Secondary ASA with IP transparent mode on the router

Similar Questions

• Cisco WSA: Is it possible to use the web proxy in transparent mode without WCCP router?

  Hello!

  I would like to use Cisco WSA as a web proxy in a transparent manner (without any configuration of client web browsers), but I do not have a WCCP router. So, is it possible?

  If so, how?

  Thank you

  Stephane Walker

  Hi, Stéphane

  The only alternative to WCCP is ACB (the policy-based routing). With a simple configuration on the router, you can redirect traffic defined also interesting by the WSA access list. On the ASO you must configure transparent mode (security-> Web Proxy Services-> the settings of-> Mode Proxy: Transparent). You should also make sure proxy listens on port 80 and HTTPS proxy is enabled (on port 443) If you want to redirect HTTPS traffic as well.

  Cisco router configuration example

  !
  access-list 110 permit tcp any any eq www
  !
  proxy-redirect allowed route map 10
  corresponds to the IP 110
  set ip next-hop xxx.xxx.xxx.xxx
  !
  interface ethernet0/1
  proxy-redirect IP policy route map
  !

  xxx.xxx.xxx.xxx is the IP address of the proxy in such a case and access-list 110 sets web traffic (HTTP-TCP/80) also interesting.

  The biggest drawback of this solution is the lack of troubleshooting. If the proxy will go down because some reason router will keep redirecting traffic causing the cutoff of internet access.

  Cisco routers out material should also have an option to configure policy routing based.

  / Artur

  PS. It is not possible to place the WSA online between the clients and the internet.

• connection for printing from a computer wireless with a connection cable to the router usb printer?

  Produst name: HP Officejet Pro L7555.

  Works with Windows 7.

  A new router and the modem was installed when Comcast installed our wireless connection.  This of course did not work with the current setting of the printer.  The printer is connected via USB cable to the router.

  Are you sure it's a USB and not an Ethernet cable?  I bet it's in the affirmative:

  1. disconnect the Ethernet cable.

  2. on the printer: Setup > network > default settings.

  3 reconnect the Ethernet.

  Now, remove the printer in Control Panel > devices & printers, then add it again like this:

  1. make sure the printer is on and connected to your network. Verify that you can access the printer's internal web page by accessing its IP address before continuing. Get his IP address for a network Test printed on the front of the printer.
  2. click on > start > Control Panel > devices & Printers.
  3. click on add a printer
  4. Select local printer
  5. Select create a new port and select Standard TCP/IP Port, and click Next.
  6. under device type, select TCP/IP Device. Under the name of host or IP address, enter the IP address of the printer. Click Next.
  7. Select Hewlett-Packard in the list of manufacturers and select and select your printer model. Click Next.
  If your printer model is not in the list, then select disk provided, browse the CD that came with your HP printer and select the first file begins with hp and ending with INF. click Open, then OK. Select your printer model. Click Next.
  8. If prompted, use the driver that is currently installed.
  9. He will ask the name of the printer - enter a new name or use the one existing. This will be the name of the printer that you select from other applications.
  10. we may ask you to share the printer. Choose No.
  11. the printing area of Test Page is displayed. Go ahead and print it out.
  12. click on finish.

• ASA with 2 Tunnels L2L at the same Site / same network

  I have an ASA 5510 to A Site with a L2L tunnel to another site, subnet b. site unique to each site. In a few weeks, we will add a second

  Internet access to Site B, then the two connections will be active. But we want traffic to go through the new connection unless it breaks down, then use the other. How to configure on the SAA so he doesn't get confused as to what tunnel take to arrive at the B Site subnet? Is this possible?

  If ASA on Site B will have two different interfaces, terminating the VPN, Site A, set you two peers (a favorite).

  i.e.

  cry map mymap 10 set peer 1.1.1.1 2.2.2.2

  Assuming that 1.1.1.1 first Site B public IP address of the ASA and 2.2.2.2 is second Site B public IP address of the ASA.

  The ASA to Site A will attempt to establish the tunnel to 1.1.1.1 first, and if it fails, it will try 2.2.2.2

  On Site B, ASA must have the card encryption on both interfaces.

  You can set the Site B ASA come from the tunnel and the SAA on Site A receive.

  Federico.

• AE CS5 rendering/export PS of the text with a transparent background for the web?

  I am sure that this question has been asked and answered a hundread times already, but I can't seem to find the answer. I tried Googling and looking for these forums, maybe I just bad search peramiters.

  I'm trying to create and animate the text via AE CS5 for a web site. Then, I want to use it in Photoshop CS5. I can't find this option. I know that in the past, you were supposed to make the text in the form of film of all kinds, but now I'm just lost and confused on what to do.

  If the answer is just too long to post here, could someone please post a link to a tutorial/response?

  I guess that the answer will be a little different from versions CS4 CS5.

  Thank you.

  Go to any format Quicktime or a sequence image that supports Alpha channels, and then import this file in PS as a video layer or use frames in the layer Import Wizard.

  Mylenium

• Enabling multicast on the inside of transparent mode network

  ASA is in transparent mode (5512-X/9.1 (5))

  Inside network is 10.1.0.0/24. Router 10.1.0.1 is on the external interface.

  Syslog message: Deny UDP incoming from 10.1.0.103/5353 to 224.0.0.251/5353 on the interface inside

  I have ASA configured with access lists in the transition from outside to inside, but none of the lists of access from inside to outside, because I want to allow all traffic inside out.

  I believe in routed mode that I would permit same-security-traffic intra-interface. How can I get all of this in a transparent mode with out having an inside to outside access list?

  Config:

  access-list extended outside_in permitted tcp any4 host 10.1.0.46 object-group WEBSERVER_SERVICES journal of notifications
  outside_in list extended access permitted tcp any4 any4 object-group VCENTER
  outside_in list extended access permitted tcp any4 any4 object-group VSPHERE inactive
  outside_in list extended access permitted tcp any4 any4 eq journal of notifications
  outside_in list extended access permitted tcp any4 any4 object-group RDP
  access-list extended outside_in permit udp host 10.1.0.1 host 10.1.0.54 eq syslog
  outside_in list extended access permitted udp object-group PULSE sip host 10.1.0.15 eq eq sip log notifications
  outside_in list extended access allowed icmp host 10.1.0.1 any4 object-group ICMP log notifications

  Access-group outside_in in external interface

  You can apply an acl entry, inside which allows all (allowed an ip) and an ACL in one outside which the multicast stream, for example:

   access-list OUTSIDE extended permit igmp any any access-list OUTSIDE extended permit pim any any

   access-list OUTSIDE extended permit ip any object-group MCAST

   access-list OUTSIDE extended permit ip object-group MCAST any

  Where MCAST encompasses a group of 224.0.0.0 - 239.255.255.255.

  All traffic inside is allowed and only inspected return traffic and multicast traffic is allowed outside.

  JJ

• Cisco ASA 55XX Transparent mode through a VLAN

  Hello team Cisco Forum!

  In a scenario where the Cisco ASA is in Transparent mode, it is possible to route the traffic of L2 other VLAN different that the VLAN native IP for the firewall management lies?

  Switches on the outside and the inside of the interfaces of the SAA are in trunk mode, and I'm moving ttraffic VLAN L2 from inside to outside and vice versa by using filters on switches (switchport trunk allowed vlan).

  Thank you in advanced for your support and comments!

  Yes it is possible, but you will be limited to 8 VLAN, or more precisely, 8 interfaces BVI so it's not a scalable solution.  The problem is that you will need to have different VLANS to the same subnet at both ends of the SAA.

  To clarify this point, lets say, you use the interface Gig0/1 and Gig0/2.  Gig0/1, you would set up subinterfaces with VLAN 2, 3 and 4.  Now, if you try to configure the same VLAN on Gig0/2, you will get an error saying something like this VLAN is already configured on another interface. I don't remember the exact error.

  So to get this working, you need to configure Gig0/2 with subinterfaces for VLAN... lets say... 5, 6 and 7.  you would then associate VLAN 2 and 5 with BVI 1, VLAN 3 and 6 with 2 Virgin Islands British and VLAN 4 and 7 with 3 British Virgin Islands.  Each interface BVI would have its own IP address for the subnet on which is to be filled in all of the ASA.

  --

  Please do not forget to select a correct answer and rate useful posts

• inside the host does not ping external host in transparent mode

  Hi all I need urgent help on this pls I have host on ip add 1.1.1.2/24 connected inside interface of the pix with ios 7.0 in transparent mode. and the external interface of the pix connected to a router IP 1.1.1.1/24.i enabled icmp inspection.i can see the router arp entry into the host and the host arp entry in the mac address router.both are well learned by the pix. no traffic flow form the host to the router. There is no access on the pix of pix.the list does not create an arp entry in the stange very pix. I tried to manuaaly add the entry:

  ARP in 1.1.1.2 0011.d80d.f6ac it gives an error <1.1.1.2>not allowed. network address I do not get it .my question is why the pix don't is not create entry arp. what could be the problem. could someone pls help me with this thanks pls.

  Assane

  Lol this is not as you mentioned. I'll explain the communication all in detail. I hope this helps.

  Assumptions:

  PIX configured to L2, with outside as 0 and inside as 100. insidehost on inside the network and external network configured outsidehost.

  scenario 1

  ==========

  If pix is not configured with the IP address, all IP packets are dropped and syslog Id 322004: no management IP address configured for transparent

  Firewall is saved. So lets see how communication works on L2

  outsidehost tries to communicate with insidehost. ARP request is from outsidehost and is sent through dissemination and it is received by PIX and sent to the inside network, without change.

  Return of InsideHost and the response is sent through to the outsidehost. When you see the arp on the outsidehost and the insidehost entries you will find the corresponding arp entries.

  PIX will forward arp request/reply.

  You can give the command "local host" and you won't see any entries created on the box.

  2nd scenario

  ==========

  An ip address is configured on pix and insidehost starts communication with the outsidehost. Communication is from top to bottom and will allow pix.

  No change in the behavior of the ARP. Exactly as mentioned in scenario 1.

  Given that the IP address is provided to the box, entered the local host is created and formed connection for traffic from insidehost to outsidehost.

  Connection between outsidehost and insidehost is denied because there is no access list to allow traffic from low to high.

  You can give the command "local host" and you will see the entrance to insidehost, outsidehost.

  3rd scenario

  =============

  An ip address is configured, created in order to allow the circulation of outsidehost insidehost and applied to the external interface of access list access list.

  No change in the behavior of the ARP. Exactly as mentioned in scenario 1.

  Given that the IP address is provided to the box, entered the local host is created and formed connection for traffic from outsidehost to insidehost.

  Access list being present to allow the traffic, the connection is allowed and entry is created in the box.

  Hope that the foregoing erases the entire communication L2 and the communication of different security levels.

  I hope this helps.

• VPN in transparent mode

  Hello

  Is it possible to run IPSEC and SSL VPN (without customer or anycoonet) while ASA in Transparent mode remotely? All NAT/PAT is the router before the ASA.

  If so, any example config would be appreciated.

  Reg,

  Sushil

  No, is VPN IPSEC or SSL are not supported when the ASA is in transparent mode.

  Here is the URL for your reference:

  http://www.Cisco.com/en/us/docs/security/ASA/asa82/configuration/guide/fwmode.html#wp1222826

• bug in fireworks CS4 at 24/32-bit with alpha transparent png export?

  Hello

  I recently upgraded to CS4 from CS3 and am very disappointed that the ease of export png to 24 or 32 bit png is then useless on my installation of fireworks (Vista). I have a colleague who reported the same behanviour on his mac.

