I downloaded a new image to my ASA 5510 and found out up on reboot that the ASA doesn't have enough memory so I am booting to the "ciscoasa" prompt with no config. I still have my old image in disk0:. How do I roll back to this old image?
View 1 RepliesWe purchased a Dlink 655 for its secure spot features only to very disappointedly discover that feature discontinued. All we needed was a subset of SecureSpot's features.
* Log URL's as issued from selected machines on our LAN.
That is we wanted to see what websites the kids were accessing.
We have spent hours trying to get wallwatcher to work and that is not the solution we are really looking for. We want to the router to have an easy to read URL history, such as we saw online before we bought the DLink 655.
* Does DLINK have any product like this with this URL monitoring feature built in?
I had a working active/passive pair of ASA5510's, and then I had to do a rush firmware upgrade, but didn't have time to do it on the secondary at the same time. Now I have made config changes and upgraded the secondary firmware to be the same, and wish to know if I plug it back in if it will think the secondary has the "correct" config or if it will know that the primary is newer. I disconnected the failover cable because it was complaining about version mismatches constantly.
Is it safe to add the secondary back in or is it possible it will be declared newer and overwrite the config?
I am setting up a network that will use the 1941 router with a cellular card (HWIC) to connect to the Internet for communication with remote stations in the field. The 1941 has a static IP address (166.142.xxx.yyy) on the Internet provided by the ISP (Verizon). The 1941 is connected via ethernet to the ASA5510. The end goal is to have the field cell routers (Digi Transport WR-44-R, also static IP) connect to the ASA5510 via VPN tunnels for communication back to the servers behind the firewall. I'm not sure exactly how to configure the 1941 so that the remote router can connect to the ASA using the public IP of the 1941 router. I have the 1941 working stand alone and can connect to the Internet and pass traffic, but I tried a static NAT to translate the public IP to the private IP of the ASA and cannot pass traffic. below is part of the 1941 configuration: [code]
Do I need to use VLAN bridging to accomplish the task or am I missing something with the NAT?
I have an ASA 5510, one public IP address on my outside interface, an internal email server and a private network.I would like...
1: Users on my private network to be able to access the internet (PAT them to external outside address)
2: Email to be delivered to my MX (my single public IP address translated back to my internal email server.
i.e. can I share my single public IP address to serve translation in both directions (private users surfing the Internet (in-to-out) and an outside to inside NAT for email) ?
Email (MX) = 1.2.3.4
Public (outside) address = 1.2.3.4
Email server internal = 10.1.2.3
Internal private subnet for users = 10.0.0.0/8
I'm have upgraded our ASA5510's from 7.0.8 to 8.4.3 and now I just need to do the ASDM, but get this error? The bin file has been uploaded: [code] Device Manager image set, but not a valid image file disk0:/asdm-647.bin.
View 3 Replies View RelatedI'm facing the problem that I can't install an CSD Image on the asa. Got the error:
[OK] webvpn
webvpn
[ERROR] csd image disk0:/csd_3.6.181-k9.pkg
The disk is (or was) full during extraction.
ASA 5510 has 256MB RAM, 1024MB Flash, ASA Version 8.2(5)41, ASDM 7.1(3)
I need to roll out a Bluecoat as a WCCP for a ASA 5520.
View 3 Replies View RelatedI have read that the 3750-X supports upgrading with minimal traffic lost with RSU feature, on the configuration guide the scnario is with the end user connected to the 3750-X stack with LACP and the uplinks to the network running STP, one uplink is forwarding and the other is blocked. I have the same scenario but for the network uplink i also have LACP. When i tried to configured the RU stanby one of the uplink LACP the switch gives an error.
----------------------------- 1-Stck-3750-X ----------------------------
LACP-HOST LACP- Network Uplinks
----------------------------- 2-Stck-3750-X ----------------------------
I have a Cisco 8510msr that is connected back to back with a 7206vxr across a 155Meg connection.I receive lots of Output drops on the 7206vxr interface facing the atm switch. When I do the following command:-
kwdair9#sh atm int atm 1/0Interface ATM1/0:AAL enabled: AAL5 , Maximum VCs: 4096, Current VCCs: 27 Maximum Transmit Channels: 0Max. Datagram Size: 4528PLIM Type: SONET - 155000Kbps, TX clocking: LINECell-payload scrambling: ONsts-stream scrambling: ON797522 input, 881483 output, 203946630 IN fast, 223768062 OUT fast, 0 out dropVBR-NRT : 110288 Avail bw = 44712 <====
I only have 44megConfig. is ACTIVEkwdair9# I only get 44Meg of the available 155Meg.There is no QOS on the router and the only commands I can find that vaguely see that refer to QOS are on the ATM switch:-
atm address 47.0091.8100.0000.0007.0d87.b201.0007.0d87.b201.00atm router pnnino aesa embedded-number left-justifiednode 1 level 56 lowest redistribute atm-static?why this is acting like a DS3 link and not a 155Meg link?
What cable I need to connect two 2951 back to back through a HWIC-4T1/E1 card ?
View 1 Replies View RelatedI have two site that has a copper wire ( 2 wire) connection between each router ( No Telco in between ). Now I want to use 1921 router with HWIC-4SHDSL-E card to connect these two site together. Can I use attach configuration to make the connection reference from the diagram ?
View 1 Replies View RelatedI have 2650XM router and 2620 Router Both routers have built in WIC T1 CSU/DSU cards
2620Router --
2620Router#sh int se0/0
Serial0/0 is down, line protocol is down
Hardware is PQUICC with Fractional T1 CSU/DSU
Description: DTE side
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
[code]....
My question is that cisco website says there are two type of cable connections for this type of config --which are --T1 CSU/DSU ConfigurationSet one CSU/DSU to clock source internal, and the other CSU/DSU to clock source line. The linecode, framing, data-coding, and timeslots must be set the same on both CSU/DSUs.Four-Wire 56k CSU/DSU Configuration For my network connection which type of config i should use??Secondly i try to connect these ports by normal crossover cable it did not work.So for this type of connection i know i need T1 cross over cable-- which has RJ 48 connections at both sides.I check cable from ebay which is RJ45 RJ48 cross over -- will this cable work in my router to router connection.
I have 1 2611xm router and 1 2801 router. For my own lab purpose, i want to configure them back to back to support voice services. I don't know what configuration will be required at each end. in 2611xm, i have NM-2V and its also detecting the card, so i hope it will work ? also what commands i need to run on both ends .
View 1 Replies View RelatedI would like configure two router (e.g. 1921) back to back via a 2 pin copper wire. Can I use HWIC-4SHDSL-E card to do it? What is the configuration I can use?
View 7 Replies View RelatedI have two site that has a copper wire (2 wire) connection between each router ( No Telco in between )Now I want to use 1921 router with HWIC-4SH DSL-E card to connect these two ste together.Can I use attach configuration to make the connection reference from the diagram?
View 2 Replies View RelatedJust to get this clear as having issues with a E1 link with CRC's at one.Router A,Network-Clock-Participate WIC 1,Should router B have clock participate for WIC 1? We currently have controllers set as UNFRAMED but guess we can set to NO-CRC4 both ends and telco will pass this.
View 1 Replies View RelatedI'm looking for instructions on how to setup and connect two RV082 routers together with a crossover cable between their WAN ports. This is to connect two separate LANS together via an ethernet connection. For staging we are setting everything up with a crossover cable in our shop. Ultimately the crossover cable will be replaced by a microwave link between the two LANS several miles apart. There will be no internet connection.
View 7 Replies View Relatedsecuring a back-toback connection using E1.The connection is between two cities, using 2x CISCO 1841 router + VWIC-1MFT-E1 interface at each city.
The E1 connections has been provided by our local telco, and they are completely private. The customer is a bank, and they asking me if this is a secure connection or not. If possible, we need to guarantee that no body can get access to the bank network even if they brought E1 modem at one of the ends (telco PoP).
I searched a lot but couldnt find a clear document about connecting 2 G.SHDSL routers back to back.First of all I am not sure which type of cable (RJ11) is used for connecting two 878 routers. Does it have to be cross or straight cable.
Which RJ11 pairs will be connected each other [code]
According the configuration samples One router must be CPE and the other must be CO for simulating DSLAM.
I'm having some trouble getting two Cisco 888's to work correctly back to back.. The two routers will ultimately be used in conjunction with a BT EPS8 circuit which is effectively four wires short distance between customer sites. We have configured lots of these using the older Cisco 878's.
Anyway, as i've been struggling to get line sync on site I've gone back to basics and connected the two 888's back to back. However, I've found that no matter what I do I can only get the routers to sync at 384kbps!? And that's with a one meter RJ11-RJ11 cable.. Very strange. When we've used the 878's we get much more bandwidth. I have tried statically assigning the line rate at both ends but it still only works at 384kbps.
I have an 887, I'm having trouble wrapping my head around the ZBF. I would like to change it to the old style firewall, but using the CCP it says I must delete the ZBF policys first - fair enough, I deleted all the rules so the firewall looks blank, but it still doesn't want to let me change the firewall mode - saying I must remove all the policies first.
View 5 Replies View RelatedI have an old Pix(on ASA 8.0) having a lot VPNs with pre-share keys setup. And it has been too old to find out what those pre-share keys are on any documents. Now I need to replace this PIX with a new ASA. My question is how can I find out those pre-share keys, so I can setup same VPNs on the new firewall and make it plug-and-play. Any way I can export then import those VPN pre-share keys from the old PIX to the new ASA? Or export and import whole configuration, but hardware are different.
How can I setup same VPN pre-share keys as the that of the old Pix on the new ASA?
i have an ASA 5510. it was running asa708-k8.bin and i have attempted to install asa821-k8.bin. i have done this on many ASAs before effortlessly.this time i have had an issue. the ASA will not load the new image, and for some reason will not even load the old.the ASA seems to just keep crashing. i have erased disk0 (advised in forum): and attempted to load the image from tftp. please see below. i know i need to re-formaet the flash, but cannot get into the ASA at all to complete this. [code]
View 2 Replies View RelatedI got a PIX 501 off ebay and im trying to upgrade it to have an ASDM image on it.Ive downloaded every copy of the ASDM image i can get my hands on, and when i transfer it to the PIX when its up and running i get out of memory, If i do it through monitor mode, i get the error "bad magic number" no matter what i transfer to itI can transfer a new image to the PIX (a non asdm one through monitor mode.
View 3 Replies View RelatedI have a pix 515, time to time the firewall start rebooting with invalid flash error I found erasedisk.bin in internet, after that i cant load pix532.bin ios file and others pix***.bin are not workingThe only file i am able to load is pix508.bin it,s start asking me activatin number before install I have a previous activation number ios version 5.3.2 but this number is not correct.
View 1 Replies View RelatedI just bought a used PIX515e. It is running version 8.0(3) and ASDM 6.1.5 Because I do not know the history of the unit, how can I tell if the image used came from cisco and not some download site? I guess I should've thought about this before buying it but hindsight is...you know. Worse case is that the person who had it before me dl the software that was infected with a backdoor or something else. I don't have a service contract so I'm kinda stuck.
Can I download the image from the firewall flash and compare a MD5SUM?
We are now using image 8.0(4) for my ASA 5510. Later on, I would like to upgrade the image to 8.4(3).May I have to know what difference for those images, what should I take care of the script?
View 1 Replies View Related I upgraded my ASA 5520 with the latest image. Now I get an error upon launching ASDM.Your ASA image has a version number 7.2(4) which is not supported by ASDM 6.4(1), use Device Manager version 5.2(x)Continue Anyway?
What are the newest, recomended image versions of ASA and ASDM I should be using?I will also be using the SSM-20 module with this setup, so I would like to stay with a working version of ASDM.
I need to upgrade the fwsm image from 3.1(10) to 4.0(8). Can i do it directly from 3.1(10) to 4.0(8) ?Do i need to upgrade other image also along with Firewall version 4.0(8)?
[code]....
I have asa 5505 with security plus license, I configured dual ISP with two different ISP provider. I followed below cisco document to configure dual ISP [URL] The Configuration works during the testing, while removing the primary ISP cable from firewall. The problem i am facing is my primary ISP is down but the gateway is still up and it not switch over to backup ISP. For SLA which IP should i monitor so once my primary ISP is down it will fallback to Secondary.
View 5 Replies View RelatedI have a sending application that it is establishing a TCPIP socket connection to a vlient that has a receiving application on another server (completely separate networks) The receiving end has a Cisco Router 1605R and has allowed my connection using this firewall rule
access-list 101 permit tcp host xx.xxx.xx.xx any eq 5600 log
(where the x are actually numbers corresponding to the senders IP address)
I can establish an outbound connection to the receiver and the connection shows up on the machine. After the connection is established I can send data and it is received by the receiving application (I observed this using a socket test application, data actually gets through the firewall) However I need to send an acknowledgment back on the same session to the sender. This cannot be transmitted and shortly after I try sending the connection is closed with error 10060.
I have a pair of asa5520's in active/standby configuration. I plan on ugrading the asa/asdm images to 8.4 shortly (currently on 8.0) and would like to do this with zero downtime. Specifically, I would like to upload the new software to the standby unit, upgrade it, swap standby/active units and then upgrade what will become the standby after the swap.The problem I'm having is getting the new images uploaded onto the standby unit. I've read that the routing table is not shared from the primary and the USB ports are "for future use". I have no problem uploading the new images to the active unit via tftp...but can't do the same to the standby.
View 5 Replies View Related