Cisco Firewall :: Best Practice For Log Configuration And Backup In ASA5505

Feb 20, 2011

I like to take log backup in ASA.. and i like to check whether any attack pattern is there?? how could i do this...?Also how could i do a best practise for this?

View 12 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5505 Backup ISP Configuration

Jun 13, 2011

I'm having problems configuring an asa 8.2(1) with a backup isp.  I followed the asdm instructions in this document: [URL]
 
I have my backup interface configured as DHCP and the static routes set. Pinging the gateway and other external IP address from the backup interfaces works normally. I have also tried configuring the backup interface as a static address but got the same results.
 
When removing the primary wan link, all traffic stops. When I ping a external DNS, I get these errors in the log: portmap translation creation failed for udp src inside: 192.168.13.23 dst backup:208.67.222.222_type 8, code0)
 
I though this type of error is related to a NAT problem, not sure where to look though.

View 4 Replies View Related

Cisco Firewall :: ASA 5505 - Backup ISP Link Configuration?

Jan 28, 2013

I'm working on setting up a backup link for our ASA 5505 and I've followed these directions:  [URL]
 
The backup ISP gives us a dynamic address, however, when I enable the backup ISP's interface on the ASA, my vpn tunnels drop. As soon as I disable the backup interface, the tunnels come back up. I'm attempting to configure this across one of these tunnels, so obviously this is an issue, as is the fact that other people need the tunnels as well. I'm not sure what I did to make this happen, but I've been over the config many times and can't see anything different from the instructions in the link above.
 
I thought it might be trying to route traffic across the backup interface, but my primary interface is tracked and has SLA running on it, so I would assume it wouldn't roll over onto the backup interface.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 Configuration Backup With Archive?

Nov 15, 2011

On our cisco 3750 switches we can take config backups with the archive command. After every "write mem" it rights the config to our backup server. We would like to do this also for our asa 5520 with version 8.2(2). I also searched in the command reference guide, but I can't seem to find the proper command to do it.

View 2 Replies View Related

Cisco Firewall :: ASA5505 Lose Configuration If Upgrade Firewall

May 17, 2011

i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.

View 2 Replies View Related

Cisco Firewall :: Object To Twice NAT Configuration ASA5505 8.4?

Dec 18, 2011

We have an ASA5505 that we need to enable hairpinning on.... In the old firmware versions, we used to be able to configure a public to private static mapping along with hairpinning by using
 
static (inside,outside) outside_ip inside_ip netmask 255.255.255.255
static (inside,inside) outside_ip inside_ip netmask 255.255.255.255
 
In 8.4, if I use object nat, the hairpin functionality works perfectly,
 
object network obj-insideip
  nat (inside,inside) static publicip
 
however, since object nat only allows a single nat statement, I was attempting to use a twice nat to enable the hairpin functionality, but have been unsuccessful in coming up with the right combination of parameters for the functionality.
 
nat (inside,inside) source static private_object public_object destination static public_object private_object
 
allows hairpinning to successully work from the same machine.  Meaning on any given host, I can ping itself using the private or public ip, but I can't get the right combination for hairpinning from any private host to another private host via the public ip.  Other combinations have yielded icmp responses, however, they specify the private IP as the source of the reply instead of the public ip.

View 1 Replies View Related

Cisco Firewall :: Best Practice For Configuring ASA 5505

Jun 6, 2011

I am planning on building the configuration on my ASA 5505, and then distribute that same configuration to several places on ASA5505's.

What is the best way to do this? Screen dumps of the ASDM. Copy the running-configuration from a text file into the ASA5505. TFTP the running-config.

View 2 Replies View Related

Cisco Firewall :: ASA5505 DMZ Configuration Versus Linksys E4200 DMZ

May 11, 2013

I am using a Cisco E4200 router today but I am moving to a ASA5505.   I have a device that sets up a VPN tunnel that I want to put in my DMZ.   It's called the ATT Gateway.  I have attached the diagram.   When I use a Cisco E4200 all I do is put the outside private ip address of 192.168.0.99 of the ATT Gateway into the DMZ of the E4200 and the VPN tunnel of the ATT Gateway comes right up. I cannot configure the DMZ to do the same with the ASA.   I also need to have the laptop behind the gateway access the printers in the inside network. 

View 15 Replies View Related

Cisco Firewall :: Trunk Configuration Between ASA5505 And 3750 Switch

Sep 28, 2011

I am trying to configure a trunk between the above two devices. I like to have vlan11 on ASA. Then I like to connect a host to my switch, and have it communicate with other devices in VLAN 11 or other vlans that reside on the ASA. Below is the config that I currently have.

ASA:
ciscoasa# show run interface Ethernet0/1
!
interface Ethernet0/1

[Code].....

View 5 Replies View Related

Cisco Firewall :: Restore Configuration To New ASA5505 On Different ASDM Version

May 27, 2013

so we have been using our current ASA5505 for a long time. Since it only support up to 10 VPN licenses, so we buy a new ASA5505-SEC-BUN-K9(support up to 25 users).
 
the old ASA are running: 8.0.3 and ASDM 6.0.3
the new ASA are running: 8.2.5 and ASDM 6.4.5
 
I thought it would be simple as export and import the config file, but when i tried to restore, the new one is looking for a zip file but the old one doesn;t backup file in ZIP. It  looks like i need to update the ASA version or/and ASDM?
 
I am pretty new to this and never upgrade any of these versions since I am aware of the upgrade may mess things up. So do I need to upgrade both the ASA version and the ASDM in order to restore my config?  any effect if i do the upgrade? I also read some articles, we need to upgrade on the version one by one, like 8.0 to 8.1 then 8.2?

View 4 Replies View Related

Cisco Firewall :: Possible To Convert Pix 501 Configuration Running Version 6.3(5) To New ASA5505

Jan 9, 2012

I am wondering if it's possible to convert a Pix 501 configuration running version 6.3(5) to a new ASA5505 which we just purchased? We have site to site VPN on this device and i am just trying to save some time. I believe Cisco TAC might have a tool to do this but i am not sure.

View 4 Replies View Related

Cisco Firewall :: ASA5505 - Configuration To Allow Inbound / Outbound Mail Communications

Dec 26, 2011

I’m trying to configure my ASA 5505, in order to allow my inbound and outbound mail communications. Here with this mail I’ve attached a diagram which illustrates my exact network setup along with ip addresses.

In this setup I’ve enabled port forwarding on my ADSL router (port 25 and 110) and configured the ASA accordingly, and my mail server is located inside my network.

My problem is currently I can send mails from my inside network to outside but my not receiving any mails which originate from outside. I’ve attached my current ASA configuration as well,

C:UsersSuthakarDocumentsOffice_DocsThakralABC Computers

Final config on ASA5505

host name Cisco
enable password 8Ry2YjIyt7RRXU24 encrypted
password 2KFQnbNIdI.2KYOU encrypted
names
!interface Vlan1
nameif inside
security-level 100
ip address 192.168.155.201 255.255.255.0
[Code] ......

View 3 Replies View Related

Cisco :: Backup Configuration On LMS 4.2

Nov 21, 2012

1)how can i backup the configuration on cisco lms 4.2 and to re-imported later when i re-install the lms 4.2
  
2)how can i change the admin password on cisco lms 4.2

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Backup Configuration On ACS 5.2?

Jun 8, 2012

How to backup the configuration on cisco acs 5.2 and how to restore it , if some thing wrong happened

View 7 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.x / How To Backup Configuration

Mar 10, 2013

Cisco ACS 5.x appliance?How to back up Config?What is best way, via TFTP? COPY Startup-config tftp:?COPY Running-config tftp:?I currently use Solarwinds CatTolls to back my Cisco Switches, can I use this for Cisco ACS also?

View 3 Replies View Related

Cisco :: LMS 4.2 Backup Configuration Of Devices

Nov 29, 2012

How to backup the configuration of Cisco devices managed by LMS 4.2 and store it in Folder , than restore it once it need it

View 10 Replies View Related

Cisco Switching/Routing :: How To Backup The Configuration Of ACS 5.3

Mar 15, 2012

how to backup the configuration of ACS 5.3 then restore it on the secondary ACS 5.3 Appliance in order to save time without configure the 2nd Appliance?

View 1 Replies View Related

Cisco Wireless :: Backup Configuration On WAP 5508?

Feb 5, 2013

how to backup a Cisco Wireless Access Point Controller 5508.

View 2 Replies View Related

Cisco :: Backup Of Configuration From Nexus Switches 5K And 7K

Dec 4, 2012

I'm busy on configuring the backup of the configuration from Nexus switches 5K and 7K.I have installed COPSSH on my windows server and try to confiugre the sftp credentials. [code] I have tested from the CLI from the switch and i have the issue but if i use the default vrf 'default' it works fine.How can i change the command sent by DCNM to the Nexus in order to specify vrf default and not vrf management ?

View 1 Replies View Related

Cisco :: LMS 4.0.1 - Device Configuration Auto Backup

Mar 6, 2012

Is it possible to create a job what automatically export the devices configs that are in the folder CSCOpxfiles medemushadow? It would be wonderdul if CW could export the .cfg files into a .rar and send in email or something like this.

View 1 Replies View Related

Cisco :: 5508 - NCS Configuration Backup And Restore Of WLC

Jan 10, 2012

I recently tested the process for a customer of defaulting a Cisco WLC to factory configuration and then restoring the configuration from Cisco NCS.  It was not seamless to say the least and I wonder if I have just gone about it the wrong way. 
 
Have have set the NCS platform to configuration sync with the 5508 controllers at 04:00 every day and prior to the controller defaulting I ensured that NCS also reported that the config was in sync. I have also set NCS to complete a tftp backup of the controller every night 23:00 - interestingly though I have no idea where this is stored on the NCS platform ( a VM appliance ) or what it's file name is.
 
Anyway my experiences where as follows:-
1.  defaulted WLC and via serial CLI ended up at the configuration wizard.
2.  Set the correct LAG, management IP, host name that NCS knew this controller by.
3.  To test things just created a dummy WLAN ( SSID ) as I assumed this would be overwritten ( big mistake ! ). 
 
At this point I connected the controller to the network and tried to restore the configuration from the config sync version.

First problem - you have to remember to set up the SNMP community string you were using as it is needed by the configuration sync process.  After adding this to the controller I could push the configuration to the controller.

Second problem - failed to add the first WLAN from the backup as I have added the temporary dummy W LAN via the wizard and NCS reported a conflict.  So had to delete WLAN ID 1 from the WLC GUI directly and then the config push no longer reported this error.

Third problem - for some reason did not add the TACACS server details - reported the error that it could not added them.  I manually added these via a template via NCS and all was well. 

Fourth problem - all but the first WLAN was in the disabled state - had to re-enable all of the WLANs. 

Fifth problem - any default items I had disabled or removed have not been saved - therefore I have removed the public and private SNMP communities - but these were still on the WLC after the restore.  I have disabled unused ports not in the LAG as they show an error in NCS - these where not disabled after the restore.
 
So all in all not a very satisfactory restore process from NCS to an defaulted WLC ( meant to simulate to the customer what would be needed if they had to replace a controller due to hardware failure ).

View 1 Replies View Related

Cisco :: User Privilege Level For Configuration Backup With PI 1.2

Feb 15, 2013

We have more than 50 devices handling by PI 1.2 (testing) I like to know how to do configuration archiving with user who doesn't have write privilege.
  
I tried like this.
  
username john privilege 6 password cisco privilege exec level 6 show running-config
  
(result) show run --> blank
 
  I tried this user with one of switch in PI 1.2. It did not do configuration backup
 
username inout password inout username inout privilege 15 autocommand show running-config
  
(result) once logged in, it automatically showed running-config. However when I tried with PI 1.2 with this user (inout). I couldn't do configuration back.
 
reference [URL]
  
create certain user with read-only privilege while PI 1.2 is able to do configuration archiving ?

View 0 Replies View Related

Cisco VPN :: ASA 5505 Backup Configuration To TFTP Server?

Oct 4, 2011

Is there a way to backup the configuration file to a tftp server? I've tried "copy start tftp" and copy run tftp". No luck, I get an error message.

View 1 Replies View Related

Cisco :: LMS 4.2.1 - Backup Configuration Of WS-C4503-E Version Cat4500e

Oct 11, 2012

I have a Cisco LMS 4.2.1 on a Windows 2008 Server R2 platform and I would like to backup the configuration of my WS-C4503-E version cat4500e-universalk9.SPA.03.03.01.SG.151-1.SG1I create the job in Configuration > Configuration Archive > Synchronization and after the execution of the job, I check th status in Admin > Job > Browser: I don't know why the archive doesn't exist. It's a newly install.

View 2 Replies View Related

Cisco Application :: ACE-20 Module - Automated Backup Of Configuration

Feb 4, 2010

I am currently stuck to setup an automated configuration backup for ACE Blades. I found a script to backup the ACE from the Cisco ANM box but unfortunately I am not very familiar with Linux. (script) in place, to "pull" the ACE config from a Microsoft system ?
 
System State:
ACE IOS A2.(1).5

View 2 Replies View Related

Cisco Switching/Routing :: 2960G Don't Have A Backup To Configuration In PC

Dec 30, 2011

I have 2960G that in rommon status.I need that the switch work in 0x2102 (regular mode).I don't have a backup to configutratuio in my PC.I do wr before the switch go to rommon (startup config).What to do in order to the switch will be in 0x2102 (regular mode) with the same configuration( before the switch go to rommon)?

View 1 Replies View Related

Cisco :: 2504 WLC To Trigger Configuration Backup When It Is Saved

Apr 17, 2013

I can't seem to find and answer to this, but is it possible on a 2504 WLC to trigger a configuration backup when the configuration is saved like on Cisco routers and switches?

View 2 Replies View Related

Cisco WAN :: 5520 / Backup Internet Link Configuration

Dec 14, 2012

i have two internet links each of which from different ISP and different real ip addresses.Want to make the second backup internet work for Internal and external (AnyConnect) users.
 
my question:  is that applicable to register single A record with different real ip addresses? and also is the AnyConnect method the best solution for them?
 
note: i have single firewall 5520 behind the cable modems.

View 3 Replies View Related

Cisco Application :: ACE 4710 - Context Management / Backup Of Configuration?

Jun 25, 2012

I am looking at management (backup of the configuration) of the ACE 4710 running A4.1, the management software is Cisco Cirrus. The question I have is around the management of the context's, I have a backup of the Admin but would like the user context's also, how this is completed.              

View 3 Replies View Related

Cisco Switching/Routing :: 881 SDSL With ADSL Backup Configuration?

Feb 26, 2012

i'm looking for a cisco 881 configuration with SDSL line as nominal and ADSL as backup.

View 9 Replies View Related

Linksys Cable / DSL :: WAG160N Cannot Restore Configuration Backup

Mar 27, 2010

I have a WAG160N and its seems to have reset to factory defaults, no idea why, but when trying to restore the Configuration Backup all I get is "Restore Failure <Unmatched pid>"

View 2 Replies View Related

Cisco :: How To Set Configuration On Asa5505

Jul 20, 2012

i have the asa5505 with asa8.4.5 and asdm 6.4.2. my asa work like site to site vpn with the other asa5505. i would be love that monitoring status of VPN. i enabled on asa logging, i puted address of smtp server, receipent email, source email, the problem is because my smtp server require authentication, TLS. how set configuration on asa5505?
configuration of logging for send notification on email.

View 3 Replies View Related

Cisco VPN :: VPN Configuration On ASA5505

Aug 22, 2012

Our client has a vendor who needs to establish a VPN tunnel to their own router which sits behind our Firewall.
 
VPN Concentrator (Vendor) <------> ASA5505 Client (7.2) <-------> 3750 Switch <-------> VPN ASA outside Interface - 208.64.1x.x4 DG - 208.64.1x.x3
ASA Inside Interface - 172.20.58.13/30
3750 Switch Interface Connected to ASA - 172.20.58.14/30 and DG - 172.20.58.13
3750 Switch Interface connected to VPN router - 172.20.58.21
VPN Router Interface connected to the 3750 - 172.20.58.22/30 DG - 172.20.58.21

I have also attached a Visio for this and the running configuration from the ASA and 3750. We don't have access to the TNS VPN router. Our responsibility is to just to make sure the tunnel comes up.
 
1) Create a static NAT on the ASA for Public to Private IP of the VPN router
 
Public - 208.64.1x.x5 / 28
Private - 172.20.58.21 / 30
 
Will the ASA automatically ARP for this address or do i have to configure another interface on the ASA with this public IP?
 
2) What would the access list look like on the ASA?
 
3) The client gave us some config to copy the stuff on the ASA so that they can create the tunnel but i couldn't put those commands in the ASA. How would this be applied and on what interface?
 
Firewall Access: The following information pertains to access between the VPN router and the
VPN concentrator. If a firewall/router is present in front of the VPN the following services need to be
allowed:
 
permit esp host 208.224.x.x any
permit gre host 208.224.x.x any
permit udp host 208.224.x.x any eq isakmp
permit udp host 208.224.x.x any eq non500-isakmp(code )

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved