Cisco Firewall :: ASA5510 Configuration Restore After Being Replaced By RMA

May 29, 2011

Have a 5510 in Routed mode, simple Static NAT to interface two networks (inside_1 is my private space, and outside_1 the larger intranet that hosts heavy traffic). outside_2 faces internet via pppoe just for VPN purposes.
 
It was operating fine for one year then one port broke (outside_2, internet), leaving no vpn. We followed RMA service replacement and the new unit came with upgraded SW (8.0.4) than the one the original config was created on (8.0.2).
 
To ease the replacement, I did downgrade the sw boot image. Then I did restore the config by tftp to the startup-config and then a reload. Everything seems to load fine.
 
Problem is that testing reveals some sort of issue: I can ping some of the intranet hosts but can't reach gateway, thus larger segment of hosts become unreachable. It seems as if the NAT mechanism can't find the next gateway where to hop. For debug practice, I've enabled all the icmp stuff so ping wasn't being blocked by the device.
 
Being given the fact that this config was up and running prior to the replacement, I've no reason to suspect any mysconfigured items (ie routes, NAT, access-list), but obviously I'm obfuscated and can't see what else I'm missing.
 
How is that possible that the PING only reaches certain hosts? Pinging to 10.15.5.90 works (Route is 0.0.0.0  0.0.0.0 to 10.15.5.126 (gw)), but pinging to the gateway itself doesn't (10.15.5.126) and even worse, hosts like 10.15.167.210 do not respond either.

View 2 Replies


ADVERTISEMENT

Cisco Firewall :: 5505 - Restore Configuration From Other ASA

Sep 26, 2012

I have the configuration file of the ASA  5505 I have another exactly model that asa is new but  this my first time working with an ASA.
 
I going to configure it an  ip address  in the  0/0 interface and then use TFTP to upload the config to the   start-up config and the save it and reload the ASA.

is that enough? or the ASA has  extra steps??

View 3 Replies View Related

Cisco Firewall :: How To Restore Configuration To PIX 506E

Mar 22, 2011

What is the easiest way to restore my config?  I backed it up yesterday with my tftp server.  Today I made some changes and messed some things up and need to restore the config from yesterday.

View 1 Replies View Related

Cisco Firewall :: How To Restore Factory Configuration On ASA 5505

Jun 18, 2007

while configuring my ASA 5505 I changed the IP address range of the internal network. Obviously I made an error because I cannot reach the box neither at the old nor the new address. How can I restore the interface and firewall definitions or reset the box to its initial state ? I found a doc how to reset the password, but not explaining how to restore the complete initial config.

View 10 Replies View Related

Cisco Firewall :: Restore Configuration To New ASA5505 On Different ASDM Version

May 27, 2013

so we have been using our current ASA5505 for a long time. Since it only support up to 10 VPN licenses, so we buy a new ASA5505-SEC-BUN-K9(support up to 25 users).
 
the old ASA are running: 8.0.3 and ASDM 6.0.3
the new ASA are running: 8.2.5 and ASDM 6.4.5
 
I thought it would be simple as export and import the config file, but when i tried to restore, the new one is looking for a zip file but the old one doesn;t backup file in ZIP. It  looks like i need to update the ASA version or/and ASDM?
 
I am pretty new to this and never upgrade any of these versions since I am aware of the upgrade may mess things up. So do I need to upgrade both the ASA version and the ASDM in order to restore my config?  any effect if i do the upgrade? I also read some articles, we need to upgrade on the version one by one, like 8.0 to 8.1 then 8.2?

View 4 Replies View Related

Cisco Firewall :: ASA5510 NAT Configuration

Apr 25, 2012

I have 30 IP cameras with a private IP address: 10.1.1.1 – 10.1.1.30. I have a Cisco ASA 5510 firewall. I want to be able to use one public IP address, example, 50.50.50.50
 
With a specific port to go to a different internal camera,
 Example
50.50.50.50:3001 should be NATTED to camera 10.1.1.1
50.50.50.50:3002 should be NATTED to camera 10.1.1.2
[code]....

How do I do this? I know how to create NAT… just not like this.

View 5 Replies View Related

Cisco Firewall :: Configuration Updates To Standby ASA5510?

Aug 21, 2011

Is there a document that explains how the configurations are updated to the standby ASA and what needs to be manually added tot he ASA?  I have two ASA 5510 running ASA ver 8.3(2) and ASDM 6.4(1).  When I add static routes to the primary ASA the routes are not sent to the failover ASA.  Is this to be expected or do I have a bug? 

View 10 Replies View Related

Cisco Firewall :: Implement A NAT Configuration After Having Upgraded ASA5510

Aug 17, 2011

I'm having a cow of a time trying to implement a NAT configuration after having upgraded our ASA5510 recently from IOS 8.2 to 8.4. The upgrade went fine, however we now have a need to add a new NAT rule and I'm not sure whether it's possible.
 
The upgraded NAT rule and access list works fine at allowing external access to a web server.
 
However we now need to NAT the SOURCE address (either to a pool or single address) of incoming http requests before forwarding the request to the server. Hence the server will see all requests as originating from a pool with a route heading back to the ASA. The basic issue is that the severs default gateway does not return to the ASA, so "tagging" the source address of external requests to an address or interface associated with the ASA should allow the server to return the traffic to the ASA. I know we shouldn't be doing it this way but we can't see any alternative.
 
Having read a huge amount of examples we can access the server with the above config (or Object NAT), and we can NAT incoming traffic,however we can't combine the two by having all external http requests Source Natted before forwarding to the server.

View 8 Replies View Related

Cisco Firewall :: ASA5510 Static 1to1 NAT Configuration

May 21, 2012

We are replacing our EOL Watchguard X1000 Firewall(s) with Cisco ASA 5510 unit - ASA Version 8.4(3).  Following is the static NAT I have build and the corresponding access list.
 
nat (FW2Inside,FW2Outside) source static BW_XSP1_Private BW_XSP1_Public destinat
ion static BW_XSP1_Private BW_XSP1_Public

access-list FW2Outside_access_in extended permit tcp any object BW_XSP1_Public object-group DM_INLINE_TCP_1
 
Unable to access the server on the inside interface via the public NAT address. Can you point me in the right direction as to what I might be missing to make this work?

View 1 Replies View Related

Cisco Firewall :: ASA5510 / Specific Configuration About TCP Connection Or DNS To Setup?

Mar 8, 2011

I Changed my old firewall by an ASA5510, since that change my internet connexion is slower.Some websites takes longer to display.I would like to know if there are some specific configuration about TCP connection or DNS to setup? 

I just configured the ISP DNS :
 
Dns server-group DefaultDNSname-server 194.2.0.20 name-server 194.2.0.50

View 4 Replies View Related

Cisco Firewall :: ASA5510 - Common Criteria EAL4 Configuration

Jan 18, 2012

I'm trying to track down the installation and configuration procedures for the common criteria EAL4 evaluated ASA5510 but not having any joy.
 
The ASA Release 8.3.2 certification report [URL] identifies the required configuration documentation as the "Cisco Adaptive Security Appliances (ASA) Firewall and Virtual Private Network (VPN) Platform Common Criteria Operational User Guidance and Preparative Procedures" but I can not find any reference to this on the Cisco web site.
 
So far I've only been able to locate the proceedures for the older 7.0 release. [URL]
 
How to locate the correct documentation needed to configure an ASA5510 to achieve the common criteria EAL4 evaluated configuration.

View 2 Replies View Related

Cisco Firewall :: ASA5510 - Saving Configuration / Insufficient Memory

Oct 3, 2011

When I try to save the configuration it displays the following error.Is it due to insufficient memory?
 
MPF-ASA#wr mem
ERROR: % Unrecognized commandMPF-ASA(config)# wr memBuilding configuration...Cryptochecksum: 81c514b8 9e95ee97 8b512148 b31377a4
[Code]...

View 1 Replies View Related

Cisco Firewall :: ASA5510 / 1800 / 3825 - Routing Configuration

Aug 15, 2011

I try to setup a ASA5510, but without success. Actually, I have Cisco1800(192.168.96.1/21) from my ISP connected to a Cisco 3825 (via port with IP 192.168.96.2) all is working good. Now I want to insert a asa firewall between ISP router and 3825.
 
For that, I tried a more simple config :
ISProuter (192.168.96.1/21) ----  ASA outside port(192.168.96.2/255.255.255.248)  ASA INSIDE port (192.168.100.1/255.255.255.0) ---  a pc with IP 192.168.100.2, netsmask 255.255.255.0, gateway 192.168.100.1
From my ASA, I can ping 192.168.96.1.  but a "ping INSIDE 192.168.96.1" fail
from py pc, can ping 192.168.100.1, but not 192.168.96.1
Here, my ASA config :
 
ASA Version 7.0(8)host name cisco asa
enable password 8Ry2YjIyt7RRXU24 encrypted
password 2KFQnbNIdI.2KYOU encrypted
names dns-guard
!
interface Ethernet0/0
shutdown
no nameif
no security-level
no ip address
[code]....

View 1 Replies View Related

Cisco Firewall :: Replaced A PIX 515E With A Pair Of ASA 5520

Aug 8, 2011

A few weeks ago, I replaced a PIX 515E with a pair of ASA 5520's. We have a few basic web applications behind the ASA's.   Nothing complex;  just port 80/443 traffic. During the swap, we basically just copied the config from the PIX to the ASA. So the config is virtually identical.
 
Since the swap, we have one small set of users who gets timed out when trying to get to the application. This small set of users are scattered across the state of Alaska, and they are all accessing the Internet via a satellite connection. All other users across North America can access the application just fine.  
 
Since the satellite connections are relatively slow, but they worked fine when going through the PIX, I suspect the issue is a difference in the default TTL (or similar parameter) between the PIX and the ASA.

View 5 Replies View Related

Cisco :: 5508 - NCS Configuration Backup And Restore Of WLC

Jan 10, 2012

I recently tested the process for a customer of defaulting a Cisco WLC to factory configuration and then restoring the configuration from Cisco NCS.  It was not seamless to say the least and I wonder if I have just gone about it the wrong way. 
 
Have have set the NCS platform to configuration sync with the 5508 controllers at 04:00 every day and prior to the controller defaulting I ensured that NCS also reported that the config was in sync. I have also set NCS to complete a tftp backup of the controller every night 23:00 - interestingly though I have no idea where this is stored on the NCS platform ( a VM appliance ) or what it's file name is.
 
Anyway my experiences where as follows:-
1.  defaulted WLC and via serial CLI ended up at the configuration wizard.
2.  Set the correct LAG, management IP, host name that NCS knew this controller by.
3.  To test things just created a dummy WLAN ( SSID ) as I assumed this would be overwritten ( big mistake ! ). 
 
At this point I connected the controller to the network and tried to restore the configuration from the config sync version.

First problem - you have to remember to set up the SNMP community string you were using as it is needed by the configuration sync process.  After adding this to the controller I could push the configuration to the controller.

Second problem - failed to add the first WLAN from the backup as I have added the temporary dummy W LAN via the wizard and NCS reported a conflict.  So had to delete WLAN ID 1 from the WLC GUI directly and then the config push no longer reported this error.

Third problem - for some reason did not add the TACACS server details - reported the error that it could not added them.  I manually added these via a template via NCS and all was well. 

Fourth problem - all but the first WLAN was in the disabled state - had to re-enable all of the WLANs. 

Fifth problem - any default items I had disabled or removed have not been saved - therefore I have removed the public and private SNMP communities - but these were still on the WLC after the restore.  I have disabled unused ports not in the LAG as they show an error in NCS - these where not disabled after the restore.
 
So all in all not a very satisfactory restore process from NCS to an defaulted WLC ( meant to simulate to the customer what would be needed if they had to replace a controller due to hardware failure ).

View 1 Replies View Related

Cisco Switching/Routing :: Restore 881-SEC-K9 Factory Startup Configuration?

May 21, 2012

I messed up  the IOS on the flash of CISCO881-SEC-K9. On reboot it booted to ROMMON which allowed me to tftp up a working IOS c880data-universalk9-mz.151-4.M3.bin. Unfortunately somewhere in my playing around the default startup configuration factory loaded on the routerhas been erased. I can load a new a config on the device but as I'm using the router to learn its useful to have the original config load when I factory reset the device. What is the factory start up config?

View 3 Replies View Related

Linksys Cable / DSL :: WAG160N Cannot Restore Configuration Backup

Mar 27, 2010

I have a WAG160N and its seems to have reset to factory defaults, no idea why, but when trying to restore the Configuration Backup all I get is "Restore Failure <Unmatched pid>"

View 2 Replies View Related

Cisco Firewall :: Difference ASA5510-BUN-K9 And ASA5510-Sec-Bun-K9

Jun 6, 2012

ASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?

View 3 Replies View Related

Cisco VPN :: VPN Configuration On ASA5510 With Two WAN

Jul 9, 2012

how to configure IPSEC VPN, but unsuccessfully.At my office are two uplinks - LAN and Backup, both are connected to ASA5510 (with static IP) and I would like to create ipsec to data center where I have another ASA5510 with one uplink.

View 7 Replies View Related

Cisco WAN :: 3560G Layer 3 - Getting The Configuration For ASA5510?

Apr 19, 2013

I am currently working on my first ASA5510 configuration and am running into some issues. The ASA is running 8.2(5). The network setup is as follows:Layer 3 switch with 4 VLANs with ip routing enabled.All systems are pointing to the 3560 as their default gateway. ip route 0.0.0.0 0.0.0.0 10.20.100.30 (asa)The ASA is directly connected to the L3 switch on one of the VLANs. The other VLANs are not established on the ASA, but static routes have been created for them on the ASA.I am able to ping the ASA from the switches, etc.I am able to ping the switches from the ASA When connected to VPN Client to ASA, I am unable to reach anything behind it. When at the office, I am unable to reach the internet from the ASA.The following NAT configuration is in place on the ASA;
 
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0

View 1 Replies View Related

Cisco VPN :: ASA5510 ASDM Unexpected Configuration Change

Mar 2, 2011

One of our ASA5510s lost VPN site-to-site connectivity (ASA v8.2(2); ASDM v6.2(5)53) to one of our other sites last night. The checkbox for Access Interfaces on the Site-to-Site area in Connection Profiles lost its checkbox for the external interface.

View 1 Replies View Related

Cisco WAN :: What Is Best Router To Be Replaced 3745 EOL

Jan 15, 2012

There is no special requirements, just need new hardware with some reserve availability. As for now it's 3745 EOL and I assume to use 3945.

View 4 Replies View Related

Replaced Printer On Network

Feb 7, 2013

I just replaced a printer on my network and assigned it the same IP address as the old printer. When our workstations were XP, all that I would have to do is apply the IP address to the new printer and, as long as the drivers were compatible, the printer would work.Now that we have Win7 on the workstations, it grays out the printer and wont let me re-enable it.

View 4 Replies View Related

Cisco :: 4402 Would Be Replaced At A Remote Site

Apr 8, 2012

I need to replace a 4402 with a 2504 controller and put a 2504 controller in the DMZ for guest access.  The 4402 would be replaced at a remote site (not hreap) and support a couple of wlans, one of those would not be local and would be anchored back to the 2504 in the DMZ for the guest services.  All of my 5508's also would be hitting the 2504-DMZ to anchor the guest service as well.  Is this still feesable in the 2504 series? 

View 4 Replies View Related

Cisco Firewall :: ASA5510 - Unable To Ping From User Desktop To Firewall Inside IP

Jun 11, 2012

I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to  FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
 
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:

[Code].....

View 7 Replies View Related

Cisco Firewall :: ASA5510 Secondary Firewall Crashes After Upgrade To 8.4.1

Jun 29, 2011

I have two ASA5510's set up in failover, and the secondary keeps crashing after doing the interface checks when bringing failover up. This only happens if I try to upgrade the image on the secondary to anything newer than 8.4.1 (I've tried with 8.4.1-11 and 8.4.2). The primary one run just fine with new images.
 
I don't have the exact error right now, as I need to do a screen capture from console. It's just a huge crash dump.Are there anything I might have missed during the upgrade? Should I cold-boot both the firewalls in the correct order?

View 7 Replies View Related

Cisco Firewall :: ASA5510 Firewall Transparent Mode

Sep 10, 2012

i have a ASA5510 in the office, that already configured 3 context, namely, admin, user, server.in the server context, the last running config was not saved, and there was a power trip last friday night. 1 of the sub interface was affected, and i need to recreate that interface.I am getting the below error, it only allow me to do changes those pre-defined interface.how to I create extra sub interface?

View 3 Replies View Related

Cisco Firewall :: ASA5510 Firewall Interface Speed

Jul 21, 2011

I have a ASA5510 and I have a question about the speed the ports can handle, here is one port:
 
-interface Ethernet0/2
- speed 100
-shutdown
- no nameif
-no security-level
-no ip address
 
it's ethernet and not fastethernet so I figure it will only go to 10Mbps, but at the same time I can hard code the speed to 100.

View 2 Replies View Related

Cisco Firewall :: Memory Upgrade Of ASA5510 Firewall

Feb 22, 2012

i have cisco ASA 5510 Firewall using  in my network, i have  planning  to upgrade the Flash  memory  from  256 mb  to  512 mb  and   the RAM  from 256 mb to  1GB.

View 1 Replies View Related

Cisco WAN :: 5520 Replaced A Router With Upgraded OS And VPN Stopped Working

Dec 12, 2011

We have an ASA5520 with VPN working fine.We replaced the router, which upgraded the OS from v12.2 to v15.0. We duplicated all the addressing and routing statements from the old router. Now the VPN still connects but the outside host can't ping the inside host anymore. The outside host can't ping any further than the inside interface of the router (10.4.1.1). The Router can ping the outside host, so I know the tunnel is up.I suspect there is a difference in the OS versions that is tripping us up. Perhaps in the way that we have reused the 10.x.x.x address range?

View 4 Replies View Related

Cisco Infrastructure :: 2950 - What Replaced Port Network Command

Oct 4, 2005

I used to be able to set an uplink port with the interface command "port network" so that it would not learn all the mac addresses that are being flooded down to the switch.  It does not seem to be there on the 2950's or 35XX switches.

Where did it go and what is replacing it? Interface is a Trunk port as well.

View 2 Replies View Related

Cisco Switches :: Replaced WS-CE500-24LC Switch With SG200-50P

Jun 29, 2011

I have just recently replaced a WS-CE500-24LC switch with a SG200-50P.  I have plugged in a Cisco 1760 router with a fast ethernet into the switch.  On the console of the router I now see these messages: [code]

As far as I am aware both ends of the link are set to autonegotiate the speed and duplex.

View 2 Replies View Related

WNDR 3700 Get Replaced With 4500 - Worth To Upgrade?

Sep 28, 2011

Had a WNDR 3700, as I do, and replaced it with a 4500 and whether it was worth the upgrade.I can always use the 3700 as a wireless repeater in the living room, where I kind a need one anyway.

View 7 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved