I have an ASA 5520 and I'm using Solar winds real time interface tool to monitor the through put of the port. It seems I can never get it to use more than 100mb, where should I check?
I have run a sh int giga 0/1 and it shows the port is 1000mb full duplex and the I have also checked the other end where it plugs into the LAN and this also says the port is running at 1000mb full duplex.
We have a Cisco ASA 5520 and im looking for a way to monitor largest outgoing and incoming traffic per ip in real time so to know which of my internal computers are using the most of our Internet Line. Is there a way to this through ADSM ? We use version 6.3.
View 1 Replies View RelatedI am trying to get my Cisco SG 300 10 to talk nicely with my Solar Winds box. The solar winds can read interface statistics but does not recognize CPU or memory information. What the OID is for the proper MIB to enable with views?
View 1 Replies View RelatedSetting up Netflow from the 7010 platform to Solarwinds?I implemented the following code on both of my cores (VPC/HSRP Redundant Linked Pair) but had the following issues:
1. One of the cores I could see was sending Netflow records every few seconds whereas the other was not doing anything
2. Solarwinds was not seeing any of those records coming in and was showing last update from both devices as "Never"
Note that I have netflow already working as my Riverbed (fairly intelligently) already updates Netflow.Also i was all set to debug this myself but there doesn't seem to be debugging for Netflow that I can see?!?
I'm running into this issue on an ASA 5520 running version 8.2(2)9 and ASDM version 6.2(1).
I have an ACL denying traffic to a certain IP range and the logging level set to Debugging. The hit count is rising quite rapidly but when selecting "Show Log" the Real-Time Log Viewer opens with a value of 0x13d0ee2a in the "Filter By" field and no logs are ever shown.
Logging is enabled globally and Logging Filters on ASDM is set to Debugging as well.
how I can get the RTLV working?
is it possible to shutdown a specific port on my 3750x and monitor this port at the same time .for example , im dealing with a mac authenticated network using port security , i want to shut down all the ports that are not used at the moment , however , if some one gets connected to the one of the shutdown ports i want to know the mac address of the user or atleast to know that i have someone who is just plugged in to the one of the shutdowned ports .
View 4 Replies View RelatedI installed a new ASA using 8.2.2 version and ASDM 6.2.5 version in contexts mode.When i enable logging for ASDM as debugging i cannot use the real time log viewer because I have an error "Syslog connection Lost. Try restarting the syslog connection", I tried to reconnect using the icon at the bottom but nothing change.
View 9 Replies View RelatedI have an issue on an ASA 5510 that I have noticed today, when I am using the log viewer all of the information recorded only shows the high end source and destination ports. For example
Source IP 10.10.4.69
Source Port 59886
Destination IP 8.8.8.8
Destination Port 59866
So what seems to be happening is that I am seeing only half of the connection in the log viewer, I see the side with the high end ports and not the side with the ports the application uses, this example was done with a ping. All my services are working correctly and the client sending the ping gets the response expected, it just seems I have lost the logging display?
I have a new ASA 5510 running 8.3(1) and ASDM 6.4(5)
I am trying to use the real time log viewer to troubleshoot some access issues, but I am getting delays of up to 30 seconds or more between my client connecting to the ASA and the corresponding events showing in the RT Log viewer. I am using a simple filter for source IP as it's quite a busy device.
I've seen an article that says to turn off certain logging IDs (such as 304001 from memory) which I have done, but no different.
I have the following situation. A colleagues installed a spam block (Norton something) and he put two ip's on itsinterfaces. 192.168.2.20 and 192.68.2.21. One will be used to receive and one to send mail but both on port 25. They use a sinlge real IP 175.75.67.32. I am using a 5540 ASA with 8.2 IOS.
I am pretty sure this cannot happen but i got some advice to NAT the outgoing IP/Port and then PAT the incoming port to both IP's and it will work. I tried to do it with no success. I know that ASA 8.4 changes everything in NAT/PAT but is there any way with the newer OS my setup can work or not?
We have a Cisco ASA 5520 in HA (Active - Standby). We monitor the CPU,Memory Utilization and Active Session via SNMP polling.And SNMP trap for linkup ,linkdown and Cold start.Our requirement is to monitor the HA status and whenever there is a change in the HA - Failover we have to get a snmp trap.What are the configuration need to be done on the cisco asa.
View 3 Replies View RelatedMonitor a VPN tunnel that has as end devices a Cisco ASA 5520 and a NetScreen Firewall. I'll like to be receive an alert when the VPN is down.
View 1 Replies View RelatedWe have below queries regarding new version of ACS 5.3.
a) Is it possible to view real time logs for AAA clients and for ACS administrator?
b) Is it possible to track each and every change record for ACS Administrators and sessions in ACS . Ex addition and deletion of commands in command sets. As of now, we are able to see that config has changed by ACS admin but not able to see which commands are changed (Added or Removed)
c) As per user guide of ACS 5.3, we have an option for creating customized reports but unfortunately we are not able to see same option in ACS 5.3 GUI. Need confirmation on the same.
d) Is it possible to do configuration changes for ACS via Command line.
Topologies in real time implementation compare and contrast each other?
View 3 Replies View RelatedHow do I monitor connections to the DMZ port on our ASA 5505 (via ASDM 5.2)? We have a WAP connected to it and it's intermittently dropping connections.
View 2 Replies View RelatedI have an asa 5520. How would I configure my dedicated management interface to be able to route off subnet while the firewall is in transparent mode?
View 1 Replies View RelatedWe have an ASA 5520 and it's inside interface is currently plugged into a fast ethernet port on a 3750. I have just bought a 1gig SFP module and have copied the fast ethernet port config to the gigabit port, but the port seems to be flapping
The port conf gi is this:
interface GigabitEthernet1/0/4
description Link to Inside ASA
switchport access vlan 2
switchport trunk encapsulation dot1q
I have got ASA 5520. How to use the management port as a normal port on ASA. What are the basic reqirements for that.
View 3 Replies View RelatedI have an ASA 5520 with the Intrusion Prevention Module.The time displayed on the ASA is correct.The time displayed in all Intrusion Prevention gadgets is ahead exactly 4 hours.Under configuration, Time the Time Zone is correct, Eastern in my case. The sensor local time on the same page is correct and is grayed out.I only work in the ASDM as I am far from being a CLI person.I don't think the time being off is causing any issues, but it is strange.
View 1 Replies View RelatedWe have a block of addresses assigned to us by our ISP. We need to assign one of these addresses to a vendor we use for traffic to one of their internal devices. Lets say the address we gave them out of that block of addresses is 1.2.3.4
How do I add that address to the outside interface so that when traffic s sent to it that the traffic actually gets to the ASA as right now when we send traffic to that address it doean't make it to the ASA.
I cannot seem to ping from the outside of my 5520 firewall to an inside network. I have a single physical outside interface connected to a Layer 2 switch, with a laptop connected to it. This is on network 10.11.131.0/28. From there, I cannot ping to the inside interface (which is a sub interface on G0/0) with network 10.11.130.0/24/ For some reason, it doesnt work.
Now. I had access-lists in place, but have removed them for testing and it still doesnt work. I have set the security level of inside and outside to 100, and entered the same-security-traffic permit inter-interface command - still no joy. Below is the relevant configuration.
Inside Interface
interface GigabitEthernet0/0.96
description L3 Interface - Informational Zone
vlan 96
[Code].....
Recently our network experience a Internal DoS attack. One internal server ( the network/security team doesnt have any access to the adninistration of these server) starts to send a lot of DNS bogus request to some DNS servers on the Internet. With sh conn detail we saw the IP of these server and blocked it with an ACL in the Internal ASA 5520 interface. After that, the server team disconnect the server, and made their job cleaning these infected device. Everything goes normal again....
Today, the same server starts again with the same problem. But a lot worst thant the first time. The ASA starts to drops packets in the internal interface, the overruns was increasing dramatically ( like 10000 per second), the asp-drop table shows the same amount of traffic than interface overruns in the ACL-Drop line , and the CNT blocks for 16xxx with sh blocks was in zero. The sh acess-list INSIDE shows near 9 million hints in the line that deny the DNS request from the server to the Internet. Again, we disconnect the server and the problem was solved by the server team.
It seems that our ASA cant handle in their internal interface the amount of traffic that these server send outbound. IS there anyway to raise the blocks in the firewall? What is the best way to deny the servers connections ( ACL, or MPF or threat detection maybe), and avoid the ASA interface overruns even when the server sends these large amount of request.
i have a Problem with SNMP on the ASA Outside Interface. I want to monitor the Interface via SNMP (linkup, link down). I have a Active/Passive Cluster running on 8.4.2 and configured SNMP (v1) for Test on the Outside Interface. It's not that hard but when i try to test my Configuration with (peerless) SNMP Tester the Interface doesn't respond. Did i forget to configure something? Searched the forum but didn't find anything useful.
View 4 Replies View RelatedOn a Cisco ASA 5520. I have 2 interfaces that are the same security level. I need hosts on 1 of these interfaces to be able to get to a specific IP and port on the other but I DON'T want to blanket enable 'same-security-traffic permit inter-interface" I have added an ACL inbound on the interface allowing the desired traffic and inbound on the other for return traffic and it simply doesn't work.
interface GigabitEthernet0/3.175
vlan 175
nameif Test175
security-level 30
ip address 172.30.175.1 255.255.255.0
[code]....
I am currently using g0/3 for failover between my two ASA5520's. I would like to move that to the management interface to free up g0/3 for a second DMZ segment. are there any implications to doing this live other than i would only have a single ASA during the move?
View 1 Replies View RelatedI have two ASA 5520 with 4 Giga interfaces and 1 management interface.
I need to use 4 interfaces four data traffic
1- Inside
2- Outside
3- dmz-1
4- dmz-2
The remaining will be the management interface only.How can I configure the Statefull failover and Management?
1- I used the management0/0 for The stateful failover.
2- I used gig 0 for outside
3- I used gig 1 for inside
4- I used gig 2 for dmz-1
5- I divided the gig 3 to two sub interfaces
a- gig0/3.1 for dmz-2
b- gig0/3.2 for Management and I defined it as a management-only
I'm trying to NAT SIP registration from OUTSIDE interface to Inside interface on ASA
View 1 Replies View RelatedI have a cisco asa 5520 and suddendley in my Network Monitor tool,(using SNMP) asa's DMZ interface traffic is showing arround 90000 Kbit/s .
i want to check which traffic is flowing throgh this interface.(Ip address details)
Note : There is no impact on asa CPU usage.
From ASA 5520 we tested the interface failover it not working even the interface are getting monitor .
primary is active.
Manually we shut the outside interface of the primary device configuration is getting reflecting in secondary as outside interface shut. Interface failover not happen.
ii All the interface are getting monitor when we gave command sh failover. even though when we shut outside interface failove not happening.
how to do the interface failover in ASA 8.4 version.
I know this issue probably has been beat to death, but I have yet to find the answer to my situation. We recently upgraded from a PIX515e to ASA5520. Shortly after the install I noticed a problem with the servers on our DMZ. This problem was NOT present with our old 515e. The problem is that there seems to be a communication problem between servers on the DMZ, specifically when I try to open the web server homepage from my mail server, I get time-outs. When I ping between the two in either direction, I get time-outs. This might seem trivial, but I have other data servers on the DMZ that need to communicate between themselves.
When we question the tech that performed the install, his answer was that there might be a problem with the switch the servers are connected to, or the servers might have a virus. He stated the process of ping should never involve the DMZ interface. And yes, our DMZ interface IP is the gateway for the servers. Now, if the DMZ (ASA) should never come into play with a ping, why when I turned on logging did I receive the error below? It sounds to me that the ping is going through the interface. Here are a few of the errors on the DMZ with the specific server IPs.
july 13 2012 12:50:04 106014 10.10.0.10 10.10.0.5 Deny inbound icmp src dmz1 10.10.0.10 dst dmz1 10.10.0.5 type 8, code 0
The ping problem was only used as an example the demonstrate that there is a comm problem on the DMZ. ASA is running in router mode.
I have inherited an ASA 5520. In doing some auditing of the setup, I have noticed a Static Route that has the inside interface of the ASA as the Gateway IP. I am trying to understand the purpose of this route or why a route would be setup this way.
Example Static Route:
Inside 10.xx.31.0 255.255.255.0 10.xx.xx.10 (10.xx.xx.10 is the inside interface of ASA)
We have ASA 5520 firewall.For broadband Internet access, we have T1 Router(edge router provided by ISP) which provides public IP's 198.24.210.224 / 29. We have usable public IP's 198.24.210.226 - 198.24.210.230 with default gateway 198.24.210.225. We assigned 198.24.210.230 255.255.255.0 to the outside interface.
If we connect the ASA 5520 outside interface directly to T1 router, can all packets with destination addresses 198.24.210.224/29 reach the outside interface without using other device like another router or switches?I just assume that only packets with destination address 198.24.210.230(outside interface ip) can reach the outside interface from the edge router.Is it wrong assumption? If it is correct, then is there any way to route all packets with destination address 198.24.210.224/29 to the outside interface?
We already have a subnet defined to inside interface and is in produciton. the default gateway is this interface ip. In that setup now I have to add one more subnet and as the first subnet is been defined in ASA indside interface, I have to assign secondary Ip to the inside interface so that new subnet users can easily reach here and go outside.
View 1 Replies View Related