Changing the server IP in an ASA 5505?

Hi everyone, I know don't know anything about cisco devices. I just wanted to go on the spot. I recently did a job that has a configuration 5505 as the network gateway and a vpn for employees to work from home via the Cisco VPN remote client program. We had a main server which is the domain controller, dns, and dhcp. It was an old box 03, and I install a new 08 r2 on a different IP address box and all of the above functions migrated to it. Old server was a xxx.xxx.xxx.31, the new server xxx.xxx.xxx.6. I found the java (6.1) ASDM program and connected to the ASA, and I change.31 a.6 in as many places as I can find, however, vpn clients on the outside can connect is more to their workstations, because when I open a prompt on his computer, only IP they can ping is xxx.xxx.xxx.31, ping xxx.xxx.xxx.6, or any other address fails. I guess maybe it's in the firewall of the asa, but don't have really not ideal. At it no matter what else was I supposed to do? Somewhere I forgot? I did save for flash and reload the current, but not a physical power Reset Since I made the changes.

Thank you.

This new server (. 6), has he any windows firewall that might block incoming access? Well pls want to check on the server itself.

If you can always test the old server (. 31), then the configuration on the SAA does not really much matter it has been configured to allow the subnet (192.168.0.0/24).

Tags: Cisco Security

Similar Questions

  • Block the specific IP traffic in ASA 5505

    Hi, we have an ASA 5505 in transparent mode and run a web service online. However, we notice a number of attempts to intrution from China and Korea and we need to block these IP traffic can anyone help please?

    config script is

    transparent firewall

    hostname xxyyASA

    Select msi14F/SlH4ZLjHH of encrypted password

    2KFQnbNIdI.2KYOU encrypted passwd

    names of

    !

    interface Ethernet0/0

    Description - the Internet-

    switchport access vlan 2

    !

    interface Ethernet0/1

    Description - connected to the LAN-

    !

    interface Ethernet0/2

    !

    interface Ethernet0/3

    Shutdown

    !

    interface Ethernet0/4

    !

    interface Ethernet0/5

    !

    interface Ethernet0/6

    !

    interface Ethernet0/7

    !

    interface Vlan1

    nameif inside

    Bridge-Group 1

    security-level 100

    !

    interface Vlan2

    nameif outside

    Bridge-Group 1

    security-level 0

    !

    interface BVI1

    Description - for management only-

    IP address xxx.yyy.zzz.uuu 255.255.xxx.yyy

    !

    passive FTP mode

    network of the WWW-SERVER-OBJ object

    Home xxx.yyy.zzz.jjj

    Description - webserver-

    WWW-SERVER-SERVICES-TCP-OBJ tcp service object-group

    Description - Services published on the WEB server-

    WWW-SERVER-SERVICES-UDP-OBJ udp service object-group

    Description - Services published on the WEB server - UDP

    Beach of port-object 221 225

    1719-1740 object-port Beach

    OUTSIDE-IN-ACL scope tcp access list deny any any eq 3306

    OUTSIDE-IN-ACL scope tcp access list deny any any eq telnet

    OUTSIDE-IN-ACL scopes allowed icmp an entire access list

    OUTSIDE-IN-ACL scopes permitted tcp access list any object WWW-SERVER-OBJ object-group WWW-SERVER-SERVICES-TCP-OBJ

    access list OUTSIDE-IN-ACL scopes permit tcp host xxx.yyy.zzz.uuu object WWW-SERVER-OBJ eq 3306

    OUTSIDE-IN-ACL scopes permitted udp access list any object WWW-SERVER-OBJ object-group WWW-SERVER-SERVICES-UDP-OBJ

    We need to block access of host say 64.15.152.208

    Just need the best step to follow and block access, without affecting the service or other host

    Thank you

    Insert a line like:

    OUTSIDE-IN-ACL scope access list deny host ip 64.15.152.208 all

    in front of your 3rd line "... to enable icmp a whole."

    If you have many of them, maybe do:

    object-group network blacklist

    host of the object-Network 64.15.152.208

    network-host another.bad.ip.here object

    object-network entire.dubious.subnet.here 255.255.255.0

    ...

    OUTSIDE-IN-ACL scope object-group BLACKLIST ip deny access list all

    If you want to take in scores of reputation on the outside, or the blacklist changes a lot, you might look into the Cisco ASA IPS module.

