I have a newish instance of 5520 running. I am seeing some odd logging issues in that the logs are significantly delayed showing up in the real time viewer. I'll try to connect, say on remote desktop, and will not see the traffic in the viewer for up to 20 seconds or so after I'm already connected to the server. I have not seen this before.
View 1 Replies
I am currently testing Netflow accuracy on my Solarwinds platform. So I have been transferring a large file across an ASA 5520, which is set up to send Netflow data to out Solarwinds server.
The problem is that the Netflow data does not show up on Solarwinds for about 2.5 hours. Once it gets there the size is correct, but the time stamp on Solarwinds is 2.5 hours behind when the transfer happened. For routers it is showing up within a few minutes.
ASA is running 8.2(5) and Solarwinds NTA 3.9.0. Firewall and Solarwinds times / timezones are the same.
I'm running into this issue on an ASA 5520 running version 8.2(2)9 and ASDM version 6.2(1).
I have an ACL denying traffic to a certain IP range and the logging level set to Debugging. The hit count is rising quite rapidly but when selecting "Show Log" the Real-Time Log Viewer opens with a value of 0x13d0ee2a in the "Filter By" field and no logs are ever shown.
Logging is enabled globally and Logging Filters on ASDM is set to Debugging as well.
how I can get the RTLV working?
We’ve got lot of ASA appliances (around 30, 5505/5510/5520) and we never had this problem since the use of the new image software ASA 8.4(1) and ASDM 6.4(1). So, my problem is located on two ASA 5520 with active/passive failover with ASA image 8.4(1) and ASDM image 6.4(1).
My problem is that our appliance doesn’t show any logs when an ACL deny a packet, even if when I specify a specific “deny ACL” with a specific logging condition, asdm and ssh buffer logging are empty but the counters of the ACL increment.
I am running two ASA 5520 routers synched up with eachother. I had a massive connectivity issue this weekend that I am investigating. Now I have figured out how to get the live logging but I need to know how to get the old logs from my router.
View 4 Replies View RelatedI want to block team viewer using cisco ASA-5585 asdm..
How to block it using regular expression
I have a ASA5505 and I'm having trouble to achieve the following setup, block any kind of connection from outside except for IIS on port 80 and 443 but allow from the server to access any outside address, by domain or ip. Right now apps writen in C# on the server are throughing socket errors and Teamviewer remote control is not working, I would like it to replace remote desktop.
View 3 Replies View RelatedWhy my asa5520 brings out:
sh curpriv
Username : enable_15
Current privilege level : 15
Current Mode/s : P_PRIV
while i am logging in with my username which is XXXX. And in my ACS accounting logs I cannot see which user did what.
I have a problem on a Cisco ASA5520 version 8.2(5). A customer has set up a syslog to keep tracks of tcp sessions made by vpn users. On the syslog we filter %ASA-6-302013 and %ASA-6-302014 log messages, respectively: Built inbound TCP connection and Teardown TCP connection. When the connection is made by a vpn user, at the end of the log line you see the vpn username which should be the same in both the messages for the same connection. I have verified that when a user, let's say UserA, disconnects from the vpn, their tcp sessions are not properly closed; if another user, let's say UserB, establish a VPN immeditaely after and gets the same IP address previously assigned to UserA, the log sessions are recored with UserA in the %ASA-6-302013 message and UserB in the %ASA-6-302014 message. I presume this is due to the fact the tcp sessions are not tore down when the first user disconnects and it looks like a bug to me but I didn't find it referenced anywhere. Is there a way to have all tcp session tore down when a user disconnects the VPN connection?
View 2 Replies View RelatedI installed a new ASA using 8.2.2 version and ASDM 6.2.5 version in contexts mode.When i enable logging for ASDM as debugging i cannot use the real time log viewer because I have an error "Syslog connection Lost. Try restarting the syslog connection", I tried to reconnect using the icon at the bottom but nothing change.