  Please see this file png native fireworks CS4 and the attempt to export it as 24 or 34 bit png, ensuring the canvas is transparent (it shuold be already)...

  http://www.capitalh.NET/demo-bug.PNG

  The visualization mode in CS3 would show the png with its alpha channel, indicated by the transparency checkerboard. Exporting as well would produce the desired result > a PNG with an alpha nice mix channel.

  Viewing in preview in CS4 mode displays an horrible rendering of the image on a white background. Export the image gives the same result. Please see this link for confirmation:

  http://www.capitalh.NET/demo-bug-export.PNG

  Please also see this simple image, this time using a simple ellipse shape:

  http://www.capitalh.NET/demo-bug-export-SimpleShape.PNG

  You will notice that it is not transparent, and the ellipse has not been smoothed.

  Anyone can shed light on this behavior?

  Export of png as such is something I do every day at work, and is a fundamental requirement of an image editting application targeted to web site design.

  I'm doing something wrong? I been using Fireworks since 2003 so I'm inclined to think that I'm not.

  Transparency is only available when the file is exported as a PNG 8 or

  PNG 32. The sample you have to downloaded has been optimized for the PNG-24 format. When

  I changed optimization PNG 32, the file exported as planned.

  The shape simple PNG file seems to be a solid image, not a vector

  ellipse. In this case, the layout optimization of PNG 8

  with index transparency has solved the problem.

  HTH

  Jim Babbage

• How to export in Quicktime with a transparent background?

  I export my Keynote animation as a Quicktime movie, I want to import into photoshop and then export and animated GIF that I will put on a web page. The challenge that I have exported my speech with a transparent background. I set the background of a color with zero transparency but then the bottom just goes black and rest throughout the process. I look at older versions of Keynote had the possibility of transparency when exporting to Quicktime, so I hope, there is always a way!

  Thank you!

  To create a video with an alpha channel:

  On the model of slides: View > slide Maser Edit > Inspector > Format > master layout > in the background, select: no fill

  Export Quicktime: file > export Quicktime > in the drop-down menu select Format; custom > and select Apple Pro Res 444

• How to import moving in first with a transparent background GIF images?

  I have an animated gif that I got from the internet, and I'm trying to import into Premiere Pro with a transparent background. The gif is a motionless, flashing video game character. Whenever I import it, it always has a white background, so I need help on how to change this.

  I went into Photoshop and removed the white background image by image, making it transparent. I have it using the magic wand tool to select the white background, then press 'delete' to make this grid of diamond, which means that it is transparent. I then select file-> save for Web. I saw each image, and it shows that the funds are transparent. I have to save it in a gif file. But when I import into Premiere Pro, the white background is still there.

  I read many forums online on the people trying to import images into Premiere Pro with a transparent background, but none of them explained how to do specifically for animated gifs. Each answer has always been "export image into a png image, which is going to work" and of course, I exported some frames of the gif, png, and these images have transparent backgrounds in Premiere Pro. But I don't want a png because that is not the animated sequences, those who may be still images. I need to export it to a gif file so that it remains lively, but gif files always have this white background dreaded in Premiere Pro.

  I guess I could export each image as a PNG, each of these frames import into Premiere Pro, then string together all the frames and twist them so they will be functionally identical to the animated gif image, but that would take forever. I am doing a video project and I need many gifs animated work, so I don't want to do this with each of them. I'm looking for a way to simply import GIF files into Premiere Pro and be done with it. If there is a way to do this, please help me.

  -Robert

  Try to make the QuickTime video (I think that default h.264 exports no Alpha channel).

  And in project brouser right click on the clip, film (I don't remember how it the CS6). Settings out there for an Alpha channel.

