Cisco Firewall :: ASA5510 Can't Be Accessed For Management

Mar 13, 2013

I am trying to get an ASA5510 working in transparent mode, multi-context.  I am on revision 8.2.5, so there are no bridge groups (those are enabled in 8.4). I first set it to transparent mode, then set it to multi-context mode.  I am doing trunking through the Ethernet0/0 to Ethernet0/1, and have two vlans on subinterfaces of each interface.  These interfaces are in the 2nd and 3rd contexts, and all trunking between vlans is working correctly in transparent mode.
 
But I can't telnet or ssh to the ASA itself.
 
I have an IP address on the inside vlan interface in

View 4 Replies


ADVERTISEMENT

Cisco Firewall :: ASA5510 - Cannot SSH Or ASDM To Management Interface

Jan 21, 2013

I try to SSH and get access denied.
 
I try to ASDM and get "Unable to launch device manager from 172.16.252.100"
 
I think I am missing something. Software is 8.4(5) and running in Transparent Mode.
 
Inside/Outside are in bridge-group 1. No BVI is configured as we will be using Management0/0 for access.
 
login as: test
test@172.16.252.100's password:
Access denied

[Code].....

View 7 Replies View Related

Cisco Firewall :: ASA5510 Static Routes For Management Interface Not Working

Mar 30, 2011

We have several pairs of ASA5510s in failover A/P mode, some running 8.3(2) and others running 8.4(1).
 
e0/0 = outside
e0/1 = inside
m0/0 = management
 
The problem we're having is we can't get anything to route out of the management interface unless we put in a static route at least to the subnet level. For example, we want syslog traffic to exit out m0/0 to our syslog server 10.71.211.79. Our 'gateway of last resort' points to the next hop out e0/0, and a second static route with a higher metric and a more distinct network space is for m0/0 as in:
 
route outside 0.0.0.0 0.0.0.0 192.168.49.129 1route management 10.72.0.0 255.255.0.0 10.72.232.94 10
 
This doesn't work, and ASDM loggin gives this error: ".....Routing failed to locate next hop for udp from NP Identity Ifc:10.72.232.89/514 to management:10.72.211.79/514"
 
If I put in a more granular subnet route, or a host route of the syslog server it works, such as:
 
route management 10.72.211.0 255.255.255.0 10.72.232.94 10   <------------- this works
 
route management 10.72.211.79 255.255.255.255 10.72.232.94 10   <------------- this works too
 
Why won't a static route for 10.71.0.0 255.255.0.0 work in this case?
 
We are going to have numerous hosts access and be sent messages though the management interface of these ASAs, and it would be very burdonsome to have to add a host, or even a subnet, route for every one. I've removed all static routes and tried to rely on EIGRP, but that doesn't work. I also had to put 'passive-interface management' under the EIGRP for this to work.
 
Here is the pertinant ASA config concerning syslog, routing, and interfaces:
 
interface Ethernet0/0 nameif outside security-level 0 ip address 192.168.49.140 255.255.255.128 standby 192.168.49.141 !interface Ethernet0/1 nameif inside security-level 100 ip address xxx.xxx.xxx.xxx 255.255.255.128 standby

[Code].....

View 3 Replies View Related

Cisco VPN :: ASA5510 / SSLVPN Portal Password Management?

May 19, 2013

I'm trying to setup a SSLVPN Portal for our customer which will authenticate against Active Directory using LDAP over SSL and with the portal have the ability to change password if it has expired. I have managed to setup everything now except for the password reset which is giving me a headache. This is the message that's presented by the portal when i try to change the password even though the same password works when i change it on a PC instead of using the portal.
 
"Cannot complete password change because the password does not meet the password policy requirements. Check the minimum password length, password complexity, and password history requirements."
 
And below is the output of ldap debug on the ASA5510 the Portal is running on.
 
[473] Session Start
[473] New request Session, context 0xadbe760c, reqType = Modify Password
[473] Fiber started
[473] Creating LDAP context with uri=ldaps://x.x.x.x:3269
[473] Connect to LDAP server: ldaps://x.x.x.x:3269, status = Successful
[473] supportedLDAPVersion: value = 3

[code]....

View 5 Replies View Related

Cisco Firewall :: Difference ASA5510-BUN-K9 And ASA5510-Sec-Bun-K9

Jun 6, 2012

ASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?

View 3 Replies View Related

Cisco Firewall :: ASA 5520 - Routed Management Interface On Transparent Firewall?

May 5, 2013

I have an asa 5520.  How would I configure my dedicated management interface to be able to route off subnet while the firewall is in transparent mode?

View 1 Replies View Related

Cisco Firewall :: 5520 Firewall Management Port

Nov 29, 2011

we are having a firewall asa 5520 .we have connected the  management port and inside port to internal network and dmz port to dmz network.now we need to configure tacacs and other management tool on dmz devices through management port. The problem is the management devices tacacs and other are placed in internal network.

View 2 Replies View Related

Cisco Firewall :: ASA5510 - Unable To Ping From User Desktop To Firewall Inside IP

Jun 11, 2012

I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to  FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
 
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:

[Code].....

View 7 Replies View Related

Cisco Firewall :: ASA5510 Secondary Firewall Crashes After Upgrade To 8.4.1

Jun 29, 2011

I have two ASA5510's set up in failover, and the secondary keeps crashing after doing the interface checks when bringing failover up. This only happens if I try to upgrade the image on the secondary to anything newer than 8.4.1 (I've tried with 8.4.1-11 and 8.4.2). The primary one run just fine with new images.
 
I don't have the exact error right now, as I need to do a screen capture from console. It's just a huge crash dump.Are there anything I might have missed during the upgrade? Should I cold-boot both the firewalls in the correct order?

View 7 Replies View Related

Cisco WAN :: SRP-547W Allow Certain Websites To Be Accessed

Feb 18, 2012

I'm slightly concerned about my Cisco SRP-547W... there are times when it will cease to allow certain websites to be accessed and for a SONOS system to access Napster/Spotify. When i look in the administration part, the CPU usage shows 100%. I then have to restart the router, where it will settle back down to between 20% and 40% CPU load.Whats odd is it's not something that happens once every hour, it can be fine for days and then suddely go.

View 1 Replies View Related

Cisco Firewall :: ASA5510 Firewall Transparent Mode

Sep 10, 2012

i have a ASA5510 in the office, that already configured 3 context, namely, admin, user, server.in the server context, the last running config was not saved, and there was a power trip last friday night. 1 of the sub interface was affected, and i need to recreate that interface.I am getting the below error, it only allow me to do changes those pre-defined interface.how to I create extra sub interface?

View 3 Replies View Related

Cisco Firewall :: ASA5510 Firewall Interface Speed

Jul 21, 2011

I have a ASA5510 and I have a question about the speed the ports can handle, here is one port:
 
-interface Ethernet0/2
- speed 100
-shutdown
- no nameif
-no security-level
-no ip address
 
it's ethernet and not fastethernet so I figure it will only go to 10Mbps, but at the same time I can hard code the speed to 100.

View 2 Replies View Related

Cisco Firewall :: Memory Upgrade Of ASA5510 Firewall

Feb 22, 2012

i have cisco ASA 5510 Firewall using  in my network, i have  planning  to upgrade the Flash  memory  from  256 mb  to  512 mb  and   the RAM  from 256 mb to  1GB.

View 1 Replies View Related

One Computer On Network Can't Be Accessed By The Others

Jul 31, 2011

I've got 3 identical PC's that were bought and configured at the same time, all running Windows 7 off a Netgear router. Though all 3 machines can successfully ping each other, one machine can't be accessed by the other two through windows explorer meaning it can't participate in LAN games or share files with the other 2 machines.

I also seem unable to register my copy of Starcraft II because it doesn't recognise any return data from the Starcraft servers, though it works fine on another machine (not sure if this is related). I've disabled the firewall on the unaccessible machine and believe file sharing is activated but it hasn't worked.

View 3 Replies View Related

Cisco WAN :: 3825 Cannot Ping DNS And Neither Internet Can Be Accessed

Jun 27, 2012

I have cisco 3825 router with two interface one with public ip 182.50.190.140 and the other with private ip 192.168.1.1 and the DNS is 66.28.0.45, I configured NAT overload on it to access internet I can ping public ip nad default gateway but cannot ping dns and neither internet can be accesed. following are the configurations. [code]

View 2 Replies View Related

Cisco Firewall :: Asa5510 - How To Add Secondary Firewall

May 4, 2012

I have a cisco asa 5510 with security plus license in Live enviroment . I need to add a secondary firewall . I was planning to do in active /standby mode for failover .But i have a doubt , when i do "show version " on live asa output says Active /active failover , does this means that i can only configure failover in active/active mode not in active/standby (which i want to do )?

Maximum Physical Interfaces  : 8
VLANs                        : 20, DMZ Unrestricted
Inside Hosts                 : Unlimited
Failover                   : Active/Active
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
VPN Peers                    : 25
WebVPN Peers                 : 2
Dual ISPs                    : Enabled
VLAN Trunk Ports             : 8
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions            : 2

This platform has an ASA 5505 Security Plus license...

View 4 Replies View Related

Cisco Firewall :: RDP Access Through ASA5510 Firewall?

Feb 12, 2012

i  am  using Cisco ASA5510 Firewall  in my  Network in the distrubition Layer .Private Range of Network Address  use  in the Network  and PAT  at the FW for  address translation.presently  encountering an issue  the users  behind  the FW  in my network  unable to  RDP  at port 2000  presented  at the Client Network.Able to Telnet  on port2000 but  not RDP .  any changes needed at the FW end  to  get the RDP Access.

View 12 Replies View Related

Home Network :: Certain Sites Can Only Be Accessed When Using Fiddler?

Apr 16, 2012

I have recently installed a new router (DLink Dir-615) and it seems that certain sites will not render for me. They simply show up as blank pages, or they will attempt to load, flash a few times and end in a the site cannot be reached. However, if I am running Fiddler, all of the sites work. The issue also occurs with various components on certain sites, i.e., video. The videos either do not play or will continuously skip to the next clip when Fiddler is not running.

I am completely baffled as to why this is happening and is there some setting on my new router that I need to enable?

View 1 Replies View Related

D-Link DIR-655 :: Need To Block Certain IP Address To Be Accessed By All Computers

Dec 3, 2011

Bought DIR-655 from Amazon. Rev. B. Come with 2.00NA firmware. Updated to latest one, and there are a lot of problems, to most of them, I was not able find any solution. Here they start:

1. WIFI SPEED PROBLEMS.No matter what speed, parameters, channel, mode, etc I select, router keeps working on 20mhz channel width. So I never get speeds above 65 mbit. In absolutely same conditions, my DIR-300 B1 (with DD-WRT firmware) gives me stable 150mbit. SO I KINDLY ASK, MAYBE THERE IS A WAY TO FORCE "40 MHZ ONLY" OPTION?

2. PASSWORD PROBLEMS.Router came with no admin password, I enter new password, hit "update" it says - wait 20 sec, after that, login page is displayed, but, new pasword does not works! since it asks again for empty password!

3. FILTERING PROBLEMS.I need to block certain IP address to be accesed by all my computers. Say this is 111.111.111.111 . So I added inbound filter rule, to block access to that IP. It does not works - IP is still accesible.

4. MORE FILTERING PROBLEMS.Since above mentioned method does not works, I have to use "ACCESS CONTROL" feature. It does works, but it causes another problem, with access control enabled, all webpages with form submit stop to work. For example, if I'll have that feature enabled, when I press "post" on this webpage, it instantly will go to "this page cannot be displayed".

I bought this router solely for one purpose - I was happy with speed of my DIR-300, but I needed gigabit for my computers. So I thought, instead of buying separate switch, I'd better buy a router with gigabit. I was suggested to get TP-LINK 1043, since it's quite popular, alternate firmwares available and so on, but I refused to buy it, since I thought that some chinese company does not worth my attention. So I bought this D-Link (for almost 2x price of TP-Link) and having huge problems as you can see.

View 9 Replies View Related

Linksys Wireless Router :: WRT54GC V2.0 Cannot Be Accessed?

Jul 13, 2009

I have a WRT54GC v2.0, that was working perfectly till yesterday.I cannot access the router no more, either thru cable nor wireless, all lights are flashing.I thought it would be the power source but i have measured it with my fluke multimeter and there is 3.5v, it is probably working well.

View 9 Replies View Related

Cisco Firewall :: Bandwidth Management On ASA 5505?

Sep 30, 2012

I have 20 mbps internet link and I have ASA 5505 . I have to divide this bandwidth 10-10 mbps each for Voice and Data . So that both can work properly. because when I am using it for both on same interface, I am getting Voice disturbance..

View 1 Replies View Related

Cisco Firewall :: Management Port On ASA5505?

Nov 7, 2011

I have interfaces defined on the 5505:
 
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1

[Code].....

I only need one interface to connect to a single host on the inside (VLAN1) and then connect E0 to a DSL.
 
Is it possible (are what are the commands required) to take one of the other interfaces and create a Management port on the local office LAN?

View 2 Replies View Related

Cisco Firewall :: Bandwidth Management ASA 5505

Jul 24, 2012

i have 16MB internet speed, i want to give inside interface in my ASA only 2MB to use how can i assign it ?
 
ASA Version 8.2(5) !hostname ConcordeASAenable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface

[Code].....

View 2 Replies View Related

Cisco Firewall :: ASA 5512 8.6(1) Failover Via Management

Jun 9, 2013

I am configuring a brand new pair of ASA 5512s running 8.6(1).  Traditionally we hae been using the Management port as the dedicated failover link, but that seems to not be possible on the 5512s.
 
ASA (config-if)# no management-only ERROR: It is not allowed to make changes to this option for management interface on this platform.
  
I have not been able to find anything in the official documentation mentioning this restriction. 

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Management Interface

Feb 13, 2012

I am having issues with the ASA 5510 management interface. I can't communicate with this interface. It is showing DOWN/DWON even if I type NO SHUT several times.
 
My existing config is as follows 
our-asa-01# sh run
Saved
ASA Version 7.2(5)
hostname our-asa-01
names
dns-guard
interface Ethernet0/0
[code]....

View 5 Replies View Related

Cisco Firewall :: VPN Password Management - ASA5520?

Dec 15, 2012

I have password management configured on our 5520 for VPN users, and it is prompting and allowing me to change passwords.... however it seems the password change seems to not be replicating to AD.  I am able to access network resources using the old and new password.

View 1 Replies View Related

D-Link DCS-930L :: Does Data Only Go Over WAN Connection When Camera Accessed?

Jan 8, 2012

Or, does the data only go over the WAN connection when the camera is accessed via myDlink?  I ask because I have this camera installed in my mountain home and the WAN connection is a 5GB/month Verizon USB modem.  It seems to be chewing up a LOT of data.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Unresponsive Remote Management?

Aug 22, 2012

unresponsive / lockups with Cisco ASA 5505 remote management ?
 
I think it happens like this:
 
1) With ASDM (Java Web Start), add new crypto map (it could be anything, just happens to be what i added the last time this happened)

2) Click apply

3) ASDM hangs (at this point the Java client becomes entirely unresponsive)

4) ASDM.jnlp refuses to connect and eventually timeout dialog appears. However, VPN connections are still accepted.

5) After a few hours (over night), the ASA refuses all incoming traffic including VPN connections.

View 5 Replies View Related

Cisco Routers :: WRVS4400N V.2 - Remote Management Through The Firewall

Mar 21, 2012

I'm attempting to configure remote management (and, sometime soon, SNMP) for a newly-deployed WRVS4400N v.2.At the Basic Settings page, I enabled Remote Management, and left the port # at the default. Remotely I entered the public (static) IP for the router in the address bar of IE8 similar to this: 67.203.???.??:8080. IE8's response is, "The webpage cannot be displayed." I'm using a public wi-fi access point, and don't know how the local router is configured, so it's possible that the local router has a blocking rule in the firewall.I'll try again using another remote router that I manage.

View 3 Replies View Related

Cisco Firewall :: Management Of ASA5520 From ITsupport Subnet?

Sep 27, 2012

Currently have an ASA5520, management port is set to management only connected to a management vlan, inside, outside and dmz ports also in use for respective traffic, all is working well, the issue i have is that the ITsupport staff on there user vlan have to have access to manage the ASA with ASDM at all times, this all works fine as i have added a route for management to there subnet, problem is that from this vlan they can no longer ping the remote sites which connect via site to site vpn. For troubleshooting and management purposes this is required, is there any way around this?, if we make the management port not management-only how will this effect other traffic or routing?

View 3 Replies View Related

Cisco Firewall :: Remote Management Access Through VPN On ASA 5505

May 21, 2012

I have a remote ASA5505 running 8.4(3) with a working site 2 site VPN tunnel to my main office. (The main office is running an ASA 5510 with OS 8.4.3 as well). The encryption domain is all private IP on main site vs. 172.16.10.0/23 on remote site.
 
Relevant config of the remote ASA:
 
interface Vlan1
nameif inside
security-level 100

[Code].....
 
I can manage the ASA on the outside interface (outside of the site 2 site VPN) using the TACACS credentials I can also ping my management station from the ASA using the inside interface, but as stated, the other way around does not work. I have not yet tested if management from the local 172.16.10.0/23 subnet works, but I will try this next.

View 5 Replies View Related

Cisco Firewall :: ASA5512-X Setup Using Management Interface

Jun 28, 2012

I have a brand new ASA5512-X running 8.6.1, and am trying to do an initial setup using the Quick Start Guide that came with it.  However, the Management Interface is not working.  I have a PC connected and set to use DHCP, but the port is not active. I connected a console cable and can see in the config that the interface is shutdown.  So I set it to active, and the port is now active, but is not giving out a DHCP address as the guide says it should.I would like to use the ASDM Startup Wizard to configure this device, so how do I get it to work the way the instructions say it should?

View 2 Replies View Related

Cisco Firewall :: ASA5540 Management Interface IP Addressing?

May 9, 2011

How does one allow /31 mask for an management interface on an ASA5540 using version 8.3(1)?
 
I need to configure a 192.168.x.y /31 on the management 0/0 interface of a ASA5540 and it is providing me with the following error:ERROR: /31 mask is not allowed

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved