Can't Access Internal Servers From Behind An ASA 5505

Similar Messages

• Can't access internal network from VPN using PIX 506E

  Hello,
  I seem to be having an issue with my PIX configuration. I can ping the VPN client from the the internal network, but can cannot access any resources from the vpn client. My running configuration is as follows:
  Building configuration...
  : Saved
  PIX Version 6.3(5)
  interface ethernet0 auto
  interface ethernet1 auto
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  enable password N/JZnmeC2l5j3YTN encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  hostname SwantonFw2
  domain-name *****.com
  fixup protocol dns maximum-length 512
  fixup protocol ftp 21
  fixup protocol h323 h225 1720
  fixup protocol h323 ras 1718-1719
  fixup protocol http 80
  fixup protocol rsh 514
  fixup protocol rtsp 554
  fixup protocol sip 5060
  fixup protocol sip udp 5060
  fixup protocol skinny 2000
  fixup protocol smtp 25
  fixup protocol sqlnet 1521
  fixup protocol tftp 69
  names
  access-list outside_access_in permit icmp any any
  access-list allow_ping permit icmp any any echo-reply
  access-list allow_ping permit icmp any any unreachable
  access-list allow_ping permit icmp any any time-exceeded
  access-list INSIDE-IN permit tcp interface inside interface outside
  access-list INSIDE-IN permit udp any any eq domain
  access-list INSIDE-IN permit tcp any any eq www
  access-list INSIDE-IN permit tcp any any eq ftp
  access-list INSIDE-IN permit icmp any any echo
  access-list INSIDE-IN permit tcp any any eq https
  access-list inside_outbound_nat0_acl permit ip 192.168.0.0 255.255.255.0 192.168.240.0 255.255.255.0
  access-list swanton_splitTunnelAcl permit ip any any
  access-list outside_cryptomap_dyn_20 permit ip any 192.168.240.0 255.255.255.0
  no pager
  mtu outside 1500
  mtu inside 1500
  ip address outside 192.168.1.150 255.255.255.0
  ip address inside 192.168.0.35 255.255.255.0
  ip audit info action alarm
  ip audit attack action alarm
  ip local pool VPN_Pool 192.168.240.1-192.168.240.254
  pdm location 0.0.0.0 255.255.255.0 outside
  pdm location 192.168.1.26 255.255.255.255 outside
  pdm location 192.168.240.0 255.255.255.0 outside
  pdm logging informational 100
  pdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_outbound_nat0_acl
  nat (inside) 1 192.168.0.0 255.255.255.0 0 0
  access-group outside_access_in in interface outside
  access-group INSIDE-IN in interface inside
  route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
  timeout xlate 0:05:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout sip-disconnect 0:02:00 sip-invite 0:03:00
  timeout uauth 0:05:00 absolute
  aaa-server TACACS+ protocol tacacs+
  aaa-server TACACS+ max-failed-attempts 3
  aaa-server TACACS+ deadtime 10
  aaa-server RADIUS protocol radius
  aaa-server RADIUS max-failed-attempts 3
  aaa-server RADIUS deadtime 10
  aaa-server LOCAL protocol local
  http server enable
  http 192.168.0.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server community public
  no snmp-server enable traps
  floodguard enable
  sysopt connection permit-ipsec
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map client authentication LOCAL
  crypto map outside_map interface outside
  isakmp enable outside
  isakmp identity address
  isakmp policy 20 authentication pre-share
  isakmp policy 20 encryption des
  isakmp policy 20 hash md5
  isakmp policy 20 group 2
  isakmp policy 20 lifetime 86400
  vpngroup swanton address-pool VPN_Pool
  vpngroup swanton dns-server 192.168.1.1
  vpngroup swanton split-tunnel swanton_splitTunnelAcl
  vpngroup swanton idle-time 1800
  vpngroup swanton password ********
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd address 192.168.0.36-192.168.0.254 inside
  dhcpd dns 8.8.8.8 8.8.4.4
  dhcpd lease 3600
  dhcpd ping_timeout 750
  dhcpd auto_config outside
  dhcpd enable inside
  username scott password hwDnqhIenLiwIr9B encrypted privilege 15
  username norm password ET3skotcnISwb3MV encrypted privilege 2
  username tarmbrecht password Zre8euXN6HxXaSdE encrypted privilege 2
  username jlillevik password 9JMTvNZm3dLhQM/W encrypted privilege 2
  username ruralogic password 49ikl05C8VE6k1jG encrypted privilege 15
  username bzeiter password 1XjpdpkwnSENzfQ0 encrypted privilege 2
  username mwalla password l5frk9obrNMGOiOD encrypted privilege 2
  username heavyfab1 password 6.yy0ys7BifWsa9k encrypted privilege 2
  username heavyfab3 password 6.yy0ys7BifWsa9k encrypted privilege 2
  username heavyfab2 password 6.yy0ys7BifWsa9k encrypted privilege 2
  username djet password wj13fSF4BPQzUzB8 encrypted privilege 2
  username cmorgan password y/NeUfNKehh/Vzj6 encrypted privilege 2
  username cmayfield password Pe/felGx7VQ3I7ls encrypted privilege 2
  username jeffg password zQEQceRITRrO4wJa encrypted privilege 2
  terminal width 80
  Cryptochecksum:9005f35a85fa5fe31dab579bbb1428c8
  : end
  [OK]
  Any help will be greatly appreciated

