I Have an asa 5510 running code 7.2 configured with ssl vpn,ssl vpn users able to connect to to portal which i have configured with the required resources,but the thing is that these ssl users unable to upload files to cifs shared directory , although they have full access to the shared folder
View 0 Replies
I am trying to figure out how to create an etherchannel with sub-interfaces on an asa 5520 running 8.4.1 code. It doesn't seem to allow me to configure any type of sub interface on the port-channel or anywhere else once I create it.
View 4 Replies View RelatedI am looking to upgrade a 5510 that is currently on code version 8.0(4) to code version 9.1. I know I will have to upgrade to 1gb ram, but can i just upgrade straight to version 9.1 or do I need to follow an upgrade path? This is a standalone device so I am planning on downtime.
View 8 Replies View RelatedI have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
[Code]......
I have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via eithier. When I access It via SSH I get a disclaimer saying the following
*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***
It then cuts me off.
When I try to access the ASDM I get the following
The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with
http 192.168.200.0 255.255.255.0 inside
I have CISCO 5510 firewall running with IOS ASA821-k8.bin.My company has purchased another ASA5510 with IOS ASA843-k8.bin.We need to run both firewalls in Active/Standby mode.
If I upgrade the IOS of old firewall to ASA843-k8.bin the the running configurations does not work properly.It does not pick the network objects and NAT rules as they are configured with OLD IOS and running.
Or if I restore the configurations of old firewall at New ASA the result is worst. Even firewall with new IOS does not show any Access Rule and NAT rule and does not supprt network objects.
We just changed over to Comcast Business and after changing the outside interface to new IP and setting static route. I have access to internet and everythig appears to be good, However asdm will never fully load, alway stuck at 17% or 77%, and I always see "parsing running config".
When I do a show run it will not fully load either, always stop at certain out put. 5 seconds after pulling the Comcast cable out both asdm and running config will load fine.
I configured one ASA 5510 firewall with CSC-SSM-10 in one of my customer location.
Here i want configure my firewall to send email alerts to particular mail ID, if anybody any access my network from outside( Like VPN users).
I am having trouble with our ASA5510. After upgrading the internal memory from 256 MB to 1 GB and upgrading the firmware to 8.4.2 we are experiencing that the ASA is running out of 1550 byte blocks. When that happens it is not possible to connect to the ASA by ADSM or SSH and new VPN IPSEC tunnels are not coming up. The only way I know how to fix this is to reload the ASA. This is happening every 2 to 3 days.
In the free blocks graph one can see that there is a loss of about 20 blocks per 10 minutes.
when u use the debug cryoto isakmp 127 on the asa 5510, in order to troubleshhot remote access vpn users,to which entry r u looking in the debug to see if the user enter wrong password?
View 1 Replies View RelatedHow to designate access-list for the remote access vpn users in order to let them access specific subnet or host,asa 5510 and acs is in the picture
View 9 Replies View RelatedWe have a ASA 5510 which was running 8.0.2, we recently upgraded it to 8.2.5 and since the upgrade remote users for exchange 2007 are not able to download any large email attachments(over or close to 1MB). This is only happening to Outlook anywhere users or OWA users who are connecting to the exchange server using https(443) externally. If the same users connects internally they do not face any issue. When i check the logs on ASA i am gettings lots of RESET-O and RESET-I entries. Looks like the connection between the client and the server gets reset.
View 14 Replies View RelatedHow many user accounts i can create to a Cisco ASA box? Say for example a Cisco ASA 5510 or Cisco ASA 5520?
View 5 Replies View RelatedI have allways configured and run LDAP Server Groups authenticating to Active Directory Domain Controllers using LDAP, never an issue, until I hit a Domain Controller running on a Windows Server 2008. I have been unable to authenticate with the common setting with an ASA5510 running 8.0.1.
View 4 Replies View RelatedI'm actually require authentication for users who are coming from the PublicVLAN (the vlan associated with the wireless hotspot) to authenticate themself to the LDAP server via my firewall ASA 5510
View 12 Replies View RelatedI am migrating over from and old PIX to an ASA 5510. After configuring the new device everything else is functional (Internet) but users are unable to pass traffic when connected through the vpn, they are able to authenticate and I see their session connected on the ASDM but no data is passed..[code]
View 4 Replies View RelatedI need to update code on my 5400 class HP Procurve's,We think we have ID'd that as what we want to move to, any large # of 5400 and 3500's out in the world on that code, or on another code because they ID'd this as bad
View 8 Replies View RelatedI have a new ASA 5510 running 8.3(1) and ASDM 6.4(5)
I am trying to use the real time log viewer to troubleshoot some access issues, but I am getting delays of up to 30 seconds or more between my client connecting to the ASA and the corresponding events showing in the RT Log viewer. I am using a simple filter for source IP as it's quite a busy device.
I've seen an article that says to turn off certain logging IDs (such as 304001 from memory) which I have done, but no different.
I have 2 4402 WLC running 7.x.x.x code. I also have some 1510 Mesh- L WAPs that require an old version of code. I need 4.1.192.22M for those. Is it possible to bring up a 3rd controller running this old code with the other 2 4402's running modern code? What will break? I know that anchoring and mobility might get messed up. What are the other caveats?
View 2 Replies View RelatedI have a new Dell laptop inspiron runningwindows7,I get a error message when I try to access folders on network computer, a classroom network.
View 6 Replies View RelatedI need to replace an existing ASA 5540 with a new ASA 5525X. I would like to pre-stage and configure the new box with the existing config, migrate license and export certificate files before swapping it with the old one during a change window. The new firewall will run 9.1 on deployment. Now the same 7.2(4) cannot just be copied over to 5525X running the minimum 8.6 version. There is a Web based tool available at [URL] according to Cisco documentation but the page does not load for me (Cisco intranet only tool ?). Is there another tool for automatic conversion ?
View 3 Replies View RelatedLooking for a recommended code on the ASA 5585x firewall. We ran into a bug (CSCtr24705) on version 8.4.2 where it rebooted the primary firewall. The bug has to do with modifying an existing ACL that's part of a custom policy-map inside a service-policy. If we upgrade to 8.4.5 (which has the previous bug fix in it), there is another major bug (CSCud70273) where if you use the packet-tracer input command on an inside interface it causes problems too.
I don't understand why packet-tracer input would have a bug associated with it when it's been around for a long time and we use it on a daily basis for troubleshooting. Is there stable code for the 5585x to upgrade to without running into possibly a major bug? This is our core firewall so there are no VPN tunnels on it. It's setup in active/standby failover in routed mode.
Client has a Cisco ASA 5510 with 4 L2L VPN's all using 5505's
The L2L connect to the "outside" interface as do the VPN Users (I'm leary of this
The VPN Users need access to the "inside" networks and all L2L subnets.
The VPN User has its own subnet (192.168.168.0/24( seperate from the Local LANs (172.16.0.0/16)
When the Users VPN in they can get to all the subnets connected to the inside interface but none of the L2L subnets
I have verified that the UserVPN Subnet is in the crypto acls and in the route statements of all L2L 5505s
we have a ASA 5510 firewall and i have created remote vpn user who connects the internal network via vpn any connect after connecting i want him to only access his internal PC via rdp and not access other internal website or shared folders without connecting to the RDP however now he can access the internal website wihtout connecting to RDP?
View 3 Replies View RelatedI need a way to block MAC OS X users connecting remotely to our coporate users over VPN. I know there is an option to block connections based on VPN client Version, but cant find a way to block users based on operating system.
We use Cisco ASA 5510 firewals one with v8.2(1) and other with v7.2(3). I need to do on both firewalls. They are both at diffrent sites.
can i have 2 pools each with diifferent subnet [code] i wanna put restricution on remote vpn users having address from pool-2,and just give them access to 172.16.10.0/24,is it possible on the asa 5510?
View 7 Replies View RelatedI have an ASA 5510 with IOS 8.4. I want that only authenticated active directory users can pass the firewall.
View 3 Replies View RelatedI know that our VPN users currently use Active Directory to authenticate their VPN sessions, so now I'm wondering if there is an easy way to configure my company's Cisco ASA 5510 to use either a Windows Server 2008 R2 Active Directory group (preferred method) or specific Active Directory users (less preferred) and authenticate them for management access (privilege level 15) using their Active Directory credentials. I do not want this to change the IP range used for ASDM/HTTPS/Telnet/SSH access (currently all local networks, no VPN), as those are settings that my company does not want changed.
View 5 Replies View RelatedI have Users Connected via IPSec vpn using asa 5510 to my enterprise network,but i have seen that the user stay connected while he sleeping , now i need to tear down the tunnel if the inactivity is 15 mts,i mean if the user idle for 15 mts with any thing automatically disconnect him after 10 15 mts
View 5 Replies View RelatedI have been searching through the cisco docs for a while and i just cant seem to find this info. Can I run aironet 1600's with my wism running 7.0.116? Also, could I run my 1130 series ap's with a wism2? Basically, what is the minimum code level for a lightweight 1600, and what is the maximum code level for a lightweight 1130?
View 3 Replies View RelatedHow to Enable IP Accounting in Cre switch 4000 Running cat OS and Cisc ASA 5510 (8.2 )
View 1 Replies View RelatedI have a weird problem which I have already submitted a TAC ticket about. When users authenticate through AnyConnect into our HQ ASA 5510 they grab an address from 172.16.254.x. What we have been noticing intermittently is that when logged into our network through the client they are unable to access their resources at one of our remote offices which is connected over l2l to the HQ ASA. This problem just started randomly a week ago and we have been working with Cisco trying to create a solution.
My quick fix is logging into a device at the remote office which is trying to be accessed and pinging the gateway of the virtual subnet for AnyConnect users. When I ping 172.16.254.1 it goes through after a few dropped icmp packets and then the issue is resolved for about 8 hours or so.
how to disable XAuth for Remote VPN users on the ASA 5510 running 7.2(1)?
HPMFIRE(config)# tunnel-group vpn3000 general-attributes
HPMFIRE(config-tunnel-general)# authen
HPMFIRE(config-tunnel-general)# authentication-server-group none
ERROR: The authentication-server-group none command has been deprecated.
The isakmp command in the ipsec-attributes should be used instead.
--[code]....
I couldn't find anything under isakmp to disable it.
