Cisco Firewall :: ASA 5510 Real Time Logs Showing Incorrect Ports

Oct 17, 2012

I have an issue on an ASA 5510 that I have noticed today, when I am using the log viewer all of the information recorded only shows the high end source and destination ports.  For example
Source IP
Source Port 59886
Destination IP
Destination Port 59866
So what seems to be happening is that I am seeing only half of the connection in the log viewer, I see the side with the high end ports and not the side with the ports the application uses, this example was done with a ping. All my services are working correctly and the client sending the ping gets the response expected, it just seems I have lost the logging display?

View 4 Replies


Cisco Firewall :: ASA 5520 - Real-time Log Viewer Filter Not Showing Rule Hits With ACL

Dec 20, 2011

I'm running into this issue on an ASA 5520 running version 8.2(2)9 and ASDM version 6.2(1).
I have an ACL denying traffic to a certain IP range and the logging level set to Debugging.  The hit count is rising quite rapidly but when selecting "Show Log" the Real-Time Log Viewer opens with a value of 0x13d0ee2a in the "Filter By" field and no  logs are ever shown.
Logging is enabled globally and Logging Filters on ASDM is set to Debugging as well.
how I can get the RTLV working?

View 7 Replies View Related

Cisco :: ACS 5.3 / View Real Time Logs For AAA Clients And For ACS Administrator?

Mar 6, 2012

We have below queries regarding new version of ACS 5.3.
a) Is it possible to view real time logs for AAA clients and for ACS administrator?

b) Is it possible to track each and every change record for ACS Administrators and sessions in ACS . Ex addition and deletion of commands in command sets. As of now, we are able to see that config has changed by ACS admin but not able to see which commands are changed (Added or Removed)

c) As per user guide of ACS 5.3, we have an option for creating customized reports but unfortunately we are not able to see same option in ACS 5.3 GUI. Need confirmation on the same.

d) Is it possible to do configuration changes for ACS via Command line.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 Running 8.3(1) And ASDM 6.4(5) - Real Time Log Viewer Delay / Slow

Feb 15, 2012

I have a new ASA 5510 running 8.3(1) and ASDM 6.4(5)
I am trying to use the real time log viewer to troubleshoot some access issues, but I am getting delays of up to 30 seconds or more between my client connecting to the ASA and the corresponding events showing in the RT Log viewer. I am using a simple filter  for source IP as it's quite a busy device.
I've seen an article that says to turn off certain logging IDs (such as 304001 from memory) which I have done, but no different.

View 6 Replies View Related

Cisco Firewall :: ASA 8.2.2 Asdm Real Time Log Viewer Syslog Connection Lost

Feb 10, 2010

I installed a new ASA using 8.2.2 version and ASDM 6.2.5 version in contexts mode.When i enable logging for ASDM as debugging i cannot use the real time log viewer because I have an error "Syslog connection Lost. Try restarting the syslog connection", I tried to reconnect using the icon at the bottom but nothing change.

View 9 Replies View Related

Cisco Firewall :: Intrusion Prevention Gadgets Display Incorrect Time ASA 5520

Oct 3, 2011

I have an ASA 5520 with the Intrusion Prevention Module.The time displayed on the ASA is correct.The time displayed in all Intrusion Prevention gadgets is ahead exactly 4 hours.Under configuration, Time the Time Zone is correct, Eastern in my case.  The sensor local time on the same page is correct and is grayed out.I only work in the ASDM as I am far from being a CLI person.I don't think the time being off is causing any issues, but it is strange.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 / Monitor Largest Outgoing And Incoming Traffic Per Ip In Real Time?

Mar 4, 2013

We have a Cisco ASA 5520 and im looking for a way to monitor largest outgoing and incoming traffic per ip in real time so to know which of my internal computers are using the most of our Internet Line. Is there a way to this through ADSM ? We use version 6.3.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 - Solar Winds Real Time Interface / Monitor Through Put Of Port?

Jul 6, 2012

I have an ASA 5520 and I'm using Solar winds real time interface tool to monitor the through put of the port.  It seems I can never get it to use more than 100mb, where should I check?
I have run a sh int giga 0/1 and it shows the port is 1000mb full duplex and the I have also checked the other end where it plugs into the LAN and this also says the port is running at 1000mb full duplex.

View 1 Replies View Related

Cisco Firewall :: 5520 ASDM 6.4 And ASA Not Showing Logs

Feb 27, 2011

We’ve got lot of ASA appliances (around 30, 5505/5510/5520) and we never had this problem since the use of the new image software ASA 8.4(1) and ASDM 6.4(1). So, my problem is located on two ASA 5520 with active/passive failover with ASA image 8.4(1) and ASDM image 6.4(1).
My problem is that our appliance doesn’t show any logs when an ACL deny a packet, even if when I specify a specific “deny ACL” with a specific logging condition, asdm and ssh buffer logging are empty but the counters of the ACL increment.

View 6 Replies View Related

Cisco Firewall :: ASA-5510 - Incorrect Password Attempts?

Sep 15, 2011

How to Configure "Incorrect password Attempts  Disable login for 30 minutes after 3 successive failed attempts" on ASA-5510???

View 3 Replies View Related

Cisco VPN :: 5520 - Incorrect TCP Session Logs For Remote VPN Users On ASA

Oct 29, 2012

I have a problem on a Cisco ASA5520 version 8.2(5). A customer has set up a syslog to keep tracks of tcp sessions made by vpn users. On the syslog we filter %ASA-6-302013 and %ASA-6-302014 log messages, respectively: Built inbound TCP connection and Teardown TCP connection. When the connection is made by a vpn user, at the end of the log line you see the vpn username which should be the same in both the messages for the same connection. I have verified that when a user, let's say UserA, disconnects from the vpn, their tcp sessions are not properly closed; if another user, let's say UserB, establish a VPN immeditaely after and gets the same IP address previously assigned to UserA, the log sessions are recored with UserA in the %ASA-6-302013 message and UserB in the %ASA-6-302014 message. I presume this is due to the fact the tcp sessions are not tore down when the first user disconnects and it looks like a bug to me but I didn't find it referenced anywhere. Is there a way to have all tcp session tore down when a user disconnects the VPN connection?

View 2 Replies View Related

Cisco Application :: ACE 4710 - Monitoring Real Server Showing N / A?

Jun 25, 2012

I recently installed a Cisco ACE 4710 version A4(2.0) into our test network. Load balancing across a number of web servers appears to be working ok and serving pages to users. However, when i tried to check the real time stats via device manager (Monitor> virtual contexts> context > Real servers) a number of fields specifically "current connections", "total conns", "failed conns" etc were showing N/A. Do I need to enable this somehow i.e. polling, if so how?

View 5 Replies View Related

Cisco Application :: ACE 4710-K9 - VIP Not Showing Webpage From Real Server

Mar 27, 2013

my ACE 4710-K9
I cannot reach a web page when accessing my VIP on ACE, here is i paste my configuration
VIP at
RS1 at
RS2 at


View 8 Replies View Related

Cisco Firewall :: ASA 5510 - Unknown 105008 And 105009 Logs On Non-failover Interface

Nov 26, 2012

I have a pair of ASA5510s in a failover configuration where I see these 2 logs repeated every 15 seconds. 
105008 1          Nov 27 2012          10:39:27        (Primary) Testing Interface management
105009 1          Nov 27 2012          10:39:28        (Primary) Testing on interface management Passed
I have read other threads where these are accompanied by "105005, Lost Failover communications with mate on interface".  But I'm only getting these 2.  The other thing that is confusing is that the "management" interface is not the failover interface.  So why do I see 105008/9 logs about it?
Output of "sh fail":
5510a# sh fail
Failover On
Failover unit Primary


View 6 Replies View Related

Home Network :: Topologies In Real Time Implementation Compare And Contrast Each Other

Apr 26, 2011

Topologies in real time implementation compare and contrast each other?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Logs Are Not Showing MAC Address?

May 10, 2012

We recently had to rebuild our ACS server.  Now when we have an 802.1x authentication failure and look at the RADIUS logs for the specific user, it does not show us the MAC address of the device the user tried to login with.  We use this all the time because users have PDAs and other mobile devices that they save their passwords on.  Then when they change their domain password on their laptop, they don't change it on their PDA which then tries to authenticate them using the wrong password and eventually locks them out.  We need to see the MAC address so we can pinpoint which device is causing the lockout.  The report I am generating is when you go to this location: Monitoring & Reports > ... > Reports > Catalog > User > User_Authentication_Summary

View 4 Replies View Related

Router Logs Showing DoS Attacks

Sep 13, 2012

I've noticed in the mornings lately when I get up around 6 am my internet will not work. Not on wireless or on my desktop. I decided I'd log into the router to see if there was a firmware update or anything. I had checked the logs and there are quite a few entries relating to DoS. I googled around and saw that it could be some sort of packet loss and the router is mistaking it for some sort of DoS attack. And that due to it not showing up multiple times every second it likely isn't a DoS attack. Here is a few from the logs:


View 4 Replies View Related

HP 1810G-24 Showing Port 26 Status In Logs?

May 16, 2011

OK, so just mooching around in the pages of my switch, a 24 port switch and it has in the logs:

268InfoMay 15 22:43:51NIMInterface 26 is Link Down
269InfoMay 15 22:43:51NIMInterface 26 is Link Down
270InfoMay 15 22:43:51NIMevent(39),intf(26),component(2), on non-existent interface

Now, correct me if I`m wrong but my switch only has 24 ports and two of those (23 and 24) are dual personality jobbies!?Where the hell is port 26? Where did it come from? and why did it need to show up only for the switch to realise that it doesn`t really exist?

View 2 Replies View Related

TP-Link Dual-Band Wireless :: TL-WDR4300 Daylight Savings Time / Date Menu Incorrect?

Jan 14, 2013

Region : UnitedStates
Model : TL-WDR4300
Hardware Version : V1
Firmware Version :

Seems that Daylight Savings Time starts on March 10th, 2013 this year. The drop-down menu only goes up to 6.

View 1 Replies View Related

AAA/Identity/Nac :: ACS V5.1 View Not Showing Full Admin Logs?

May 18, 2011

I am having trouble viewing all the Administration logs in ACS View. I have my Local Log Target set to a Maximum log retention period of 90 days. In ACS View I can display authentications that go back 90 days + However when I try and display the "ACS_Configuration_Audit" in View and perform a Custom query that goes back 90 days it will only display about 35 days of Admin logs.I know the logs are there because when I go into CLI and do a search like "show logging | i "ObjectType=Administrator Account" the Administration logs go back over a year.why ACS View cannot display all the Admin logs?The ACS is running v5.1.0.44 Patch 6 (Also experiencing this in a v5.2 ACS as well)

View 2 Replies View Related

Cisco Firewall :: Open Ports On Firewall ASA 5510

Apr 18, 2012

We have setup new ip camera system and as per our vendor to access the camera from outside we need to open,TCP ports and in firewall and forward to our camera server.
Let say our public ip address is and our local ip address for the camera is We have cisco asa 5510.

View 2 Replies View Related

Cisco Switching/Routing :: WS-3750G-24TS - Switches Logs Showing CPU Errors

Oct 16, 2012

We have a stack of 4 Cisco WS-3750G-24TS with Sw  Version 12.2(52) SE and giving weird errors:-
-Traceback= 17211C8 16FA4C0 16FA4FC 18625E4 18608D4 286A850 283E6FC 282EDF4 2859BBC 1B2EDA8 1B25878
Oct 17 22:26:48 AEDT: %SNMP-3-CPUHOG: Processing GetBulk of lldpRemEntry.7
Oct 17 22:26:50 AEDT: %SYS-3-CPUHOG: Task is running for (2098)msecs, more than (2000)msecs (8/6),process = SNMP ENGINE.
-Traceback= 172108C 17211CC 16FA4C0 16FA4FC 18625E4 18608D4 286A850 283E6FC 282EDF4 2859BBC 1B2EDA8 1B25878
Oct 17 22:26:51 AEDT: %SNMP-3-CPUHOG: Processing GetBulk of lldpRemEntry.7
Oct 17 22:26:53 AEDT: %SNMP-3-CPUHOG: Processing GetBulk of lldpRemEntry.6
Oct 17 22:26:53 AEDT: %SYS-3-CPUHOG: Task is running for (2097)msecs, more than (2000)msecs (1/1),process = SNMP ENGINE.
What are these errors is this a bug in the IOS

View 1 Replies View Related

Linksys Wireless Router :: E4500 - Troubleshooting Logs Not Showing Website Url?

Oct 31, 2012

I have linksys E4500 and I would like to be able to see the website visited vs ip address.Is there a way to enable same or achive same via parental controls.Again I do not want to block a website but monitor which websites are visited. Is this achievable via router or an additional software/hardware required to be used with router

View 5 Replies View Related

Cisco Firewall :: Asa 5510 - Sometimes Boots And LED On Ports Comes On

May 9, 2011

Our cisco asa 5510 getting sometimes boot and sometimes not. sometimes LED on port comes back if boot and sometimes not. what are the parameter should be check to rectify problem.

View 3 Replies View Related

Cisco Firewall :: Open Ports On ASA 5510

Dec 1, 2011

I just finished implementing a VOIP install and I am trying to setup some softphones and in order to allow the softphones to work I need to open some specific ports for outbound.  I am not a Cisco guy, I am a Windows Administrator that also has to maintain my Cisco infrastructure. 

View 3 Replies View Related

Cisco Firewall :: Forwarding Ports On ASA 5510 With ADSM 6.4

Dec 16, 2012

Trying to get port forwarding going using ASDM 6.4 on a Cisco 5510
I want to forward port 25/Smtp to
I have added all the rules as outlined in the link below. [URL]
But when running an open port checker on [URL]
It says the port is closed, I have noticed that under Access Rules under the Hits columns it says 52 ?

View 7 Replies View Related

Cisco Firewall :: ASA 5510 - Add A NAT Rule For Range Of Ports?

May 22, 2012

i have a cisco asa 5510 and would like to add a NAT rule for a range of ports like 50000-59999

View 1 Replies View Related

Cisco Firewall :: ASA 5510 8.3 - Unable To Open Ports?

Feb 19, 2012

I got a situation here for Nat-ed IPs i configured. I expected to open some ports on the interface to allow certain traffics to pass through, yet there are some of them are failed. Down is my current config.
object-group service DM_INLINE_SERVICE_1
service-object icmp
service-object tcp destination eq https


The only ports opened are 443, www, 3389 while ports domain, 5061,3478,3389. how to open domain, 5061, 3478, and 3389 ports on my ASA .

View 6 Replies View Related

Cisco Firewall :: ASA 5510 - Time Range / Allow Single Port During Business Hours Only

Apr 1, 2012

I'm new to an ASA 5510 running 8.4(3) and am trying to figure out something regarding time ranges in ASDM. I simply want to allow a single port during business hours only (I'm not concerned about open sessions needing to be closed). So as an example I add a rule something like:
(RULE1 on the internal interface) SRC=INTERNAL DEST=ANY SERVICE=RDP ACTION=PERMIT with a time range set for weekdays 8:00-16:59. I did a test after 5pm on a weekday and was still allowed to do RDP to a server (from INTERNAL), and after using the packet trace tool saw it was still passing through due to a rule a couple lines down (rule 4) that allowed a port range that happened to include port 3389. So my question is if I specify an "allowed" time range and someone attempts access outside that time range, why doesn't it drop it right there? I guess I'm assuming that anything outside the "allowed" time range would be dropped but that doesn't seem to be the case. I'm also assuming the rule base is processed top to bottom.

View 2 Replies View Related

Cisco Firewall :: How To Configure 4GE SSM Or ASA 5510 Internal Data Ports

Feb 4, 2013

I have inherited an asa 5510 whit 4GE SSM module installed. The asa runs fine, but i can not use the 4GE SSM ports. Using  ASDM or console i can get and configure the gigabitethernet1/x ports but i can not get traffic on it. The ping from the console to the ip address of the Gigabitethernet1/0 is successful. On switches or hubs connected to those ports i can not see the port's mac address. The two Internal-data0/0 and Internal-data1/0 are down and i can get they up. How to configure 4GE SSM or ASA internal-data ports.

View 8 Replies View Related

Cisco Firewall :: Enabling Traffic On E0/2 And E0/3 Ethernet Ports - ASA 5510

Aug 10, 2011

enabling traffic between interfaces on the ASA 5510. Of course I have an outside interface E0/0 and an inside interface (E0/1) for normal operation. The idea was to enable one of the remaining interfaces on the 5510 to attach an internal network resource to for management in case we lost our switch. I am using E0/0 as the outside interface and the inside interface is E0/1. I am wanting to attached a management device on the same inside network IP address range for simplicity. I have E0/2 configured for the same security level (100) as the other inside interface and I also have enabled same-security-traffic permit inter-interface as well but I still cannot access the device on that port. Is there something else I am missing? I guess the best way to explain this is that I want ports E0/2 and E0/3 to act like a "switch" so to say...... The ASA 5505 lets you do this pretty easy but having trouble on the 5510. 

View 4 Replies View Related

Cisco Firewall :: 5510 - Opening Ports For Video Conferencing?

Nov 7, 2011

We have just acquired a cisco profile 42 video conferencing equipment and am required to open ports for SIP and H232, any pointers on hw that can be acquired i have a cisco ASA 5510, Some one told me to open port 16384 but i need pointers on how to do it becuase I already set an access list to any.
the config
Internet -> ASA 5510 -> Switch -> Profile 42 and other devices

View 5 Replies View Related

Cisco Firewall :: ACL Hit Count Not Real In Asa 8.2

Mar 6, 2011

ASA v 8.2What does the ACL hit count count ? I always thought that the acl hitcount counted the numbers of packets hitting that line in the ACL, however that is not the case. if I setup a icmp permit rule then that will only increment 1 even if I send 4 packets that hits the line. udp and tcp seems to do the same. is there some way I can make the ACL actually count the packets that hits ? where can I learn more about this ?

View 4 Replies View Related

Copyrights 2005-15, All rights reserved