View 9 Replies View RelatedGot a classical remote access vpn with Cisco VPN Client and ASA-5520, Some weeks ago I noticed in my ASA logs this severity 5 Message. Group = xyz, Username = abc, IP = 84.n.n.n, Duplicate Phase 2 packet detected. No last packet to retransmit. This message comes with every connect, but then connections works fine.
Remark: See ASA ADSM:
- 1. Duplicated Phase II (!!)
- 2. Phase I
- 3. Phase II
I have a new ASA 5510 running 8.3(1) and ASDM 6.4(5)
I am trying to use the real time log viewer to troubleshoot some access issues, but I am getting delays of up to 30 seconds or more between my client connecting to the ASA and the corresponding events showing in the RT Log viewer. I am using a simple filter for source IP as it's quite a busy device.
I've seen an article that says to turn off certain logging IDs (such as 304001 from memory) which I have done, but no different.
I recently reinstalled windows so as my pc was on service (one of rams was gone down) , but it is not the issue. My network connection is delayed, sometimes 5 minutes, this time 15.I found 2 types of errors in event log, I will add them at end of post .
So the problem - my computer acces network really slow. I am musing Modem what is connected with PC by my Ethernet cable and on pc I am using Local Area connection.Computer simply say that cable is unplugged while it is pluged in ( It works perfect with same modem and cable onmy laptop, I even tried different cable - no refult).Icon all the time have red cross, sometimes disabling/enabling network adapter fixes i, but nit today, then after some time it turns on in normal speed - several seconds blue circle spinning around and then connects.
But there is huge delay.Usually if he turn in it stay like thus, but sometimes it disconnects after some time ( after hour, maybe less or more ).I recendly find out one more thing, if I have my net fully working on my laptop and I plug off cable from laptop and blug in into my stacionary PC it connects pretty fast, i may be nothing, but sometimes it is only way.When trying connect it drops these 2 errors, sometimes several times : The driver DriverRTL8167 failed to load for the device
PCIVEN_10EC&DEV_8168&SUBSYS_E0001458&REV_014&39aeacf1&0&00E5.
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x001FD08E0204.
I keep getting an error when trying to use the Microsoft Link layer Topology discovery. It claims there the is either network delays or an incompatible router on the network.
Actual error:
"Responses from other devices on the network are delayed or there is an incompatible router on the network"
I have 2 RV042 routers, one for each of our network connections. So I am assuming this is the source of the error.
I am seeing SNMP coldstart traps that either are delayed by many hours or are false (e.g. right after receiving the coldstart trap a query to sysUptime shows the nodes been up for days).I seen this twice this week in a new network environment for me for two different C2900s running C2900-UNIVERSALK9-M Version 15.0(1)M3 Assuming the coldstart traps are coming from the actual source nodes, I am curious what could be going on here.
1) One guess I have is possibly the system clock changed could cause the SNMP agent to send a false cold start trap. Then my guess is in the device log I should see a system time change syslog message.
2) I recall hearing once that syslog and possible traps messages are held in configurable buffer who default value is 1 and if not sent are held and then suffer a delayed sent. Is it true for both traps and syslog ? In the past I assumed this was simply the logging history buffer and applicable to syslog traps only. My assumption in the past was that last trap or last syslog message is sometimes held on reload and sent immediately after restart regardless of device connectivity to the management target.
I always assumed coldstart traps are never delayed for any reason and that they were pretty accurate substitutes for system reload syslog messages. Does anyknow know any reason for false or delayed coldstart traps on a C2900 with IOS 15.0(1) ?
I have a cable modem internet connection and my cable modem is connected to an ASA 5505. The inside interface of the ASA has an IP address of 192.168.2.2 and is connected to a Linksys router's internet port which has an IP address of 192.168.2.1. The Linksys router then has a local area network of 192.168.1.0 and all my clients are on that network. Everything is working fine except in my ASA logs all the traffic shows up as the router's external address which is 192.168.2.1. I would like to see the 192.168.1.x address of the clients in the ASA firewall. I've tried making some changes to the Linksys router but that hasn't resolved it. Is there any changes I can make on the ASA to get this to work?
