It is remote monitoring ASA, so I need to nat user networks (10.1.x.y, 10.2.x.y) to something that I can use (10.16.x.y, 10.17.x.y...)
Also, since it my device, I have them configure snmp and syslog server on client's network to use 192.168.1.1, so I have dynamic NAT for two SNMP servers and static NAT for one of them (which is syslog server).
create 8.4 version, so I can apply it? I tried few things, packet tracer shows that they are NATed, but I have only Denc packets, because hosts see request coming from my public IP...
I am in the process of migrating a production firewall from PIX 6.3 to ASA 8.4(2). This is going to be a complete firewall rebuild and I will not be upgrading the configs because they have become out of date and very bloated. I am in the process of converting the NAT commands.[code] I am hoping these commands would be enough to replicate the previous functionality. I removed all the static identity NATs because NAT control is no longer in place so those rules are not required. Additionally I didn't re-create the rules that had NAT ID 0 or 1 because it didn't look like they were doing anything. correct way to do the static NAT commands at the bottom.
I know that configuration in 8.2.x and 8.4.x is different in terms of NAT and object groups.
I just want to know is it possible to do a direct upgrade from 8.2.3 to 8.4.x ?Secondly, will ASA automatically convert all the configuration from 8.2 to 8.4 format during the reboot after the upgrade?
We have three Cisco ASA 5520 with 8.2 code in each tower. There are many configuration on the device hence we are using ip to Name to identify the naming conversion. Out of three one firewall naming conversion is not working, I mean after adding name for a IP it is not reflecting vpn tunnels or access lists or Nat config.
We are in the process of migrating to the ASA service modules on both our 6509E switches from our current FWSM. We have used the Cisco conversion tool and applied that to the service module. When viewing the context in ASDM we are unable to view the object names in the right hand pane.
On the FWSM I would see the following under Network Objects:
Network Objects - JQ-Test - JQ-Test2 - JQ-Test3
Network Object Group + JQ Group - JQ-Test - JQ-Test2 - JQ-Test3
Now I have run the conversion tool and applied that to the ASA's I now get the following results.
Network Objects - 10.1.1.1 - 10.2.2.2 - 10.3.3.3
Network Object Group + JQ Group - 10.1.1.1 - 10.2.2.2 - 10.3.3.3
I am aware that the naming convention on the ASA's are different to the FWSM as you can no longer use the "name 1.1.1.1 JQ-Test1" format but I was hoping that the conversion tool would do this for me.
Is there any way I can get the names of the object back without having to script something that takes the old FWSM format and convert it into an ASA format?
Is there a newer tool for current versions of Checkpoint to ASA 8.4? I notice a lot of similarity between checkpoint and 8.4 now, but I still have to do it all line by line which has become a PITA.
I have a core switch Cisco3750G with 4 SFP slot populated with GLC-SX-MM module.Now in these 4 fiber GLC-SX-MM modules 3 are connected to 3 floor switches which are having the same GLC-SX-MM.Each link is configured as a TRUNK and allowed only that floor VLAN and working fine.Now the 4th GLC-SX-MM module has to be connected to a single desk top PC using a FIBER to UTP convereter,which is SC to UTP .Now patch pannel is LC ,I used a LC to SC fiber patch cord,but link is not coming up,in this situation if I used both side SC convereter then link is up.
All 4th GLC-SX-MM modules are checked and it is working fine.Only the forth floor link is not coming up,if I use the UTP to Fiber SC type connector in the CORE switch for teh 4th Floor then it is working.How to resolve this issue,Whether I need to use the UTP to Fiber LC type convereter in the fourth floor instead of SC type converter,logically when I use the LC-SC type patch cord and connecting to SC type converter it should work.
I am planning to get the unicast streams from different 2-3 sources over internet, and I am doing NAT for port-forwarding all those unicast streams to a one private IP. Attached is the setup for your understanding.Setup: - Both unicast streams will be hitting to One Public IP (3.3.3.2) on UDP/TCP Port 1234, 1236 & 1238 only & the same ports need to be forwarded to natted One Private IP (10.10.10.4)
1)NATTING these 2 unicast streams into one private IP(10.10.10.4) by checking Source & Destination based IPs and ports, but in below configuration I cannot achieve on checking Source & Destination based IPs and ports
Router configuration:-
interface GigabitEthernet0/0 description ***Connected to Internet *** ip address 3.3.3.2 255.255.255.252 no ip redirects no ip unreachables
We are about ready to embark on moving all L2L and network extensions (Cisco ASA 5505s) from the Cisco VPN 3060 Concentrator to a Cisco ASA 5520. We would like to know if there is a simple method to doing this such as a converter? Also, are there any lessons learned? We are running 8.4.3 so we know that NAT configuration has differed. Can the configuration from the 3060 be modified in anyway in configuring the ASA?
As previous posters may have noticed i have been given the task of moving the ACS from 4.0 to 5.3 which turns out to be considerably different. Sadly i have nothing to test with at the moment so am trying to work it out as best i can before the abbreviated period of cutover begins.
I have a Service Desk group setting in 4.0 Under groups i have the group settings and down the bottom i have the following - (ticked ) Wireless-WCS HTTP
(ticked ) Custom Attributes Then in the box - virtual-domain0=CRUK
[Code]....
Access Policies/default device admin/Authorisation Create a new Rule Add the correct AD group in compound condition AD-AD1 attribute ExternalGroups value static in NDG:Device Type - reference the WLC (previously created as device type with ip address) Then in Results reference the above shell profile - Service Desk.
I just started a new Position and they have CATos still runing on some of there 4506 and 6509 switches. I amy trying to come up with a plan to upgrade the switches to IOS but I dont know if they will take it or not. I know I need to get flash Cards to hold the IOS but i need to make sure that I get the right IOS for the Switches.
I used speed test and got 50 mega bits per second. I tried re downloading tf2 and i was getting 80 kilo bytes, and I am using windows 7. Doesn't 8 mega bits equal 1 mega byte?
I need to get a connection through a 3 storie structure.
On each floor, I have a cluster of servers set up. Conventionally, I would thread cat6 cables through the building but due to various reasons I cannot do that.
On the ground floor there are 2 ground lines which project a wireless signal.
I'm wondering, is there some way I can convert the wireless signal into an ethernet line? Perhaps through some kind of interfaced adapter. I've thought of buying a throwaway laptop and bridging the connections manually but I'd prefer to avoid that option if there are feasiable alternatives.
I have some remote 1142s that I converted to LAP last night. They are not joing a WLC, but I they are online and I can ping them. Telnet or SSH is disabled by default (WHY???). What can I do to figure out why these access points are not joining the controller?
Is AP 1220B (b-only radio) supported for registration to WLC (7.0.x) with Lightweight software? I've managed to convert the AP to Lightweight mode, but I could not get it to register with WLC 2504 (software version 7.0). Is it possible that this AP is only supported if changing the in-built radio module?
In the compatibility matrix [URL] there is an information that this AP is supported on WLC up to version 7.0.x. On the other hand it is not supported by Autonomous to Lightweight Mode Upgrade Tool [URL] Since these APs does not have pre-installed MIC, it is mandatory for them to create Self-Signed Certificate (SSC). Upgrade tool could do this job (along with adding the created SSC hash to the authorized list on WLC), but it does not support this particular AP/radio. If I do the conversion manually (archive download-sw ...), the AP does not have the SSC needed for communication with WLC. I've tried making the SSC manually (instructions found on this site [URL] while AP is autonomous mode, and then converting it to Lightweight, but the AP still could not register to WLC.
In the debugs (on WLC/AP), I am receiving an error that is described in some Cisco troubleshooting documents as something related to WLC not having an SSC hash in the auth list. Problem is that the AP is not even sending standard CAPWAP messages and there is nothing to be seen in "debug pm pki enable" on WLC...
I have a HP OfficeJet 6000 Wireless that I used so far through the Ethernet network. What do I need to do to convert it over to wireless? Can I do this without installing the heavy duty HP SW on each client?
is there any issue in buying air-ap1142n-ek9 802.11A/G/N FIXED AUTO AP INT ANT and later on converting it into lightweight under the control of air-ct2504-15k9 2504 WIRELESS CONTROLLER WITH 15 AP LICENSES ?Are there any requirements on the SW of the WLC and the IOS of the AP? The reason of the choice is budget.
I am having one Cisco ME 3400G-12CS switch with 4 NNI port & 12 UNI port.I want to convert all UNI port to NNI to as meet my client requirements.which Metro IP Access Image IOS version is required to convert those UNI port to NNI.
we have 1262 (AIR-LAP1262N-E-K9) and we dont have WLC..and i want to convert it to Autonomous mode..i did the below steps... with using this file (ap3g1-k9w7-tar.152-2.JB.tar) download it from Cisco site. Step 1 The static IP address of the PC on which your TFTP server software runs should be between 10.0.0.2 and 10.0.0.30. Step 2 Make sure that the PC contains the access point image file (such as c1200-k9w7-tar.122-15.JA.tar for a 1200 series access point) in the TFTP server folder and that the TFTP server is activated. Step 3 Set the timeout value on the TFTP server to 30 seconds. Step 4 On the PC where the TFTP server is located, perform these steps.
I do have 1131 LWAPP in home, i was wondering if i can convert to Autonomous . I read in the documentation, that only way is to use with controller. can i convert without connecting to WLC .
correlates the older IOS format naming compared with the newer? I have an older catalyst 3550 that might need an IOS upgrade due to us starting to implement dot1x. The reason that I say this is that some of the commands in the dot1x config guide, such as aaa accounting dot1x, are not valid on this platform. The current IOS is c3550-i5q3l2-mz.121-8.EA1c but the newer format is the ipbase, ipservices, etc. format. There is a newer ios but how do I convert from one to the other? I think I need to research the IOS to see if the new commands are there as well as I want to make sure there are no gotchas from a hardware standpoint if I upgrade.
Cisco Internetwork Operating System Software IOS (tm) C3550 Software (C3550-I5Q3L2-M), Version 12.1(8)EA1c, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2002 by cisco Systems, Inc.Compiled Fri 15-Feb-02 10:50 by antoninoImage text-base: 0x00003000, data-base: 0x006675E0 ROM: Bootstrap program is C3550 boot loader ACSTMElab-3550 uptime is 20 minutesSystem returned to ROM by power-onSystem image file is "flash:c3550-i5q3l2-mz.121-8.EA1c/c3550-i5q3l2-mz.121-8.EA1c.bin" cisco WS-C3550-24 (PowerPC) processor (revision C0) with 65526K/8192K bytes of memory.Processor board ID CHK0615V0BPLast reset from warm-resetBridging software.Running Layer2/3 Switching Image
We will be converting two 6500s to VSS. Each chassis has a Sup2T module, fwsm, 6908-10G blade, wism1 blades and two or three 6748-SFP blades. I was wondering how long the conversion process takes? If I remember correctly at the 2012 networkers lab it took maybe 10 minutes while using Sup720s. The instructor mentioned that with Sup2Ts it would convert a lot faster.
I have seen links out there for a conversion tool to convert commands on a Catalyst type switch (6509) to newer IOS type switches(4500-e) switches but they all error out on me on a 404. Any link where I can get this conversion tool?
connecting a Cisco 3945 Router to an Ethernet WAN Link. The service provider has provided a 100M Ethernet Single Mode Fiber handoff to the customer premises with SC Connector. The CPE configuration proposed for this setup is like this. [code]
Since the SFP has LC Connector, i suppose i need to have an SC-LC Cable for connecting the Ethernet link. Do i need anything else, apart from above?
We have recently converted 1 Cisco Lightweight AP 1041 to Autonomous mode for site-survey purposes. We now want to convert it back to lightweight mode.
I will be implementing a new firewall (cisco asa 5515x) on my existing 3750x (server switches) and my 2960s (user switches). What should I need to apply on my firewall and swtiches to make the implementation successfull. I will put my 3750x as my DMZ and my 2960s as my inside. The 3750x have multiple subnet and also the 2960s.which features and technologies i need to know on those 3 products. my 3750x and 2960s don't have any ACL defined and most common features are vlan, switchport, trunking, spanning-tree, stacking, vtp.how my asa knows that my 3750x/2960s have multiple vlans. my current connection right now on 3750x and 2960s is just through 6 ports i assigned as one trunk, below is my config [code]
my 2960s vlans are almost the same with my 3750x except vlan 160, 170, 192. but of course when i put this in asa, i have to segragate vlan for 3750x (192, 100, 110,160, 170) and 2960s (130, 150). for my 2960s connection to the asa and since this will have big bandwidth, i will use 3 ports on my asa (and trunk it) connecting to my 2960s and i will use 2 ports on my asa (and trunk it) connecting to my 3750x. the one internet ports and my one management ports on my asa will stay like that.
I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
TechCore-SW#ping 172.22.15.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:
