Cisco Firewall :: ASA-5510 / ASA-5505 Loses Connection To Gateway
Jun 23, 2011
I have an ASA-5510 in a location that loses connectivity to the wan gateway after anywhere from five to fifteen minutes. At first I thought that the unit might be defective, but I replaced it with an ASA-5505 with similar results. A reload of the ASA-5510 will restore connectivity for the next quarter hour.
Here's the version information on the 5510:
Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)
Compiled on Tue 05-May-09 22:45 by builders
[Code].....
View 1 Replies
ADVERTISEMENT
Oct 31, 2012
I had an experience this week of installing a 5510 ASA with 8.4.3, also tried 8.4.4(1) with the strange effect that I randomly was losing contact with the internet. The interface stayed up/up. no errors or what so ever on the interface. Reseat of the DSL wire no result. Reseat of the outside interface cable made it work again. And after some time lost connectivity again. It did not recover by itself so had to let someone do a reseat again and again and.... The outside was using DHCP client. A lease was given and an IP also. Nothing strange to find. Talked to the provider which could see the DSL and the DHCP lease. Finally I downgraded the firmware to 8.4.2 and the problem was solved.
output
interface Ethernet0/0
nameif outside
[Code].....
View 1 Replies
View Related
Oct 10, 2011
I have an ASA 5505 that during preak usage, likes to lose it's connection to the cloud for 50 seconds. The device is alive and kicking, can route between different interfaces, but it's connection to the cloud dies. This happens every 45 minutes or so during our peak internet usage.
the nastyness of the config, I was having issues getting PPTP pass-thru to cooperate, and never cleaned up after myself.
Result of the command: "show run"
: Saved
:
ASA Version 8.2(1)
!
hostname THEMAN-ASA
[Code]....
View 1 Replies
View Related
Apr 4, 2013
I'm currently implementing Microsoft System Center 2012 Operations Manager, the curent stage of the project is to add the network devices to SCOM via SNMP in order to monitor them, I am able to add them all and monitor; however, my ASA 5510, although SCOM discovers the ASA via SNMP and adds it to the network monitoring list, it loses SNMP connectivy every 30 minutes, and 15 later it reconnect with SCOM, then after another 15 minutes it loses the connection again, and so on and so for.
View 1 Replies
View Related
May 30, 2012
Two ASA-5510 in Failover.I already have several VPN with Cisco VPN client.Now I have the requirement to activate new AnyConnect VPN, witch "migrate" the old VPN to.The customer does not want to purchase licenses for SSL VPN, and then I have to configure the AnyConnect on IPSEC.I read that AnyConnect over IPSEC don't need SSL license - is this right?
Client version 2.5.3055.On the ASA with 8.4.2 (ASDM 6.4.7) I don't find HOW to configure the IPSEC for AnyConnect, while a friend of mine with 8.4.3 did it.Is there a way to configure using CLI, or is an item of the 8.4.2 ?When I try to connect, after authenticating Username & Password, I receive (on the client) a message "AnyConnect was not able to establish a connection to the specified secure gateway." On the "Real Time Log Viewer" I see only SSL, never IKE nor IPSEC
View 1 Replies
View Related
Mar 31, 2011
We have two ASA5510s, each with outside interfaces to the same two ISPs (different IP addresses within the same subnet, of course). Both ASAs allow ICMP on all (inside and outside) interfaces. One ASA's default route is to ISP-1 and the other is to ISP-2. We can ping the default gateways for both ISPs from only one ASA. From the other ASA, we can only ping the default gateway for the default route but not the other. The pings originate from an inside client, first configured with the default gateway for ASA-1, then for ASA-2. Why does this happen, how do I troubleshoot something like this and how do I fix it?
View 1 Replies
View Related
Nov 1, 2012
We have a 3560 switch behind a ASA 5510 at a site that we are trying to access via telnet over the internet, we find out the switch does not have a default gateway configured. So I configure the following rule on the 5510: [code] Try accessing the switch, and all is good. One of our change control steps is to identify any others are connected to the device via: [code] I see the connection and show users command return 172.16.30.15, as expected. How is it possible that address can connect to that switch.
View 7 Replies
View Related
Jul 25, 2012
Switching out a 5510 as our primary firewall with a 5520. I've essentially copied the working config from the 5510, and put it on to the 5520, making small changes where necessary. Plug everything. I cannot get out to the internet.
Facts:
-All interfaces have no shut on them
-No machine can ping out to the internet gateway
-All machines can ping out to the inside interface of the firewall
-It's not a problem with the internet because I can take a laptop, enter in our outside interface information, plug it into the internet gateway, and I can get out to the internet just fine.
View 14 Replies
View Related
Feb 27, 2012
A customer got a new VoIP PBX, and now I have to forward port 443 on the ASA to the PBX for remote administration purposes. The LAN-interface of the PBX is in the same subnet as the ASA but has an external VoIP-router as default gateway and not our ASA. Is it even possible to forward the port to the PBX when there is no route of any sort to our ASA on it?
View 2 Replies
View Related
Jun 28, 2011
ASA 8.3(2) 5505
I've configured a number of remote access vpns on ASAs, but I don't recall having a default gateway setting assigned after logging in.
Is there a way to disable the assignment of a default gateway upon login?
The value assigned is meaningless. It's just the next available address in the local pool.
View 2 Replies
View Related
May 17, 2011
I need to move the client machines off of the 3750 (and their DHCP dependency on it) to the SGE2010 and absolutely route their internet traffic out through the outside interface on the 5505. They must also be able to communicate back into the internal environment in order to communicate with the production servers.
The clients currently use .254 addressing through a dumb dell switch to the 3750 but I am trying to migrate them over slowly to the .253. I know that the 2010 will not do DHCP, so I am putting a DHCP server on that switch right now. The 5505 won't let me add an additional nameif statement onto one of the other eth0/x interfaces and I'm not sure if that has anything to do with it's capabilities to act as a DHCP server (it's not an option in the ASDM) or it's ability to serve as the internet gateway for the 2010 clients. (Side notes: The 5505 has a base license and is currently also connecting 1 site to site VPN. As is the 5520, so all of it's interfaces are used as well).
I statically assigned a moved client with a .253 address and plugged it into the 2010. I have tried giving the 2010 both a .4 address and a .253 address but neither will allow me to ping any of the addresses on the 5505. The 2010 shows automatic routes to the two subnets and I set it's default route to 253.1. The link between the 2010 and the 3750 works - clients receive a .254 address from the 3750 and can get out to the internet via the 5505 and reach the production servers as well.
Why won't the 2010 see the 5505 as a gateway and allow clients to get to the internet and also traverse the 3750 when they need access to the production network?
The reason why I dont' just connect the two swtiches and call it a day is because I also need the production servers to ALWAYS go out/receive web requests via the 5520 outbound/outside interface. I'm having such a hard time wrapping my head around why i can't get my clients moved over to the new switch, I haven't even grasped how I'm going to do that yet.
View 1 Replies
View Related
Apr 24, 2012
We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510. One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover. I have configured a number of isr's for this and i know it works good.
View 1 Replies
View Related
Feb 11, 2013
When I create a virtual switch on hyper v, i lose network connectivity and the default gateway is missing I have to manually put the default gateway in and disable and re enable the network adaptor each time the server restarts in order to get network connectivity. I am running windows server 2012 Hyper V Virtual Ethernet Adapter loses default gateway server 2012
View 9 Replies
View Related
Dec 10, 2011
i want to connect to asa 5505 (office 1) using vpn from ASA 5510(office 2)...The network guy in office 1 has asked me to setup ASA 5510 has hardware client mode.
i have the following details from office 1
host peer address of office 1 : A.B.C.D,
phase 1 encryption : DES
phase 1 Authen : SHA
Diffie helman : group 2
Groupname : MNC
IP Schema remote site network : 170.31.0.0 255.255.0.0
password : Cisco$123
In asa 5510 ,
ASA Version 8.2(5)!hostname CISCOASAenable password 5EpARJwwtf4VFC9S encryptedpasswd 5EpARJwwtf4VFC9S encryptednames!interface Ethernet0/0nameif outsidesecurity-level 0pppoe client vpdn group DADAip address pppoe setroute!interface Ethernet0/1nameif insidesecurity-level 100ip address 192.168.10.1 255.255.255.0!interface Ethernet0/2shutdownno nameifno security-levelno ip address!interface Ethernet0/3shutdownno nameifno security-levelno ip address!interface Management0/0nameif managementsecurity-level 100ip address 192.168.1.1 255.255.255.0management-only!ftp mode passiveaccess-list 124 extended permit esp any anypager lines 24logging asdm informationalmtu outside 1500mtu inside 1500mtu management 1500icmp unreachable rate-limit 1 burst-size 1no asdm history enablearp timeout 14400global (outside) 1 interfacenat (inside) 1 0.0.0.0 0.0.0.0timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp
[code]......
What more i need to add to get the vpn connected with ASA 5510?
View 1 Replies
View Related
May 22, 2011
I´m looking for a firewall for my company and am reading about both Cisco ASA 5505 with Security Plus bundle and Cisco ASA 5510 with Security Plus bundle and I have a few questions.This is the document i´m getting my information from.URL,It states the following:Cisco ASA 5505 Security Plus bundle,Includes Cisco ASA 5505, unlimited users, 8-port Fast Ethernet switch, stateful firewall, 25 IPsec VPN peers, 2 SSL VPN peers, stateless Active/Standby high availability, dual ISP support, DMZ support, 3DES/AES license, and 1 expansion slot.
View 5 Replies
View Related
Jan 24, 2013
I am trying to find out the best path to upgrade to two ASA 5510 running 9.0 (1). I know there are changes in the new version. Let me know what information you need and i will post.
View 2 Replies
View Related
Oct 15, 2012
We have a ASA 5505 and a 5510, that we are using site to site..I need to traceroute from the 5505-5510.. From the outside interfaces.. Don't want to do this through the site-to-site.I have temporarily added a few acl on the outside interfaces..
-access-list outside_in extended permit icmp any any unreachable
-access-list outside_in extended permit icmp any any time-exceeded
-access-list outside_in extended permit icmp any any echo-reply
when i traceroute it only goes one hop.. Maybe thats the way it suppose to be? I need to know all the hops between the outside interfaces on the 5505 to the outside interface on the 5510.
View 1 Replies
View Related
Mar 18, 2012
I am absolutely new in the enterprise firewall world but I would like to start learning how to configure ASA 5505 and 5510. I did some research myself and I found that the material or the topic itself is a huge adventure (lots to read and understand). My company uses IOS versions until 8.2 due to the differences in the NAT-ting rules with 8.3 and 8.4.
View 1 Replies
View Related
Aug 16, 2010
I currently use MS ISA Server 2006 to protect a windows internal network, where there is also an MS Exchange server. I have acquired a Cisco 5510 to enhance security at main office. Later I will have ASA 5505 for branches, including VPN-ning. to have firewall at main office. I have several public IPs and would like to setup DMZ for Web, Exchange server and FTP. How do I setup interface and sub-interface for the DMZ?Can I continue using ISA Server connecting to Cisco 5510 on the perimeter? If so, How do I set the interfaces (and sub-interfaces) as well as NAT-ting and access configuration between the inside and outside?
View 12 Replies
View Related
Mar 6, 2011
I have a customer moving from a 5505 to a 5510. They are currently running websense express, which monitors and filters traffic based off of a port mirror on the ASA. Can this function still be performed on the ASA5510? If so, I am having trouble figuring out the method.
View 6 Replies
View Related
Oct 19, 2011
Is there any difference with traffic shaping capability on the 5510 as opposed to the 5505? is there anything the 5510 can do that the 5505 cant? with regards to TShaping?
View 4 Replies
View Related
Nov 17, 2011
Our company is planning to buy one of cisco ASA 55xx series.But there is still one question left about DHCP pool limitations.Here I found some information about licensing for DHCP on ASA 5505: [URL]In other words, we don't have any information about ASA 5510, which contains DCHP pool licensing.
View 9 Replies
View Related
Oct 15, 2012
We have a ASA 5505 and a 5510, that we are using site to site.I need to traceroute from the 5505-5510.. From the outside interfaces.. Don't want to do this through the site-to-site.I have temporarily added a few acl on the outside interfaces.when i traceroute it only goes one hop.. Maybe thats the way it suppose to be? I need to know all the hops between the outside interfaces on the 5505 to the outside interface on the 5510.
View 12 Replies
View Related
Feb 12, 2013
is it possible to configure a webfiltering on ASA 5505,5510,5520 ? So if its possible can you provide us a configuartion template.
View 3 Replies
View Related
Mar 23, 2013
A bit of a straight forward question, is it possible to connect a 5505 to a 5510 direct via a crossover or do you need a switch inbetween capable of trunking?
View 1 Replies
View Related
Apr 28, 2011
Connection denied due to NAT reverse path failure
View 2 Replies
View Related
Dec 18, 2011
We're getting "Connaction Timeout / Connection Failure" error messages several time per day. Here is our setup:
Verizon FiOS Internet (ONT Box) --> Cisco ASA 5505 --> EdgeMarc 4500 Router --> Cisco 300-24G Switch --> Dell PE1950 Servers
From past few months, we keep getting Connection Timeout and Connection Failure error messages in our vendor application which connects to SQL Server 2005. Also Terminal Server 2003 keep disconnecting for every few hours.After several days of troubleshooting, we come to know that this Cisco ASA 5500 is not working properly. When I access the ASDM, it shows several warning messages.I know there is a setting option to configure TimeOut, but is there anyway to test and track the ASA 5500 regarding this Timeout issues?
View 3 Replies
View Related
Sep 24, 2011
I am using two firewalls to connect two different offices. Firewall 5510 is running ASDM 6.3 and 5505 is running ASDM 6.2, Problem is that even after connecting two sites, i am unable to ping remote network from either side. I am mentioned static route as tunneled.
View 1 Replies
View Related
Feb 8, 2011
we do have 2 Rv042, one in my office and one in my house.. in the office we do have static ip and at home none.. question is can i connect the two RV042?
View 1 Replies
View Related
Mar 22, 2011
I have some problems in my network with Gateway to Gateway Vpn Connection using two Rv042 routers.
I cannot ping the computers with static ip configuration.
In local an remote computers who have DHCP ip configuration i can ping each other .
View 1 Replies
View Related
Dec 20, 2011
I have just put an ASA5510 in place and have the following setup:
Interface Ethernet0/0
nameif outside
security-level 0
ip address dhcp setroute
[Code]....
I have connected my stations to an ESW540 inside of the Int Eth0/1 and am able to get ip addresses to the stations as well as DNS addresses. I cannot however connect to the outside connection in any way. From a computer connected to the ESW540 with a DHCP assigned IP address, I can ping the computer's IP, the ESW540's IP, and even 192.168.15.1. But I cannot ping the ip address from the Int Eth0/0, nor anything beyond 192.168.15.1.
From inside of the console of the ASA, I can ping all addresses of all ports as well as devices outside of the building and inside of ESW540.
View 6 Replies
View Related
Feb 13, 2012
I have the asa 5505 with asdm 6.4(5). my inside LAN is 192.168.0.0/24. the outside of asa is connected on lan 10.13.74.0/24 and i need over LAN 10.13.74.0/24 connect on LAN 10.15.100.0/24. i put nat rule on asa 5505 and acl rule and users from lan 10.15.100.0/24 can connect on my server, but i can't connect on from inside of asa connect on lan 10.15.100.0/24 and 10.13.74.0/24. my configuration asa is Result of the command:
"show running-config"
: Saved
:
ASA Version 8.4(2)
!
host name Cisco asa
enable password 8Ry2YjIyt7RRXU24 encrypted
password 2KFQnbNIdI.2KYOU encrypted
names
[ code]....
what i do that connect on LAN 10.15.100.0/24. i cant ping my outside interface, put rules on acl, i enabled service policy rule for icmp ,but nothing.
View 3 Replies
View Related
Jan 31, 2012
I recently had a firewall that wasn't passing traffic (ASA 5510 running software version 9.1).It turned out it had 130000 active connections. Doing a "clear conn port 53" dropped the active connection count back to 38k, and the firewall started passing traffic again.
View 7 Replies
View Related