    Note that fleeing bad hosts help with targeted attacks, but not with denial of service; only, he moves to point decline since the application for the firewall server, without much effect on the net on your uplink bandwidth consumption.

    -Jim Leinweber, WI State Lab of hygiene

  • The import of the PIX 501 config to ASA 5505

    Is there something special that must occur to import a PIX 501 (IOS Version 6.3) config to an ASA 5505 appliance or is it as simple as download the config?

    Greg

    No, this isn't unfortunately because your pix is running 6.4 and the ASA 5505 will run a minimum of code 7.x and there were quite a few changes. Note that many existing commands would work, but some will not. Attached is a link to a doc for improving pix ASA who speaks both a manual method and an assisted version of tool -.

    http://www.Cisco.com/en/us/docs/security/ASA/migration/guide/pix2asa.html

    Jon

  • Install two the separate IPSec VPNS on ASA 5505

    Hello

    I'll have set up a second tunnel IPSec VPN on my Cisco ASA 5505 to another office.  I was able to configure one without problem through the ASDM, but were not able to get the second.

    The IPSec tunnel connects to a WRVS4400N router to the other office.  I tried the debug crypto isakmp and ipsec crypto, but I get nothing.  Here is the config.  Something seems wrong on my end?   I've also attached a screenshot of the configuration settings on the remote router.

    Output of the command: "show run".

    : Saved
    :
    ASA Version 8.2 (5)
    !
    hostname WayneASA

    !
    interface Ethernet0/0
    switchport access vlan 2
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    !
    interface Ethernet0/3
    !
    interface Ethernet0/4
    !
    interface Ethernet0/5
    !
    interface Ethernet0/6
    !
    interface Ethernet0/7
    !
    interface Vlan1
    nameif inside
    security-level 100
    IP 192.168.1.1 255.255.255.0
    !
    interface Vlan2
    nameif outside
    security-level 0
    IP 70.91.18.205 255.255.255.252
    !
    interface Vlan5
    Shutdown
    No nameif
    security-level 50
    IP 192.168.10.1 255.255.255.0
    !
    passive FTP mode
    clock timezone IS - 5
    clock to summer time EDT recurring
    DNS lookup field inside
    DNS domain-lookup outside
    DNS server-group DefaultDNS
    75.75.75.75 server name
    75.75.76.76 server name
    domain 3gtms.com
    object-group Protocol TCPUDP
    object-protocol udp
    object-tcp protocol
    inside_access_in of access allowed any ip an extended list
    IPSec_Access to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.2.0 255.255.255.0
    inside_nat0 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.10.0 255.255.255.224
    inside_nat0 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.2.0 255.255.255.0
    inside_nat0 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.5.0 255.255.255.0
    TunnelSplit1 list standard access allowed 192.168.10.0 255.255.255.224
    TunnelSplit1 list standard access allowed 192.168.1.0 255.255.255.0
    outside_1_cryptomap to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.2.0 255.255.255.0
    outside_2_cryptomap to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.5.0 255.255.255.0
    outside_cryptomap to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.5.0 255.255.255.0
    RemoteTunnel_splitTunnelAcl list standard access allowed 192.168.1.0 255.255.255.0
    RemoteTunnel_splitTunnelAcl_1 list standard access allowed 192.168.1.0 255.255.255.0

    pager lines 24
    Enable logging
    Within 1500 MTU
    Outside 1500 MTU
    IP mask 255.255.255.224 local pool VPNPool 192.168.10.1 - 192.168.10.30
    ICMP unreachable rate-limit 1 burst-size 1
    don't allow no asdm history
    ARP timeout 14400
    Global 1 interface (outside)
    NAT (inside) 0-list of access inside_nat0
    NAT (inside) 1 0.0.0.0 0.0.0.0

    inside_access_in access to the interface inside group
    Access-group out_access_in in interface outside
    Route outside 0.0.0.0 0.0.0.0 70.91.18.206 1
    Timeout xlate 03:00
    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    Floating conn timeout 0:00:00
    dynamic-access-policy-registration DfltAccessPolicy
    the ssh LOCAL console AAA authentication
    Enable http server
    http 0.0.0.0 0.0.0.0 inside
    No snmp server location
    No snmp Server contact
    Server enable SNMP traps snmp authentication linkup, linkdown cold start
    Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
    Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
    Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
    Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
    Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
    Crypto ipsec transform-set esp-3des esp-md5-hmac VPNTransformSet
    life crypto ipsec security association seconds 28800
    Crypto ipsec kilobytes of life - safety 4608000 association
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
    Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
    card crypto IPSec_map 1 corresponds to the address IPSec_Access
    card crypto IPSec_map 1 set peer 50.199.234.229
    card crypto IPSec_map 1 the transform-set VPNTransformSet value
    card crypto IPSec_map 2 corresponds to the address outside_2_cryptomap
    card crypto IPSec_map 2 set pfs Group1
    card crypto IPSec_map 2 set peer 98.101.139.210
    card crypto IPSec_map 2 the transform-set VPNTransformSet value
    card crypto IPSec_map 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
    IPSec_map interface card crypto outside
    card crypto outside_map 1 match address outside_1_cryptomap
    peer set card crypto outside_map 1 50.199.234.229

    crypto ISAKMP allow outside
    crypto ISAKMP policy 1
    preshared authentication
    3des encryption
    sha hash
    Group 2
    life 43200
    Telnet 192.168.1.0 255.255.255.0 inside
    Telnet timeout 5
    SSH 0.0.0.0 0.0.0.0 inside
    SSH timeout 60
    Console timeout 0
    management-access inside
    dhcpd outside auto_config
    !
    dhcpd address 192.168.1.100 - 192.168.1.199 inside
    dhcpd dns 75.75.75.75 75.75.76.76 interface inside
    dhcpd allow inside
    !

    a basic threat threat detection
    Statistics-list of access threat detection
    no statistical threat detection tcp-interception
    WebVPN
    internal RemoteTunnel group strategy
    attributes of Group Policy RemoteTunnel
    value of server DNS 75.75.75.75 75.75.76.76
    Protocol-tunnel-VPN IPSec
    Split-tunnel-policy tunnelspecified
    value of Split-tunnel-network-list RemoteTunnel_splitTunnelAcl_1
    3gtms.com value by default-field
    eric 0vcSd5J/TLsFy7nU password user name encrypted privilege 15
    username password encrypted URsSXKLozQMSeCBk privilege 5 lestofts
    username lestofts attributes
    type of remote access service
    algobel lBWy5eNbHMCDPzuL encrypted password username
    username algobel attributes
    type of remote access service
    type tunnel-group RemoteTunnel remote access
    attributes global-tunnel-group RemoteTunnel
    address pool VPNPool
    Group Policy - by default-RemoteTunnel
    IPSec-attributes tunnel-group RemoteTunnel
    pre-shared key *.
    tunnel-group 50.199.234.229 type ipsec-l2l
    IPSec-attributes tunnel-group 50.199.234.229
    pre-shared key *.
    tunnel-group 98.101.139.210 type ipsec-l2l
    IPSec-attributes tunnel-group 98.101.139.210
    pre-shared key *.
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    type of policy-card inspect dns preset_dns_map
    parameters
    maximum message length automatic of customer
    message-length maximum 512
    Policy-map global_policy
    class inspection_default
    inspect the icmp
    inspect the ftp
    inspect h323 h225
    inspect the h323 ras
    inspect the rsh
    inspect the rtsp
    inspect esmtp
    inspect sqlnet
    inspect the skinny
    inspect sunrpc
    inspect xdmcp
    inspect the netbios
    inspect the tftp
    Review the ip options
    inspect the dns
    inspect the pptp
    inspect the sip
    !
    global service-policy global_policy
    context of prompt hostname
    anonymous reporting remote call
    Cryptochecksum:a86adc4b23977672679b6fb72d0bc187
    : end

    You are also missing the NAT0 rule

    inside_nat0 to access extended list ip 192.168.2.0 allow 255.255.255.0 192.168.5.0 255.255.255.0

    -Jouni

  • Photosmart HP 6520: lost my photosmart 6520 by manually changing the server address

    Hello
    My printer is connected wireless and prints well by AirPrint and when I send it jobs by email, but after successfully scanning to e-mail several times it suddenly wouldn't connect to the Internet, which gives an error message. Tried to turn it works several times. Leva help on the forum and follow-up of boards to manually change the DNS server to 8.8.8.8 and 8.8.4.4 another server. This resulted in my losing access to my printer via his IP on my browser so I can't undo my actions and my printer always gives the error message when I ask him to scan to e-mail. All other functions work.
    Help, please. Thank you

    Hey @Kybosh,

    Welcome to the Forum from HP Support.

    I understand that you are having connectivity problems with your HP Photosmart e-all-in-one 6520, printer.  I want to help you with this.

    I'm surprised that a manual DNS has interfered with your setup - I think generally it does the opposite and enhances connectivity.  In any case, do not despair!   I have some suggestions that can restore the features of your printer.

    I recommend a fresh start by restoring the default settings of your printer to avoid any persistent configuration problem.  Here's how:

    • Front panel of the printer, press the key
    • Touch tools
    • Touch Restore Factory Defaults
    • * Note that this will reset your settings wireless and webservices.  If you have an address custom ePrint it is deleted permanently.  Click here for more information about setting up a custom address ePrint.

    With your restored default settings, continue on as indicated:

    • Touch the wireless icon ()
    • Run the Wireless Setup Wizard and reconnect to your network (SSID)
    • Enter the wireless password if prompted
    • Once you have created a wireless connectivity, reactivate your webservices/ePrint feature (essential for the use of scan to e-mail)
    • Tap the icon of webservices ()
    • Enable Web services and press OK to enable your printer will automatically update
    • Once completed, it will print a page of information.  If you are looking to complete an ePrint installation, it will be useful later - click here for more information.

    Now, if all goes well you can rebuild your Setup email scan:

    • Tap the scan icon
    • Tap the scan to E-mail
    • Enter your personal email address
    • Retrieve the PIN code of your Inbox
    • Enter the PIN on your requested to complete printer installation

    The above restore the functionality you were missing?

    Please let me know the result of your troubleshooting by responding to this post.  If I helped you to solve the problem, feel free to give me a virtual h.o.t. by clicking on the 'Thumbs Up' icon below.

    Please post in the Forum of HP's Support and have a great day!

  • BlackBerry smartphone how to change the server password

    Hi, yesterday we changed the password on the server.  Since then, I have a couple of 9300 Blackberry's that no longer work.  I think I need to go to the blackberry and the change of the password but Im not sure what are the options that I have to go.  I trired options - device but I don't have the possibility to advance options, but do not have the option of advanced system settings.   Can someone help me were I can find the option for the mail server if I can change the password. I hope the above makes sense

    BIS is not able to interface directly with Exchange, but have to use OWA, IMAP or pop. However, see:

    • Article ID: KB05255 Associated e-mail account is no longer accessible by the BlackBerry Internet Service account

    Cause 3 may be what you need.

    Good luck and let us know!

  • Change the server time

    Hi all,

    I have 10.2 g database on a Windows Server 2003 in production.

    What would be the impact on the database if I change the time on the server, i.e. If I roll the clock back?
    My database server takes time to my DC server and I used to roll the clock back on the server to DC.

    Thank you!

    871486 wrote:
    Hi all,

    I have 10.2 g database on a Windows Server 2003 in production.

    What would be the impact on the database if I change the time on the server, i.e. If I roll the clock back?
    My database server takes time to my DC server and I used to roll the clock back on the server to DC.

    Thank you!

    Planners will be affected. I mean by planners; Oracle has defined planners (maintenance window, etc.) and user-defined planners.

  • How to change the server session time out?

    Hello

    When I start writing a file of more than about 2 MB of files using Java APIs writeResource(). My application upward changes and he says that the server time is out by throwing Exception...

    But I don't face any problem when writing to a file of about 1 MB.

    Can you tell me how set\increase the server time of the configurations.

    Concerning

    Sunil Gupta

    You should have write access to the jboss installation folder to change this settings.

    for example, if the Jboss installed on a computer, the connection in the machine and locate the following file:

    for example c:\Adobe\Adobe LiveCycle ES2\jboss\server\all\deploy\jboss-web.deployer\server.xml

    The path is just for your reference; Contact your system administrator for the exact location of this file.

    Look for the sessionTimeout and change/increase in the value attribute.

    It is clear now?

    Nith

  • Is there an impact on the database if we change the server time?

    Hello

    Our DB server time is 45 minutes before our application server. We have to reset the database server time. Is there an impact on the database if we change the synchronization of the server?

    Platform: Solaris
    DB version: 10.2.0.2.0

    bash $

    bash-3. $00 date

    Thu Apr 23 20:26:19 2009 IST

    bash-3. $00 sqlplus/nolog

    SQL * more: release 10.2.0.2.0 - Production on Thu Apr 23 20:27:15 2009
    Copyright (c) 1982, 2005, Oracle. All rights reserved.

