In the Firewall Dashboard of my ASA 5580, I get data on every pane, except for the Top 10 Sources and Top 10 Destinations. Why is that, and what do I need to do to get data there?
View 1 RepliesI need to move 1 data stream onto 4 different servers in different subnets, I know I can NAT into a multicast address, but with it coming into an ASA I was wondering if I could make a PAT that sees packets coming in on port 4567 and sends it out to port 4567 on 4 other IPs (I don't think this will work though as I don't think a pat will duplicate packets, only change them)
View 2 Replies View RelatedI'm looking at deploying a single WLC 5580 into a data centre and I'm trying to decide if to use flexconnect or to tunnel traffic back to the controller. There will be 2 offices each with 40 access points. The wireless will need to support roaming voice traffic. Will I have any issues with flexconnect and 30 access points? I'm aware that you can only have 25 aps per flexconnect group but I dont know if this has any limitations such as dirty roaming? Also is tunneling traffic back to the WLC ok for voice and video traffic as the traffic will have to travel back from the data centreto the local offices ?
View 5 Replies View RelatedI have a single Nexus 7K (6.x) with only F2 modules and I would like to SPAN the same source interfaces and vlans to mulitple destination servers (interfaces). When configuring SPAN to a single destination traffic gets replicated successfully but when I add an additional destination to the same SPAN session then none of the destination interfaces receive any traffic. As soon as modify the SPAN to include only a single destination interface it works again. I'm guess this is a limitation of the Nexus 7K 6.x code or the F2 modules.
View 4 Replies View Relatedafter upgrading an ASA 5520 to 8.4.2-8 VPN clients traffic is not passing destinations other then destinations behind the inside interface. the log shows routing failure for the vpn client on the inside interface.it was working fine with 8.4.1 but the traffic is originated from the outside interface. confirm the the interface for VPN clients changed from outside to the inside interface.
View 5 Replies View RelatedCan the camera support multiple destinations simultaneously?
In testing set-up for ftp and email, while observing results in a browser on the Mac, and also MyDlink app on an iPad, I observe that a few jpegs get sent to email, a few to ftp, and MyDlink keeps "timing out". My Mac is wired gigabit ethernet to the router, and the wireless LAN is 802.11n.
Maybe it can't handle multiple destinations?
Does MyDlink cause continued transmissions at the video frame rate set in the setup panel, even if no one is connected to look.
can i merge two sources of bandwidth into one router ?
View 1 Replies View RelatedI'm trying to make a redundantish office/datacentre connection on the cheap. At the datacentre, we've got a 7301 (12.2(24)T5) and at the office we've got a Mikrotik RB1200 (5.12).The office router has two ADSL connections to two different ISPs, the datacentre router a single GigE to a colo provider. I'm trying to build an IPSec encrypted IPIP tunnel over each ADSL service to a separate loopback interface on the datacentre router, so I can run OSPF over the top for route exchange. I need to use two different loopbacks on the datacentre router so the office router can have a static route for each out each ISP ADSL. But I'm running into issues making encryption work on two different source addresses.Using the 'crypto map xxx local-address Loopback12' command, I can specify the outbound interface for one of the tunnels just fine, traffic moves as expected - while the other tunnel fails to encrypt. But is there a way of having two peers use two different local addresses, or applying two crypto maps to a single physical interface?
View 1 Replies View RelatedThe bootloader used by the device is U-Boot, which is also licensed under the terms of the GPL. Sadly these parts are missing from the source code package provided by D-Link. Therefore I am asking you to add the U-Boot sources to the provided archive or post them here in the forum.
View 12 Replies View RelatedI am having an issue where I can't get to external network sources via my sub interface which is attached to a 192.168.10.X VLAN I created to for Guest wireless traffic. The internal interface is a 10.5.X.X network. I can get out the external interface, but anything that we have A records for such as our mobile iron server that we can hit from the outside via https and an external IP can't be hit from the subinterface at all. Would this be a DNS rewrite issue or inspection problem?
View 3 Replies View RelatedFor the command "monitor session 1 source" in Cat4900 (e.g. 4948), how many source interfaces can be supported per monitor session?
View 1 Replies View RelatedI am a very basic user on the Cisco Switch programming. I was given a Cisco 3750G-48 to tinker with in my home office. I was wondering if someone could lead me to some good sources of information to program and configure this switch? I am wanting to create a GB network in the house with the computers that I have and the storage arrays.
View 8 Replies View RelatedI want to know could we change or remove the Gateway (highlight) within of Routing Information Sources in OSPF routing protocol? [code]
View 9 Replies View Relatedhow to: port forwarding to 2 different destinations based on incoming WAN port
The default HTTP service works fine: TCP80/80-> 192.168.0.55
I have a couple of IP security camera's I'd like to be able to access remotely that also listen on port 80. I tried TCP & UDP 8009/8009-> 192.168.0.9 without any luck. Not sure how to handle the port redirects on the RV042G? Seems simple and was on the Symantec, could be user training :-)
I was able to do port redirect with the Symantec Firewall I'm replacing.
I have an ACS 5.3 cluster, that is configured to use AD. There are a few wireless devices, and monitoring tools that do not have AD accounts. I would like to configure ACS to first check AD for the user authentication, and if that fails to roll over to the local (Internal Users) identity source where I can define these user accounts.
It seems that when the authentication hits the initial Identity Policy rule, it never moves onto the next one if the first fails.
Attached are screen shots that show how i'm configured for the test, i have a local user defined and I'm trying to log into the firewalls.
- Identity Definition : Screen shot of the main ACS definition for the rule i'm testing that's not working
- Identity Rule 1 : The configuration of rule 1 that if it fails i need it to move onto rule 2.
- Log Output : Screen shot for one of the failed attempts from the ACS View Log server.
Reason I need to configure it this way is:
- Wireless users authenticate to wireless using AD user accounts. Some hand held scanners do not support that and will need to authenticate using the MAC address.
- Authentication to Network devices for managment uses AD accounts. We have some monitoring tools that do not have AD accounts, and will need to be able to log into Network devices to issue some commands (Examples: Cisco Prime LMS and NCS, Infoblox NetMRI).
accessing my cisco ASA, last night we were doing VA on our ASA, after that iam not able to access it through ssh nor telnet. its not giving me any error.. i tried from different system also. SSH & telnet allowed from inside to 0.0.0.0 i have re-generated rsa keys when it was working. ASA version is 8.2 now when i connect telent is giving me blank prompt. i can login using ASDM.
View 5 Replies View RelatedOur ASA is a 5580 version 8.1(2) and is the L2L VPN peer for a handful of remote offices including a L2L VPN with a vendor who will provide a service for these remote offices. I have two questions/issues:We will need to provide this vendor access to the remote office network(s) only on port 9100 (printing to specific printers at these offices). I know there is an issue with L2L VPNs ability to see each other but if there is a global command allowing all to see each other that would be bad as we have others and don’t want all to see each other.The remote offices are using CIDR 172.20.0.0/16 so each one is assigned for example 172.20.3 the next office is 172.20.4 and so on. For the crypto map access list for this vendor can we use 172.20.0.0/16 or do we need to specify each individual network?
View 3 Replies View RelatedI got a problem with a cisco asa 5580 like two days ago and the device stop working (there was a mainteinance window and after that the device didn't work). Now we receive the RMA and we are trying to configure the failover so the new device get the configuration form the one that is working.
But this is the message that I gettin:
Failover message decryption failure. Please make sure both units have the same failover shared key and crypto license or system is not out of memory
We already changed the shared key and crypto license but the failover is still down, what are the features that the cisco need to activate to enable the failover?
I am receiving allot of Errors "%ASA-4-405001: received ARP collision from IP/MAC on interface dmz1 with existing ARP Entry IP/MAC
When i checked this MAC address in the same firewall it shows too many IP Addresses. What could be the reason ?
We have a corporate site with a Cisco ASA 5580 (8.1), a remote office with a Cisco ASA 5510 (8.2) with a L2L VPN to corporate. A vendor has a L2L VPN to the corporate ASA with access to the remote office across the VPNs (hairpinning). The corporate office accesses an application at the vendor on port 23. Everything is working with regards to the vendor accessing resources to the remote office and the corporate office accessing the application at the vendor. Our goal now is to restrict the vendor to port 23 from the corporate network and port 9100 to the remote office. On the corporate ASA I setup a VPN filter and applied to the vendor's L2L vpn but when I apply the filter (see below) all traffic stops to the vendor such as telnet.
View 6 Replies View RelatedI connected my intranet cable to coreswitch 4510 created one vlan 600,that vlan gateway is routable from asa5580.now my intranet people able to ping my vlan gateway but iam unable to ping their ip.i added static route on asa route inside 192.0.0.0 255.255.255.0 10.100.106.1 1 but iam unable to ping remote ip.
View 2 Replies View RelatedWe are using Cisco ASA 5580 (8.2) firewall. When i try to ping from inside lan to firewall DMZ interface IP it is not pingable and but from inside users i am able to ping firewall inside interface IP address.
I think we can't ping to other interfaces of ASA by default. But can we allow the single IP address who can ping all the interfaces of firewall?
We are not doing any natting in firewall, for that we used the Load Balancer.
Our company has a handful of sites that use the EasyVPN technology.On my remote router (Cisco1841) - I add the crypto inside to the FA0/0 and the Loopback0 interface.On the other end my Cisco ASA 5580 - 8.41 code - I have RRI enabled and the tunnel comes up fine.However I only see the static route from the fa0/0 interface on the remote router. I can not figure why I can not see the Loopback0 address?Wondering if this is a limitation or feature not enabled.
I added multiple interfaces on the Cisco 1800 and can see the networks.I run "show crypto ipsec sa" on the Cisco ASA and see the spi encaps/decaps for the loopback, but the SH ROUTE does not show the static route being injected.
I have a strange issue with certificate based authentication anyconnect. We have an ASA with two internet links, both have a CA authenticated Cert for anyconnect VPN’s. We have an anyconnect client profile also, when we simulate a link failure on the ASA the anyconnect should automatically attempt a re-connect to the backup server list in its configuration (which is the other interface on the ASA 5580) which it does but we get a certificate trust error.
View 3 Replies View RelatedA customer's ASA is presenting the System LED flashing red.I have already analysed the show tech-support and show environment output: Found nothing, everythink seems OK.Cisco ASA 5580-20 - 8.2.1.Single appliance, no failover, multiple context and transparent mode.
View 5 Replies View RelatedI wanted to perform the customization of the SSL WebVPN page. But When I tried to create a new Customization object is is not happening as the DfltCustomization object is not available.We are having so many webvpn configuration and objects that i cant issue "revert webvpn all" command.Can I able to import the File from any location or the default customization object file so the I can export it into the ASA and create new custmixed object accordingly.Or what other steps I can take to have customization happening in my Cisco ASA 5580. 8.2 (5) and ASDM 6.4.
View 1 Replies View Relatedwe are going to upgrade our 5580 ASA Cluster from 7.2 to 8.2 and want to do it like this way ( which worked for all 7.x upgrades ) :download asa8.2 Image to primary + secondary Firewallreboot primary ( message come up " mate version ...)reboot secondary.Does it works any experience? Does it work if both firewall can see each other during the boot process ?
Do I have to bring the secondary into the monitor mode so the fw is not visible for the primary ?
I want to ask that does ASA 5580 support the nat-pt for IPv6?
View 2 Replies View Relatedi'm new with the asa's...i'm familiar with the FWSM's on 6500's and pix..I'm running Version 8.3(2) and i wanted to setup nat-control and use of identify nats for advertising inside subnets to my outside networks.
the old command was static(inside,outside) 10.x.x.x 10.x.x.x netmask 255.255.255.x i'm having a little difficulty decyphering the pdf about the static nat...the command itself is no longer used, nat-control is no longer used, but i'm not quite sure what the equivalent nat command is that equates to the old static inside,outside command.
In my ASA 5580-20 system LED is flashing RED how can i trobleshoot this.
I checked rarepanel everything is ok also i saw environment also showing ok
I have encountered a problem in one of customer that the Active ASA 5580 is unable to sync with Standby Failover ASA. When Active is connected with FO and push the configs to it will not find the ethernet/Gig interfaces due to which the all the configuration were not applied and when the primary ASA the secondary is unable to respond.
When i attached console with the Standby ASA i have seen this error.
Number of interfaces on Active and Standby are not consistent.If the problem persists, you should disable and re-enable failover on the Standby.
For detail undestanding i am attaching the configs of primary and standby ASA. The KHI-DR-ASA-BB-01 is the standyby firewall.
We have inherited a 5508 controller running 7.0 code and WCS running 7.0 code. This site did not have a backup controller. So we have installed a wism as a backup controller. The problem is no one can seem to remember the pre shared keys for the wlans on the primary controller. Can I use WCS to duplicate the wlans to the secondary controller and have the psk copied?
View 3 Replies View RelatedIf we switch from primary to secondary firewall the interfaces on the secondary go to state waitung than to failed. after awhile the secondary gives the control to the primary.
it seem that traffic passes the secondary firewall during this short failover time . we have several context created on the firewall, Switch Ports checked , cabeling check everythink checked
blackhole Interface inside (10.255.102.134): Normal (Waiting)
blackhole Interface shared (10.255.102.134): Normal (Waiting)
blackhole Interface inside (10.255.102.133): Failed (Waiting)
blackhole Interface shared (10.255.102.133): Normal
blackhole Interface inside (10.255.102.133): Normal (Waiting)
blackhole Interface shared (10.255.102.133): Normal