Cisco Firewall :: 5525-X Cannot Create New Sub-interfaces / Etherchannels Through ASDM 7.1(1)
Apr 9, 2013
We are suffering an issue with ASDM 7.1(1) on a 5525-X with 9.1(1) software. In the Configuration --> Interfaces window, I can modify parameters on physical interfaces, I can modify parameter on subinterfaces, but I cannot create new subinterfaces or Etherchannels through ASDM.
When I create a subinterface, entering all parameters, interface name, vlan id, security level, etc., then I click on "Apply" button and nothing happens. It doesn't send anything to ASA. If I click on another window, ASDM ask for applying changes, I click on it, but nothing is applied and window doesn't change. It happens only when creating new interfaces. If I create them through CLI, then I can modify parameters without any problem.
I have tried re-installing java and I have tested with 6.31, 7.9, 7.11, 7.17 Java versions, from Windows XP, Windows 2003 Server and Windows 7 computers with same issue. Also with Linux Mint distro with IcedTea Java.
View 3 Replies
ADVERTISEMENT
Mar 14, 2013
I recieved my IPS module license for my ASA 5525 . I enetered the key via the ADSM and it prompted me to restart the firewall .. After that i cannot get into the firewall via the ASDM .
View 3 Replies
View Related
Sep 23, 2012
Is there a module or way to create a Guest Access Lobby on the ASA 5525? We currenly leverage the WLC to do this for us, but are moving to a routed access enviornment which is causing some issues. We would like to offload the guest access responsibility to the ASA if possible.
View 1 Replies
View Related
Apr 8, 2013
I am trying to setup intervlan routing with a Cisco ASA 5510 and two 2960-S switches. The 5510 currently is using ASA Version 7.0(2) and has a base license. I tried to create a sub interface today based on some info I found regarding the routing piece and it didn't recognize the command. I'm thinking I may need to update the IOS code or the license on the firewall. I know the syntax was correct because I looked it up and found it in a Cisco document.
View 15 Replies
View Related
Nov 13, 2011
Unable to create VLAN interfaces in ASA 5510
View 1 Replies
View Related
Jun 22, 2011
I am trying to figure out how to create an etherchannel with sub-interfaces on an asa 5520 running 8.4.1 code. It doesn't seem to allow me to configure any type of sub interface on the port-channel or anywhere else once I create it.
View 4 Replies
View Related
Oct 10, 2011
I want to create a local user in my Cisco ASA 5520 to allow the user to use the ASDM in Read-Only mode. I want the user to view the Dashboard only.
View 1 Replies
View Related
Aug 20, 2012
I am trying to enable a second WAN interface on our ASA.the end goal is to move all internet traffic to the new connection, but first i want to test it working.I have setup my computer as an object in the ASDM and the interface is configured correctly (same settings on a different router and that was working)I setup a route with a lower metric ( 1 lower than the default route which routes everything through current main internet interface) to route traffic from my computer out through the new interface but i am still connected on the old interface.I duplicated some of th NAT rules (but i would have thought if these werent working then i would have no internet connection anyway)
View 5 Replies
View Related
Apr 26, 2011
nat global entry not showing up in ASDM but it does via CLI see blow, it's a policy NAT.
nat (inside) 5 access-list inside_nat_outbound_4
global (outside) 5 ************-OUTSIDE netmask 255.0.0.0
Global 5 doesnt show in ASDM 6.1 (5) the globals only go up to 3
View 1 Replies
View Related
May 9, 2013
I have read that it is possible to migrate from a 525 to an ASA via a upgrade to pix asa version 7.0 then using the migration tool once copied to the new ASA 5500 series, but i have alos read in a forum somewhere that a migration from PIX to ASA 5500-x series is not possible,, is this true ?
View 1 Replies
View Related
Apr 8, 2013
We have recently installed new 5525 8.6(1) ASA's. Our setup is like; where we are using Public IP for web server, which needs to be mapped/natted to internet VIP address and that VIP is configured on F5 LB. Setup is below; This Public IP is the web server IP. The firewall get hits, but web server page is not being displayed. In the logs FW built tcp but then tear down the session, syslog id (302014) 77 TCP Reset-I
|INTERNET|
|
|
195.201.55.X
[ ASA ]
Natting to
10.100.100.151
[ F5 ]
|
/
/
Real Servers---> .150 .151
NAT Config is; nat (DMZ1,OUTSIDE) source static 10.100.100.151 195.201.55.X.
View 8 Replies
View Related
Aug 15, 2012
May I know how to configure for remote accessing ASA 5525 via ssh?I have issued the following commands
ssh 10.60.0.0 255.255.0.0 outside
ssh 10.60.0.0 255.255.0.0 dmz
ssh 10.60.0.0 255.255.0.0 inside
ssh timeout 5
but I am not able to access ASA via ssh. Do I need to add any other command
View 20 Replies
View Related
May 28, 2012
I have a PIX 515 with version 8.0(3). We buy a ASA 5525-X for replace the PIX.
The question is, what is the better method to migrade the configurations? Manually?
What is the better version for 5525-X? 8.6.1?
View 4 Replies
View Related
Nov 14, 2012
We have a customer that has a ASA 5525-x reporting only 4g flash memory rather than 8g has any 4g version of the 5525 or is the IOS reporting incorrectly the size, as it seems to be embedded on these units as a USB disk internal.
View 4 Replies
View Related
Nov 13, 2012
We have a 5525 that has not been deployed to production yet so we're using it in the lab. I want to lab some upgrades from 8.2 to 8.6 for some customers but the 5525 comes loaded with 8.6. Would there be any problem with reimaging the 5525 with 8.2? I'm just not sure if there would be an issue with this new hardware running that old software.
View 3 Replies
View Related
Feb 27, 2013
I'm about to upgrade from an ASA5520 to ASA5525.
View 1 Replies
View Related
Oct 31, 2012
We've just replaced our Fortinet Firewalls with 5525's but are struggling to get a feature working that worked great on the Fortinet firewall.All our users use a proxy for internet access that's configured in IE but from time to time some users need to remove this proxy and go directly out to the internet, with the Fortinet devices we created a rule right at the bottom of the inside access out rule that had it authenticate users via TACACS which worked a treat and could be used from PC or laptop. We want to do a similar thing on the 5525 and I thought the Authenticated user would give me this access but I don't seem to be able to get it to work. I've got the AD side of it working fine the ASA can pull user and groups from AD but I'm struggling to get this working for a user.
View 3 Replies
View Related
May 21, 2013
We are using MS System Center Operations Manager to monitor network devices. We are trying to monitor our Cisco ASA 5525-X firewall interfaces.
We have a generic management pack installed that seems to work for parts of the 5525. We can see performance info for IF-4 but none of the other interfaces.
Our Management Pack is a generic Cisco Adaptive Security Appliance Version 9.1(1) management pack.
Is there a management pack that is specifically for this Cisco firewall?
View 0 Replies
View Related
May 21, 2013
I am in the process of upgrading a client's firewalls from 5520s to 5525-Xs. I have 2 independent firewalls that are merging into a single firewall. Both of the source ones have a TON of user accounts defined for remote user VPN, is there any way to move these user accounts with passwords in tact?? The goal is not to have to tell the 250+ users that they need to reset their passwords at once.
View 2 Replies
View Related
Feb 12, 2013
I need to setup an ASA 5525 in Active/Standby failover mode. I am setting up the ASA for a company that purchased only one public IP address. The public IP address is assigned to the outside interface. My question is will failover work correctly if I don't use a secondary IP address on the failover configuration on the outside interface?
View 4 Replies
View Related
May 22, 2013
We have an ASA 5525 running version 8.6(1)2 and a 10 MG pipe. I have execs that want to limit bandwidth on users for stuff like youtube, stream media, and downloads. I found the article on ‘Bandwidth Management(Rate Limit) Using QoS Policies’ so it appears our firewall can do what we want. I’m not a cisco person. My knowledge is limited when it comes to configuration – that’s why we have SmartNet.
Can bandwidth be limited on end users and/or can they limit the ‘bandwidth rate limit’ to just youtube, steaming media, and downloads? If so, what should the limit be? and I’m assume this would be for ‘incoming’ traffic only? we’re running into some bandwidth hogs – usually youtube and/or streaming media. We have a Barracuda web filter which we’ve used to block and monitor activity but I simply do not have time to babysit this all day. I should also mention we do have critical data running up and down the pipe; such as credit card processing, DB replication between in house DB and hosted website, TPCx and EDI, FTP, and such that we don’t want restricted.
View 7 Replies
View Related
May 28, 2012
Could I configure and connect 3 Dell switches to an ASA-5525 Firewall which has got 8 interfaces.
View 7 Replies
View Related
Dec 3, 2012
I would like to configure an ASA5512-X in firewall transparent mode, but I am having trouble getting ASDM to lauch when I do.
I have created a BVI interface with an IP address, and I hve enabled the mangement interface, but ASDM does not lauch when I enter the IP adress of the BVI I created.
Apprently you need to use the bridge-group command to assign an interfce to a bridge group. When I enter this command at the (config-if) prompt for Management 0/0, this command is not recognized.
What are the general steps for configuring the management interface to be able to launch ASDM in transparent mode?
View 1 Replies
View Related
Oct 20, 2012
I would just like to to open UDP port 123 in the ASA 5510 Firewall so that our Primary Domain Controller could use this port to sync time with an external time source. We have already added an access rule for this port under the firewall configuration in ASDM 6.4 and this port was also allowed in the inbound and outbound rule of the PDC's Firewall but it seems that it was still blocked.
View 23 Replies
View Related
May 21, 2013
I have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via eithier. When I access It via SSH I get a disclaimer saying the following
*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***
It then cuts me off.
When I try to access the ASDM I get the following
The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with
http 192.168.200.0 255.255.255.0 inside
View 4 Replies
View Related
Apr 6, 2011
I am interesting what is a number of maximum supported etherchannels in 2960 and new 2960S switches?
View 1 Replies
View Related
Aug 29, 2012
I have a ASA 5515-X-IPS firewall and I want to communicate firewall through ASDM-IDM. Already done the below procedure;
•1. Connect cable to Management port.
•2. Open browser and type https://192.168.1.1/asdmin and download the ASDM-IDM Launcher v1.5(55) and install my laptop(OS: windows 7)
•3. Connect asdm-idm launcher we put IP Address: 192.168.1.1 and username, password enter.
Just whenever we login the wizard then the message shown “ Unable to connect the asdm manager”For your kind information we already setup jre6u7 java software.
View 1 Replies
View Related
May 11, 2011
We are designing a LAN Network for ourselves.The proposed design is as follows:
4 x 2960S switches in a Stack Access-Stack-I 4 x 2960S-PoE switches in a second Stack Access-Stack-II
2 x 3750X switches in a Stack Core-Stack
Now I would like to connect it in the following manner ?First,I would like to use EtherChannel using the 10Gig LinksSecondly, I would like to use Cross-Stack EtherChanel too.I have given a graphical illustration of the connectivity Now my Qs: a) Will the 2960S supports EtherChannel using the 10G links and the 3750X too... b) Does the proposed solution will work... or It will have any problems.
View 4 Replies
View Related
Feb 18, 2013
We're running two 5508 WLCs running 7.0.235.3 pushing out 7 WLANs. They are both live. Each WLC is connected to the same stack of 3750G running 12.2(44)SE6 via Etherchannels.I'm getting tons of MAC flapping errors similar to this:9373213: Feb 19 10:53:54.564 CST: %SW_MATM-4-MACFLAP_NOTIF: Host 843a.4b3c.4cec in vlan 752 is flapping between port Po12 and port Po11Each portchannel consists of ports on each of the two switches in the 3750 stack. Only VLAN 752 shows the flapping activity. LAG is enabled on the each of the WLCs. The portchannel and interface configs are identical, minus the channel-group command of course.Maybe completely unrelated....looking at CDP neighbors from the switch is incorrect:
WLC1 Gig 2/0/44 157 H AIR-CT550 Gig 0/0/1
WLC1 Gig 1/0/21 157 H AIR-CT550 Gig 0/0/2
WLC1 Gig 1/0/20 157 H AIR-CT550 Gig 0/0/3
[code].....
View 2 Replies
View Related
Oct 13, 2012
I am working in an environment where i have to use more etherchannels, any way that how many etherchannels could we create on Cisco Switch 3750 e. do they can utilize high process resources of CPU.
View 4 Replies
View Related
Oct 25, 2011
how many etherchannels can the 2960S support when it is stacked? I understand it initially has 6 channels.
View 2 Replies
View Related
Apr 19, 2013
what is the maximum number of etherchannels i can build on a Cisco 2960S stack. We hoping to connected 15 servers using 2 port channels between two stacked 2960 for redunancey. So what is the max number of channels can i build using the 2960S? Is the max 6 or is it more?
View 4 Replies
View Related
Mar 21, 2010
I can get to the untrusted certificate on https....coming from my address 192.168.133.205..but i get denied am i being denied by access list?..I dont see how since intital SSL begins..
these are the log from the ASA---10.11.24.11 is the ip of one of the contexts
interface GigabitEthernet0/1.124 vlan 124 nameif Inside security-level 100 ip address 10.11.24.11 255.255.255.0
http server enablehttp 0.0.0.0 0.0.0.0 managementhttp 0.0.0.0 0.0.0.0 Inside
Mar 22 2010 16:05:34: %ASA-6-725001: Starting SSL handshake with client Inside:192.168.133.205/24368 for TLSv1 session.Mar 22 2010 16:05:34: %ASA-6-725003: SSL client Inside:192.168.133.205/24368 request to resume previous session.Mar 22
[Code]....
View 6 Replies
View Related