Cisco Firewall :: ASA-5520 - Cannot Hear Outgoing Message
Dec 9, 2009
We have setup the IP phone proxy on our ASA-5520, we had a couple of issues with the initial setup, but nothing major. It has been up and running for a few weeks and basically everything works perfectly just like we designed it except for 1 strange audio issue on outbound calls. We can make a call to anywhere, no problem, if the call is answered, no problem, perfect call setup and good quality 2 way audio. But if the person we called doesn't answer the call and that call goes to their voicemail we loose all audio from that point forward, we do not hear their outgoing message or get any prompts just dead air. The same situation appears to be true for any "recorded" service on the other end of the call.
View 7 Replies
ADVERTISEMENT
Feb 12, 2012
I have a WRT160N router (firmware 1.53.0) that is connected to my broadband. It is giving me problems with VOIP/SIP Traffic.My SIP client connects fine and makes calls, but I cant hear any incoming/outgoing sound. The SIP client works fine when connected directly to broadband. I tried DMZ and that didn't work. Disabled SPI and that didn't work too.
View 2 Replies
View Related
Mar 4, 2013
We have a Cisco ASA 5520 and im looking for a way to monitor largest outgoing and incoming traffic per ip in real time so to know which of my internal computers are using the most of our Internet Line. Is there a way to this through ADSM ? We use version 6.3.
View 1 Replies
View Related
Jul 14, 2011
I'm seeing a lot of these message in my 5520 ASA.
Deny IP spoof from (0.1.0.4) to 0.1.0.4 on interface inside
View 1 Replies
View Related
Oct 30, 2011
Here's the current scenario:
[LAN] <---> ASA 5520 <---> Cisco 2911 <---> [Internet] <---> Server A
|
|
[DMZ]
Whenever I access a website running in "server A" (only HTTP traffic) everything works fine. The problem is that when I try to access a different service on the same server but listening on port 2000/tcp I get the TCP Reset-O message on the ASA and the workstation's browser says that "Internet Explorer cannot display the webpage".
A weird thing: if I access this service from a machine on the DMZ, it works fine. From the LAN (Inside) it does not work. The main difference is that from the LAN to OUTSIDE the ASA does NAT. From the DMZ to OUTSIDE it's just routed. I did another test from the LAN and the captured traffic is attached. I've been messing around with protocol inspects and firewall + NAT rules on the ASA but no luck at all.
View 5 Replies
View Related
Aug 26, 2012
When trying to access the asa (8.0(3)) with asdm the console send follwing error message:
vPif_isVpifNumValid: pifNum out of range!
vPif_getVpif: bad vPifNum(0xa6) from 87EBC81 from 83833B4
Have a strong suspicion that it is a hardware failure (since asdm has worked and have tried to restart the box) can not see any errors with any show commands, but could it be a RAM error .
View 1 Replies
View Related
Jul 11, 2011
We recently upgraded our ASA to 8.3, most everything went ok, but I am having problems with outgoing nat. It seems that when one our systems that needs to be natted to an outside IP address when connecting out is not doing it. When that system goes out the ip address is our internet IP and not the natted address, however, inbound everything works.
We have one rule that does PAT
nat (INSIDE,OUTSIDE) source dynamic OG_IP_NAT_DMZ obj-1.1.1.1This is the natting statement that should be translating the addressesobject network obj-10.200.0.10
nat (INSIDE,OUTSIDE) static 2.2.2.2I think I need to double nat, is that right if so how?
View 9 Replies
View Related
Dec 6, 2012
Have a asterix PBX running my system and I upgraded my security with a cisco ASA 5505. Now all the extensions are working including the remote once. Everything elase like internet.Other servers all working fine. Only problem is that when ever someone dials a landline number from an extension it does not go through.seems like the firewall is blocking it but I cannot figure out why or how. All the NAT and Access list is fine. Although I have no idea how to accept the SIP PROXY IP through the firewall and I am guessing that might be the problem. There is no any other problem and I am 100% satisfied with the ASA5505 except this problem
View 3 Replies
View Related
Apr 16, 2013
I have ASA 5510 with soft version 8.4(5) installed. There are two interfaces:
IP 1.1.1.1/24 - inside
IP 2.2.2.1/24 - outside
I have configured PAT, so network 1.1.1.0/24 gets NATted to 2.2.2.2 address. Everything works fine, except I can't reach 2.2.2.2 via ICMP from the internet.
X.X.X.X 2.2.2.2 Deny inbound icmp src OUTSIDE:X.X.X.X dst OUTSIDE:2.2.2.2 (type 8, code 0)
But I have configured an access list allowing ICMP from any to any: access-list outside_access_in extended permit icmp any any
Thus address 2.2.2.1, which is binded to outside interface itself, is perfectly reachable via ICMP.
I've got two questions:
1) Is there a way to fix it? It will be handy for diagnostic purposes.
2) is it possible to configure the secondary IP address on the interface on ASA? I've read, that there are some complications.
View 6 Replies
View Related
Nov 25, 2012
i cannot send emails to outside, i have an access rule on interface inside permit source: inside destination: any servic: tcp/smtp and when i make paket tracer it shows me that the packet is dropped but i cant see through which rule!!
ASA version: 8.4(3)
ASDM version 6.4(7)
View 2 Replies
View Related
Apr 25, 2012
For ASA v8.3 and above we don't need to use nat-controll, traffic from high security interface can go to low security interface without matching NAT statements.So does the ASA automatically NAT s the outgoing traffic to the outside interface by default?
For example
ASA inside int---10.1.1.1
outside int---120.11.1.1
when the inside hosts try to go out they will be NATed to 120.11.1.1 by default on version 8.3 and later.is that right?
View 7 Replies
View Related
Feb 2, 2013
I have a TP-Link TL-WN822N wireless usb adapter. It works well, as far as getting a signal.But whenever I use my earbuds I can hear static. When I unplug the adapter, I no longer hear static. It sounds like the static is the sound of data transfer, because the sound get busier and louder when I'm downloading something.I have the latest driver installed.
View 5 Replies
View Related
Mar 23, 2013
Is there any remote access software which allows one to hear the audio of the computer connected to?
View 2 Replies
View Related
Jan 18, 2011
My friend cannot hear me when I speak via my computer on Skype
View 1 Replies
View Related
Feb 22, 2013
I have cisco 5550 Firewall, one messages appear in syslog server from Firewall, (warning) i want to stop this message from appearing syslog traps.
View 2 Replies
View Related
Dec 24, 2012
We just installed our EA6500 Smart Wi-Fi router and it works great! All admin set up, wired pc connected, wireless notebooks connected, wifi printer connected, and 2 game consoles connected. All work fine!BUT, the router is located here on my desk by the wired pc, cpu, & speakers and we can hear when a software download, software update, or even a router speed test is conducted! What a record sounded like when played at too fast a speed, that is what we are hearing: static and fast high pitched sounds.Tried moving our speaker further away from the router but there is only so far it can be moved.
View 1 Replies
View Related
Jun 11, 2013
I'm configuring the nat on a ASA5525 running on 9.1.2 and got 2 questions, 1. Is the below overlap warning message normal and will not cause any issue? 2. Is there a simple way on 8.3 and later to fulfill the same functionality like 8.2 and earlier?
old config on 8.2 and earlier
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (dmz) 1 0.0.0.0 0.0.0.0 0 0
global (outside) 1 216.19.84.5
[code]....
View 4 Replies
View Related
Dec 19, 2011
I keep getting an error message, i've tried several things to resolve it but still no success.This is the exact error message:
regular translation creation failed for protocol 41 src Customer: dst outside:
View 4 Replies
View Related
Nov 2, 2012
We were using ASA-5520-K9 with ASA-SSM-AIP-20-K9 but recently found some hardware problem in our running ASA. Now cisco want to replace with ASA-5520-K8.
View 1 Replies
View Related
Jan 20, 2013
I recently reboot my asa 5520, I was trying to remove webvpn listening from my outside nic, even though it wasn't configured. [code]I was planning to do another reload without the fast reload option.
View 1 Replies
View Related
Jul 13, 2012
I have an 887VA-w connected at home. I am using ip virtual-reassembly an all interfaces (dialer and all internal VLANs), I am also using CBAC (currently setting up ZBF). The issue I am having is that I keep getting drop packet error messages and the reasons can differ. Below are some of the outputs I recieve: [code] I have done a show ip virtual-reassembly on all the interfaces and the counter is shown as 0.
View 6 Replies
View Related
Aug 1, 2012
Two Vlans (ID1 and 100)are on a Cat 4500, which connects to an ASA, interface DMZ. On 4500, there is default route point to the ASA DMZ interface Issue, server on vlan 100 cannot ping a server on Vlan 1, vice verse. When I enable the realtime log, it gives me a “Translation creation failed” message, please see the attached files.
View 1 Replies
View Related
Sep 17, 2011
i got an error while connecting to my PIX (515e) via ssh connection there is an error message appears (The server has disconnected with error, server message reads: Internal Error) and at the console session at the time time, the following message appears also (process_create: out of memory)
View 1 Replies
View Related
Mar 5, 2012
I'm fine tuning some of our ASA logging config, and am having an issue with one particular syslog ID.The message is: syslog 106100: default-level informational (enabled)and the log settings are:
Syslog logging: enabled
Facility: 20
Timestamp logging: enabled
Standby logging: disabled
Debug-trace logging: disabled
[code]....
This ACE log entry is generated by explicit deny any any statements at the end of all the ACLs, e.g.access-list inside_access_in extended deny ip any any log interval 600 Based on the config, I would expect to see this being logged to the syslog server, but not to the local buffer, but am still seeing them locally in the buffer:
Feb 22 2012 10:58:20: %ASA-4-106100: access-list inside_access_in denied udp INSIDE/HOSTABC(52629) -> OUTSIDE/HOSTXXX(162) hit-cnt 5 300-second interval [0x3baecf1e, 0x0]
It also still shows these as level "warning", %ASA-4-106100, instead of the default %ASA-6-106100 I've tried removing and re-applying the config at different levels but it still reports in the buffer log as level "warning", %ASA-4-106100 This also doesnt affect every 106100 log that is generated. Most messages are generated at the correct level 6 severity but some seem to randomly log at level 4. There doesn't seem to be any pattern to this. The same access-list line can produce severity level 4 and 6 106100 messages.
View 2 Replies
View Related
Aug 14, 2011
I have two ASA in failover with Active/standby configuration. When I switch from standby to active from the standby ASA I get a lot (like 100) of error messages like these below: [code] The failover works fine and nothing seems to be wrong with the firewalls function.
-Hardware is ASA5585-SSP-10.
-Software version: ASA 8.2(5),
ASA is in multiple mode with 17 active context. Why these error messages appear and what they mean?
View 2 Replies
View Related
Mar 17, 2011
I have 2 ASA 5510 firewalls at 2 different sites. Both running on version 8.0.4. Users are using an Instant Messaging type of application provided by a local telco here which is able to send and receive SMS using SIP (from the packet capture that I've done).
When users use the IM in site A, they are able to send and receive text messages via the IM from behind the firewall. However, when the users are in site B, users are able to send out text messages but not able to receive them.
I noticed that when I remove "inspect sip" from site-B's global policy map, users from site-B can successfully receive text messages. I have confirmed that it is the firewall that drops the packets as I have captured the inside and outside interfaces of site-B's ASA and I can see the incoming sip "request: MESSAGE" packet on the outside interface but I do not see the packet exiting the inside interface.
I have cross check both firewall configurations, and I do not see anything suspicious commands relating to sip that might cause this issue. Is there any command to troubleshoot why the sip inspection is dropping the sip packets on site-B?
View 15 Replies
View Related
Feb 27, 2013
I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
View 5 Replies
View Related
May 5, 2013
I have an asa 5520. How would I configure my dedicated management interface to be able to route off subnet while the firewall is in transparent mode?
View 1 Replies
View Related
Jul 26, 2012
We are using the newest release of AD Agent (1.0.0.32.1, built 598). The ASA Firewalls 5520 are having the software release 8.4(3)8 installed.When somebody tries to connect thru the Identity based firewalls from a citrix published desktop environment (PDI) the connection is not possible. Checking the ip-of-user mapping on the firewalls (show user-identity ip-of-user USERNAME) mostly doesn't show the mapping of the USERNAME and the PDI the user is logged in. The user-of-ip mapping of the PDIs IP-address shows mostly other users, which then are used to authenticate the acces thru the firewalls.
What is interesting, that on the AD Agent using "adacfg.exe cache list | find /i "USERNAME"" i can't see the PDIs IP-address neither because it is mapped to another user.Is Citrix Published Desktop environment supported to connect thru Identity based Firewalls? How AD Agent, Domain Controllers and Firewalls are working together? On the firewalls with "show user-identity ad-agent we see, the following:
-Authentication Port: udp/1645
-Accounting Port: udp/1646
-ASA Listening Port: udp/3799
Why Cisco does use 1645 and 1646 and not 1812 and 1813?The Listening Port is used for what purpose? we tried the AD Agent modes full- download and on-demand with the same effect.
View 17 Replies
View Related
Apr 15, 2013
I try to launch a LAND Attack against my firewall ASA 5520. Everything will work fine. But why, I think it should not work. I use a little tool where I can user a spoofed address, with a cluster shell and attack the firewall interface with the source of 127.0.0.1 ore the ip address of the interface as the source and destination. Then I get a cpu load of 89% with only two host. With IP tables I can use kernel processes to prevent this. But I don´t find anything for ASA.
View 1 Replies
View Related
Jan 4, 2012
Two different WAN links get connected to the firewall via two routers.(Different ip subnets).I need to get this two wan streams seperatly to the core switches.Core switches sits.Active/Stanby senario. If the Active core goes down Stndby Core will have take over the traffic. My design is correct ,if not what do i need to change. ASA is 5520.
View 8 Replies
View Related
May 22, 2013
I have ASA 5520 installed. I want to use ntp server for firewall clock setting. I found one open-access ntp server (stratum 2) in Los Angeles:
[URL] 209.151.225.100
Can I use the following command to set ntp server?
ntp server 209.151.225.100 source outside.
View 3 Replies
View Related
Jan 1, 2012
communication between 2 vlans.i have 2 vlans
Vlan 100
ip add 1.1.1.1
!
!
!
Vlan 200
ip add 2.2.2.2
i want to make communication between 2 vlans on firewall 5520 ASA 8.2.
View 1 Replies
View Related
