Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [cisco-asa]

The Cisco ASA (Adaptive Security Appliance) series of products provide Firewall and VPN functionality.

The Cisco ASA (Adaptive Security Appliance) series of products provide Firewall and VPN functionality as standard. This is Cisco's replacement line for the PIX range, but has additional functionality, mostly related to security, through additional modules.

772 questions
2
votes
2 answers

Route traffic from ASA to different firewall default gateway

I should probably start by explaining the topography, we have two different internet connection with separate firewalls.One is an asa and one is a meraki, the default gateway for all the servers behind the firewalls is the ASA (10.100.200.1). The…
MagicL
  • 131
  • 2
2
votes
0 answers

Manually specify a tunnel gateway for an IPSec VPN Connection (ASA)

I have currently got several VPN's on-premise that are setup on the outside interface and using the default gateway on the interface as an originating source of the VPN tunnel. Although the outside interface has been configured block of IP's - of…
PM99
  • 21
  • 2
2
votes
1 answer

Setting up Cisco ASA VPN to use both radius and local users

I've got a Cisco ASA setup with L2TP/IPSec VPN, all is working well except for one minor issue. Ideally, I'd like to be able to log on to the VPN using either that RADIUS server users or the local user database on the ASA. Right now, everything uses…
Darinth
  • 211
  • 3
  • 10
2
votes
1 answer

ASA 5510 Secondary Public IP Range on outside interface

We are in process of upgrading from an ASA5505 to an ASA5510. I have a co-location configured for 3 ranges of public IP addresses on two different subnets. The 5505 is working as expected. Example (modified IPs): 174.136.1.1, 72.249.1.1,…
manit
  • 137
  • 2
  • 9
2
votes
1 answer

Cisco ASA 5505 L2L vpn issue

this is my setup I already have a working L2L VPN between the sites I added the 10.10.0.0/24 to the object-groups that defines the internal network on the 1615 ASA And as a remote subnet on the 1604 ASA im not seing the 10.10.0.1 from the 1604…
Malinda
  • 29
  • 4
2
votes
1 answer

ASA Certifiate does not match the server name

I am trying to install a certificate on my Cisco ASA 5515. It has my local Windows 2012 CA as a trusted CA. The domain has also had this CA applied to their trusted root. Whenever I try to connect from the outside via anyConnect VPN I get an…
Tony DeJesus
  • 61
  • 1
  • 6
2
votes
1 answer

Multiple DHCP servers in multiple subnets, one DNS server

I have existing network with two subnets - one is the main company subnet (192.168.1.0/24), the other is completely separate VLAN for Guest Wireless and BYOD devices (192.168.2.0/24). There's Windows 2012 R2 DC in main subnet, with DNS and DHCP…
imag0dei
  • 23
  • 3
2
votes
1 answer

Cisco ASA site-to-site VPN up but no traffic

I currently have site to site VPN tunnel up between Cisco ASA 5550 & Cisco ASA5506-X. I can see the vpn tunnel is up on both end but no traffic is passing through. Cisco ASA 5550 is receiving packets but no sending any. I tried to check all settings…
Amir
  • 193
  • 1
  • 3
  • 13
2
votes
0 answers

Tethered VPN on Macbook fails to connect, but standard VPN over WiFi works

I have a MacBook using the Cisco client and it works fine except when I use the special Mac/iPad ability to tether over the iPad data connection. For those that are unfamiliar with this, the Mac and iPad can tether over Bluetooth to leverage the…
makerofthings7
  • 8,911
  • 34
  • 121
  • 197
2
votes
3 answers

Cisco ASA NAT - internal host see its public ip

I have a server hosted by a provider which uses Cisco ASA to do nat. The problem I have is that the internal server that is nat-ed with a public ip will see its public ip as source ip. This basically breaks an application which will try to bind to…
silviud
  • 2,687
  • 2
  • 18
  • 19
2
votes
3 answers

VLAN planning and questions

I currently manage an environment with IP addressing of 10.10.10.x/23. We have 3 VLANS set up, and I use that term very loosely. The reason I say I use the term loosely is, the 3 VLANS have full access to each other. VLAN10 is our internal network,…
JoeP
  • 21
  • 1
  • 3
2
votes
1 answer

ASA Static Route over PPPoE interface

I have an ASA5505 with two PPPoE connections. I wish to add a static route to route just a single subnet over the new PPPoE connection, but the ASA does not seem to allow routing over interfaces without a next hop. route inside 192.0.2.0…
Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
2
votes
1 answer

Cisco ASA 5510 Out-of-Order Packets to Google

We're seeing a large number of packets being dropped due to being Out-of-Order. The numbers are large enough that it may be having an impact on network performance. We've isolated it down to a few internal IPs and the connections seem to be hitting…
VSack
  • 215
  • 2
  • 8
2
votes
0 answers

Does Cisco IOS XRv support logging of TCP connection (e.g. built and/or teardown)?

I have a demo of Cisco IOS XRv and I would like to setup logging for connections. E.g. for ASA "show logging" shows log messages for every TCP connection built or teardown: Jun 11 12:29:31 10.10.10.254 %ASA-6-302013: Built outbound TCP connection…
Andrey Sapegin
  • 1,201
  • 2
  • 12
  • 27
2
votes
1 answer

Packet loss on between firewall and uplink?

I have a moderately complex network topology between my external firewall and the internet, as shown below. Every so often - I haven't found a pattern yet - we're getting a significant degree of packet loss, around 25%. Most of the time it's under…
Tim Brigham
  • 15,545
  • 10
  • 75
  • 115
1 2 3
51 52