Question about Cisco ASA 5510 Firewall

1 Answer

I have configured 3 static NAT and a PAT. When I try to connect to an destination IP address to the PC which have the IP configured with static NAT, sometimes it ok , but sometimes it's doesn't work (said in browser-Internet Explorer or Mozilla "page cannot be display..."). What can be the problem?

Posted by on

Ad

1 Answer

  • Level 1:

    An expert who has achieved level 1.

    Hot-Shot:

    An expert who has answered 20 questions.

    Corporal:

    An expert that has over 10 points.

    Mayor:

    An expert whose answer got voted for 2 times.

  • Contributor
  • 30 Answers

Nat pool limit being reached. enable extendable natting or create a many to one nat relationship

Posted on Dec 05, 2009

Ad

1 Suggested Answer

6ya6ya
  • 2 Answers

SOURCE: I have freestanding Series 8 dishwasher. Lately during the filling cycle water hammer is occurring. How can this be resolved

Hi,
a 6ya Technician can help you resolve that issue over the phone in a minute or two.
Best thing about this new service is that you are never placed on hold and get to talk to real repair professionals here in the US.
click here to Talk to a Technician (only for users in the US for now) and get all the help you need.
Goodluck!

Posted on Jan 02, 2017

Ad

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

1 Answer

How do i forward a port i want to play call of duty black ops but i cant find an online game, the game website says to forward these ports, TCP [80] UDP [88, 3074, 22728, 33233] but i dont know how to...


http://www.netopia.com/support/hardware/technotes/NQG_025.html
Server List (Port Forwarding) NQG_025 With NAT enabled, the IP addresses of nodes on your LAN are private since they are hidden from the Internet. IP Servers let you pass specific types of network traffic through the Netopia router's NAT interfaces. Once configured, selected types of network traffic, such as FTP requests or HTTP (Web) connections, will be forwarded to a specific host or server behind the Netopia router. Please Note: From the LAN (Local Area Network), you will also be able to access the servers that are responding to requests from the internet, but only using the internal private IP address. Access via the public IP address is not supported from a local ethernet connection. If your ISP is routing you multiple public IP addresses, you can also configure the router to forward all ports in one public IP to a designated private IP address on your LAN via Easy PAT List entries. For those instructions, see Quick Guide NQG_024: IP Mapping (Address Forwarding).
Please Note: If your router is currently running Netopia Residential Firmware with a web "GUI" configuration menu, this technote is not applicable to you. Most 3300 Series Netopia Gateways can be upgraded to Enterprise level firmware. Click Here! to purchase the upgrade key.
Related documents: NQG_039 NAT and the Basic Firewall
Firmware References:
  • v8.2 R1 (and up) - 3300 Enterprise Series
  • v5.3.7 (and up) - 4000 Series
  • v4.8.2 (and up) - R-Series

Before You Start
Telnet into the Netopia router's Main Menu at 192.168.1.1 (if using the default IP setting). If your network has a different IP addressing scheme, modify this accordingly. Click Here! for instructions on using telnet and Hyperterminal (serial connection).
Login with the user name and password. The Superuser login is required to save changes. If you are unsure of this, contact your network administrator.
Don't forget to press the Enter key to save any entries. Hitting the back space, delete or tab without first hitting enter will undo any changes.
The Esc key will take you back towards the main menu screen.
Once you have completed your configuration, you should reboot the Netopia to save and apply your changes.

home_telnet.gif
The Netopia Main Menu Interface

Server List Configuration

  1. From the Main Menu of router console screens, go to Quick Menus, and select Network Address Translation.
  2. Select Show/Change Server List.
  3. Select Easy-Servers.
  4. From the Show/Change NAT Server List screen, select Add Server.
  5. Select Service and the service and port you want to allow. If your service and port are not available in the pull-down menu, select Other. Selecting Other will allow you to enter a specific service port or a range of ports since fields are provided for both a First Port Number and a Last Port Number. To allow a specific service port, the First Port Number and Last Port Number should be the same. Select Okay.
  6. Next, enter the Server Private IP Address, or the private IP address of the host/server you are forwarding the service to, and the Public IP Address you want to associate with the same host/server. This value can be left set to 0.0.0.0 if you are using the WAN IP as the Public IP address. Note: If your ISP is routing you multiple static IP addresses, other then the one used for Internet access, you may create more than one server for specific service as long as all servers have a different Public IP Address specified. For example, with two web servers on your LAN you would need to create two Server List entries for TCP 80 (www-http). Since each specific port (service) can only be mapped once using any given Public IP Address, a distinct public address must be used for each TCP 80 server list entry. It is not necessary for you to specify more than one Local WAN IP Address or Public IP Address in your router's configuration. As long as you are connecting to your ISP via a public IP address used for NAT, they are responsible for routing all other IP addresses via that connection.

