What are considered the best practices for monitoring ASA's--specifically the 5510 with Sec+ License.
My current monitoring application keeps reporting issues with outbound interface buffers being too high, but there are not any performance issues and I believe the thresholds are just set absurdly low.
i have a couple of ASA 5510 in Active/Failover configuration. Failover LAN is configured on management0/0 e the ASA are connected with a back-to-back direct cable.
ASA has an interface in access mode inside with standby ip address and show failover is compliant with expected result in show failover (Normal)
ASA-PRIMARY# sh failover Failover On Failover unit PrimaryFailover LAN Interface: LANfailover Management0/0 (up)Unit Poll frequency 1 seconds, holdtime 15 secondsInterface Poll frequency 5 seconds, holdtime 25 secondsInterface Policy
[Code]....
I am using ASA 5510 Firewall and i have established VPN tunnels too , now i want to Monitor the bandwidth utilization , i have installed PRTG Monitor application and want to add the firewall , how to enable the SNMP in ASA .
View 1 Replies View RelatedI'm currently implementing Microsoft System Center 2012 Operations Manager, the curent stage of the project is to add the network devices to SCOM via SNMP in order to monitor them, I am able to add them all and monitor; however, my ASA 5510, although SCOM discovers the ASA via SNMP and adds it to the network monitoring list, it loses SNMP connectivy every 30 minutes, and 15 later it reconnect with SCOM, then after another 15 minutes it loses the connection again, and so on and so for.
View 1 Replies View Relatedi am looking for the best practices when using a Cisco ASA 5505 to provide NAT and protect my inside network from the outside.
I have the inside security level set to 100 and the outside set to 0, want other features can be used to protect the network from the Internet, am assuming that the security levels will ensure no traffic comes from the outside to the inside unless there is a rule that allows it.
Would any firewall policies be required to increase the level of security?
I have a mail archiver (hardware device) in my network that I need to access to from the Ipad/iphone. There is an app for it but I have to allow the access on the ASA. I created an 'object' for the device and added a Static NAT entry for it, then added an access rule. Its not working so I am guessing I did it wrong. The device uses port 8000 which I also added to the object. correct commands, or using the ASDM works too.
View 1 Replies View RelatedI was trying to add an Access Rule then Nat rule, they applied ok then i lost connection to my ASA 5510.I cant ping device ip, i cant connect via console , only can acess via Management port, i have pasted Running config. [code]
View 4 Replies View RelatedI used to have this situation where I need to replace faulty ASA5510 (this FW did not failover to standby FW) with the new one.
But the problem is the new ASA5510 came with Base License only not with Security Plus License which is needed to allow this brand new device to be configure failover.
how do I pull out Security Plus License from old FW and switch it to new FW (Base License) and activate to Security Plus License.
On LMS 3.2 there was a way to disable the monitoring of Device Interfaces.Examples are ISDN30 Channels, which go up and down during calls. I could disable the channel monitor on the relevant device and only monitor the Circuit as this is the main device to monitor.I can not find the same option in 4.2.2
View 2 Replies View RelatedI have a Cisco 2821 and ASA 5510 as a VPN Router in my network.Our remote users are using Cisco VPN Client 5.0.07 and I need to monitor them on a server and keep their Connection Info to generate some reports for my manager.
View 1 Replies View RelatedI'm trying to monitor Tunnels activity. We want to gather statistics like bandwidth utilization per Tunnel and in the case of Remote Access also the user name associated with a tunnel. All this via SNMP
I've browse through the Cisco-IPSec-Flow MIB and found the TunnelTable, this seems to provide everything I need in Regards to Tunnels, I just need a tip in how to calculate or obtain the bytes Tx and Rx. I can obtain packets and Octets amounts but not actual bytes. Is there another OID I should be inquiring?
In regard to Remote Access I found the CRASSessionTable From here I can obtain the Group associated with the tunnel and I should be able to obtain the User name through the 1.3.6.1.4.1.9.9.392.1.3.21.1.1 OID, but I'm getting an UnSupported response when querying this particular OID.
What OID can provide the User name?
I know that Cisco Performance Monitor can in fact obtain all that info from the ASA so there must be an appropriate OID I can query to obtain this particular info.
How I can actively monitor the interfaces and overall status of 2 x ASA 5500s in an Active/Standby configuration?
I can setup monitoring of the interfaces on the Active member but I'm not sure how to manage the Standby member?
with LMS 4.1 Reporting in several areas it is possible with selecting devices to use 'Group Selector' (e.g. Syslog Severity Level Summary Report).Group Selector dynamically chooses devices in selected Group at Report runtime to get the latest devices.Not all Reports in LMS 4.1 provide this Group Selector, e.g. Best Practices Deviations/Discrepancies.Is that a bug? As DCR changes often (add/delete) we urgently need to dynamically perform reports to latest DCR-Population.
View 1 Replies View RelatedIs there a way I can generate bandwidth reports on Cisco PIX 535 ?
View 1 Replies View Relatedhow to configure ip sla monitoring on asa ver 7.0 (6) ?
View 4 Replies View RelatedWe have 3 3602Es connected to a 2504 WLC. I was wondering for best practices for antenna placement. They are all mounted on the side of a wall, near the ceiling (above everyone's head).
View 10 Replies View RelatedI'm looking for a document that states the best practices for WLC configurations (Management/Security/AP's..etc). I can currently only find the following document:URL
But this document has last been updated in 2008, in a few days that's almost 5 years ago, and we all know how quickly technology is evolving. 10Gb wireless is around the corner, with 1GB starting to go production now. This document also mentions the 4400 (which is end of life).
We have 2 5508 WLC's on site (5508-1 & 5508-2) and at the completion of this project we will have around 150 access points. We are also using WCS. 5508-1 is set as the primary/master controller. 5508-2 is the secondary controller, serves as backup if/when 5508-1 fails. All LAPs connect to 5508-1 by default, so 5508-2 is basically sitting there doing nothing. Is this the best way to take advantage of the resources that are available? Would wireless clients see improved performance if the access points were split between the two controllers? If we do split LAPs between the controllers should I make sure that all of the LAPs on a particular floor are connected to the same controller or does that matter?
View 7 Replies View Relatedsetup a WEP SSID on my 5508 controllers. THat being said, I have multiple sites with extremely old scan guns that only do 104bit wep. I plan on locally switching this SSID and using static WEP 104bit key with MAC authentication, and then ACLing to limit my inherent security issues/exposure once someone compromises my WEP key. [code]
View 4 Replies View RelatedI want to apply an authorization profile depending of the login username used, like assign the VLAN ID, so on a lab I created 2 rules, each of them using the System:Username field and then apply the Authorization profile with the correct VLAN to the user.Which one of the following configurations will be the best practice doing this if this condition will be applied for 300 users?? In my opinion, the best practice will be using the System:UserName condition on Authorization Network Access but I want to know what you think, do you agree??
View 0 Replies View RelatedI have an ASA 5500 Firewall. I need to figure out how to log all events using Port 25 to determine if there are any rogue devices on our network. I was trying to figure out how to do this via the Real-Time Monitoring (filter) but have had no success.
View 1 Replies View RelatedI am new to the PIX firewall. And recently implemented the PIX 506e in my network. I wants to know how we can monitor the system that is generating the more traffic on Network through Firewall.
View 4 Replies View RelatedI have a question regarding failover monitoring on the ASA5505 in an active/standby configuration.
I understand that on the 5505 you create VLAN interfaces and then assign the VLANs to the 5505 switchports. With failover configured on the 5505, the VLAN interface names are monitored. For example, VLAN 100 interface named Inside is assigned to ethernet0/1, switchport mode access. When issuing a show failover command the output will show the monitor status of interface Inside..
Does failover monitor the VLAN virtual interface only? Does failover also monitor the link status of the ethernet0/1 switchport?
We have one pair Cisco ASA 5505 located in different location and there are two point to point links between those two locations, one for primary link (static route w/ low metric) and the other for backup (static route w/ high metric). The tracked options is enabled for monitoring the state of the primary route. the detail parameters regarding options as below,
Frequency: 30 seconds Data Size: 28 bytes
Threshold: 3000 milliseconds Tos: 0
Time out: 3000 milliseconds Number of Packets: 8
[code]....
I'm not sure if the setting is so sensitive that the secondary static route begins to work right away, even when some small link flappings occur. What is the best practice to set those parameters up in the production environment. How can we specify the reasonanble monitoring options to fit our needs.
I am interested in gathering cumulative threat-detection statistics from an ASA running 8.3, and displaying number of attacks over time. I am already capturing traffic information via netflow, but am interested in getting threat information.
Is there a way to capture the statistics via SNMP or any other method?
I am trying to monitor my ASA 5505. This asa is connect via a ip-sec tunnel to our network. I have no problems with snmp monitoring devices behind the ASA, but when trying to monitor the asa itself I do not get a SNMP response.
View 2 Replies View RelatedWe are using MS System Center Operations Manager to monitor network devices. We are trying to monitor our Cisco ASA 5525-X firewall interfaces.
We have a generic management pack installed that seems to work for parts of the 5525. We can see performance info for IF-4 but none of the other interfaces.
Our Management Pack is a generic Cisco Adaptive Security Appliance Version 9.1(1) management pack.
Is there a management pack that is specifically for this Cisco firewall?
I have a 5520 ASA running 8.2(1) and ASDM 6.2(1). The ASA has been running for 223 days without issue. Today it stopped showing real time status on the Device Dashboard from within ASDM. All of the graphs state "Lost connection to Firewall."I try to manually reconnect but it will not. I have tried on a couple different computers and cannot get the monitoring connection to work.It is a very busy firewall and I will have to schedule for a restart (which I was thinking of doing) even though I do not see a memory issue as per snip below. I don't want to restart unless it is the best option.
View 13 Replies View RelatedLENOVO G580 - i5,4gb ram, 500gb harddisk , network adapters- atheros ar8162 pcie- fast ethernet controller, broadcom 802.11n network adapter.i am using quickheal total secutity for a total antivirus protection.My problem is that whenever i connect my laptop using a d-link crossover cable to connect to my desktop the connection establishes successfully but on browsing or copying data the system gives a bsod error.initially i didn't got a clue as to what causes the error but then i figured out that uninstalling q-heal solves the problem an reintalling it again causes the same problem.ive tried using different versions/products of qiuckheal but all end up generating a blue screen error.not only this , whenever i use a software that has some thing to do with network like monitoring appliction wise bandwith or something it also ends up in bsod.
View 5 Replies View RelatedI have a lan2lan between my asa 5510 ver 8.3 and another device, see the attached scheme. The other side would like to reach all my local lan via telnet from their PC-A. They can actually reach the devices inside the lan e.g. 192.168.1.1 and .2 but NOT the .10 that is the ASA itself. Note that I've added the line telnet 192.168.2.0 255.255.255.0 outside but nothing.
View 2 Replies View RelatedAttached are the configuration files for the devices in question. I have a 5510 that belongs to my company and a 5505 that belongs to another company. The 5505 sits behind the 5510 and is able to connect to the Internet. My thought was that VPN access should be a trivial pursuit. I was planning on just giving the admin at the remote office the public IP address that's natted to the 5505 and all would be good.
View 7 Replies View RelatedWe have plans for multiple ISPs and need to pick the correct device/architecture for that. single site: 3 ethernet hand offs (1 From ATT Fiber/10Mb pipe via their managed router, another one from ATT via Copper T1 via a separate circuit & managed router and the 3rd/last from Cable Modem/Comcast)
1.WAN hand off from another ISP from I will use ASA 5510 (already have) to use all the above 4 as inputs and then use the internal interface of the ASA 5510 as the default gateway for all the employees to browse the internet etc. so that1. If one one or more of the ISP lines die, we continue to operate (albeit lower bandwidth)
2. Also, we take advantage of the added bandwidth (even though it may not be the arithmetic sum of all the above).
I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
[Code]......