Cisco :: ASA5585-40 Not Supported In LMS 3.2 System
Nov 20, 2011
we just purchased 2 asa 5585-40's and tried to add them to our lms 3.2 system and we were informed by cisco tac that they were not supported in lms 3.2. since we don't having funding for an upgrade, any work around within lms that could allow me to add the devices so i can use lms for syslog and to fetch the firewall configs on a regular basis, instead of having to setup a seperate syslog server and having to tftp the config's everytime i make a change.
View 3 Replies
ADVERTISEMENT
Jun 29, 2011
Running ASA5585’s in active/standby across a local campus MPLS network. Supported design, leading practice etc. Specifically our design is that two ASA5585 are configured as active/standby through a local campus MPLS network over 10gig links through ASR9k etc. The ASA’s are providing inter-vrf routing capability only with p2p l2vpn circuits configured for each logical interface between the ASA over MPLS etc.The failover link is via a direct fibre and the state link will be through a p2p l2vpn (option for direct fibre also)Is this a supported design to begin with?
View 2 Replies
View Related
Oct 17, 2011
i have acer travelmate2350. i want to use internet in my laptop by wireless but i am getting a message "no supported wireless adapters available in the system" on the icon of wireless (red cross is also showing).
View 1 Replies
View Related
Sep 12, 2012
Im trying to install the e2500 router on my sisters macbook, but it says it is an "unsupported operating system". She has operating system 10.8.1. Why am i not able to install It?
View 1 Replies
View Related
May 6, 2013
user from home PC via Anyconnect making RDP session to work PC, on this PC Microsoft policy allow making disk mappind via RDP. Is that posible to inspect this traffic and deny this(disk mapping) action on ASA5585-X with IPS?
View 1 Replies
View Related
May 17, 2012
I have put 2 physicl interfaces (te0/8 & 9) on the ASA-5585 into a PO and am assigning ips/vlans to the sub-interfaces. I have 2 issues: - Why am I not able to ping the other sub-interface from the ASA itself? (I can ping the 1st one), Secondly, why the IPs are not visible in "sh int ip brief" ?Although I can see them in "sh ip" ..
/actNoFailover(config-if)# int po17.100
/actNoFailover(config-subif)# vlan 100
/actNoFailover(config-subif)# ip add
[Code]....
View 2 Replies
View Related
Mar 12, 2013
I've read through netpro and found everyone points to this doc.
[url]....
However that still doesnt allow traceroute through for us. We still see syslogs with deny's on high level random UDP ports to different Internet destinations.
[code]....
View 2 Replies
View Related
Oct 17, 2012
I got some issues with my CISCO ASA, the thing is that when I add a new rule on the device this rule duplicate and goes to the bottom. We already tried to delete the duplicate rule but it always show an error.
-Model 5585
-ASA Version: 8.2(5)
-ASDM version: 6.4(5)
View 5 Replies
View Related
Jun 7, 2011
We saw this syslog on ASA5585 with version 8.4(1). I have two HA firewall pairs (contains 4 ASA5585, active/standby), and I saw this message on the standby ones.
Jun 7 07:36:26 10.99.96.32 last message repeated 4 times
Jun 7 07:36:26 10.99.96.32 :Jun 07 07:36:26 HKST: %ASA-ha-3-210005: LU allocate connection failed
[Code]....
View 4 Replies
View Related
Jul 6, 2012
I have ASA5585 Firewall between my WAN Cloud and LAN Network. I plan to configure Layer 3 Vlan Interfaces inside FW and it would be Layer 3 gateway for some of Subnets. Layer 3 VLAN Interfaces are planned to be dual stack containing both IPv4 and IPv6 Address stack.
I plan to configure 6 to 4 Tunnel with my Hub Site where we have native Ipv6 awareness. One tunnel end point would be ASA and the other endpoint would be Hub site WAN Router/L3 Switch. So IPv6 traffic hitting to vlan interfaces on ASA would be policy checked and routed over tunnel interface to Hub Site.
6to4 Tunnel manual tunnel configuration on ASA. I have configured such tunnel on L3 Switch or Router with following config.
Int tunnel xyz
ipv6 address <ipv6 address>
ipv6 enable
tunnel source <loopback address of my L3 Switch>
tunnel destination <loopback address of my hus site L3 Switch/Router>
tunnel mode ipv6ip
end
I need to implement something similar in ASA. How can I do that?
View 2 Replies
View Related
Apr 25, 2013
How do i measure the total throughput going via 5585-X.It has the firewall througput of 5Gbps. Looking at aggregate of all the interfaces traffic going through it seems about 4gbps is going through.
I use show traffic command and add up the trasmit and receive traffic on each live interface.Is that correct method and are there any more commands?
View 1 Replies
View Related
Aug 18, 2011
use of a pair of ASA 5585's in active/active mode with a shared outside interface.Last time I did this was with FWSM, there was a restriction where all contexts that share an outside interface have to be in the same failover group.Does this apply also to the ASA? My thought is that it will, but I am unable to find that in any documentation.
View 1 Replies
View Related
Oct 24, 2012
We're currently PATing everything from a particular subnet to the IP of an outside interface using our ASA5585 (dynamic PAT). We're experiencing pool exhaustion and therefore need to expand the global IP range. Any way of cutting over to the new range without dropping existing connections? For clarity, the current interface address is x.x.x.37/22 and the new PAT pool is x.x.x.114-6/22.
View 6 Replies
View Related
Dec 9, 2012
I have a ASA5585 running 8.4 that is redirecting Internet http to a websense server via GRE.The integration is working fine, except when a user PC sends a large packet (~1500 bytes).With WCCP/GRE headers, the user packet is too large to be transmitted to websense, so the ASA fragments the packet in two and transmits both to websense.
A sniffer trace confirms that both fragments reach the websense server, but the TCP packet is never acknowledged.User-side TCP retransmits the large packet three times over 15 seconds, and eventually retransmits fine with smaller packets. The 15 second delay is of course not acceptable.Users and Websense server are both on the Inside interface.
We are considering imposing browser proxy to websense (which works fine), but would prefer not, considering the increasing diversity of devices.
View 4 Replies
View Related
Oct 19, 2011
We are experiencing intermittent issues with the IPS on our ASA5585 vs 8.4(2). Probably something with the dataplane. So I want to keep debug cplane 255 activated and logged with log debug-trace setting to syslog server. But when session times out the debug command is cleared so the output stops. Since it is a intermittent issue I want to keep debug activated...Totally different behaviour then with routers which keeps it activated. how to keep debug activated on a ASA.
View 1 Replies
View Related
Aug 14, 2011
I have two ASA in failover with Active/standby configuration. When I switch from standby to active from the standby ASA I get a lot (like 100) of error messages like these below: [code] The failover works fine and nothing seems to be wrong with the firewalls function.
-Hardware is ASA5585-SSP-10.
-Software version: ASA 8.2(5),
ASA is in multiple mode with 17 active context. Why these error messages appear and what they mean?
View 2 Replies
View Related
Jun 9, 2012
We have pair of ASA5585 (ver 8.4(4) with IPS module configured with Active/Standby failover. There are total 09 interfaces are connecting to different zones in the firewall and out of which three(3) interfaces are connecting to Palo Alto 2nd layer firewall. When we test the failover whatever interfaces not connecting Palo Alto failed or shutdown, ASA triggers the failover to other unit, however the Palo Alto is not detecting this failover and it still keeps its previous Active Palo Alto to pass traffic, thereby failing passing traffic on Active firewall through Standby Palo Alto firewall.
But when there's a interface failed or shutdonw on the interfaces where PaloAlto also connected, then once the ASA failover triggers and the same time Palo Alto also trigger its failover then both new active firewall and Palo Alto sending traffic through firewall.However we we cant all the interfaces of ASA also to connect Palo Alto and let the Palo Alto to inspect all the interfaces, but we need our ASA to work in a situation where any of the interfaces failed, the failover to work smooth the pass the traffic via either Palo Alto device.I just need to know is there anything tricky that we can configure on our ASA in this failover senario, or to confirm if there's no any workable solution to this situation.
I have attached the senario that I explained above. Just to emphasis the issue again, if any interface of Gig0/0, Gig0/4 or Gig0/5 failed on active firewall, ASA switching to standby firewall and act as Active, but Palo Alto still remains his Active state and the new Active ASA is not passing traffic via standby PA as its not detecting any of its interfaces as failed or unreachable..?
View 1 Replies
View Related
Jun 1, 2012
WE have to deploy ASA5585 in between User vlans & server vlans. we have to find all the ports that needs to be opened on firewall. any tools to do same.
View 2 Replies
View Related
Dec 19, 2011
I am interesting how ASA 5585-X with SSP-60 operates in dual firewall mode, if I install two SSP-60 modules in chassi, do I get one logical firewall with doubled performance of (SSP-60) ?
View 1 Replies
View Related
Dec 27, 2011
its possible to set up active/active failover using etherchannel on 5585s?
View 1 Replies
View Related
Jan 22, 2012
I am responding to a tender where the client is asking for the firewall to support an onboard disk drive for logging purposes, which is a minimum of 500 GB in size.
The other requirements all point towards the top of the range ASA 5585-X Chas w/SSP60,IPS SSP60,12GE, 8 SFP+,2 AC,3DES/AES.
I note the 5585 when configured on DCT comes with HDD blanking plates, is there an HDD supported on this?
View 1 Replies
View Related
Apr 10, 2013
If the "GLC-SX-MM" is offical supported on "SPA-5X1GE-V2" ?My customer tested it and it seems to work but now i need an offical statement In the data sheet there is no entry of the requested SFP. url...
View 3 Replies
View Related
Feb 22, 2011
I have a Cisco 7206VXR with NPE-400. The IOS version is 12.4(24)T3. I installed a SA-VAM in the router in slot 6 but getting the following on the console.
AP-Pune-RT#Feb 23 11:16:34.484: %PA-3-NOTSUPPORTED: PA in slot6 (Unknown (type 650)) is not supported on this chassisFeb 23 11:16:34.484: %PA-3-DEACTIVATED: port adapter in bay [6] powered off.Feb 23 11:16:34.584: %PA-2-PABRIDGE: Failed to config bridge for PA 6Feb 23 11:16:35.384: %PA-4-IMPROPER_REMOVAL: Improper removal for slot 6.Feb 23 11:16:35.384: %PA-3-DEACTIVATED: port adapter in bay [6] powered off.Feb 23 11:16:35.468: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed connection id=975, sequence number=677864
Is the SA-VAM not supported in the Router 7206VXR?
View 3 Replies
View Related
Oct 9, 2012
I have an issue with Cisco 3560V2-24-PS which it indicates not supported in DFM. I can see the device working properly when I do snmpwalk and snmv3 test and device credential test. In fact I can see chassis view of this device.
IP Address = 10.10.1.60
DNS Name = DISTRI_SW02
Device Status = Unknown
Device Type = N/A
Aliases = N/A
Containments = N/A
But in LMS 3.2 supported device it indicates as supported. Current version of the switch is 12.2(58)SE2 which is higher than the minimum requirement 12.2(50)SE1. I tried to downgrade/upgrade IOS and still no luck.
As per information in the creent DFM (see below), it is supposedly supported 59.1.3.6.1.4.1.9.1.1023Cisco Catalyst 3750V2-24PS SwitchDFMDeviceUpdates19.0 Below is the current version of the LMS modules;
Products Installed Showing 1-9 of 9 records Product Name Version With Patch Level Installed Date 1.Campus Manager5.2.110 Oct 2012, 13:11:57 GMT+08:002.CiscoView6.1.910 Oct 2012, 11:27:52 GMT+08:003.CiscoWorks Assistant1.2.010 Oct 2012, 11:27:52 GMT+08:004.CiscoWorks Common Services3.3.010 Oct 2012, 11:27:52 GMT+08:005.Device Fault Manager3.2.010 Oct 2012, 11:27:52 GMT+08:006.Integration Utility1.9.010 Oct 2012, 11:27:53 GMT+08:007.Internetwork Performance Monitor4.2.010 Oct 2012, 11:27:53 GMT+08:008.LMS Portal1.2.010 Oct 2012, 11:27:53 GMT+08:009.Resource Manager Essentials4.3.110 Oct 2012, 13:17:50 GMT+08:00
Also my current device update.Showing 1-9 of 9 records Product Name Device Type Count 1.Campus Manager02.CiscoWorks Common Services03.CiscoView7614.CiscoWorks Assistant05.Device Fault Manager9366.Internetwork Performance Monitor07.LMS Portal08.Integration Utility09.Resource Manager Essentials812 I already downloaded all the patches online and all device updates were also updated.
View 2 Replies
View Related
Jul 14, 2011
There is support of devices not manufactured by cisco?For example satellite modems.
View 1 Replies
View Related
May 2, 2011
Which is the most stable, less processor intensive and VPN supported IOS for 2611xm. Currently I am using 12.4(15)T7 C2600-ADVENTERPRISEK9-M. But this image is causing lot crashes. My router uptime never crossed 4 hrs. It is crashing very frequently. Any issue with this image in 2611."
View 2 Replies
View Related
Jun 19, 2012
After upgrading to 7.2 on my 5508 WCS, the 1310 APs will no longer join. After a call to TAC they said the 1300 and 1400 APs are no longer supported on WCS. Is there any plan to add them back as supported in future releases?I was thinking I could downgrade my backup 5508 and change the APs to autonomous. Or is there some easier way to make them autonomous?
Also, as a low cost outdoor AP, I guess I am reduced to putting 1262s in a NEMA box with outdoor antennas. The 1552s are way too expensive for the quantity I need. Is there some other inexpensive outdoor AP that will replace 1300-1400 series?
View 6 Replies
View Related
Oct 11, 2011
Recently I purchased AIR-WLC2112-K9, but when I logged in I saw that system shows only 6 APs supported (I made print screen in addition). I'm running IOS v. 7.0.116.0 and I saw that there was some problems with earlier versions of IOS, but not this one.
View 5 Replies
View Related
May 15, 2011
Service policy output command is not supporting on Vlan interface of Cisco 2900 Router.I am having one HWic 4ESW Card and configured VLAN interface. But Service policy output command is not supporting.Same config is supporting in the Cisco 2800 Router.
View 13 Replies
View Related
Dec 6, 2011
I have a pair of physical ASR 1002 routers, called ASR-1 and ASR-2. I setup HSRP on both ASR-1 and ASR-2 on both g0/0/0 and g0/0/1 interfaces, nothing complicated, just straight forward HSRP.
Now Cisco TAC told me that HSRP is NOT supported between physical ASR routers. WTF!
Furthermore, they told me that HSRP only supported within a single ASR because of multiple routed processors. In other words, you can setup HSRP with a single physical ASR but not with two physical ASR routers.
HSRP can not supported with two physical ASR routers?
View 8 Replies
View Related
Aug 22, 2012
latest supported version of IOS for the Cisco 2811?
View 3 Replies
View Related
Oct 11, 2011
I have checked on Cisco.com and as per a module support document for ISR's G2, the NM-1CE1TI-PRI module is not supported on new ISR's.
Grateful if more clarification could be obtained about the above.
Will be router not detect the module when inserted in the chassis?
View 2 Replies
View Related
Sep 9, 2011
My problem with ASR 1006 as i tried to use the feature IRB ( integrated routing and bridging ) but i find that this feature is not supported i assume it may be a problem with IOS version or may be i made he configuration not in the proper way
so i am asking to try this feature on ASR 1000 series and work with it as I test this feature on other routers and it work just fine.
View 1 Replies
View Related
