ASA5545 : Software Version 8.6(1)2Connection table (cfwConnectionStatValue) gradually increases and never goes down. Upon 750000 connections, user activity is hampered and the box claims that it can not support more connections.
View 4 RepliesCustomer has a ASA5540 at their main location and need a new ASA5500 for a DR site.
Can I simply take a config file from an ASA5540 and easily drop it on an ASA5545-X or what ever?
They are going to be using it as a VPN concentrator primarily.
Or are there going to be issues since the 5540 is running 8.4(5) and the 5545-X? Or if they upgrade to 9,0(1) or higher, then they should be the same?
I am trying to access an ASA 5545 using TACACS+. I have the ASA configured as follows:
aaa-server tacacs+ protocol tacacs+
aaa-server tacacs+ (inside) host 10.x.x.x
[code]....
I have added the ASA in ACS with the correct IP and the correct key. When I try to test the authentication via test aaa-server authentication tacacs+ host 10.x.x.x username Cisco password Cisco, I get:
ERROR: Authentication Server not responding: No error.
In datasheet of WS-SUP720-3B - link- was said that are only supported around 256K routes (fib?rib?).With this value I can't get 2 full bgp - that is around 850K ..
The supervisor is that control this or just memory ? I said this because I have a 7204-npe-g1 whith 2 fullrouting and 1G of and he are ok..
I read a number of older posts indicating that there was no ability to walk the arp table on an ASA 5510; wondering if that has changed at all?
Is there a syslog message that is generated when a new arp entry is added? Is that the only way to do this is to programmatically ssh into the ASA and grab the output from a 'show arp' command!
I was wondering if anyone has seen their VPN User Connection Status Table empty even though you know for sure clients are connected? I connect with my iPhone to the PPTP VPN successfully and it works fine but there's no entry for the connection on the VPN User Connection Status Table. Is that normal? Does the router only collect data about Windows clients?
View 3 Replies View RelatedI have an ASA 5505 in transparent mode. The device mac address table is always empty.
show mac-address-table and show mac-learn both come with empty response.
I'm attempting to configure two ASA 5520 for active/standby failover.When I enter the “failover” command to enable the config on the primary ASA, the entire routing table disappears.There is no routing process running, only static routes are configured.
Is this an expected behavior of the failover process and if so, how long should I wait for the routes to come back?
We're getting "Connaction Timeout / Connection Failure" error messages several time per day. Here is our setup:
Verizon FiOS Internet (ONT Box) --> Cisco ASA 5505 --> EdgeMarc 4500 Router --> Cisco 300-24G Switch --> Dell PE1950 Servers
From past few months, we keep getting Connection Timeout and Connection Failure error messages in our vendor application which connects to SQL Server 2005. Also Terminal Server 2003 keep disconnecting for every few hours.After several days of troubleshooting, we come to know that this Cisco ASA 5500 is not working properly. When I access the ASDM, it shows several warning messages.I know there is a setting option to configure TimeOut, but is there anyway to test and track the ASA 5500 regarding this Timeout issues?
Can someone throw me a bone on what might be occurring here?
View 7 Replies View RelatedWe have a BGP / OSPF configuration as shown in the topology picture. When the connection towards Internet is taken down, we expect the traffic to be forwarded toward WAN 2 (preferred) or WAN 1. The problem is that the BGP learned routes disappears when the Internet connection is taken down. The IP routing table on R2 only shows internal networks and the networks between R2 and WAN 1 and 2. No routes to internet is shown. We run "show ip bgp neighbors <ip-to-wan-1-router> received-routes" it contain internet routes. And when we run "show ip bgp neighbors <ip-to-wan-1-router> routes" it contains no routes at all.
View 2 Replies View RelatedTrying to get a Cisco ASA 5505 to show me all the current dynamic PAT. (I don't want to see hard-coded port forwarding, just dynamic stuff the router is doing to allow various hosts on the network to talk to the WAN.)
View 8 Replies View RelatedAny good link to find how to configure MAB table on acs 5.3? I cannot find one by myself. If it is possible a guide with picture in it.
View 7 Replies View RelatedWhen we configure a SG 300-10 switch in layer 3 mode to do so some static routing, I would like to know the ARP table limit (association between IP address and MAC address) ? The documention talks about MAC (association between MAC and port) table limit, routing entries limit ... what about ARP limit ?
View 1 Replies View RelatedMy comany is planning get full bgp table from our providers we have mutliple egress providers in order to load balance we are looking for a full table from all of them what would be minumu requiremts we have all edges as 6500 with sup 720 ,is there any memory requrements that need to be upgraded ??
View 4 Replies View RelatedWhere can the following information be found?
1. CEF table capacity (maximum)
2. Route table capacity (maximum)
I can issue "show ip cef sum", "show ip route sum" to see the current usage.
I've inherited a project building an internet connectivity solution for a large corporate. It has its own AS and its own PI space. They are putting in 100Mbit connections from 5 different Tier1's , taking full internet routing from each. Cisco ASR1002's have already been specified and purchased for the job. I'm not familiar with the ASR platform at all - is it up to the job with full routing tables? multiple instances of full tables ? (not likely to put all 5 into one box!)
View 2 Replies View RelatedI have this routing table which I need to fill in for the network shown in the image attached. guide me to some good resources to understand
View 1 Replies View RelatedThe problem is the memory available in common BGP-routers. A sup720-3BXL for example, a widly used sup-engine for handling BGP as far as I know, is getting to the limit of its memory size, depending on the number of upstream-providers connected to it.What are you doing, what are major ISPs doing, to circumvent this problem? setting up some server, working as route-reflector, and with a high level of summarizing routes, above supernetting? But at the cost of stability? Or buying new hardware, supporting bigger table? For example the RSP720-3CXL-10GE with up to 4GB memory? But how long will it last? Or a ASR-9001 with 8GB memory or even the ASR9k6 + RSP440 with 12GB mem?
View 19 Replies View Relatedviewtopic.php?f=33&t=24000
How can you remove these "L" routes in routing table?
I have an RV082 10/100 8-Port VPN Router and have configured the NAT table to allow for remote users, however I've run into an issue. It seems like there is a limited number of entries that you can put in the table,10, and I need to configure about 5 more IPs. Any way to expand the NAT table, or alternatively recommend a different router. I would also be willing to add another router to the network, but I have little experience doing that.
View 3 Replies View RelatedI am looking how to see the mac table on a Nexus 5000 switch running NX-OS and confirm the mac address on a certain port. Similar to the Sh mac-address-table in IOS and sh cam in Cat-os.
I am sure this is simple I just cannot find the command.
how I can get to the DHCP client table on a Cisco 891 Router ? We just upgraded our router from a WRVS4400N to the Cisco 891. THe WRVS4400N has the feature DHCP client table that I can see the Client host Name and IP address,Mac Address I have CCP and CCP express installed on my system?
View 1 Replies View RelatedThis is a bit of an odd question because it's about a problem I ran into a year or so ago, but I wasn't aware of these forums at the time, so I thought I'd run it past you all. Unfortunately that means I can't reproduce the problem right now, so it's kind of a theoretical question.
A while ago I tried to deploy an sg300-28 in L3 mode as the "core" switch in our ~70-person office, with static routes across 5 vlans. There were probably around 250 devices on the network in total when you include phones, virtual machines, mobile devices, and so on. Over the deployment weekend things worked fantastic; when everyone came in on Monday, network performance was terribly slow.
So my theory at the time was that the switch's (L3) arp cache was full -- if I pinged a host on another vlan, the switch would send a new ARP request every second ping. We scrambled a Linux box to act as a router and disabled the L3 functionality on the switch, and it's been fine since. However, in the months since then, we've observed some STP misconfigurations, which leads me to wonder if it wasn't an ARP table size issue, but rather a topology issue. But moving routing to a different box did solve the problem immediately.
The switch has been fine as our core switch. The MAC table on that switch right now has 358 entries (we've grown since this happened). It was just on level 3 that it wasn't keeping up.
Does this ring a bell? How many arp table entries can an sg300-28 retain?
What are the rough figures that a NPE-G2 is able to hold for the BGP routing table?
378475 network entries using 51472600 bytes of memory 378482 path entries using 21194992 bytes of memory 63008/63003 BGP path/bestpath attribute entries using 8065024 bytes of memory BGP using 82975730 total bytes of memory
Are these 3 memories different memory allocated or are they are a sub-set of each other? If a NPE-G2 has 1GB RAM, does it mean that the routing table limit is depending on the RAM availability?
trying to fetch the equivalent of the mac-address-table on a 1811 with SNMP. I want a mapping between active MACs to a port ifIndex (not a VLAN interface ifIndex).
- I've snmpwalked every MIBs on this device (including all the proprietary MIBs supported by the IOS)
- I've upgraded to latest IOS from the 12.4(24)T series and also tried latest from 12.4(15)T series
- I am aware of the community index (@ sign in read-only community to split per vlan)
- I've exhausted all my google skills
On 29xx, 35xx, we obtain that information using the BRIDGE-MIB, community indexing and the following OID:
1.3.6.1.2.1.17.4.3.1.2 (dot1dTpFdbPort)
ex:
# snmpwalk -v 2c -c public@1 192.168.1.61 1.3.6.1.2.1.17.4.3.1.2
SNMPv2-SMI::mib-2.17.4.3.1.2.0.23.89.208.164.62 = INTEGER: 24
SNMPv2-SMI::mib-2.17.4.3.1.2.0.23.101.255.67.177 = INTEGER: 12
SNMPv2-SMI::mib-2.17.4.3.1.2.0.24.25.113.78.52 = INTEGER: 11
We have a couple of 6500 series switches and have 3 BGP peerings to each. The 6500 series switches are loaded with WS-SUP720-3B Supervisor Engine. I believe there is a limit to the number of IPv4 routes WS-SUP720-3B supports(256,000). We also have "soft-reconfiguration inbound" configured on the BGP peerings. Thus when I do a "show ip bgp A.B.C.D" it displays three routes from 3 BGP peers and it displays an additional 3 "received-only routes" which I think is due to the "soft-reconfiguration inbound" configuration. We currently filter inbound routes from the BGP peers to be between /0 and /27
We are now looking to add another 2 BGP peerings. I am not too sure if the WS-SUP720-3B will be able to handle all the BGP routes. Is this limit of 256,000 IPv4 routes due to Processor memory limitation or is it software related? Would removing the "soft-reconfiguration inbound" save me some memory ?
We are running with Cisco ACS v4.0 AAA server, Here I need the use of Proxy distribution table.
View 5 Replies View RelatedWe have an issue in which some of our public IPs will not work from outside. We have a couple of subnets/29. We allow traffic via access rules and they point to internal servers (nat to nat). So I requested an ARP table from our ISP router. The table shows that the non working IPs have a differect MAC address than the working IPs. Our ISP blames our equipment (CIsco ASA 5510) for this. I spoke to Cisco support. They looked at our configuration, and tested it. They say our configuration is correct and the ISP's equipment is doing it.
IPSMAC address*.*.*.5*.*.4cd8*.*.*.4*.*.4cd8*.*.*.3*.*.4cd8*.*.*.2.*.*.4cd8*.*.*.204*.*.4cd8*.*.*.205*.*.4cd9
As you can see above, the IP ending in 205 has a different MAC address ending in 4cd9. It should end in 4cd8. This seems to happened randomly with all IPs. Like if I restart the ASA. Some of the IPs will not work, and will show a different MAC address.We then have to wait a couple of hrs for them to start work again.
how big the NAT tabel for a PIX515E is? how many entries can it have?
View 10 Replies View RelatedWe have Cisco 1921 routers that a provider is using for MPLS. They have it configured so that all internet trafic is passed to an internal ip address that is our proxy server. However, they are pushing all of the routing rules down to the workstation which is causing the local route tables to grow to be massive in a very short time.
For example, the second I ping a website, the ip address is resolved and then the route is added for the source ip address with the default gateway of the proxy server.
Is this normal? I would have thought that all the rules would have been handled by the router and let it keep the table entries.
If I have understand correctly, the IP address - mac address matching was made with the arp table of a cisco acces switch if it will made the L3.
My access switch wasn't used for L3 routing, only L2
It's possible to set user track to use the arp table of a firewall or a router for made this matching ?
What is the size of the routing table in the 800 series?
View 1 Replies View Related