Cisco :: 4507 - Filtering Outbound Sys Log Messages

Apr 10, 2013

How can I filter outbound sys log messages, so they include only configuration changes messages..
On Cisco 2900 I used:
logging discriminator CFG LOG msg- body includes "PARSER" | "CONFIG"
logging host x.x.x.x discriminator CFG LOG
logging x.x.x.x
How can I do the same on 4507? This feature on Cisco routers is called "Reliable Delivery and Filtering for Sys log" and is available for 12.4(11)T  and 12.2(33)SRB (7600) . I am running Version 12.2(25)EWA6 on my Catalyst, so it is not available.
The software I am using is a simple solar winds sys log server.

View 2 Replies


Cisco WAN :: Filtering Outbound Routes In OSPF (Catalyst 4500 IOS XR)

May 5, 2013

We are redistributing routes from BGP to OSPF and we want to filter out some of this routes from the OSPF proccess to be announced to neightbours.We want to announce some networks from ASR#1 to Catalyst. We are redistributing them from BGP to OSPF Area 0. Then, to prevent loops in the topology, these routes have to be filtered out from been redistributed from Area 0 to Area 1 in the Catalyst, so Enterasys appliances don't install those routes through OSPF but to point them out through default route to ASR#2.Is it possible with only one OSPF proccess or we have to separate OSPF in two proccess to redistribute between them?

View 8 Replies View Related

Cisco Firewall :: ASA 5505 URL Filtering Using URL Filtering Server?

Feb 7, 2012

I have come across articles mentioning that URL  Filtering can be implemented by using ASA 5505 with URL Filtering  Servers. But Websense and other Web Filtering Servers are paid ones ?  Are there any free solutions available ? What exactly is N2H2 ? The  reason is I don 't want to increase the CPU utilization of ASA by  implementing URL filtering within the device. If I have around 30 nodes  which connects to the internet via a 2Mbps line through ASA 5505 and if I  want to block around say 10 or 15 URLs , will it increase CU  utilization beyond permissible limits ? Currently the CPU Utilization is  around 10 - 15 . Here's the infrastructure setup .

Nodes -->Switches-->ASA 5505-->Internet

View 4 Replies View Related

Cisco :: Inbound And Outbound Traffic In BGP?

Dec 6, 2012

I have two ISP, I want to divide Inbound to ISP1 and Outbound to ISP2.

View 3 Replies View Related

Cisco VPN :: PAT Outbound On 5540 For Traffic?

Feb 28, 2011

We're running 8.3(2) in the ASA5540. Users all over our enterprise connect to a business partner's application through the ASA/VPN. We have a class-b address space, and since the users are spread out all over the place, I have the entire class-b space as the local object in the ACL that allows traffic through the VPN tunnel.
The business partner has concerns that our entire address space is available to access the VPN tunnel. So I thought, to alleviate their concerns, to PAT all of our connections outbound to a single IP address.
How is this done in 8.3(2)?  We use ASDM to configure the 5540.  For example, say our class-b is and the PAT'd IP address will be

View 5 Replies View Related

Cisco WAN :: 887 Router - Two Outbound NAT On Dynamic IPs

May 27, 2013

I've got an 887M router which will be configured with two linke - one ADSL, one 3G - both of which will have (obviously) a separately suppplied IP address from the different ISP's being used. The 3G is a backup - plain and simple - for use only when the DSL service flakes out (which it does often)
Routing is pretty simple - I'll either do soemthing with a bit of PBR, or a simple weighted static, but the NAT has me scratching my head a little.
Can I have two outbound NAT pools (ip nat outside) for each interface which will be used ONLY for traffic going out the interface concerned?
For example, I have one for the primary link
ip nat inside source list 2 interface Dialer1 overload
Can I do the same for the second dialer interface like this
ip nat inside source list 2 interface Dialer2 overload
and have them automatically switch to using the dialer 2 IP for the outbound NAT if the dialer 1 link fails?
I don't think I've ever come across this before, so I'm not sure if it can even be done.

View 1 Replies View Related

Outbound Packet Loss

Aug 10, 2011

For about the past 2 or 3 months, I have been experiencing outbound packet loss at about the same time every evening. That timeframe is about 7 PM - 10 PM. This is most noticeable on Teamspeak 3 because of the voice disruption that other users report to me.

View 1 Replies View Related

Cisco :: Outbound Calling To Two ISDN BRI Ports?

Oct 21, 2011

Both of these ISDNs are up, this gives us 4 channels. Someone said they recieved a busy tone when they attempted to dial out. I looked over the system and seen there are two outbound pots dial-peers. Each dial-peer references one of the BRI ports. The preferences are the same on each dial-peer. I think what is happening is that the system is randomly selecting one of the dial-peers due to the preference, even if both channels of the BRI are in use. How does the system know if that port has both channels in use? I've not used ISDN before, so tried to enter the B-channel sub interface and the system (UC500) tells me I cannot do this. I was thinking about adding each channel into a trunk group and then referencing the trunk group in the dial-peer. I can obviously add both BRI's into one trunk group.

View 2 Replies View Related

Cisco Routers :: Outbound Nating With RV082?

Jan 9, 2012

I just migrated our office network router to a RV082. While configuring it, I came across three problems: 
(1) From our ISP we have four public IP addresses which I want to make use of for outbound traffic. With the previous router we used we could configure LAN IPs(ranges) to map to static public IPs. Does RV082 support this? I could not find an option for that at the web-interface. From what I understand the 1-1 NATing only goes both incoming and outgoign ways and actually is 1-1 and not the many-to-one I am looking for.
(2) How is it possible to configure incoming port forwards to use a specific WAN interface? Will it always be the primary WAN interface?
(3) Does the telnet access provide more configuration options? I could not log in to it with the same user credentials as with the web-interface.
Serial Number : NKS1532xxxxFirmware Version : v4.0.4.02-tm (Jul 4 2011 13:30:56)PID VID : RV082 V03Firmware MD5 Checksum : 1f84d8d0a2a8b99f9bfa4409e64547aaLANWorking Mode : Gateway

View 0 Replies View Related

Cisco WAN :: 6509e BGP Outbound Path Selection

Sep 20, 2012

I multi homed to dual ISPs using a single 6509e. Currently, I am only receiving a default from wash ISP and marking one with a higher local pref. most of my traffic flow is inbound, so this config meets my need. The issue I have: if either ISP has has an outage upstream from my directly connected peer, my router does not detect that and continues to send traffic out thru that provider only to be black holed. My 6509 will only support 256k routes, so full route tables isn't an option. I could receive partials from each ISP. Is there any other method to detecting this upstream ISP issue and then adjusting my local pref on my default to use the alternate provider path?

View 3 Replies View Related

Cisco WAN :: Reserve Outbound Bandwidth For VoIP 877

Mar 31, 2011

I have a Cisco 877 on an ADSL connection.  QoS isn't doing the trick -- I need to reserve 200 meg or so of my outbound (upstream) bandwidth for VoIP to end complaints about voice quality. Any example of how to classify SIP, RTP, IAX, and Skype traffic and put a rate limit on anything that doesn't fall into that category?  The VoIP phones also are in their own IP range on the LAN side if that would make things easier...or I could even connect them into a specific port on the internal switch in the router.

View 9 Replies View Related

Cisco WAN :: 6509E - BGP Outbound Path Selection

Mar 4, 2013

I  multi homed to dual ISPs using a single 6509e. Currently, I am only receiving a default from wash ISP and marking one with a higher local pref. most of my traffic flow is inbound, so this config meets my need. The issue I have: if either ISP has has an outage upstream from my directly connected peer, my router does not detect that and continues to send traffic out thru that provider only to be black holed. My 6509 will only support 256k routes, so full route tables isn't an option. I could receive partials from each ISP. Is there any other method to detecting this upstream ISP issue and then adjusting my local pref on my default to use the alternate provider path?

View 3 Replies View Related

Cisco WAN :: 4900 - Outbound QOS Police Configuration

Jan 12, 2011

I need to attach a QOS policy to a layer 2 WAN interface between two sites.  This is actually an extended LAN circuit with 500Mb/s of allocated bandwidth.    The interfaces are Gigabit so I want to make sure I don't attempt to transmit traffic faster than 500Mb/s.  What is the best way to implement an outbound QOS policy that sets the minimum and maximum speed to be the same? This policy will be implemented on a 4900M with the 20 port GigE module

View 3 Replies View Related

Cisco Firewall :: Outbound ActiveFTP On ASA 5505

Oct 5, 2011

I'm having some issues getting ActiveFTP to pass through an ASA 5505, I finally found out when I tested the FTP via cmd on windows(after the major hassle of getting credentials out of the software co) that it does open the connection on the control port, but whenever I try to send/recieve data the connection is dropped, for troubleshooting purposes I've even gone as far as opening up all ports 1-65535 with an acl to no avail, I believe the FTP traffic is encrypted with SSL(can't get a solid Y/N from the company).

View 1 Replies View Related

Cisco Firewall :: ASA 8.4 - Static NAT With Outbound SMTP

Mar 30, 2011

Below is the interesting part of my config.  I have static NAT configured and working inbound for the Exchange Server and the Barracuda, however outbound traffic from those hosts comes out as the interface IP.  Thoughts?  I've tried a number of things (outside, inside), etc.
object network obj_any
object network DSN-EXCH01
object network MAIL-IN

View 3 Replies View Related

Cisco Firewall :: Asa 5510- 2 IP's Outbound Fail-over With RTR Inbound Possible?

Jan 30, 2012

I know I can use the RTR statement to determine when the primary ISP circuit goes down via this technote: url...My question can I assign static Nats on the backup ISP connection to the same inside servers in the dmz.?Example is mapped to ISP1 ExternaIP of Can it also be mapped to ISP2's way I can get my DNS changed and my inbound traffic to servers in my DMZ on the asa 5510 running 8.0.3 code can continue to receive Inbound traffic.

View 1 Replies View Related

Cisco Security :: ASA 5505 Needs VPN Outbound Unblocked Via Gui Interface

May 7, 2012

How can I achieve this.  I am obviously a novice cisco user and really fight my way around.  I just want to grant access to a vendor to connect to his vpn.  What ports need opened and what else do I need to do?

View 1 Replies View Related

Cisco WAN :: Outbound Port Forwarding And Redirecting 800 Series

Sep 18, 2011

I've tried a few different ways unsuccessfully so thought I'd ask here.I'm trying to forward an outgoing port on a Cisco 800 series router. ie. When a user inside the network connects to the router on port 1234, it opens up the same port on a server on the Internet.

View 2 Replies View Related

Cisco Routers :: Default Outbound Policy In RV220W

Aug 1, 2012

How to set the default outbound policy as block in access rules of rv220w? I configure my company router RV220W to block all outbound service traffic, just allow outbound service as : http, https, smtp, dns_tcp / udp. it works fine for some hours, the next day, the rules like expired, the https / smtp / DNS service fail to outgoing, only the http is still ok? What happen? Now I just set the default outbound policy as allow, all traffic can go out, but that is meaningless for a firewall device.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 ACL For Blocking Outbound SMTP

Jan 30, 2013

I'm trying to configure a simple ACL to block smtp traffic from leaving my LAN -- basically prevent internal users from setting up internet email accounts in their email clients and sending through that smtp server. i want my Exchange server only to send smtp traffic. here's what i have:
-access-list 102 extended permit tcp host eq smtp any eq smtp <=== is Exchange
-access-list 102 extended deny tcp any eq smtp any eq smtp
-access-list 102 extended permit ip any any
-access-group 102 in interface inside
after i apply this ACL to the ASA, i am still able to send from my internet email address setup in Outlook using my "foreign" smtp server.

View 1 Replies View Related

Cisco Firewall :: PIX 515 Blocking Outbound Traffic To Certain Sites

Oct 14, 2012

I have a LAN with several linux boxes (Fedora 17, both 32 and 64 bits),  as well a a WInXP box. All of these are connected to the same switch,  which is connected to the inside port of my PIX 515.
For a few sites ( happens to be one of them), for http access, the tcp connection is established, but the "GET" request - or anything else for that  matter - will not go through the PIX (from inside to wan). I have  verified this by first, using wireshark to watch the packets being sent  out from the client box, then by using the trace function in the PIX to  see that the packets ARE arriving at the inside interface, but ARE NOT  sent out of the wan interface.
This is for the linux boxes ONLY. When I do the same thing with my WinXP  box, all works: in the PIX trace, I see the packets arrive at the  inside interface, and leave the wan interace. And access to these sites  are okay.
(What's a bit weird, although somewhat expected, when I connect my android phone to my LAN via WiFi, it too is unable to reach those sites - but then again, android is linux, right?)
In addition to the tracing, I have narrowed this problem down by connecting a linux box directly to my DSL router, then replacing the PIX with a simple router/gateway. Both of those solutions work.
Some background:
I have been using this PIX for about 10 years now, with the same  configuration (except IP addresses). Only in the last several months has  this problem started to show up.
I got this pix from a dead company at a really great price (free), so I'd like to keep it, and not have to spend money on something  else. I don't have any support license, and have not been able to get  any software upgrades. Here is its version info:
taz(config)# sho ver
Cisco PIX Firewall Version 6.2(2)
Cisco PIX Device Manager Version 2.0(2)
Compiled on Fri 07-Jun-02 17:49 by (code)
Serial Number: 405200362 (0x1826ddea)
Running Activation Key: 0x38ac31f3 0x0630df47 0x9a77b805 0x8bc39a60

PS: Since this PIX is at its end of life, I was wondering if any of the  software upgrades would be now available without a license?

View 2 Replies View Related

Cisco Firewall :: Enabling Outbound Traffic Through ASA 5520 8.4(4)1

Apr 4, 2013

We've got a proyect that requires a few thin clients to connect to a remote PCoIP server.
Looking to the documentation, the only port required to be open through Firewalls is TCP/UDP 4172, however, we've seen (making interface captures) that it somehow also uses ESP (IP protocol 50).
We've got a static NAT translation translating those thin clients to a public IP address, we've created ACLs to allow inbound (shouldn't be necessary as our user is connecting to a remote server) and outbound traffic for TCP/UDP 4172 and ESP and I cannot make it work.
I've also enabled IPSec pass-through Inspection to no avail.
how should we configure our ASA to enable this kind of traffic?

View 4 Replies View Related

Cisco Firewall :: Opening Outbound Ports On ASA5505

Oct 2, 2012

I need to open some outbound ports in order for our CCTV company to receive alarms from our internal CCTV Machine.
The ip addresses of the company who access the CCTV are as follows:
The above are fixed IP addresses. The internal machine is on
The outbound ports that I need to open are the following:
I have access to the current config if needs be.

View 8 Replies View Related

Cisco Routers :: RV180W - Outbound Public IP Address?

Mar 26, 2013

What I'm trying to do seems pretty basic, but I cannot get it working on the RV180?I have 5 Fixed IPs. Using Access Rules I have configured a few inbound rules with specified WAN Destination addresses and these are correctly port forwarding these inbound ports on the specified Public IP addresses. Perfect!
However, for outbound, I need to do the equivalent for one public IP for outgoing SMTP so that our mail servers public facing address is not the standard WAN address and therefore will not fail a reverse DNS lookup. At the moment I have emails bouncing all over the place and panic has set in. I thought the SNAT option was the soltuion, but that just seems to break traffic flow completely on the specified port. I had this working no problem on my old Netgear, but I had to replace it due to throughput limitations.

View 3 Replies View Related

Cisco WAN :: 2900 Outbound Cdp Packet Dropped / NCP Not Negotiated

Sep 12, 2012

Cisco Router 2900.My setup pppoe dsl 8mbps and i read on other website kinda sound of MTU.. but i dont know what is this or exact number of MTU. [code]

View 2 Replies View Related

Cisco Firewall :: ASA 5510 - Reverse Or Outbound NAT Redirect?

Jan 24, 2012

I have the need to do an outbound NAT redirection.  So what I mean is this.  I have a custom program that uses SSH to port 22 from a server inside the ASA firewall.  This goes out to a server on the Internet over port 22.    The ISP of the SSH server told me that they changed their SSH port from 22 to 2102.  So instead of changing the custom code on the developed application on the server... I thought it would be easier to do a OUTBOUND NAT redirection for the ASA to see port 22 from the server and redirect it OUTBOUND to port 2102. 
so for example:

The server is at and it uses a program to initiate SSH traffic to The server sends to port 22 but I need it automatically changed on the firewall to port 2201 at 
It is a Cisco ASA 5510.   The server at does have a fixed IP address on the outside with INBOUND NAT for things like port 25 (mail) traffic etc.  Lets pretend that was at

View 1 Replies View Related

Cisco Firewall :: ASA 5510 7.2(3) - Inbound And Outbound TCP And UDP Access

Nov 20, 2011

I'm running a Cisco ASA 5510 with version 7.2(3) and I've been tasked with permitting some inbound & outbound TCP & UDP ports to/from a specified address space on the internet. 

In looking at my current ASA config I see other access lists already configured so I'm assuming I can just set up a new access list in similar fashion, but I wanted to verify here first.

View 6 Replies View Related

Cisco WAN :: 2821 - Split Outbound Data Traffic

Feb 29, 2012

I have hooked up to the Cisco 2821 router a T1 on Serial and Cable Modem to GigEth0/1 and I want to split outbound traffic so that all regular users will use G0/1 interface for web traffic and the rest of the traffic stays with the T1.  I am having an issue where the users on the network are not able to use the internet when using the following config:
interface GigabitEthernet0/0.10
description Data
encapsulation dot1Q 50


View 11 Replies View Related

Cisco VPN :: ASA5510 Best Place To Configure Outbound QoS From Main Office

Jun 10, 2012

We have a main office and 4 remote offices (only showing 1 remote office in the diagram). We are using GRE over IPSec VPNs to the remote offices which terminate on the 2811 router in the main office. We are using the 2811 as it is the only device that we have that can terminate GRE. The 2811 router is connected to the outside switch and is configured with a public IP address. We also have a ASA5510 in the main office which is connected in the same manner and is used for Web, e-mail traffic etc.Both the main office and remote offices have a 10Mbps Internet connection.
We have an issue with voice quality between sites as we are finding it difficult to control bandwidth utilization in the main office. When users in the main office download web content it can saturate the 10Mbps Internet connection causing voice quality issues. We have configured outbound shaping on the branch routers to make sure that aggregate inbound traffic from all branches to the main office does not saturate the link but we cannot control traffic from the Internet.I understand that controlling inbound traffic from the Internet is difficult without controlling QoS on the ISPs side. Is there any way that can reserve inbound bandwidth to ensure that web traffic does not impact voice? Also in this design, which is the best place to configure outbound QoS from the main office?

View 4 Replies View Related

Cisco Switching/Routing :: Rate Limit 3560 Outbound To 5mb?

Jun 9, 2013

How to rate limit a 3560 inbound and outbound using different QoS methods. I've read about vlan class maps/policy maps, using the rate limit command on the physical interface, using the srr-queue bandwidth command(it's a gig switch so not sure that would work) and marking all packets and then applying QoS.  I'm just learning QoS so trying to figure all of this out and find the best way to do things.
Also, I was told to do this because it's not advisable to have a connection to your ISP that is not 10mb or 100mb on a switch, since they are not divisible by 10 and it can cause issues? 

View 2 Replies View Related

Cisco Routers :: SRP521 Giving Busy Tone On Outbound?

Dec 13, 2012

I have a 521 with 1.01.24 The fxs port is registered and inbound calls work.  When the customer picks up the phone to make a call they get a busy tone.

View 1 Replies View Related

Cisco Application :: CSM Outbound Configuration Migration To ACE20 Module

May 9, 2013

How to migrate the following config from a CSM to and ACE20 module.
Currently we have a CSM configured as below:- 452 Client and 453 Server sharing the same Public vlan. 
We require outbound access from groups of internal individual servers to external addresses.  
CSM config
module ContentSwitchingModule 8
vlan 452 client
ip address


View 7 Replies View Related

Cisco Firewall :: ASA 5510 - Open Outbound Port For Specific IP

Dec 6, 2012

We have a ASA5510 and I need to open port 22 for a speacific IP in our LAN outbound only.      

View 15 Replies View Related

Copyrights 2005-15, All rights reserved