Recently Posted

advertisement


Browsing Archives

Archive for the ‘Cisco’ Category


No Comments » July 31st, 2008
Configure Cisco ASA to Allow Access to Internal IIS Site

Okay, this was my dilemma and I couldn’t google this one to find a solution. I had to resort to calling the Cisco Gurus themselves.

This was the issue:

Client has an outside IP of 70.X.X.X and an internal IIS server of 192.X.X.100. They host an internal site that all within the 192 network can access.

Now they wanted me to help them allow outside access to the IIS server and access the site via the web using https, or as follows: https://70.X.X.X/web.

I created a static NAT using the https ports and I couldn’t get anywhere. I tried different things and nuffin! Ahhhhhh!

Called Cisco TAC (Technical Access Center)! This is what I was sent from the tech, whom in my opinion rocks. As soon as I followed his intructions it worked perfectly!

This is it:

“Look like we are missing a line.
The line you require is the following :

access-list outside_access_in line 1 extended permit tcp any host 70.X.X.X eq 443

That line will use the next 2 lines described below to allow access on port 443 to the server with the IP =192.X.X.100 if connection to the server is attempted from the Internet using IP=70.X.X.X as the destination address.

static (inside,outside) tcp interface https 192.X.X.100 https netmask 255.255.255.255 interface Vlan2 ip address 70.X.X.X 255.255.255.X

These last 2 lines are already part of the ASA current configuration so you don’t need to enter them.”

That was it… simple, but it works!

  By Monchster

5 Comments » July 8th, 2008
Cannot Access Cisco ASA on ASDM or Telnet

So I was at a clients and btw, forgot my laptop, and I had to configure their Cisco ASA 5505 series router with the new IP address of their satellites office’s ASA router. You see, they had a site-to-site VPN.

Problem was when I telnet into the ASA I get an “Could not open connection to the host, on port 23.Connect failed” error.

I could ping the router’s ip however, and also when I tried to login using the Cisco ASDM Launcher,  I would get “Unable to launch ASDM Connection Timed out” error. What the heck?!?!!?!?!?!?

Well, the problem was that the router was never configured to accept any other IP for management.  See, the router was set for an IP range of 10.0.X.X. But the router was only configure to allow a range of 192.168.X.X.

It took about 2 hours to figure this out, so I post it here to help relieve you of a future headache, and to remind me as well.

This is how to solve:

You’re going to have to use the console cable to establish a connection to the ASA since it appears that your HTTPS/SSH access lists are not configured correctly.

Use the blue console cable to establish a connection to the ASA and from the command line interface, go to enable mode and issue the following commands:

conf t

http server enable
http 192.168.1.0 255.255.255.0 inside - where the IP has to be the inside IP scope assigned.

Once I did this using the 10.0.X.X IP, I was then able to use ASDM to configure the VPN settings.

Hope this helps…. comment if you have any questions.

  By Monchster

Navigation