View 6 Replies View RelatedI have an issue on an ASA 5510 that I have noticed today, when I am using the log viewer all of the information recorded only shows the high end source and destination ports. For example
Source IP 10.10.4.69
Source Port 59886
Destination IP 8.8.8.8
Destination Port 59866
So what seems to be happening is that I am seeing only half of the connection in the log viewer, I see the side with the high end ports and not the side with the ports the application uses, this example was done with a ping. All my services are working correctly and the client sending the ping gets the response expected, it just seems I have lost the logging display?
I have a pair of ASA5510s in a failover configuration where I see these 2 logs repeated every 15 seconds.
105008 1 Nov 27 2012 10:39:27 (Primary) Testing Interface management
105009 1 Nov 27 2012 10:39:28 (Primary) Testing on interface management Passed
I have read other threads where these are accompanied by "105005, Lost Failover communications with mate on interface". But I'm only getting these 2. The other thing that is confusing is that the "management" interface is not the failover interface. So why do I see 105008/9 logs about it?
Output of "sh fail":
5510a# sh fail
Failover On
Failover unit Primary
[Code].....
ive googled over the past last hour and tried everything i found. But nothing worked. So here i am once again asking the geniuses of TSF for their amazing support recently installed VNC on both my laptops, specs below[CODE]
View 15 Replies View RelatedOn a windows 2003 data server with a 2008 domain controller, I have several Terminal Servers that are setup to only allow one remote time entry program to run. Totally locked down from network / internet (Kiosk Mode). Now I need to be able to view pdf files in a directory. How can I do this without giving access to the disks that are available for the time entry program to write back. The time entry requires a mapped drive with read/write access. Every pdf viewer I have found so far gives the ability to "File Open/Save as" and thereby gives access the the shared drive. If I use an Internet Browser then I have the same problem.
View 1 Replies View RelatedEvery year I attend a local motorsport event and I am usually responsible for providing a live online video broadcast of the event which I do using a website such as ustream.tv or similar. The event is non-profit so spending as little money as possible or none at all is the best option for us. We use a 3G card/dongle and a laptop with 2 or 3 webcams for the video feed....The results/scoring system in use at the event is controlled by the organisers and they have setup a VNC server where teams can connect with their laptops via a wireless network to view results, what I would like to do, is to include the results screen in my video feed. So somehow, I need to trick my computer into thinking that the VNC viewer software is a video input device.I have looked for something similar last year but didn't have much success, If separate laptops are needed, I have 3 windows laptops at my disposal and a macbook pro which will be on the same network. Whichever one will be most suitable for the task will be used.
View 2 Replies View RelatedWe were using ASA-5520-K9 with ASA-SSM-AIP-20-K9 but recently found some hardware problem in our running ASA. Now cisco want to replace with ASA-5520-K8.
View 1 Replies View Relatedi just installed ACS 5.1.0.44 with the latest Patch on a VMWare virtual machine and installed the evaluation license.Everything works fine except for the "Monitoring & Report Viewer"-Tab:When i try to launch the Viewer, it opens a new browser-window/tab, which then again opens another (the same) window/tab, and so on and on. So there would be an infinite number of windows/tabs, if i wouldn't close them all real quickly. Same problem with any client and any browser.I already deinstalled ACS 5.1 and tried ACS 5.2 on the same machine -> same problem.
View 4 Replies View RelatedWhen I launch Monitoring & Report Viewer and select one of the report (TACACS authorization for example) I want to filter the search with Interactive Viewer, but I can't cause all options are grayed. I've heared that some flash is needed but I've got plugins installed and nothing changed.
Can I run in in demo version? cause I've read that there is an add-on license which "Add-on licenses are available to support deployments that are larger than 500 devices (AAA clients) and to support advanced monitoring, reporting and troubleshooting functionality"
I am deploying a small wireless LAN (192.168.1.xxx) at a remote site and would like to access a PC at LAN IP address 192.168.1.2 across the Internet via TeamViewer so as to monitor devices on that LAN. The wireless LAN uses about 12 Cisco Aironet 1310 bridges in a ROOT-NONROOT (I guess this is point-to-multipoint?) configuration.Our ISP has given us a single static WAN IP address, subnet mask, gateway, and two DNS server addresses.
My intent was to assign our static WAN IP address from the ISP to our RV082 router, plug the LAN devices (including the PC at 1.2) into the RV082, and then use Network Address Translation (NAT) to forward TeamViewer traffic to the PC at 1.2. But the RV082's user manual says NOT to use the router's WAN IP address in the NAT table.So I'm confused as to how to send remote TeamViewer traffic to the PC inside my LAN. Is NAT not the way to do this? Should I be using port forwarding instead?I guess another way of skinning this cat would be to put a second NIC in the PC and let the second NIC have the WAN IP address so that it would be the first point of contact from outside, but that defeats some of my purposes for having the RV082 in the first place.
I have a setting where we are using some DCS930l cameras connected to a 2003 server. We are using the remote viewer and can see one camera but not the others. We have 5 cameras. We try to drag and drop the other cameras, but nothing shows up. Only the 1.
View 1 Replies View Relatedi have this problem when using Remote Live Viewer the Web Remote Client of DviewCam 3.2: i can only see one camera at a time, even more i have to stop playing the current one if i want to change the camera. the viewer shows me the grid for playing many cameras but i don't know if they can be played simultaneously. I can select any camera and will play so i don't think it's an access problem.
View 2 Replies View Relatedusing a Linksys E2500. I have a Ubuntu "server" set up which i can access on my LAN through VNC Viewer (windows machines) no problem. I can even access it through the external IP address on a machine inside the LAN (both internal address and external address work from inside the LAN). I set up port forwarding (per portforward.com) but i still can not access my machine from outside the LAN. It has a static IP as well btw.
View 2 Replies View RelatedI'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
I have an asa 5520. How would I configure my dedicated management interface to be able to route off subnet while the firewall is in transparent mode?
View 1 Replies View RelatedWe are using the newest release of AD Agent (1.0.0.32.1, built 598). The ASA Firewalls 5520 are having the software release 8.4(3)8 installed.When somebody tries to connect thru the Identity based firewalls from a citrix published desktop environment (PDI) the connection is not possible. Checking the ip-of-user mapping on the firewalls (show user-identity ip-of-user USERNAME) mostly doesn't show the mapping of the USERNAME and the PDI the user is logged in. The user-of-ip mapping of the PDIs IP-address shows mostly other users, which then are used to authenticate the acces thru the firewalls.
What is interesting, that on the AD Agent using "adacfg.exe cache list | find /i "USERNAME"" i can't see the PDIs IP-address neither because it is mapped to another user.Is Citrix Published Desktop environment supported to connect thru Identity based Firewalls? How AD Agent, Domain Controllers and Firewalls are working together? On the firewalls with "show user-identity ad-agent we see, the following:
-Authentication Port: udp/1645
-Accounting Port: udp/1646
-ASA Listening Port: udp/3799
Why Cisco does use 1645 and 1646 and not 1812 and 1813?The Listening Port is used for what purpose? we tried the AD Agent modes full- download and on-demand with the same effect.
I try to launch a LAND Attack against my firewall ASA 5520. Everything will work fine. But why, I think it should not work. I use a little tool where I can user a spoofed address, with a cluster shell and attack the firewall interface with the source of 127.0.0.1 ore the ip address of the interface as the source and destination. Then I get a cpu load of 89% with only two host. With IP tables I can use kernel processes to prevent this. But I don´t find anything for ASA.
View 1 Replies View RelatedTwo different WAN links get connected to the firewall via two routers.(Different ip subnets).I need to get this two wan streams seperatly to the core switches.Core switches sits.Active/Stanby senario. If the Active core goes down Stndby Core will have take over the traffic. My design is correct ,if not what do i need to change. ASA is 5520.
View 8 Replies View Related
