Our main ASA5510 is set up to failover to a second 5510, and is using the management port for that purpose. All of the other LAN ports are in use.
Currently we can manage the ASA using ASDM5.2 from and device on the LAN.
We are now going through PCI Compliance, and one of the vunerability scans has picked up the fact that the firewall appears to accept connections on SSL v2. However, if I try to set SSL to use v3 or TLS v1 only (as we don't use webVPN), I get a message that I will no longer be able to use ASDM to manage the firewall as changing to SSL v3 will 'prevent ASDM from establishing a secure connection with the ASA'
So does this mean that the ASA does use / accept SSL v2? The help files say that it will accept 'hellos' in v2 but will then try to negotiate to SSLv3 or TLS v1. It doesn't give more details about what happens next, but I would have assumed that if it can't negotiate to one of the later protocols it will drop the connection - is this correct? If that's the case I may be able to get PCI to accept it.
However, if this is not acceptiable and I have to switch to SSL v3, what options do I now have of administering the ASA through a GUI?
I have Cisco5510 running with ADSM 6.0 version, I was able to access it fine since few months but suddenly I am unable to login through that.Its prompting for username and password and loading it to 100% but not opening the GUI console.I feel this could be the JAVA version issue but with the same version of JAVA I am able run another ASA 5520 which is running with 6.4ASDM version.Request you to suggest the right JAVA version to run 5510 with ASDM 6.0 GUI console.
I was trying to get into my router to give it a reboot yesterday, but was unable to get into the console. I used the username/password I've used for over a year (it was also auto saved) but it would not let me in. I went through all the steps to do a hard reset/restore default settings and it wouldn't let me. I had to access the boot loader to reload firmware, and that worked out just fine.
Now, I still cannot get access to the administration console with the default username (blank) and password (admin). I've tried moving my PC to ports 1-4 and none work.
I was about to give up on the router but I tried connecting from my iPhone and everything works just fine. I was even able to change my SSID and WPA key again.
Would this be a hardware issue, or could there be something in Windows 7 that's affecting it? I have disabled the windows firewall and AVG and still can't get any access from either Firefox or IE.
A couple of times I was able to get onto the first page of the console through IE, but if i tried clicking anything else it would ask for the username/password again and not connect. Now it won't even let me in once.
I wanted to update the F/w on my rev b dir 825, but unable to load the login console for admin, I haven't changed anything and the router was still on 2.07NA f/w
I'm having an issue with our WAP2000 access point. I had to reset the access point and now I can't access the admin console. I've set a static IP address just as I did when I first set it up. Now when I browse to the 192.168.1.245 in my browser it just displays an Authentication error.
I am having intermittent problems with wireless connectivity to this router. It stops responding to requests completely but existing connections continue to function.
The hardwired connections also are functional but I cannot get to the admin console to see what is going on. The router is currently not being used to connect to the outside world. When it was before this situation still existed. I am using firmware version V2.0.1.3
Although I hasten to point out that I have owned and used an 'IBM' type PC since 1988 and have always managed to get things configured correctly until NOW!
Apart from the last time I tried to use a Linksys product. I had the WRVS4400N recommended to us by a friend as we run a small FTP server to share promotional materials amongst sales operatives around the world, wanted to protect it from intrusion and was told that a Cisco Linksys product with a VPN was the way to go.
I duly purchased a WRVS440N and have been trying to log into the admin console via both browsers (IE9 and Google Chrome) that are installed on a laptop running Win7 which in turn is the only thing connected to the stated device via ethernet port 1... I have tried accessing it via http://192.168.1.1 and have even tried a suggestion from another forum to try https://192.168.1.1 - this only results in my being told that the address does not have a trusted certificate and I even tried every suggested workaround...
I have tried all kinds of reset periods from 10 seconds to a minute, both hot and cold and each time the result is the same - I type in 'admin' and 'admin' in the appropriate boxes and the dialogue box continues to return to the browser window with empty fields...
The shame is that I have managed to re-flash a BT Voyager 190 ethernet modem successfully with DynaLink v3.29a firmware (which allows it to be used with any ISP besides AOL [for whom this modem was solely intended]) and can set it up as a DHCP server, non-DHCP with a single link to another server or non-DHCP and no link.... The point is the modem works... I'm using it right now to type this! We have a single static IP from our ISP and the BT modem is working just fine (as is the TP-Link wireless modem/router that the WRVS4400N was intended to replace)... there are other options in it's firmware for port forwarding, etc and I'm convinced that it wil be adequate for use in conjunction with the WRVS4400N.
I have to concede that the WRVS4400N was not sold to us as NIB; it was sold as re-conditioned and was shipped to or via Ingram Micro Distribution from Cisco Systems, Veldweg 3, Herkenbosch 6075 NL (Holland) via UPS on or about the 31st of July, 2012... there is a shipping label on the original packaging that tells me that so it has in fact been back to Cisco at some point and for some reason.
ASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?
I would like to know if the Console cable that comes with a Cisco 877 wireless router will work on a PIX 501 firewall? If NOT then where can one buy a PIX 501 console cable?
I have an early model PIX-515 that hasn't been used in a long time but I want to get it working again in a lab environment. I am at loss right now on how to get into it though.
CONSOLE:
I've tried connecting from the PC's serial port to the units console port using Cisco's blue cable with no avail. All I get is a cursor but no response. I've tried using 9600,8,none,1,none as settings and I can sucessfully console a Cisco 1700 router with those same settings in Putty no problem, but it doesn't work with this Pix. I've also tried using other possible common speeds like 1200,1400,4800,19200, 38400, 57600 and 115200 in case the firewall was set to use those and that didn't work either.
I need to use very long console connection it over 56 feet (17m) (I used Cat6 wire with connection on oth ends as console wire 12345678-87654321) According to the below table
Any one experience with this issue that cannot access to console port. USB serial cable and terminal server working fine with all other ASA 5510 except one of them. I rarely see the console and aux port failed to response.
I was trying to add an Access Rule then Nat rule, they applied ok then i lost connection to my ASA 5510.I cant ping device ip, i cant connect via console , only can acess via Management port, i have pasted Running config. [code]
once a time i found can't access FO pix535 console, i'm sure console cable is ok. when i unplug failover serial cable from FO pix535, i can access pix 535 console.
I am having FWSM in active /standby mode deployed on two different cat 6k chassis. Unable to access the fwsm module from switch using ' session module mod_no processor 1 ", it throws error " % telnet connections not permitted from this terminal" Running Version 3.2.6 on fwsm, Cat 6k is running 12.2.33.SXH1,
switch#session slot 3 processor 1 The default escape character is Ctrl-^, then x. You can also type 'exit' at the remote prompt to end the session % telnet connections not permitted from this terminal ---------------------------------------------------------------------------
have allowed telnet on line vty, configuration on Line vty is simple allowing all transport protocols
line vty 0 4 exec-timeout 5 0 transport input all transport output all line vty 5 15 exec-timeout 5 0 transport input all transport output all
I have just joined a networks team and will be working on two fwsm versions 4.0(8) in two 6500 routers. Now the fwsms seem to be virtualised with multiple contexts. The server team want a new context setup for a group of servers behind a vlan. [code]
This context just seems to have two Vlans and a BVI interface. What is the function of this context and why we have 2 admin contexts?
Also another important question is on which 6500 do I create the new context? Is the admin context active on one 6500 just like other contexts and will sync across or do I have to create the new context on both 6500s.
I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
TechCore-SW#ping 172.22.15.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:
After pulling a brand new ASA5515 out of the box this morning, I spent countless hours scratching my head wondering why:
1. I cannot establish an HTTPS connection to the Management port - https://192.168.1.1/admin
2. When connecting via the console port I get prompted with a username and password sequence that I don't know
I get an SSL Version Error message when I try to connect with any browser. although I did find a way to resolve it, it requires a console port connection which is not working either.This is not my typical experience with the console or ASDM port setup.
I have two ASA5510's set up in failover, and the secondary keeps crashing after doing the interface checks when bringing failover up. This only happens if I try to upgrade the image on the secondary to anything newer than 8.4.1 (I've tried with 8.4.1-11 and 8.4.2). The primary one run just fine with new images.
I don't have the exact error right now, as I need to do a screen capture from console. It's just a huge crash dump.Are there anything I might have missed during the upgrade? Should I cold-boot both the firewalls in the correct order?
i have a ASA5510 in the office, that already configured 3 context, namely, admin, user, server.in the server context, the last running config was not saved, and there was a power trip last friday night. 1 of the sub interface was affected, and i need to recreate that interface.I am getting the below error, it only allow me to do changes those pre-defined interface.how to I create extra sub interface?
how to totaly disable Admin/ASDM access on our public interface of our 5510. I don't want to change IPSec or SSL access to the outside interface. Just totaly disable access to Admin/ASDM from the outside without halting all other access.
I have a cisco asa 5510 with security plus license in Live enviroment . I need to add a secondary firewall . I was planning to do in active /standby mode for failover .But i have a doubt , when i do "show version " on live asa output says Active /active failover , does this means that i can only configure failover in active/active mode not in active/standby (which i want to do )?
i am using Cisco ASA5510 Firewall in my Network in the distrubition Layer .Private Range of Network Address use in the Network and PAT at the FW for address translation.presently encountering an issue the users behind the FW in my network unable to RDP at port 2000 presented at the Client Network.Able to Telnet on port2000 but not RDP . any changes needed at the FW end to get the RDP Access.
We have to use scp on all of our network devices. It worked quite well on our routers and switches but I can't seem to get it to work for the firewalls and IPS. I enabled scp on my ASA5510 using the command "ssh scopy enable". I also ensured that a rsa key was generated and that ssh ver 2 was enabled. But I can't seem to locate the commands to actually have my firewall either copy it's configuration to a server or reach out to a server to pull down a file. We are using IOS 8.2(1).
I have a customer who wants to prioritze rdp traffic throgh the firewall.I know that its port 3389, but outgoing traffic is a random port number.Any smart way to catch this traffic and get it in the LLQ ?
