Cisco Firewall :: ACL Hit Count Not Real In Asa 8.2

Mar 6, 2011

ASA v 8.2What does the ACL hit count count ? I always thought that the acl hitcount counted the numbers of packets hitting that line in the ACL, however that is not the case. if I setup a icmp permit rule then that will only increment 1 even if I send 4 packets that hits the line. udp and tcp seems to do the same. is there some way I can make the ACL actually count the packets that hits ? where can I learn more about this ?

View 4 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 8.3 Real Ip Address In ACL?

Jan 15, 2012

if ASA 8.3 uses real IP address in ACL, why in this example "ASA 8.3 and Later: Mail (SMTP) Server Access on Inside Network Configuration Example" uses the public (natted) ip address for the smtp server ACL?

View 6 Replies View Related

Cisco Firewall :: ASA8.4 VPN - Hit Count Is Zero On Rules

Nov 7, 2012

I have several working VPNs between ASAs 8.4 and 8.3The way this was set up is with cryptomaps that match whole subnets and ACL on the outside interface to permit from/to the RFC 1918 addresses.I notice that the hit count is zero on these rules and so I wonder if they are actually necessary or doing anything.If they are not where can an acl be applied to restrict the VPN traffic? Outbound on the inside interface?

View 1 Replies View Related

Cisco Firewall :: Active Session Count Of ASA 5540 In HA?

Apr 15, 2012

We have configured our ASA5540 in active-standby failover.We are observing that current active session count is twice of session count before configuring HA. Earlier average active session was 50000 and now after HA it is around 100000. Failover configuration of both firewall are as follows
 
failover
failover lan unit primary
failover lan interface FOLan GigabitEthernet1/0
failover polltime unit 15 holdtime 45
failover replication http
failover link StateLink GigabitEthernet1/1
failover interface ip FOLan 10.3.3.1 255.255.255.0 standby 10.3.3.2

[code]....

View 3 Replies View Related

Cisco Firewall :: ASA 8.3 Real Ip Address Automatic Migration?

Mar 23, 2011

in the ASA Migration Guide for Version 8.3 says about real ip address: "All of the access-listcommands used for these features are automatically migrated unless otherwise noted"
 
But my ACL's have not been migrated to real ip address. In my migration log:
 
INFO: NAT migration completed. Real IP migration logs: No ACL was changed as part of Real-ip migrationWhy?So, do I have to migrate them manually?

View 3 Replies View Related

Cisco Firewall :: ASA 9.1 Access-list / Real IP Addresses?

Feb 26, 2013

So in the past from 8.2 down I had one to one NATs like so
 
static (inside,outside) A.A.A.A B.B.B.B netmask 255.255.255.255
 
but for 9.1 im running now I need to do this
 
object network obj-B.B.B.B
host B.B.B.B
nat (inside,outside) static A.A.A.A
 
So if I make an ACL to permit outside public access to the public IP (A.A.A.A) in 9.1 do I use real B.B.B.B ip address or the object itself obj-B.B.B.B?

View 4 Replies View Related

Cisco Firewall :: 5540 - NAT / PAT Two Private IP's To One Real On Same Port

Nov 25, 2012

I have the following situation. A colleagues installed a spam block (Norton something) and he put two ip's on itsinterfaces. 192.168.2.20 and 192.68.2.21. One will be used to receive and one to send mail but both on port 25. They use a sinlge real IP 175.75.67.32. I am using a 5540 ASA with 8.2 IOS.
 
I am pretty sure this cannot happen but i got some advice to NAT the outgoing IP/Port and then PAT the incoming port to both IP's and it will work. I tried to do it with no success. I know that  ASA 8.4 changes everything in NAT/PAT but is there any way with the newer OS my setup can work or not?

View 2 Replies View Related

Cisco Firewall :: ASA5520 - Can't View ACL Count Details Using ASDM

Feb 9, 2012

We are running a ASA5520 with system image of "disk0:/asa843-k8.bin".  I'm also running ASDM ver: 6.4(7)So my question is while I'm in the ASDM on the configuration of the firewall, I'm looking at the Access Rules.  When I do a show log on any of the rules that have hit counts on them, it opens up a Real-Time Log Viewer but I don't see any information.  It's not showing anything, nothing appears, it just sit's there like it's waiting but no data is coming.  Even though if I go back out to all the rules, I can see the hit count incrementing.  The same thing happens no matter which rule I pick with hit counts on them.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 High Drop Count On Management Interface

Sep 4, 2012

I have a 5510 FW in multi-context mode that is showing a high drop count on the Management interface in the Admin context.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - Increase Inside Hosts License Count?

Feb 14, 2012

At the end of the day I simply need to upgrade the license on my ASA 5505 v7.2.4 (upgrade will come later as part of a larger project) to allow for >10 Inside Hosts. From what I've read there seems to be a 50 license upgrade out there. Can this be purchased directly? From whom? Will it only affect the Inside Hosts number and not affect any other licenses, configurations, etc. Just being overly cautious since this is way outside of my normal realm. Below is the current activation-key information....
 
Result of the command: "show activation-key"
  
Serial Number:  xxxxxxxxxxxxxx
Running Activation Key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  
Licensed features for this platform:
Maximum Physical Interfaces : 8        
VLANs                       : 3, DMZ Restricted
Inside Hosts                : 10       
Failover                    : Disabled
VPN-DES                     : Enabled  
VPN-3DES-AES                : Enabled  
VPN Peers                   : 10       
WebVPN Peers                : 2        
Dual ISPs                   : Disabled 
VLAN Trunk Ports            : 0        
  
This platform has a Base license. 
 
The flash activation key is the SAME as the running key.

View 2 Replies View Related

Cisco :: 5500 - Count Bytes For Some Interesting Traffic Crossing Firewall In It?

Mar 20, 2013

I need to count the bytes for some interesting traffic crossing the firewall in ASA 5500. Packet Capture is so far as I need, cause I only need the number of bytes during a long time for about 3 months (source host - destination host)
 
capture capin type raw-data access-list cap buffer 33554432 interface inside circular-buffer [Capturing - 33553570 bytes]
 
I need to get only the exactly amount of "33553570 bytes" The pcap file is not needed

View 6 Replies View Related

Cisco Firewall :: ASA5520 Configured NAT / ACL With Real IP In Existing Configuration After Upgrade

Mar 7, 2011

I am forced to upgrade my ASA 5520 software from 7.1 - 8.2 or higher, as I am not familiar with ASA I need expert opinions.I have following concerns regarding the upgrade.
 
1-Do I need to worry about the software licensing when I download 8.2

2-I read about the few difference in commands (ACL and NAT) in 8.2 what exactly I have to do here should I change the configured NAT and ACL with real IP in the existing configuration after the upgrade ?

View 5 Replies View Related

Cisco Firewall :: ASA 8.2.2 Asdm Real Time Log Viewer Syslog Connection Lost

Feb 10, 2010

I installed a new ASA using 8.2.2 version and ASDM 6.2.5 version in contexts mode.When i enable logging for ASDM as debugging i cannot use the real time log viewer because I have an error "Syslog connection Lost. Try restarting the syslog connection", I tried to reconnect using the icon at the bottom but nothing change.

View 9 Replies View Related

Cisco Firewall :: ASA 5510 Real Time Logs Showing Incorrect Ports

Oct 17, 2012

I have an issue on an ASA 5510 that I have noticed today, when I am using the log viewer all of the information recorded only shows the high end source and destination ports.  For example
 
Source IP 10.10.4.69
Source Port 59886
 
Destination IP 8.8.8.8
Destination Port 59866
 
So what seems to be happening is that I am seeing only half of the connection in the log viewer, I see the side with the high end ports and not the side with the ports the application uses, this example was done with a ping. All my services are working correctly and the client sending the ping gets the response expected, it just seems I have lost the logging display?

View 4 Replies View Related

Cisco Firewall :: ASA 5520 - Real-time Log Viewer Filter Not Showing Rule Hits With ACL

Dec 20, 2011

I'm running into this issue on an ASA 5520 running version 8.2(2)9 and ASDM version 6.2(1).
 
I have an ACL denying traffic to a certain IP range and the logging level set to Debugging.  The hit count is rising quite rapidly but when selecting "Show Log" the Real-Time Log Viewer opens with a value of 0x13d0ee2a in the "Filter By" field and no  logs are ever shown.
 
Logging is enabled globally and Logging Filters on ASDM is set to Debugging as well.
 
how I can get the RTLV working?

View 7 Replies View Related

Cisco Firewall :: ASA 5520 / Monitor Largest Outgoing And Incoming Traffic Per Ip In Real Time?

Mar 4, 2013

We have a Cisco ASA 5520 and im looking for a way to monitor largest outgoing and incoming traffic per ip in real time so to know which of my internal computers are using the most of our Internet Line. Is there a way to this through ADSM ? We use version 6.3.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 Running 8.3(1) And ASDM 6.4(5) - Real Time Log Viewer Delay / Slow

Feb 15, 2012

I have a new ASA 5510 running 8.3(1) and ASDM 6.4(5)
 
I am trying to use the real time log viewer to troubleshoot some access issues, but I am getting delays of up to 30 seconds or more between my client connecting to the ASA and the corresponding events showing in the RT Log viewer. I am using a simple filter  for source IP as it's quite a busy device.
 
I've seen an article that says to turn off certain logging IDs (such as 304001 from memory) which I have done, but no different.

View 6 Replies View Related

Cisco Firewall :: ASA 5520 - Solar Winds Real Time Interface / Monitor Through Put Of Port?

Jul 6, 2012

I have an ASA 5520 and I'm using Solar winds real time interface tool to monitor the through put of the port.  It seems I can never get it to use more than 100mb, where should I check?
 
I have run a sh int giga 0/1 and it shows the port is 1000mb full duplex and the I have also checked the other end where it plugs into the LAN and this also says the port is running at 1000mb full duplex.

View 1 Replies View Related

Cisco :: LMS 4 Device License Count

Aug 29, 2011

In previous LMS versions the DCR could hold more devices then the licenses of the other other applications permitted and using the "user defined fields" we have used it as a general device repository for some customers, pushing only the supported cisco devices to the various applications.In LMS 4 cisco has removed all allocation possebilities from the various applications and replaced it by an all or nothing type of allocation.Does this now mean that any entry in the DCR is automatically counted as a used device license? 

View 1 Replies View Related

Cisco VPN :: ASA 5540 - SSL And VPN License Count

Aug 14, 2012

Any method to determine the maximum number of concurrently used SSL VPN licenses (sessions) on an ASA5540 over a period of time?  For instance, over a week, the MAXIMUM number of concurrent users that were utilizing SSL licenses on the box.  We are trying to determine current license capacity of the device.
 
We are running 8.2(5) on the ASA itself, and have 6.47 ASDM deployed.

View 1 Replies View Related

Cisco Wireless :: WCS 7.0.164.3 / Reporting On Top APs By Client Count?

Sep 26, 2011

we are running WCS 7.0.164.3 and wonder whether is there any reporting option availabel that can  give us daily report on Top 50 or Top 100 APs by client count.
 
I know that I can look at the client tab under WCS home page and see the top 5 APs by client count on real time.In our environment we have around 700 APs and would like to know by having this kind of report which APs are mostly hit ?

View 5 Replies View Related

Cisco :: LMS Ver 4.0.1 Unable To Set Error Count Options

Aug 25, 2011

I have a recent new install of Cisco Works and all is working fine.  My issue is with a feature that doesn't seem to be present.  When I create a report to ccheck on sys logs the report returns all sys log whether they are repetitive or not.  Is there a way to have a same sys log error come back with a number of ocurences? 
 
the feature doesn't show up when I create a custom report? 

View 2 Replies View Related

Cisco VPN :: ASA 5510 Maximum Tunnel Count Allowed

Apr 18, 2012

We have a ASA 5510 (v8.2.2 with ASDM 6..4.7, 256Mb mem) with a license for 250 VPN Peers. The machine has currently one site-to-site VPN active. I've added a remote-access IPSec VPN for some users but when connecting from the remote site the connection is dropped and the ASA reports %ASA-4-713239 Tunnel Rejected : The maximum tunnel count allowed has been reached.
 
I've searched for info relating to this message but I found none. Before I plan a restart (it's up for 222 days), is there something I could do on CLI to fix this ?

View 4 Replies View Related

Cisco WAN :: 7609 Ten Gigabit Interface Can Not Count Bit Rate

Oct 18, 2011

I've got Cisco 7609 with WS-X6708-10GE (8x10Ge)And one port (te9/4) from it have zero bit rate counters, but all the rest of it are very good.I can see traffic if read it by SNMP. [code]

View 1 Replies View Related

Cisco :: How To Learn Networking For Real World

Oct 2, 2012

i got CCNA but i feel that it doesn't teach me how to build networks for business and how to chose an network architecture. What is the best way to learn this? Also, what is the best way to learn how to build a wireless network for a company that runs on multiple floors without user losing wifi connectivity when they roam

View 19 Replies View Related

How To Get Real IP Of User That Online Via Proxy

Aug 7, 2011

How to get Real IP of user that Online via Proxy without using x-forwarded for(When proxy server not trusted)?

View 9 Replies View Related

Real VNC Will Not Connect To Work Computer

May 12, 2011

I have no problem connecting to my work computer from home with my VPN but my Real VNC will not connect. This happened after a tech crew got into my work computer remotely to fix my POS system

View 1 Replies View Related

Protocols / Routing :: Cannot Connect Using Real VNC

Feb 4, 2012

I am using RealVNC, have the Viewer and Server installed on three systems on my home network. I have a laptop which I am trying to use to connect to either of my two PC's, but cannot get them connected.With that being said I did have some luck with RealVNC as I have the 5900 and other ports forwarded and was able to connect with my Android tablet and Android Phone to the my two PC's and laptop with no problems....well kind of. I did have issues with this at first till I figured out I had to use a 142.*.*.* ip address because my network ip adresses were behind a NAT IP.Now back to the connecting my laptop to my two PC's issue.I have tried using the 142.*.*.* ip address and I have tried using my network ip 192.*.*.* to no avail. I just can't seem to connect.

View 5 Replies View Related

Comcast Speeds Real Slow

Feb 26, 2011

I had recently switched to Comcast Xfinity Blast internet. I ordered the service with 22 mbps. Now when I download something, it becomes a challenge for the download to get faster than 500kbps. I don't understand, It should be a lot more. If it stays at this rate, than there would be no difference between my current and previous service.

[code]....

View 4 Replies View Related

Getting A Virtual Switch In Linux OS Instead Of Real One?

Jul 4, 2011

I need a virtual switch in my Linux OS instead of a real switch for doing some research purpose. Means it works same as a real hardware switch work. Suggest me any virtual switch for linux. For example there are 3com, cisco switches.. I need a virtual switch which work same as real switch.

View 1 Replies View Related

Connecting From Real To Virtual Machine On Another PC

Aug 10, 2012

I still use some old applications on windows XP.So I run them on vware.I could visit the real PC from virtual PC without any problem.But I could not visit the virtual pc by another real PC.No matter how I change the connection type.

View 1 Replies View Related

Cisco :: Galileo Interrupt - PC10 Retry Count Expired

Feb 22, 2012

" Galileo interrupt: PC10 retry count expired "This error keeps flooding in terminal window so it is impossible to even try to work via consol.With google search, closest thing ive come up to is that this is a faulty with the CPU cache, and that no workaround is available, thus this unit is pretty much destroyed.I am just long-shooting here and wonders if anyone here knows anything more about this before i throw the card in the trash-bin?

View 4 Replies View Related

Cisco VPN :: ASA5510 Easy VPN Remote / IPsec Session Count

Feb 21, 2013

I recently upgraded our head end ASA5510 at our datacenter from 8.2.1 to 8.4.5. The ASDM was also upgraded from 6.2.1 to 7.1.(1)52. Under the old code, a remote ASA5505 connected via Easy VPN Remote showed 1 IPsec tunnel. However, after the upgrade, it shows 42 sessions. It would seem to me that each split tunnel network defined in the Easy VPN profile is being counted as a tunnel. Is it possible that I may have something misconfigured now that the code is upgraded?

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved