Cisco Firewall :: Access Of Asa 5510 In Standby

Feb 28, 2013

Is there a way to access the asa in a failover pair that is in standby mode from the primary asa? IE I am logged into the primary asa via command line and was hoping to access the other asa from here.

View 1 Replies


ADVERTISEMENT

Cisco Firewall :: 5510 - Standby ASA Keeps Crashing

Feb 13, 2012

I have 2 x 5510's in active/standby mode, things look fine until the active one needs to be failed over and I realize the standby one is dead.  I never notice as the lights on the ASA look good, I only nice as I can't telnet or console onto it, how can I debug this issue?

View 1 Replies View Related

Cisco Firewall :: ASA 5510 Active And Standby Failover

Apr 18, 2012

i read that you need only one L-ASA5510-SEC-PL for setting up a Active/Standby Failover. I installed the license on the 1st ASA and tried to setup the failover via the ASDM wizard. It always fails, because the 2nd device can't have a 'base' license.So does this mean, i really need another license?

View 5 Replies View Related

Cisco Firewall :: 5510 - ASA Active / Standby Configuration

Jun 4, 2012

I currently have a LAN-based failover setup between two 5510s. The failover link is a crossover cable. In the current setup, if I unplug the crossover cable both units become active. From what I understood from Cisco documentation, each unit should mark the failover interface as down and there shouldn't be any failover. That's exactly how I want this setup to work.

View 5 Replies View Related

Cisco Firewall :: ASA 5510 Dual ISP Active / Standby Fail Over

Apr 2, 2013

I have a dual ISP, 1 primary and 1 secondary terminated on fa0 and fa2 on our ASA respectively. ASA was configured so that, when the primary fails, the secondary kicks in.  [code]
 
It was until yesterday that we experienced downtime on the primary ISP that the secondary doesn't do the fail-over. I have to manually configure the device to use the secondary ISP. Currently, I'm looking at maybe this has something to do with the licensing.We are currently using a Base License, should we be upgrading to Security Plus?

View 10 Replies View Related

Cisco Firewall :: ASA 5510 - Setting Up Active And Standby Firewalls

Oct 14, 2011

I have a 5510 ASA and have been given another an told to make them active and standby.  Basically the active one is working great but the second one has no config on it apart from the default one, but is the same firmware level.  I guess I need a crossover cable, and what happens with the inside and outside interfaces, would they need to go into a vlan on a switch, one inside vlan where the 2 firewalls inside interface go into and another vlan for the outside?  Otherwise if it failsover to the standby ASA the inside and outside interfaces wouldn't work. 

View 4 Replies View Related

Cisco Firewall :: 5510 Active / Standby Failover Errors

Jan 25, 2012

I just added a new 5510 failover unit to an existing 5510 and when connecting my new outside interface on an Active/Standby firewall pair, i get errors messages (red x) on each port scan (monitor & syslog) although the error message indicate all ports are good...additionally the firewalls flip between active and standby non stop. I remove the new standby unit outside interface from a shared switch and everything clears up.

View 1 Replies View Related

Cisco Firewall :: 5510 - AnyConnect Client Profiles Not Replicating To Standby ASA

Jan 18, 2012

We have 2 ASA 5510's running in a Active/Standby configuration.  It appears that most of the changes we make on the active unit are replicated to the standby unit.  However, there are 3 AnyConnect Client Profiles on the active unit and none of them show up on the standby, the standby has no AnyConnect Profiles.  We also have 1 OnConnect script on the active unit and it does not appear on the standby unit either.
 
I was under the assumption that all config items on the active unit would replicate to the standby.  Is this not correct?  Do I need to do something extra to get everything replicated?  Are there other items that do not replicate? 

View 3 Replies View Related

Cisco Firewall :: 5510 Setup In Active / Standby Failover Configuration

May 8, 2012

We have 2 ASA 5510's setup in an active, standby failover configuration. When the primary fails over to standby, the 3rd party cert does not failover to the standby ASA. The users then receive the CERT missing, invalid message and have to select yes, no to move on. This does not occur when the primary is not in failover mode. It is my understanding that failover fails over certs but in our case it does not apper to be working correctly.

View 1 Replies View Related

Cisco Firewall :: Primary ASA 5510 Turns To Standby When Both Units Power Up

Mar 22, 2011

I have three pairs of ASA5510 firewalls, each pair configured as a failover pair. When each pair boots up, even if I boot up the primary first, when they are both up and the primary/active syncs to the secondary/standby, the primary always switches to standby and the secondary thus becomes active.
 
What would cause this?  It happens on all three pairs. Does failover look for the highest ID or IP address to determine which of the pair will be active?

View 1 Replies View Related

Cisco Firewall :: ASA 5520 8.0(5) Write Standby Causes Standby Interface Down / Up

Sep 22, 2011

last night I started upgrading our ASA5520 active/standby cluster. Because of lack of memory, I stopped the upgrade process and will continue when the memory modules have arrived... Currently I'm running 8.0(5) on both nodes (Version: Ours 8.0(5), Mate 8.0(5))Whenever I use the "write standby" command on the active ASA, the passive ASA seems to drop it links for a short while. [code]

View 4 Replies View Related

Cisco Firewall :: Can't Access PIX 535 Console (in Failover Standby Status)

Jun 14, 2011

we have two pix535 one is ur other is FO license.
 
once a time i found can't access FO pix535 console, i'm sure console cable is ok. when i unplug failover serial cable from FO pix535, i can access pix 535 console.

View 3 Replies View Related

Cisco VPN :: ASA 5510 - SSL VPN Shared License In Active / Standby?

Oct 4, 2012

I recently picked up two ASA5510s (ASA5510-SSL50-K9 & ASA5510-SEC-BUN-K) with intentions of creating an Active/Standy configuration. I'm receiving the error message "Mates' license (2 SSL VPN Peers) is not compatible with my license (50 SSL VPN Peers)", but I was under the impression that I didn't have to buy idential SSL VPN licenses post 8.2 in an Active/Standby configuration.  am I missing a step that enables the license transfer(sharing?) feature to work correctly before the failover will build correctly?

View 6 Replies View Related

Cisco WAN :: 5510 - Configure Load Balancing 2 Switches And Active / Standby On ASA?

Jan 26, 2012

now i have some problem on Cisco Switch 3750 and ASA 5510, i would like to do loandbalancing on Cisco Switch 3750 and Active/Standby on ASA 5510.

which topology that we can use on this diagram, i mean which protocol connect  3750(2unit) to ASA 5510(2unit) and ASA 5510 to 3750, which protocol 3750.

View 6 Replies View Related

Cisco Firewall :: ASA 5510 - Users Unable To Access Internet Through Firewall

Feb 26, 2013

I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
 
HQ-ASA-01# show  running-config
: Saved
:

[Code]......

View 9 Replies View Related

Cisco Firewall :: How To Configure Firewall Access For ASA 5510

Nov 4, 2012

This is my first time to use the Cisco ASA 5500 family. I have a request from a user to create an access rule, to allow all LAN traffic to Destination IP address 165.241.29.17, 165.241.31.254 with Destination TCP port 5060,5061,5070 and UDP port 50000-52399.

View 9 Replies View Related

Cisco Firewall :: Monitoring ASA 5505 Firewall Active / Standby Pair Using SNMP?

Sep 7, 2011

How I can actively monitor the interfaces and overall status of 2 x ASA 5500s in an Active/Standby configuration?
 
I can setup monitoring of the interfaces on the Active member but I'm not sure how to manage the Standby member?

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Cannot Access To Dmz From Outside

Jun 26, 2012

I have a new ASA 5510 firewall, the objective is to set up a DMZ zone. my problem is I can't access to the web server in the DMZ from outside
 
DMZ ==========> outside OK 
INSIDE ==========> DMZ OK 
DMZ ============> Inside OK 
OUTSIDE ==========> DMZ  NOK "FAIL"
  
I put in attachment the running-config file.

View 6 Replies View Related

Cisco Firewall :: ASA 5510 - Cannot Access Asdm

Oct 5, 2012

Recently powered down device (transformer overhaul) and when it booted back up, unable to access with ASDM, SSH...can access directly using HyperTerm, but have only limited commands...will not accept known user/password credentials. When I issue 'show flash' I can see that there are upgrade_startup_errors.log files, but cannot access them.

View 5 Replies View Related

Cisco Firewall :: ASA 5510 - Get Internet Access From DMZ

Nov 14, 2011

I can't seem to get internet access working from the DMZ network through our ASA 5510. PCs on the DMZ can ping the ASA but can't get out to the internet.I will attach a (cleaned) configure.

View 3 Replies View Related

Cisco Firewall :: SSH Access On Outside Interface On ASA 5510?

Oct 5, 2012

I need the ssh access on my ASA outside interface and have added
 
ssh ipremoved 255.255.255.255 outside access-list acl_outside extended permit tcp host ipremoved any eq 22 but this is the log i get from ASA
 
Oct 06 2012 16:10:04: %ASA-3-710003: TCP access denied by ACL from ipremoved/39884 to outside:ipremoved/22
 
Cisco Adaptive Security Appliance Software Version 8.2(5) Device Manager Version 6.4(5)

View 7 Replies View Related

Cisco Firewall :: No Internet Access On ASA 5510?

Oct 29, 2012

I can get access to the internet from the ASA 5510 itself and that is confirmed via pings. However, anything behind the ASA does not have internet access, on any VLAN/sub-interface. I've attached my running-config.

