Cisco Firewall :: ASA 5510 Version 8.2(4)2 Can't Remove ACL Named Extended

Feb 13, 2012

I have an access-list that was named "extended" (without quotation marks) and the ASA will not let me remove it.
I have tried everything I know to try and get it out, but I cannot remove a single line.
ASA(config)# no access-list extended line 1 extended permit ip host host<1> not a valid permission
ASA(config)# no access-list extended line 1 permit ip host host<1> not a valid permission

View 1 Replies


Cisco WAN :: 7200 VXR - Named Extended Access List

Oct 10, 2012

I've got a 7200 vxr that I'm trying to create a named extended access-list in.
I got to configure it if I go into ip after that the only commands available for access-list are log-update, logging, and re sequence.
so if I go back to the main config menu access-list is an available command
but then from the main config menu, if I type: access-list extended eth0_in it says invalid input detected at the carrot marker which is under the first character of the work extended.
also, at the main config menu, if I type: ip access-list extended eth0_in it again give me the invalid input detected at the word extended.
I don't understand what I am missing to get this to work.

View 9 Replies View Related

Cisco Firewall :: Allow / Block Any Type Of Services From ASA 5510 Extended

Jul 25, 2012

I have created Different extended access-list which allow/block some specific services like IP,TCP,UDP ,ICMP etc for certain source and destination . But now I have to allow/Block all/any type of services to a certain host from a extended access-list . How can I do it ?

View 4 Replies View Related

Cisco Firewall :: How To Upgrade ASA 5510 Version 8.0(4) To Version 8.3

May 10, 2011

i am using Cisco ASA 5510  with ASA Version 8.0(4) and memory 256MB. me to Upgrade it to 8.3

View 6 Replies View Related

Cisco Firewall :: 5510 - Transparent Firewall Installation Using ASA Version 8.4(3)9

May 14, 2012

I'm trying to install an ASA 5510 transparent firewall using ASA version 8.4(3)9 but I don't understand how traffic will ever pass through my firewall if both interfaces are on the same sub net(V lan) as the host and it's default gateway? The reason I'm doing this is were installing UAG (or Direct Access) and the UAG appliance need to have public IP's but still be behind a firewall (see attached diagram).
Looking at the documentation (which all seems to be for 5505's running 8.2) it almost seems like i need to have the transparent firewall 'in-line' to the ISP router?, but this router services another IP address range on another v lan for other (routed) firewalls (not shown on diagram) so putting it 'in-line' is not possible. Surely this can't be the case can it? If not how is it supposed to be cabled up and configured so packets go through the firewall?

View 3 Replies View Related

Cisco Firewall :: NAT Configuration In ASA 5510 IOS Version 8.3

Mar 8, 2011

Will give configuration of NAT for my internal users with with single public IP.
I new to configure IOS version 8.3.

View 5 Replies View Related

Cisco Firewall :: How To Do NATing In Version 9 ASA 5510

Dec 22, 2012

i have asa901-k8.bin" in my asa firewall and  downlaod liecnce from cisco,now i dont know how to allow internet to my user.?

View 1 Replies View Related

Cisco Firewall :: Static Nat On ASA 5510 IOS Version 8.2

Feb 19, 2012

have a question. I have a ASA5510 with IOS version 8.2 . I have my firewall and behind it also have a mail server eg 192.168.1.x. When i send email from inside network it doesn't show as if it's coming grom the out side nated public IP of my server but IP of firewall. What am i missing my example nat statements are . Nat-control is disabled.
static (inside,outside) 196.68.99.x 192.168.1.x netmask
access-list inbound extended permit tcp any host 196.68.99.x eq 225
accesslist outbound extended permit host 192.168.1.x host 196.68.99.x

View 9 Replies View Related

Cisco Firewall :: 5510 Code Version Upgrade?

Feb 3, 2013

I am looking to upgrade a 5510 that is currently on code version 8.0(4) to code version 9.1. I know I will have to upgrade to 1gb ram, but can i just upgrade straight to version 9.1 or do I need to follow an upgrade path? This is a standalone device so I am planning on downtime.

View 8 Replies View Related

Cisco Firewall :: Configure Extended Access List On AS5350XM?

Sep 14, 2011

I'm trying to configure an extended access list on one AS5350XM but I get one way hearing on a voice calls and I can't determine why (please see the attached diagram). There is an OSPF running on both gigabit interfaces and the Loopback address is also advertised (it is actually the voip IP address). The access list is applied on both interfaces in the inbound direction. There is another gateway with IP: (no firewalls here) and the routing between gateways is working properly.
Here is part of the access list (applied on AS5350):

permit ip host host
When I review the log of the AS5350xm I see many errors like this one:

%SEC-6-IPACCESSLOGP: list example denied udp ->, 1 packet
So how it is possible to see this error since the access list is in inbound direction and the IP address ( is open. I don't have problems when I do telnet or ssh from to

View 3 Replies View Related

Cisco Firewall :: 5540 - Extended Access-list Error Using FQDN

Nov 7, 2011

I'm trying to add an access-list rule to allow internal servers to connect an outside host on a asa 5540. The hostname translates to multiple ip's. Normally I just lookup the ip address or one of the ip's the hostname translates too and use that in the access-list as the host. For some reason the actual ip's, which are a few, are not always available so using a specific ip sometimes does not work, thus the reason I have to use the hostname instead of the ip. I have 2 hostnames. and
This is how I normally add these rules (the ip addresses are fictive): access-list internet_access extended permit tcp host host eq www log
When I try to add this using the hostname on our asa I get an error: access-list internet_access extended permit tcp host host  ?ERROR: % Unrecognized command
I've tried it without the 'www', so but same error.

View 4 Replies View Related

Cisco Security :: Remove License Previously Installed On ASA 5510?

Nov 15, 2010

I'm currently reconfiguring an ASA5510 installation to a HA setup with a second 5510. The old 5510 has an "AnyConnect for Mobile" license which isn't being used. So we upgrade that one to a SecPlus License to enable failover posibilities and we bought a new 5510 also with a SecPlus license. When I'm trying to enable failover I get the message that my mate hasn't got the "AnyConnect for Mobile" license. I know for failover both devices must be exactly the same (at first i thougth that the AnyConnect license would be lost when upgrading to SecPlus). So now I'm wondering and searching for solutions to remove the AnyConnect license (because we don't use it).

View 7 Replies View Related

Cisco Firewall :: Software Upgrade For ASA 5520 Version 7.0(1) To Version 8.4?

Apr 3, 2012

provide me with the important links which can show me how to do the software upgrade for my ASA 5520 ver 7.0(1) to ver 8.4 ? as well as the ASDM

View 10 Replies View Related

Cisco WAN :: ASR 1001- How Interfaces Are Named

Sep 3, 2012

I just need to start building the configuration of an ASR 1001 but I do not know how gigabitethernet interfaces are named on these routers? Are Gi0/0/X or Gi0/X ??

View 1 Replies View Related

Cisco :: Named Objects Or Object Groups In ASR 1000s?

Mar 5, 2012

Any way of doing named objects or object groups for ACLs on the ASRs? (1000 series in this case.) I'm setting up an ASR with a zone-based firewall and writing out all the addresses, ports and protocols for the ACLs associated with the various zones is creating huge, unwieldy ACLs in the config.

View 11 Replies View Related

Cisco WAN :: 1841 - Named Versus Numbered ACLs

Dec 27, 2010

In my test lab I am playing with the Numbered ACL's and Named ACL's. Both configurations are working BUT , I am sure I do something wrong in the Named ACL's version. When I reboot or reload the CISCO 1841 ROUTER , I do not have INTERNET anymore , I still have access by TELNET or SSH , but no external communication anymore. The only way to start the communication again , is by adding :

PERMIT IP ANY ANY . This will of course work , but the funny thing is that when I do a : NO PERMIT IP ANY ANY It still works !!!
I have learned by this to always shut down and restart my ROUTER or SWITCH to see if everything still work . Here bellow some parts of the working Numbered ACL's version :
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh port 8096 rotary 1
ip ssh version 2
[ code] ....

View 4 Replies View Related

Cisco VPN :: RDP Plugin On SSL WebVPN On ASA 5510 Version 7.2

Aug 10, 2008

I am facing problem while configuring SSL Web VPN on my ASA 5510 which is on version 7.2.I need to configure RDP access to the internal servers for the users using SSL Web VPN for which i dont see an option while configuring it though I have uploaded the plugin to my ASA.