• Unable to connect when you use the router

  OK Ive been using my router for some time and it has always worked a few weeks ago, she decided to stop working, when im connect directly from computer to Internet modem is very good, so my cables and modem and all that is fine. When I connect everything through the router... Router, computer modem to the router, all the lights are show as normally its work, on the router and modem, the network on the computer thing Local didn't tell only / limited connectivity, rocking it back... but usually connectivity IPv4 said Limited instead of Internet

  Things I've tried:

  Unplug everything, turn it off wait 30 seconds... to deceive, dosent work

  Buy new cables just in case... it dosent work

  use LELA 1.6 to try and re-setup/installation/configuration of the router... says I don't have an internet connection

  updated LELA 3.0 or 3.2 I forgot what was it, and it does nothing

  tried to disable the network to try to turn it back on to see if it would help what whatsoever, and it the connection decides to disappear out of my zone connections network completely and then I don't have any internet at all the

  Usually I can solve a problem me when something goes whack with my net, but im lost and im hoping someone out there can help with my problem

  Reset the router...
  1. hold the reset for 30 seconds button.
  2. then disconnect the Dungeon can now hold the reset button for
  another 30 seconds.
  3. plug back in the power and keep the reset button pressed
  for 30 seconds.
  4. release the reset button.

  Then click here to re - configure your router...

• ASA in transparent mode with LAN base active failover / standby?

  Is it possible to have a pair of the SAA in transparent mode with LAN-based failover active / standby? I configured the portion of failover and then configured the transparent mode and it erased my failover configuration. Is this supported configuration, and if so are there at - it an example?

  Thanks in advance

  Yes. It is possible to have a pair of ASA in transparent mode with LAN-based failover active/Standy. You must perform the configuration of failover after conversion of the appliance in transparent mode.

  I saw an example on the cisco site, but I'll give you an example of one of the projects I run. Infact its very easy to configure failover in transparent mode. Less work.

  I have listed the configs on both the firewall for your reference

  Main firewall

  ============

  interface GigabitEthernet0/0

  nameif outside

  security-level 0

  No tap

  !

  interface GigabitEthernet0/1

  nameif inside

  security-level 100

  No tap

  !

  interface GigabitEthernet0/2

  Shutdown

  No nameif

  no level of security

  !

  interface GigabitEthernet0/3

  Failover LAN Interface Description

  !

  192.168.9.2 IP address 255.255.255.0 watch 192.168.9.7

  failover

  primary failover lan unit

  local failover FAILINT GigabitEthernet0/3 network interface

  failover abcdef keys

  failover interface ip FAILINT 172.16.9.1 255.255.255.0 watch 172.16.9.7

  The secondary firewall

  =================

  failover

  secondary failover lan unit

  local failover FAILINT GigabitEthernet0/3 network interface

  failover abcdef keys

  failover interface ip FAILINT 172.16.9.1 255.255.255.0 watch 172.16.9.7

  int GigabitEthernet0/3

  No tap

  Hope the above helps.

• Why ASA in transparent mode require same subnet ip to that of the connected network

  ASA transparent mode, why it is necessary to keep the management ip on the same subnet to the connected network?

  What happens if I keep managing ip in a different subnet as the network connected?

  If I only did traffic to move through to the asa and why?

  thanxs.

  Hello Vijay,

  As you say you can use another, that is right, but the thing is that the IP address of management is not only used to draw management.

  Who was you are missing the point.

  That the IP address assigned to the ASA as a whole also will be used for ARP requests when the ASA does not know where the destination hosts lies and is not on the same subnet as the ASA.

  It will serve as a source for packages destined to a syslog server, server AAA, Netflow server, SNMP server, and any package that ASA will have to create so in that spirit the routing of the network will have to be modified to work with that.

  If you come to realize that the routing of the network works with a different management on the transparent address IP address then you can do it. I can assure you that I have seen this scenario before working with no problems at all BUD.

  Just to remember to Note all useful posts like this

  Looking for a Networking Assistance?
  Contact me directly to [email protected] / * /

  I will fix your problem as soon as POSSIBLE.

  See you soon,.

  Julio Segura Carvajal
  http://laguiadelnetworking.com