View 2 Replies View Related

Cisco Firewall :: ASA 5510 Need To Allow Public IP (OWA) Access To DMZ

Mar 3, 2013

I have DMZ n/w 192.166.0.0/24 on which i have nated on public ip
 
-private ip : 192.16.0.201 (OWA)
-public ip : 61.x.x.x.
 
when i try to access owa(public ip ) from dmz it is not allowing , From what rules i need to set to get work ASA 5510 8.2

View 13 Replies View Related

Cisco Firewall :: Getting Internet Access On ASA 5510

Feb 27, 2012

the set-up is: a DSL modem in half bridge (it does all the PPPoE connection) passes our static IP (55.167.x.x) to the ASA's outside interface ... (the modem has an IP of 192.168.1.1, but not sure this matters)
 
then I have one inside interface on 192.168.43.1, which connects to a server and we have a working site-to-site VPN between this server and a client.. so I know most of it's set up right ... nothing else is on the 192.168.43.0/24 network.
 
the management interface is on 200.200.1.0/24 so it's out of the way and incidentally connected to a dedicated PC, which also has console access via the blue serial cable.
 
the last interface Main_Network is on the 192.168.0.0/24 network and it's this that I'm trying to get to work... at the moment I just have one Windows PC connected directly (does it need to go through a switch?) into the ASA for testing with a static IP (192.168.0.72), but I can't ping anything outside from the PC... only the ASA's interface (at 192.168.0.30).. I have the gateway on the PC set as 192.168.0.30 by the way.
 
The ASA can ping all the inside machines and anything I like outside.
 
Here's my config ... the static routes are there for when this replaces the current modem/router and the whole network plugs into the ASA.
 
ciscoasa(config)# show running-config
: Saved
:
ASA Version 8.2(5)
!
hostname ciscoasa

[Code]......

View 4 Replies View Related

Cisco Firewall :: ASA 5510 8.4 DMZ Cannot Access Internet

Dec 1, 2011

I lost the ability for my Web server (or any servers in the DMZ) to access the Internet. However, the Web server is still being used fine from the Internet. Here is my config
 
ASA Version 8.4(2)
!
hostname xxxx
domain-name xxxxx
enable password xxxx encrypted
passwd xxxx encrypted
names

[code].....

View 3 Replies View Related

Cisco Firewall :: ASA 5510 - Cannot Access Web Server

Mar 23, 2013

I bought ASA 5510 about a week ago, very basic configuration and my priority was and still to get access list inbound the outside “Security Level 0 “so I can access my web server from the cloud but unfortunately I could not make it work (((TCP access denied by ACL from 92.40.X.X/52511 to outside:81.108.X.X/80))). ••à>> 92.40.X.X is a pc from the cloud that I used to access my web server and the 81.108.X.X is my public ip address My recent Conf is as follow:

Nat Section:
==================================================================================
Dynamic:
nat (inside,outside) source dynamic any interface <<<To have the PCs that inside the Network to have access to Internet>>>>

[Code].....

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Access Rules

Aug 13, 2012

When i create a rule and enable icmp in ASA inside to outside direction to testing purpose, but I can't ping outside address ,  

access-list ICMP extended permit icmp any any 
access-group ICMP in interface inside
 
LOGG:::
ping 8.8.8.8
%ASA-3-106014: Deny inbound icmp src outside:122.255.3.1 dst inside:202.124.160.1 (type 0, code 0)
%ASA-3-106014: Deny inbound icmp src outside:122.255.3.1 dst inside:202.124.160.1 (type 0, code 0)
  
then I have permitted icmp for return path then it works, configs and logs are followed,
 
access-list ICMP extended permit icmp any any 
access-group ICMP in interface outside
 
LOGG:::
ping 8.8.8.8
 
%ASA-6-302020: Built inbound ICMP connection for faddr 122.255.3.1/0 gaddr 202.124.160.1/14 laddr 192.168.1.1/14
%ASA-6-302021: Teardown ICMP connection for faddr 122.255.3.1/0 gaddr 202.124.160.1/14 laddr 192.168.1.1/14

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Static NAT For Outside Access Not Working?

Sep 19, 2011

I've got an ASA 5510 that has been working like a charm for some time now. Until now we've not had to nat any resources to the outside. I created network objects for an internal host and an external host. The internal host has to respond to requests on tcp/2001.
 
The internal host has no problem accessing the internet, but when I attempt to access the internal host from the outside, I get the following:
 
4    Sep 20 2011    16:20:33        fw_outside_ip    62678    outside_host    2001    Deny tcp src outside:outside_host_ip/62678 dst inside_host:inside_host_ip/2001 by access-group "outside_access_in" [0x0, 0x0]
 
When I try to use the packet tracer to simulate the outside traffic, I get the following
 
5    Sep 20 2011    16:17:41        inside_host    2001            Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src outside:outside_host/1065 dst inside_int:inside_host/2001 denied due to NAT reverse path failure
 
I've got over my NAT statement and access rule and can't find anything wrong with either.
 
Here are the pertinent NAT and access rule...
 
static (inside_int,outside) tcp interface 2001 inside_host 2001 netmask 255.255.255.255
 
access-list outside_access_in extended permit tcp host outside_host host inside_host eq 2001

View 5 Replies View Related

Cisco Firewall :: ASA 5510 / User Access To One Website Only

Apr 25, 2012

We currently have one Cisco ASA 5510 firewall at our mailn office. Our firewall does not let users access the internet. We currently have a web proxy that lets users access this. I need to let users access one website through the firewall without going through the firewall. I believe this is possible if I use dynamic NAT.

View 1 Replies View Related

Cisco Firewall :: Allow Outside Access To Inside Device Using ASA 5510?

Apr 22, 2013

I have a mail archiver (hardware device) in my network that I need to access to from the Ipad/iphone. There is an app for it but I have to allow the access on the ASA. I created an 'object' for the device and added a Static NAT entry for it, then added an access rule. Its not working so I am guessing I did it wrong. The device uses port 8000 which I also added to the object. correct commands, or using the ASDM works too.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - ASDM Access From Specific IP

Jan 24, 2013

I do have one other question first.  What's the effect of the crypto key zeroize rsa command, and then crypto key generate rsa modulus 1024 while I'm SSH'd to the ASA?  Can I do it?  Or do i need to be consoled in or connected a different way?
 
ASA 5510:
ASA Version 8.4(1)
asdm image disk0:/asdm-641.bin
asdm history enable
http server enable
http 10.1.1.83 255.255.255.255 inside
http 10.1.1.82 255.255.255.255 inside

Shouldn't that right there be enough to access ASDM from either host .82 or .83?  Because I cannot.  But if I add http 0.0.0.0 0.0.0.0 inside, then I of course can.

View 2 Replies View Related

Cisco Firewall :: 5510-K8 Why Can't Access Same Websites On Restricted PC

Nov 18, 2012

Has ASA5510-K8 as firewall, has access rules setup for restricted PCs: [code] permitOn those PCs, users can only browse the websites that are in favorites, but some of them are working, some are not.Test on unrestricted PC, websites that can’t be accessed from public PCs can be access on regular PCs , either by address or IP.Checked GPO setting, don’t see anything wrong there.

View 4 Replies View Related

Cisco Firewall :: ASA 5510 Ssh Access After Nessus Scan

Apr 20, 2011

I have an 5510 running 8.4(1) I can ssh into the system with no problems until I scan the device with Nessus security scanner. After that I just get timeouts from the client when I try to connect and the only way to fix the problem is to reload the device. I have included 2 syslog dumps one showing ssh into the device before(working) the scan and one after(not working).I do not have any acls on that int and I have turned off basic threat detection. The devices is still running I can login via the serial console and via ASDM it just appears ssh is someone shutdown or hung.
 
WORKING

4/21/2011 11:33:43 AM    192.168.11.108    Debug    %ASA-7-609002: Teardown local-host testing:192.168.65.106 duration 0:00:104/21/2011 11:33:43 AM    192.168.11.108    Informational    %ASA-6-302014: Teardown TCP connection 50 for testing:192.168.65.106/4462 to identity:192.168.11.108/22 duration 0:00:10 bytes 3691 TCP Reset-O4/21/2011 11:33:43 AM    192.168.11.108    Informational    %ASA-6-315011: SSH session from 192.168.65.106 on interface testing for user "test" terminated normally4/21/2011 11:33:40 AM    192.168.11.108    Informational    %ASA-6-605005: Login permitted from 192.168.65.106/4462 to testing:192.168.11.108/ssh for user "leeh"4/21/2011 11:33:40 AM    192.168.11.108   

[code]....

NOT WORKING

4/21/2011 12:38:17 PM    192.168.11.108    Informational    %ASA-6-302014: Teardown TCP connection 86 for testing:192.168.65.106/1954 to identity:192.168.11.108/22 duration 0:05:01 bytes 0 Connection timeout4/21/2011 12:38:17 PM    192.168.11.108    Debug    %ASA-7-609002: Teardown local-host testing:192.168.65.106 duration 0:05:014/21/2011 12:33:15 PM    192.168.11.108    Debug    %ASA-7-609001: Built local-host testing:192.168.65.1064/21/2011 12:33:15 PM    192.168.11.108    Informational    %ASA-6-302013: Built inbound TCP connection 86 for testing:192.168.65.106/1954 (192.168.65.106/1954) to identity:192.168.11.108/22 (192.168.11.108/22)

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved