Cisco Firewall :: ASA 5510 Reboots Itself Several Times A Day
Apr 30, 2011
we just bought brand new Cisco ASA 5510.We are using it in transparent mode, only for firewalling.But we have problems... This device reboots itself several times in day. Actually throughput is around 5 Mb/s and connection number is around 200.
i have a Ipsec tunnel between a ASA 5510 (Uk) & a router (France) that seems to be going down a specific times during the day. I have attached the sys log as well.
I cannot seem to copy & paste the config onto here for some reason so i have attched the configs, Ipsec details & syslog details from the asa.
I currently have a problem where I have to constantly reboot my ASA whenever my cable modem reboots. The ISP (Pen Tele Data) is setup so that my ASA has to obtain its' static IP using dhcp (ip address dhcp setroute) on the outside interface. Now, I also have another location with a cable connection (Comcast) that does NOT experience the same problem. However, the difference is this ISP allows me to assign my static IP directly on my outside interface. What can I do so that I don't have to reboot my first ASA everytime modem reboots.
I'm running a couple of 5520 (with failover configuration) and fw 8.3.1. Everything worked fine until I try to upgrade firewall to new fw version: 8.4.1. [code]
When I try to upload new firrmware or asdm image, ASA, the appliance reboots during tftp session. I've already tried to upload new images on both appliance, or use CLI either ASDM, but the result is always the same: ASA reboots.
From my point of view, the problem isn't the image but could be the firmware I'm running, becouse using fw. 8.0.1 I was able to upalod asdm 8.3.1, but using fw 8.3.1 I can't upload the same image.
I have a problem with a ASA 5505. He is crashing multiple times during the day. I've setup a syslog server en I'd noticed that the last two log notification were:
2011-11-08 12:28:19 Local4.Debug 10.0.0.254 %ASA-7-711002: Task ran for 27016 msec, Process = Dispatch Unit, PC = 84745ce, Traceback = 2011-11-08 12:28:19 Local4.Debug 10.0.0.254 %ASA-7-711002: Task ran for 27016 msec, Process = Dispatch Unit, PC = 84745ce, Traceback = 0x084745CE 0x08474942 0x08475511 0x08475DB7 0x08475EDA 0x08508D9B 0x0850908A 0x083AB5B8 0x083A1D55 0x080655C1 0x08895A19 0x08895AD0 0x08952194 0x08978450
It's a 5505 with a 10 user inside host license, wich incidentally is more.
I have a ASA5585 running 8.4 that is redirecting Internet http to a websense server via GRE.The integration is working fine, except when a user PC sends a large packet (~1500 bytes).With WCCP/GRE headers, the user packet is too large to be transmitted to websense, so the ASA fragments the packet in two and transmits both to websense.
A sniffer trace confirms that both fragments reach the websense server, but the TCP packet is never acknowledged.User-side TCP retransmits the large packet three times over 15 seconds, and eventually retransmits fine with smaller packets. The 15 second delay is of course not acceptable.Users and Websense server are both on the Inside interface.
We are considering imposing browser proxy to websense (which works fine), but would prefer not, considering the increasing diversity of devices.
I have ASA 5520 running ver 8.3.(2)8 and configured for AnyConnect VPN. While testing for iPads and iPhones we noticed that on connecting it disconnects few times before finally connecting. These are the messages logged in the ASA.I don't see authenticatio as an issue. Results are better with wifi compared to 3G. [Code]
I have a problem with an internet connection with a customer.They have a Zyxel 660 in bridge mode and the public ip is delivered to the eth0/0 outside interface of a 5505 ASA.They lose internet connectivity a couple of times per hour. What solves the problem immediately is disconnecting the ethernet cable from the eth0/0 and then directly plugging it back. Then it runs for 20-30 minutes or so.The isp doesnt't notice any errors on the dsl connection, only that they cannot ping the outside interface from time to time (duhhh)However, yesterday, when problem appeared for first time , I noticed that this Zyxel was very hot since it was placed on top of the ASA. Now it is set apart.In the meantime I already replaced all cables, but I think it's the Zyxel so I urged that the ISP send a new Zyxel.Though it sounds strange. [code]
I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
I need to create a firewalled segment that not only separates hosts from general population, but also from each other. The solitary confinement of firewalled segments.I know that I could create a bunch of sub-interfaces, one for each host or group that needs to be isolated, but I'd really rather not have to do that if possible. 1) It could become a management nightmare between ACLs and sub-interfaces and 2) it's a waste of IP addresses.s there any way that I can create a bunch of separate VLANs behind the firewall and have them all terminate at the firewall, using a single firewall IP address for the gateway?
I have a ASA 5510 firewall with CSC module and Security Plus license for CSC module.Will you tell me how to configure my firewall to send emails to particular mail ID when someone login into the firewall or any virus attacks from outside.
We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510. One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover. I have configured a number of isr's for this and i know it works good.
I would just like to to open UDP port 123 in the ASA 5510 Firewall so that our Primary Domain Controller could use this port to sync time with an external time source. We have already added an access rule for this port under the firewall configuration in ASDM 6.4 and this port was also allowed in the inbound and outbound rule of the PDC's Firewall but it seems that it was still blocked.
I am quite new to firewall, in my company one asa 5510 firewall is there.I configured inside, outside, dns, dhcp and nating.I need to config bandwidth limit (1Mbps) for inside port and I restruct like facebook, youtube and pornsites..And I heard that some subscription is required, really is it required?
I have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via eithier. When I access It via SSH I get a disclaimer saying the following
*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***
It then cuts me off.
When I try to access the ASDM I get the following
The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with
I have just configured identity firewall on our ASA 5510.I have 3 nodes that authenticates against Active Directory, using the Windows Server 2008 R2 builtin Network Policy Server: A laptop, a stationary PC, and a Android Phone. All 3 nodes are authenticated using the same user/password.
Now, in ASDM -> Monitoring -> Properties -> Identity -> Users, I can see two of the nodes with my user name attached to it, namely the laptop and the stationary PC.But not the Android phone.
Then it dawned on me. To set up the ADAgent properly, you have to apply 2 group policy entries. Unfortunately, those 2 entries are applied to the Computer Configuraton part of the Group Policy.This means that your COMPUTER has to be a member of your domain for USER IDENTITY to work.So my Android phone and other nodes not a member of the AD Machine Store will never be detected by identity rules, and can roam the network free.
I'm trying to install an ASA 5510 transparent firewall using ASA version 8.4(3)9 but I don't understand how traffic will ever pass through my firewall if both interfaces are on the same sub net(V lan) as the host and it's default gateway? The reason I'm doing this is were installing UAG (or Direct Access) and the UAG appliance need to have public IP's but still be behind a firewall (see attached diagram).
Looking at the documentation (which all seems to be for 5505's running 8.2) it almost seems like i need to have the transparent firewall 'in-line' to the ISP router?, but this router services another IP address range on another v lan for other (routed) firewalls (not shown on diagram) so putting it 'in-line' is not possible. Surely this can't be the case can it? If not how is it supposed to be cabled up and configured so packets go through the firewall?
I currenty have 2 cisco 5510 firewalls one of the firewals is completly dead but contains a Cisco ASA SSM-10 can i remove this card and just place it into a working unit, will i have any problems doing so.
I am unable to see 4th interface on my firewall i.e fastether0/3 on my firewall ASA 5510.
Below is the output. ciscoasa# sh int ip br Interface IP-Address OK? Method Status Protocol Ethernet0/0 x.x.x.x YES CONFIG up up Ethernet0/1 x.x.x.x YES CONFIG up up Ethernet0/2 unassigned YES unset administratively down down Internal-Control0/0 127.0.1.1 YES unset up up Internal-Data0/0 unassigned YES unset up up Management0/0 192.168.1.1 YES CONFIG up up
This is my first time to use the Cisco ASA 5500 family. I have a request from a user to create an access rule, to allow all LAN traffic to Destination IP address 165.241.29.17, 165.241.31.254 with Destination TCP port 5060,5061,5070 and UDP port 50000-52399.
We have setup new ip camera system and as per our vendor to access the camera from outside we need to open,TCP ports and in firewall and forward to our camera server.
Let say our public ip address is 207.114.111.22 and our local ip address for the camera is 11.11.1.30. We have cisco asa 5510.
We've in our company a Cisco Asa 5510 v8.4(3), Asdm 6.4(7) and a SSM-CSC-10-K9. The firewall is in transparent mode. I get an exchange 2003 SP2 server behind. When users trying to send mailing lists with many recipients (above 300), the Exchange server didn't send these mails. I'm pretty sure that this problem come from the ASA Firewall, because when I plug my server directly on my Internet Connection, the mailing list is sent. I've search on the web, and disable "ESMTP Inspection", but it didn't work. [code]
I have CISCO 5510 firewall running with IOS ASA821-k8.bin.My company has purchased another ASA5510 with IOS ASA843-k8.bin.We need to run both firewalls in Active/Standby mode.
If I upgrade the IOS of old firewall to ASA843-k8.bin the the running configurations does not work properly.It does not pick the network objects and NAT rules as they are configured with OLD IOS and running.
Or if I restore the configurations of old firewall at New ASA the result is worst. Even firewall with new IOS does not show any Access Rule and NAT rule and does not supprt network objects.
I bought it without a a windows installation because i already had a copy of vista 64 cd which I installed when I got the computer. Then I realized vista couldnt handle the amount of ram my computer had or support some of the other new hardware, so i went online and purchased a copy on Windows 7 for 600dollars and digitally downloaded it from a non microsoft site, as it turned out after I installed it the cd validation key was not included in the purchase sadly so I was running it as trial version for 30 days.Anyhow, at some point (and it has been going on for awhile) my router reboots quite frequently when I am online playing games such as Civilization 5 , world of warcraft and CoD on this computer. Sometimes it can reboot up to 3-4 times an hour if I'm really unlucky! When I'm not playing games and just surfing the web it is rare the router restarts, and while I sleep I keep my computer online and it dont reboot at all.
So it is basically when I play online games this occurs the most. However! If I play games online on my laptop or playstation 3 the router -never- reboots, so it's obvious the problem is not the router itself since it works with my ps3 and laptop but not my stationary gaming computer
Been trying to config a 2924XL switch via telnet. Always within Two(2) minutes. the switch reboots and knocks the telnet session down.When I unplug the switch it will once again hookup but only for a couple of minutes.
Our router 2821 reboots each time vpn traffic is called : - vpn connects without problem - as soon as you launch rdp, ftp or anything else traffic => the router reboots itself Consequence : no more phone, no more internet during the reboot process. A call can be cut when it happens.
Below is the show context log : CUCME#show context System was restarted by error - a System Error, PC 0x4046A374 at 10:18:43 CEST Mon Apr 15 2013
System was restarted by bus error at PC 0x41FE4988, address 0x813B at 10:07:23 EEST Wed Aug 29 2012 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(20)T1, RELEASE SOFTWARE (fc3) Technical Support: [URL] Compiled Wed 24-Sep-08 14:37 by prod_rel_team [Code]....
I continue to have significant performance and random reboots with DIR-825 router (hardware: Rev A1; Firmware: 1.13NA). My ISP has checked the lines to my cable modem. If I connect any of my laptops or PCs directly to the cable modem and work off the direct connect, all works fine with no problems for many days and even mutliple weeks. So, the router seems to be the bottleneck/issue.
I've tried multiple settings changes as listed in the forum here. My setup is fairly simple and detailed below.
Setup -> Internet: -- Dynamic IP (DHCP) -- I have disabled "Enable Advanced DNS Service" -- "Use Unicasting" is enabled -- I have primary and secondary DNS servers set [Code]....
I have an AIR-LAP1141-A-K9 it keeps rebooting itself. It seems to boot up and loads the flash and then shortly afterwards and before I get to console login it reboots.in reviewing what I've captured from the boot process is a message "Unexpected exception to CPUvector 200, PC = 1020" Below it is the following "Traceback - 0x1020 0x51351c 0x51351c 0x513c00 0x4FB1A8 0x4FB5B0 0x4F7FB8 0x191214 0x1912c8 0x57090 0x57398 0x1A5E50" I tried a couple google searches but didn't have any luck finding anything that matched what I have occuring.