View 6 Replies View Related

Windows Can't Find Computer Or Named Device

Oct 12, 2012

I get 2 troubleshoot messages printer cannot be contaacyed over network and windows can't find a computer or device named....

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Without IPS Can't Remove Some IPS Configurations

Dec 5, 2012

I have an ASA 5505 without any IPS module.While copy/pasting some configurations from another 5510 with IPS I copied my mistake the some of the IPS configurations part. Now I can't remove it.When ASA starts I get this Warning:
...WARNING> IPS policy is configured without an SSM card.
*** Output from config line 828, "  ips inline fail open"
Those lines are:
policy-map Outside_Policy
class IPS_class
ips inline fail-open
 When I try to do "no ips inline fail-open" I get an "invalid input detected".If I try a no class IPS_class I get that is being in use.What can I do to clean up those lines?

View 8 Replies View Related

Cisco VPN :: 5510 / 5505 - Connect 2 Networks Via ASA Software Version 8.41

Feb 22, 2011

I use a ASA 5510 and a ASA 5505 and want to connect 2 networks via VPN ASA software version is 8.41. Network 1 has address Network 2 has the address I use site to site VPN wizard on both asa and create the VPN connection. do I need to create acl after that?the PCs on network 1 must have access to a resource in the network 2 how do I create static routing to connect the both Network.

View 1 Replies View Related

Cisco Firewall :: 6513 - Unable To Remove Access List

Mar 22, 2012

I am unable to remove an access list. Currently this this access list contains 4 lines of remarks. I was unsure if I was entering the command correctly and now I have 4 lines of "trash" that needs to be removed.
     The "sh run" command shows that I have access-list 100 defined.
     The "sh access-list" returns nothing.
Process I have tried:      config t
     no access-list 100
     no access-list remark Test (just trying anything at this point)
    clear configure access-list 100 (This returns "Invalid input detected at '^' marker" and the '^' is under the 'e' in clear.) 
So the "clear configure" command is not working.  The "no access-list" commands does not return an error but does not remove anything.
What step am I missing? Let me know if I can provide any more information.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS1113 Version 4.2 Ssh Version 1 / Specify Only Version 2 Or Turn Off SSH?

Sep 14, 2009

McAffee scan of acs 1113 appliance running the 4.2 build 124 patch 12 version reports that a medium vulnerability exists because the system has SSH version 1.  Any way to specify only version 2 or turn off SSH?

View 9 Replies View Related

Cisco Security :: Disabling XAuth For Remote VPN Users On ASA 5510 Version 7.2(1)?

Jul 1, 2006

how to disable XAuth for Remote VPN users on the ASA 5510 running 7.2(1)? 
HPMFIRE(config)# tunnel-group vpn3000 general-attributes
HPMFIRE(config-tunnel-general)# authen
HPMFIRE(config-tunnel-general)# authentication-server-group none
ERROR: The authentication-server-group none command has been deprecated.
The isakmp command in the ipsec-attributes should be used instead.

I couldn't find anything under isakmp to disable it. 

View 2 Replies View Related

Linksys Wireless Router :: E1000 Is Showing Different Named Wifi Network?

Jun 29, 2012

I have a strange problem with my Linksys E1000. When I try to connect wireless, there is a network with an excellent signal, but it has the name "CiscoI1593" and it asks for a password which I don't know. My original network does not appear for some reason when I try to connect wirelessly. I do see my original network name when I use an ethernet cable through the E1000.
It's not possible, where I live, for this "CiscoI1593" network to belong to someone else, it just seemed like it renamed my network to this and also wants some different password. 
I think this may be due to something I did. My internet occasionally cuts out and it's usually something wrong with the modem or router, so I typically unplug and press the reset button on both until it begins to work again. This is the first time i've had this problem though, and I have unplugged and pressed the reset button on my router many times.
There is also a button in the middle of the front of the router that looks like a refresh symbol, but I don't really know what it is, pushing it doesn't seem to do anything but make a solidly-on light become blinky.

View 6 Replies View Related

Cisco Security :: ASA 5510 - ASDM Fails To Load On Mac OSX 10.7 Running Java Version 1.6.0_33

Jun 24, 2012

I have an ASA 5510 running ASDM 6.4(9) and Cisco Adaptive Security Appliance Software Version 8.4(4)1.I am trying to configure for the first time and I am accessing the ASA via its Management Interface.I am successfully able to connect to the device and get to the Cisco ASDM 6.4(9) page.When I try to run the startup wizard, a couple of prompts displays up to the point where the java applet runs and aks me to enter my IP, username and password.As it is a new system, password and username is blank so I enter and I get a message saying "loading software from cache" which later changes to "software Update completed" and then nothing happens.I am running MacOSX 10.7 Lion, Java version 1.6.0_33.I did try and run this on a Windows system and i was able to load the interface.

View 2 Replies View Related

Cisco Firewall :: Migrating Netscreen Firewall To ASA 5515 Version 8.6?

Mar 5, 2013

I am currently migrating a netscreen firewall to a asa 5515 version 8.6 The issue is setting up the management connectivity.
basically the management IP of the cisco asa is not advertised. But, we want to route a management IP through the management interface to interface Gi0/2.
so IP of management interface is say - and the IP of the inside interface is say - on our router we have a static route sending to next hop of (management interface of cisco asa).
On the Cisco ASA can I send the traffic to the inside interface and manage the firewall via ssh that way?

View 4 Replies View Related

Cisco Firewall :: ASA 5540 - Version Change In Firewall?

Mar 15, 2012

How are asa5540 in high availability mode upgraded for their versions.

View 1 Replies View Related

Cisco Firewall :: ASA Version 9.0(1) / Configuring NAT On Intranet Firewall?

Dec 26, 2012

configuring NAT on intranet firewall. here is the my topology:
  DMZ Network  - - - - - - - - - External Firewall   - - - - - - - - - Internet
  Internal Network  - - - - - - - - - Internal Firewall  
1) I can Ping the intneral host from external firewall, internet firewall and DMZ network

2) Both ASA's are running OS Version 9.0(1)

3) ACL used permit IP any any, on both (i.e inside and outside)
NAT configuration on Internal Firewall  (Identity NAT)
object network MGMT-SRV-INSIDE           subnet
object network MGMT-SRV-identity
 object network MGMT-SRV-INSIDE           nat (Inside,Outside) static MGMT-SRV-identity


View 1 Replies View Related

Cisco Firewall :: Block Ip Address From CLI At PIX Firewall Version 6.3(4)?

Oct 11, 2011

I would like to know  how can I block a ip address from the  CLI at the Cisco PIX Firewall Version 6.3(4)

View 4 Replies View Related

Cisco WAN :: Extended ACL Not Work On 1941

Jun 2, 2012

I apply extended ACL on my router cisco 1941, but it didn't work. So I tried to apply standard ACL, it's work. I'm not sure about my cisco 1941 IOS is support extended ACL. My cisco IOS is
Cisco CISCO1941/K9

Technology    Technology-package           Technology-package
Current       Type           Next reboot
ipbase        ipbasek9      Permanent      ipbasek9
security      None          None           None
data          None          None           None


Is it IOS bug or limit feature on hardware.

View 20 Replies View Related

Use TV As Extended Monitor Wirelessly?

Aug 11, 2012

I have a sony bravia tv that has wifi and supports dlna. And I have a desktop in another room, running windows xp. Since they both connected to the same network, is it possible to use the tv as another screen for the pc?( duplicate the screen, whatever i do on the pc will be shown on the tv screen) I'm installing a software that might stream content from the pc to the tv, but then i'm not hoping too much on it because the tv seems to be very picky about fCPUile formats... so i figured somehow duplicating the screen would be best if all else fails i'll just hook up the CPU to the TV.

View 1 Replies View Related

Cisco :: Use DNS Entry In Extended ACL Instead Of IP Address Range?

Sep 1, 2011

Is it possible to use a DNS entry in an extended ACL instead of an IP address range?

View 2 Replies View Related

Brocade 7420B Extended Ping?

Jan 23, 2013

whether MTU sweep is possible in Brocade 7420B. This is used in Data Center and Sys Admins are refusing it . I wish to check path MTU between these two devices (including these devices) separated by transmission media (I own this). OR any other method to check path MTU in Brocade . I have allowed jumbo frames in all my DXCs.

View 1 Replies View Related

Copyrights 2005-15, All rights reserved