Showing Your firewall has a version number null which is not supported by ASDM 6.2(5). I received this error when trying to run asdm on my asa 5505. I upgraded image and asdm trying different versions. I used many different versions of java all to no avail.
View 4 RepliesThis is the second one of the new ASA 55.5X series appliances where I have seen this issue:When I SHOW VERSION, I can see the serial number displayed. However, this does not match the serial number from the sticker affixed to the outside of the chassis.This makes it confusing on opening TAC cases and for updating licenses.
View 8 Replies View RelatedI need to fullfill the below configuration which is working fine on my actual D-Link Netdefend firewall.
We have a range of IP assign by our ISP : 194.250.47.128/29
194.250.47.129 is the firewall IP and 134 the isp gateway.
We have 4 interfaces
- The local user interface: lan =192.168.170.1/24
- The servers interface : dmz =192.168.171.1/24
- The database interface : oracle=192.168.169.1/24
[Code]...
What anyconnect version do I need on a 5505 so i can have people connect via iOS devices? Right now I have "anyconnect-macosx-i386-2.5.1025-k9.pkg" on there, will that work for iOS devices?
View 7 Replies View RelatedASA 5505 Version 8.2 or older nat (inside) 1 10.0.0.0 255.255.255.0nat (INTF4) 1 10.0.4.0 255.255.255.0nat (INTF5) 1 10.0.5.0 255.255.255.0nat (INTF6) 1 10.0.6.0 255.255.255.0nat (INTF7) 1 10.0.7.0 255.255.255.0global (outside) 1 209.165.200.235-209.165.200.254 netmask 255.255.255.224global (outside) 1 interface
I believe this setup does the following. The inside interface and interfaces 4,5,6,and 7 will translate using this line....
global (outside) 1 209.165.200.235-209.165.200.254 netmask 255.255.255.224
and if the addresses run out is will start using the ouside interface IP address to translate, so traffic is not disrupted and is based on the line of configuration.....
global (outside) 1 interface
My question, does it do this because of the order of the configuration..
global (outside) 1 209.165.200.235-209.165.200.254 netmask 255.255.255.224global (outside) 1 interface
or would it do it that way even if it was like this?
global (outside) 1 interfaceglobal (outside) 1 209.165.200.235-209.165.200.254 netmask 255.255.255.224
and if so why?Now let's convert the above configuration to ASA 5505 Version 8.3 or newer.
object network OUTSIDE-NAT-POOLrange 209.165.200.235 209.165.200.254object network INTERNAL-SEGMENTSsubnet 10.0.0.0 255.255.248.0nat (any,outside) dynamic OUTSIDE-NAT-POOL interface
My question is how does it know to use the outside interface as a backup when the OUTSIDE-NAT-POOL is depleted?Also why do I need to define the INTERNAL-SEGMENTS ? Doesn't the "any" in the (any,outside) take care of that?Also wouldn't the "any" in (any,outside) cover interface 3 or DMZ which could be an issue?
I have a ASA5505 and currently running Version 7.2(4). I was wondering what the latest version of the software would available to me would be.
Here's a show ver
Cisco Adaptive Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)
Compiled on Sun 06-Apr-08 13:39 by builders
System image file is "disk0:/asa724-k8.bin"
Config file at boot was "startup-config"
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
I've have an ASA 5505 with a inside network vlan1 (192.168.0.0/24) - i've configured an IPsec VPN profile and a VPN network of 192.168.0.50/24. I can through my VPN tunnel access inside hosts on vlan1 - but not ASDM on the ASA (192.168.0.1). Under management i've added the VPN network of 192.168.50.0/24 to have access to ASDM, but still does not work.
View 1 Replies View Related I'm trying to configure UC-Proxy using an ASA 5505 with software version 8.0.4.I was following the instructions in DOC-5704 and ASA 8.0 CLI.I don't have USB security tokens in UC solution, instead I'm using IP phones Cisco 7961 with MIC.I configure all the items as the documentation says but when I restart the phone outside the Firewall, the 7961 don't registrate with the Call Manager.Checking the troubleshooting I found that it's possible certificates problems but I don't know if I need to do something in phones.
I would like to know if there is any consideration when the UC proxy works just with MIC.The outside phone is a Cisco 7961 configured with static IP address and TFTP address of Call Manager (static NAT in ASA).
I want to be able to gather some time metrics based on source IP, and destination port. Is it possiable to track how much time a user spends using a service based on it's port number. I have figured out how to capture all the data, and I can then look at timestamps, but I would like a better way if possible. Can this be done at the firewall, or do I need a different appliance?
View 1 Replies View RelatedI just upgraded my firewall to ASA 5505. Now, my original static ip address cofiguration is gone. Apperantly, Cisco went away from static ip address to something like nat (inside,outside) dynamic interface. how to create a static ip address under version 8.4? By the way, I am sharing what my configuration used to look before upgrading.
!
hostname cisco-asa
domain-name default.domain.invalid
names
!
interface Vlan1
nameif inside
security-level 100
[code].....
I am now going to configure IPSec VPN connection for Cisco ASA 5505 (Version 8.4)
View 3 Replies View RelatedI have upgraded an ASA 5505 to 9.0(1) as I would like to use ipv6 version of dhcprelay. That said, I am unable to obtain a global unicast address but the link-local address is able to communication with the ISP's gateway/DHCP provider which I hope will allow v6 dhcprelay provide internal clients with IP's from the ISP. Trouble is, unsolicated inbound ICMPv6 messages from the ISP's gateway are being dropped on the way into outside interface.
%ASA-3-313008: Denied IPv6-ICMP type=129, code=0 from fe80::201:5cff:fe3b:3c41 on interface outside
%ASA-3-313008: Denied IPv6-ICMP type=131, code=0 from fe80::201:5cff:fe3b:3c41 on interface outside
%ASA-3-313008: Denied IPv6-ICMP type=131, code=0 from fe80::201:5cff:fe3b:3c41 on interface outside
[Code]...
At my work when I click on Network it immediately shows a full list of all the computers on the network. There's probably about 100. At home when I click network it takes like 30 seconds to do some scan and show like 3 computers. What's the deal?
View 3 Replies View RelatedI have a cisco 5520 running as IPsec concentrator. On the ASDM homepage is shows like 31 VPN connected. But if I go to Monitor > VPN is show only 18. Then if I use SSH using sh crypto command it shows the same number as on the Monitor > VPN sections. I am running 8.3(1) and ASDM 6.3(1).
View 8 Replies View RelatedI wanted to know the maximum VPN client sessions (using the Cisco VPN client) and Site-to-Site VPN tunnels that I can connect to my ASA 5505 simultaneously.
In other words, if I have x VPN clients and y Site-to-Site tunnels, at any time, does x + y have to be <= 10 (Total VPN Peers)? If yes, can I upgrade to the security plus license to increase the Total VPN Peers to 25?
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
[Code]...
Is the Cisco IOS version specific to the number of ports?IE, would a 24pt 2960 switch use the same IOS version as an 8 pt 2960 switch? Or is there a different IOS for each number of ports?
View 5 Replies View RelatedI have configured the following access-list on routers fa0 interface (i am using 1801)
access-list 111 permit ip any any log
and applied it in "in" direction on Fa0 interface.
Now when i am sending ssh packets to this interface its showing below
*May 14 05:09:00.104: %SEC-6-IPACCESSLOGP: list 111 permitted tcp 172.18.128.2(0) -> 172.18.128.146(0), 1 packet
why its not showing any port number ?
I am trying to find out what version my router is, all it has on the model number is "WRT54GS" no version number attached to it.
View 8 Replies View RelatedI have an WAP54G Acces-Point.The current firmware version on the acces point is: V1.06,Feb 18 2003 This is very old.I see that new versions are available. Only for te right hardware version.There is the problem, the harware version is not printed on de backside of the access-point.
View 5 Replies View RelatedIn January 2012 I bought a Linksys E4200v2. I am trying to download a firmware version upgrade and it wants to know what hardware version I have. The top of my router (where the model number is displayed), only has E4200. I have looked through my receipts, the box it came in, and anything else I can find to do with the router - they all have the E4200v2. In case the 'v2' portion is for the hardware version, I do not want to download the wrong firmware version and end up with a router that doesn't work
View 4 Replies View RelatedMy router is the WRT160N, and it doesn't display the version number on the bottom which according to your website means my router is a VERSION 1.SO, why is it that my router says it has:
Firmware Version: v1.53.0 Dec 19, 2007
And the latest firmware is
Firmware 11/08/2010 Ver.1.02.11
That looks like an EARLIER firmware version to me judging by the firmware version yet it is dated later. **bleep**. If you want, I can upload a photo of my router's model no. for all to see.My question is, am I safe to 'upgrade' to this 'earlier but dated later' firmware version or not? Why is mine showing as having a later version.
I am trying to find the serial number on the CLI that matches the serial number sticker on the back of a WS-C2948G-GE-TX switch that runs CatOS. I am running code cat4000-k9.8-3-2-GLX.bin. I have 4 different switches and all the stickers have a serial that starts with JPE.. and both "show version" and "show sprom 1" and "show sprom 2" gives me a completely different serial number that starts wtih JAE... All of these serial numbers I get from the CLI match with each other. The command "show sprom chassis" says "Feature not supported."
Is it possible to find the serial number that matches the sticker from the CLI on a 2948G? Why does Cisco make this so confusing?
provide me with the important links which can show me how to do the software upgrade for my ASA 5520 ver 7.0(1) to ver 8.4 ? as well as the ASDM
View 10 Replies View RelatedI am facing a strange issue with OSPF configuration. i have a server in DMZ and ports 22 & 9202 are opened. when some one does a telnet on port 22 it works and the same can be seen in sh ip cache flow command, but when we do a telnet on port 9202, the dest int is showing as NULL. i have OSFP & BGP configured on the same router and redistribution is also enabled.
MPLS Router (BGP & OSPF running) --> FW (DMZ int is configured, OSPF running) --> LAN (Inside, OSPF running).
when i execute sh ip ospf command on MPLS router, i couldnt see any route with Null interface. from MPLS router i am able to telnet on port 22 but not on 9202. also no packets hit my FW and the dest int shows as Null in sh ip cache flow command. but when i do a telnet on someother port, i can see the packets hitting my FW. why only traffic to that particular server on port 9202 is getting blcoked? also why the packets are hitting NULL interfcace when it desnt exists?
i am using Cisco ASA 5510 with ASA Version 8.0(4) and memory 256MB. me to Upgrade it to 8.3
View 6 Replies View RelatedI am running WLC 5508 and WCS version 7.0.98. We are noticing with some of our handheld devices that have Sychip Wireless cards that they constantly have issues communicating. The error I see on the WCS side is shown below:
Client '00:0b:6c:2f:d0:32 (0.0.0.0)' failed to associate with interface '802.11b/g' of AP 'HO-BRSales'. The reason code is '0(null)'.
How to know my asa 5505 Part Number
View 2 Replies View RelatedWe are planing on offering low end ASA 5505s as a customer offer to connect their network to our cloud as this is a business requirment. However, one of my colleagues is convinced that the license for the 5505 is *not* based ont he number of IPSEC endpoints, but the number of distince connections via *any* tunnel. So, according to him, if you have a license for 10 IPSEC endpoints, if you have 11 people connecting via *one* tunnel from a customer's network to our cloud, you go beyond your license.
View 1 Replies View RelatedI recently upgraded an ASA 5505 that has the Advanced Endpoint Assessment License to 8.4(3) and ASDM 6.4(7). Now there are no options in ASDM for adding AV, Firewall or AntiSpyware versions and definition levels etc? I have checked Host Scan Extensions and enabled 'Advanced Endpoint Assessment ver 3.5.3.1' however when I click configure and attempt to add any AV etc there are none to select - the 'Add Products' box is just blank.I have AnyConnect 3.0.5075, CSD 3.6.4021 and have tried with the integrated AnyConnect Host Scan image and with the standalone Host Scan image (3.0.5077) and the behaviour is the same ?
View 4 Replies View RelatedI have been using ASDM on a "Cisco Adaptive Security Appliance Software Version 8.2(5)" for a long time and in order to route packets among the interfaces without NATting the packets, I have always been using the function "Add NAT Exempt Rule" under "Configuration -> Firewall -> NAT Rules". Everything has always been working fine.
Now I am trying to use ASDM on a "Cisco Adaptive Security Appliance Software Version 9.1(1)" and I cannot find how to do the same operation: the "Add NAT Exempt Rule" option is no longer available and the only way to make the traffic passing through seems to be NATting it on the OUTSIDE interface.
where I am mistaking? My goal is to let the traffic passing through from the inside interface to the outside interface without being translated.
why I would be getting traffic on my outside interface that has a destination address which is not my assigned outside address? I recently set up my ASA 5505 on the network and gave it an available outside address of say 192.x.x.250 on interface vlan 100. When I assign vlan 100 to e0/0 and bring the port up, I start seeing lots of traffic pour into the ASDM Syslog with various destinations belonging to my subnet but that are not actually destined for my specific outside address of 192.x.x.250.They are showing a destination of say 192.x.x.85 or 192.x.x.29.
View 3 Replies View RelatedIs there any significance to the parameter "firewall-group" in the command
firewall vlan-group <firewall-group> <vlan-id>…<vlan-id>?
In other words is the series of commands
firewall switch 1 module 3 vlan-group 1,2
firewall vlan-group 1 100,101,102
firewall vlan-group 2 200,201,202
exactly equivalent to
firewall switch 1 module 3 vlan-group 3
firewall vlan-group 3 100,101,102,200,201,202
or
firewall switch 1 module 3 vlan-group 1,2,3
firewall vlan-group 1 100,200
firewall vlan-group 2 101,201
firewall vlan-group 3 102,202
All three of these options associate the same set of vlans to the FWSM but using different groupings. As far as I can tell, these groupings have no functional significance either on the switch side or the FWSM side. These are simply three different ways of specifying exactly the same thing? Am I correct?
I want to configurate cisco ipsec vpn client at asa 5505. At my asa the software version is 8.4. Any link or some material to config ipsec vpn client at asa 5505 version 8.4.
View 1 Replies View Related