Cisco Firewall :: ASA 5510 - Parsing Running Config
Dec 23, 2012
We just changed over to Comcast Business and after changing the outside interface to new IP and setting static route. I have access to internet and everythig appears to be good, However asdm will never fully load, alway stuck at 17% or 77%, and I always see "parsing running config".
When I do a show run it will not fully load either, always stop at certain out put. 5 seconds after pulling the Comcast cable out both asdm and running config will load fine.
View 12 Replies
ADVERTISEMENT
Nov 15, 2009
I have a Cisco 2811 router and when I turn of the router the running config is lost. I have to the following to get the router running of the start-up config settings.
router#copy start-up running-config
View 9 Replies
View Related
May 1, 2011
I have an issue with ASDM 6.4(1) and ASA 8.2(1). I use Windows XP 64bits, and with Java 32 or 64 bits latest version (jre 6.025). I am able to load the ASDM, but when I click on the Configuration button to check the configuration and perform changes, it starts to parse configuration, but it freezes at 77%. It also locks my NIC, and have to restart my machine.
If I connect to a machine with another different configuration, and with version 8.0, I have no issue in contacting and changing the configuration from the same computer.
View 11 Replies
View Related
Dec 17, 2012
I'm upgrading ASA firewalls from a 5510 (running 8.2.2 code) to a 5515-X (running 8.6.1 code). What is the best way to move the existing config to the new firewall? Can I simply copy it?
View 2 Replies
View Related
Sep 27, 2011
we are looking at having a 172.168.40.0 network on our LAN. BUT i want to tie it down to JUST accessing the internet!So i'm looking for some ideas on how that ACL would look like.i have an ASA 5510 as our firewall and i've attached a simple network diagram for reference.
View 7 Replies
View Related
Apr 19, 2012
I m trying to set my friewall in my network. The network is very simple. I have my router in 192.168.16.1 255.255.255.0 (mac-address 58-98-35-2a-4c-39) I have my switch in 192.168.16.26 255.255.255.0 (mac-address 00-19-99-5d-1f-43) and i have my firewall ASA between the router and the switch in 192.168.16.250 255.255.255.0 (mac-address 64-9e-f3-ba-28-c9)
So i need to configure 3 interface in my ASA.
- OUTSIE e0/0(I call it INTERNET)
- INSIDE e0/1(I call it LAN)
- MANGEMENT m0/0(I call it MANAGEMENT)
[Code]....
But with this config when I plug the firewall, i dont have access to internet anymore.
View 7 Replies
View Related
May 21, 2013
I have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via eithier. When I access It via SSH I get a disclaimer saying the following
*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***
It then cuts me off.
When I try to access the ASDM I get the following
The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with
http 192.168.200.0 255.255.255.0 inside
View 4 Replies
View Related
Apr 5, 2011
since our update of Cisco ASA 5510 (active/standby cluster) from version 8.22 to version 8.24 it isn't possible to transfer files from/to a sftp client. The request just times out. SSH from this client is possible.
[Code]...
View 2 Replies
View Related
Jul 26, 2012
I have CISCO 5510 firewall running with IOS ASA821-k8.bin.My company has purchased another ASA5510 with IOS ASA843-k8.bin.We need to run both firewalls in Active/Standby mode.
If I upgrade the IOS of old firewall to ASA843-k8.bin the the running configurations does not work properly.It does not pick the network objects and NAT rules as they are configured with OLD IOS and running.
Or if I restore the configurations of old firewall at New ASA the result is worst. Even firewall with new IOS does not show any Access Rule and NAT rule and does not supprt network objects.
View 2 Replies
View Related
Mar 21, 2012
I Have an asa 5510 running code 7.2 configured with ssl vpn,ssl vpn users able to connect to to portal which i have configured with the required resources,but the thing is that these ssl users unable to upload files to cifs shared directory , although they have full access to the shared folder
View 0 Replies
View Related
Aug 24, 2011
I am having trouble with our ASA5510. After upgrading the internal memory from 256 MB to 1 GB and upgrading the firmware to 8.4.2 we are experiencing that the ASA is running out of 1550 byte blocks. When that happens it is not possible to connect to the ASA by ADSM or SSH and new VPN IPSEC tunnels are not coming up. The only way I know how to fix this is to reload the ASA. This is happening every 2 to 3 days.
In the free blocks graph one can see that there is a loss of about 20 blocks per 10 minutes.
View 4 Replies
View Related
Nov 11, 2008
I have allways configured and run LDAP Server Groups authenticating to Active Directory Domain Controllers using LDAP, never an issue, until I hit a Domain Controller running on a Windows Server 2008. I have been unable to authenticate with the common setting with an ASA5510 running 8.0.1.
View 4 Replies
View Related
Feb 15, 2012
I have a new ASA 5510 running 8.3(1) and ASDM 6.4(5)
I am trying to use the real time log viewer to troubleshoot some access issues, but I am getting delays of up to 30 seconds or more between my client connecting to the ASA and the corresponding events showing in the RT Log viewer. I am using a simple filter for source IP as it's quite a busy device.
I've seen an article that says to turn off certain logging IDs (such as 304001 from memory) which I have done, but no different.
View 6 Replies
View Related
Jan 14, 2013
We have LMS Prime 4.2. I know how to view the running config on a single device. How do I run a report that will pull all the running configs of all my devices in one report? I'd be able to same them as one big pdf or text file. ]
View 1 Replies
View Related
Jan 25, 2011
I had to reset a 6509 MSFC2, using reset command on the switch. However when the msfc2 reloaded it had a different configuration than the starup-config. I have a daily backup of start-up config and it was very different from that. I had to make many changes to bring it back to normal. What now I dont get is from where did the msfc2 got this config file? and how can I avoid this from happening again... I want it to load start-up config when it loads. [code]
View 2 Replies
View Related
Oct 10, 2011
In our company we use the ACS 5.and i have a small problem, what we need to do is.create a profile that will allow SHOW RUNNING CONFIG but not configure terminal.i am investigating and im a littel bit lost i have created a new group but i dont see any option to put permissions.
View 1 Replies
View Related
Oct 20, 2011
have some problems with setting up jobs for the backup running config on my switches. Have RW and RO contact with everyone and can change the config in editor, but do not get config.txt
View 1 Replies
View Related
Aug 9, 2012
I am looking to replace the active supervisor (S720-10G) on our 6509E running in SSO mode. The new module already has the same IOs version as the standby supervisor.Once I have swapped the module how do I know that the config has sync'd correctly other than checking the logs? Is it a case of looking at the "Redundancy Mode (Operational)" state and ensuring is says SSO?Also, is there a command that will force a config-sync if it is running in a mode other than SSO?
View 1 Replies
View Related
May 7, 2013
I need to replace an existing ASA 5540 with a new ASA 5525X. I would like to pre-stage and configure the new box with the existing config, migrate license and export certificate files before swapping it with the old one during a change window. The new firewall will run 9.1 on deployment. Now the same 7.2(4) cannot just be copied over to 5525X running the minimum 8.6 version. There is a Web based tool available at [URL] according to Cisco documentation but the page does not load for me (Cisco intranet only tool ?). Is there another tool for automatic conversion ?
View 3 Replies
View Related
Sep 11, 2011
I'm running into and interesting issue concerning a twice NAT config.
We have a remote site that needs to connect to a server cluster on our end. Using ASDM I have created a NAT rule that uses PAT to map our server addresses to a single IP (this is due to constraints placed on us by the remote site). This in and of itself shouldn't be a problem. The issue is that the VPN tunnel won't come up unless I also map an address to the remote site's sever.
Example:
Appliance: ASA 5510
ASA Version: 8.4(2)
ASDM Version: 6.4(5)
Original Packet:
Source Interface: inside
Destination Interface: outside
Source Address: Server_Cluster
Destination Address: Remote_Server
Service: any
Translated Packet:
Source NAT Type: Dynamic PAT (Hide)
Source Address: Mapped_Server_Cluster_Address
Destination Address: Mapped_Remote_Server_Address
Service: -- Original --
Within the Translated Packet section, if I set Destination Address to the actual remote server address nothing happens when I attempt to bring up the tunnel. However, if I map an address to the remote server, the tunnel begins to come up and then fails during phase two (as the mapped address doesn't match the addressing that has been defined in the remote end's connection profile).
Initially I thought the issue may be due to an IP addressing overlap since both sites are running similar numbers, but the default route statement on our ASA, should contend with this issue. Also, each time I change the NAT rule, I change the connection profile to match those changes.
So, ultimately, what I wish to accomplish is to allow connectivity between my site and the remote site without having to map another address to their remote server. How may I do this?
View 2 Replies
View Related
Aug 2, 2011
We have two offices in the US and one in Mexico. Our site in Mexico connects to our headquarters in the US over an AVPN/ MPLS circuit .Mexico has a separate Internet connection through TelMex. There is an ASA 5510 at headquarters and an ASA 5505 in Mexico. We have a fail over VPN set up in the ASAs for times when the MPLS circuit goes down. All Internet traffic in Mexico is supposed to be routed to the TelMex connection. All company traffic is supposed to be routed to the Cisco router. ASA is supposed to be last resort route. We have a fail over VPN set up in the ASAs for times when the MPLS circuit goes down. (Or at least we did until I had someone work on the configuration) Everything had been working fine for the last 4 years.
Yesterday when the MPLS went down, so did their Internet connection. I realized the Internet traffic is now coming through the MPLs circuit to head quarters and out our ASA. Obviously there is a problem with the configuration. I do not have enough experience to figure this out. I have attached the configs and the routes for both the ASA and the router.
View 11 Replies
View Related
Jan 3, 2013
my Cisco ASA 5510 doesn't save the configuration to the disk.
View 1 Replies
View Related
Sep 23, 2012
I have a strange issue which happened to me last weekend with two ASA 5515X on version 8.6(1)2. There was a planned power shutdown which only affected the primary firewall. Failover was configured and running successfully. The configuration was also saved after every change made. After power was shut and primary firewall went off the secondary took over like it should but unfortunately all configuration was gone. We immediately powered on the primary again but also this one lost the configuration.
While reconfiguring the firewall we ran into another problem. The devices won't pair although it was the correct configuration. After three times removing and adding the same failover configuration the devices accepted the failover and worked together again.
I went through the bug toolkit and white papers regarding ASA 5515x and this particular version but were not able to find anything.
View 2 Replies
View Related
Mar 14, 2011
I am configuring an ASA5540 firewall for a client, only difference to usual being that it is to run in Transparent mode. I have looked through for an EAL4 transparent firewall config guide but found nothing and therefore assumed that the usual one would be used.The clients security bod has now come back and insisted MAC filtering should be used but I can find no reference of this anywhere. Does MAC filtering is required to make a transparent box EAL4 compliant and if so where I can find documentation supporting this?
View 1 Replies
View Related
Sep 3, 2012
How to Enable IP Accounting in Cre switch 4000 Running cat OS and Cisc ASA 5510 (8.2 )
View 1 Replies
View Related
Jan 19, 2012
I am having Cisco 3845 series router with c3900-universalk9-mz.SPA.151-4.M2.bin IOS . I want to install new Licence on it for DATA. When i am trying to install licence on it i am facing the error "% Error: License installation failed with error: XML parsing failed".
View 4 Replies
View Related
Apr 17, 2012
If i connected the latop to brand new out of the box ASA 5505 through consloe cable and i have a config file on this laptop from other ASA5505, is there anyway i can upload that config file into startup-config of this new ASA5505 through console cable, without using TFTP or FTP?
View 5 Replies
View Related
Jun 24, 2012
I have an ASA 5510 running ASDM 6.4(9) and Cisco Adaptive Security Appliance Software Version 8.4(4)1.I am trying to configure for the first time and I am accessing the ASA via its Management Interface.I am successfully able to connect to the device and get to the Cisco ASDM 6.4(9) page.When I try to run the startup wizard, a couple of prompts displays up to the point where the java applet runs and aks me to enter my IP, username and password.As it is a new system, password and username is blank so I enter and I get a message saying "loading software from cache" which later changes to "software Update completed" and then nothing happens.I am running MacOSX 10.7 Lion, Java version 1.6.0_33.I did try and run this on a Windows system and i was able to load the interface.
View 2 Replies
View Related
Sep 14, 2011
I am converting one PIX config (in 6.2) format to 8.4 format manually.I am stuck at the following statements.
---------------------------
global (outside) 1 192.168.21.100-192.168.21.150 netmask 255.255.255.0
global (outside) 1 192.168.21.44 netmask 255.255.255.255
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-list 101 permit ip host 10.130.101.2 10.132.102.0 255.255.255.0
-----------------------------
My understanding from the old config file was that any traffic coming from source 10.130.101.2 to destination 10.132.102.0 would NOT be translated and this shall remain the same in 8.4.How can I rewrote the NAT commands?
View 5 Replies
View Related
Sep 12, 2012
I'm sure this is simple to resolve. I just bought a new Cisco 2901 ISR Router. How do I configure the Cisco 2901 ISR Router for Zone Firewall? The "zone" command is not recognized and does not show up in the "?" list in config or user modes -
View 4 Replies
View Related
Jun 6, 2013
I know that configuration in 8.2.x and 8.4.x is different in terms of NAT and object groups.
I just want to know is it possible to do a direct upgrade from 8.2.3 to 8.4.x ?Secondly, will ASA automatically convert all the configuration from 8.2 to 8.4 format during the reboot after the upgrade?
View 2 Replies
View Related
Jan 22, 2013
Customer has a ASA5540 at their main location and need a new ASA5500 for a DR site.
Can I simply take a config file from an ASA5540 and easily drop it on an ASA5545-X or what ever?
They are going to be using it as a VPN concentrator primarily.
Or are there going to be issues since the 5540 is running 8.4(5) and the 5545-X? Or if they upgrade to 9,0(1) or higher, then they should be the same?
View 2 Replies
View Related
Sep 26, 2012
I have ASA 5505 and I save the configuration in the ASA 5505 using write memory or using copy run start but whe i unplug the power cord and plug it back in the ASA gets its factory default configuration.
View 8 Replies
View Related