  Bj,
  Are you trying to access network resources behind the inside interface?
  ip address inside 192.168.0.35 255.255.255.0
  If so, please make the following changes:
  1- access-list SWANTON_VPN_SPLIT permit ip 192.168.0.0 255.255.255.0 192.168.240.0 255.255.255.0
  2- no vpngroup swanton split-tunnel swanton_splitTunnelAcl
          vpngroup swanton split-tunnel SWANTON_VPN_SPLIT
  3- no access-list outside_cryptomap_dyn_20 permit ip any 192.168.240.0 255.255.255.0
  4- isakmp nat-traversal 30
  Let me know how it goes.
  Portu.
  Please rate any helpful posts   

• I saved photos from my Macbook Pro onto my Iphone (using itunes, 4 years ago). My macbook is now dead and I need to get the photos I saved off of my iphone 3GS transferred to a pc.  Any help...  From my PC I can only access "internal storage"

  I saved photos from my Macbook Pro onto my Iphone (using itunes, 4 years ago). My macbook is now dead and I need to get the photos I saved off of my iphone 3GS transferred to a pc.  Any help...  From my PC I can only access "internal storage"

  The iphone is not a storage/backup device.  The picture sycn is one way - computer to iphone.  The photos are also reduced in size when synced to iphone so they are not of the original quality
  It has always been very basic to always maintain a backup of your computer.
  Have you failed to do this?
  If so, not good at all, you can e-mail the pics to yourself - keep in mind they will never be of the original quality

• Can't access work IMAP from home

  Hi
  We're running mail service (IMAP) on OS X Server 10.3.9 at the office. Everything works fine when I'm on the network locally - I can send and receive external emails etc.
  However, I can't access the server from home using either the domain name or IP address. I used to be able to but we've recently changed ISP & router and I'm not sure if this has affected it. I assume the MX records for the domain are fine since we can send and receive.
  I'm not really an IT admin-type guy (it's just kinda become my responsibility) so I don't fully understand DNS, local domains etc.
  If anybody has any pointers, I'd really appreciate it.
  Thanks
  Ian
    Mac OS X (10.3.9)  
  PowerBook G4 1.5   Mac OS X (10.4.8)  
    Mac OS X (10.4.8)  

  Everything works fine when I'm on the network locally - I can send and receive external emails etc.
  However, I can't access the server from home using either the domain name or IP address. I used to be able to but we've recently changed ISP & router and I'm not sure if this has affected it.
  DNS Basics: the DNS server basically resolves a 'name' to an IP address. E.g. mail.mydomain.com to the IP address of the mailserver.
  When you are inside the local network (LAN), your computers probably find the server using a local IP address. When you are outside the LAN, then your computer will find it EITHER by using the public IP address of your firewall OR using a name which will resolve to the same.
  Since it worked before you changed ISPs, I'm guessing that you had it set explicitly to the WAN IP address. This will have changed with the change of ISP.
  Easiest way to fix this is to use the same host name as you MX record is set to. So if your MX record is mail.mydomain.com then use this as it is obviously resolving to the IP address of your mail server (or more exactly, the IP address of your firewall).
  NEXT, since your router has also changed (and I presume this is also your firewall) then you need to ensure that the imap port required (143) is open and port-forwarding to the internal IP address of the mail server.
  -david
      Server 10.4.8

• Can't access my desktop from the sidebar. Keeps going to terminal

  can't access my desktop from the sidebar. Keeps opening in terminal window. Also when trying to save from an email, I cannot save to desktop

  If you haven't already restart and test, if no joy then Repair Disk Permissions in Disk Utility. Open Disk Utilties (Applications - Utilities - Disk Utility) select the internal HD, select the First Aid tab and then click Repair Disk Permissions. To be safe run Repair Disk Permissions 2x.

• Can't access my dvr from safari

  Hi,
  I have a problem with safari.  I can't access my dvr from the browser.
  After I sign in to my dvr webpage this message comes instead of loading java: The requested URL was not found on this server
  I have this message when I try with Mozilla:
  CacheEntry[http://xx.xxx.xx.xx/application.jar]: updateAvailable=false,lastModified=Thu Jan 01 01:00:00 CET 1970,length=40266
  Missing Application-Name manifest attribute for: http://xx.xxx.xx.xx/application.jar
  Missing Permissions manifest attribute in main jar: http://xx.xxx.xx.xx/application.jar
  java.io.FileNotFoundException: abc (Permission denied)
  Thanks in advance for any help you can provide!

  Sorry... I didn't realize that this problem was common, not rare.
  I remove the Discussion-related cookies and restarted. I did get to the sign-in page this time, but after clicking the sign-in button, I got "An Internal Server Error Has Occurred." (Nothing else on the page.)
  I decided to check cookies again, and the same ones that I eliminated were back again. Needless to say, repeating the exercise didn't work.
  Resetting Safari is out of the question. I have years worth of settings and cookies stored there for a good reason, and I'm not going to start over from scratch. I can't imagine why anyone would, unless they have a whole lot of time on their hands.
  So... I've decided that this is Apple's problem. If I need Apple Discussions I'll use a browser that works.. which apparently is every browser except Safari. Now that's ironic!

• Can not ping internal network from ASA

  I can not ping internal computer from ASA. Comp IP address 192.168.187.15, gateway is 192.168.187.14 which is ASA internal interface. I've got an IP Phone connected to the same ASA with Ip address 192.168.185.15 and internal ASA interface 192.168.185.14 and everything works fine. We are doing testing, do not be surprised of configuration.
  ASA Version 8.2(1)
  hostname ciscoasa
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  dns-guard
  interface GigabitEthernet0/0
  nameif ouside3
  security-level 0
  ip address 10.254.17.25 255.255.255.248
  interface GigabitEthernet0/1
  nameif outside
  security-level 0
  ip address 10.254.17.9 255.255.255.248
  interface GigabitEthernet0/2
  nameif Lan
  security-level 100
  ip address 192.168.185.14 255.255.255.0
  interface GigabitEthernet0/3
  nameif comp
  security-level 50
  ip address 192.168.187.14 255.255.255.0
  interface Management0/0
  nameif management
  security-level 100
  no ip address
  management-only
  boot system disk0:/asa821-k8.bin
  ftp mode passive
  access-list 110 extended permit ip any any
  access-list nat extended permit ip any any
  access-list allow_ping extended permit icmp any any echo-reply
  access-list allow_ping extended permit icmp any any source-quench
  access-list allow_ping extended permit icmp any any unreachable
  access-list allow_ping extended permit icmp any any time-exceeded
  access-list allow_ping extended permit udp any any eq isakmp
  access-list allow_ping extended permit esp any any
  access-list allow_ping extended permit ah any any
  access-list allow_ping extended permit gre any any
  access-list nonat extended permit ip any any
  access-list nat2 extended permit ip any any
  access-list nonat2 extended permit ip any any
  pager lines 24
  logging asdm informational
  mtu ouside3 1500
  mtu outside 1500
  mtu Lan 1500
  mtu comp 1500
  mtu management 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (Lan) 0 access-list nonat
  nat (Lan) 1 access-list nat
  nat (comp) 0 access-list nonat
  nat (comp) 1 access-list nat
  access-group allow_ping in interface outside
  router eigrp 2008
  neighbor 10.254.17.10 interface outside
  network 10.254.17.8 255.255.255.248
  network 192.168.185.0 255.255.255.0
  network 192.168.187.0 255.255.255.0
  route outside 0.0.0.0 0.0.0.0 10.254.17.10 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 management
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set myset esp-3des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto map mymap 10 match address 110
  crypto map mymap 10 set peer 10.254.17.10
  crypto map mymap 10 set transform-set myset
  crypto map mymap interface outside
  crypto map mymap2 20 match address 110
  crypto map mymap2 20 set peer 10.254.17.18
  crypto map mymap2 20 set transform-set myset
  crypto map mymap2 interface comp
  crypto map mymap3 30 match address 110
  crypto map mymap3 30 set peer 10.254.17.26
  crypto map mymap3 30 set transform-set myset
  crypto map mymap3 interface ouside3
  crypto isakmp identity address
  crypto isakmp enable ouside3
  crypto isakmp enable outside
  crypto isakmp enable comp
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 28800
  no crypto isakmp nat-traversal
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  priority-queue outside
  threat-detection basic-threat

  This is what I get, looks like ASA does not reply. Why?
  ciscoasa# sh capture cpi
  5 packets captured
  1: 05:20:14.494908 192.168.187.15 > 192.168.187.14: icmp: echo request
  2: 05:20:19.526935 192.168.187.15 > 192.168.187.14: icmp: echo request
  3: 05:20:25.026320 192.168.187.15 > 192.168.187.14: icmp: echo request
  4: 05:20:30.525699 192.168.187.15 > 192.168.187.14: icmp: echo request
  5: 05:20:36.025084 192.168.187.15 > 192.168.187.14: icmp: echo request

• Can't access recent Emails from mail tile in window 8.1

  Can't access recent Emails from mail tile in window 8.1.  Everything working fine until yesterday.  I can get my Emails by going to google Chrome and accessing my gmail but I like just hitting the mail tile in 8.1.  Also  is the start
  of something bad onmy computer?

  Hi,
  Could you please explain a bit for the " mail tile " mentioned here?
  If you mean to access e-mail with the Mail APP, and have issues when using it, we may first take a try with the
  Apps troubleshooter.
  More information regarding mail APP troubleshooting, please check the below TechNet Wiki:
  Troubleshooting the Modern Mail App on Windows 8
  Troubleshoot problems with an app
  If any further help needed, please feel free to update here.
  Best regards
  Michael Shao
  TechNet Community Support

• How can I access xml document from javascript whithin a JSP page

  how can I access xml document from javascript whithin a JSP page?
  I have a JSP that receives an XML document from a JavaBean, so I can access it within the entire JSP, but I need to access it from the javascript inside the JSP... and I have no idea how i can do this.
  Thanks in advance!

  The solution would only work on MS IE browsers, as other browsers do not support an XML DOM.
  It can be done, but you would be stuck with using the Microsoft broswer. If that is acceptable, I have some example code, and a book recommendation.

• How can i access the EJB from a Webdynpro

  Dear all,
  How can i access the ejb , from a webdynpro?.
  Is there any way to do that?.
  I want to write the entire code (business functions) within the EJB and i wan to access the entire methods from a WebDynpro Application.This is the situation.
  Please help me to , resolve this problem.(Here im using JDBC Connection .. etc.).
  I want to do the basic connection setting's and data retrieval part within the EJB and use that within the WebDynpro..
  how can i seperate this two(i mean, i want to seperate the JDBC connections and WebDynpro,i dont want to hard code any connection parameters within the webdynpro code)
  So that i want use that saet of particular function's in many webdynpro applications..
  (i dont need any help regarding webservice way.)
  If anyone can , please help me..
  I tried that javabean class , manifest file , that way (importing javabean model).
  but im getting errors.
  I cant properly utilize that..
  So please help me with steps regarding that,,
  for javabean
  and if any , for EJB also..
  with regards
  Kishor.G

  HI,
  Since webdynpros follows Model View Controller Architecture You can access EJBs in webdynpro(views/frontend) infact to connec to database uding JDBC you have to utilise EJB ( opening connection to database closing, and other Business functionality).See this link
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/unkown/web dynpro tutorial and sample applications.faq#q-7
  <b>How to access the Car Rental Web Service?</b>
  Regards,
  RK

• I have transferred my itunes library to an external drive. I then attached the external disk to a new computer. I can now access all songs from the new computer. But I can't access playlists. I can still  access all songs and playlists on the old computer

  I have transferred my itunes library to an external drive. I then attached the external disk to a new computer. I can now access all songs from the new computer. But I can't access playlists. I can still  access all songs and playlists on the old computer

  If you right mouse and select Get info it will show you the Apple ID used to purchase these songs.
  Usually the name of an apple id is based on the email. So knowing that you may have forgotten the Apple ID password.
  You can request a new password here http://www.apple.com/support/appleid/

• Since installing Photoshop CC I can't access Camera Raw from the program Bridge.

  Since installing Photoshop CC I can't access Camera Raw from the program Bridge.  When I try, I get a message that says, "Camera Raw editing is not enabled. Camera Raw editing requires that a qualifying product has been launched at least once to enable this feature."  Is Photoshop CC a qualifying product?  It has been opened a number of times, but it doesn't solve this problem.

  I am having this exact same problem and just upgraded to Windows 7...many people are saying to update the Plug In for Camera Raw to 4.6, but that is not working for me to see it in Bridge or Camera Raw.

• I recently synced my iphone4 on my iMac, but now I can't access my camera from the lock screen? It shows up but it doesn't open the camera? Does anyone know how to fix this? Thanks!

  I recently synced my iphone4 on my iMac, but now I can't access my camera from the lock screen? It shows up but it doesn't open the camera? Does anyone know how to fix this? Thanks!

  Can't believe it was that easy... I'm so dumb! Thanks for your help, I was getting so aggravated! I owe you... Thanks again!

• I've tried everything but can't access iTunes store from my ipad. Apple ID is fine and logged in to iTunes on pc. Still no luck. Anyone any other alternatives? Thx.

  I've tried everything but can't access iTunes store from my ipad. Apple ID is fine and logged in to iTunes on pc. Still no luck. Anyone any other alternatives? Thx.

  You may think you are connected to the internet, but maybe not. Click on Safari and see if it connects.
  Look at iOS Troubleshooting Wi-Fi networks and connections  http://support.apple.com/kb/TS1398
  iPad: Issues connecting to Wi-Fi networks  http://support.apple.com/kb/ts3304
  iOS: Recommended settings for Wi-Fi routers and access points  http://support.apple.com/kb/HT4199
  Additional things to try.
  Try this first. Turn Off your iPad. Then turn Off (disconnect power cord for 30 seconds or longer) the wireless router & then back On. Now boot your iPad. Hopefully it will see the WiFi.
  Go to Settings>Wi-Fi and turn Off. Then while at Settings>Wi-Fi, turn back On and chose a Network.
  Change the channel on your wireless router (Auto or Channel 6 is best). Instructions at http://macintoshhowto.com/advanced/how-to-get-a-good-range-on-your-wireless-netw ork.html
  Another thing to try - Go into your router security settings and change from WEP to WPA with AES.
  How to Quickly Fix iPad 3 Wi-Fi Reception Problems
  http://osxdaily.com/2012/03/21/fix-new-ipad-3-wi-fi-reception-problems/
  If none of the above suggestions work, look at this link.
  iPad Wi-Fi Problems: Comprehensive List of Fixes
  http://appletoolbox.com/2010/04/ipad-wi-fi-problems-comprehensive-list-of-fixes/
  Fix iPad Wifi Connection and Signal Issues  http://www.youtube.com/watch?v=uwWtIG5jUxE
  Fix Slow WiFi Issue https://discussions.apple.com/thread/2398063?start=60&tstart=0
  Unable to Connect After iOS Update - saw this solution on another post.
  https://discussions.apple.com/thread/4010130
  Note - When troubleshooting wifi connection problems, don't hold your iPad by hand. There have been a few reports that holding the iPad by hand, seems to attenuate the wifi signal.
  ~~~~~~~~~~~~~~~
  If any of the above solutions work, please post back what solved your problem. It will help others with the same problem.
  The Complete Guide to Using the iTunes Store
  http://www.ilounge.com/index.php/articles/comments/the-complete-guide-to-using-t he-itunes-store/
  Can't connect to the iTunes Store
  http://support.apple.com/kb/TS1368
  iTunes: Advanced iTunes Store troubleshooting
  http://support.apple.com/kb/TS3297
  This works for some users. Not sure why.
  Go to Settings>General>Date and Time> Set Automatically>Off. Set the date ahead by about a year.Then see if you can connect to the store.
   Cheers, Tom

• (how) can I access Java APIs from web-page-hosted JavaScript?

  Can I access Java APIs from a web-page via JavaScript if I have a JRE installed on the client machine? And if so, how?
  Thanks in advance for your time and consideration.

  John L. wrote:
  Can I access Java APIs from a web-page via JavaScript if I have a JRE installed on the client machine? And if so, how?As far as I can remember that was actually possible in the very first versions of Netscape because Netscape really wanted to pretend Javascript and Java were meant to be used together. But they soon removed that functionality. Can you guess why?
  Because people were using the File/IO classes to easily steal or remove files on the harddrive, among other such niceties. You do NOT want to have such control from a web application. People will abuse it.