Does any know why the ASA will monitor physical interfaces by default, but monitoring of logical interfaces is disabled by default? Or better yet, is anybody doing a monitor-interface for a subint without issue? I'd imagine it isn't enabled by default for a reason.
View 2 RepliesWe have to enable FIPS 140-2 on our ASA5520's for all our IPSEC VPN connections. We currently have failover on our 5520's. I found a lot of information out there but some seems to conflict one another.What are the things I need to look out for - caveats? Does the clients that connect to the VPN had to use different clients once the FIPS was enabled.Do we need to recreate logical interfaces for each physical interface we have?
View 1 Replies View RelatedI would like to run some NetFlow monitoring on a few sub interfaces on a router. This is a 7301, with an NPE-G1.What I want to know is, does Cisco have a page anywhere (because I can't find one) that lists typical additional CPU and memory loads one can expect when enabling NetFlow on an (sub)-interface; perhaps for a given speed (Mbps) and/or number of flows?I don't want to enable NetFlow and then bring the device to a grinding halt, how can I know what sort of overhead to expect?
View 2 Replies View RelatedI am looking to configure port up/down status alerts in our monitoring system. We are using ActiveXperts Newtork Monitor Manager, which supports SNMP GET, which I would like to use. The monitoring system supports a plethra of OID data types, which I've used (Integet, ASG_INTEGET, ASGN_INTEGER32) in the past with success on our Catalyst 2k's. I'm not certain what to use for the Numeric OID value to monitor the port states on our F1 and M1 line cards.
View 1 Replies View RelatedI have a query on natting on 8.4 ASA. We are going to configure IPsec tunnel with our client. Our client has provided a single ip(192.168.32.11) which would be the source at his end. Is it possible to Nat my end network(10.130.20.0/24) with logical ip (192.168.32.11) which is not configured anywhere.
here are details.
my end internal network(inside) : (10.130.20.0/24)
logical ip to be natted my internal ip: (192.168.32.11)
Client end network : (10.100.10.0/24)
I have a node with one physical wireless interface and I need it to offer AP service to other nodes, connect to an existed AP, and connect to other nodes in ad hoc mode. If I create 3 logical wireless interfaces of that interface and configure each one respectively to the modes above, would this work? do they use the same MAC address or each needs to be configured a different one?
View 2 Replies View RelatedI currently terminate my L2L VPN sessions on the "OUTSIDE" interface via the actual IP address assigned to that interface. Can I assign the OUTSIDE interface a second address (VIP, Logical, Virtual etc.) and then terminate my L2L VPN sessions on that second address?
View 3 Replies View RelatedI have purchased two catalyst 3560 switches (with 24 interfaces) on Ebay to prepare for ccnp switch exam. It would be great if I have 4 switches. Is it any possibillity to create two logical switches from one? I mean, not by assigning interfaces to different vlans?
View 1 Replies View RelatedI recently bought 2 SRP527W for customer and i am trying to install them. I have updated the firmware to the latest version.
Problem: It can detect BTs business ADSL but the Logical Link is not picking up. I have checked and rechecked the setting with BT but no joy. the original BT router works.
We have two logical connection which are connected via 1 physical Ethernet interface to 2 routers in central sites. Both connections are 2 Mb/s. How can i classify the output traffic in order to shape both direction to 2-2 Mb/s.
There are not suitable "match" command!!! ??The branch routers are 2650xm and 2811.
I am installing a connection between Brocade MLX and Cisco 4503 using SE and SVI's. Below is the config for each. Am I missing anything like MTU Ignore or something along that nature?
*** Cisco 4503 (v15.01) Config ***
VLAN 35
name EOC_Gi1/2
[Code].....
I have 2 devices which need to communicate through Logical Link Control. Each device functions like this: they have a built in network switch that allows their internal components to communicate with TCP/IP which is then encapsulated inside LLC frames and sent out a special port. The LLC frames from each device all come from a single source MAC address and are broadcast out the network. The receiving deivce receives the LLC frames, unencapsulates the data and uses it directly.
Using it this way through a single 2960 (such that device 1 is connected to fa0/2 and device 2 is connected to fa0/23) with its own dedicated VLAN and no other traffic on the switch (all other ports shutdown), the two devices are unable to "connect". Using a SPAN session, I can clearly see them exchanging LLC frames, but if I connect my computer to the internal device switch and try to ping the other device through the LLC encapsulated link, I get anywhere from a 25% to 100% loss with response times between 2ms and 15ms.
When I connect the special ports of each device together directly with a straight through cat-5e cable, they can connect and I can successfully ping through the link with sub-millisecond response times. The same goes if I connect them through an old unmanaged Linksys switch. I have toggled everything on the 2960 I can think of, including STP, CDP, LLDP, storm control, keepalives, IGMP snooping, management interface VLAN1, and QoS. In general, the more of those that I turned off, the faster the ping responses became, but nothing seems to stop the data loss.
I was wondering if I can stack WS-C3750E-48TD with WS-C3750G-12S together to created a single logical switch.
View 3 Replies View RelatedI am interesting how ASA 5585-X with SSP-60 operates in dual firewall mode, if I install two SSP-60 modules in chassi, do I get one logical firewall with doubled performance of (SSP-60) ?
View 1 Replies View RelatedI have installed DCNM 6.2(1) on red hat 5.5 64bit and installed 4 evaluation (advanced) licenses on dcnm server:
DCNM-LAN-N3K-K9-EVAL
DCNM-LAN-N5K-K9-EVAL
DCNM-SAN-N5K-K9-EVAL
DCNM-SAN-M91-K9-EVAL
Licenses are activated on a total of 31 devices (nexus 5000 and 3000 series), data is being monitored, graphics are drawn. However under the Web user interface of DCNM, under Health, Virtual Port Channels (vPC) no data is shown. Performance, vPC is also empty. No vPC errors/notifications are displayed. The installed advanced-eval licenses should support all the bells and whistles (including vPC), but still- no monitoring is done about vPC-s. vPC-s are up and active. network is discovered and monitored via snmp v2c only. could this be limiting vPC discovery- needing snmpv3/ssh access?
is there a way in LMS 4.0 to generate a notification when a VPN tunnel drops on an ASA 5500?
View 1 Replies View RelatedWe are running LMS 3.2 with IPM 4.2 installed....and we are looking to do IPSLA monitoring on a couple of our Cisco ASR's with IOS-XE code installed.
I looked at the IPSLA feature mapping and it only talks about supported IOS code....do we need to upgrade our current IPM module to a current version?
if there is a MIB for monitoring temperature on a Cisco 800?
View 2 Replies View RelatedI have a question regarding netflow and NAT. I have read some documentation (on ASR1000) regarding monitoring NAT process on Cisco ASR1000 that can be done using netflow version 9 (the term was called netflow event logging a.k.a NEL). The problem is, I have not found the netflow collector that can do that. I have queried several software such as manage engine "Netflow Analyzer" and Lancope, but they said their software can not do that.
View 11 Replies View RelatedI am trying to setup VPN monitoring for a srp527w Cisco.This is my first attempt at this so "easy to understand" instructions would be a great, i have done some searching and its difficult to decipher relevant and irrelevant information based on my limited exposure to this technology.
View 1 Replies View RelatedVPN Tunnels Monitoring on ASA5510 with IOS 7.0 (Monitoring through Nagios Server).I want to use Nagios to monitor each of the S2S Tunnels built on ASA 5510. I can use the icmp on Nagios by adding Nagios host in IPSEC network of each tunnel but in that case the change needs to be done at other end of Tunnel as well.
View 2 Replies View RelatedI am proposing the Cisco Prime LMS 4.1 (i.e LMS-4.1-500-K9); Do I need to add the HUM license for monitoring or does that come inbuilt?
View 1 Replies View RelatedWe have around 20 VPN tunnel via Cisco Router 2821 (Intranet) and around 30 VPN tunnel via Cisco ASA (Internet) with 3rd Parties/Vendors.I wanna know if there is any monitoring tools from Cisco or any others providers who can give me information/trend report about VPN tunnel Up/Down time, Volumns of Traffic, Protocols etc.
View 2 Replies View RelatedIs there a way I can generate bandwidth reports on Cisco PIX 535 ?
View 1 Replies View Relatedwe are looking forward to monitoring the cpu, environment variables and the memory of a wireless lan controller via snmp. but we are not able to find in the mibs the right oid to manage this.can the exact oid be given in order to monitor these three elements on a cisco WLC 5500 series.
View 1 Replies View RelatedOn the ASA5520 we would like to create a report that gives us trending over 6 monthes for the amount of people logged in via the SSL VPN and for how long. Is there a way to do this on the ASA5520? Does it have this ability? Could I do this in SolarWinds? My boss mentioned a software package that Cisco has that will show a history - is this correct?
View 1 Replies View RelatedHow to configure SLA monitoring in 3560 switch. I have 2 DSL links terminating in switch and want to do WAN failover. I know how to do in ASA and router. I found IP SLA and track commands on switch but don't know exactly how to use them.
View 2 Replies View RelatedHave a problem coming my way with regards monitoring 3g data usage on an 887 router. The router will carry two links - x1 primary over the serial port and x1 secondary failover link utilizing 3g.
The 3g sim has an allowance of 1Gb per month (traffic has been baselined and this seems sufficient - not by me though).I have a requirement to monitor the 3g link and trigger an alert at say the 60% mark (600Mb). Whatever mechanism is used to count the data also has to reset to 0 at the beginning of every month as data stats will be included in monthly reports.
Second conundrum, I also have to somehow split out the data usage stats to show my customers usage as well as my own. My own being management traffic (mainly snmp and icmp) and present this in the monthly report.
#1 - Does the 887 have some form of 3g accounting capability either via gui or cli that can fulfil my requirements above?
#2 - With splitting the data usage stats, could this be achieved using netflow and if it was possible, could i only have my flows sent down the Primary link (obviously only when it is active) and if the box fails to 3g have netflow just count the data until the Primary kicks in again.If no built in features can give me what i want i my go down the eem scripting route burt this is a last resort.
On LMS 3.2 there was a way to disable the monitoring of Device Interfaces.Examples are ISDN30 Channels, which go up and down during calls. I could disable the channel monitor on the relevant device and only monitor the Circuit as this is the main device to monitor.I can not find the same option in 4.2.2
View 2 Replies View Relatedhow to configure ip sla monitoring on asa ver 7.0 (6) ?
View 4 Replies View RelatedHow to confirm the PAT limit on the ACE-20s. I initially read it as 1 million (the NAT limit), however I have since read that for PAT, its 4 million as it uses the connection record information and not xlate.
I've always wondered why the xlate line under 'show resource usage' is zero. If PAT does use the connection record then this would explain why, however its confusing as when running a 'show xlate' command you do see all the current PAT entries.
LMS is not reporting on all of my interfaces, utilization in particular. As an example, I have 1 location that is connected via DMVPN tunnels, when I run a utilization report, it only comes back with information for 1 interface, a random interface, port FA 1/7 on the switch module. If it was all of the switchports it might make more sense.
In DFM device detail the interfaces are being managed.
In the Link Utilization Poller, only 1 interface is listed (FA 1/7).
We're currently running on ACS 5.2.0.26.9 with 2 appliances (one primary and one secondary).Today, I wanted to get some reports from the Monitoring and Reports tool. At beginning, it seemed impossible to generate them. Later, I decided to reload first primary and then secondary. As soon as I've done it, I got an email alert telling me that it failed parsing NAD.
Cisco Secure ACS - Alarm Notification
Severity: Critical
Alarm Name
System Alarm [Collector]
Cause/Trigger
[code]....
I don't really find where I can find the Collector log...Anyway now when I generate a 30 days report, I only get data up to 23.03.2012. Nothing recent !