On a Cisco ASA 8.4 code is it possible to receive an alert once a certain number of tcp/udp connections is reached? I'd like to see if I can get an email alert or syslog if the ASA reaches say 2,000 connections for example. Once I get an alert I could then investigate the cause of so many connections.
View 1 RepliesI will be configuring port forwarding to a phone system on the network for remote management. I would like to have the ASA send an email alert when a connection has been made to the open port. Is this possible to do and if so how to configure it.
View 1 Replies View RelatedWe are getting below logs in our Syslog, how could i stop this."%ASA-2-106017: Deny IP due to Land Attack from 161.233.167.65 to 161.233.167.65 "
View 1 Replies View RelatedI can't receive mails from some customers, asa 5505 log get the message: "ASA_Outside|Deny TCP (no connection) from X.X.X.X/35702 to ASA_Outside/25 flags ACK on interface outside".
View 5 Replies View RelatedHow to prepare my network for snmp,currently i don't have SNMP configured with community,so what is the requirement for that?what server i need to configure in order to receive SNMP traps coz last time i had issue ,one of my tunnels (terminated on asa 5510) goes down for 2 hours and i didn't realized that
View 7 Replies View RelatedI currently have 2 5505 SEC BUN as Primary/FO Firewalls and I am considering purchasing the ASA5510-AIP10-K9 for use as a dedicated IPS device. Looking at url... I see that for service updates, CON-SU1-AS1A10K9 is available for this product, providing "IPS Signature and Engine Updates" and "OS Updates."
It is my understanding that in the ASA5510-AIP10-K9 there are 2 OS:
1. ASA OS
2. AIP SSM-10 OS
My question is: Are both the ASA and AIP SSM-10 able to receive "OS updates" with this service contract? Essentially, I want to make sure that when I submit by budget, there isn't another contract that I also need.
We are upgrading from a Pix 515e to a ASA 5510 with CSC SSM. We cannot send outbound email or receive any email from the outside world. I have placed a call with Cisco Support with no luck. [code]
View 1 Replies View RelatedI am in the process of switching firewalls. Currently I have a Sonic Firewall inplace. I have been tasked to switch the firewall out with a cisco asa firewall 5510. The sonic firewall currently allows email traffic, web traffic, and dns traffic. When I use the current config below on the asa I am unable to receive email from the outside network. I can send and browse websites but I cannot receive email.
ASA Version 9.1(1)
! hostname ciscoasa
enable password kdkfdjdjflkadjdsfj
[Code]......
I have setup an asa 5505 with multiple sub nets (plus license) and a vpn tunnel (ipsec) between this and an other asa on a second branch office (multiple vlans) . Now I need to route only two vlans from the first site to reach some of the second branch networks
let's call them: 1 branch
A-172.16.4.0/24
B-172.16.2.0/24
2 branch
C- 10.10.10.0/24
D- 10.20.10.0/24
E- 10.66.10.0/24
the tunnelis ok From A to CDE . but from B to CDE won't come up. pinging is unsuccessful as well as all other traffic. the connection profile is setup to have both A and B as local networks and A and B by the moment share the same access rules configuration.
logs show firewall 1 let pass and build connections, without denies, but remote firewall does not receive a single packet from the source ip from network B.
LMS 4.2. I am receiving the alert below in my email inbox. It was my understanding that DFM would not send alerts for interfaces that are shut down. Is this a bug? [code]
View 2 Replies View Relatedim having lms 4.2.2 and monitoring a cisco 7600 router interface ten gigabit ethernet x/x under dfm. When ever the interface is down due to any media issue i am not getting any alerts in dfm., the interface used to go down for more than 10 minutes. I am able to do an snmpwalk to this interface when the interface was down and getting the value as 2(for down). I am getting other information and configuration mode alerts in dfm for this device.
View 1 Replies View RelatedI am looking for a way to get CiscoWorks LMS 4 to send me an email alert when a switch port goers into a security violation (err-disabled).
View 2 Replies View RelatedI have been getting alerts on unused serial ports on my routers as being operational down. How can I stop these alerts?
View 5 Replies View RelatedSometimes we have unidentified traps in our log, we don't know where they come from.
In high severity faults we see an active alert with device name “Unidentified” event name unresponsive but with a certain ip address.
What are these alerts about? Can I filter them?,A second issue I have is that I get interface down alerts. But when we log on to the device, there is no interface down at all. We can also ping the device from the lms server at that time. I have been told that the admin state and operational state has to be up.
How to find out which Fault Threshold group a specific interface belongs to.The scenario is that in Fault Manager there is an alarm for which I want to change the Threshold Setting.
Example Alarm:
Event_Description HighUtilization
Device IP x.x.x.x
Device Type Routers
Fault Last Updated At 19-Mar-2013 09:44:25
Component IF-router2.x.x/26 [Tu187] [x.x.x.x]
[Code] .....
I'm using RADIUS and FlexConnect APs. The issue is intermittently users will lose connectivity as if they're de-authenticated. Their clients still believe they're associated to wireless but they have no network connectivity. On Windows 7 we receive the exclamation point over the signal strength indicator.
There doesn’t seem to be any rhyme or reason as to what is causing this. It doesn’t seem to happen at any particular time intervals or anything else I can identify. Sometimes users will go entire days without experiencing connectivity issues sometimes they can’t go five minutes. When the clients are experiencing the issues they cannot even ping their default gateway.
The setup was initially the following:
Site A: 1142N APs and RADIUS server (server 2003) users are authenticating to.
Site B: Flex 7510 running code 7.0.116
Between site A and site B there is a site to site VPN with no restrictions.
After some time of working with TAC and not getting anywhere I setup the following:Site A: 4402 WLC running code 7.0.116 connected the same 1142N APs HREAP mode. I had the same issue with connectivity with that setup.Today I changed over to local mode and as of yet I haven’t had reports of connectivity issues.
When running ‘debug client MAC’ I see no indication of connectivity issues. I also have an NCS and I don’t see anything indicating what the issue is there as well. I’ve tried with both enabling and disabling ‘H-REAP Local Auth’. We seem to experience the issue in H-REAP standalone mode as well.
In WLC i see the roaming option to controller the handover. As the accompanying graph [URL], how do I up or down the threshold of the handover? or, How do I more sensitive to IP phone(NEC model MH240)?
I don't understand the four textfield of the roaming options URL
Can I configure the 2504 to send email notifications for particular alerts? how?
View 2 Replies View RelatedUnder high severity Alerts Its showing following Error
An exception occurred.Please check the AAD.log file for further details.
AAD log shows This
22-Oct-2012|10:48:17.625|ERROR|AAD|TP-Processor6|DeviceManager|getHighSeverityAlerts()|.|com.cisco.nm.trx.afd.AlertRenderer.AFDException
[Code].....
From the WAP4410N admin pages or console you can enable e-mail alerts. You have to set the essential TO address and mail server address. Where can I put the FROM address ? From what I can see it uses the hostname value as from address. The hostname in my case is ap02. Then you could try setting a mail address in the hostname field, but thats not allowed.
[Code]....
We're getting complaints about a specific 1131AG in the field only being intermittently accessible. WCS shows both the a and b/g interfaces randomly bouncing, sometimes the reason for the bounce is unknown other times it says it's because it lost connection to the controller. I can ssh into the WCS but the engineer who setup the AP's doesn't seem to have enabled remote access via telnet or ssh.
We are also seeing these events:
802.11a interface of AP * is down: Controller 172.17.0.10 Reason: Max retransmissions for the AP have reached.Interference threshold violation reported by '802.11b/g' interface of AP *, connected to Controller '172.17.0.10'.I know I can adjust the threshold percentage, but that would only seem to mask the issue.WCS gives this version info on the AP:
Versions
<DIV style="DISPLAY: block" id=versions mcestyle="display: block;">
Software Version
6.0.202.0
Boot Version
12.3.8.0
[code]....
I need a WCS report that will actually give me the top n Wireless Access points that have too many clients trying to authenticte to them.We have some serious capacity issue in meeting rooms but we need a ball park figure of how many WAPs might be affected.
I know I can interogate the WCS to drill down and find out that WAPs are exceeding their threshold I just need to have a decent report generated.I have searched the reports from WCS 6.0.202.0 and cannot seem to find anything that suits.
Is there any way to change the subject line of the email alerts that are sent? Right now mine are coming with the MAC address, date and time. I would like to remove the MAC address and date and time so that I can sort them into one folder when I sort my email by subject.
View 7 Replies View RelatedI am working on a QoS design which I hope to test at some point, but at this stage its from the books.My question is how to decide which queue and threshold to use for video traffic, then lower priority traffic.I understand the shaping and sharing commands, its the queuing and threshold bit I'm not clear on.The plan is to use the priority-queue for EF marked voice, this will be policed on ingress to provide an upper limit to EF traffic levels, then my second priority traffic will be video. Which queue will get serviced first once the priority queue is empty, and how do I decide which threshold to allocate my video traffic to? The document ion is not at all clear, I want to prioritse my traffic in the following order:
1 voice, use the priority queue
2 video, this to get serviced ahead of data, after voice.
3 interactive data
4 Bulk data
5 Best effort
So Q1 settings are ignored due to priority queue. Q2 gets 70%, Q3 25% etc.Is it as simple as putting video into Q2 T1, then interactive data into Q2 T2, will Q2T1 get a higher priority over Q2 T2 once the PQ is serviced?
I've read some opinions that lowering the RTS threshold can facilitate in some noisy wireless environments. I have found how this can be done on standalone APs but cant seem to implement the change on a WLC 2112. How to do it.
View 3 Replies View RelatedI have a switch where the current power threshold is set to -20.0db. The problem is that the receive power fluctuates between -19.9db to -20.1db, which is causing it to throw alarms on my solarwinds monitoring server. What I would like to do is change it to a different warning threshold, but I can't seem to find the command to do so. This is a catalyst 3750 running IOS version 12.2(55)SE3. [code]
View 5 Replies View RelatedI set the Cisco's AP settings with MTU size as 1200 bytes and the Fragmentation threshold to 256 bytes. Set up: I am using a WiFi enabled laptop connected to Cisco AP running an application pumping data of size 1400 bytes continuously to a Wireless node connected to the same Cisco AP over WiFi.
I am monitoring network activity on the same laptop using Wire shark.However,i cannot see 1400 bytes data getting fragmented. What is the concept of fragmentation and MTU size? Also,I would like to know how to change the AP settings so that i can see the data (1400 bytes)getting fragmented to small byte chunks.
following errors.
Nov 7 21:34:50: %EARL_NETFLOW-SP-STDBY-4-TCAM_THRLD: Netflow TCAM threshold exceeded, TCAM Utilization [99%]
Nov 7 21:44:44: %EARL_NETFLOW-SP-4-TCAM_THRLD: Netflow TCAM threshold exceeded, TCAM Utilization [91%]
I've already found this kinds of cases, in this community. So, It seems that Changing the current configuration to 'mls aging fast threshold ## time ## ' is most suitable in our situation.But, I don't know how to calculate the apt threshold value and time value.
[1] sh run | in mls
mls ip multicast flow-stat-timer 9
mls flow ip interface-full
no mls flow ipv6
no mls acl tcam share-global
mls cef error action freeze
[code]....
I have an RV042 (it's old, silver/dark grey plastic front one) w/ firmware 1.3.13.02-tm.
The reason we bought this (long ago) was to balance two WAN connections, one with unlimited data and one capped monthly. It did that once, but for a couple years both connections have been unmetered so it's just been balancing them 50/50. As of today one WAN connection (the new much faster one) is back to being metered but I can't figure out how to configure the RV042 as it once was to prefer sending traffic over the slow, unmetered connection first, and only use the faster metered connection when necessary.
It's been a long time and honestly I only vaguely remember the ability to prioritize a connection based on % of bandwidth used so that all traffic would go over the unlimited connection 1st until it was flooded, and only then fall over to the metered connection. This is totally different than the weighted round robin, or smart link backup.
I found this 3rdparty forum post that supports that vauge memory and suggests this was eliminated between firmware 1.23 and 1.3: [URL] Is it possible to replicate this functionality with the current firmware? if so how? If not, how to do roll back to firmware 1.23?
It sounded like perhaps I could assigned WAN1 a bandwidth of 100000 (even though it's really 1500) and then assign WAN2 a bandwidth of 1 (even though it's really 20000) and the result might be the prioritization I'm looking to achieve... but I feel like I'm stumbling in the dark at the point.
One of my clients is using Cisco catalyst 2955 industrial switch.I am doing the configuration for them and come across one setting of FCS Error Hysterasis Threshold. I know FCS is Frame Check Sequence.
I do not understand is what is the meaning the setting of Hysteresis in term of percentage stand for what purpose?For example, the default is 10 percent. If I set the value to be lower 5% and what is the impact on that? Is this more stringent than default of 10% or less stringent than default of 10%?
Recently I faced 1 issue in MLS 6509.MLS had all Gig modules in slots 6,7,8 taking System detected CRC error rate on port ASIC data bus exceed fatal threshold, ("System detected CRC error rate on port ASIC data bus exceed fatal threshold".) causing the module reset by the SUP. After this active SUP causing it to failover the standby. This process was continuing every few minutes resulting in the SUPs on MLS rolling.what could be the issue for Sup rolling reset?
View 1 Replies View RelatedI doubted my internet ADSL is very weak. I used Cisco 877 router to gateway internet.I faced the problem my cisco 877 can't receive signal from ISP but I replaced to use Linksys Cisco. It worked.So I remoted to router and issued command show dsl interface atm 0 it can't generate DMT bit per bin it showed error.
View 5 Replies View RelatedFor the past 2 days I have been having a problem with my laptop taht, actually a bit old. I also have another pc, a desktop, with a d-link modem and wireless router (DIR-615). The problem is that I can't go on the internet with my laptop, because of a certrain error on the Intel PROSet Troubleshoot: "Did not receive IP addresss", in fact the IP address was written as 0.0.0.0, and when I open the internet browser I can't go on to any page. IO have tried everything, believe me, from switching off every thing, to reinstalling the router, but nothing seems to resolve the error.
View 12 Replies View Related