Cisco Firewall :: 5520 ASDM 6.4 And ASA Not Showing Logs
Feb 27, 2011
We’ve got lot of ASA appliances (around 30, 5505/5510/5520) and we never had this problem since the use of the new image software ASA 8.4(1) and ASDM 6.4(1). So, my problem is located on two ASA 5520 with active/passive failover with ASA image 8.4(1) and ASDM image 6.4(1).
My problem is that our appliance doesn’t show any logs when an ACL deny a packet, even if when I specify a specific “deny ACL” with a specific logging condition, asdm and ssh buffer logging are empty but the counters of the ACL increment.
View 6 Replies
ADVERTISEMENT
Apr 26, 2011
nat global entry not showing up in ASDM but it does via CLI see blow, it's a policy NAT.
nat (inside) 5 access-list inside_nat_outbound_4
global (outside) 5 ************-OUTSIDE netmask 255.0.0.0
Global 5 doesnt show in ASDM 6.1 (5) the globals only go up to 3
View 1 Replies
View Related
Apr 30, 2013
I've configured a couple of ACL rules via CLI in my ASA. When i checked in the ASDM, it only shows the basic rules that was configured by default and did not show the rules that i've created.
View 6 Replies
View Related
Oct 17, 2012
I have an issue on an ASA 5510 that I have noticed today, when I am using the log viewer all of the information recorded only shows the high end source and destination ports. For example
Source IP 10.10.4.69
Source Port 59886
Destination IP 8.8.8.8
Destination Port 59866
So what seems to be happening is that I am seeing only half of the connection in the log viewer, I see the side with the high end ports and not the side with the ports the application uses, this example was done with a ping. All my services are working correctly and the client sending the ping gets the response expected, it just seems I have lost the logging display?
View 4 Replies
View Related
Jul 11, 2011
I have a newish instance of 5520 running. I am seeing some odd logging issues in that the logs are significantly delayed showing up in the real time viewer. I'll try to connect, say on remote desktop, and will not see the traffic in the viewer for up to 20 seconds or so after I'm already connected to the server. I have not seen this before.
View 1 Replies
View Related
Jun 22, 2011
I have an ASA Firewall 5520 and to add or edit configuration, I use the ASDM interface. For some reason, the admin password that I use is no longer working. The last time I logged on to the firewall was last week and I am the only person with access to it. I used a backup account to login and was able to, but on the menu bar the "Configuration" button is missing.
View 2 Replies
View Related
Nov 24, 2011
I have 2 ASA5520's in failover pair.After failing over I cannot run ADSM on the secondary (now active device), I get "unable to launch device manager from [primary address]"
I can ASDM to the primary device (now marked as "standby ready") on the failover address. I can SSH to it also.I CANNOT ASDM to the secondary device (now marked as "active") on the primary address. I CAN SSH to it.
When I run "sh asdm image" I get valid output (asdm image disk0:/asdm-645.bin) on both.However when I run "sh ver" on each it appears ASDM is not running on the secondary device :
Cisco Adaptive Security Appliance Software Version xxxx [only]
Compared with :
Cisco Adaptive Security Appliance Software Version xxxx
Device Manager Version 6.4(5)
It appears as though ASDM is only running on the primary device (regardless of the fact it is now in standby mode). Is this normal?
I am having to run in a failover condition due to a intermittent hardware fault on the primary unit but require access to the ASDM for monitoring/diag purposes during this condition.
View 2 Replies
View Related
May 5, 2010
i have a new ASA 5520 with only factory default settings. I ran the commands below on the CLI as instructed for a Cisco document but i cannot access it via https://192.168.1.1/admin like it says i should be able to.
Step 1 To identify the IP addresses from which the security appliance accepts HTTPS connections, enter the following command for each address or subnet:
#hostname(config)# http source_IP_address mask source_interface
View 14 Replies
View Related
Jul 11, 2012
I have a ASA 5520 with ASDM641. After I updated my JAVA to v7 update 5 , Build 1.7.0; I cannot launch the ASDM and get this Error: Unable to launch the application.
I have uninstalled and reinstalled the ASDM to no avail.
View 11 Replies
View Related
Jul 13, 2011
My ASA confi are as follows. i cant to do use ASDM, HTTP, Telnet from my local interface and ip 192.168.0.46 &14.My ASDM is ok as i can connect other ASA. what mismatch here i cant understant.
hostname ciscoasa
enable password DtMryzGjBATmCElZ encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
[code]....
View 5 Replies
View Related
Apr 16, 2013
I have new ASA 5520 from the box and i have configured already int g0/1 with ip 10.15.14.5 255.255.255.0 nameif inside kindly see details below the config
[code]....
View 4 Replies
View Related
Jun 21, 2011
I have a problem with my ASDM Logging(ASA5520, System image file is "disk0:/asa804-k8.bin").If i generate any traffic, the ASDM do not show the packets correctly. For example, if i generate a icmp traffic from interface inside to outsite, the ASDM does not show the packets, when it shows it apperars just in one direction.
View 5 Replies
View Related
May 28, 2013
We have a pair of ASA running 8.0 (old) version. The way we create outbound rules is done through ASDM and when we need to open outbound connections to a server in the internet, we create named object with IP address configured manually.But practically , this doesnt work, since the server is a server name which can resolve to multiple addresses. Everytime the server chagnes its IP the ASA rule needs to be updated.Is there a difference if we add rules through CMD prompt as against ASDM where we need to enter IP addresses?
View 3 Replies
View Related
Sep 15, 2011
I want to setup NAT with ASDM on ASA for a client and I can not make it work. I have several interface:
Inside: 10.97.0.1 / 24
Outside: 10.0.1.70 /24
Interco: 192.168.6.1 /24
Other Sites: 10.26.0.4 /24
All routing in the network is Ok My customer want to access a server @ ip 10.194.70.1 in https on the interface Interco with his nat address as 10.97.0.11 .This server must be accessible with the address 10.97.0.11:443 from interfaces inside, outside and other sites.And source address must be nated with original destination address 10.97.0.11 to be redirected on 10.194.70.1.
View 7 Replies
View Related
Aug 26, 2012
When trying to access the asa (8.0(3)) with asdm the console send follwing error message:
vPif_isVpifNumValid: pifNum out of range!
vPif_getVpif: bad vPifNum(0xa6) from 87EBC81 from 83833B4
Have a strong suspicion that it is a hardware failure (since asdm has worked and have tried to restart the box) can not see any errors with any show commands, but could it be a RAM error .
View 1 Replies
View Related
May 10, 2012
We recently had to rebuild our ACS server. Now when we have an 802.1x authentication failure and look at the RADIUS logs for the specific user, it does not show us the MAC address of the device the user tried to login with. We use this all the time because users have PDAs and other mobile devices that they save their passwords on. Then when they change their domain password on their laptop, they don't change it on their PDA which then tries to authenticate them using the wrong password and eventually locks them out. We need to see the MAC address so we can pinpoint which device is causing the lockout. The report I am generating is when you go to this location: Monitoring & Reports > ... > Reports > Catalog > User > User_Authentication_Summary
View 4 Replies
View Related
Sep 13, 2012
I've noticed in the mornings lately when I get up around 6 am my internet will not work. Not on wireless or on my desktop. I decided I'd log into the router to see if there was a firmware update or anything. I had checked the logs and there are quite a few entries relating to DoS. I googled around and saw that it could be some sort of packet loss and the router is mistaking it for some sort of DoS attack. And that due to it not showing up multiple times every second it likely isn't a DoS attack. Here is a few from the logs:
[code].....
View 4 Replies
View Related
Dec 20, 2011
I'm running into this issue on an ASA 5520 running version 8.2(2)9 and ASDM version 6.2(1).
I have an ACL denying traffic to a certain IP range and the logging level set to Debugging. The hit count is rising quite rapidly but when selecting "Show Log" the Real-Time Log Viewer opens with a value of 0x13d0ee2a in the "Filter By" field and no logs are ever shown.
Logging is enabled globally and Logging Filters on ASDM is set to Debugging as well.
how I can get the RTLV working?
View 7 Replies
View Related
May 16, 2011
OK, so just mooching around in the pages of my switch, a 24 port switch and it has in the logs:
268InfoMay 15 22:43:51NIMInterface 26 is Link Down
269InfoMay 15 22:43:51NIMInterface 26 is Link Down
270InfoMay 15 22:43:51NIMevent(39),intf(26),component(2), on non-existent interface
Now, correct me if I`m wrong but my switch only has 24 ports and two of those (23 and 24) are dual personality jobbies!?Where the hell is port 26? Where did it come from? and why did it need to show up only for the switch to realise that it doesn`t really exist?
View 2 Replies
View Related
May 18, 2011
I am having trouble viewing all the Administration logs in ACS View. I have my Local Log Target set to a Maximum log retention period of 90 days. In ACS View I can display authentications that go back 90 days + However when I try and display the "ACS_Configuration_Audit" in View and perform a Custom query that goes back 90 days it will only display about 35 days of Admin logs.I know the logs are there because when I go into CLI and do a search like "show logging | i "ObjectType=Administrator Account" the Administration logs go back over a year.why ACS View cannot display all the Admin logs?The ACS is running v5.1.0.44 Patch 6 (Also experiencing this in a v5.2 ACS as well)
View 2 Replies
View Related
Nov 16, 2011
I'm encountering what I think is an issue on logging system on FW ASA 5520 - Asa Version 8.4(2), ASDM version 6.4(5). When I disabled the logging inside a rule from ASDM, or from console with the "log disable" option inside ACL, If I check in ASDM logging real time window I continue to see all the entry related to disabled rules. This is a correct behaviour about ASA logging ? How I can "hide" the entry related to disabled rules (this is what I need for troubleshooting purposes) ?
View 1 Replies
View Related
Oct 10, 2011
I want to create a local user in my Cisco ASA 5520 to allow the user to use the ASDM in Read-Only mode. I want the user to view the Dashboard only.
View 1 Replies
View Related
Oct 16, 2012
We have a stack of 4 Cisco WS-3750G-24TS with Sw Version 12.2(52) SE and giving weird errors:-
-Traceback= 17211C8 16FA4C0 16FA4FC 18625E4 18608D4 286A850 283E6FC 282EDF4 2859BBC 1B2EDA8 1B25878
Oct 17 22:26:48 AEDT: %SNMP-3-CPUHOG: Processing GetBulk of lldpRemEntry.7
Oct 17 22:26:50 AEDT: %SYS-3-CPUHOG: Task is running for (2098)msecs, more than (2000)msecs (8/6),process = SNMP ENGINE.
-Traceback= 172108C 17211CC 16FA4C0 16FA4FC 18625E4 18608D4 286A850 283E6FC 282EDF4 2859BBC 1B2EDA8 1B25878
Oct 17 22:26:51 AEDT: %SNMP-3-CPUHOG: Processing GetBulk of lldpRemEntry.7
Oct 17 22:26:53 AEDT: %SNMP-3-CPUHOG: Processing GetBulk of lldpRemEntry.6
Oct 17 22:26:53 AEDT: %SYS-3-CPUHOG: Task is running for (2097)msecs, more than (2000)msecs (1/1),process = SNMP ENGINE.
What are these errors is this a bug in the IOS
View 1 Replies
View Related
Oct 31, 2012
I have linksys E4500 and I would like to be able to see the website visited vs ip address.Is there a way to enable same or achive same via parental controls.Again I do not want to block a website but monitor which websites are visited. Is this achievable via router or an additional software/hardware required to be used with router
View 5 Replies
View Related
Jan 31, 2012
I recently upgraded an ASA 5505 that has the Advanced Endpoint Assessment License to 8.4(3) and ASDM 6.4(7). Now there are no options in ASDM for adding AV, Firewall or AntiSpyware versions and definition levels etc? I have checked Host Scan Extensions and enabled 'Advanced Endpoint Assessment ver 3.5.3.1' however when I click configure and attempt to add any AV etc there are none to select - the 'Add Products' box is just blank.I have AnyConnect 3.0.5075, CSD 3.6.4021 and have tried with the integrated AnyConnect Host Scan image and with the standalone Host Scan image (3.0.5077) and the behaviour is the same ?
View 4 Replies
View Related
Jun 15, 2012
I am running CSD 3.6.5005 with Asa code 8.4(3) and asdm version 6.4(7). I have anyconnect premium and advanced endpoint assessment licenses installed with anyconnect essentials disabled. I have the standalone CSD package which hostscan is activated through.I am able to create host scan checks for registry and operating systems and have built dynamic access policies. The issue that I am experiencing is I can't get the av vendors to appear when configuring the advanced endpoint section. I keep seeing a pop with a blank screen when I try to add.I am using OSX lion and I have tried on windows also. I have tried on a 5505 and now on a failover set of 5510s.
View 1 Replies
View Related
Nov 29, 2011
I have a cisco 5520 running as IPsec concentrator. On the ASDM homepage is shows like 31 VPN connected. But if I go to Monitor > VPN is show only 18. Then if I use SSH using sh crypto command it shows the same number as on the Monitor > VPN sections. I am running 8.3(1) and ASDM 6.3(1).
View 8 Replies
View Related
Nov 4, 2012
I am running two ASA 5520 routers synched up with eachother. I had a massive connectivity issue this weekend that I am investigating. Now I have figured out how to get the live logging but I need to know how to get the old logs from my router.
View 4 Replies
View Related
Nov 26, 2012
I have an ASA 5550 running 8.4(5) and have installed ASDM 7.0(2), but when I try to manage the bookmarks under the Remote Access - Portal when I try to edit an individual item in a bookmark list the screen does not display any information. Is this a know bug, or do I need to have a specific java version for the new ASDM? As a side note, I have not noticed any other issues with the new version of ASDM, only the bookmarks. I initially tried to downgrade the ASDM version that I was using to connect, but it will no longer allow me to connect.
View 6 Replies
View Related
Aug 3, 2011
Why my asa5520 brings out:
sh curpriv
Username : enable_15
Current privilege level : 15
Current Mode/s : P_PRIV
while i am logging in with my username which is XXXX. And in my ACS accounting logs I cannot see which user did what.
View 2 Replies
View Related
Oct 29, 2012
I have a problem on a Cisco ASA5520 version 8.2(5). A customer has set up a syslog to keep tracks of tcp sessions made by vpn users. On the syslog we filter %ASA-6-302013 and %ASA-6-302014 log messages, respectively: Built inbound TCP connection and Teardown TCP connection. When the connection is made by a vpn user, at the end of the log line you see the vpn username which should be the same in both the messages for the same connection. I have verified that when a user, let's say UserA, disconnects from the vpn, their tcp sessions are not properly closed; if another user, let's say UserB, establish a VPN immeditaely after and gets the same IP address previously assigned to UserA, the log sessions are recored with UserA in the %ASA-6-302013 message and UserB in the %ASA-6-302014 message. I presume this is due to the fact the tcp sessions are not tore down when the first user disconnects and it looks like a bug to me but I didn't find it referenced anywhere. Is there a way to have all tcp session tore down when a user disconnects the VPN connection?
View 2 Replies
View Related
Feb 8, 2012
Got a classical remote access vpn with Cisco VPN Client and ASA-5520, Some weeks ago I noticed in my ASA logs this severity 5 Message. Group = xyz, Username = abc, IP = 84.n.n.n, Duplicate Phase 2 packet detected. No last packet to retransmit. This message comes with every connect, but then connections works fine.
Remark: See ASA ADSM:
- 1. Duplicated Phase II (!!)
- 2. Phase I
- 3. Phase II
View 4 Replies
View Related
Feb 23, 2012
We are running ASA5520 with version 8.4(2)8 software and ASDM 6.4(5)205.We have noticed the following problems:When having more than 30 IPSec,sessions connected, the log fills up with errors "System is low on free memory blocks of size...", When filtering by "AnyConnect Client" in "Monitoring > VPN > VPN Statistics > Sessions" the values "Bytes Tx / Bytes Rx" column is presented in one line ie. "8450198968129194". Seems to be missing a <cr><lf>,When uploading a new CSD-image (via ASDM) all configuration för GPO, CP, DAP seems to dissapear, though, the config seems ok when looking at a sh run. Also, the newly updated csd-image doesn't show i ASDM.
View 2 Replies
View Related
