Cisco Firewall :: ASA5510 Any Way For Users To Not Get Disconnected / When One Device Fails
Jul 8, 2012
I want to set-up a HA for ASA5510. I wanted to design the network to achieve HA. I am attaching the present set-up of the network. At present, I have 2 ISPs connections terminating in ASA5510. The configuration is done for failover in ASA5510.I have another ASA5510 and want to use it for HA. I needed to know the design for the set-up. I want a stateless failover since the amount of traffic is less. I don't have any ISP routers in the present network. I suppose I need 2 routers for HA and couple of switches. One more question is that, as there are SSL VPN users, is there any way for the users to not get disconnected when one device fails.
View 5 Replies
ADVERTISEMENT
Nov 11, 2012
Running into a bit of a problem. Anytime I try to download a large file through our 5510 the download fails at different points. Cannot download via a download manger at all. I see nothing in the logs which are set to infomational.
I can connect my laptop to our internet connection outside the firewall and HTTP and download manager downloads connect and finish just fine. I go through and scrub my config for posting?
View 12 Replies
View Related
Jun 6, 2011
The client is only interested to have one-WAN(MPLS) and One internet circuit with Dual ASA5510 primary/failover configuration. In the event primary firewall fails, there is no direct WAN/internet connection to failover firewall. I beleived that to mitigate the issue, I needed to add a layer 3 switch , and have each circuit (MPLS/Internet) or (modems/routers) connect to a L3 switch. L3 switch will do the vlan based routing based on the state of firewall. ? am i correct? The client want automatic failover to secondary firewall in the event the actual firewall failed without impacting the day to day business.
View 3 Replies
View Related
Apr 30, 2012
Is it possivble to have 10 security licenses, license to a Cisco 5510 and have them transfeered to a Cisco5520?
View 1 Replies
View Related
Jul 6, 2012
I have WLC 5508 and 18 1242 APs are connected to WLC. I am getting following error messages in all APs.
*Jul 3 02:53:18.263: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jul 3 02:53:18.320: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 3 02:53:18.326: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to
[Code]......
View 11 Replies
View Related
Jan 24, 2011
In my domain users disconnected alternate days the only solution is to rejoin the domain.
View 1 Replies
View Related
Feb 9, 2012
I'm have upgraded our ASA5510's from 7.0.8 to 8.4.3 and now I just need to do the ASDM, but get this error? The bin file has been uploaded: [code] Device Manager image set, but not a valid image file disk0:/asdm-647.bin.
View 3 Replies
View Related
Jan 6, 2011
A client of mine is using a Cisco 877w wireless router, they have one IP phone connected to one of the RJ45 ports on the back of the router and their main desktop is also plugged directly into the router - this all functions perfectly.However, the router is in a private house and as such it provides connectivity for all other wireless devices such as iPhones, Ipads and Xbox Live etc. The problem is that the router only allows 5 devices to be connected at any one time and when a sixth attempts to connect to the router the first device (the IP phone) is diconnected automatically.
So my client can be using the IP phone for an important call and his son walks in with Iphone and Xbox, friends etc etc and the IP phone is immediatley disonnected from the router. I beleive that the router should allow more than 5 devices to connect and would hope there is a way of stopping the IP phone constantly being disconnected.I have already paid for "Cisco Engineers" to attend this site but they cannot get it working.
View 4 Replies
View Related
Jun 21, 2011
I need to set a Windows 7 machine up as a static address and do an arp -s to a blocked router to send it a fresh firmware.Setting a static address that I could ping was never a problem in Windows XP, but for some reason Windows 7 have decided to be very passive about assigning a static IP until it gets an active connection.With an active connection there is no connection problems, but with a passive (where there is no response) I get a "Media disconnected" from ipconfig and the adapter don't get an IP assigned.I need to tell Windows not to try verify the connection, but just assign the static IP as before. I believe I somehow have to disable autoconfiguration for that network device, since assigning the static IP alone doesn't seem to do it. Turning off the DHCP Client alone doesn't do it either and shouldn't really be needed. get an IP assigned to the interface (and ignore the "Media connected" part)?
View 1 Replies
View Related
Feb 5, 2013
i just setup an RV220W as my home router. Everything connected fine, etc. however, one of my wireless devices (it's a security camera) disconnects after 1 hour. I am able to reconnect the device if I either reboot it, reboot the RV220, or disable / re-enable the Port Forwarding rule I've established for it. Other wireless and wired devices do not have any issues. In the past, I had this same camera working for over two years over wireless while it was connected to a Linksys E2000 router. I enabled the logs on the RV220W last night, and the error message that I receive is: secureBit not set in GTK Msg2. I've got the same SSID on the RV220 that I had on the E2000, same port forwarding, same MAC address client list, etc. Like I said, none of my other wireless or wired devices disconnect at all, just this camera, which worked flawlessly until I switched routers.
View 4 Replies
View Related
Nov 25, 2012
I have a problem downloading software and device updates for LMS 4.0.1.
In the psu.log I get the following:
[ Mon Nov 26 12:51:51 CET 2012 ] INFO [SwUpdateAction : getUpdatesFromCCO] : Validated Cisco.com credentials..
[ Mon Nov 26 12:51:51 CET 2012 ] INFO [SecurityHandler : getCSProxyHost] : No
[Code].....
View 2 Replies
View Related
May 21, 2013
i have bought the below licenses for the ASA5510 to upgrade from 2 to 250 users and yet i can give access to 2 users only.
L-ASA-AC-M-5510=
L-ASA-AC-E-5510=
Kindly find attached the "show version"
View 6 Replies
View Related
Jun 14, 2012
We have a Cisco aironet 1162N connected to a Wireless Controller (LIGHTWEIGHT mode), the device failed and it needs to be replaced.We have a Cisco aironet 1142N in stock available to use.Can we proceed with the change just with disconnect the failed AP (model: 1162N ) and connect the new one (model: 1142N)? Or there is any other task to be done before the change? since the WLC manages the configuration for each AP.
View 8 Replies
View Related
Apr 12, 2011
We have a high availability pair of ASA 5510's in Data Centre where we have configured remote access to allow users log in via SSL VPN, now we want to add further security to our environment we are adding endpoint assessment licenses...the question I have would I need two sets of the license ASA-ADV-END-SEC ?
I learned the hardway before with ASA SSL VPN licenses breaking other failover pair as it needed identical licenses on both units! Will I need 2 separate license sets to keep my firewalls in a HA pair?
View 1 Replies
View Related
Oct 16, 2012
Web clients are receiving login failed messages and VPN clients are getting disconnected by host messages. I am able to ping the server from the ASA5510. Users authenticate in AD. I am not sure if the problem is on the server or the ASA.
View 1 Replies
View Related
Jun 6, 2012
ASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?
View 3 Replies
View Related
Aug 14, 2011
I have noticed that under the Device Change Audit list under the configuration dashboard. LMS lists the wrong user for the last change. For example. User ABC performed a change on a switch yesterday but switch shows user XYZ has performed the change.
e.g.
SwitchA
! Last configuration change at 16:27:06 AEST Mon Aug 15 2011 by ABC
User XYZ then performs changes on switchB, switchC. These show up correctly. but the change on switchA shows user XYZ instead of ABC.
User XYZ has never logged into the switchA in question.
View 1 Replies
View Related
Jan 28, 2013
I am using ACS 5.3 What I am about is setting user authentication against existence of the user in specific AD group, not just being a member in any AD. What is happening now, users get authenticated as long as they exists in the AD, luckily they fail on authorization, as it is bound to specific AD group.
how can I bind the authentication aginst specific group in AD, not just using AD1 as the identity source.
View 1 Replies
View Related
Jan 25, 2011
I have a 5520 ASA running 8.2(1) and ASDM 6.2(1). The ASA has been running for 223 days without issue. Today it stopped showing real time status on the Device Dashboard from within ASDM. All of the graphs state "Lost connection to Firewall."I try to manually reconnect but it will not. I have tried on a couple different computers and cannot get the monitoring connection to work.It is a very busy firewall and I will have to schedule for a restart (which I was thinking of doing) even though I do not see a memory issue as per snip below. I don't want to restart unless it is the best option.
View 13 Replies
View Related
Feb 26, 2013
I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
[Code]......
View 9 Replies
View Related
Feb 24, 2011
I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.
When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.
The ASA5505 configuration is shown below.
hostname Firewall
interface Ethernet0/0
description Connected To Internet Router
switchport access vlan 10
[Code].....
View 2 Replies
View Related
Jan 25, 2012
I purchased the license P/N: ASA-CSC20-250U-1Y with Description: ASA 5500 CSC-SSM-20 250-User License Only Renewal (1-year)
But I had a mistake because I need support to 500 users. Now, to solve my mistake I want to know Do I can purchase another ASA-CSC20-250U-1Y to provide the 500 users suppor?
I mean, ¿are two (2) ASA-CSC20-250U-1Y equivalent to the 500 user license listed below?P/N, ASA-CSC20-500U-1Y with Description: ASA 5500 CSC-SSM-20 500-User License Only Renewal (1-year)
View 1 Replies
View Related
Jun 11, 2012
I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:
[Code].....
View 7 Replies
View Related
Jun 29, 2011
I have two ASA5510's set up in failover, and the secondary keeps crashing after doing the interface checks when bringing failover up. This only happens if I try to upgrade the image on the secondary to anything newer than 8.4.1 (I've tried with 8.4.1-11 and 8.4.2). The primary one run just fine with new images.
I don't have the exact error right now, as I need to do a screen capture from console. It's just a huge crash dump.Are there anything I might have missed during the upgrade? Should I cold-boot both the firewalls in the correct order?
View 7 Replies
View Related
Mar 28, 2011
The FTP server log shows no hits, from 192.168.1.4 I can telnet to 5505 no problem.
Doing everything on inside interface eth0/1, ftp server shows up and arp table of 5505 has correct mac for 192.168.1.4
ciscoasa# copy ftp://bob@192.168.1.4/asa841-k8.bin disk0:
Address or name of remote host [192.168.1.4]?
Source username [bob]?
[Code]...
View 2 Replies
View Related
Aug 27, 2008
Is there a way to trigger stateful (or stateless) failover on ASA 55xx (8.0.3) when there's a failure on the IPS unit? I understand the fail open/fail close and its application on a single firewall, but the better solution for an IPS failure in a redundant pair would seem to be a stateful failover to the other ASA, and I don't see that as a documented feature.
View 8 Replies
View Related
Apr 10, 2013
I have a Cisco ASA 5510 with a strange issue. When I power it ON, the following is the status of the front panel LED:
Power is OFF
Status is Amber
Active is Amber
VPN is Green
Flash is OFF
Also nothing comes up on the console. I suspected a Power supply issue and replaced it, but still it doesn't seem to work.I cant open up a TAC as I do not have a Smart Net contract.
View 2 Replies
View Related
Sep 10, 2012
i have a ASA5510 in the office, that already configured 3 context, namely, admin, user, server.in the server context, the last running config was not saved, and there was a power trip last friday night. 1 of the sub interface was affected, and i need to recreate that interface.I am getting the below error, it only allow me to do changes those pre-defined interface.how to I create extra sub interface?
View 3 Replies
View Related
Jul 21, 2011
I have a ASA5510 and I have a question about the speed the ports can handle, here is one port:
-interface Ethernet0/2
- speed 100
-shutdown
- no nameif
-no security-level
-no ip address
it's ethernet and not fastethernet so I figure it will only go to 10Mbps, but at the same time I can hard code the speed to 100.
View 2 Replies
View Related
Feb 22, 2012
i have cisco ASA 5510 Firewall using in my network, i have planning to upgrade the Flash memory from 256 mb to 512 mb and the RAM from 256 mb to 1GB.
View 1 Replies
View Related
May 31, 2012
I am having issues with monitoring our Cisco ASA5505 devices with "SolarWinds Orion NPM 10.2" through the use of SNMPv2. On some devices we see that SNMP polling stops and that the ASA's interfaces would show up as unknown - usually when the link to the device goes down/up or after a random ammount of time. At that point SNMP polling data is no longer updated and all we can rely on is ICMP for device status. I can resolve the issue by restarting the remote ASA OR restarting the SolarWinds server after which polling resumes. We are only seeing this behaviour with our remote ASA's.
Our setup is as follows:
Head End: Cisco ASA 5520 [ASA 8.3(2)]
Remote: Cisco ASA 5505 [ASA 8.3(2)]
I have found a SolarWinds article listed below that possibly identifies the issue that we are having but am not sure where to start.
[URL]
View 8 Replies
View Related
Dec 12, 2011
We have ASA 5540 with 8.2 SW. We are trying to download a file (3 MB pdf) from https session which fails if done behind the firewall. In case, the client bypasses firewall, the file gets downloaded as usuall. Interesting thing here to note is that when client is behind the firewall, its takes a long time to download the file and the file size always 312 Bytes, of course its a corrupt file.
View 3 Replies
View Related
Nov 6, 2012
I have CISCO pix, version 525, today while trying to save the config, I am getting below error
GPRS-PIX# wrBuilding configuration...no memory available
Error executing command
[FAILED]
Cisco PIX Security Appliance Software Version 8.0(4)Device Manager Version 6.1(5)51
Compiled on Thu 07-Aug-08 19:42 by buildersSystem image file is "flash:/pix804.bin"
[Code]....
View 4 Replies
View Related