Cisco Firewall :: 5520 - How To Check Hits On Particular Allowed IP

Aug 10, 2011

i allowed one of internal ip using static nat and public ip is 203.18.137.22 and i want to check which IP  are  hit this public ip ?Is there is any command to check which ip is hitting 203.18.137.22? I have the cisco 5520 asa firewall.

View 6 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5520 - Real-time Log Viewer Filter Not Showing Rule Hits With ACL

Dec 20, 2011

I'm running into this issue on an ASA 5520 running version 8.2(2)9 and ASDM version 6.2(1).
 
I have an ACL denying traffic to a certain IP range and the logging level set to Debugging.  The hit count is rising quite rapidly but when selecting "Show Log" the Real-Time Log Viewer opens with a value of 0x13d0ee2a in the "Filter By" field and no  logs are ever shown.
 
Logging is enabled globally and Logging Filters on ASDM is set to Debugging as well.
 
how I can get the RTLV working?

View 7 Replies View Related

Cisco Firewall :: Host Cannot Browse And Allowed With Asa 5520

Apr 20, 2013

Port forwarding done to a DMZ located server on the cisco ASA 5520. Now this host cannot browse but allowed outside to inside access is possible Is there anyway i can give this system to browse internet? may be through the natted IP ( 94.20.*.*)

View 2 Replies View Related

Cisco Firewall :: ASA 5520 - Threat Detection Provoke Frequent Disconnections On Allowed Traffic?

Jul 17, 2011

Can threat detection provoke frequent disconnections on allowed traffic?We are using  asa 5520 with 8.3.1 IOS For instance in ASDM we see SYN attack messages .The source ip address correspond to external an external host (in the outside interface) wich is allowed to connect to  internal servers(in the internal interfaces).
 
Our threat conf is as follow:
 
threat-detection rate dos-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate dos-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate bad-packet-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate bad-packet-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate acl-drop rate-interval 600 average-rate 400 burst-rate 800
threat-detection rate acl-drop rate-interval 3600 average-rate 320 burst-rate 640

[code]....

View 11 Replies View Related

Cisco Firewall :: 5520 - How To Check Vulnerability On ASA IOS Image

Feb 28, 2012

i am using asa821-k8.bin image, in my cisco 5520, How can i check if my IOS is vulnerable ?

View 4 Replies View Related

Cisco Firewall :: ASA 5520 - Check Which IPs Hitting On Particular Interface

Sep 23, 2012

I have a cisco asa 5520 and suddendley in my Network Monitor tool,(using SNMP)  asa's DMZ interface traffic is showing arround 90000 Kbit/s .
 
i want to check which traffic is flowing throgh this interface.(Ip address details)
  
Note : There is no impact on asa CPU usage.

View 4 Replies View Related

Cisco Firewall :: Command To Check ASA 5520 Is Passing Traffic

May 14, 2012

how can i check that ASA is passing traffic? Also what command we can use to make sure VPN is working fine.

View 2 Replies View Related

Cisco Firewall :: Command To Check IPSEC Tunnel On ASA 5520?

Jan 7, 2013

Need to check how many tunnels IPSEC are running over ASA 5520.Tried commands which we use on Routers no luck?

View 6 Replies View Related

Cisco VPN :: 3000 Network Address Is Allowed Down Tunnel / Check Phase 2 IPSEC Proposal

Nov 4, 2012

I need to check and possibly change which Network address is allowed down a tunnel and check our Phase 2 IPSEC proposal. How would I do this on a VPN3000?

View 3 Replies View Related

Cisco Firewall :: ASA5510 - Number Of Hits For ACL

Sep 29, 2011

I am using ASA5510, and I would like to know if we should reset the number of Hits for ACL ? Actually this number increase in front of each ACL. Is there any specific configuration ?

View 4 Replies View Related

Cisco VPN :: 5520 Are RA IPSec And SSL VPN Ports Allowed By Default

Mar 27, 2013

We have set of PC's who will be connecting either RA IPsec or SSL VPN to another location. On our site, our perimeter device is an ASA 5520 8.2(3). The interfaces on this ASA doesn't have Access Lists applied, so from what I understand, there is a default policy applied globally (class-default). Now my question is: If we set up vpn clients on our pc, are the ports used by the clients to the VPN server allowed by default or do we need to tweak the class-default?

View 6 Replies View Related

Cisco VPN :: ASA 5520 - AnyConnect Check Endpoint Attributes Not Working

Mar 12, 2013

While user's connecting through AnyConnect, AnyConnect doesn`t check endpoint attributes. I've configured checking process  of "notepad.exe", but it doesn`t work. There is no checking process of  "notepad.exe" in output debug dab trace (see attach).

ASA 5520 ver 8.4(1)
AnyConnect 3.1.02040
HostScan     3.1.02043
CSD            3.6.6234

View 16 Replies View Related

Cisco Firewall :: How Many Outside Interfaces Are Allowed On ASA 5550

Apr 26, 2011

I am using an ASA5550 for a complex secure network that has at least six "outside" networks.  Each "outside" network is assigned to a specific port each set at level "0".  I also have a DMZ, set to level "50".  I am having difficulty with passing traffic from a host in the DMZ to all but one of the "outside" networks.  Is there a limit to the number of "outside" interfaces?  I will provide a redacted config file as soon as possible.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 VPN User Needs To Be Allowed

Aug 23, 2011

A user needs to be allowed through the Cisco ASA 5505 firewall to make  a VPN connection to 83.1.**.** address on port 1723.

View 13 Replies View Related

Cisco Firewall :: Port 1025 Allowed On ASA

May 17, 2013

I was reviewing my ASA config and noticed that port 1025 was being allowed in and statically NAT'd to connect to my email server:
 
access-list outside_in extended permit tcp any host X.X.X.X eq 1025
static (inside,outside) tcp interface 1025 Y.Y.Y.Y 1025 netmask 255.255.255.255.

View 2 Replies View Related

Cisco Firewall :: ASA Version 8.3(2) - Internal Traffic Not Allowed

Jul 29, 2011

i have reviewed this configuration a couple of times and I am not seeing my error. I have two internal subnets, in different VLANs with the ASA being the default router. The internal zone works fine, but the zone called wireless on VLAN 13 doesn't.   The firewall blocks all communications and the rules look correct to me. I want all traffic on this wireless subnet to be allowed to cross over the firewall and NAT to the outside interface, just as the inside zone does.

View 1 Replies View Related

Cisco Firewall :: 3389 Port Allowed From Some IPs On ASA 5505?

May 6, 2012

I would like to setup an cisco ASA 5505 to only allow certain IP's on port 3389, but i can't get it to work. Maybe some of you experts know why?
 
Here is my config:
 
ASA Version 8.4(3)!hostname cisco-asaenable password ** encryptedpasswd ** encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.253 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address 95.*.*.* 255.255.255.248!ftp mode passiveobject network obj_anysubnet 0.0.0.0 0.0.0.0object network rdpuser-1host 46.*.*.*object network rdpuser-2host 48.*.*.*object network rdp-host-pchost 192.168.1.20object

[code].....
          
The allowed IP's are setup on user level (rdpuser-1 and rdpuser-2) .Still do, I can't connect to the server from any of these IP's...

View 6 Replies View Related

Cisco Firewall :: ASA 5580 - Ping Allowed But Not Configured?

Apr 4, 2012

We have a Cisco ASA 5580 and the outside interface has a public IP address and we noticed we can ping this address from the Internet. I did a packet capture on the outside interface and confirmed the pings and the IP address sending the pings. The 5580 does not have an access list allowing icmp so I'm not sure what is allowing the pings to this interface.

View 5 Replies View Related

Cisco Firewall :: Quick ACL On ASA 5505 Only Untrusted Interface Allowed To FTP

Apr 12, 2011

If I am using an ASA5505, and I have a configuration similar to below, I see that the untrusted interface is only allowed to ftp to 192.168.1.5. Since the trusted interface is not limited to ftp only can it basically run any protocol it wants to 10.20.30.2, or does it get limited to only ftp by the other ACL on returning packets.Also, is the ACL applied to the interface because the ACL's name is the name of the interface?

View 2 Replies View Related

Cisco VPN :: ASA 5520 / Error / Split Tunnel Attributes(51) Greater Than Max Allowed Split Attributes(50)

Jul 21, 2012

We have ASA 5520 acting as the VPN Server and Cisco 1941 router as EZVPN client. Since last few days client is not able to establish vpn connection. 1941 router is continuously generating the below log messages
 
001569: Jul 22 12:19:05.883 ABC: %CRYPTO-4-EZVPN_SA_LIMIT: EZVPN(VPNGROUP) Split tunnel attributes(51) greater than max allowed split attributes(50)
 001574: Jul 22 12:19:07.835 ABC: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client)  User=vpn_user  Group=VPNGROUP Client_public_addr=<client public ip>  Server_public_addr=<server public ip>
 004943: Jul 22 11:32:42.247 ABC: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16

View 3 Replies View Related

Cisco Firewall :: ASA 5510 / Outbound Internet Access Not Allowed When Syslog Server Is Rebooted

Jun 27, 2011

I have recently setup Splunk to receive my syslog messages from my ASA 5510.  In the past I used kiwi without observing this issue, but I needed more features than kiwi had available.  Anyway, anytime I stop the splunk service my asa does not allow any outbound connections to be established. 

View 2 Replies View Related

Cisco WAN :: ASR1002 - Inspection Of ACL Hits

Aug 17, 2011

I'm aware ACL's are handled in hardware on the ASR platform but wondered if there was any way to inspect how many hits we get on each line of an ACL on the ASR, I can't seem to find a command to do this.
 
Using LOG is not possible due to the large number of hits.

View 2 Replies View Related

Cisco Firewall :: NAT RPF Check Failure PIX 8.2 OS

May 2, 2013

i know in Cisco PIX til 8.2 OS, if i have Nat control disabled and ACL permitting connection from Low Secirity ( DMZ ) to High Secuurity (INSIDE) then connectino should be successful, and i dont need any STATIC identity nat of inside IP to be created.

But i have Cisco PIX 525 with  Version 7.2(2) Which is not allowing connection from DMZ to INSIDE , although nat control is disabled. and giving RFP check failure, any thought?

PIT525PIXINET# sh running-config nat-control no nat-cont
 
packet-tracer input dmZ  tcp 192.168.85.4 65000 10.34.21.25 3389
 
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
[Code]...

View 6 Replies View Related

Cisco :: Software To Check Most Used Website Through Firewall

Mar 1, 2012

know software that can show us software that shows most used websites through particular firewall?

View 8 Replies View Related

Cisco Firewall :: ASA 8.2(5) / UDP Reverse Path Check

Jun 15, 2012

ASA running 8.2(5).When I enable ip spoofing on my network interfaces I see this getting logged:

Deny UDP reverse path check from 10.100.100.102 to 10.100.100.255 on interface SPECTRA-LAN
 
This is because interface SPECTRA-LAN (VLAN50) is the interface connected to the network with ip 10.100.100.0/24 but the interface do not have a ip address so it does not exist in the routing table I believe?However interface INTERN do also belong to network 10.100.100.0/24 which also is the management interface and the default route for hosts in network 10.100.100.0/24, but has no vlan. 

1. move the management0/0 to SPECTRA-LAN and give SPECTRA-LAN ip 10.100.100.1?

2. give SPECTRA-LAN a ip address in the 10.100.100.0 range?

My routing table and interface list is:

Current available interface(s):
  DATA-BACKUP     Name of interface Redundant1.10
  DMZ             Name of interface Redundant1.900
  GUEST           Name of interface Redundant1.990
  HOSTING         Name of interface Redundant1.100
  Infrastruktur   Name of interface Redundant1.20

[code]....

View 3 Replies View Related

Cisco Firewall :: ASA 8.4.3 - Does It Check DNS Source IP Address

Oct 29, 2012

Does ASA 8.4.3 check the source IP address of  a DNS reply and drop it if the reply address is different to that in the query?
 
Customers DNS server does this due to a recent change, their server now has a virtual address, but replies are sent from its physcial address. This is temporary. Their PIX is happy with this.
 
Replace the PIX with the ASA, DNS fails, the only reason I can see is due to the way their internal DNS operates.

View 1 Replies View Related

Cisco Switches :: SG200-08 CPU Hits 100% After Running For One Month

May 4, 2013

After running for about one month, my SG200-08 hit 100% CPU and pings increase from under 1ms to 300ms.   I purchsed the SG200-08 for home due to its support for IGMP snooping.  I have a TELUS Optik TV service at home which uses the Microsoft Mediaroom platform and multicast on the local LAN.   When the SG200-08 hits 100% CPU, my Cisco STBs start to exhibit multicast issues due to delayed or dropped IGMP messages.   I recently upgraded the SG200-08 to firmware 1.0.6.2 hoping that it would fix the issue, but it hasn't worked.   [code] Smoking latency graph of the SG200-08 ICMP response time.  On May 1st the CPU spiked to 100% and the laency increased to 300ms. The problem has been occuring since I installed the SG200-08 with the CPU spiking to 100% about once a month.  Rebooting the SG200 will clear the issue.

View 3 Replies View Related

Cisco Switching/Routing :: 6509 / Route-map Doesn't Get Any Hits

Dec 11, 2011

My network has two connections to a third party via links on two seperate ASA , one in location A and one in location B. The link in location A is the primary connection and the other in location B should be used by only two terminals (term1, term2) in location B. ASA are running OSPF and are redistributing static routes as metric-type 1 in OSPF. In order to achive the aforementioned goal, I have configured a route-map on ASA location B, that sets the metric for the route towards the third party to a high value (100). This way, all routers, even those in site B prefer the exit through location A (metric about 24).
 
I have checked that my routers correctly have the route to the 3rd party through location A, and the OSPF database has records for the network from both locations.In location B, I have configured the following route-map (on 6509)
 
route-map PREFER-LOCAL-ROUTER permit 10
match ip address XXX
set ip next hop locationB-ASA
 int vlanYYYY
ip policy route-map PREFER-LOCAL-ROUTER

[code]....
 
From the terminals (term1 and term2) I have tried a traceroute towards the 3rd party's subnet, but I don't get any match neither on the access-list nor on the route-map. Unfortunately I have no other way to test that my configuration is correct, since the application on the terminals, that should access the 3rd party network, is not currently running.
 
I also addedd the statements below to the access-list, because of the test with tracert:
permit icmp host term1 route_to_3rd_party 0.0.255.255
permit icmp host term2 route_to_3rd_party 0.0.255.255
 
Nothing changed...Is there something wrong with the above config? Is there a chance that there is a problem with the IOS, that simply doesn't show any hits?

View 9 Replies View Related

Cisco Firewall :: Way To Check Hardware Status Of ASA 5505?

Nov 22, 2012

Is there a way to check the hardware status of an ASA 5505 ? I am thinking of a command or a script to execute.

View 3 Replies View Related

Cisco Firewall :: How To Check Functions Included For ASA Image NCI-ASA5520-BUN-K9

Jan 13, 2013

May I have to know how to check functions included for asa image NCI-ASA5520-BUN-K9?

View 2 Replies View Related

Cisco Firewall :: 12697 FWSM Shows TCP Check-sum Incorrect

Jun 13, 2012

When we setup a connection between two hosts we receive the message "TCP checksum incorrect" , This is  between a settop box on the outside and a server inside the firewall. This STB used to communicate with the server on port 443 which is NAT-en to port 12697.With a new settop box image which uses on the inside and outside port 12697 we receive this TCP checksum incorrect on the Firewall with wireshark.
 
Strange is that on the outside of the firewall we see an MSS of 1460 and on the inside it is 1380 (don't know if there is a relation with this and the issue we have)

View 1 Replies View Related

Cisco Firewall :: ASA 8.4 Newer Check Point Conversion Tool?

Feb 8, 2012

Is there a newer tool for current versions of Checkpoint to ASA 8.4?  I notice a lot of similarity between checkpoint and 8.4 now, but I still have to do it all line by line which has become a PITA.

View 1 Replies View Related

Cisco Infrastructure :: Where To Check License Details - ASR 1000 Firewall

Mar 13, 2011

I am looking for for details meaning of license because I cannot found the details install.  The license call
 
FLASR1-FW-RTU(=)
 
that is used to enable the firewall function in ASR 1000 series.  But I don't clear about what feature inside, it is because it only show the "firewall" from website.  Is that same as IOS firewall?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved