Cisco Firewall :: ASA5510 Secondary Firewall Crashes After Upgrade To 8.4.1

Jun 29, 2011

I have two ASA5510's set up in failover, and the secondary keeps crashing after doing the interface checks when bringing failover up. This only happens if I try to upgrade the image on the secondary to anything newer than 8.4.1 (I've tried with 8.4.1-11 and 8.4.2). The primary one run just fine with new images.
I don't have the exact error right now, as I need to do a screen capture from console. It's just a huge crash dump.Are there anything I might have missed during the upgrade? Should I cold-boot both the firewalls in the correct order?

View 7 Replies


Cisco Firewall :: Asa5510 - How To Add Secondary Firewall

May 4, 2012

I have a cisco asa 5510 with security plus license in Live enviroment . I need to add a secondary firewall . I was planning to do in active /standby mode for failover .But i have a doubt , when i do "show version " on live asa output says Active /active failover , does this means that i can only configure failover in active/active mode not in active/standby (which i want to do )?

Maximum Physical Interfaces  : 8
VLANs                        : 20, DMZ Unrestricted
Inside Hosts                 : Unlimited
Failover                   : Active/Active
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
VPN Peers                    : 25
WebVPN Peers                 : 2
Dual ISPs                    : Enabled
VLAN Trunk Ports             : 8
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions            : 2

This platform has an ASA 5505 Security Plus license...

View 4 Replies View Related

Cisco Firewall :: Secondary IP Address In ASA5510

Feb 7, 2013

Just want to know if there is a way to configure secondary IP address on the outside/public interface of ASA/PIX.One of our clients have used most of their IP on the subnet given by their ISP. They use those IP's for staticallymapping to Servers inside their local LAN. Thus, they requested another block/subnet from their ISP. They will also use this for static mapping/port forwarding to other servers in their network. The current UTM they are using is allowing this but they would like to use ASA/PIX as their main Firewall. Is this even possible or is there a workaround for this kind of scenario?

View 5 Replies View Related

Cisco Firewall :: Memory Upgrade Of ASA5510 Firewall

Feb 22, 2012

i have cisco ASA 5510 Firewall using  in my network, i have  planning  to upgrade the Flash  memory  from  256 mb  to  512 mb  and   the RAM  from 256 mb to  1GB.

View 1 Replies View Related

Cisco Firewall :: ASA5510 - IOS Upgrade From 8.0(3) To 8.2.5

Sep 13, 2012

we have ASA 5510 which we need to upgrade from 8.0(3) to 8.2.5. can we directly switch to 8.2.5 from 8.0(3) , if not what all versions we need to go from.
What all point needs to check before that following is show flash output.
97  14635008   
Jan 01 2003 14:12:16  asa803-k8.bin   98  4096 
May 14 2008 21:22:10  tmp    2  4096
Apr 20 2008 02:21:46  log    6  4096
Apr 20 2008 02:22:16  crypto_archive   99  6851212
[Code] .....

View 4 Replies View Related

Cisco Firewall :: To Upgrade To 2GB RAM In ASA5510

Apr 5, 2012

I am having ASA5510 firewall which has 1GB RAM currently. I want to upgrade to 2GB. When I opened the box, I can see only 1 slot to insert the RAM. I searched in Cisco website and I got to know that I need to use 2 x 1 GB RAM. So, I need to have 2 slots to do that. But,  I am having only 1 slot in the box.

View 5 Replies View Related

Cisco Firewall :: ASA5510 IOS Upgrade From 7.04 To 8.2?

May 31, 2011

We are about to upgrade our ASA's from 7.04 to 8.2. Obviously I will be opening a TAC case to assist with the upgrade and I will also be upgrading ASDM software at the same time. These production firewalls are paired with an active --> failover scenario and not active --> active.  I had previously engaged cisco regarding the upgrade and they have recommended an upgrade path to ensure success. Also, I have a pair of test ASA's that I've gone through the upgrade process with - documenting the changes in commands and any changes in my config (I didn't notice any).So, the reason for my post is this: What are the gotcha's that you may have run into when upgrading your ASA's?These are fairly high visibility ASA's and any downtime due to the upgrade needs to be mitaged as much as possible.

View 1 Replies View Related

Cisco Firewall :: ASA5510 Upgrade From 8.21 To 8.31

May 15, 2013

Upgrade from firmware 8.21 5o 8.31? I am installing 1GB of memory in my ASA 5510 and in the process I have upgrade the firmware.
- Will the upgrade change my configuration or will I have to change this manually myself at some point
- What is the meaning of "Real IP" I am not sure what the means (reading up on it now)
- What else should I be concerned about during the upgrade?

View 2 Replies View Related

Cisco Firewall :: ASA5510 / SSH Not Working After Upgrade

Mar 2, 2011

I have an ASA5510 which was running version 8.31. SSH was working fine on version 8.31 but since i upgraded it to version 8.41 the SSH stopped working.

View 7 Replies View Related

Cisco Firewall :: ASA5510 Not Working Ok After Upgrade 8.2 / 8.3 / 8.4

Jan 15, 2012

An ASA5510 (with 1 webserver behind it, just starting to build the cluster) was functioning OK with version 8.2: I was able to log in using RDP to the server bhind it from some trusted IP's.
I updated ASDM to the latest version 6.4.7, and then the ASA-software to 8.3.2. After reloading, I could not access the server anymore. I saw that changes were made to the config. Then I updated to version 8.4.3, same results of course, and this is the config. [code]

View 11 Replies View Related

Cisco Firewall :: ASA5510 - Cannot Ping Inside Over VPN After Upgrade

Jan 16, 2012

We currently have a central hub using an ASA5510 and then a few site-to-site VPN connections to our support staff homes. The devices at the homes are Cisco routers. We were running version 8.25 on the ASA and all was working fine. We recently upgraded to version 8.42 and although all the functionality of the network is ok and it does what it should, our support staff cannot ping, ASDM or telnet to the ASA inside interface anymore whereas they could before the upgrade. The home VPNs all run on a 10.30 subnet (i.e. 10.30.1.x, 10.30.2.x etc etc). I can post our config (security edited of course), but it is quite a big config. The command management-access inside is specified and the subnet is permitted to ASDM and Telnet. Are there any extra things that have to be done in version 8.42 to get this to work as the support staff do have to access the firewall for configuration purposes. At the moment, they have to telnet to one of the routers on the local LAN and then Telnet to the firewall from there.Prior to the upgrade, they were all able to ping the inside ASA interface and also telnet and HTTPS to it from their PCs at home. Now they cannot and the only change made was an upgrade to 8.42. Immediately after the upgrade none of them can ping the interface anymore and it seems it can only be accessed from the local LAN. I cannot find any access-lists that might be blocking the packets so can only assume it's something in the way 8.42 works.

View 8 Replies View Related

Cisco Firewall :: Upgrade IOS On ASA5510 Fail Over Pair

Aug 17, 2011

I am a bit unclear as to the upgrade path I should take - I have 2 ASA 5510s in active/standby running 8.0(4)34 and would like to upgrade to 8.2.5.  Do I need to first upgrade to 8.0.(5) before upgrading to 8.2.5, or can I just jump straight to 8.2.5?

View 4 Replies View Related

Cisco Firewall :: ASA5510 Possible To Upgrade Module Of Interfaces From 10mb To 1gb

Jul 29, 2012

I am using Cisco ASA5510 Firewall in my network.  Upgraded the Memory and Flash  to 1GB and 512MB.But the 5 interfaces  ports are  10mbps.Can it possible to upgrade the module  of Interfaceses from 10mb to 1gb?

View 2 Replies View Related

Cisco Firewall :: ASA5510 Internal Flash Requirement For IOS 8.2(5) Upgrade?

Dec 21, 2012

Currently my ASA5510 has a 64MB internal flash.  Does the ASA require a higher capacity flash for an IOS upgrade from 7.2(x) to 8.2(x)?  The Cisco Release Notes does not state any internal flash requirement, but just wanted to double check.

View 2 Replies View Related

Cisco Firewall :: ASA5510 Memory Upgrade 256MB To 1GB Fail?

Nov 7, 2011

I tried last night to upgrade the memory in my old 5510. It's about 5 years old and has the single memory socket. I followed the instruction included in the kit:
Mfr. Part#: ASA5510-MEM-1GB
I did wear an ESD wrist strap (genuine Cisco at that!) and ensured the memory was fully seated, the handles locked in.Upon restarting the ASA, for over 15 minutes, it stayed in mode: Power LED steady, Status LED flashing, other LEDs off. No response to attempts to SSL via Putty. I powered it off, verified the memory was indeed fully seated, and re-installed the original 256 MB module. It powered up normally in less than 5 minutes. Is there anything else to try before returning the memory? Tonight, I can try the same new memoy module and see if it works.

View 3 Replies View Related

Cisco Firewall :: When Upgrading Fail-over Pair Last Week Had To Upgrade ASA5510

Aug 14, 2012

[code] I would like to the ASA5510 Base license upgrade to Security Plus license. But after the upgrade is still the license of the Base.I think I was wrong option selected in the process of upgrading, how should I do to be successful upgrade

View 2 Replies View Related

Cisco Firewall :: Secondary ASA 5550 Firewall Getting Down Automatically?

Apr 17, 2011

I am having two ASA 5550 firewall running in active/standby mode. With in last two months our secondary firewall got down automatically 3 times. Firewall is running with IOS version 7.1.2. how to proceed further troubleshooting because there are not any logs on firewall.

View 3 Replies View Related

Cisco Firewall :: ASA5510 - Unable To Ping From User Desktop To Firewall Inside IP

Jun 11, 2012

I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to  FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:


View 7 Replies View Related

Cisco Firewall :: ASA5510 Firewall Transparent Mode

Sep 10, 2012

i have a ASA5510 in the office, that already configured 3 context, namely, admin, user, the server context, the last running config was not saved, and there was a power trip last friday night. 1 of the sub interface was affected, and i need to recreate that interface.I am getting the below error, it only allow me to do changes those pre-defined to I create extra sub interface?

View 3 Replies View Related

Cisco Firewall :: ASA5510 Firewall Interface Speed

Jul 21, 2011

I have a ASA5510 and I have a question about the speed the ports can handle, here is one port:
-interface Ethernet0/2
- speed 100
- no nameif
-no security-level
-no ip address
it's ethernet and not fastethernet so I figure it will only go to 10Mbps, but at the same time I can hard code the speed to 100.

View 2 Replies View Related

Cisco Firewall :: ASA 5550 With IOS 8.0(2) Crashes

Jan 31, 2012

we had just installed our ASA 5550 with IOS 8.0(2) a couple of week ago.
2 interfaces from each slot are being used ie 0/0 for Branch users comming via MPLS cloud ,  0/1 for internal LAN users comming form Core Switch  & 1/0 for Server farm LAN   , 1/1  for Internet (outside)
the first 3 interface are considered inside with sec set at 100   while the 1/1 is outside with sec at 0.
Last night it suddenly started dropping all connections without any warning  or any noticible log form the ASDM logging.
the connection drop would happen for 2 - 3 minutes and would work fine for the next 15 minutes or so..
after conencting the console , we found out that the IOS would suddelny go abrupt and show this display ...
TP-ASA(config)# TP-ASA(config)# TP-ASA(config)# Thread Name: Dispatch UnitPage fault: Address not mapped    vector 0x0000000e       edi 0x24d184b0       esi 0x0000000d       ebp 0x1c6ceaf8       esp 0x1c6ceae0       ebx 0x09e965e0       edx


View 2 Replies View Related

Cisco Firewall :: RDP Access Through ASA5510 Firewall?

Feb 12, 2012

i  am  using Cisco ASA5510 Firewall  in my  Network in the distrubition Layer .Private Range of Network Address  use  in the Network  and PAT  at the FW for  address translation.presently  encountering an issue  the users  behind  the FW  in my network  unable to  RDP  at port 2000  presented  at the Client Network.Able to Telnet  on port2000 but  not RDP .  any changes needed at the FW end  to  get the RDP Access.

View 12 Replies View Related

Cisco Firewall :: Difference ASA5510-BUN-K9 And ASA5510-Sec-Bun-K9

Jun 6, 2012

ASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?

View 3 Replies View Related

Cisco Firewall :: Botnet Filter Crashes ASA5505

Feb 27, 2011

I have a problem with my ASA5505 after enabling botnet filter my ASA reboots.Also while booting it usualy takes around 30minutes of random cycles before loading the OS. It seems to be falling at the license check.To fix the boot I usualy unplug the ASA for about 15minutes and then it will boot up fine.

View 3 Replies View Related

Cisco Firewall :: Continuous Crashes With ASA 8.2(5)22 On Standby Unit

Mar 8, 2012

I've tried to upgrade a redundant setup from 8.2(4)4 to 8.2(5)22 ending with a stanby ASA continuously crashing after config sync phase. On the first crash it even corrupted the flash, leaving me no choice than initializing the box from scratch.

View 4 Replies View Related

Cisco Firewall :: Secondary IP Over 5505 Fastethernet

Jun 13, 2012

I would like to know if is possible to configure a secondary IP address in a 5505 interface ??

View 1 Replies View Related

Cisco Firewall :: Implement Secondary ISP To ASA 5510?

Aug 27, 2012

We are in the process of implementing secondary ISP to our ASA firewall and We would like to run both ISPs in parallel so we can test until we finally cutover?

View 2 Replies View Related

Cisco Firewall :: Upgrade From 5505 To 5520 On Network - ASA Firewall Throughput

Feb 27, 2013

I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.

View 5 Replies View Related

Cisco Firewall :: 1941 - Content Filter Crashes Router

Apr 7, 2011

I seem to be experiencing a problem with content filtering on our 1941, if I add anymore patterns to the policy below the router crashes and requires a reboot, not sure why?
parameter-map type urlfpolicy trend cptrendparacatdeny0
max-request 5000
max-resp-pak 1000


View 1 Replies View Related

Cisco Firewall :: Assign Secondary ISP-2 Pool IP To DMZ Server?

May 15, 2011

Can we assign Secondary ISP-2 Pool IP to DMZ Server, network design attached for reference.

View 2 Replies View Related

Cisco Firewall :: ASA 5520s Secondary FW Sub-Interface Failure

Mar 3, 2013

I have two ASA 5520s in Active/Standby. I try and test this quartely to ensure it is working correctly. Everything works fine, except I have an issue with one interface. When doing a show failover, it shows the interface as failed on the secondary unit, and I am not sure why. It shows it as normal on the primary.
This host: Primary - Active
Active time: 9277305 (sec)
slot 0: ASA5520 hw/sw rev (2.0/8.2(4)) status (Up Sys)
 Interface WaterworksCanopy (192.x.x.x): Normal


View 15 Replies View Related

Cisco Firewall :: ASA5505 Lose Configuration If Upgrade Firewall

May 17, 2011

i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.

View 2 Replies View Related

Cisco Firewall :: 5505s - Secondary ASA Active And Primary Is On Standby

Dec 5, 2011

We have 2 ASA 5505s in a data center at a remote site.
Whilst troubleshooting another issue I noticed the below. I don't know much about fail over but this would suggest that the secondary ASA is active and the primary ASA is on standby.
if the primary is "active" then how come the secondary is the active ASA? I would have thought that once the primary ASA became active this would assume the "main" role".

[Code] .....

View 7 Replies View Related

Copyrights 2005-15, All rights reserved