Dear all,
I need to create an user that can have the permission to do all show command on my device. I have an ASA IOS 9.2.
I already see some other guide but all guide explain how permit single show command.
What can do to gain this ?
Thank you,
Daniele.
... View more
Dear all,
I need to configure qos on cisco asa and prioritize the traffic that goes through VPN. I have 4 mbit of total bandwidth and want guarrantee 2 mbit for vpn traffic.
Can any one help me with the configuration ?
Thank you..
... View more
Hi,
I write to confirm that the nat rule works fine.
You need to pay attention at the function of proxy-arp. This function need to be disabled with command
sysopt noproxyarp inside
... View more
Hi,
I found a work-around with a nat rule to route the traffic from the host out another interface.
object-group network NAVIGAZIONE_DIROTTATA
description --host dirottati verso l'interfaccia outside--
network-object 192.2.200.135 255.255.255.255
object network ANY
subnet 0.0.0.0 0.0.0.0
nat (inside,outside) source dynamic NAVIGAZIONE_DIROTTATA interface destination static ANY any
I'm just waiting for confirmation from our customer that it works.
... View more
Hi,
I see the software version availability and the last version available is 9.1.7. 9.4.1 is not available. Is this version not compatibile with asa 5510 ?
... View more
Dear all,
I have a cisco asa vers. 8.4(2)8 with 2 outside interface. I need to redirect the traffic form only 1 host to use a different outside interface. I explane better
Outside1 = internet traffic
Outside2= single host traffic
I tried to create a route-map but it seems does't possibile on my version.
Can anyone help me to do this ?
Thank you,
Daniele.
... View more
Phase: 1 Type: ROUTE-LOOKUP Subtype: input Result: ALLOW Config: Additional Information: in 85.39.109.155 255.255.255.255 identity
Phase: 2 Type: ROUTE-LOOKUP Subtype: input Result: ALLOW Config: Additional Information: in 0.0.0.0 0.0.0.0 outside
Phase: 3 Type: ACCESS-LIST Subtype: Result: DROP Config: Implicit Rule Additional Information:
Result: input-interface: outside input-status: up input-line-status: up output-interface: NP Identity Ifc output-status: up output-line-status: up Action: drop Drop-reason: (acl-drop) Flow is denied by configured rul
Seems that acl drop the traffic but now I configured a permit any any in line 1 and the results of the packet tracert is the same.
... View more
HI I did the nat and acl but seems that doesn't works :(
object network obj-192.168.1.120_22_2 host 192.168.1.120 nat (inside,outside) static 85.39.109.155 service tcp 22 2222
access-list outside_access_in line 23 extended permit tcp 212.210.172.192 255.255.255.192 host 192.168.1.120 eq 22
I did an ssh from putty to port 2222 on IP 85.39.109.155 but the session has refused.
... View more
Hi,
I need to specify the pubblic IP address because this is not the interface IP address. About the port I need to specify before the 80 and then the 8080 ?
... View more
Dear all,
I want to do a static nat pat to reach a server from outside . I need an help about port translation
I have the interna ip address : 192.168.1.120
external ip address: 85.39.109.155
If I want to reach the port 80 of the server .120 but this port is already used on my pubblic address 85.39.109.155 can i adopt this solution on ASA post 8.3 ?
object network obj-192.168.1.120_80 host 192.168.1.120 nat (inside,outside) static 85.39.109.155 service tcp 8090 80
access-list outside_access_in extended permit tcp external_network host 192.168.1.120 eq 80
Thank you,
Daniele
... View more
Dear all,
I configured netflow on asa but on PRTG i don't see any traffic. Below the configuration I did:
flow-export destination inside 10.111.1.102 2055
access-list netflow-hosts extended permit ip any any
class-map NetFlow-traffic
match access-list netflow-hosts
policy-map global_policy
class inspection_default
class NetFlow-traffic
flow-export event-type all destination 10.111.1.102
I configured also a capture
capture test2 type raw-data interface inside [Capturing - 2724 bytes] match udp any host 10.111.1.102 eq 2055
and this is the output:
2 packets captured
1: 14:12:20.075588 802.1Q vlan#1 P0 10.111.2.250.12235 > 10.111.1.102.2055: udp 1388 2: 14:12:20.075618 802.1Q vlan#1 P0 10.111.2.250.12235 > 10.111.1.102.2055: udp 1212
# sh flow-export counters
destination: inside 10.111.1.102 2055 Statistics: packets sent 4 Errors: block allocation failure 0 invalid interface 0 template send failure 0 no route to collector 0 source port allocation failure 0
#
Can anyone help me to understand why the PRTG dosen't receive traffics ?
... View more