Cisco Firewall :: ASA 5550 Module 1 Interface

Oct 25, 2011

Is it possible to use ports from 2 SFP and 2 RJ45 Interface on ASA 5550 Module 1.

View 5 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5550 - Interface Failover / Interface Goes Down

Mar 18, 2013

I've got a ASA 5550 firewall interface failover issue. (File attached).
 
when I shut down the inside interface Gi 1/1 of the left firewall(Active firewall), It failed to failover. but when I shut down the Gi 1/12 of the Core 1 switch, The firewall failover very well.
 
I followed this guide but I was not able to failover. [URL]
 
how can I configure so that when the Gi 1/1 or Gi 1/0 interface goes down, it can failover ? Code...

View 6 Replies View Related

Cisco Firewall :: ASA 5550 Inside Interface Hangs

Apr 24, 2012

the inside interface on our primary ASA seemed to "hang". It dropped all the packets it received. Because the interface didnt go down, failover didn't happen. Device's info;

-Cisco Adaptive Security Appliance Software Version 8.2(3)
-Device Manager Version 6.3(3)
-Hardware:   ASA5550, 4096 MB RAM, CPU Pentium 4 3000 MHz
-Internal ATA Compact Flash, 256MB
-BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
 
I attached a capture picture shows that traffic didnt go to the roof when the issue happened. Why the interface would "freeze" randomly?

View 1 Replies View Related

Cisco Firewall :: ASA 5550 To Setup Unit / Cannot Configure IP In Interface

Nov 12, 2011

I am normally only doing IOS config. I have little problem when trying to setup this unit.,It boots ASA software 8.0.4 fine.,When i go to enable mode and into configuration mode and try to configure ip on an interface i have a problem.,

ciscoasa(config)# intciscoasa(config)# interface manciscoasa(config)# interface management 0/0ciscoasa(config-if)# ?,Interface configuration commands:  default      Set a command to its defaults  description  Interface specific description  dhcp         Configure parameters for DHCP client  duplex       Configure duplex operation  exit         Exit from,interface configuration mode         Interactive help for interface subcommands  no           Negate a command or set its defaults  shutdown    ,Shutdown the selected interface  speed        Configure speed operationciscoasa(config-if)#

I did try to upload the new software 8.4.2 from rommon using TFTP. ,It boots 8.4.2 fine, but  have same problem as in 8.0.4.,I did try to create a user haveing priv 15 and logging on as that user. It gives the same.,The firewall is not in transparent mode.

View 3 Replies View Related

Cisco Firewall :: ASA 5550 / RFC 1918 - Tunnel Terminates At Outside Interface

Aug 2, 2011

I've recently set up a LAN-2-LAN VPN tunnel to a 3rd party service provider who uses RFC 1918 private addressing internally and cannot perform NAT on their side of the tunnel.  In order to avoid conflicts with our address space I've had to implement DNAT for the address on the 3rd party network that users at my end must access.  The tunnel terminates at my end on the outside interface of an ASA-5550 running 8.4.2.  While the ASA has 8 interfaces at security levels between 0 and 100, DNAT only need occur for traffic flowing from inside (100) to outside (0).

The following (redacted) addressing applies:

Address of the server on the 3rd party provider network: 192.168.2.155

Mapped address of server as seen on the network at my end: 10.168.2.155

I've currently implemented DNAT using object NAT as follows:

object network remote-server
host 192.168.2.155
nat (outside,inside) static 10.168.2.155

This works as expected, however in examples and discussion I've seen, it appears that the typical way to configure NAT for this scenario is with manual NAT as follows:

object network remote-server
host 192.168.2.155

object network remote-server-mapped
host 10.168.2.155

nat (inside,outside) source static any any destination static remote-server-mapped remote-server
 
Is there any reason why I should consider using the manual NAT method rather than the object NAT method in this scenario?Are there any technical reasons why using object NAT in this manner should be avoided?

View 1 Replies View Related

Cisco Firewall :: ASA 5550 - Configuring Sub-interfaces On Management Interface

Nov 29, 2011

I am currently doing some research (for my employer) into creating multi-context sub-interfaces on a Transparent ASA 5550.
 
I have not been able to find any details on this subject which state it is or it is not possible. This will be used for Syslog logging.

View 1 Replies View Related

Cisco Firewall :: ASA 5550 Switch - Change Media Type Command On Interface

Oct 12, 2011

I am switching a switch connecting to the ASA5550 tomorrow. My current switch is using fiber connecting to the ASA. The new one only support copper. If I switch between fiber to copper on the ASA (change media-type command on interface) will it cause a down time? I have VPN tunnel on the ASA and don't want the session to reset.

View 2 Replies View Related

Cisco Switching/Routing :: Connect ASA 5550 To Nexus 7K F2 Module Using Twinax Cable?

Mar 24, 2012

can we connect ASA 5550 to Nexus 7K F2 module using twinax cable?

View 4 Replies View Related

Dell :: Combination Of Latitude E6410 And 5550 Module For Faster HSPA+ Networks?

Jul 25, 2012

I am thinking about buying Dell 5550 module to my Latitude E6410. I know that for E6410 is designed 5540 module, but newer 5550 for E6420 has ability to use faster HSPA+ networks.

So my question is, any info on this combination of Latitude E6410 and Dell 5550 module?

View 1 Replies View Related

Cisco WAN :: 1T3 / E3 / 2951 - No Interface Corresponding To Module When Show IP Interface Brief

Feb 13, 2012

I have a 1t3/e3 card in a new 2951. When I statred the router, I found no interface corresponding to this module when do "show ip interface brief"

View 3 Replies View Related

Cisco Firewall :: 5550 Firewall Set Up For Redundant Purpose

Mar 3, 2011

i two 5550 firewall set up for redundance purpose . in failover we define two different ip add one for primary and one for secondary .interface Ethernet0/0 nameif outside security-level 0 ip address xxxx.0.0.0.1 255.255.255.0 standby xxxx.0.0.2!interface Ethernet1/0 nameif inside security-level 100 ip address 10.0.0.12 255.255.255.0 standby 10.0.0.11.default gateway for host will be 10.0.0.12 (primary fw address) however in case of failover , the secondary fw will be up with ip address that was assigned for primary .in this case the secondary ip add 10.0.0.11 is actually nerver used? similarly do i need to have two public ip address for outside (one for primary and one for secondary )   ? or in case if primary fails the secondary comes onlie and take the ip of primary fw . hence i only need to purchase just one ip address.

View 6 Replies View Related

Cisco Firewall :: 5550 Firewall Syslog Message

Feb 22, 2013

I have cisco 5550 Firewall, one messages appear in syslog server from Firewall, (warning) i want to stop this message from appearing syslog traps.

View 2 Replies View Related

Cisco Firewall :: Secondary ASA 5550 Firewall Getting Down Automatically?

Apr 17, 2011

I am having two ASA 5550 firewall running in active/standby mode. With in last two months our secondary firewall got down automatically 3 times. Firewall is running with IOS version 7.1.2. how to proceed further troubleshooting because there are not any logs on firewall.

View 3 Replies View Related

Cisco Switching/Routing :: 2911 - Assign IP To Interface In Module?

Jul 25, 2012

I need to configure a Cisco 2911. I need to give an interface in this module (VWIC3 - 4MFT-T1/E1) an IP address. My question is, how to assign an IP to an interface in this module.
 
My purpose is to get connectivity via T1 line to another router.

View 16 Replies View Related

Cisco WAN :: 2911 - Support Interface ADSL Module Like Backup Link?

Apr 27, 2011

i will going to buy a router 2911 but i want know if support a interface ADSL modulo like backup in case that my primary link WAN Ethernet down and up the adsl link with a module HWIC ADSL pots.

View 1 Replies View Related

Cisco Firewall :: ASA 5550 Two ACL From Outside To Inside

May 13, 2011

I have  ASA5550 ruuning Version 8.3(1) with inside and outside interfaces as below [code] On the inside : I have a server (10.20.10.36) that need to be accessed from an outside host (Y.Y.131.34) , so I have the below NAT/ACL  rules. [code] is it right that I have to add two ACL entry for outside host to the NATed IP of the inside server , then again add another ACL entry from the same outside host to the private IP of my inside server o get this communication done?

View 7 Replies View Related

Cisco Firewall :: ASA 5550 With IOS 8.0(2) Crashes

Jan 31, 2012

we had just installed our ASA 5550 with IOS 8.0(2) a couple of week ago.
 
2 interfaces from each slot are being used ie 0/0 for Branch users comming via MPLS cloud ,  0/1 for internal LAN users comming form Core Switch  & 1/0 for Server farm LAN   , 1/1  for Internet (outside)
 
the first 3 interface are considered inside with sec set at 100   while the 1/1 is outside with sec at 0.
 
Last night it suddenly started dropping all connections without any warning  or any noticible log form the ASDM logging.
 
the connection drop would happen for 2 - 3 minutes and would work fine for the next 15 minutes or so..
 
after conencting the console , we found out that the IOS would suddelny go abrupt and show this display ...
 
TP-ASA(config)# TP-ASA(config)# TP-ASA(config)# Thread Name: Dispatch UnitPage fault: Address not mapped    vector 0x0000000e       edi 0x24d184b0       esi 0x0000000d       ebp 0x1c6ceaf8       esp 0x1c6ceae0       ebx 0x09e965e0       edx

[Code]....

View 2 Replies View Related

Cisco Firewall :: 5550 - How To Do NAT Exemption With V8.4

Oct 4, 2011

I have looked in the books I have (Cisco ASA, PIX and FWSM; ASA 8.0) and googled a good bit but can't seem to find any specific mention of how to do NAT exemption with v8.4. It seems NAT exemption (NAT 0 access-list) was deprecated. Using ASDM, there's no corresponding menu item for this that is obvious.
 
We have public addresses inside the ASA and want to allow in/outbound connections using these IP's without NAT. The ASA is a 5550.

View 7 Replies View Related

Cisco Firewall :: ASA 5550 IPv6 Compatibility?

May 21, 2013

I need to understand if ASA 5550 ver 8.2(1) is comptible with IPv6, if not what is the upgrade path to make it IPv6 compatible. The requirement is dual stack of IPv4 and IPv6 should run in the same HA cluster and later will shift IPv6 completely.
 
The existing infrastructure is equipped with ASA with HA Active/Active mode. The command output for required details are attached here in txt mode.

View 2 Replies View Related

Cisco Firewall :: High CPU Utilization On ASA 5550?

Mar 10, 2013

I have Active Standby ASA5550 setup with VPN premium license. A few days back we had a requirement of SSL VPN connection for and we got a temporary from Cisco for same, this license expired and the ASA reverted to it's original license. 3 4 days after this we saw a sudden increase in CPU utilization (upto 90% + -5%) on the ASA during production hours but were not able to figure out the reason, in order to restore the services we failovered the firewall to secondary and everything worked fine. We were suspecting one of the following but there were no logs for any of this
 
1. The ASA hardware was haivng problem

2. Some client was doing a DoS attack to bring down the ASA (no logs for this as well).
 
We took a downtime to look further by failovering the ASA back to primary and it worked fine without any issues ruling out the 1st option. We also came across a licesing doc [URL]
  
Downgrading any license (for example, going from 10 contexts to 2 contexts).
 
# Note If  a temporary license expires, and the permanent license is a downgrade,  then you do not need to immediately reload the security appliance; the  next time you reload, the permanent license is restored.
  
As per this doc, sooner or later a restart was required on the ASA. We restarted secondary ASA and everthing was fine but when we restarted the primary ASA by swtiching over to secondary some of the server (not all) in the DMZ stopped working (even ICMP unreachable) and only came back to normal when the primary ASA was restored and working fine (with failover).
 
The reboot was done by shuting down the physical link between the Core switch and ASA inside individually.
 
I am not sure what could be the issue that the servers in the DMZ wen unreachable.

View 0 Replies View Related

Cisco Firewall :: ASA 5550 - Two Different Syslogs Servers?

Aug 9, 2010

In my Cisco ASA 5550, I need to set two different syslogs servers, and I need to send the system logs to the first one (only admins login/logout), and the traffic logs and all the rest (informational level) to the second one. Do you know if is it possible or not and, if yes, how to configure it?

View 6 Replies View Related

Cisco Firewall :: ASA 5550 Active / Standby With SSL VPN

Jun 12, 2011

I would like to work with two ASA's 5550 in HA (Acitve-Standby)  like perimetral firewalls and also work with another ASA 5540 but like a SSL VPN Remote Access to end users.Which will be the best topology to this scenary?. Perhaps i need to put the ASA 5540 SSL VPN together with the ASA's in HA directly in a port.

View 1 Replies View Related

Cisco Firewall :: How Many Outside Interfaces Are Allowed On ASA 5550

Apr 26, 2011

I am using an ASA5550 for a complex secure network that has at least six "outside" networks.  Each "outside" network is assigned to a specific port each set at level "0".  I also have a DMZ, set to level "50".  I am having difficulty with passing traffic from a host in the DMZ to all but one of the "outside" networks.  Is there a limit to the number of "outside" interfaces?  I will provide a redacted config file as soon as possible.

View 3 Replies View Related

Cisco Firewall :: ASA 5550 - URL Filtering Using Web Sense?

May 10, 2013

i have Cisco ASA 5550 and i want to do URL filtering using Web sense,can i use Micorsoft Forefront TMG2010 as websense server to do that?
 
the idea is to filter the HTTP & HTTPS URLs,if the  Micorsoft Forefront TMG2010 is not suitable,refer to suitable Websense URL filtering server?

View 2 Replies View Related

Cisco Firewall :: ASA 5550 Sending Reset With TTL Of 255

Oct 3, 2011

I have the following problem, right now we have an ASA 5550 connected to the client´s side. A reset is being received on the client´s side, but when we run the sniffers on both extremes of the network, we can see that the reset is not being sent by the server´s side.
 
We have narrowed it down to the 5550 ASA, but have found no bug that matches the description.
 
The characateristics of the reset packet are the following:
 
- It is the only packet with a TTL of 255.

- Both server and client have very different window sizes, and the reset packet even though has the server´s ip and port as source of the packet, it has the client´s window size.

- It has a correct ack number.

-Before the reset is received, there are a couple of retransmissions of the last packet sent.

- We´re handling a VPN tunnel between both servers.

View 1 Replies View Related

Cisco Firewall :: Does 5550 Contains Built In CSC / IPS Modules

Feb 7, 2011

i m looking for asa 5550 product.Part # ASA5550-BUN-K9 - Cisco ASA 5550 Appliance with SW, HA, 8GE+1FE, 3DES/AES
 
1) does 5550 contains built in CSC / IPS modules.? why i  m asking because the "quick refrence guide " indicates that expansion slots are not available.
 
2) can asa 5550 natively protects natively against networks attacks against virus / worms  etc with out CSC OR IPS MODULE.?

View 9 Replies View Related

Cisco Firewall :: ASA 5550 To ASA 5555-X Migration

Apr 23, 2013

I am about to carry out a migration from ASA 5550 to ASA 5555-X, however I cannot find any detailed document or reliable tool for this migration.

View 4 Replies View Related

Cisco Firewall :: ASA 5550 Cannot Logon With ADSM

May 22, 2012

I cannot logon with adsm anymore.when I run adsm, I type in my pw, and the screen keeps displaying "contacting the device". No timeout, just stays this way.I've updated the java version, no luck.I can connect with SSH with no problem. device = asa5550, 8.2(1) asdm 6.2(1) [code]

notice that there is no "with cookie-based authentication" here -- is this relevant?
 
Rebooting the device is not really an option.

View 7 Replies View Related

Cisco Firewall :: ASA 5550 Flags E Connection

May 2, 2012

I have an issue were thousands of connections on the ASA are marked with flags E, below is a visual of the connection. Any ideas what could cause this marking? Also, I can't grasp what the meaing of an outside back connection (ie flags E).
 
TCP DMZ:X.X.X.X/139 Inside:X.X.X.X/1828,    flags E, idle 9h37m, uptime 9h37m, timeout 15s, bytes 0

View 0 Replies View Related

Cisco Firewall :: Link Aggregation On ASA 5550?

Jan 10, 2011

i'm installing a Firewall Cisco ASA 5550 with 8 Gigabit interfaces.
 
I have installed firmware 8.2.3.
 
Is it possible to make link aggregation on ASA to have more bandwith?

View 7 Replies View Related

Cisco Firewall :: ASA 5520 / 5550 - Cannot Upgrade To 8.3

Aug 7, 2011

I have a couple of ASA5520 and ASA5550, and I wanted to know if it is worth it to upgrade the software from 8.2(4) to 8.2(5)?  Because of the RAM I cannot upgrade to 8.3 for now.

View 1 Replies View Related

Cisco Firewall :: ASA 5550 - Cannot Copy IOS From Flash To PC

Jan 8, 2013

I just got a brand new ASA 5550, i configured the port g0/0  on asa with an ip address 192.168.10.1 then configure my computer with ip 192.168.10.2 and default gateway is 192.168.10.1. I'm able to ping the asa from my computer. I remote to ASA thru the console port  and try to copy iOS from flash to my pc but it doesn't work.
 
Cisco asa# copy flash tftp://192.168.10.2/asa804-k8.bin
Source file name []? asa804-k8.bin
Address or name of remote host [192.168.10.2]?
Destination file name [asa804-k8.bin]?
 Writing file tftp://192.168.10.2/asa804-k8.bin...
!%Error writing tftp://192.168.10.2/asa804-k8.bin (Timed out attempting to connect)
Cisco asa#

View 3 Replies View Related

Cisco Firewall :: How To Compress Data On ASA 5550

Apr 6, 2011

I have two box cisco asa 5550 in multiple context mode and failover.
 
My network topology is:
 
                                Outside Network
                                         •
                                         •
                                         •
DMZ2 Network • • • • (CISCO ASA 5550) • • • • DMZ1 Network
                                         •
                                         •
                                         •
                                Inside Netowork
   
My interface "Inside Network" is full(I think).I can't diagnose this, based on command "sh interface gigabitEthernet"
 
109042974565 packets input, 100691006385765 bytes 
94097614769 packets output, 59002295942465 bytes
999339444 packets dropped
 
My interface is 1GB, based on the above command, it is full?If interface is full, i have a problem! All the ports on asa firewall are using, how do resolve this? I can compress all data on this interface with class maps and policy maps?

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved