have an ACL on the inside interface, control (local LAN) access to remote tunnel end.
  This setup is much similar to vpn tunning to banks over public-cloud.
  Thanks
  Rizwan Rafeek.

• How do i add a second itunes account on same email

  How do i add a second itunes account on the same email address?

  Create a new AppleID (or use a different one if you are already doing so), then sign onto the iTunes Store that way and set up payment etc.
  There's many other aspects to this question, including if you want this all to go to the same library, the same user account on the computer, etc.
  Warning: For the purposes of redownloading items (make sure you understand redownload vs. first time download) you can only change primary AppleID associated with a computer every 90 days.  For other things such as buying new items there is no restriction.
  Items purchase under one account cannot be transferred to another.  you will still always have to use the old ID for any purchase you made under that ID.

• I have an external hard drive set up as a Time Machine backup on my IMac. I want to add a second external hard drive and put my Aperture Photo Library on it. Is there a way to have the photos on this second hard drive automatically back up to the Time Mac

  I have an IMac with an external hard drive set up as  a Time Machine for automatic backups. I want to add a second external hard drive and load my Aperture Photo Library on to it so that the library can be shared by both me and my wife. Is there a way to automatically backup the photo library that will be on the second hard drive to the Time Machine hard drive?

  Open System Preference > Time Machine
  Click Options....
  Ckick on external disk in list and hit the - button below the list to remove from the Exclusion list
  Allan