    SQL > conn virtue sysdba

    Connected.

    SQL > select sysdate to double;

    SYSDATE
    ---------
    23 APRIL 09

    SQL > select systimestamp from double;

    SYSTIMESTAMP
    ---------------------------------------------------------------------------
    APRIL 23 09 08.27.53.250947 H + 05:30

    It's a matter of enforcement, not a question of Oracle.

    Oracle doesn't care what time it is, or when the weather changes. Your applications, however, can occupy. If you use SYSDATE to fill a line and depend on the date later to be unique or to indicate that the actual command lines have been inserted, changing the date on the server, in particular, he back off, could cause problems for your application. Your application has problems running when daylight saving time to save changes?

    Justin

  • Can I change the server port, but Windows Mail continues to change at 25

    I can get my outgoing mail working by changing the port from 25 to 587, but whenever I close the Windows Mail application and re-open it, it comes back to port 25 (and will not work). Thanks for the help!

    You should always back up when you use a Microsoft product.  Your hard drive may die too.  But deleting the e-mail account does not delete messages, and repair the database will not ruin it.  I have not had one person complaining about this program (WMUtil) except for one person who said their antivirus software falsely reported that the file is infected (it was not).

    Steve

  • Changing the server publishing point Mobile

    Hello

    A question:

    We have added fields in a table in the repository.

    For these fields are downloaded on the client:

    Is it necessary to drop and re-create the publication element?

    or

    It would suffice to change the element of 'request' for the publication?

    Greetings

    Hello
    I usually follow the number following and found issues.
    IM using MDW

    1. first remove the item from publication to publication
    2 remove the repository publication point
    3 publishing point with a new query to recreate
    4. Add to the publication
    5 reset the repository mobileserver
    6. it should be ok for most customers. But if any issue I reset the client setting in MDW for a specific user and it's a complete customer required not refresh for all.

    Paninie.

  • How can I change the server name? whenever I try to send windows live e-mail message comes upasking verifyserver name. need help

    cannot NMCS emails Windows live 2011 because incorrect spelling server id. How can I fix it?

    Please ask your question in the Windows Live Solution Center. Brian Tillman [MVP-Outlook]
    --------------------------------
    https://MVP.support.Microsoft.com/profile/Brian.Tillman
    If a response may help, please vote it as useful. If a response to the problem, please mark it as an answer.

  • the ASA 5505 configuration

    Hey guys

    I have a server that accepts traffic on a port within my network and external clients need to access this server. the nat and accesslist works well, but it is a matter of wait time and connection failed... Note that without the client server asa directly works fine... and note also that the traffic is encrypted (ssl)... are there additional provisions that I have to configure? y is it expire? Packet Capture see traffic from the outside to reach inside the interface but no response from the inside to the outside...

    I don't have that only one access list reloads the traffic from the outside to the server and a nat rule.

    advice needed...

    Thank you

    Hello

    So from what I understand

    "inside the xxx.114 interface the default route on the server is xxx.1 which is one interface on another asa.

    This means that the default route on the server is an another ASA. It won't work unless you apply TCP statebypass.

    ASA is a statefull firewall. This means for the TCP IP, always see two way traffic. If SYN crosses an ASA should see SYN/ACK back. If an ASA did not syn and sees syn/ack due to asymmetric routing, is wrong in the wok.

    Change the default route in the same ASA server or configure TCP statebypass (which is not recommended however).

    Thank you

  • Cannot change the incoming mail server. no text highlight

    I am unable to send mail from my Mac.  No problem with iphone or iPad. Cannot change incoming mail server as text is not highlighted.  Cannot change the server for outgoing (SMTP) mail. Cannot change the list of SMTP servers. Says offline.

    Hi Granny Smith 1.

    Thank you for using communities Support from Apple. Sorry to hear that you are having problems with mail. It's a little bit clear exactly what you see when you say that you cannot change any server info, but if you continue to have problems sending or receiving mail, you will find the troubleshooting steps in the following article useful:

    If you cannot send or receive e-mail on your Mac - Apple Support

    Kind regards.

  • In Windows Mail, I need to change the incoming Pop IMAP server info

    In Windows Mail, I need to change the server incoming IMAP POP on my existing account info. Windows Mail is not allowing this change. Is it possible to change or should I create a new account?

    You need get the settings of your mail server that you do not even mention.

Maybe you are looking for