Conclusion
You have now configured your router for TCP/UDP port forwarding. If you have a switched connection (ISDN or Analog), you will need to either disconnect and reconnect your Internet connection, or restart your router for the Nat Server List changes to take effect. If you wish to filter traffic for your static IP mappings, please see the following Netopia Technote:
NQG_039: NAT and the Basic Firewall

Nov 12, 2010 | Netopia CAYMAN 3387W-ENT CABLE/DSL...

Tip

Steps to Configure Static IP Address for Epson Wireless Printer


The IP address is a specific number allocated to a device, which is connected to your PC network. If you require configuring a static IP address for your Epson printer, it can be possible by using the network configuration menu that you can access via the Internet browser on a connected system. To do that, it's necessary to know your printer's existing IP address. If you have a password protected the device, then you must know the username and password credentials to access your Epson printer network configuration menu. You can call at the Epson Printer tech support phone number and get expert's assistance to do that in a proper way.

Find Epson Printer's IP Address

    1.Click the 'Windows Start' button and choose the 'Control Panel' on any system connected to the similar network as your Epson printer.
    2.Double-click the 'Printers and Faxes' option and then find the Epson printer that you want to configure a static IP address for in the printer list.
    3.Right-click on the Epson printer from the list and choose the 'Properties' option.
    4.Click the 'Ports' tab and find the printer to configure a static IP address. Click on the printer to select it.
    5.Click on the vertical bar between Description and Port and shift it to the right to expand the Port column. Find the Epson printer's IP address under the 'Port' column, which is a series of numbers divided by, resembles and periods 192.168.1.2.
    Configure Static IP Address

      1.Open up your favorite Internet browser on the system connected to the similar network connection as your printer for which you need to set up a static IP address.
      2.Input the printer's IP address into your browser address bar. Click the 'Enter' button.
      3.Enter your printer login information. If it's not password-protected, enter 'admin' text into the 'Username' box and leave the password field vacant. Click the 'OK' button, followed by the 'IP Configuration' tab to sign into the Epson wireless printer settings page.
      4.Find the 'IP Address Configuration' or 'TCP/IP' section and adjust the value from 'Auto' to 'Manual' or 'Static.'
      5.Input the static IP address that you need to allocate to the Epson wireless printer into the provided boxes. It forces the network to assign the selected IP address to the Epson printer every time it tries to connect to the computer.
      6.Click the 'Save' button to apply the settings and close the browser.
      Additional Tips:

      Configuring a static IP address for the Epson wireless printer is not a complicated process if you are a tech-savvy user. However, if you can't set static IP address for your printer even after following these steps, you must avail the help and guidance of technicians that can be possible via the Epson technical support phone number. They will assist you step-by-step to configure IP address of your printer in an efficient manner.
      Source: http://bit.ly/2lJLWxS

configure static ip address for epson wireless printer-yxa4stq55mknsqg0b4p2yanw-2-0.jpg

on Feb 15, 2017 | Epson Office Equipment & Supplies

1 Answer

Unable to ping static IP from remote desktop when


Does PING works on the same location where Camera's are located?

Usually, RDP connections uses the same PC on LAN and that should work fine. Please check Camera's configuration; make sure they have valid IP address, SM, Default gateway and DNS servers. Make sure that PC with enabled RDP can PING computers on the LAN either by IP address or Computer name. Make sure they're part of the same WORK GROUP.

Hope this helps! Please provide additional information so I can further assist you.

Mar 28, 2010 | D-Link DI 514 Wireless Router (DI-514)

1 Answer

I would like to configure port fowarding on the Cisco 857 router using the http interface rather than via any coding. Is it possible and what do I need to do? In my scenario, the router must be configured...


It is possible to configure your router via a web browser. Although it’s disabled by default, your router has its own mini HTTP server built in. This provides another way to gain access to the router for the purpose of issuing commands. To enable the HTTP server, you have to use the command "ip http server" from the global configuration mode.

cisco(config)#ip http server
cisco(config)#

Then open a web browser and point it to one of your router’s IP addresses. The interface is not really nice, but you can issue commands using hyperlinks.
For security reasons I still suggest that you keep the HTTP server turned off, since it offers just another point of access for potential hacking.

What is so bad about the command line? Configuring port forwarding is actually pretty easy, once you know the commands.

Type show ip interface to find the name of the interface you want to set port forwarding for.

The show ip nat translations command shows you the current port forwards on Router.

Type configure to enter the configuration mode
The command for port forwarding is: ip nat inside source static (TCPorUDP) (YourComputersIP) (PortToForward) interface (name)(PortToForward)

in you case:
ip nat inside source static tcp 192.168.0.1 5900 interface (name) 5900
and
ip nat inside source static tcp 192.168.0.2 5901 interface (name) 5901
replace (name) with the interface name you got from the first command.

Then press CTRL-Z to end the Configure Session
Type copy run start once you tested your settings and press ENTER for the question Destination filename [startup-config]?

I have heard of some commercial tools that let you configure your router via web interface, but they are very expensive (around 1400$).
You can try it out for 14 days. Go here.
If you want to play with a free one, go to Cisco (link) and check it out. (You have to be a member though.)


If you have any more questions, just come back here and leave a comment - I'm happy to help.

Oct 24, 2009 | Cisco 857 Router (CISCO857K9)

1 Answer

Nokia IP 260, allowing a remote office having a direct connection


You should disable NAT between your local networks in the Checkpoint NAT policy (Create a NAT rule above all and put all your networks in the source and destination - as a group)the leave Original in the translation column.

Jan 12, 2009 | Nokia IP 260 (2 Pack) (NBC0260000)...

2 Answers

DFL-210, follow example to block web site


i have the same problem....try this
In order to enable port forwarding you need to create two rules on the DFL-210. The first rule is for service to Static Address Translation (SAT) and the second rule is for Network Address Translation (NAT) to Static Address Translation.
The first rule is created using the following steps:
  • Under Rules/IP Rules/wan_to_lan add a new rule
  • Under the general tabName = enter desired nameAction = SAT
    • Service = Select the desired service
    • Schedule = Select the desired schedule or None
    • Source interface = any
    • Source Network = all-nets (you specify a specific inbound address or range)
    • Destination Interface = core
    • Destination Network = wan_ip3. Under SAT tab
  • Under the SAT tab
    • check destination IP address
    • New IP Address = the address you want to forward to
    • New Port = the port you want to forward to
    • Create the rule by clicking OK.
The second rule is created using the following steps:
  • Under Rules/IP Rules/wan_to_lan add a new rule
  • Under the general tabName = enter desired nameAction = Allow
    • Service = Select the desired service
    • Schedule = Select the desired schedule or None
    • Source interface = any
    • Source Network = all-nets (you specify a specific inbound address or range)
    • Destination Interface = core
    • Destination Network = wan_ip
Create the rule by clicking OK.
Activate the configuration by using the Configuration/Save and Activate menu item.
posted.

Jan 06, 2009 | D-Link Netdefend DFL-210 (DFL210)...

1 Answer

N.A.T Settings


So you want the public IP address that your Netopia router is getting to do a 1 to 1 NAT to the private IP address 192.168.1.136? Basically you want to bypass any of the firewall restrictions of the router?

The caveat with this configuration is that if you don't have any other public IP addresses for the actual Netopia router to use then all other devices on your network will now longer be able to access the internet through the router. Only if you have a public IP address that you can assign the router will it be able provide NAT and internet access to the rest of your network.

The 192.168.1.0 network is not routable on the public network. You need your entire network to NAT through your router using a public IP address.

You configuration will work if the Netopia router will allow a 1 to 1 NAT to another node on the network and allow NAT'ing for the rest of your private network concurrently. Of course you need at least (2) public IP addresses in the same subnet as well.

Hope this helps. Let me know if you need better clarification.

MO

May 24, 2008 | Netopia ADSL 2+ MODEM 10/100 EN AND USB...

1 Answer

RCA Modem DCM315R


Just a bit of explanation. E0 interface is for inside network (LAN interface). E1 is for outside (ISP or WAN physical interface). Dialer1 is for PPPoE (the "actual"/logical WAN interface). The 1.0.0.13 is ISP provided static IP address for the use of the server. This configuration example is for running FTP server, which uses the standard TCP port 20 and 21.

The LAN uses 10.10.10.0 network with 255.255.255.0 subnet for both servers and workstations. All servers within the LAN use static IP address. The router is configured as DHCP server to give out IP info (IP addresses, subnet mask, DNS) to workstations that are configured as DHCP client.

Basically I suggest that you deploy NAT (Network Address Translation) and PAT (Port Address Translation) to setup your own servers behind Cisco router. The NAT is used to translate the ISP's given static IP address to your local IP address. The PAT is used to translate TCP ports (the port 20 and 21) between the two IP addresses.

When using NAT/PAT, keep in mind that the Internet-accessible servers are seen from the Internet as their NAT/PAT-ed IP address (the Public IP address) and not the local IP address (not the Private IP address). This understanding is very important when you or someone need to test connectivity to the server and/or when you need to create filter (access list or ACL for short) to allow only certain incoming traffic from the Internet and block others.

Side Note:
For more info on NAT/PAT concept, check out the following FAQ
»Cisco Forum FAQ »NAT and PAT; Introduction and Implementations

Instruments used in this illustration are pretty much standard for running your own servers. Please note that IP addresses, username, and password are changed. However, you could always modify the configuration to suit your situation.

This sample configuration assumes that you have a block of IP from ISP. There is a dedicated Public IP address for the router WAN interface (the Dialer1 interface) and another dedicated Public IP address for the server PAT IP address. If you only have a single Public IP address for both router WAN interface and server PAT IP address, there are several ways to configure the router.

One way is to use the same command as shown in sample configuration.

view plaincopy to clipboardprint?
  1. ip nat source static tcp 10.10.10.2 21 1.1.1.14 21 extendable
ip nat source static tcp 10.10.10.2 21 1.1.1.14 21 extendable
This one configuration way is suitable when you have static IP address from your ISP and you know exactly what the IP address is. In this case you have the 1.1.1.14 single static IP address for both the WAN interface and Public server IP address.

When you are unsure which IP address you receive from the ISP, or when your Public IP address keep changing; then another way to configure the static PAT is following

view plaincopy to clipboardprint?
  1. ip nat source static tcp 10.10.10.2 21 interface Dialer1 21 extendable
ip nat source static tcp 10.10.10.2 21 interface Dialer1 21 extendable
With situation of dynamic IP address, at some point you still need to know the exact Public IP address you receive from your ISP for server connection testing and production time. To find out, you can issue show ip interface brief command on the router. You will then see the associated WAN interface Public IP address.

Feb 25, 2008 | RCA Cable Modem DCM315R (11603540)

1 Answer

Wireless connection problem


Internet Setup

Internet Connection Type: Obtain an IP automatically
Host Name: linksys
Domain Name:
MTU: Enable Disabled
Speed & Duplex: 10 Mb Half

Local IP Address: 192.168.1.1
Subnet Mask: 255.255.255.0

Local DHCP Server: Enabled
Start IP Address: 192.168.1.
Number of Address: 50
DHCP Address Range: 192.168.1.100 ~ 149
Client Lease Time: 0 (0 means two day)
Static DNS 1:
Static DNS 2:
Static DNS 3:
WINS:

DDNS: Disabled
NAT: Enabled
Dynamic Routing: Disabled

Wireless: Enabled

Wireless Network Name(SSID): linksys
Wireless Channel: 6 - 2.442 GHZ7
Wireless SSID Broadcast: Enabled
Wireless Security: Disabled

Feb 23, 2008 | Dell Inspiron 1200 Notebook

1 Answer

Routing problem


I don't know if this will help because I don't see what you and seeing but here is an idea: In every routing scenario I have experienced, you must specify a default gateway with a specific IP address. 0.0.0.0 only points to the device itself, not the other WANS. The gateway IP addresses should be statically assigned. If there is DHCP involved, insure that the gateway address is not part of the DHCP scope but in an excluded range of reserved addresses. For SMTP to work the gateways (and you should have 2 or 3) must be properly configured and TCP port 25 enabled.

Dec 09, 2006 | Zyxel ZYWALL 35 Firewall

Not finding what you are looking for?
Cisco ASA 5510 Firewall Logo

Related Topics:

845 people viewed this question

Ask a Question

Usually answered in minutes!

Top Cisco Computers & Internet Experts

Gopi Venkatesan
Gopi Venkatesan

Level 2 Expert

74 Answers

Doctor PC
Doctor PC

Level 3 Expert

7733 Answers

Prashant M
Prashant M

Level 3 Expert

2263 Answers

Are you a Cisco Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...